RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-02 07:42:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,149 Commits 69 Branches 157 Tags 27 MiB
2c71ca1dd1
Commit Graph

699 Commits

Author SHA1 Message Date
Damien Miller
25a02b0c95 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 
compat code for older OpenSSL
 2012-12-13 08:18:56 +11:00
Damien Miller
8b48982a56 - (djm) [configure.ac] Revert previous. configure.ac already does this 
for us.
 2012-12-03 12:35:55 +11:00
Damien Miller
03af12e930 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation 
debugging. ok dtucker@
 2012-12-03 11:55:53 +11:00
Damien Miller
77eab7b024 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no 
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
   esperi.org.uk; ok dtucker@
 2012-07-06 11:49:28 +10:00
Darren Tucker
34f702ae64 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 
platforms that don't have it.  "looks good" tim@
 2012-07-04 08:50:09 +10:00
Darren Tucker
d545a4b974 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not 
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported.  Its
   benefit is minor, so it's not worth disabling the sandbox if it doesn't
   work.
 2012-07-03 22:48:31 +10:00
Darren Tucker
60395f91c6 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with 
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
 2012-07-03 14:31:18 +10:00
Darren Tucker
593538911a - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find 
pkg-config so it does the right thing when cross-compiling.  Patch from
   cjwatson at debian org.
 2012-05-19 15:24:37 +10:00
Darren Tucker
d0494fdb29 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch 
from cjwatson at debian org.
 2012-05-19 14:25:39 +10:00
Darren Tucker
e1a3ddf992 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> 
to fix building on some plaforms.  Fom bowman at math utah edu and
   des at des no.
 2012-05-04 11:05:45 +10:00
Damien Miller
398c0ffe0e - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil 
contains openpty() but not login()
 2012-04-19 21:46:35 +10:00
Damien Miller
e0956e3834 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox 
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
   and ok dtucker@
 2012-04-04 11:27:54 +10:00
Darren Tucker
93a2d41505 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM 
audit breakage in Solaris 11.  Patch from Magnus Johansson.
 2012-02-24 10:40:41 +11:00
Darren Tucker
e9b3ad73ba - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add 
null implementation of HMAC_CTX_init for the benefit of old versions
   of OpenSSL that don't have it.
 2012-01-17 14:03:34 +11:00
Darren Tucker
4a725ef6a5 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 2011-11-21 16:38:48 +11:00
Darren Tucker
aa3cbd1b5b - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in 
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
   bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
   which supports DNSSEC.  Patch from Simon Vallet (svallet at genoscope cns fr)
   with some rework from myself and djm.  ok djm.
 2011-11-04 11:25:24 +11:00
Darren Tucker
b0b29cc0c5 remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim 2011-10-02 18:49:24 +11:00
Darren Tucker
b54f50e5d0 - (dtucker) [configure.ac openbsd-compat/Makefile.in 
openbsd-compat/strnlen.c] Add strnlen to the compat library.
 2011-09-29 23:17:18 +10:00
Damien Miller
5ffe1c4b43 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch 
from des AT des.no
 2011-09-29 11:11:51 +10:00
Tim Rice
a6e60616be - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 2011-08-17 21:48:22 -07:00
Damien Miller
1a91c0f163 - (djm) [configure.ac] error out if the host lacks the necessary bits for 
an explicitly requested sandbox type
 2011-08-17 11:59:25 +10:00
Damien Miller
cd5e52ee78 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for 
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
   markus@
 2011-06-27 07:18:18 +10:00
Damien Miller
69ff1df952 - djm@cvs.openbsd.org 2011/06/22 21:57:01 
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).

     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.

     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.

     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.

     feedback dtucker@; ok markus@
 2011-06-23 08:30:03 +10:00
Damien Miller
c09182f613 - (djm) [configure.ac] enable setproctitle emulation for OS X 2011-06-03 12:11:38 +10:00
Tim Rice
90f42b0705 - (tim) [configure.ac defines.h] Run test program to detect system mail 
directory. Add --with-maildir option to override. Fixed OpenServer 6
   getting it wrong. Fixed many systems having MAIL=/var/mail//username
   ok dtucker
 2011-06-02 18:17:49 -07:00
Damien Miller
b176362d26 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options 
options, we should corresponding -W-option when trying to determine
   whether it is accepted.  Also includes a warning fix on the program
   fragment uses (bad main() return type).
   bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
 2011-05-20 11:45:25 +10:00
Tim Rice
19d8181b86 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE 
so autoreconf 2.68 is happy.
 2011-05-04 21:44:25 -07:00
Damien Miller
f22019bdbf - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
   [regress/README.regress] Remove ssh-rand-helper and all its
   tentacles. PRNGd seeding has been rolled into entropy.c directly.
   Thanks to tim@ for testing on affected platforms.
 2011-05-05 13:48:37 +10:00
Tim Rice
648f876566 20110127 
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
   AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
   AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
   space changes for consistency/readability. Makes autoconf 2.68 happy.
   "Nice work" djm
 2011-01-26 12:38:57 -08:00
Damien Miller
71adf127e8 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
   building with SELinux support to avoid linking failure; report from
   amk AT spamfence.net; ok dtucker
 2011-01-25 12:16:15 +11:00
Darren Tucker
79241377df - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 
RSA_get_default_method() for the benefit of openssl versions that don't
   have it (at least openssl-engine-0.9.6b).  Found and tested by Kevin Brott,
   ok djm@.
