Commit Graph

784 Commits

Author SHA1 Message Date
Damien Miller
7d0ba53366 include version number in OpenSSL-too-old error 2014-10-30 10:45:41 +11:00
Damien Miller
3d673d103b - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
using memset_s() where possible; improve fallback to indirect bzero
   via a volatile pointer to give it more of a chance to avoid being
   optimised away.
2014-08-27 06:32:01 +10:00
Damien Miller
d244a5816f - (djm) [configure.ac] We now require a working vsnprintf everywhere (not
just for systems that lack asprintf); check for it always and extend
   test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-23 17:06:49 +10:00
Damien Miller
394a60f259 - (djm) [configure.ac] double braces to appease autoconf 2014-08-22 18:06:20 +10:00
Damien Miller
6d62784b89 - (djm) [configure.ac] include leading zero characters in OpenSSL version
number; fixes test for unsupported versions
2014-08-22 17:36:19 +10:00
Damien Miller
2195847e50 - (djm) [configure.ac] Check OpenSSL version is supported at configure time;
suggested by Kevin Brott
2014-08-20 11:05:03 +10:00
Damien Miller
00f9cd2307 - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
has been located; fixes builds agains libressl-portable
2014-07-15 10:41:38 +10:00
Damien Miller
8da0fa2493 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
doesn't support it.
2014-07-03 11:54:19 +10:00
Darren Tucker
f9696566fb - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
been removed from sshd.c.
2014-06-13 11:06:04 +10:00
Damien Miller
6482d90a65 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
         separation user at runtime, since it may need to be a domain account.
            Patch from Corinna Vinschen.
2014-05-27 14:34:42 +10:00
Damien Miller
18912775cb - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
vhangup on Linux. It doens't work for non-root users, and for them
   it just messes up the tty settings.
2014-05-21 17:06:46 +10:00
Damien Miller
e5b9f0f2ee - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 14:58:07 +10:00
Damien Miller
b9c566788a - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
portability glue to support building without libcrypto
2014-05-15 14:43:37 +10:00
Tim Rice
03ae081aea 20140221
- (tim) [configure.ac]  Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-21 09:09:34 -08:00
Darren Tucker
4a20959d2e - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-13 16:38:32 +11:00
Damien Miller
1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller
f5bbd3b657 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
different symbols for 'read' when various compiler flags are
   in use, causing atomicio.c comparisons against it to break and
   read/write operations to hang; ok dtucker
2014-01-30 11:26:46 +11:00
Damien Miller
c2868192dd - (djm) [configure.ac] Only check for width-specified integer types
in headers that actually exist. patch from Tom G. Christensen;
   ok dtucker@
2014-01-30 10:21:19 +11:00
Damien Miller
c161fc90fc - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
Tom G. Christensen
2014-01-29 21:01:33 +11:00
Damien Miller
ab03949058 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
ok dtucker
2014-01-28 15:07:10 +11:00
Damien Miller
5b447c0aac - (djm) [configure.ac] correct AC_DEFINE for previous. 2014-01-26 09:46:53 +11:00
Damien Miller
2035b2236d - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
    libc will attempt to open additional file descriptors for crypto
    offload and crash if they cannot be opened.
2014-01-26 09:39:53 +11:00
Damien Miller
603b8f47f1 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
against the correct thing.
2014-01-25 13:16:59 +11:00
Damien Miller
c96d85376d - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
sys/capability.h exists and cap_rights_limit is in libc. Fixes
   build on FreeBSD9x which provides the header but not the libc
   support.
2014-01-25 13:12:28 +11:00
Damien Miller
f62ecef993 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD 2014-01-25 12:34:38 +11:00
Darren Tucker
42a0925301 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
incompatible with OpenBSD's despite post-dating it by more than a decade.
   Declare it as broken, and document FreeBSD's as the same.  ok djm@
2014-01-23 23:14:39 +11:00
Damien Miller
5c2ff5e31f - (djm) [configure.ac aclocal.m4] More tests to detect fallout from
platform hardening options: include some long long int arithmatic
   to detect missing support functions for -ftrapv in libgcc and
   equivalents, actually test linking when -ftrapv is supplied and
   set either both -pie/-fPIE or neither. feedback and ok dtucker@
2014-01-22 21:30:12 +11:00
Damien Miller
852472a54b - (djm) [configure.ac] Unless specifically requested, only attempt
to build Position Independent Executables on gcc >= 4.x; ok dtucker
2014-01-22 16:31:18 +11:00
Darren Tucker
096118dc73 - (dtucker) [configure.ac] Make PIE a configure-time option which defaults
to on platforms where it's known to be reliably detected and off elsewhere.
