diff options
-rw-r--r-- | ChangeLog | 10470 | ||||
-rw-r--r-- | config.h.in | 1990 | ||||
-rwxr-xr-x | configure | 20824 | ||||
-rw-r--r-- | moduli.0 | 74 | ||||
-rw-r--r-- | scp.0 | 182 | ||||
-rw-r--r-- | sftp-server.0 | 96 | ||||
-rw-r--r-- | sftp.0 | 396 | ||||
-rw-r--r-- | ssh-add.0 | 133 | ||||
-rw-r--r-- | ssh-agent.0 | 120 | ||||
-rw-r--r-- | ssh-keygen.0 | 694 | ||||
-rw-r--r-- | ssh-keyscan.0 | 96 | ||||
-rw-r--r-- | ssh-keysign.0 | 52 | ||||
-rw-r--r-- | ssh-pkcs11-helper.0 | 35 | ||||
-rw-r--r-- | ssh.0 | 980 | ||||
-rw-r--r-- | ssh_config.0 | 1133 | ||||
-rw-r--r-- | sshd.0 | 653 | ||||
-rw-r--r-- | sshd_config.0 | 1102 |
17 files changed, 39030 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 000000000..baa9a3fb1 --- /dev/null +++ b/ChangeLog | |||
@@ -0,0 +1,10470 @@ | |||
1 | commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c | ||
2 | Author: Damien Miller <djm@mindrot.org> | ||
3 | Date: Wed Oct 9 11:31:03 2019 +1100 | ||
4 | |||
5 | prepare for 8.1 release | ||
6 | |||
7 | commit 3b4e56d740b74324e2d7542957cad5a11518f455 | ||
8 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9 | Date: Wed Oct 9 00:04:57 2019 +0000 | ||
10 | |||
11 | upstream: openssh-8.1 | ||
12 | |||
13 | OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d | ||
14 | |||
15 | commit 29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81 | ||
16 | Author: djm@openbsd.org <djm@openbsd.org> | ||
17 | Date: Wed Oct 9 00:04:42 2019 +0000 | ||
18 | |||
19 | upstream: fix an unreachable integer overflow similar to the XMSS | ||
20 | |||
21 | case, and some other NULL dereferences found by fuzzing. | ||
22 | |||
23 | fix with and ok markus@ | ||
24 | |||
25 | OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b | ||
26 | |||
27 | commit a546b17bbaeb12beac4c9aeed56f74a42b18a93a | ||
28 | Author: djm@openbsd.org <djm@openbsd.org> | ||
29 | Date: Wed Oct 9 00:02:57 2019 +0000 | ||
30 | |||
31 | upstream: fix integer overflow in XMSS private key parsing. | ||
32 | |||
33 | Reported by Adam Zabrocki via SecuriTeam's SSH program. | ||
34 | |||
35 | Note that this code is experimental and not compiled by default. | ||
36 | |||
37 | ok markus@ | ||
38 | |||
39 | OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 | ||
40 | |||
41 | commit c2cc25480ba36ab48c1a577bebb12493865aad87 | ||
42 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
43 | Date: Tue Oct 8 22:40:39 2019 +0000 | ||
44 | |||
45 | upstream: Correct type for end-of-list sentinel; fixes initializer | ||
46 | |||
47 | warnings on some platforms. ok deraadt. | ||
48 | |||
49 | OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2 | ||
50 | |||
51 | commit e827aedf8818e75c0016b47ed8fc231427457c43 | ||
52 | Author: djm@openbsd.org <djm@openbsd.org> | ||
53 | Date: Mon Oct 7 23:10:38 2019 +0000 | ||
54 | |||
55 | upstream: reversed test yielded incorrect debug message | ||
56 | |||
57 | OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3 | ||
58 | |||
59 | commit 8ca491d29fbe26e5909ce22b344c0a848dc28d55 | ||
60 | Author: Damien Miller <djm@mindrot.org> | ||
61 | Date: Tue Oct 8 17:05:57 2019 +1100 | ||
62 | |||
63 | depend | ||
64 | |||
65 | commit 86a0323374cbd404629e75bb320b3fa1c16aaa6b | ||
66 | Author: Darren Tucker <dtucker@dtucker.net> | ||
67 | Date: Wed Oct 9 09:36:06 2019 +1100 | ||
68 | |||
69 | Make MAKE_CLONE no-op macro more correct. | ||
70 | |||
71 | Similar to the previous change to DEF_WEAK, some compilers don't like | ||
72 | the empty statement, so convert into a no-op function prototype. | ||
73 | |||
74 | commit cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf | ||
75 | Author: Damien Miller <djm@mindrot.org> | ||
76 | Date: Wed Oct 9 09:06:35 2019 +1100 | ||
77 | |||
78 | wrap stdint.h include in HAVE_STDINT_H | ||
79 | |||
80 | make the indenting a little more consistent too.. | ||
81 | |||
82 | Fixes Solaris 2.6; reported by Tom G. Christensen | ||
83 | |||
84 | commit 13b3369830a43b89a503915216a23816d1b25744 | ||
85 | Author: Damien Miller <djm@mindrot.org> | ||
86 | Date: Tue Oct 8 15:32:02 2019 +1100 | ||
87 | |||
88 | avoid "return (value)" in void-declared function | ||
89 | |||
90 | spotted by Tim Rice; ok dtucker | ||
91 | |||
92 | commit 0c7f8d2326d812b371f7afd63aff846973ec80a4 | ||
93 | Author: Darren Tucker <dtucker@dtucker.net> | ||
94 | Date: Tue Oct 8 14:44:50 2019 +1100 | ||
95 | |||
96 | Make DEF_WEAK more likely to be correct. | ||
97 | |||
98 | Completely nop-ing out DEF_WEAK leaves an empty statemment which some | ||
99 | compilers don't like. Replace with a no-op function template. ok djm@ | ||
100 | |||
101 | commit b1e79ea8fae9c252399677a28707661d85c7d00c | ||
102 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
103 | Date: Sun Oct 6 11:49:50 2019 +0000 | ||
104 | |||
105 | upstream: Instead of running sed over the whole log to remove CRs, | ||
106 | |||
107 | remove them only where it's needed (and confuses test(1) on at least OS X in | ||
108 | portable). | ||
