Damien Miller
7d0ba53366
include version number in OpenSSL-too-old error
2014-10-30 10:45:41 +11:00
Damien Miller
3d673d103b
- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
...
using memset_s() where possible; improve fallback to indirect bzero
via a volatile pointer to give it more of a chance to avoid being
optimised away.
2014-08-27 06:32:01 +10:00
Damien Miller
d244a5816f
- (djm) [configure.ac] We now require a working vsnprintf everywhere (not
...
just for systems that lack asprintf); check for it always and extend
test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
Damien Miller
394a60f259
- (djm) [configure.ac] double braces to appease autoconf
2014-08-22 18:06:20 +10:00
Damien Miller
6d62784b89
- (djm) [configure.ac] include leading zero characters in OpenSSL version
...
number; fixes test for unsupported versions
2014-08-22 17:36:19 +10:00
Damien Miller
2195847e50
- (djm) [configure.ac] Check OpenSSL version is supported at configure time;
...
suggested by Kevin Brott
2014-08-20 11:05:03 +10:00
Damien Miller
00f9cd2307
- (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
...
has been located; fixes builds agains libressl-portable
2014-07-15 10:41:38 +10:00
Damien Miller
8da0fa2493
- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
...
doesn't support it.
2014-07-03 11:54:19 +10:00
Darren Tucker
f9696566fb
- (dtucker) [configure.ac] Remove tcpwrappers support, support has already
...
been removed from sshd.c.
2014-06-13 11:06:04 +10:00
Damien Miller
6482d90a65
- (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
...
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
separation user at runtime, since it may need to be a domain account.
Patch from Corinna Vinschen.
2014-05-27 14:34:42 +10:00
Damien Miller
18912775cb
- (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
...
vhangup on Linux. It doens't work for non-root users, and for them
it just messes up the tty settings.
2014-05-21 17:06:46 +10:00
Damien Miller
e5b9f0f2ee
- (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
...
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 14:58:07 +10:00
Damien Miller
b9c566788a
- (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
...
portability glue to support building without libcrypto
2014-05-15 14:43:37 +10:00
Tim Rice
03ae081aea
20140221
...
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-21 09:09:34 -08:00
Darren Tucker
4a20959d2e
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
...
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-13 16:38:32 +11:00
Damien Miller
1d2c456426
- tedu@cvs.openbsd.org 2014/01/31 16:39:19
...
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller
f5bbd3b657
- (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
...
different symbols for 'read' when various compiler flags are
in use, causing atomicio.c comparisons against it to break and
read/write operations to hang; ok dtucker
2014-01-30 11:26:46 +11:00
Damien Miller
c2868192dd
- (djm) [configure.ac] Only check for width-specified integer types
...
in headers that actually exist. patch from Tom G. Christensen;
ok dtucker@
2014-01-30 10:21:19 +11:00
Damien Miller
c161fc90fc
- (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
...
Tom G. Christensen
2014-01-29 21:01:33 +11:00
Damien Miller
ab03949058
- (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
...
ok dtucker
2014-01-28 15:07:10 +11:00
Damien Miller
5b447c0aac
- (djm) [configure.ac] correct AC_DEFINE for previous.
2014-01-26 09:46:53 +11:00
Damien Miller
2035b2236d
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
...
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
2014-01-26 09:39:53 +11:00
Damien Miller
603b8f47f1
- (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
...
against the correct thing.
2014-01-25 13:16:59 +11:00
Damien Miller
c96d85376d
- (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
...
sys/capability.h exists and cap_rights_limit is in libc. Fixes
build on FreeBSD9x which provides the header but not the libc
support.
2014-01-25 13:12:28 +11:00
Damien Miller
f62ecef993
- (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
2014-01-25 12:34:38 +11:00
Darren Tucker
42a0925301
- (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
...
incompatible with OpenBSD's despite post-dating it by more than a decade.
Declare it as broken, and document FreeBSD's as the same. ok djm@
2014-01-23 23:14:39 +11:00
Damien Miller
5c2ff5e31f
- (djm) [configure.ac aclocal.m4] More tests to detect fallout from
...
platform hardening options: include some long long int arithmatic
to detect missing support functions for -ftrapv in libgcc and
equivalents, actually test linking when -ftrapv is supplied and
set either both -pie/-fPIE or neither. feedback and ok dtucker@
2014-01-22 21:30:12 +11:00
Damien Miller
852472a54b
- (djm) [configure.ac] Unless specifically requested, only attempt
...
to build Position Independent Executables on gcc >= 4.x; ok dtucker
2014-01-22 16:31:18 +11:00
Darren Tucker
096118dc73
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
...
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
2014-01-21 12:48:51 +11:00
Darren Tucker
fdce373166
- (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
...
optind) are defined in getopt.h already. Unfortunately they are defined as
"declspec(dllimport)" for historical reasons, because the GNU linker didn't
allow auto-import on PE/COFF targets way back when. The problem is the
dllexport attributes collide with the definitions in the various source
files in OpenSSH, which obviousy define the variables without
declspec(dllimport). The least intrusive way to get rid of these warnings
is to disable warnings for GCC compiler attributes when building on Cygwin.