   Works around platforms such as FreeBSD 9.1 where it does not interop with
   -ftrapv (it seems to work but fails when trying to link ssh).  ok djm@
2014-01-21 12:48:51 +11:00
Darren Tucker
fdce373166 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
optind) are defined in getopt.h already.  Unfortunately they are defined as
   "declspec(dllimport)" for historical reasons, because the GNU linker didn't
   allow auto-import on PE/COFF targets way back when.  The problem is the
   dllexport attributes collide with the definitions in the various source
   files in OpenSSH, which obviousy define the variables without
   declspec(dllimport).  The least intrusive way to get rid of these warnings
   is to disable warnings for GCC compiler attributes when building on Cygwin.
   Patch from vinschen at redhat.com.
2014-01-18 21:12:42 +11:00
Darren Tucker
9edcbff46f - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off
stack-protector since that has a separate flag that's been around a while.
2014-01-17 21:54:32 +11:00
Darren Tucker
6d725687c4 - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. 2014-01-17 19:17:34 +11:00
Darren Tucker
a5cf1e220d - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
   to be useful (and for the regression tests to pass) on platforms that
   have statfs and fstatfs.  ok djm@
2014-01-17 18:10:58 +11:00
Darren Tucker
d23a91ffb2 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
openbsd-compat/openssl-compat.h]  Add compatibility layer for older
   openssl versions.  ok djm@
2014-01-17 17:32:30 +11:00
Damien Miller
868ea1ea1c - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
   [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
   using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
   Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-17 16:47:04 +11:00
Darren Tucker
c548722361 - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
separate lines and alphabetize for easier diffing of changes.
2014-01-17 15:12:16 +11:00
Darren Tucker
fd994379dd - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
hardening flags including -fstack-protector-strong.  These default to on
   if the toolchain supports them, but there is a configure-time knob
   (--without-hardening) to disable them if necessary.  ok djm@
2014-01-17 09:53:24 +11:00
Darren Tucker
1fcec9d4f2 - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
greater than 11 either rather than just 11.  Patch from Tomas Kuthan.
2013-12-19 11:00:12 +11:00
Damien Miller
1ff130dac9 - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
   [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
   portable.
2013-12-07 11:51:51 +11:00
Damien Miller
a913442bac - [Makefile.in] Add ed25519 sources 2013-12-07 11:35:36 +11:00
Darren Tucker
8369c8e61a - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
-L location for libedit.  Patch from Serge van den Boom.
2013-12-05 11:00:16 +11:00
Darren Tucker
dd5264db5f - (dtucker) [configure.ac] Add missing "test". 2013-11-09 22:32:51 +11:00
Darren Tucker
95cb2d4eb0 - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test. 2013-11-09 22:02:31 +11:00
Darren Tucker
37bcef51b3 - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
   latter actually works before using it.  Fedora (at least) has NID_secp521r1
   that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
2013-11-09 18:39:25 +11:00
Darren Tucker
882abfd3fb - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
and pass in TEST_ENV.  Unknown options cause stderr to get polluted
   and the stderr-data test to fail.
2013-11-09 00:17:41 +11:00
Darren Tucker
4bf7e50e53 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
variable.  It's no longer used now that we get the supported MACs from
   ssh -Q.
2013-11-07 22:33:48 +11:00
Damien Miller
df8b030b15 - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
Darren Tucker
007e3b357e - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
for platforms that don't have them.
2013-11-03 18:43:55 +11:00
Darren Tucker
f3ab2c5f9c - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
for building with older Heimdal versions.  ok djm.
2013-08-04 21:48:41 +10:00
Darren Tucker
6d8bd57448 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
Darren Tucker
ae133d4b31 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
platforms that don't have multibyte character support (specifically,
    mblen).
2013-06-06 08:30:20 +10:00
Darren Tucker
16cac190eb - (dtucker) [configure.ac] Some other platforms need sys/types.h before
sys/socket.h.
2013-06-04 12:55:24 +10:00
Darren Tucker
0b43ffe143 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. 2013-06-03 09:30:44 +10:00
Tim Rice
5ab9b63468 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
   dealing with shell portability issues in regression tests, we let
   configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
Darren Tucker
898ac935e5 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
Darren Tucker
ef4901c3eb - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
Darren Tucker
a710891659 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
back to time(NULL) if we can't find it anywhere.
2013-06-02 08:18:31 +10:00
Darren Tucker
c7aad0058c - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
rather than trying to enumerate the plaforms that don't have them.
   Based on a patch from Nathan Osman, with help from tim@.
2013-06-02 07:18:47 +10:00
Darren Tucker
c0c3373216 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
using openssl's DES_crpyt function on platorms that don't have a native
   one, eg Android.  Based on a patch from Nathan Osman.
2013-06-02 06:28:03 +10:00
Darren Tucker
efdf534214 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
implementation of endgrent for platforms that don't have it (eg Android).