 2011-01-22 09:37:01 +11:00
Damien Miller
e323ebc250 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
   release testing (random crashes and failure to load ECC keys).
   ok dtucker@
 2011-01-19 23:12:27 +11:00
Darren Tucker
ea52a82969 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 
configure.ac defines.h loginrec.c]  Bug #1402: add linux audit subsystem
   support, based on patches from Tomas Mraz and jchadima at redhat.
 2011-01-17 21:15:27 +11:00
Damien Miller
58497780ab - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
   disabled on platforms that do not support them; add a "config_defined()"
   shell function that greps for defines in config.h and use them to decide
   on feature tests.
   Convert a couple of existing grep's over config.h to use the new function
   Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
   backslash characters in filenames, enable it for Cygwin and use it to turn
   of tests for quotes backslashes in sftp-glob.sh.
   based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
 2011-01-17 16:17:09 +11:00
Darren Tucker
50c61f88ab - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 
on configurations that don't have it.
 2011-01-16 18:28:09 +11:00
Tim Rice
9b87a5ce3c - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 
ecdsa keys. ok djm.
 2011-01-12 22:35:43 -08:00
Damien Miller
134d02a494 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 
flag tests that don't depend on gcc version at all; suggested by and
   ok dtucker@
 2011-01-12 16:00:37 +11:00
Damien Miller
945aa0c744 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 
silly warnings on write() calls we don't care succeed or not.
 2011-01-12 13:34:02 +11:00
Damien Miller
30a69e7bba - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 
formatter if it is present, followed by nroff and groff respectively.
   Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
   in favour of mandoc). feedback and ok tim
 2011-01-04 08:16:27 +11:00
Damien Miller
41bccf75af - (djm) [configure.ac] Check whether libdes is needed when building 
with Heimdal krb5 support. On OpenBSD this library no longer exists,
   so linking it unconditionally causes a build failure; ok dtucker
 2011-01-02 21:53:07 +11:00
Darren Tucker
ebdef76b5d - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 
shims for the new, non-deprecated OpenSSL key generation functions for
   platforms that don't have the new interfaces.
 2010-12-04 23:20:50 +11:00
Tim Rice
c7a8af03a0 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 
support for platforms missing isblank(). ok djm@
 2010-11-08 14:26:23 -08:00
Darren Tucker
eab5f0df90 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
   from configure through to regress/Makefile and use it in the tests.
 2010-11-05 18:23:38 +11:00
Darren Tucker
97528353c2 - (dtucker) [configure.ac platform.{c,h} session.c 
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
   ok djm@
 2010-11-05 12:03:05 +11:00
Damien Miller
1f78980099 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 
dr AT vasco.com
 2010-10-11 22:35:22 +11:00
Damien Miller
a6e121aaa0 - djm@cvs.openbsd.org 2010/09/25 09:30:16 
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
     make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
     rountrips to fetch per-file stat(2) information.
     NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
     match.
 2010-10-07 21:39:17 +11:00
Damien Miller
aa18063baf - matthew@cvs.openbsd.org 2010/09/24 13:33:00 
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
     [openbsd-compat/timingsafe_bcmp.c]
     Add timingsafe_bcmp(3) to libc, mention that it's already in the
     kernel in kern(9), and remove it from OpenSSH.
     ok deraadt@, djm@
     NB. re-added under openbsd-compat/ for portable OpenSSH
 2010-10-07 21:25:27 +11:00
Damien Miller
6af914a15c - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
   platforms that don't have the requisite OpenSSL support. ok dtucker@
 2010-09-10 11:39:26 +10:00
Darren Tucker
aa74f6754a - (dtucker) [configure.ac openbsd-compat/Makefile.in 
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
   the compat library which helps on platforms like old IRIX.  Based on work
   by djm, tested by Tom Christensen.
 2010-08-16 13:15:23 +10:00
Darren Tucker
9f8703b573 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 
in the openssl install directory (some newer openssl versions do this on at
   least some amd64 platforms).
 2010-04-23 11:12:06 +10:00
Darren Tucker
627337d95b - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo 
back so we disable the IPv6 tests if we don't have it.
 2010-04-10 22:58:01 +10:00
Darren Tucker
261d93a5cf - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable 
utmpx support on FreeBSD where possible.  Patch from Ed Schouten, ok djm@
 2010-04-09 18:13:27 +10:00
Darren Tucker
c4ccb12ee4 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we 
have it and the path is not provided to --with-libedit.  Based on a patch
   from Iain Morgan.
 2010-04-09 14:04:35 +10:00
Darren Tucker
a83d90fbab - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally 
by Ingo Weinhold via Scott McCreary, ok djm@
 2010-03-26 10:27:33 +11:00
Darren Tucker
c9fe39b1a4 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO 
so setting it in CFLAGS correctly skips IPv6 tests.
 2010-03-09 20:42:30 +11:00
Damien Miller
9527f228ae - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ 2010-03-05 15:04:35 +11:00
Damien Miller
b3c9f78711 - (djm) [configure.ac] Enable PKCS#11 support only when we find a working 
dlopen()
 2010-02-12 10:11:34 +11:00
Damien Miller
d8f6002272 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c] 
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
   Remove obsolete smartcard support
 2010-02-12 09:34:22 +11:00
Damien Miller
7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20 
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
 2010-02-12 09:21:02 +11:00
Damien Miller
1d2bfc4118 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for 
getseuserbyname; patch from calebcase AT gmail.com via
   cjwatson AT debian.org
 2010-02-10 10:19:29 +11:00
Tim Rice
6761c7417d - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of 
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
   in Cygwin to 65535. Patch from Corinna Vinschen.