Patch from vinschen at redhat.com.
2014-01-18 21:12:42 +11:00
Darren Tucker
9edcbff46f
- (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off
...
stack-protector since that has a separate flag that's been around a while.
2014-01-17 21:54:32 +11:00
Darren Tucker
6d725687c4
- (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
2014-01-17 19:17:34 +11:00
Darren Tucker
a5cf1e220d
- (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
...
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
to be useful (and for the regression tests to pass) on platforms that
have statfs and fstatfs. ok djm@
2014-01-17 18:10:58 +11:00
Darren Tucker
d23a91ffb2
- (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
...
openbsd-compat/openssl-compat.h] Add compatibility layer for older
openssl versions. ok djm@
2014-01-17 17:32:30 +11:00
Damien Miller
868ea1ea1c
- (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
...
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
[sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-17 16:47:04 +11:00
Darren Tucker
c548722361
- (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
...
separate lines and alphabetize for easier diffing of changes.
2014-01-17 15:12:16 +11:00
Darren Tucker
fd994379dd
- (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
...
hardening flags including -fstack-protector-strong. These default to on
if the toolchain supports them, but there is a configure-time knob
(--without-hardening) to disable them if necessary. ok djm@
2014-01-17 09:53:24 +11:00
Darren Tucker
1fcec9d4f2
- (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
...
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
2013-12-19 11:00:12 +11:00
Damien Miller
1ff130dac9
- [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
...
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
2013-12-07 11:51:51 +11:00
Damien Miller
a913442bac
- [Makefile.in] Add ed25519 sources
2013-12-07 11:35:36 +11:00
Darren Tucker
8369c8e61a
- (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
...
-L location for libedit. Patch from Serge van den Boom.
2013-12-05 11:00:16 +11:00
Darren Tucker
dd5264db5f
- (dtucker) [configure.ac] Add missing "test".
2013-11-09 22:32:51 +11:00
Darren Tucker
95cb2d4eb0
- (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
2013-11-09 22:02:31 +11:00
Darren Tucker
37bcef51b3
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
...
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897 ).
2013-11-09 18:39:25 +11:00
Darren Tucker
882abfd3fb
- (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
...
and pass in TEST_ENV. Unknown options cause stderr to get polluted
and the stderr-data test to fail.
2013-11-09 00:17:41 +11:00
Darren Tucker
4bf7e50e53
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
...
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
2013-11-07 22:33:48 +11:00
Damien Miller
df8b030b15
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
...
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
Darren Tucker
007e3b357e
- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
...
for platforms that don't have them.
2013-11-03 18:43:55 +11:00
Darren Tucker
f3ab2c5f9c
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
...
for building with older Heimdal versions. ok djm.
2013-08-04 21:48:41 +10:00
Darren Tucker
6d8bd57448
- (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
...
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
Darren Tucker
ae133d4b31
- (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
...
platforms that don't have multibyte character support (specifically,
mblen).
2013-06-06 08:30:20 +10:00
Darren Tucker
16cac190eb
- (dtucker) [configure.ac] Some other platforms need sys/types.h before
...
sys/socket.h.
2013-06-04 12:55:24 +10:00
Darren Tucker
0b43ffe143
- (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
2013-06-03 09:30:44 +10:00
Tim Rice
5ab9b63468
- (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
...
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
Darren Tucker
898ac935e5
- (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
...
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
Darren Tucker
ef4901c3eb
- (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
...
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
Darren Tucker
a710891659
- (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
...
back to time(NULL) if we can't find it anywhere.
2013-06-02 08:18:31 +10:00
Darren Tucker
c7aad0058c
- (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
...
rather than trying to enumerate the plaforms that don't have them.
Based on a patch from Nathan Osman, with help from tim@.
2013-06-02 07:18:47 +10:00
Darren Tucker
c0c3373216
- (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
...
using openssl's DES_crpyt function on platorms that don't have a native
one, eg Android. Based on a patch from Nathan Osman.
2013-06-02 06:28:03 +10:00
Darren Tucker
efdf534214
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
...
implementation of endgrent for platforms that don't have it (eg Android).
Loosely based on a patch from Nathan Osman, ok djm
2013-05-30 08:29:08 +10:00
Darren Tucker
e194ba4111
- (dtucker) [configure.ac readconf.c servconf.c
...
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
Darren Tucker
c54e3e0741
- (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
...
we don't get a warning on compilers that *don't* support it. Add
-Wno-unknown-warning-option. Move both to the start of the list for
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
Darren Tucker
abbc7a7c02
- (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
...
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
Damien Miller
6332da2ae8
- (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
...
platforms, such as Android, that lack struct passwd.pw_gecos. Report
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
Darren Tucker
ce1c9574fc
- (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
...