    Loosely based on a patch from Nathan Osman, ok djm
2013-05-30 08:29:08 +10:00
Darren Tucker
e194ba4111 - (dtucker) [configure.ac readconf.c servconf.c
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2013-05-16 20:47:31 +10:00
Darren Tucker
c54e3e0741 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
we don't get a warning on compilers that *don't* support it.  Add
   -Wno-unknown-warning-option.  Move both to the start of the list for
   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
Darren Tucker
abbc7a7c02 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
supports it.  Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
Damien Miller
6332da2ae8 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
platforms, such as Android, that lack struct passwd.pw_gecos. Report
   and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
Darren Tucker
ce1c9574fc - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
Darren Tucker
c8a0f27c6d - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. 2013-03-22 12:49:14 +11:00
Damien Miller
63b4bcd04e - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
   so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
Tim Rice
aa86c3970f - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
of the bits the configure test looks for.
2013-03-16 20:55:46 -07:00
Damien Miller
f4db77d766 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
Add a usleep replacement for platforms that lack it; ok dtucker
2013-03-15 10:34:25 +11:00
Damien Miller
a2438bbd28 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
is unable to successfully compile them. Based on patch from des AT
    des.no
2013-03-15 10:23:07 +11:00
Darren Tucker
aa97d13fa2 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
in addition to root as an owner of system directories on AIX and HP-UX.
   ok djm@
2013-03-12 11:31:05 +11:00
Damien Miller
e4f4347822 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
chance to complete on broken systems; ok dtucker@
2013-03-08 12:14:22 +11:00
Darren Tucker
ff008ded7f - (dtucker) [configure.ac] test that we can set number of file descriptors
to zero with setrlimit before enabling the rlimit sandbox.  This affects
   (at least) HPUX 11.11.
2013-03-06 17:48:48 +11:00
Darren Tucker
5f0e54c892 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
Kevin Brott.
2013-03-05 19:57:39 +11:00
Darren Tucker
03978c61f3 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
to use Solaris native GSS libs.  Patch from Pierre Ossman.
2013-02-25 11:24:44 +11:00
Damien Miller
b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
2013-02-23 09:12:23 +11:00
Damien Miller
91f40d8592 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
       ok dtucker
2013-02-22 11:37:00 +11:00
Darren Tucker
a2b5a4c746 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
libgss too.  Patch from Pierre Ossman, ok djm.
2013-02-22 10:43:15 +11:00
Darren Tucker
964de184a8 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
ssh(1) since they're not needed.  Patch from Pierre Ossman.
2013-02-22 10:39:59 +11:00
Darren Tucker
8e6fb780e5 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
   platforms that don't have it.
2013-02-15 12:13:01 +11:00
Darren Tucker
3c4a24c3e3 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15 11:41:35 +11:00
Damien Miller
b6f73b3af6 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
libcrypto that lacks EVP_CIPHER_CTX_ctrl
2013-02-11 10:39:12 +11:00
Darren Tucker
951b53b1be - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
__attribute__ on return values and work around if necessary.  ok djm@
2013-02-08 11:50:09 +11:00
Damien Miller
5c3bbd76aa - (djm) [configure.ac] Don't probe seccomp capability of running kernel
at configure time; the seccomp sandbox will fall back to rlimit at
       runtime anyway. Patch from plautrba AT redhat.com in bz#2011
2013-02-07 10:11:05 +11:00
Damien Miller
d522c68872 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
   cipher compat code to openssl-compat.h
2013-01-09 16:42:47 +11:00
Damien Miller
25a02b0c95 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
compat code for older OpenSSL
2012-12-13 08:18:56 +11:00
Damien Miller
8b48982a56 - (djm) [configure.ac] Revert previous. configure.ac already does this
for us.
2012-12-03 12:35:55 +11:00
Damien Miller
03af12e930 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
debugging. ok dtucker@
2012-12-03 11:55:53 +11:00
Damien Miller
77eab7b024 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
   esperi.org.uk; ok dtucker@
2012-07-06 11:49:28 +10:00
Darren Tucker
34f702ae64 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
platforms that don't have it.  "looks good" tim@
2012-07-04 08:50:09 +10:00
Darren Tucker
d545a4b974 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported.  Its
   benefit is minor, so it's not worth disabling the sandbox if it doesn't
   work.
2012-07-03 22:48:31 +10:00
Darren Tucker
60395f91c6 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
2012-07-03 14:31:18 +10:00
Darren Tucker
593538911a - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
pkg-config so it does the right thing when cross-compiling.  Patch from
   cjwatson at debian org.
2012-05-19 15:24:37 +10:00
Darren Tucker
d0494fdb29 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
from cjwatson at debian org.
2012-05-19 14:25:39 +10:00
Darren Tucker
e1a3ddf992 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
to fix building on some plaforms.  Fom bowman at math utah edu and
   des at des no.
2012-05-04 11:05:45 +10:00
Damien Miller
398c0ffe0e - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
contains openpty() but not login()
2012-04-19 21:46:35 +10:00
Damien Miller
e0956e3834 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
   and ok dtucker@
2012-04-04 11:27:54 +10:00
Darren Tucker
93a2d41505 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
audit breakage in Solaris 11.  Patch from Magnus Johansson.