 2010-01-22 10:25:15 -08:00
Tim Rice
641ebf1f86 - (tim) [configure.ac] Use the C99-conforming functions snprintf() and 
vsnprintf() named _xsnprintf() and _xvsnprintf() on SVR5 systems.
 2010-01-17 17:05:39 -08:00
Tim Rice
7ab7b9346d - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too. 2010-01-17 12:48:22 -08:00
Tim Rice
4a7db1ca2f - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native 
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
 2010-01-16 12:23:25 -08:00
Darren Tucker
909a390bb8 - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability 
for pwcache.  Also, added caching of negative hits.
 2010-01-15 12:38:30 +11:00
Darren Tucker
8c65f646a9 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] 
Remove hacks add for RoutingDomain in preparation for its removal.
 2010-01-10 10:26:57 +11:00
Darren Tucker
1f5e3dc274 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make 
RoutingDomain an unsupported option on platforms that don't have it.
 2010-01-08 19:53:52 +11:00
Darren Tucker
c8802aac28 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, 
based on a patch from Vaclav Ovsik and Colin Watson.  ok djm.
 2009-12-08 13:39:48 +11:00
Darren Tucker
1533311f4c - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. 
Tested by Martin Paljak.
 2009-12-07 11:15:43 +11:00
Darren Tucker
c182d99376 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for 
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
   lstat.
 2009-10-11 21:50:20 +11:00
Darren Tucker
538738d861 - (dtucker) d_type is not mandated by POSIX, so add fallback code using 
stat(), needed on at least cygwin.
 2009-10-07 18:56:10 +11:00
Darren Tucker
4adeac764e - (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at 
least dragonflybsd.
 2009-10-07 15:49:48 +11:00
Darren Tucker
e02b49a806 - (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X 
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query).  Patch
   from jbasney at ncsa uiuc edu.
 2009-09-11 14:56:08 +10:00
Darren Tucker
dad48e7a96 - (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for 
krb5-config if it's not in the location specified by --with-kerberos5.
   Patch from jchadima at redhat.
 2009-09-01 18:26:00 +10:00
Darren Tucker
ac9f1b9b89 - (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry. 2009-08-28 15:01:20 +10:00
Darren Tucker
86e30a0166 - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer 
size a compile-time option and set it to 64k on Cygwin, since Corinna
   reports that it makes a significant difference to performance.  ok djm@
 2009-08-28 11:21:06 +10:00
Darren Tucker
3980b63631 - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on 
the pty master on Solaris, since it never succeeds and can hang if large
    amounts of data is sent to the slave (eg a copy-paste).  Based on a patch
    originally from Doke Scott, ok djm@
 2009-08-28 11:02:37 +10:00
Darren Tucker
83d8f28336 - (dtucker) [configure.ac] Check for headers before libraries for openssl an 
zlib, which should make the errors slightly more meaningful on platforms
   where there's separate "-devel" packages for those.
 2009-08-17 09:35:22 +10:00
Darren Tucker
c4b22ca1c8 - (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test, 
prevents configure complaining on older BSDs.
 2009-07-12 21:56:29 +10:00
Darren Tucker
3278062bf3 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t 
is a struct with a __val member.  Fixes build on, eg, Redhat 6.2.
 2009-06-16 16:11:02 +10:00
Tim Rice
a74000eb9e - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem 
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
   Based on patch from vinschen at redhat com.
 2009-03-18 11:25:02 -07:00
Darren Tucker
3e7e15f1bd - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] 
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
   in openssl 0.9.6) so add an explicit test for it.
 2009-03-07 22:22:35 +11:00
Darren Tucker
30ed668de0 - (dtucker) [configure.ac] Missing comma in type list. 2009-03-07 18:06:22 +11:00
Darren Tucker
ccfee05882 - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed. 2009-03-07 12:32:22 +11:00
Damien Miller
9055172d03 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris 
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
 2009-02-16 15:37:03 +11:00
Damien Miller
20e231f9f8 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX. 
OSX provides a getlastlogxbyname function that automates the reading of
   a lastlog file. Also, the pututxline function will update lastlog so
   there is no need for loginrec.c to do it explicitly. Collapse some
   overly verbose code while I'm in there.
 2009-02-12 13:12:21 +11:00
Tim Rice
2676791c38 - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section. 
OpenServer 6 doesn't need libcrypt.
 2009-01-07 20:50:08 -08:00
Tim Rice
351529ce30 - (tim) [configure.ac defines.h openbsd-compat/port-uw.c 
openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
   OK djm@ dtucker@
 2009-01-07 10:04:12 -08:00
Damien Miller
7df2e40074 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually 
use some stack in main().
   Report and suggested fix from vapier AT gentoo.org
 2008-12-08 09:35:36 +11:00
Tim Rice
0f4d2c02f2 - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id 
member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
   feedback by djm@
 2008-11-18 21:26:41 -08:00
Damien Miller
73193b3693 - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x 2008-07-09 21:07:19 +10:00
Damien Miller
ff2e492028 - (djm) [configure.ac] unbreak: remove extra closing brace 2008-07-05 09:52:03 +10:00
Damien Miller
20d1694719 - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for 
Tru64. readv doesn't seem to be a comparable object there.
   bz#1386, patch from dtucker@ ok me
 2008-07-05 09:36:58 +10:00
Darren Tucker
330c93f68a - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. 2008-06-16 02:27:48 +10:00
Darren Tucker
30fd49e606 - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which 
despite its name doesn't seem to implement all of GSSAPI.  Patch from
   Jan Engelhardt, sanity checked by Simon Wilkinson.