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
Darren Tucker
c8a0f27c6d
- (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
2013-03-22 12:49:14 +11:00
Damien Miller
63b4bcd04e
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
...
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
Tim Rice
aa86c3970f
- (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
...
of the bits the configure test looks for.
2013-03-16 20:55:46 -07:00
Damien Miller
f4db77d766
- (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
Damien Miller
a2438bbd28
- (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
...
is unable to successfully compile them. Based on patch from des AT
des.no
2013-03-15 10:23:07 +11:00
Darren Tucker
aa97d13fa2
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
...
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
2013-03-12 11:31:05 +11:00
Damien Miller
e4f4347822
- (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
...
chance to complete on broken systems; ok dtucker@
2013-03-08 12:14:22 +11:00
Darren Tucker
ff008ded7f
- (dtucker) [configure.ac] test that we can set number of file descriptors
...
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
2013-03-06 17:48:48 +11:00
Darren Tucker
5f0e54c892
- (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
...
Kevin Brott.
2013-03-05 19:57:39 +11:00
Darren Tucker
03978c61f3
- (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
...
to use Solaris native GSS libs. Patch from Pierre Ossman.
2013-02-25 11:24:44 +11:00
Damien Miller
b87f6b70f8
- (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
...
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
ok tim
2013-02-23 09:12:23 +11:00
Damien Miller
91f40d8592
- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
...
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
ok dtucker
2013-02-22 11:37:00 +11:00
Darren Tucker
a2b5a4c746
- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
...
libgss too. Patch from Pierre Ossman, ok djm.
2013-02-22 10:43:15 +11:00
Darren Tucker
964de184a8
- (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
...
ssh(1) since they're not needed. Patch from Pierre Ossman.
2013-02-22 10:39:59 +11:00
Darren Tucker
8e6fb780e5
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
...
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
platforms that don't have it.
2013-02-15 12:13:01 +11:00
Darren Tucker
3c4a24c3e3
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
Damien Miller
b6f73b3af6
- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
...
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-11 10:39:12 +11:00
Darren Tucker
951b53b1be
- (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
...
__attribute__ on return values and work around if necessary. ok djm@
2013-02-08 11:50:09 +11:00
Damien Miller
5c3bbd76aa
- (djm) [configure.ac] Don't probe seccomp capability of running kernel
...
at configure time; the seccomp sandbox will fall back to rlimit at
runtime anyway. Patch from plautrba AT redhat.com in bz#2011
2013-02-07 10:11:05 +11:00
Damien Miller
d522c68872
- (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
...
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
cipher compat code to openssl-compat.h
2013-01-09 16:42:47 +11:00
Damien Miller
25a02b0c95
- (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
...
compat code for older OpenSSL
2012-12-13 08:18:56 +11:00
Damien Miller
8b48982a56
- (djm) [configure.ac] Revert previous. configure.ac already does this
...
for us.
2012-12-03 12:35:55 +11:00
Damien Miller
03af12e930
- (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
...
debugging. ok dtucker@
2012-12-03 11:55:53 +11:00
Damien Miller
77eab7b024
- (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
...
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
esperi.org.uk; ok dtucker@
2012-07-06 11:49:28 +10:00
Darren Tucker
34f702ae64
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
...
platforms that don't have it. "looks good" tim@
2012-07-04 08:50:09 +10:00
Darren Tucker
d545a4b974
- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
...
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
benefit is minor, so it's not worth disabling the sandbox if it doesn't
work.
2012-07-03 22:48:31 +10:00
Darren Tucker
60395f91c6
- (dtucker) [configure.ac] Detect platforms that can't use select(2) with
...
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
2012-07-03 14:31:18 +10:00
Darren Tucker
593538911a
- (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
...
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
2012-05-19 15:24:37 +10:00
Darren Tucker
d0494fdb29
- (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
...
from cjwatson at debian org.
2012-05-19 14:25:39 +10:00
Darren Tucker
e1a3ddf992
- (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
...
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
2012-05-04 11:05:45 +10:00
Damien Miller
398c0ffe0e
- (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
...
contains openpty() but not login()
2012-04-19 21:46:35 +10:00
Damien Miller
e0956e3834
- (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
...
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
2012-04-04 11:27:54 +10:00
Darren Tucker
93a2d41505
- (dtucker) [audit-bsm.c configure.ac] bug #1968 : enable workarounds for BSM
...
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-24 10:40:41 +11:00
Darren Tucker
e9b3ad73ba
- (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
...
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
Darren Tucker
4a725ef6a5
- (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
2011-11-21 16:38:48 +11:00
Darren Tucker
aa3cbd1b5b
- (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
2011-11-04 11:25:24 +11:00
Darren Tucker
b0b29cc0c5
remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim
2011-10-02 18:49:24 +11:00
Darren Tucker
b54f50e5d0
- (dtucker) [configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/strnlen.c] Add strnlen to the compat library.