2012-02-24 10:40:41 +11:00
Darren Tucker
e9b3ad73ba - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
null implementation of HMAC_CTX_init for the benefit of old versions
   of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
Darren Tucker
4a725ef6a5 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 2011-11-21 16:38:48 +11:00
Darren Tucker
aa3cbd1b5b - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
   bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
   which supports DNSSEC.  Patch from Simon Vallet (svallet at genoscope cns fr)
   with some rework from myself and djm.  ok djm.
2011-11-04 11:25:24 +11:00
Darren Tucker
b0b29cc0c5 remove SELECT_REQUIRED_FDS added erroneously with strnlen. spotted by tim 2011-10-02 18:49:24 +11:00
Darren Tucker
b54f50e5d0 - (dtucker) [configure.ac openbsd-compat/Makefile.in
openbsd-compat/strnlen.c] Add strnlen to the compat library.
2011-09-29 23:17:18 +10:00
Damien Miller
5ffe1c4b43 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
from des AT des.no
2011-09-29 11:11:51 +10:00
Tim Rice
a6e60616be - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 2011-08-17 21:48:22 -07:00
Damien Miller
1a91c0f163 - (djm) [configure.ac] error out if the host lacks the necessary bits for
an explicitly requested sandbox type
2011-08-17 11:59:25 +10:00
Damien Miller
cd5e52ee78 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
   markus@
2011-06-27 07:18:18 +10:00
Damien Miller
69ff1df952 - djm@cvs.openbsd.org 2011/06/22 21:57:01
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).

     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.

     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.

     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.

     feedback dtucker@; ok markus@
2011-06-23 08:30:03 +10:00
Damien Miller
c09182f613 - (djm) [configure.ac] enable setproctitle emulation for OS X 2011-06-03 12:11:38 +10:00
Tim Rice
90f42b0705 - (tim) [configure.ac defines.h] Run test program to detect system mail
directory. Add --with-maildir option to override. Fixed OpenServer 6
   getting it wrong. Fixed many systems having MAIL=/var/mail//username
   ok dtucker
2011-06-02 18:17:49 -07:00
Damien Miller
b176362d26 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
options, we should corresponding -W-option when trying to determine
   whether it is accepted.  Also includes a warning fix on the program
   fragment uses (bad main() return type).
   bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 11:45:25 +10:00
Tim Rice
19d8181b86 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
so autoreconf 2.68 is happy.
2011-05-04 21:44:25 -07:00
Damien Miller
f22019bdbf - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
   [regress/README.regress] Remove ssh-rand-helper and all its
   tentacles. PRNGd seeding has been rolled into entropy.c directly.
   Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
Tim Rice
648f876566 20110127
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
   AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
   AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
   space changes for consistency/readability. Makes autoconf 2.68 happy.
   "Nice work" djm
2011-01-26 12:38:57 -08:00
Damien Miller
71adf127e8 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
   building with SELinux support to avoid linking failure; report from
   amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
Darren Tucker
79241377df - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
RSA_get_default_method() for the benefit of openssl versions that don't
   have it (at least openssl-engine-0.9.6b).  Found and tested by Kevin Brott,
   ok djm@.
2011-01-22 09:37:01 +11:00
Damien Miller
e323ebc250 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
   release testing (random crashes and failure to load ECC keys).
   ok dtucker@
2011-01-19 23:12:27 +11:00
Darren Tucker
ea52a82969 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
configure.ac defines.h loginrec.c]  Bug #1402: add linux audit subsystem
   support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 21:15:27 +11:00
Damien Miller
58497780ab - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
   disabled on platforms that do not support them; add a "config_defined()"
   shell function that greps for defines in config.h and use them to decide
   on feature tests.
   Convert a couple of existing grep's over config.h to use the new function
   Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
   backslash characters in filenames, enable it for Cygwin and use it to turn
   of tests for quotes backslashes in sftp-glob.sh.
   based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 16:17:09 +11:00
Darren Tucker
50c61f88ab - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
on configurations that don't have it.
2011-01-16 18:28:09 +11:00
Tim Rice
9b87a5ce3c - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
Damien Miller
134d02a494 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
flag tests that don't depend on gcc version at all; suggested by and
   ok dtucker@
2011-01-12 16:00:37 +11:00
Damien Miller
945aa0c744 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
Damien Miller
30a69e7bba - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
formatter if it is present, followed by nroff and groff respectively.
   Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
   in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
Damien Miller
41bccf75af - (djm) [configure.ac] Check whether libdes is needed when building
with Heimdal krb5 support. On OpenBSD this library no longer exists,
   so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
Darren Tucker
ebdef76b5d - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
shims for the new, non-deprecated OpenSSL key generation functions for
   platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Tim Rice
c7a8af03a0 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
Darren Tucker
eab5f0df90 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
   from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
Darren Tucker
97528353c2 - (dtucker) [configure.ac platform.{c,h} session.c
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
   ok djm@
2010-11-05 12:03:05 +11:00
Damien Miller
1f78980099 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
dr AT vasco.com
2010-10-11 22:35:22 +11:00
Damien Miller
a6e121aaa0 - djm@cvs.openbsd.org 2010/09/25 09:30:16
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
     make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
     rountrips to fetch per-file stat(2) information.
     NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
     match.
2010-10-07 21:39:17 +11:00
Damien Miller
aa18063baf - matthew@cvs.openbsd.org 2010/09/24 13:33:00
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
     [openbsd-compat/timingsafe_bcmp.c]
     Add timingsafe_bcmp(3) to libc, mention that it's already in the
     kernel in kern(9), and remove it from OpenSSH.
     ok deraadt@, djm@
     NB. re-added under openbsd-compat/ for portable OpenSSH
2010-10-07 21:25:27 +11:00
Damien Miller
6af914a15c - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
   platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 11:39:26 +10:00
Darren Tucker
aa74f6754a - (dtucker) [configure.ac openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
   the compat library which helps on platforms like old IRIX.  Based on work
   by djm, tested by Tom Christensen.
2010-08-16 13:15:23 +10:00
Darren Tucker
9f8703b573 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
in the openssl install directory (some newer openssl versions do this on at
   least some amd64 platforms).
2010-04-23 11:12:06 +10:00
Darren Tucker
627337d95b - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
back so we disable the IPv6 tests if we don't have it.
2010-04-10 22:58:01 +10:00
Darren Tucker
261d93a5cf - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable
utmpx support on FreeBSD where possible.  Patch from Ed Schouten, ok djm@
2010-04-09 18:13:27 +10:00
Darren Tucker
c4ccb12ee4 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we
have it and the path is not provided to --with-libedit.  Based on a patch
   from Iain Morgan.
2010-04-09 14:04:35 +10:00
Darren Tucker
a83d90fbab - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally
by Ingo Weinhold via Scott McCreary, ok djm@
2010-03-26 10:27:33 +11:00
Darren Tucker
c9fe39b1a4 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-09 20:42:30 +11:00
Damien Miller
9527f228ae - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ 2010-03-05 15:04:35 +11:00
Damien Miller
b3c9f78711 - (djm) [configure.ac] Enable PKCS#11 support only when we find a working
dlopen()
2010-02-12 10:11:34 +11:00
Damien Miller
d8f6002272 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
   Remove obsolete smartcard support
2010-02-12 09:34:22 +11:00
Damien Miller
7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Damien Miller
1d2bfc4118 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for
getseuserbyname; patch from calebcase AT gmail.com via
   cjwatson AT debian.org
2010-02-10 10:19:29 +11:00
Tim Rice
6761c7417d - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
   in Cygwin to 65535. Patch from Corinna Vinschen.
2010-01-22 10:25:15 -08:00
Tim Rice
641ebf1f86 - (tim) [configure.ac] Use the C99-conforming functions snprintf() and
vsnprintf() named _xsnprintf() and _xvsnprintf() on SVR5 systems.
2010-01-17 17:05:39 -08:00
Tim Rice
7ab7b9346d - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too. 2010-01-17 12:48:22 -08:00
Tim Rice
4a7db1ca2f - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
2010-01-16 12:23:25 -08:00
Darren Tucker
909a390bb8 - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability
for pwcache.  Also, added caching of negative hits.
2010-01-15 12:38:30 +11:00
Darren Tucker
8c65f646a9 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
Remove hacks add for RoutingDomain in preparation for its removal.
2010-01-10 10:26:57 +11:00
Darren Tucker
1f5e3dc274 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 19:53:52 +11:00
Darren Tucker
c8802aac28 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,
based on a patch from Vaclav Ovsik and Colin Watson.  ok djm.
2009-12-08 13:39:48 +11:00
Darren Tucker
1533311f4c - (dtucker) Bug #1160: use pkg-config for opensc config if it's available.
Tested by Martin Paljak.
2009-12-07 11:15:43 +11:00
Darren Tucker
c182d99376 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
   lstat.
2009-10-11 21:50:20 +11:00
Darren Tucker
538738d861 - (dtucker) d_type is not mandated by POSIX, so add fallback code using
stat(), needed on at least cygwin.
2009-10-07 18:56:10 +11:00
Darren Tucker
4adeac764e - (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at
least dragonflybsd.
2009-10-07 15:49:48 +11:00
Darren Tucker
e02b49a806 - (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query).  Patch
   from jbasney at ncsa uiuc edu.
2009-09-11 14:56:08 +10:00
Darren Tucker
dad48e7a96 - (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for
krb5-config if it's not in the location specified by --with-kerberos5.
   Patch from jchadima at redhat.
