Damien Miller
f7849e6c83
remove configure --with-ssh1
2017-05-01 10:05:07 +10:00
Darren Tucker
d9048861be
Check for and use gcc's -pipe.
...
Speeds up configure and build by a couple of percent. ok djm@
2017-03-31 11:04:43 +11:00
Darren Tucker
5346f271fc
Remove check for OpenSSL < 0.9.8g.
...
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC
in OpenSSL < 0.9.8g.
2017-03-29 10:23:58 +11:00
Darren Tucker
7af27bf538
Enable ldns when using ldns-config.
...
Actually enable ldns when attempting to use ldns-config. bz#2697, patch
from fredrik at fornwall.net.
2017-03-24 09:44:56 +11:00
Darren Tucker
d38f05dbdd
Add llabs() implementation.
2017-03-20 13:39:27 +11:00
Damien Miller
2429cf78dd
require OpenSSL >=1.0.1
2017-03-14 18:01:52 +11:00
Damien Miller
523db8540b
prefer to use ldns-config to find libldns
...
Should fix bz#2603 - "Build with ldns and without kerberos support
fails if ldns compiled with kerberos support" by including correct
cflags/libs
ok dtucker@
2017-02-03 16:03:05 +11:00
Darren Tucker
c61d5ec3c1
Remove _XOPEN_SOURCE from wide char detection.
...
Having _XOPEN_SOURCE unconditionally causes problems on some platforms
and configurations, notably Solaris 64-bit binaries. It was there for
the benefit of Linux put the required bits in the *-*linux* section.
Patch from yvoinov at gmail.com.
2017-02-03 14:10:34 +11:00
Darren Tucker
10e290ec00
Get default of TEST_SSH_UTF8 from environment.
2016-12-13 13:51:32 +11:00
Darren Tucker
afec07732a
Add strcasestr to compat library.
...
Fixes build on (at least) Solaris 10.
2016-12-13 10:23:03 +11:00
Darren Tucker
c35995048f
exit is in stdlib.h not unistd.h (that's _exit).
2016-12-09 12:52:02 +11:00
Darren Tucker
d399a8b914
Include <unistd.h> for exit in utf8 locale test.
2016-12-09 12:33:25 +11:00
Darren Tucker
47b8c99ab3
Check for utf8 local support before testing it.
...
Check for utf8 local support and if not found, do not attempt to run the
utf8 tests. Suggested by djm@
2016-12-08 15:48:34 +11:00
Darren Tucker
4089fc1885
Use AC_PATH_TOOL for krb5-config.
...
This will use the host-prefixed version when cross compiling; patch from
david.michael at coreos.com.
2016-12-08 12:57:24 +11:00
Darren Tucker
5ee3fb5aff
Use ptrace(PT_DENY_ATTACH, ..) on OS X.
2016-11-01 08:12:33 +11:00
Damien Miller
1cfd5c06ef
Remove portability support for mmap
...
We no longer need to wrap/replace mmap for portability now that
pre-auth compression has been removed from OpenSSH.
2016-09-29 03:19:23 +10:00
Damien Miller
857568d2ac
removing UseLogin bits from configure.ac
2016-08-23 14:32:37 +10:00
Darren Tucker
33ba55d9e3
Only check for prctl once.
2016-08-17 16:26:04 +10:00
Damien Miller
a1cc637e7e
add a --with-login-program configure argument
...
Saves messing around with LOGIN_PROGRAM env var, which come
packaging environments make hard to do during configure phase.
2016-08-16 14:47:34 +10:00
Damien Miller
8bd81e1596
add --with-pam-service to specify PAM service name
...
Saves messing around with CFLAGS to do it.
2016-08-16 13:37:26 +10:00
Darren Tucker
5faa52d295
Use tabs consistently inside "case $host".
2016-08-02 15:22:40 +10:00
Darren Tucker
20e5e8ba9c
Explicitly test for broken strnvis.
...
NetBSD added an strnvis and unfortunately made it incompatible with the
existing one in OpenBSD and Linux's libbsd (the former having existed
for over ten years). Despite this incompatibility being reported during
development (see http://gnats.netbsd.org/44977 ) they still shipped it.
Even more unfortunately FreeBSD and later MacOS picked up this incompatible
implementation. Try to detect this mess, and assume the only safe option
if we're cross compiling.
OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag);
NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag);
ok djm@
2016-08-02 12:16:34 +10:00
Tim Rice
cf3e0be7f5
modified: configure.ac opensshd.init.in
...
Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
Spotted by Jean-Pierre Radley
2016-08-01 14:31:52 -07:00
Damien Miller
99522ba7ec
define _OPENBSD_SOURCE for reallocarray on NetBSD
...
Report by and debugged with Hisashi T Fujinaka, dtucker nailed
the problem (lack of prototype causing return type confusion).