2011-09-29 23:17:18 +10:00
Damien Miller
5ffe1c4b43
- (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
...
from des AT des.no
2011-09-29 11:11:51 +10:00
Tim Rice
a6e60616be
- (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
2011-08-17 21:48:22 -07:00
Damien Miller
1a91c0f163
- (djm) [configure.ac] error out if the host lacks the necessary bits for
...
an explicitly requested sandbox type
2011-08-17 11:59:25 +10:00
Damien Miller
cd5e52ee78
- (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
...
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
markus@
2011-06-27 07:18:18 +10:00
Damien Miller
69ff1df952
- djm@cvs.openbsd.org 2011/06/22 21:57:01
...
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
[sandbox-systrace.c sandbox.h configure.ac Makefile.in]
introduce sandboxing of the pre-auth privsep child using systrace(4).
This introduces a new "UsePrivilegeSeparation=sandbox" option for
sshd_config that applies mandatory restrictions on the syscalls the
privsep child can perform. This prevents a compromised privsep child
from being used to attack other hosts (by opening sockets and proxying)
or probing local kernel attack surface.
The sandbox is implemented using systrace(4) in unsupervised "fast-path"
mode, where a list of permitted syscalls is supplied. Any syscall not
on the list results in SIGKILL being sent to the privsep child. Note
that this requires a kernel with the new SYSTR_POLICY_KILL option.
UsePrivilegeSeparation=sandbox will become the default in the future
so please start testing it now.
feedback dtucker@; ok markus@
2011-06-23 08:30:03 +10:00
Damien Miller
c09182f613
- (djm) [configure.ac] enable setproctitle emulation for OS X
2011-06-03 12:11:38 +10:00
Tim Rice
90f42b0705
- (tim) [configure.ac defines.h] Run test program to detect system mail
...
directory. Add --with-maildir option to override. Fixed OpenServer 6
getting it wrong. Fixed many systems having MAIL=/var/mail//username
ok dtucker
2011-06-02 18:17:49 -07:00
Damien Miller
b176362d26
- (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
...
options, we should corresponding -W-option when trying to determine
whether it is accepted. Also includes a warning fix on the program
fragment uses (bad main() return type).
bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 11:45:25 +10:00
Tim Rice
19d8181b86
- (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
...
so autoreconf 2.68 is happy.
2011-05-04 21:44:25 -07:00
Damien Miller
f22019bdbf
- (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
...
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
Tim Rice
648f876566
20110127
...
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
2011-01-26 12:38:57 -08:00
Damien Miller
71adf127e8
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
...
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
Darren Tucker
79241377df
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
...
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
2011-01-22 09:37:01 +11:00
Damien Miller
e323ebc250
- (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
...
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
2011-01-19 23:12:27 +11:00
Darren Tucker
ea52a82969
- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
...
configure.ac defines.h loginrec.c] Bug #1402 : add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 21:15:27 +11:00
Damien Miller
58497780ab
- (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
...
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 16:17:09 +11:00
Darren Tucker
50c61f88ab
- (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
...
on configurations that don't have it.
2011-01-16 18:28:09 +11:00
Tim Rice
9b87a5ce3c
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
...
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
Damien Miller
134d02a494
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
...
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
2011-01-12 16:00:37 +11:00
Damien Miller
945aa0c744
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
...
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
Damien Miller
30a69e7bba
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
...
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
Damien Miller
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
Darren Tucker
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Tim Rice
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
Darren Tucker
eab5f0df90
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
...
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
Darren Tucker
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
Damien Miller
1f78980099
- (djm) [configure.ac] Use = instead of == in shell tests. Patch from
...
dr AT vasco.com
2010-10-11 22:35:22 +11:00
Damien Miller
a6e121aaa0
- djm@cvs.openbsd.org 2010/09/25 09:30:16
...
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
2010-10-07 21:39:17 +11:00
Damien Miller
aa18063baf
- matthew@cvs.openbsd.org 2010/09/24 13:33:00
...
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
2010-10-07 21:25:27 +11:00
Damien Miller
6af914a15c
- (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
...
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
[ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 11:39:26 +10:00
Darren Tucker
aa74f6754a
- (dtucker) [configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
the compat library which helps on platforms like old IRIX. Based on work
by djm, tested by Tom Christensen.
2010-08-16 13:15:23 +10:00
Darren Tucker
9f8703b573
- (dtucker) [configure.ac] Bug #1756 : Check for the existence of a lib64 dir
...
in the openssl install directory (some newer openssl versions do this on at
least some amd64 platforms).
2010-04-23 11:12:06 +10:00
Darren Tucker
627337d95b
- (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
...
back so we disable the IPv6 tests if we don't have it.
2010-04-10 22:58:01 +10:00
Darren Tucker
261d93a5cf
- (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732 : enable
...