 2008-06-14 09:14:46 +10:00
Damien Miller
4401e45be6 - (djm) [channels.c configure.ac] 
Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
   bz#1464; ok dtucker
 2008-06-12 06:05:12 +10:00
Darren Tucker
5d37690a1f - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 
specific tests on platforms that don't do IPv6.
 2008-06-11 04:15:05 +10:00
Darren Tucker
77001384cc - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a 
macro to convert fsid to unsigned long for platforms where fsid is a
   2-member array.
 2008-06-09 06:17:53 +10:00
Darren Tucker
598eaa6c0c - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c 
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
   fstatvfs and remove #defines around statvfs code.  ok djm@
 2008-06-09 03:32:29 +10:00
Darren Tucker
5b2e2ba9e4 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] Do not enable statvfs extensions on platforms that do not have statvfs. ok djm@ 2008-06-08 09:25:28 +10:00
Damien Miller
a7058ec7c0 - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] 
[openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
   Fix compilation on Linux, including pulling in fmt_scaled(3)
   implementation from OpenBSD's libutil.
 2008-05-20 08:57:06 +10:00
Damien Miller
a4be7c23fd - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] 
[configure.ac] Implement arc4random_buf(), import implementation of
     arc4random_uniform() from OpenBSD
 2008-05-19 14:47:37 +10:00
Damien Miller
5b1c8b3103 - (djm) [configure.ac] --with-selinux too 2008-03-27 12:33:07 +11:00
Damien Miller
da3155e159 - (djm) [configure.ac] fix alignment of --without-stackprotect description 2008-03-27 12:30:18 +11:00
Darren Tucker
fe1cf97ee8 - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch 
platforms where gcc understands the option but it's not supported (and
   thus generates a warning).
 2008-03-09 22:50:50 +11:00
Darren Tucker
b7918afddf - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't 
always work for all platforms and versions, so test what we can and
   add a configure flag to turn it of if needed.  ok djm@
 2008-03-09 11:34:23 +11:00
Darren Tucker
54e859f63d - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect 
either, so use our own.
 2008-03-02 21:52:27 +11:00
Darren Tucker
0f26b1386a - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement 
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
   This allows, eg, Match and AllowGroups directives to work with NIS and
   LDAP groups.
 2008-02-28 23:16:04 +11:00
Darren Tucker
e1c4c54211 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes 
linking problems on AIX with gcc 4.1.x.
 2008-02-28 15:01:13 +11:00
Darren Tucker
acada07b52 - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation 
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).    Help and testing from csjp at FreeBSD org, vgiffin at apple com.  ok djm@
 2008-02-25 21:05:04 +11:00
Darren Tucker
d4827ab50c - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. 2008-01-02 18:08:45 +11:00
Darren Tucker
528d6fa10a - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of 
builtin glob implementation on Mac OS X.  Based on a patch from
   vgiffin at apple.
 2007-12-31 21:29:26 +11:00
Darren Tucker
319b3d9b00 - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where 
gcc supports it.  ok djm@
 2007-12-02 21:02:22 +11:00
Darren Tucker
bc1bd9dbe3 - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6 
so disable it for that platform.  From bacon at cs nyu edu.
 2007-09-27 07:03:20 +10:00
Darren Tucker
7c92a65a1d - (dtucker) [configure.ac atomicio.c] Fall back to <sys/poll.h> if we don't 
have <poll.h> (eq QNX).  From bacon at cs nyu edu.
 2007-09-27 07:00:09 +10:00
Tim Rice
0eeaf127b5 - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we 
did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
 2007-09-10 16:24:17 -07:00
Darren Tucker
8acb3b665b - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From. 
Matt Kraai, ok djm@.
 2007-08-10 14:36:12 +10:00
Darren Tucker
febf0f5668 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in 
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
   Add an implementation of poll() built on top of select(2).  Code from
   OpenNTPD with changes suggested by djm.  ok djm@
 2007-06-25 22:15:12 +10:00
Damien Miller
34a176995f - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then 
fallback to provided bit-swizzing functions
 2007-06-11 14:15:42 +10:00
Tim Rice
aa8954f1d9 20070509 
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
 2007-05-09 15:57:43 -07:00
Darren Tucker
dca0edff2f - (dtucker) [configure.ac defines.h] Have configure check for offsetof 
to prevent redefinition warnings.
 2007-04-29 15:06:44 +10:00
Darren Tucker
391de5c023 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__ 
__nonnull__ for versions of GCC that don't support it.
 2007-04-29 14:49:21 +10:00
Darren Tucker
6d862a50db - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS 
so we don't get redefinition warnings.
 2007-04-29 14:39:02 +10:00
Darren Tucker
cc40d5ecdf - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the 
platform's _res if it has one.  Should fix problem of DNSSEC record lookups
   on NetBSD as reported by Curt Sampson.
 2007-04-29 13:58:06 +10:00
Tim Rice
99203ec48b 20070326 
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
 2007-03-26 09:35:28 -07:00
Darren Tucker
20e9f976c1 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX, 
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
   SSHDLIBS.  "I like" djm@
 2007-03-25 18:26:01 +10:00
Darren Tucker
164aa30e46 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use 
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
   Patch by Jan.Pechanec at Sun.