109 | |||
110 | OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0 | ||
111 | |||
112 | commit 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c | ||
113 | Author: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | ||
114 | Date: Tue May 9 13:33:30 2017 -0300 | ||
115 | |||
116 | Enable specific ioctl call for EP11 crypto card (s390) | ||
117 | |||
118 | The EP11 crypto card needs to make an ioctl call, which receives an | ||
119 | specific argument. This crypto card is for s390 only. | ||
120 | |||
121 | Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | ||
122 | |||
123 | commit 07f2c7f34951c04d2cd796ac6c80e47c56c4969e | ||
124 | Author: djm@openbsd.org <djm@openbsd.org> | ||
125 | Date: Fri Oct 4 04:31:59 2019 +0000 | ||
126 | |||
127 | upstream: fix memory leak in error path; bz#3074 patch from | ||
128 | |||
129 | krishnaiah.bommu@intel.com, ok dtucker | ||
130 | |||
131 | OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c | ||
132 | |||
133 | commit b7fbc75e119170f4d15c94a7fda4a1050e0871d6 | ||
134 | Author: djm@openbsd.org <djm@openbsd.org> | ||
135 | Date: Fri Oct 4 04:13:39 2019 +0000 | ||
136 | |||
137 | upstream: space | ||
138 | |||
139 | OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac | ||
140 | |||
141 | commit 643ab68c79ac1644f4a31e36928c2bfc8a51db3c | ||
142 | Author: djm@openbsd.org <djm@openbsd.org> | ||
143 | Date: Fri Oct 4 03:39:19 2019 +0000 | ||
144 | |||
145 | upstream: more sshsig regress tests: check key revocation, the | ||
146 | |||
147 | check-novalidate signature test mode and signing keys in ssh-agent. | ||
148 | |||
149 | From Sebastian Kinne (slightly tweaked) | ||
150 | |||
151 | OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2 | ||
152 | |||
153 | commit 714031a10bbe378a395a93cf1040f4ee1451f45f | ||
154 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
155 | Date: Fri Oct 4 03:26:58 2019 +0000 | ||
156 | |||
157 | upstream: Check for gmtime failure in moduli generation. Based on | ||
158 | |||
159 | patch from krishnaiah.bommu@intel.com, ok djm@ | ||
160 | |||
161 | OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa | ||
162 | |||
163 | commit 6918974405cc28ed977f802fd97a9c9a9b2e141b | ||
164 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
165 | Date: Thu Oct 3 17:07:50 2019 +0000 | ||
166 | |||
167 | upstream: use a more common options order in SYNOPSIS and sync | ||
168 | |||
169 | usage(); while here, no need for Bk/Ek; | ||
170 | |||
171 | ok dtucker | ||
172 | |||
173 | OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90 | ||
174 | |||
175 | commit feff96b7d4c0b99307f0459cbff128aede4a8984 | ||
176 | Author: djm@openbsd.org <djm@openbsd.org> | ||
177 | Date: Wed Oct 2 09:50:50 2019 +0000 | ||
178 | |||
179 | upstream: thinko in previous; spotted by Mantas | ||
180 | |||
181 | =?UTF-8?q?=20Mikul=C4=97nas?= | ||
182 | MIME-Version: 1.0 | ||
183 | Content-Type: text/plain; charset=UTF-8 | ||
184 | Content-Transfer-Encoding: 8bit | ||
185 | |||
186 | OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d | ||
187 | |||
188 | commit b5a89eec410967d6b712665f8cf0cb632928d74b | ||
189 | Author: djm@openbsd.org <djm@openbsd.org> | ||
190 | Date: Wed Oct 2 08:07:13 2019 +0000 | ||
191 | |||
192 | upstream: make signature format match PROTOCO | ||
193 | |||
194 | =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= | ||
195 | =?UTF-8?q?s=20Mikul=C4=97nas?= | ||
196 | MIME-Version: 1.0 | ||
197 | Content-Type: text/plain; charset=UTF-8 | ||
198 | Content-Transfer-Encoding: 8bit | ||
199 | |||
200 | OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f | ||
201 | |||
202 | commit dc6f81ee94995deb11bbf7e19801022c5f6fd90a | ||
203 | Author: djm@openbsd.org <djm@openbsd.org> | ||
204 | Date: Wed Oct 2 08:05:50 2019 +0000 | ||
205 | |||
206 | upstream: ban empty namespace strings for s | ||
207 | |||
208 | =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= | ||
209 | MIME-Version: 1.0 | ||
210 | Content-Type: text/plain; charset=UTF-8 | ||
211 | Content-Transfer-Encoding: 8bit | ||
212 | |||
213 | OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698 | ||
214 | |||
215 | commit fa5bd8107e0e2b3e1e184f55d0f9320c119f65f0 | ||
216 | Author: Darren Tucker <dtucker@dtucker.net> | ||
217 | Date: Wed Oct 2 14:30:55 2019 +1000 | ||
218 | |||
219 | Put ssherr.h back as it's actually needed. | ||
220 | |||
221 | commit 3ef92a657444f172b61f92d5da66d94fa8265602 | ||
222 | Author: Lonnie Abelbeck <lonnie@abelbeck.com> | ||
223 | Date: Tue Oct 1 09:05:09 2019 -0500 | ||
224 | |||
225 | Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child. | ||
226 | |||
227 | New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt | ||
228 | in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox. | ||
229 | |||
230 | commit edd1d3a6261aecbf9a55944fd7be1db83571b46e | ||
231 | Author: Damien Miller <djm@mindrot.org> | ||
232 | Date: Wed Oct 2 10:54:28 2019 +1000 | ||
233 | |||
234 | remove duplicate #includes | ||