2009-09-01 18:26:00 +10:00
Darren Tucker
ac9f1b9b89 - (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry. 2009-08-28 15:01:20 +10:00
Darren Tucker
86e30a0166 - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
size a compile-time option and set it to 64k on Cygwin, since Corinna
   reports that it makes a significant difference to performance.  ok djm@
2009-08-28 11:21:06 +10:00
Darren Tucker
3980b63631 - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on
the pty master on Solaris, since it never succeeds and can hang if large
    amounts of data is sent to the slave (eg a copy-paste).  Based on a patch
    originally from Doke Scott, ok djm@
2009-08-28 11:02:37 +10:00
Darren Tucker
83d8f28336 - (dtucker) [configure.ac] Check for headers before libraries for openssl an
zlib, which should make the errors slightly more meaningful on platforms
   where there's separate "-devel" packages for those.
2009-08-17 09:35:22 +10:00
Darren Tucker
c4b22ca1c8 - (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test,
prevents configure complaining on older BSDs.
2009-07-12 21:56:29 +10:00
Darren Tucker
3278062bf3 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
is a struct with a __val member.  Fixes build on, eg, Redhat 6.2.
2009-06-16 16:11:02 +10:00
Tim Rice
a74000eb9e - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
   Based on patch from vinschen at redhat com.
2009-03-18 11:25:02 -07:00
Darren Tucker
3e7e15f1bd - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
   in openssl 0.9.6) so add an explicit test for it.
2009-03-07 22:22:35 +11:00
Darren Tucker
30ed668de0 - (dtucker) [configure.ac] Missing comma in type list. 2009-03-07 18:06:22 +11:00
Darren Tucker
ccfee05882 - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed. 2009-03-07 12:32:22 +11:00
Damien Miller
9055172d03 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
2009-02-16 15:37:03 +11:00
Damien Miller
20e231f9f8 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
OSX provides a getlastlogxbyname function that automates the reading of
   a lastlog file. Also, the pututxline function will update lastlog so
   there is no need for loginrec.c to do it explicitly. Collapse some
   overly verbose code while I'm in there.
2009-02-12 13:12:21 +11:00
Tim Rice
2676791c38 - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section.
OpenServer 6 doesn't need libcrypt.
2009-01-07 20:50:08 -08:00
Tim Rice
351529ce30 - (tim) [configure.ac defines.h openbsd-compat/port-uw.c
openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
   OK djm@ dtucker@
2009-01-07 10:04:12 -08:00
Damien Miller
7df2e40074 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
use some stack in main().
   Report and suggested fix from vapier AT gentoo.org
2008-12-08 09:35:36 +11:00
Tim Rice
0f4d2c02f2 - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
   feedback by djm@
2008-11-18 21:26:41 -08:00
Damien Miller
73193b3693 - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x 2008-07-09 21:07:19 +10:00
Damien Miller
ff2e492028 - (djm) [configure.ac] unbreak: remove extra closing brace 2008-07-05 09:52:03 +10:00
Damien Miller
20d1694719 - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for
Tru64. readv doesn't seem to be a comparable object there.
   bz#1386, patch from dtucker@ ok me
2008-07-05 09:36:58 +10:00
Darren Tucker
330c93f68a - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. 2008-06-16 02:27:48 +10:00
Darren Tucker
30fd49e606 - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which
despite its name doesn't seem to implement all of GSSAPI.  Patch from
   Jan Engelhardt, sanity checked by Simon Wilkinson.
2008-06-14 09:14:46 +10:00
Damien Miller
4401e45be6 - (djm) [channels.c configure.ac]
Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
   bz#1464; ok dtucker
2008-06-12 06:05:12 +10:00
Darren Tucker
5d37690a1f - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
specific tests on platforms that don't do IPv6.
2008-06-11 04:15:05 +10:00
Darren Tucker
77001384cc - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a
macro to convert fsid to unsigned long for platforms where fsid is a
   2-member array.
2008-06-09 06:17:53 +10:00
Darren Tucker
598eaa6c0c - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
   fstatvfs and remove #defines around statvfs code.  ok djm@
2008-06-09 03:32:29 +10:00
Darren Tucker
5b2e2ba9e4 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] Do not enable statvfs extensions on platforms that do not have statvfs. ok djm@ 2008-06-08 09:25:28 +10:00
Damien Miller
a7058ec7c0 - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in]
[openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
   Fix compilation on Linux, including pulling in fmt_scaled(3)
   implementation from OpenBSD's libutil.
2008-05-20 08:57:06 +10:00
Damien Miller
a4be7c23fd - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
[configure.ac] Implement arc4random_buf(), import implementation of
     arc4random_uniform() from OpenBSD
2008-05-19 14:47:37 +10:00
Damien Miller
5b1c8b3103 - (djm) [configure.ac] --with-selinux too 2008-03-27 12:33:07 +11:00
Damien Miller
da3155e159 - (djm) [configure.ac] fix alignment of --without-stackprotect description 2008-03-27 12:30:18 +11:00
Darren Tucker
fe1cf97ee8 - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
platforms where gcc understands the option but it's not supported (and
   thus generates a warning).