 2007-03-21 21:39:57 +11:00
Damien Miller
9975e48349 - (djm) [configure.ac] add a --without-openssl-header-check option to 
configure, as some platforms (OS X) ship OpenSSL headers whose version
   does not match that of the shipping library. ok dtucker@
 2007-03-05 11:51:27 +11:00
Darren Tucker
573e3878b8 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows 
CRLF as well as LF lineendings) and write in binary mode.  Patch from
   vinschen at redhat.com.
 2007-03-02 17:50:03 +11:00
Darren Tucker
adc947d5a5 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for 
SELinux functions so they're detected correctly.  Patch from pebenito at
   gentoo.org.
 2006-10-07 09:07:20 +10:00
Tim Rice
1cfab23b7f - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific 
section so additional platform specific CHECK_HEADER tests will work
   correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
   Feedback and "seems like a good idea" dtucker@
 2006-10-03 09:34:35 -07:00
Darren Tucker
5e8381ee86 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine 
support.  Patch from andrew.benham at thus net.
 2006-09-29 20:16:51 +10:00
Tim Rice
983b35b281 20060924 
- (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
   to rev 1.308) to work around broken gcc 2.x header file.
 2006-09-24 12:08:59 -07:00
Darren Tucker
0ee3cbfc51 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than 
$LDFLAGS.  Patch from vapier at gentoo org.
 2006-09-23 16:25:19 +10:00
Darren Tucker
9216c37d60 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow 
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
   Allows build out of the box with older VAC and XLC compilers.  Found by
   David Bronder and Bernhard Simon.
 2006-09-18 23:17:40 +10:00
Damien Miller
223897a01a - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] 
Support SMF in Solaris Packages if enabled by configure. Patch from
   Chad Mynhier, tested by dtucker@
 2006-09-12 21:54:10 +10:00
Darren Tucker
57b2920ad8 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. 2006-09-10 20:25:51 +10:00
Darren Tucker
6d0d6fbfdf - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. 2006-09-09 01:05:21 +10:00
Tim Rice
b8f00193d8 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 2006-09-06 18:11:29 -07:00
Darren Tucker
e1fe09968d - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. 2006-09-05 07:53:38 +10:00
Darren Tucker
3e0891093a - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native 
updwdtmp seems to generate invalid wtmp entries.  From Roger Cornelius,
   ok djm@
 2006-09-04 22:37:41 +10:00
Darren Tucker
ed0b59218e - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for 
declaration of writev(2) and declare it ourselves if necessary.  Makes
   the atomiciov() calls build on really old systems.  ok djm@
 2006-09-03 22:44:49 +10:00
Darren Tucker
096faecdea - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly 
test for GLOB_NOMATCH and use our glob functions if it's not found.
   Stops sftp from segfaulting when attempting to get a nonexistent file on
   Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
   from and tested by Corinna Vinschen.
 2006-09-01 20:29:10 +10:00
Damien Miller
1b06dc30ad - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ] 
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
   [openbsd-compat/port-solaris.h] Add support for Solaris process
   contracts, enabled with --use-solaris-contracts. Patch from Chad
   Mynhier, tweaked by dtucker@ and myself; ok dtucker@
 2006-08-31 03:24:41 +10:00
Darren Tucker
0eb810015f - (dtucker) [configure.ac] Remove errant "-". 2006-08-20 21:43:19 +10:00
Darren Tucker
639bbe8bfe - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL 
(0.9.8a and presumably newer) requires -ldl to successfully link.
 2006-08-20 20:17:53 +10:00
Darren Tucker
3e6bde483d - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for 
fixing bug #1181.  No changes yet.
 2006-08-20 20:03:50 +10:00
Darren Tucker
4ba387337c - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore 
afterward.  Removes the need to mangle $LIBS later to remove -lpam and -ldl.
 2006-08-20 19:55:02 +10:00
Damien Miller
bb59814cd6 - (djm) Disable sigdie() for platforms that cannot safely syslog inside 
a signal handler (basically all of them, excepting OpenBSD);
   ok dtucker@
 2006-08-19 08:38:23 +10:00
Darren Tucker
d018b2e9c8 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with 
closefrom.c from sudo.
 2006-08-18 18:51:20 +10:00
Darren Tucker
3083bc2b52 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl 
for closefrom() on AIX.  Pointed out by William Ahern.
 2006-08-17 19:35:49 +10:00
Darren Tucker
f1f4bdd1aa - (dtucker) [configure.ac] The "crippled AES" test does not work on recent 
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
   rather than just compiling it.  Spotted by dlg@.
 2006-08-04 19:44:23 +10:00
Darren Tucker
128a0894a5 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h> 
for SHUT_RD.
 2006-07-12 19:02:56 +10:00
Darren Tucker
248469bc8d - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK 
if they're really needed.  Fixes build errors on HP-UX, old Linuxes and probably
   more.
 2006-07-12 14:14:31 +10:00
Darren Tucker
44c828fe29 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c 
openbsd-compat/daemon.c] Add includes needed by open(2).  Conditionally
   include paths.h.  Fixes build error on Solaris.
 2006-07-11 18:00:06 +10:00
Darren Tucker
bdc121279f - (dtucker) [configure.ac] Try AIX blibpath test in different order when 
compiling with gcc.  gcc 4.1.x will accept (but ignore) -b flags so
   configure would not select the correct libpath linker flags.
