Commit Graph

784 Commits

Author SHA1 Message Date
Damien Miller
ce178be0d9 tweak back-compat for older libfido2 2020-08-27 20:01:52 +10:00
Damien Miller
bbcc858ded degrade semi-gracefully when libfido2 is too old 2020-08-27 12:37:12 +10:00
Darren Tucker
eaf8672b1b Remove check for 'ent' command.
It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which
has long since been removed and there are no other references to it.
2020-08-21 00:07:48 +10:00
Damien Miller
ea1f649046 support NetBSD's utmpx.ut_ss address field
bz#960, ok dtucker
2020-08-05 08:58:57 +10:00
Darren Tucker
ae7527010c Remove AC_REVISION.
It hasn't been useful since we switched to git in 2014.  ok djm@
2020-07-31 15:19:56 +10:00
Darren Tucker
89fc3f414b Use argv in OSSH_CHECK_CFLAG_COMPILE test.
configure.ac is not detecting -Wextra in compilers that implement the
option. The problem is that -Wextra implies -Wunused-parameter, and the
C excerpt used by aclocal.m4 does not use argv.  Patch from pedro at
ambientworks.net, ok djm@
2020-07-28 19:40:30 +10:00
Damien Miller
5b56bd0aff detect Linux/X32 systems
This is a frankenstein monster of AMD64 instructions/calling conventions
but with a 4GB address space. Allegedly deprecated but people still run
into it causing weird sandbox failures, e.g. bz#3085
2020-07-17 13:21:56 +10:00
Damien Miller
6fcfd303d6 add check for fido_cred_set_prot() to configure 2020-07-03 15:28:27 +10:00
djm@openbsd.org
976c4f8628 upstream: avoid spurious error message when ssh-keygen creates files
outside ~/.ssh; with dtucker@

OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08
2020-06-26 15:44:47 +10:00
Andreas Schwab
3de02be39e Add support for AUDIT_ARCH_RISCV64 2020-06-05 13:31:17 +10:00
Darren Tucker
08ce6b2210 Skip building sk-dummy library if no SK support. 2020-05-13 13:56:45 +10:00
Darren Tucker
4fa9e048c2 Ensure SA_SIGNAL test only signals itself.
When the test's child signals its parent and it exits the result of
getppid changes.  On Ubuntu 20.04 this results in the ppid being that
of the GDM session, causing it to exit.  Analysis and testing from pedro
at ambientworks.net
2020-05-08 21:50:43 +10:00
Darren Tucker
59d531553f Check if -D_REENTRANT is needed for localtime_r.
On at least HP-UX 11.11, the localtime_r declararation is behind
ifdef _REENTRANT.  Check for and add if needed.
2020-05-07 15:39:00 +10:00
Darren Tucker
e9dc986372 Use LONG_LONG_MAX and friends if available.
If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX}
then use those instead.  We do calculate these values in configure,
but it turns out that at least one compiler (old HP ANSI C) can't
parse "-9223372036854775808LL" without mangling it. (It can parse
"-9223372036854775807LL" which is presumably why its limits.h defines
LONG_LONG_MIN as the latter minus 1.)

Fixes rekey test when compiled with the aforementioned compiler.
2020-05-01 18:41:40 +10:00
Darren Tucker
6c6072ba8b See if SA_RESTART signals will interrupt select().
On some platforms (at least older HP-UXes such as 11.11, possibly others)
setting SA_RESTART on signal handers will cause it to not interrupt
select(), at least for calls that do not specify a timeout.  Try to
detect this and if found, don't use SA_RESTART.