2008-03-09 22:50:50 +11:00
Darren Tucker
b7918afddf - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
always work for all platforms and versions, so test what we can and
   add a configure flag to turn it of if needed.  ok djm@
2008-03-09 11:34:23 +11:00
Darren Tucker
54e859f63d - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
either, so use our own.
2008-03-02 21:52:27 +11:00
Darren Tucker
0f26b1386a - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
   This allows, eg, Match and AllowGroups directives to work with NIS and
   LDAP groups.
2008-02-28 23:16:04 +11:00
Darren Tucker
e1c4c54211 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
linking problems on AIX with gcc 4.1.x.
2008-02-28 15:01:13 +11:00
Darren Tucker
acada07b52 - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).    Help and testing from csjp at FreeBSD org, vgiffin at apple com.  ok djm@
2008-02-25 21:05:04 +11:00
Darren Tucker
d4827ab50c - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. 2008-01-02 18:08:45 +11:00
Darren Tucker
528d6fa10a - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
builtin glob implementation on Mac OS X.  Based on a patch from
   vgiffin at apple.
2007-12-31 21:29:26 +11:00
Darren Tucker
319b3d9b00 - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
gcc supports it.  ok djm@
2007-12-02 21:02:22 +11:00
Darren Tucker
bc1bd9dbe3 - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
so disable it for that platform.  From bacon at cs nyu edu.
2007-09-27 07:03:20 +10:00
Darren Tucker
7c92a65a1d - (dtucker) [configure.ac atomicio.c] Fall back to <sys/poll.h> if we don't
have <poll.h> (eq QNX).  From bacon at cs nyu edu.
2007-09-27 07:00:09 +10:00
Tim Rice
0eeaf127b5 - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
2007-09-10 16:24:17 -07:00
Darren Tucker
8acb3b665b - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From.
Matt Kraai, ok djm@.
2007-08-10 14:36:12 +10:00
Darren Tucker
febf0f5668 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
   Add an implementation of poll() built on top of select(2).  Code from
   OpenNTPD with changes suggested by djm.  ok djm@
2007-06-25 22:15:12 +10:00
Damien Miller
34a176995f - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
fallback to provided bit-swizzing functions
2007-06-11 14:15:42 +10:00
Tim Rice
aa8954f1d9 20070509
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
2007-05-09 15:57:43 -07:00
Darren Tucker
dca0edff2f - (dtucker) [configure.ac defines.h] Have configure check for offsetof
to prevent redefinition warnings.
2007-04-29 15:06:44 +10:00
Darren Tucker
391de5c023 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
__nonnull__ for versions of GCC that don't support it.
2007-04-29 14:49:21 +10:00
Darren Tucker
6d862a50db - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
so we don't get redefinition warnings.
2007-04-29 14:39:02 +10:00
Darren Tucker
cc40d5ecdf - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use the
platform's _res if it has one.  Should fix problem of DNSSEC record lookups
   on NetBSD as reported by Curt Sampson.
2007-04-29 13:58:06 +10:00
Tim Rice
99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker
20e9f976c1 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
   SSHDLIBS.  "I like" djm@
2007-03-25 18:26:01 +10:00
Darren Tucker
164aa30e46 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
   Patch by Jan.Pechanec at Sun.
2007-03-21 21:39:57 +11:00
Damien Miller
9975e48349 - (djm) [configure.ac] add a --without-openssl-header-check option to
configure, as some platforms (OS X) ship OpenSSL headers whose version
   does not match that of the shipping library. ok dtucker@
2007-03-05 11:51:27 +11:00
Darren Tucker
573e3878b8 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
CRLF as well as LF lineendings) and write in binary mode.  Patch from
   vinschen at redhat.com.
2007-03-02 17:50:03 +11:00
Darren Tucker
adc947d5a5 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
SELinux functions so they're detected correctly.  Patch from pebenito at
   gentoo.org.
2006-10-07 09:07:20 +10:00
Tim Rice
1cfab23b7f - (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
section so additional platform specific CHECK_HEADER tests will work
   correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
   Feedback and "seems like a good idea" dtucker@
2006-10-03 09:34:35 -07:00
Darren Tucker
5e8381ee86 - (dtucker) [configure.ac] Bug #1239: Fix configure test for OpenSSH engine
support.  Patch from andrew.benham at thus net.
2006-09-29 20:16:51 +10:00
Tim Rice
983b35b281 20060924
- (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
   to rev 1.308) to work around broken gcc 2.x header file.
2006-09-24 12:08:59 -07:00
Darren Tucker
0ee3cbfc51 - (dtucker) [configure.ac] Bug #1234: Put opensc libs into $LIBS rather than
$LDFLAGS.  Patch from vapier at gentoo org.
2006-09-23 16:25:19 +10:00
Darren Tucker
9216c37d60 - (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
   Allows build out of the box with older VAC and XLC compilers.  Found by
   David Bronder and Bernhard Simon.