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
2010-04-09 18:13:27 +10:00
Darren Tucker
c4ccb12ee4
- (dtucker) [configure.ac] Bug #1744 : use pkg-config for libedit flags if we
...
have it and the path is not provided to --with-libedit. Based on a patch
from Iain Morgan.
2010-04-09 14:04:35 +10:00
Darren Tucker
a83d90fbab
- (dtucker) [configure.ac] Bug #1741 : Add section for Haiku, patch originally
...
by Ingo Weinhold via Scott McCreary, ok djm@
2010-03-26 10:27:33 +11:00
Darren Tucker
c9fe39b1a4
- (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
...
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-09 20:42:30 +11:00
Damien Miller
9527f228ae
- (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@
2010-03-05 15:04:35 +11:00
Damien Miller
b3c9f78711
- (djm) [configure.ac] Enable PKCS#11 support only when we find a working
...
dlopen()
2010-02-12 10:11:34 +11:00
Damien Miller
d8f6002272
- (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
...
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
Remove obsolete smartcard support
2010-02-12 09:34:22 +11:00
Damien Miller
7ea845e48d
- markus@cvs.openbsd.org 2010/02/08 10:50:20
...
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Damien Miller
1d2bfc4118
- (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for
...
getseuserbyname; patch from calebcase AT gmail.com via
cjwatson AT debian.org
2010-02-10 10:19:29 +11:00
Tim Rice
6761c7417d
- (tim) [configure.ac] Due to constraints in Windows Sockets in terms of
...
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
in Cygwin to 65535. Patch from Corinna Vinschen.
2010-01-22 10:25:15 -08:00
Tim Rice
641ebf1f86
- (tim) [configure.ac] Use the C99-conforming functions snprintf() and
...
vsnprintf() named _xsnprintf() and _xvsnprintf() on SVR5 systems.
2010-01-17 17:05:39 -08:00
Tim Rice
7ab7b9346d
- (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too.
2010-01-17 12:48:22 -08:00
Tim Rice
4a7db1ca2f
- (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native
...
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
2010-01-16 12:23:25 -08:00
Darren Tucker
909a390bb8
- (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability
...
for pwcache. Also, added caching of negative hits.
2010-01-15 12:38:30 +11:00
Darren Tucker
8c65f646a9
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
...
Remove hacks add for RoutingDomain in preparation for its removal.
2010-01-10 10:26:57 +11:00
Darren Tucker
1f5e3dc274
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make
...
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 19:53:52 +11:00
Darren Tucker
c8802aac28
- (dtucker) Bug #1470 : Disable OOM-killing of the listening sshd on Linux,
...
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
2009-12-08 13:39:48 +11:00
Darren Tucker
1533311f4c
- (dtucker) Bug #1160 : use pkg-config for opensc config if it's available.
...
Tested by Martin Paljak.
2009-12-07 11:15:43 +11:00
Darren Tucker
c182d99376
- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
...
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
lstat.
2009-10-11 21:50:20 +11:00
Darren Tucker
538738d861
- (dtucker) d_type is not mandated by POSIX, so add fallback code using
...
stat(), needed on at least cygwin.
2009-10-07 18:56:10 +11:00
Darren Tucker
4adeac764e
- (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at
...
least dragonflybsd.
2009-10-07 15:49:48 +11:00
Darren Tucker
e02b49a806
- (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
...
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
from jbasney at ncsa uiuc edu.
2009-09-11 14:56:08 +10:00
Darren Tucker
dad48e7a96
- (dtucker) [configure.ac] Bug #1639 : use AC_PATH_PROG to search the path for
...
krb5-config if it's not in the location specified by --with-kerberos5.
Patch from jchadima at redhat.
2009-09-01 18:26:00 +10:00
Darren Tucker
ac9f1b9b89
- (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry.
2009-08-28 15:01:20 +10:00
Darren Tucker
86e30a0166
- (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
...
size a compile-time option and set it to 64k on Cygwin, since Corinna
reports that it makes a significant difference to performance. ok djm@
2009-08-28 11:21:06 +10:00
Darren Tucker
3980b63631
- (dtucker) [channels.c configure.ac] Bug #1528 : skip the tcgetattr call on
...
the pty master on Solaris, since it never succeeds and can hang if large
amounts of data is sent to the slave (eg a copy-paste). Based on a patch
originally from Doke Scott, ok djm@
2009-08-28 11:02:37 +10:00
Darren Tucker
83d8f28336
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
...
zlib, which should make the errors slightly more meaningful on platforms
where there's separate "-devel" packages for those.
2009-08-17 09:35:22 +10:00
Darren Tucker
c4b22ca1c8
- (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test,
...
prevents configure complaining on older BSDs.
2009-07-12 21:56:29 +10:00
Darren Tucker
3278062bf3
- (dtucker) [configure.ac defines.h] Bug #1607 : handle the case where fsid_t
...
is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
2009-06-16 16:11:02 +10:00
Tim Rice
a74000eb9e
- (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
...