 2006-07-06 11:56:25 +10:00
Darren Tucker
8b272ab09b - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems 
with autoconf 2.60.  Patch from vapier at gentoo.org.
 2006-06-27 11:20:28 +10:00
Darren Tucker
0249f93c4d - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris. 
Works around limitation in Solaris' passwd program for changing passwords
   where the username is longer than 8 characters.  ok djm@
 2006-06-24 12:10:07 +10:00
Darren Tucker
9afe115f0a - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX 
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
   on the pty slave as zero-length reads on the pty master, which sshd
   interprets as the descriptor closing.  Since most things don't do zero
   length writes this rarely matters, but occasionally it happens, and when
   it does the SSH pty session appears to hang, so we add a special case for
   this condition.  ok djm@
 2006-06-23 21:24:12 +10:00
Darren Tucker
3eb4834489 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add 
tunnel support for Mac OS X/Darwin via a third-party tun driver.  Patch
   from reyk@, tested by anil@
 2006-06-23 21:05:12 +10:00
Damien Miller
73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c] 
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
 2006-04-22 21:26:08 +10:00
Darren Tucker
c495301bf8 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in 
/usr/include/crypto.  Hint from djm@.
 2006-03-16 08:14:34 +11:00
Darren Tucker
8bb9e2c900 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. 2006-03-15 22:28:17 +11:00
Darren Tucker
486d95e6f7 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE 2006-03-15 21:31:39 +11:00
Damien Miller
41e364bcfa - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present 2006-03-15 13:12:41 +11:00
Damien Miller
af87af165f - (djm) [configure.ac defines.h kex.c md-sha256.c] 
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
   [openbsd-compat/sha2.c] First stab at portability glue for SHA256
   KEX support, should work with libc SHA256 support or OpenSSL
   EVP_sha256 if present
 2006-03-15 13:02:28 +11:00
Darren Tucker
d1450dbe2a - (dtucker) [configure.ac] Bug #1171: Don't use printf("%lld", longlong) 
since not all platforms support it.  Instead, use internal equivalent while
   computing LLONG_MIN and LLONG_MAX.  Remove special case for alpha-dec-osf*
   as it's no longer required.  Tested by Bernhard Simon, ok djm@
 2006-03-13 19:06:51 +11:00
Darren Tucker
54b75fe742 - (dtucker) [configure.ac] Bug #1156: QNX apparently needs SSHD_ACQUIRES_CTTY 
patch from kraai at ftbfs.org.
 2006-02-26 12:31:48 +11:00
Darren Tucker
fabdb6c290 - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] 
Add optional enabling of OpenSSL's (hardware) Engine support, via
   configure --with-ssl-engine.  Based in part on a diff by michal at
   logix.cz.
 2006-02-20 20:17:35 +11:00
Darren Tucker
4881c371ce - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] 
Add first attempt at regress tests for compat library.  ok djm@
 2006-02-19 22:50:20 +11:00
Tim Rice
2f993465d4 - (tim) [configure.ac] Bug #1149. Disable /etc/default/login check for QNX. 2006-02-11 18:37:48 -08:00
Darren Tucker
988b3fd161 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP 
-> NEED_SETPGRP), reported by Berhard Simon.  ok tim@
 2006-02-08 22:11:27 +11:00
Tim Rice
ac9b0609e1 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and 
netinet/in_systm.h. OK dtucker@.
 2006-02-05 11:27:10 -08:00
Tim Rice
70335a6b5f - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by 
kraai at ftbfs.org.
 2006-02-04 17:42:58 -08:00
Tim Rice
0daad78fab - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test 
for Solaris. OK dtucker@.
 2006-02-04 17:33:55 -08:00
Tim Rice
fd80ddcb23 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first 
AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
   by a platform specific check, builtin standard includes tests will be
   skipped on the other platforms.
   Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
   OK tim@, djm@.
 2006-02-02 19:11:56 -08:00
Darren Tucker
cc7c212830 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it 
works with picky compilers.  Patch from alex.kiernan at thus.net.
 2006-02-02 18:44:19 +11:00
Darren Tucker
fbea76400f - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the 
opensshd.init script interpretter if /sbin/sh does not exist.  ok tim@
 2006-01-30 00:22:39 +11:00
Damien Miller
bd4e410817 - (djm) [configure.ac] Fix linux/if_tun.h test 2006-01-01 21:03:30 +11:00
Damien Miller
2dcddbfaf6 - (djm) [Makefile.in configure.ac includes.h misc.c] 
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
         for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
         limited to IPv4 tunnels only, and most versions don't support the
         tap(4) device at all.
 2006-01-01 19:47:05 +11:00
Damien Miller
c4bcc91751 - (djm) [configure.ac] oops, make that linux/if_tun.h 2005-12-31 17:05:58 +11:00
Damien Miller
89e03bae5c - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does 
not exist
 2005-12-31 16:42:03 +11:00
Damien Miller
598bbc2d8f - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac] 
[serverloop.c ssh.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
   compatability support for Linux, diff from reyk@
 2005-12-31 16:33:36 +11:00
Darren Tucker
129d0bb6a6 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac 
openbsd-compat/openssl-compat.h] Check for and work around broken AES
   ciphers >128bit on (some) Solaris 10 systems.  ok djm@
 2005-12-19 17:40:40 +11:00
Darren Tucker
d40c66cf3f - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our 
snprintf replacement can have a conflicting declaration in HP-UX's system
   headers (const vs. no const) so we now check for and work around it.  Patch
   from the dynamic duo of David Leonard and Ted Percival.