2016-07-28 08:54:27 +10:00
Darren Tucker
353766e088
Move Cygwin IPPORT_RESERVED overrride to defines.h
...
Patch from vinschen at redhat.com.
2016-07-23 16:14:42 +10:00
Damien Miller
5fbe93fc6f
add a --disable-pkcs11 knob
2016-07-15 14:28:59 +10:00
Damien Miller
679ce88ec2
fix newline escaping for unsupported_algorithms
...
The hmac-ripemd160 was incorrect and could lead to broken
Makefiles on systems that lacked support for it, but I made
all the others consistent too.
2016-07-15 14:28:59 +10:00
Darren Tucker
7df91b01fc
Check for VIS_ALL.
...
If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
2016-07-14 12:26:54 +10:00
Darren Tucker
a233358417
Add compat code for missing wcwidth.
...
If we don't have wcwidth force fallback implementations of nl_langinfo
and mbtowc. Based on advice from Ingo Schwarze.
2016-07-14 10:59:09 +10:00
Darren Tucker
6310ef27a2
Move err.h replacements into compat lib.
...
Move implementations of err.h replacement functions into their own file
in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
2016-07-13 14:42:35 +10:00
Darren Tucker
f3f2cc8386
Check for wchar.h and langinfo.h
...
Wrap includes in the appropriate #ifdefs.
2016-07-11 17:26:49 +10:00
Damien Miller
b9c50614eb
whitelist more architectures for seccomp-bpf
...
bz#2590 - testing and patch from Jakub Jelen
2016-07-08 13:59:13 +10:00
Darren Tucker
a86ec4d073
Use Solaris setpflags(__PROC_PROTECT, ...).
...
Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
2016-06-14 10:48:27 +10:00
Tim Rice
e1d93705f8
modified: configure.ac
...
whitspace clean up. No code changes.
2016-05-31 11:13:22 -07:00
Darren Tucker
5f41f030e2
Remove NO_IPPORT_RESERVED_CONCEPT
...
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
the same effect without causing problems syncing patches with OpenBSD.
Resync the two affected functions with OpenBSD. ok djm, sanity checked
by Corinna.
2016-04-08 21:21:27 +10:00
Darren Tucker
b3413534aa
Tidy up openssl header test.
2016-04-04 11:09:21 +10:00
Darren Tucker
815bcac0b9
Fix configure-time warnings for openssl test.
2016-04-04 11:07:59 +10:00
Damien Miller
39f303b1f3
fix sandbox on OSX Lion
...
sshd was failing with:
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw
image not found [preauth]
caused by chroot before sandboxing. Avoid by explicitly linking libsandbox
to sshd. Spotted by Darren.
2016-02-23 12:58:53 +11:00
Darren Tucker
907091acb1
Make Solaris privs code build on older systems.
...
Not all systems with Solaris privs have priv_basicset so factor that
out and provide backward compatibility code. Similarly, not all have
PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from
alex at cooperi.net and djm@ with help from carson at taltos.org and
wieland at purdue.edu.
2016-02-19 09:05:39 +11:00
Darren Tucker
2fee909c3c
Look for gethostbyname in libresolv and libnsl.
...
Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
2016-02-17 09:48:15 +11:00
Damien Miller
4626cbaf78
Support Illumos/Solaris fine-grained privileges
...
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.
ok dtucker@
2016-01-08 14:29:12 +11:00
Darren Tucker
b5fa0cd735
Allow --without-ssl-engine with --without-openssl
...
Patch from Mike Frysinger via github.
2015-12-15 15:10:32 +11:00
Darren Tucker
c1d7e546f6
Include openssl crypto.h for SSLeay.
...
Patch from doughdemon via github.
2015-12-15 14:27:09 +11:00
Darren Tucker
3ddd15e1b6
Add a null implementation of pledge.
...
Fixes builds on almost everything.
2015-11-30 07:23:53 +11:00
Darren Tucker
1560596f44
Fix compiler warnings in the openssl header check.
...
Noted by Austin English.
2015-11-10 11:14:47 +11:00
Damien Miller
fafe1d84a2
s/SANDBOX_TAME/SANDBOX_PLEDGE/g
2015-10-14 09:22:15 -07:00
deraadt@openbsd.org
2539dce2a0
upstream commit
...
Change all tame callers to namechange to pledge(2).
Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
2015-10-14 03:22:08 +11:00
Damien Miller
9846a2f406
hook tame(2) sandbox up to build
...
OpenBSD only for now
2015-10-08 04:30:48 +11:00
Darren Tucker
366bada1e9
Correct default value for --with-ssh1.
...
bz#2457, from konto-mindrot.org at walimnieto.com.
2015-09-11 13:33:23 +10:00
Darren Tucker
7ad8b287c8
Force resolution of _res for correct detection.
...
bz#2259, from sconeu at yahoo.com.
2015-09-11 13:11:02 +10:00