235 | |||
236 | Prompted by Jakub Jelen | ||
237 | |||
238 | commit 13c508dfed9f25e6e54c984ad00a74ef08539e70 | ||
239 | Author: Damien Miller <djm@mindrot.org> | ||
240 | Date: Wed Oct 2 10:51:15 2019 +1000 | ||
241 | |||
242 | typo in comment | ||
243 | |||
244 | commit d0c3ac427f6c52b872d6617421421dd791664445 | ||
245 | Author: djm@openbsd.org <djm@openbsd.org> | ||
246 | Date: Wed Oct 2 00:42:30 2019 +0000 | ||
247 | |||
248 | upstream: remove some duplicate #includes | ||
249 | |||
250 | OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c | ||
251 | |||
252 | commit 084682786d9275552ee93857cb36e43c446ce92c | ||
253 | Author: djm@openbsd.org <djm@openbsd.org> | ||
254 | Date: Tue Oct 1 10:22:53 2019 +0000 | ||
255 | |||
256 | upstream: revert unconditional forced login implemented in r1.41 of | ||
257 | |||
258 | ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the | ||
259 | token returns no objects and this is less disruptive for users of tokens | ||
260 | directly in ssh (rather than via ssh-agent) and in ssh-keygen | ||
261 | |||
262 | bz3006, patch from Jakub Jelen; ok markus | ||
263 | |||
264 | OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e | ||
265 | |||
266 | commit 6c91d42cce3f055917dc3fd2c305dfc5b3b584b3 | ||
267 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
268 | Date: Sun Sep 29 16:31:57 2019 +0000 | ||
269 | |||
270 | upstream: group and sort single letter options; ok deraadt | ||
271 | |||
272 | OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f | ||
273 | |||
274 | commit 3b44bf39ff4d7ef5d50861e2e9dda62d2926d2fe | ||
275 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
276 | Date: Fri Sep 27 20:03:24 2019 +0000 | ||
277 | |||
278 | upstream: fix the DH-GEX text in -a; because this required a comma, | ||
279 | |||
280 | i added a comma to the first part, for balance... | ||
281 | |||
282 | OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58 | ||
283 | |||
284 | commit 3e53ef28fab53094e3b19622ba0e9c3d5fe71273 | ||
285 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
286 | Date: Tue Sep 24 12:50:46 2019 +0000 | ||
287 | |||
288 | upstream: identity_file[] should be PATH_MAX, not the arbitrary | ||
289 | |||
290 | number 1024 | ||
291 | |||
292 | OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7 | ||
293 | |||
294 | commit 90d4b2541e8c907793233d9cbd4963f7624f4174 | ||
295 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
296 | Date: Fri Sep 20 18:50:58 2019 +0000 | ||
297 | |||
298 | upstream: new sentence, new line; | ||
299 | |||
300 | OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698 | ||
301 | |||
302 | commit fbec7dba01b70b49ac47f56031310865dff86200 | ||
303 | Author: Darren Tucker <dtucker@dtucker.net> | ||
304 | Date: Mon Sep 30 18:01:12 2019 +1000 | ||
305 | |||
306 | Include stdio.h for snprintf. | ||
307 | |||
308 | Patch from vapier@gentoo.org. | ||
309 | |||
310 | commit 0a403bfde71c4b82147473298d3a60b4171468bd | ||
311 | Author: Darren Tucker <dtucker@dtucker.net> | ||
312 | Date: Mon Sep 30 14:11:42 2019 +1000 | ||
313 | |||
314 | Add SKIP_LTESTS for skipping specific tests. | ||
315 | |||
316 | commit 4d59f7a5169c451ebf559aedec031ac9da2bf80c | ||
317 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
318 | Date: Fri Sep 27 05:25:12 2019 +0000 | ||
319 | |||
320 | upstream: Test for empty result in expected bits. Remove CRs from log | ||
321 | |||
322 | as they confuse tools on some platforms. Re-enable the 3des-cbc test. | ||
323 | |||
324 | OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250 | ||
325 | |||
326 | commit 7c817d129e2d48fc8a6f7965339313023ec45765 | ||
327 | Author: Darren Tucker <dtucker@dtucker.net> | ||
328 | Date: Fri Sep 27 15:26:22 2019 +1000 | ||
329 | |||
330 | Re-enable dhgex test. | ||
331 | |||
332 | Since we've added larger fallback groups to dh.c this test will pass | ||
333 | even if there is no moduli file installed on the system. | ||
334 | |||
335 | commit c1e0a32fa852de6d1c82ece4f76add0ab0ca0eae | ||
336 | Author: Darren Tucker <dtucker@dtucker.net> | ||
337 | Date: Tue Sep 24 21:17:20 2019 +1000 | ||
338 | |||
339 | Add more ToS bits, currently only used by netcat. | ||
340 | |||
341 | commit 5a273a33ca1410351cb484af7db7c13e8b4e8e4e | ||
342 | Author: Darren Tucker <dtucker@dtucker.net> | ||
343 | Date: Thu Sep 19 15:41:23 2019 +1000 | ||
344 | |||
345 | Privsep is now required. | ||
346 | |||
347 | commit 8aa2aa3cd4d27d14e74b247c773696349472ef20 | ||
348 | Author: djm@openbsd.org <djm@openbsd.org> | ||
349 | Date: Mon Sep 16 03:23:02 2019 +0000 | ||
350 | |||
351 | upstream: Allow testing signature syntax and validity without verifying | ||
352 | |||
353 | that a signature came from a trusted signer. To discourage accidental or | ||
354 | unintentional use, this is invoked by the deliberately ugly option name | ||
355 | "check-novalidate" | ||
356 | |||
357 | from Sebastian Kinne | ||
358 | |||
359 | OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b | ||