 2005-12-17 22:32:03 +11:00
Damien Miller
62a31c9fd0 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable 
again by providing a sys_tun_open() function for your platform and
   setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
   OpenBSD's tunnel protocol, which prepends the address family to the
   packet
 2005-12-13 20:44:13 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11 
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
 2005-12-13 19:33:19 +11:00
Tim Rice
46259d86a2 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string) 
for UnixWare.
 2005-11-28 18:40:34 -08:00
Darren Tucker
91d25a0c45 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer, 
when they're available) need the real UID set otherwise pam_chauthtok will
   set ADMCHG after changing the password, forcing the user to change it
   again immediately.
 2005-11-26 22:24:09 +11:00
Darren Tucker
58e298d11b - (dtucker) [configure.ac] Apply tim's fix for older systems where the 
resolver state in resolv.h is "state" not "__res_state".  With slight
   modification by me to also work on old AIXes.  ok djm@
 2005-11-25 13:14:58 +11:00
Darren Tucker
79d09fad52 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument 
order in Reliant Unix block.  Patch from johane at lysator.liu.se.
 2005-11-24 22:34:54 +11:00
Damien Miller
57f3915b55 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c 
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
   asprintf() implementation, after syncing our {v,}snprintf() implementation
   with some extra fixes from Samba's version. With help and debugging from
   dtucker and tim; ok dtucker@
 2005-11-24 19:58:19 +11:00
Darren Tucker
5bfe1687dd - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ 2005-11-12 18:42:36 +11:00
Darren Tucker
3f9545ee67 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. 2005-11-12 15:20:52 +11:00
Darren Tucker
f032435de7 - (dtucker) [configure.ac] Try to get the gcc version number in a way that 
doesn't change between versions, and use a safer default.
 2005-11-10 21:30:36 +11:00
Darren Tucker
b0288098c9 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+ 
since they're not useful right now.  Patch from djm@.
 2005-11-10 14:46:48 +11:00
Darren Tucker
537f1ed7df - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the 
sizeof(long long) checks, to make fixing bug #1104 easier (no changes
   yet).
 2005-10-25 18:38:33 +10:00
Darren Tucker
314d89e050 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling. 
/etc/default/login report and testing from aabaker at iee.org, corrections
   from tim@.
 2005-10-17 23:29:23 +10:00
Darren Tucker
9ac1a65acb - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current 
versions from OpenBSD.  ok djm@
 2005-10-09 11:40:03 +10:00
Damien Miller
e04ec6fdfd - (djm) [configure.ac] missing 'test' call for -with-Werror test 2005-10-08 16:21:19 +10:00
Darren Tucker
1e6616bb14 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from 
brian.smith at agilent com.
 2005-10-08 12:07:01 +10:00
Darren Tucker
ac7e630b85 typo 2005-10-06 01:39:58 +10:00
Darren Tucker
b18f15100a - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended 
"*LOCKED*" string) for FreeBSD.  Patch jeremie at le-hen.org and
   senthilkumar_sen at hotpop.com.
 2005-10-05 23:02:16 +10:00
Darren Tucker
82171c6607 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at 
shillest.net.
 2005-09-22 20:19:54 +10:00
Darren Tucker
c373a56343 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from 
skeleten at shillest.net.
 2005-09-22 20:15:08 +10:00
Tim Rice
7df8d39a5f - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to 
AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
 2005-09-19 09:33:39 -07:00
Tim Rice
fd9e9e3ba6 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by 
Mike Frysinger.
 2005-09-12 17:36:10 -07:00
Tim Rice
66fd217e8e - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c 
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
   Feedback and OK dtucker@
 2005-08-31 09:59:49 -07:00
Tim Rice
eb456545fd - (tim) [configure.ac] Back out last change. It needs to be done differently. 2005-08-30 07:12:02 -07:00
Tim Rice
2016865b95 - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long 
password support to 7.x for now.
 2005-08-29 17:17:37 -07:00
Tim Rice
2291c00ab2 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c 
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
   by tim@. Feedback and OK dtucker@
 2005-08-26 13:15:19 -07:00
Tim Rice
3db1e3fc68 - (tim) [configure.ac ] Not all gcc's support -Wsign-compare 2005-08-23 17:11:26 -07:00
Darren Tucker
93e7e8f345 - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for 
LynxOS, patch from Olli Savia (ops at iki.fi).  ok djm@
 2005-08-23 08:06:55 +10:00
Tim Rice
c1819c831f - (tim) [configure.ac] corrections to libedit tests. Report and patches 
by skeleten AT shillest.net
 2005-08-15 17:48:40 -07:00
Darren Tucker
73f671a090 - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] 
Sync current (thread-safe) version of realpath.c from OpenBSD (which is
   in turn based on FreeBSD's).  ok djm@
 2005-08-10 21:52:36 +10:00
Darren Tucker
c7572b2661 - (dtucker) [configure.ac] Test libedit library and headers for compatibility. 
Report from skeleten AT shillest.net, ok djm@
 2005-08-10 20:34:15 +10:00
Tim Rice
8bc6b900ed - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ 
Report by skeleten AT shillest.net
 2005-08-09 10:09:53 -07:00
Darren Tucker
7da23cb5d3 - (dtucker) [configure.ac] Add a --with-Werror option to configure for 
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
 2005-08-03 00:20:15 +10:00
Darren Tucker
dd352b675b - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling 
with gcc.  ok djm@
 2005-08-02 17:21:29 +10:00
Darren Tucker
ac1910f1a5 - (dtucker) [configure.ac] Update zlib warning message too, pointed out by 
tim@.