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
Based on patch from vinschen at redhat com.
2009-03-18 11:25:02 -07:00
Darren Tucker
3e7e15f1bd
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
...
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
2009-03-07 22:22:35 +11:00
Darren Tucker
30ed668de0
- (dtucker) [configure.ac] Missing comma in type list.
2009-03-07 18:06:22 +11:00
Darren Tucker
ccfee05882
- (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed.
2009-03-07 12:32:22 +11:00
Damien Miller
9055172d03
- (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris
...
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
2009-02-16 15:37:03 +11:00
Damien Miller
20e231f9f8
- (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
...
OSX provides a getlastlogxbyname function that automates the reading of
a lastlog file. Also, the pututxline function will update lastlog so
there is no need for loginrec.c to do it explicitly. Collapse some
overly verbose code while I'm in there.
2009-02-12 13:12:21 +11:00
Tim Rice
2676791c38
- (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section.
...
OpenServer 6 doesn't need libcrypt.
2009-01-07 20:50:08 -08:00
Tim Rice
351529ce30
- (tim) [configure.ac defines.h openbsd-compat/port-uw.c
...
openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
OK djm@ dtucker@
2009-01-07 10:04:12 -08:00
Damien Miller
7df2e40074
- (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
...
use some stack in main().
Report and suggested fix from vapier AT gentoo.org
2008-12-08 09:35:36 +11:00
Tim Rice
0f4d2c02f2
- (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
...
member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
feedback by djm@
2008-11-18 21:26:41 -08:00
Damien Miller
73193b3693
- (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x
2008-07-09 21:07:19 +10:00
Damien Miller
ff2e492028
- (djm) [configure.ac] unbreak: remove extra closing brace
2008-07-05 09:52:03 +10:00
Damien Miller
20d1694719
- (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for
...
Tru64. readv doesn't seem to be a comparable object there.
bz#1386, patch from dtucker@ ok me
2008-07-05 09:36:58 +10:00
Darren Tucker
330c93f68a
- (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc.
2008-06-16 02:27:48 +10:00
Darren Tucker
30fd49e606
- (dtucker) [configure.ac] Bug #1276 : avoid linking against libgssapi, which
...
despite its name doesn't seem to implement all of GSSAPI. Patch from
Jan Engelhardt, sanity checked by Simon Wilkinson.
2008-06-14 09:14:46 +10:00
Damien Miller
4401e45be6
- (djm) [channels.c configure.ac]
...
Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
bz#1464; ok dtucker
2008-06-12 06:05:12 +10:00
Darren Tucker
5d37690a1f
- (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
...
specific tests on platforms that don't do IPv6.
2008-06-11 04:15:05 +10:00
Darren Tucker
77001384cc
- (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a
...
macro to convert fsid to unsigned long for platforms where fsid is a
2-member array.
2008-06-09 06:17:53 +10:00
Darren Tucker
598eaa6c0c
- (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c
...
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
fstatvfs and remove #defines around statvfs code. ok djm@
2008-06-09 03:32:29 +10:00
Darren Tucker
5b2e2ba9e4
- (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] Do not enable statvfs extensions on platforms that do not have statvfs. ok djm@
2008-06-08 09:25:28 +10:00
Damien Miller
a7058ec7c0
- (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in]
...
[openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
Fix compilation on Linux, including pulling in fmt_scaled(3)
implementation from OpenBSD's libutil.
2008-05-20 08:57:06 +10:00
Damien Miller
a4be7c23fd
- (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
...
[configure.ac] Implement arc4random_buf(), import implementation of
arc4random_uniform() from OpenBSD
2008-05-19 14:47:37 +10:00
Damien Miller
5b1c8b3103
- (djm) [configure.ac] --with-selinux too
2008-03-27 12:33:07 +11:00
Damien Miller
da3155e159
- (djm) [configure.ac] fix alignment of --without-stackprotect description
2008-03-27 12:30:18 +11:00
Darren Tucker
fe1cf97ee8
- (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
...
platforms where gcc understands the option but it's not supported (and
thus generates a warning).
2008-03-09 22:50:50 +11:00
Darren Tucker
b7918afddf
- (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
...
always work for all platforms and versions, so test what we can and
add a configure flag to turn it of if needed. ok djm@
2008-03-09 11:34:23 +11:00
Darren Tucker
54e859f63d
- (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
...
either, so use our own.
2008-03-02 21:52:27 +11:00
Darren Tucker
0f26b1386a
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081 : Implement
...
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
2008-02-28 23:16:04 +11:00
Darren Tucker
e1c4c54211
- (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
...
linking problems on AIX with gcc 4.1.x.
2008-02-28 15:01:13 +11:00
Darren Tucker
acada07b52
- (dtucker) [configure.ac audit-bsm.c] Bug #1420 : Add a local implementation
...