360 | |||
361 | commit 7047d5afe3103f0f07966c05b810682d92add359 | ||
362 | Author: djm@openbsd.org <djm@openbsd.org> | ||
363 | Date: Fri Sep 13 04:52:34 2019 +0000 | ||
364 | |||
365 | upstream: clarify that IdentitiesOnly also applies to the default | ||
366 | |||
367 | ~/.ssh/id_* keys; bz#3062 | ||
368 | |||
369 | OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa | ||
370 | |||
371 | commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75 | ||
372 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
373 | Date: Fri Sep 13 04:36:43 2019 +0000 | ||
374 | |||
375 | upstream: Plug mem leaks on error paths, based in part on github | ||
376 | |||
377 | pr#120 from David Carlier. ok djm@. | ||
378 | |||
379 | OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e | ||
380 | |||
381 | commit 2aefdf1aef906cf7548a2e5927d35aacb55948d4 | ||
382 | Author: djm@openbsd.org <djm@openbsd.org> | ||
383 | Date: Fri Sep 13 04:31:19 2019 +0000 | ||
384 | |||
385 | upstream: whitespace | ||
386 | |||
387 | OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700 | ||
388 | |||
389 | commit fbe24b142915331ceb2a3a76be3dc5b6d204fddf | ||
390 | Author: djm@openbsd.org <djm@openbsd.org> | ||
391 | Date: Fri Sep 13 04:27:35 2019 +0000 | ||
392 | |||
393 | upstream: allow %n to be expanded in ProxyCommand strings | ||
394 | |||
395 | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 | ||
396 | ok dtucker@ | ||
397 | |||
398 | OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6 | ||
399 | |||
400 | commit 2ce1d11600e13bee0667d6b717ffcc18a057b821 | ||
401 | Author: djm@openbsd.org <djm@openbsd.org> | ||
402 | Date: Fri Sep 13 04:07:42 2019 +0000 | ||
403 | |||
404 | upstream: clarify that ConnectTimeout applies both to the TCP | ||
405 | |||
406 | connection and to the protocol handshake/KEX. From Jean-Charles Longuet via | ||
407 | Github PR140 | ||
408 | |||
409 | OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf | ||
410 | |||
411 | commit df780114278f406ef7cb2278802a2660092fff09 | ||
412 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
413 | Date: Mon Sep 9 02:31:19 2019 +0000 | ||
414 | |||
415 | upstream: Fix potential truncation warning. ok deraadt. | ||
416 | |||
417 | OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff | ||
418 | |||
419 | commit ec0e6243660bf2df30c620a6a0d83eded376c9c6 | ||
420 | Author: Damien Miller <djm@mindrot.org> | ||
421 | Date: Fri Sep 13 13:14:39 2019 +1000 | ||
422 | |||
423 | memleak of buffer in sshpam_query | ||
424 | |||
425 | coverity report via Ed Maste; ok dtucker@ | ||
426 | |||
427 | commit c17e4638e5592688264fc0349f61bfc7b4425aa5 | ||
428 | Author: Damien Miller <djm@mindrot.org> | ||
429 | Date: Fri Sep 13 13:12:42 2019 +1000 | ||
430 | |||
431 | explicitly test set[ug]id() return values | ||
432 | |||
433 | Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste | ||
434 | ok dtucker@ | ||
435 | |||
436 | commit 91a2135f32acdd6378476c5bae475a6e7811a6a2 | ||
437 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
438 | Date: Fri Sep 6 14:45:34 2019 +0000 | ||
439 | |||
440 | upstream: Allow prepending a list of algorithms to the default set | ||
441 | |||
442 | by starting the list with the '^' character, e.g. | ||
443 | |||
444 | HostKeyAlgorithms ^ssh-ed25519 | ||
445 | Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com | ||
446 | |||
447 | ok djm@ dtucker@ | ||
448 | |||
449 | OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97 | ||
450 | |||
451 | commit c8bdd2db77ac2369d5cdee237656f266c8f41552 | ||
452 | Author: djm@openbsd.org <djm@openbsd.org> | ||
453 | Date: Fri Sep 6 07:53:40 2019 +0000 | ||
454 | |||
455 | upstream: key conversion should fail for !openssl builds, not fall | ||
456 | |||
457 | through to the key generation code | ||
458 | |||
459 | OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9 | ||
460 | |||
461 | commit 823f6c37eb2d8191d45539f7b6fa877a4cb4ed3d | ||
462 | Author: djm@openbsd.org <djm@openbsd.org> | ||
463 | Date: Fri Sep 6 06:08:11 2019 +0000 | ||
464 | |||
465 | upstream: typo in previous | ||
466 | |||
467 | OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e | ||
468 | |||
469 | commit 6a710d3e06fd375e2c2ae02546b9541c488a2cdb | ||
470 | Author: Damien Miller <djm@mindrot.org> | ||
471 | Date: Sun Sep 8 14:48:11 2019 +1000 | ||
472 | |||
473 | needs time.h for --without-openssl | ||
474 | |||
475 | commit f61f29afda6c71eda26effa54d3c2e5306fd0833 | ||
476 | Author: Damien Miller <djm@mindrot.org> | ||
477 | Date: Sat Sep 7 19:25:00 2019 +1000 | ||
478 | |||
479 | make unittests pass for no-openssl case | ||
480 | |||
481 | commit 105e1c9218940eb53473f55a9177652d889ddbad | ||
482 | Author: djm@openbsd.org <djm@openbsd.org> | ||
483 | Date: Fri Sep 6 05:59:41 2019 +0000 | ||
484 | |||
485 | upstream: avoid compiling certain files that deeply depend on | ||
486 | |||
487 | libcrypto when WITH_OPENSSL isn't set | ||
488 | |||