 2005-07-26 12:00:42 +10:00
Darren Tucker
41097edcf6 - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096. 2005-07-25 15:24:21 +10:00
Darren Tucker
4a42257b06 - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the 
compiler doesn't understand it to prevent warnings.  If any mainstream
   compiler versions acquire it we can test for those versions.  Based on
   discussion with djm@.
 2005-07-14 17:22:11 +10:00
Darren Tucker
893c602ef0 - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove 
calls to krb5_init_ets, which has not been required since krb-1.1.x and
   most Kerberos versions no longer export in their public API.  From sxw
   at inf.ed.ac.uk, ok djm@
 2005-07-07 20:33:36 +10:00
Damien Miller
52c8afeec5 - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable, 
tested and fixes tim@
 2005-06-19 10:19:43 +10:00
Darren Tucker
431f022263 - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX: 
in today's episode we attempt to coax it from limits.h where it may be
   hiding, failing that we take the DIY approach.  Tested by tim@
 2005-06-07 17:53:40 +10:00
Darren Tucker
6a45f3dab4 - (dtucker) [configure.ac] Point configure's reporting address at the 
openssh-unix-dev list.  ok tim@ djm@
 2005-06-03 19:33:10 +10:00
Darren Tucker
67b3703da3 - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't 
defined, and check that it helps before keeping it in CFLAGS.  Some old
   gcc's don't set an error code when encountering an unknown value in -std.
   Found and tested by tim@.
 2005-06-03 17:58:31 +10:00
Tim Rice
fcc7ff1de8 - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h. 
Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
   to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
   must be run on all platforms) Add missing ;; to case statement. OK dtucker@
 2005-06-02 20:28:29 -07:00
Tim Rice
4dbacffe7b - (tim) [configure.ac] set TEST_SHELL for OpenServer 6 2005-06-01 20:09:28 -07:00
Darren Tucker
81eb5d5e10 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c] 
Add strtoll to the compat library, from OpenBSD.
 2005-06-01 21:39:33 +10:00
Darren Tucker
d886e1ca2c - (dtucker) [configure.ac] Look for _getshort and _getlong in 
arpa/nameser.h.
 2005-06-01 18:57:45 +10:00
Darren Tucker
fd33328a25 - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor 
version-specific variations as required.
 2005-05-28 18:31:42 +10:00
Darren Tucker
7d2171b2cd - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for 
its presence before doing AC_FUNC_GETPGRP.
 2005-05-28 16:57:00 +10:00
Darren Tucker
390b6d5dbf - (dtucker) [configure.ac] strsep() may be defined in string.h, so check 
for its presence and include it in the strsep check.
 2005-05-28 16:54:36 +10:00
Darren Tucker
e910be1c42 missing space 2005-05-28 16:01:18 +10:00
Darren Tucker
0c9653f57e - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have 
one entry per line to make it easier to merge changes.  ok djm@
 2005-05-28 15:58:14 +10:00
Darren Tucker
2be1cbb7be - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c 
openbsd-compat/bsd-misc.c] Add support for Ultrix.  No, that's not a typo.
   Required changes from Bernhard Simon, integrated by me.  ok djm@
 2005-05-27 21:13:40 +10:00
Damien Miller
de3cb0a3dc - (djm) [configure.ac openbsd-compat/Makefile.in] 
[openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
         Add strtonum(3) from OpenBSD libc, new code needs it.
         Unfortunately Linux forces us to do a bizarre dance with compiler
         options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
 2005-05-26 20:48:25 +10:00
Darren Tucker
84ce9b455d - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide 
templates for _getshort and _getlong if missing to prevent compiler warnings
   on Linux.
 2005-05-26 20:12:15 +10:00
Darren Tucker
2f0b5c4869 - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or 
1.2.1.2 or higher.  With tim@, ok djm@
 2005-04-24 17:52:22 +10:00
Tim Rice
2f97b8b088 - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME 2005-04-11 19:00:18 -07:00
Darren Tucker
9d2562cf20 - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ 2005-04-05 19:22:45 +10:00
Darren Tucker
e66519d942 - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions 
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
 2005-03-21 22:46:34 +11:00
Darren Tucker
1df61452ea - (dtucker) [configure.ac] Make configure error out if the user specifies 
--with-libedit but the required libs can't be found, rather than silently
   ignoring and continuing.  ok tim@
 2005-03-21 09:58:07 +11:00
Darren Tucker
86a5f8dd0a - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes 
and -Lyes to CFLAGS and LIBS.  Pointed out by peter at slagheap.net,
   with & ok tim@
 2005-03-21 09:55:17 +11:00
Tim Rice
eae17cc80e - (tim) [configure.ac] remove trailing white space. 2005-03-17 16:52:20 -08:00
Tim Rice
35cc69dcb4 - (tim) [configure.ac] make some configure options a little more error proof. 2005-03-17 16:44:25 -08:00
Tim Rice
8bb561b500 - (tim) [configure.ac] portability changes on test statements. Some shells 
have problems with -a operator.
 2005-03-17 16:23:19 -08:00
Tim Rice
12ee8e241e - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional. 
Make --without-opensc work.
 2005-03-17 13:37:04 -08:00
Tim Rice
c390c8dc68 - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. This platform is 
too old and too broken.
 2005-03-07 01:21:37 -08:00