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
2008-02-25 21:05:04 +11:00
Darren Tucker
d4827ab50c
- (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
2008-01-02 18:08:45 +11:00
Darren Tucker
528d6fa10a
- (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407 : force use of
...
builtin glob implementation on Mac OS X. Based on a patch from
vgiffin at apple.
2007-12-31 21:29:26 +11:00
Darren Tucker
319b3d9b00
- (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
...
gcc supports it. ok djm@
2007-12-02 21:02:22 +11:00
Darren Tucker
bc1bd9dbe3
- (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
...
so disable it for that platform. From bacon at cs nyu edu.
2007-09-27 07:03:20 +10:00
Darren Tucker
7c92a65a1d
- (dtucker) [configure.ac atomicio.c] Fall back to <sys/poll.h> if we don't
...
have <poll.h> (eq QNX). From bacon at cs nyu edu.
2007-09-27 07:00:09 +10:00
Tim Rice
0eeaf127b5
- (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
...
did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
2007-09-10 16:24:17 -07:00
Darren Tucker
8acb3b665b
- (dtucker) [configure.ac] Bug #1343 : Set DISABLE_FD_PASSING for QNX6. From.
...
Matt Kraai, ok djm@.
2007-08-10 14:36:12 +10:00
Darren Tucker
febf0f5668
- (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
Add an implementation of poll() built on top of select(2). Code from
OpenNTPD with changes suggested by djm. ok djm@
2007-06-25 22:15:12 +10:00
Damien Miller
34a176995f
- (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
...
fallback to provided bit-swizzing functions
2007-06-11 14:15:42 +10:00
Tim Rice
aa8954f1d9
20070509
...
- (tim) [configure.ac] Bug #1287 : Add missing test for ucred.h.
2007-05-09 15:57:43 -07:00
Darren Tucker
dca0edff2f
- (dtucker) [configure.ac defines.h] Have configure check for offsetof
...
to prevent redefinition warnings.
2007-04-29 15:06:44 +10:00
Darren Tucker
391de5c023
- (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
...
__nonnull__ for versions of GCC that don't support it.
2007-04-29 14:49:21 +10:00
Darren Tucker
6d862a50db
- (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
...
so we don't get redefinition warnings.
2007-04-29 14:39:02 +10:00
Darren Tucker
cc40d5ecdf
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299 : Use the
...
platform's _res if it has one. Should fix problem of DNSSEC record lookups
on NetBSD as reported by Curt Sampson.
2007-04-29 13:58:06 +10:00
Tim Rice
99203ec48b
20070326
...
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker
20e9f976c1
- (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
...
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
SSHDLIBS. "I like" djm@
2007-03-25 18:26:01 +10:00
Darren Tucker
164aa30e46
- (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287 : Use
...
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
Patch by Jan.Pechanec at Sun.
2007-03-21 21:39:57 +11:00
Damien Miller
9975e48349
- (djm) [configure.ac] add a --without-openssl-header-check option to
...
configure, as some platforms (OS X) ship OpenSSL headers whose version
does not match that of the shipping library. ok dtucker@
2007-03-05 11:51:27 +11:00
Darren Tucker
573e3878b8
- (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
...
CRLF as well as LF lineendings) and write in binary mode. Patch from
vinschen at redhat.com.
2007-03-02 17:50:03 +11:00
Darren Tucker
adc947d5a5
- (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
...
SELinux functions so they're detected correctly. Patch from pebenito at
gentoo.org.
2006-10-07 09:07:20 +10:00
Tim Rice
1cfab23b7f
- (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
...
section so additional platform specific CHECK_HEADER tests will work
correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
Feedback and "seems like a good idea" dtucker@
2006-10-03 09:34:35 -07:00
Darren Tucker
5e8381ee86
- (dtucker) [configure.ac] Bug #1239 : Fix configure test for OpenSSH engine
...
support. Patch from andrew.benham at thus net.
2006-09-29 20:16:51 +10:00
Tim Rice
983b35b281
20060924
...
- (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
to rev 1.308) to work around broken gcc 2.x header file.
2006-09-24 12:08:59 -07:00
Darren Tucker
0ee3cbfc51
- (dtucker) [configure.ac] Bug #1234 : Put opensc libs into $LIBS rather than
...
$LDFLAGS. Patch from vapier at gentoo org.
2006-09-23 16:25:19 +10:00
Darren Tucker
9216c37d60
- (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
...
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
Allows build out of the box with older VAC and XLC compilers. Found by
David Bronder and Bernhard Simon.
2006-09-18 23:17:40 +10:00
Damien Miller
223897a01a
- (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
...