489 | OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061 | ||
490 | |||
491 | commit 670104b923dd97b1c06c0659aef7c3e52af571b2 | ||
492 | Author: djm@openbsd.org <djm@openbsd.org> | ||
493 | Date: Fri Sep 6 05:23:55 2019 +0000 | ||
494 | |||
495 | upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@ | ||
496 | |||
497 | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f | ||
498 | |||
499 | commit be02d7cbde3d211ec2ed2320a1f7d86b2339d758 | ||
500 | Author: djm@openbsd.org <djm@openbsd.org> | ||
501 | Date: Fri Sep 6 04:53:27 2019 +0000 | ||
502 | |||
503 | upstream: lots of things were relying on libcrypto headers to | ||
504 | |||
505 | transitively include various system headers (mostly stdlib.h); include them | ||
506 | explicitly | ||
507 | |||
508 | OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080 | ||
509 | |||
510 | commit d05aaaaadcad592abfaa44540928e0c61ef72ebb | ||
511 | Author: djm@openbsd.org <djm@openbsd.org> | ||
512 | Date: Fri Sep 6 03:30:42 2019 +0000 | ||
513 | |||
514 | upstream: remove leakmalloc reference; we used this early when | ||
515 | |||
516 | refactoring but not since | ||
517 | |||
518 | OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c | ||
519 | |||
520 | commit 1268f0bcd8fc844ac6c27167888443c8350005eb | ||
521 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
522 | Date: Fri Sep 6 04:24:06 2019 +0000 | ||
523 | |||
524 | upstream: Check for RSA support before using it for the user key, | ||
525 | |||
526 | otherwise use ed25519 which is supported when built without OpenSSL. | ||
527 | |||
528 | OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7 | ||
529 | |||
530 | commit fd7a2dec652b9efc8e97f03f118f935dce732c60 | ||
531 | Author: Darren Tucker <dtucker@dtucker.net> | ||
532 | Date: Fri Sep 6 14:07:10 2019 +1000 | ||
533 | |||
534 | Provide explicit path to configure-check. | ||
535 | |||
536 | On some platforms (at least OpenBSD) make won't search VPATH for target | ||
537 | files, so building out-of-tree will fail at configure-check. Provide | ||
538 | explicit path. ok djm@ | ||
539 | |||
540 | commit 00865c29690003b4523cc09a0e104724b9f911a4 | ||
541 | Author: djm@openbsd.org <djm@openbsd.org> | ||
542 | Date: Fri Sep 6 01:58:50 2019 +0000 | ||
543 | |||
544 | upstream: better error code for bad arguments; inspired by | ||
545 | |||
546 | OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a | ||
547 | |||
548 | commit afdf27f5aceb4973b9f5308f4310c6e3fd8db1fb | ||
549 | Author: Damien Miller <djm@mindrot.org> | ||
550 | Date: Thu Sep 5 21:38:40 2019 +1000 | ||
551 | |||
552 | revert config.h/config.h.in freshness checks | ||
553 | |||
554 | turns out autoreconf and configure don't touch some files if their content | ||
555 | doesn't change, so the mtime can't be relied upon in a makefile rule | ||
556 | |||
557 | commit a97609e850c57bd2cc2fe7e175fc35cb865bc834 | ||
558 | Author: Damien Miller <djm@mindrot.org> | ||
559 | Date: Thu Sep 5 20:54:39 2019 +1000 | ||
560 | |||
561 | extend autoconf freshness test | ||
562 | |||
563 | make it cover config.h.in and config.h separately | ||
564 | |||
565 | commit 182297c10edb21c4856c6a38326fd04d81de41a5 | ||
566 | Author: Damien Miller <djm@mindrot.org> | ||
567 | Date: Thu Sep 5 20:34:54 2019 +1000 | ||
568 | |||
569 | check that configure/config.h is up to date | ||
570 | |||
571 | Ensure they are newer than the configure.ac / aclocal.m4 source | ||
572 | |||
573 | commit 7d6034bd020248e9fc0f8c39c71c858debd0d0c1 | ||
574 | Author: djm@openbsd.org <djm@openbsd.org> | ||
575 | Date: Thu Sep 5 10:05:51 2019 +0000 | ||
576 | |||
577 | upstream: if a PKCS#11 token returns no keys then try to login and | ||
578 | |||
579 | refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ | ||
580 | |||
581 | OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43 | ||
582 | |||
583 | commit 76f09bd95917862101b740afb19f4db5ccc752bf | ||
584 | Author: djm@openbsd.org <djm@openbsd.org> | ||
585 | Date: Thu Sep 5 09:35:19 2019 +0000 | ||
586 | |||
587 | upstream: sprinkle in some explicit errors here, otherwise the | ||
588 | |||
589 | percolate all the way up to dispatch_run_fatal() and lose all meaninful | ||
590 | context | ||
591 | |||
592 | to help with bz#3063; ok dtucker@ | ||
593 | |||
594 | OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a | ||
595 | |||
596 | commit 0ea332497b2b2fc3995f72f6bafe9d664c0195b3 | ||
597 | Author: djm@openbsd.org <djm@openbsd.org> | ||
598 | Date: Thu Sep 5 09:25:13 2019 +0000 | ||
599 | |||
600 | upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker | ||
601 | |||
602 | OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63 | ||
603 | |||
604 | commit f23d91f9fa7f6f42e70404e000fac88aebfe3076 | ||
605 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
606 | Date: Thu Sep 5 05:47:23 2019 +0000 | ||
607 | |||
608 | upstream: macro fix; ok djm | ||
609 | |||
610 | OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e | ||
611 | |||