2006-09-18 23:17:40 +10:00
Damien Miller
223897a01a - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
Support SMF in Solaris Packages if enabled by configure. Patch from
   Chad Mynhier, tested by dtucker@
2006-09-12 21:54:10 +10:00
Darren Tucker
57b2920ad8 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. 2006-09-10 20:25:51 +10:00
Darren Tucker
6d0d6fbfdf - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. 2006-09-09 01:05:21 +10:00
Tim Rice
b8f00193d8 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 2006-09-06 18:11:29 -07:00
Darren Tucker
e1fe09968d - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. 2006-09-05 07:53:38 +10:00
Darren Tucker
3e0891093a - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
updwdtmp seems to generate invalid wtmp entries.  From Roger Cornelius,
   ok djm@
2006-09-04 22:37:41 +10:00
Darren Tucker
ed0b59218e - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
declaration of writev(2) and declare it ourselves if necessary.  Makes
   the atomiciov() calls build on really old systems.  ok djm@
2006-09-03 22:44:49 +10:00
Darren Tucker
096faecdea - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
test for GLOB_NOMATCH and use our glob functions if it's not found.
   Stops sftp from segfaulting when attempting to get a nonexistent file on
   Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
   from and tested by Corinna Vinschen.
2006-09-01 20:29:10 +10:00
Damien Miller
1b06dc30ad - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
   [openbsd-compat/port-solaris.h] Add support for Solaris process
   contracts, enabled with --use-solaris-contracts. Patch from Chad
   Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-31 03:24:41 +10:00
Darren Tucker
0eb810015f - (dtucker) [configure.ac] Remove errant "-". 2006-08-20 21:43:19 +10:00
Darren Tucker
639bbe8bfe - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
(0.9.8a and presumably newer) requires -ldl to successfully link.
2006-08-20 20:17:53 +10:00
Darren Tucker
3e6bde483d - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
fixing bug #1181.  No changes yet.
2006-08-20 20:03:50 +10:00
Darren Tucker
4ba387337c - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
afterward.  Removes the need to mangle $LIBS later to remove -lpam and -ldl.
2006-08-20 19:55:02 +10:00
Damien Miller
bb59814cd6 - (djm) Disable sigdie() for platforms that cannot safely syslog inside
a signal handler (basically all of them, excepting OpenBSD);
   ok dtucker@
2006-08-19 08:38:23 +10:00
Darren Tucker
d018b2e9c8 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
closefrom.c from sudo.
2006-08-18 18:51:20 +10:00
Darren Tucker
3083bc2b52 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
for closefrom() on AIX.  Pointed out by William Ahern.
2006-08-17 19:35:49 +10:00
Darren Tucker
f1f4bdd1aa - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
   rather than just compiling it.  Spotted by dlg@.
2006-08-04 19:44:23 +10:00
Darren Tucker
128a0894a5 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
for SHUT_RD.
2006-07-12 19:02:56 +10:00
Darren Tucker
248469bc8d - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK
if they're really needed.  Fixes build errors on HP-UX, old Linuxes and probably
   more.
2006-07-12 14:14:31 +10:00
Darren Tucker
44c828fe29 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
openbsd-compat/daemon.c] Add includes needed by open(2).  Conditionally
   include paths.h.  Fixes build error on Solaris.
2006-07-11 18:00:06 +10:00
Darren Tucker
bdc121279f - (dtucker) [configure.ac] Try AIX blibpath test in different order when
compiling with gcc.  gcc 4.1.x will accept (but ignore) -b flags so
   configure would not select the correct libpath linker flags.
2006-07-06 11:56:25 +10:00
Darren Tucker
8b272ab09b - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
with autoconf 2.60.  Patch from vapier at gentoo.org.
2006-06-27 11:20:28 +10:00
Darren Tucker
0249f93c4d - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
Works around limitation in Solaris' passwd program for changing passwords
   where the username is longer than 8 characters.  ok djm@
2006-06-24 12:10:07 +10:00
Darren Tucker
9afe115f0a - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
   on the pty slave as zero-length reads on the pty master, which sshd
   interprets as the descriptor closing.  Since most things don't do zero
   length writes this rarely matters, but occasionally it happens, and when
   it does the SSH pty session appears to hang, so we add a special case for
   this condition.  ok djm@
2006-06-23 21:24:12 +10:00
Darren Tucker
3eb4834489 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
tunnel support for Mac OS X/Darwin via a third-party tun driver.  Patch
   from reyk@, tested by anil@
2006-06-23 21:05:12 +10:00
Damien Miller
73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Darren Tucker
c495301bf8 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
/usr/include/crypto.  Hint from djm@.
2006-03-16 08:14:34 +11:00
Darren Tucker
8bb9e2c900 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. 2006-03-15 22:28:17 +11:00
Darren Tucker
486d95e6f7 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE 2006-03-15 21:31:39 +11:00
Damien Miller
41e364bcfa - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present 2006-03-15 13:12:41 +11:00