POSIX says "If SA_RESTART has been set for the interrupting signal, it
is implementation-dependent whether select() restarts or returns with
[EINTR]" so this behaviour is within spec.
2020-05-01 15:09:26 +10:00
Darren Tucker
7f23f42123 Include sys/byteorder.h for htons and friends.
These are usually in netinet/in.h but on HP-UX they are not defined if
_XOPEN_SOURCE_EXTENDED is set.  Only needed for netcat in the regression
tests.
2020-05-01 12:51:36 +10:00
Damien Miller
abe2b245b3 prefer libcrypto chacha20-poly1305 where possible 2020-04-03 17:26:29 +11:00
Darren Tucker
0eaca933ae Include fido.h when checking for fido/credman.h.
It's required for fido_dev_t, otherwise configure fails with
when given --with-security-key-builtin.
2020-03-14 20:58:46 +11:00
djm@openbsd.org
d081f017c2 upstream: spelling errors in comments; no code change from
OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
2020-03-14 19:39:09 +11:00
Darren Tucker
d4860ec4ef Check if getpeereid is actually declared.
Check in sys/socket.h (AIX) and unistd.h (FreeBSD, DragonFLy and OS X).
Prevents undeclared function warning on at least some versions of AIX.
2020-02-17 22:48:50 +11:00
Darren Tucker
849a9b8714 Don't look for UINT32_MAX in inttypes.h
... unless we are actually going to use it.  Fixes build on HP-UX
without the potential impact to other platforms of a header change
shortly before release.
2020-02-06 12:21:49 +11:00
Darren Tucker
bb63ff844e Look in inttypes.h for UINT32_MAX.
Should prevent warnings on at least some AIX versions.
2020-01-30 18:54:42 +11:00
Darren Tucker
638a45b5c1 Wrap stdint.h in tests inside HAVE_STDINT_H. 2020-01-26 14:05:40 +11:00
Darren Tucker
633a2af47e Plumb WITH_ZLIB into configure.
This allows zlib support to be disabled by ./configure --without-zlib.
2020-01-23 22:16:51 +11:00
Ruben Kerkhof
0c428c0e99 configure.ac: fix ldns test
When running ./configure --with-ldns, if ldns-config cannot be found, we
add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that.
2020-01-21 10:46:11 +11:00
Darren Tucker
e0cedcad51 Improve search for 'struct timespec'.
Make struct timespec test consistent with existing timeval test.
Include time.h for timespec in compat header where required.
2020-01-14 14:28:01 +11:00
Darren Tucker
26b2675b0c Remove configure test & compat code for ripemd160.
RIPEMD160 support was removed upstream in 2017, however we still had
a configure test and compat code for it, so clean those up now.
2020-01-14 12:05:00 +11:00
Damien Miller
633778d567 only link ssh-sk-helper against libfido2 2019-12-14 08:40:58 +11:00
Darren Tucker
afffd31036 Check if memmem is declared in system headers.
If the system (or one of the dependencies) implements memmem but does
not define the header, we would not declare it either resulting in
compiler warnings.  Check for declaration explicitly.  bz#3102.
2019-12-11 13:22:06 +11:00
Damien Miller
443848155f compile sk-dummy.so with no-PIE version of LDFLAGS
This lets it pick up the -L path to libcrypto for example.
2019-11-29 15:10:21 +11:00
Damien Miller
b218055e59 (yet) another x-platform fix for sk-dummy.so
Check for -fPIC support from compiler

Compile libopenbsd-compat -fPIC

Don't mix -fPIE and -fPIC when compiling
2019-11-29 12:32:23 +11:00
Darren Tucker
6cf1c40096 Enable -Wimplicit-fallthrough if supported
Suggested by djm.
2019-11-18 14:14:18 +11:00
Darren Tucker
39b87104cd Add wrappers for other ultrix headers.
Wrappers protect against multiple inclusions for headers that don't do
it themselves.
2019-11-15 18:56:54 +11:00
Darren Tucker
9c6d0a3a1e Remove ultrix realpath hack. 2019-11-15 17:13:19 +11:00
Damien Miller
5c0bc273cb configure flag to built-in security key support
Require --with-security-key-builtin before enabling the built-in
security key support (and consequent dependency on libfido2).
2019-11-15 16:08:00 +11:00
Damien Miller
63a5b24f2d don't fatal if libfido2 not found
spotted by dtucker@
2019-11-15 11:21:49 +11:00
djm@openbsd.org
6bff9521ab upstream: directly support U2F/FIDO2 security keys in OpenSSH by
linking against the (previously external) USB HID middleware. The dlopen()
capability still exists for alternate middlewares, e.g. for Bluetooth, NFC
and test/debugging.

OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-15 09:57:30 +11:00
Darren Tucker
382c18c20c statfs might be defined in sys/mount.h.
eg on old NetBSDs.
2019-11-03 00:09:21 +11:00
Darren Tucker
f5cc5816aa Only enable U2F if OpenSSL supports ECC.
This requires moving the U2F bits to below the OpenSSL parts so we have
the required information.  ok djm@
2019-11-02 16:39:38 +11:00
Darren Tucker
9cac151c2d Add flags needed to build and work on Ultrix. 2019-11-01 18:27:37 +11:00
Darren Tucker
0e3c5bc509 Hook up fnmatch for platforms that don't have it. 2019-11-01 18:27:37 +11:00
Darren Tucker
79d46de9fb Use sftp_realpath if no native realpath. 2019-11-01 18:27:37 +11:00
Darren Tucker
bb4f003ed8 Configure flags for haiku from haikuports.
Should build with the default flags with ./configure
2019-11-01 15:06:16 +11:00
Damien Miller
764d51e044 autoconf pieces for U2F support
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
2019-11-01 13:35:34 +11:00
Darren Tucker
1bcd1169c5 Add implementation of localtime_r. 2019-10-29 20:48:46 +11:00
Darren Tucker
d561b0b2fa Make sure we have struct statfs before using. 2019-10-28 16:27:53 +11:00
Darren Tucker
2912596aec Define UINT32_MAX if needed. 2019-10-28 16:27:53 +11:00
Darren Tucker
9239a18f96 Add a function call stackprotector tests.
Including a function call in the test programs for the gcc stack
protector flag tests exercises more of the compiler and makes it more
likely it'll detect problems.
2019-10-24 14:39:49 +11:00
Damien Miller
e0e7e3d0e2 tweak warning flags
Enable -Wextra if compiler supports it

Set -Wno-error=format-truncation if available to prevent expected
string truncations in openbsd-compat from breaking -Werror builds
2019-08-30 14:26:19 +10:00
Damien Miller
28744182cf proc_pidinfo()-based closefrom() for OS X
Refactor closefrom() to use a single brute-force close() loop fallback.

Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
2019-08-30 13:23:04 +10:00