612 | commit 8b57337c1c1506df2bb9f039d0628a6de618566b | ||
613 | Author: Damien Miller <djm@mindrot.org> | ||
614 | Date: Thu Sep 5 15:46:39 2019 +1000 | ||
615 | |||
616 | update fuzzing makefile to more recent clang | ||
617 | |||
618 | commit ae631ad77daf8fd39723d15a687cd4b1482cbae8 | ||
619 | Author: Damien Miller <djm@mindrot.org> | ||
620 | Date: Thu Sep 5 15:45:32 2019 +1000 | ||
621 | |||
622 | fuzzer for sshsig allowed_signers option parsing | ||
623 | |||
624 | commit 69159afe24120c97e5ebaf81016c85968afb903e | ||
625 | Author: djm@openbsd.org <djm@openbsd.org> | ||
626 | Date: Thu Sep 5 05:42:59 2019 +0000 | ||
627 | |||
628 | upstream: memleak on error path; found by libfuzzer | ||
629 | |||
630 | OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7 | ||
631 | |||
632 | commit bab6feb01f9924758ca7129dba708298a53dde5f | ||
633 | Author: djm@openbsd.org <djm@openbsd.org> | ||
634 | Date: Thu Sep 5 04:55:32 2019 +0000 | ||
635 | |||
636 | upstream: expose allowed_signers options parsing code in header for | ||
637 | |||
638 | fuzzing | ||
639 | |||
640 | rename to make more consistent with philosophically-similar auth | ||
641 | options parsing API. | ||
642 | |||
643 | OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c | ||
644 | |||
645 | commit 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b | ||
646 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
647 | Date: Wed Sep 4 20:31:15 2019 +0000 | ||
648 | |||
649 | upstream: Call comma-separated lists as such to clarify semantics. | ||
650 | |||
651 | Options such as Ciphers take values that may be a list of ciphers; the | ||
652 | complete list, not indiviual elements, may be prefixed with a dash or plus | ||
653 | character to remove from or append to the default list, respectively. | ||
654 | |||
655 | Users might read the current text as if each elment took an optional prefix, | ||
656 | so tweak the wording from "values" to "list" to prevent such ambiguity for | ||
657 | all options supporting these semantics. | ||
658 | |||
659 | Fix instances missed in first commit. ok jmc@ kn@ | ||
660 | |||
661 | OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417 | ||
662 | |||
663 | commit db1e6f60f03641b2d17e0ab062242609f4ed4598 | ||
664 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
665 | Date: Wed Sep 4 05:56:54 2019 +0000 | ||
666 | |||
667 | upstream: tweak previous; | ||
668 | |||
669 | OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27 | ||
670 | |||
671 | commit 0f44e5956c7c816f6600f2a47be4d7bb5a8d711d | ||
672 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
673 | Date: Tue Sep 3 20:51:49 2019 +0000 | ||
674 | |||
675 | upstream: repair typo and editing mishap | ||
676 | |||
677 | OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e | ||
678 | |||
679 | commit f4846dfc6a79f84bbc6356ae3184f142bacedc24 | ||
680 | Author: Damien Miller <djm@mindrot.org> | ||
681 | Date: Thu Sep 5 11:09:28 2019 +1000 | ||
682 | |||
683 | Fuzzer harness for sshsig | ||
684 | |||
685 | commit b08a6bc1cc7750c6f8a425d1cdbd86552fffc637 | ||
686 | Author: Damien Miller <djm@mindrot.org> | ||
687 | Date: Tue Sep 3 18:45:42 2019 +1000 | ||
688 | |||
689 | oops; missed including the actual file | ||
690 | |||
691 | commit 1a72c0dd89f09754df443c9576dde624a17d7dd0 | ||
692 | Author: Damien Miller <djm@mindrot.org> | ||
693 | Date: Tue Sep 3 18:44:10 2019 +1000 | ||
694 | |||
695 | portability fixes for sshsig | ||
696 | |||
697 | commit 6d6427d01304d967e58544cf1c71d2b4394c0522 | ||
698 | Author: djm@openbsd.org <djm@openbsd.org> | ||
699 | Date: Tue Sep 3 08:37:45 2019 +0000 | ||
700 | |||
701 | upstream: regress test for sshsig; feedback and ok markus@ | ||
702 | |||
703 | OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b | ||
704 | |||
705 | commit 59650f0eaf65115afe04c39abfb93a4fc994ec55 | ||
706 | Author: djm@openbsd.org <djm@openbsd.org> | ||
707 | Date: Tue Sep 3 08:37:06 2019 +0000 | ||
708 | |||
709 | upstream: only add plain keys to prevent any certs laying around | ||
710 | |||
711 | from confusing the test. | ||
712 | |||
713 | OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f | ||
714 | |||
715 | commit d637c4aee6f9b5280c13c020d7653444ac1fcaa5 | ||
716 | Author: djm@openbsd.org <djm@openbsd.org> | ||
717 | Date: Tue Sep 3 08:35:27 2019 +0000 | ||
718 | |||
719 | upstream: sshsig tweaks and improvements from and suggested by | ||
720 | |||
721 | Markus | ||
722 | |||
723 | ok markus/me | ||
724 | |||
725 | OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9 | ||
726 | |||
727 | commit 2a9c9f7272c1e8665155118fe6536bebdafb6166 | ||
728 | Author: djm@openbsd.org <djm@openbsd.org> | ||
729 | Date: Tue Sep 3 08:34:19 2019 +0000 | ||
730 | |||
731 | upstream: sshsig: lightweight signature and verification ability | ||
732 | |||
733 | for OpenSSH | ||
734 | |||
735 | This adds a simple manual signature scheme to OpenSSH. | ||
736 | Signatures can be made and verified using ssh-keygen -Y sign|verify | ||