Support SMF in Solaris Packages if enabled by configure. Patch from
Chad Mynhier, tested by dtucker@
2006-09-12 21:54:10 +10:00
Darren Tucker
57b2920ad8
- (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
2006-09-10 20:25:51 +10:00
Darren Tucker
6d0d6fbfdf
- (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
2006-09-09 01:05:21 +10:00
Tim Rice
b8f00193d8
- (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
2006-09-06 18:11:29 -07:00
Darren Tucker
e1fe09968d
- (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
2006-09-05 07:53:38 +10:00
Darren Tucker
3e0891093a
- (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
...
updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
ok djm@
2006-09-04 22:37:41 +10:00
Darren Tucker
ed0b59218e
- (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
...
declaration of writev(2) and declare it ourselves if necessary. Makes
the atomiciov() calls build on really old systems. ok djm@
2006-09-03 22:44:49 +10:00
Darren Tucker
096faecdea
- (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
...
test for GLOB_NOMATCH and use our glob functions if it's not found.
Stops sftp from segfaulting when attempting to get a nonexistent file on
Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
from and tested by Corinna Vinschen.
2006-09-01 20:29:10 +10:00
Damien Miller
1b06dc30ad
- (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
...
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
[openbsd-compat/port-solaris.h] Add support for Solaris process
contracts, enabled with --use-solaris-contracts. Patch from Chad
Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-31 03:24:41 +10:00
Darren Tucker
0eb810015f
- (dtucker) [configure.ac] Remove errant "-".
2006-08-20 21:43:19 +10:00
Darren Tucker
639bbe8bfe
- (dtucker) [configure.ac] Bug #1181 : Explicitly test to see if OpenSSL
...
(0.9.8a and presumably newer) requires -ldl to successfully link.
2006-08-20 20:17:53 +10:00
Darren Tucker
3e6bde483d
- (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
...
fixing bug #1181 . No changes yet.
2006-08-20 20:03:50 +10:00
Darren Tucker
4ba387337c
- (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
...
afterward. Removes the need to mangle $LIBS later to remove -lpam and -ldl.
2006-08-20 19:55:02 +10:00
Damien Miller
bb59814cd6
- (djm) Disable sigdie() for platforms that cannot safely syslog inside
...
a signal handler (basically all of them, excepting OpenBSD);
ok dtucker@
2006-08-19 08:38:23 +10:00
Darren Tucker
d018b2e9c8
- (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
...
closefrom.c from sudo.
2006-08-18 18:51:20 +10:00
Darren Tucker
3083bc2b52
- (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
...
for closefrom() on AIX. Pointed out by William Ahern.
2006-08-17 19:35:49 +10:00
Darren Tucker
f1f4bdd1aa
- (dtucker) [configure.ac] The "crippled AES" test does not work on recent
...
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
rather than just compiling it. Spotted by dlg@.
2006-08-04 19:44:23 +10:00
Darren Tucker
128a0894a5
- (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
...
for SHUT_RD.
2006-07-12 19:02:56 +10:00
Darren Tucker
248469bc8d
- (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK
...
if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably
more.
2006-07-12 14:14:31 +10:00
Darren Tucker
44c828fe29
- (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
...
openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
include paths.h. Fixes build error on Solaris.
2006-07-11 18:00:06 +10:00
Darren Tucker
bdc121279f
- (dtucker) [configure.ac] Try AIX blibpath test in different order when
...
compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
configure would not select the correct libpath linker flags.
2006-07-06 11:56:25 +10:00
Darren Tucker
8b272ab09b
- (dtucker) [configure.ac] Bug #1203 : Add missing '[', which causes problems
...
with autoconf 2.60. Patch from vapier at gentoo.org.
2006-06-27 11:20:28 +10:00
Darren Tucker
0249f93c4d
- (dtucker) [configure.ac] Bug #1193 : Define PASSWD_NEEDS_USERNAME on Solaris.
...
Works around limitation in Solaris' passwd program for changing passwords
where the username is longer than 8 characters. ok djm@
2006-06-24 12:10:07 +10:00
Darren Tucker
9afe115f0a
- (dtucker) [channels.c configure.ac serverloop.c] Bug #1102 : Around AIX
...
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
on the pty slave as zero-length reads on the pty master, which sshd
interprets as the descriptor closing. Since most things don't do zero
length writes this rarely matters, but occasionally it happens, and when
it does the SSH pty session appears to hang, so we add a special case for
this condition. ok djm@
2006-06-23 21:24:12 +10:00
Darren Tucker
3eb4834489
- (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
...
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
from reyk@, tested by anil@
2006-06-23 21:05:12 +10:00
Damien Miller
73b42d2bb0
- (djm) [Makefile.in configure.ac session.c sshpty.c]
...
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880 ; ok dtucker@
2006-04-22 21:26:08 +10:00
Darren Tucker
c495301bf8
- (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
...
/usr/include/crypto. Hint from djm@.
2006-03-16 08:14:34 +11:00
Darren Tucker
8bb9e2c900
- (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
2006-03-15 22:28:17 +11:00
Darren Tucker
486d95e6f7
- (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
2006-03-15 21:31:39 +11:00
Damien Miller
41e364bcfa
- (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
2006-03-15 13:12:41 +11:00