737 | |||
738 | Signatures embed the key used to make them. At verification time, this | ||
739 | is matched via principal name against an authorized_keys-like list | ||
740 | of allowed signers. | ||
741 | |||
742 | Mostly by Sebastian Kinne w/ some tweaks by me | ||
743 | |||
744 | ok markus@ | ||
745 | |||
746 | OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb | ||
747 | |||
748 | commit 5485f8d50a5bc46aeed829075ebf5d9c617027ea | ||
749 | Author: djm@openbsd.org <djm@openbsd.org> | ||
750 | Date: Tue Sep 3 08:32:11 2019 +0000 | ||
751 | |||
752 | upstream: move authorized_keys option parsing helpsers to misc.c | ||
753 | |||
754 | and make them public; ok markus@ | ||
755 | |||
756 | OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2 | ||
757 | |||
758 | commit f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a | ||
759 | Author: djm@openbsd.org <djm@openbsd.org> | ||
760 | Date: Tue Sep 3 08:31:20 2019 +0000 | ||
761 | |||
762 | upstream: make get_sigtype public as sshkey_get_sigtype(); ok | ||
763 | |||
764 | markus@ | ||
765 | |||
766 | OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8 | ||
767 | |||
768 | commit dd8002fbe63d903ffea5be7b7f5fc2714acab4a0 | ||
769 | Author: djm@openbsd.org <djm@openbsd.org> | ||
770 | Date: Tue Sep 3 08:30:47 2019 +0000 | ||
771 | |||
772 | upstream: move advance_past_options to authfile.c and make it | ||
773 | |||
774 | public; ok markus@ | ||
775 | |||
776 | OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c | ||
777 | |||
778 | commit c72d78ccbe642e08591a626e5de18381489716e0 | ||
779 | Author: djm@openbsd.org <djm@openbsd.org> | ||
780 | Date: Tue Sep 3 08:29:58 2019 +0000 | ||
781 | |||
782 | upstream: move skip_space() to misc.c and make it public; ok | ||
783 | |||
784 | markus@ | ||
785 | |||
786 | OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae | ||
787 | |||
788 | commit 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5 | ||
789 | Author: djm@openbsd.org <djm@openbsd.org> | ||
790 | Date: Tue Sep 3 08:29:15 2019 +0000 | ||
791 | |||
792 | upstream: authfd: add function to check if key is in agent | ||
793 | |||
794 | This commit adds a helper function which allows the caller to | ||
795 | check if a given public key is present in ssh-agent. | ||
796 | |||
797 | work by Sebastian Kinne; ok markus@ | ||
798 | |||
799 | OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13 | ||
800 | |||
801 | commit 2ab5a8464870cc4b29ddbe849bbbc255729437bf | ||
802 | Author: djm@openbsd.org <djm@openbsd.org> | ||
803 | Date: Tue Sep 3 08:28:30 2019 +0000 | ||
804 | |||
805 | upstream: fix memleak in ssh_free_identitylist(); ok markus@ | ||
806 | |||
807 | OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf | ||
808 | |||
809 | commit 85443f165b4169b2a448b3e24bc1d4dc5b3156a4 | ||
810 | Author: djm@openbsd.org <djm@openbsd.org> | ||
811 | Date: Tue Sep 3 08:27:52 2019 +0000 | ||
812 | |||
813 | upstream: factor out confirm_overwrite(); ok markus@ | ||
814 | |||
815 | OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400 | ||
816 | |||
817 | commit 9a396e33685633581c67d5ad9664570ef95281f2 | ||
818 | Author: djm@openbsd.org <djm@openbsd.org> | ||
819 | Date: Mon Sep 2 23:46:46 2019 +0000 | ||
820 | |||
821 | upstream: constify an argument | ||
822 | |||
823 | OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b | ||
824 | |||
825 | commit b52c0c2e64988277a35a955a474d944967059aeb | ||
826 | Author: djm@openbsd.org <djm@openbsd.org> | ||
827 | Date: Mon Sep 2 00:19:25 2019 +0000 | ||
828 | |||
829 | upstream: downgrade PKCS#11 "provider returned no slots" warning | ||
830 | |||
831 | from log level error to debug. This is common when attempting to enumerate | ||
832 | keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@ | ||
833 | |||
834 | OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6 | ||
835 | |||
836 | commit 0713322e18162463c5ab5ddfb9f935055ca775d8 | ||
837 | Author: djm@openbsd.org <djm@openbsd.org> | ||
838 | Date: Sun Sep 1 23:47:32 2019 +0000 | ||
839 | |||
840 | upstream: print comment when printing pubkey from private | ||
841 | |||
842 | bz#3052; ok dtucker | ||
843 | |||
844 | OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914 | ||
845 | |||
846 | commit 368f1cc2fbd6ad10c66bc1b67c2c04aebf8a04a8 | ||
847 | Author: Damien Miller <djm@mindrot.org> | ||
848 | Date: Mon Sep 2 10:28:42 2019 +1000 | ||
849 | |||
850 | fixed test in OSX closefrom() replacement | ||
851 | |||
852 | from likan_999.student AT sina.com | ||
853 | |||
854 | commit 6b7c53498def19a14dd9587bf521ab6dbee8988f | ||
855 | Author: Damien Miller <djm@mindrot.org> | ||
856 | Date: Mon Sep 2 10:22:02 2019 +1000 | ||
857 | |||
858 | retain Solaris PRIV_FILE_LINK_ANY in sftp-server | ||
859 | |||
860 | Dropping this privilege removes the ability to create hard links to | ||
861 | files owned by other users. This is required for the legacy sftp rename | ||
862 | operation. | ||
863 | |||
864 | bz#3036; approach ok Alex Wilson (the original author of the Solaris | ||
865 | sandbox/pledge replacement code) | ||
866 | |||
867 | commit e50f808712393e86d69e42e9847cdf8d473412d7 | ||
868 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
869 | Date: Fri Aug 30 05:08:28 2019 +0000 | ||
870 | |||
871 | upstream: Use ed25519 for most hostkey rotation tests since it's | ||
872 | |||
873 | supported even when built without OpenSSL. Use RSA for the secondary type | ||
874 | test if supported, otherwise skip it. Fixes this test for !OpenSSL builds. | ||
875 | |||
876 | OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109 | ||
877 | |||
878 | commit 5e4796c47dd8d6c38fb2ff0b3e817525fed6040d | ||
879 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
880 | Date: Thu Aug 22 21:47:27 2019 +0000 | ||
881 | |||
882 | upstream: Test did not compile due to missing symbols. Add source | ||
883 | |||
884 | sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl | ||
885 | |||
886 | OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 | ||
887 | |||
888 | commit e0e7e3d0e26f2c30697e6d0cfc293414908963c7 | ||
889 | Author: Damien Miller <djm@mindrot.org> | ||
890 | Date: Fri Aug 30 14:26:19 2019 +1000 | ||
891 | |||
892 | tweak warning flags | ||
893 | |||
894 | Enable -Wextra if compiler supports it | ||
895 | |||
896 | Set -Wno-error=format-truncation if available to prevent expected | ||
897 | string truncations in openbsd-compat from breaking -Werror builds | ||
898 | |||
899 | commit 28744182cf90e0073b76a9e98de58a47e688b2c4 | ||
900 | Author: Damien Miller <djm@mindrot.org> | ||
901 | Date: Fri Aug 30 13:21:38 2019 +1000 | ||
902 | |||
903 | proc_pidinfo()-based closefrom() for OS X | ||
904 | |||
905 | Refactor closefrom() to use a single brute-force close() loop fallback. | ||
906 | |||
907 | Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@ | ||
908 | |||
909 | commit dc2ca588144f088a54febebfde3414568dc73d5f | ||
910 | Author: kn@openbsd.org <kn@openbsd.org> | ||
911 | Date: Fri Aug 16 11:16:32 2019 +0000 | ||
912 | |||
913 | upstream: Call comma-separated lists as such to clarify semantics | ||
914 | |||
915 | Options such as Ciphers take values that may be a list of ciphers; the | ||
916 | complete list, not indiviual elements, may be prefixed with a dash or plus | ||
917 | character to remove from or append to the default list respectively. | ||
918 | |||
919 | Users might read the current text as if each elment took an optional prefix, | ||
920 | so tweak the wording from "values" to "list" to prevent such ambiguity for | ||
921 | all options supporting this semantics (those that provide a list of | ||
922 | available elements via "ssh -Q ..."). | ||
923 | |||
924 | Input and OK jmc | ||
925 | |||
926 | OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57 | ||
927 | |||
928 | commit c4736f39e66729ce2bf5b06ee6b391e092b48f47 | ||
929 | Author: djm@openbsd.org <djm@openbsd.org> | ||
930 | Date: Fri Aug 16 06:35:27 2019 +0000 | ||
931 | |||
932 | upstream: include sshbuf-misc.c in SRCS_BASE | ||
933 | |||
934 | OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474 | ||
935 | |||
936 | commit d0e51810f332fe44ebdba41113aacf319d35f5a5 | ||
937 | Author: Darren Tucker <dtucker@dtucker.net> | ||
938 | Date: Sat Aug 24 15:12:11 2019 +1000 | ||
939 | |||
940 | Fix pasto in fallback code. | ||
941 | |||
942 | There is no parameter called "pathname", it should simply be "path". | ||
943 | bz#3059, patch from samuel at cendio.se. | ||
944 | |||
945 | commit e83c989bfd9fc9838b7dfb711d1dc6da81814045 | ||
946 | Author: Damien Miller <djm@mindrot.org> | ||
947 | Date: Fri Aug 23 10:19:30 2019 +1000 | ||
948 | |||
949 | use SC_ALLOW_ARG_MASK to limit mmap protections | ||
950 | |||
951 | Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC | ||
952 | |||
953 | commit f6906f9bf12c968debec3671bbf19926ff8a235b | ||
954 | Author: Damien Miller <djm@mindrot.org> | ||
955 | Date: Fri Aug 23 10:08:48 2019 +1000 | ||
956 | |||
957 | allow mprotect(2) with PROT_(READ|WRITE|NONE) only | ||
958 | |||
959 | Used by some hardened heap allocators. Requested by Yegor | ||
960 | Timoshenko in https://github.com/openssh/openssh-portable/pull/142 | ||
961 | |||
962 | commit e3b6c966b79c3ea5d51b923c3bbdc41e13b96ea0 | ||
963 | Author: djm@openbsd.org <djm@openbsd.org> | ||
964 | Date: Fri Aug 16 06:13:15 2019 +0000 | ||
965 | |||
966 | upstream: switch percent_expand() to use sshbuf instead of a limited | ||
967 | |||
968 | fixed buffer; ok markus@ | ||
969 | |||
970 | OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711 | ||
971 | |||
972 | commit 9ab5b9474779ac4f581d402ae397f871ed16b383 | ||
973 | Author: djm@openbsd.org <djm@openbsd.org> | ||
974 | Date: Fri Aug 9 05:05:54 2019 +0000 | ||
975 | |||
976 | upstream: produce a useful error message if the user's shell is set | ||
977 | |||
978 | incorrectly during "match exec" processing. bz#2791 reported by Dario | ||
979 | Bertini; ok dtucker | ||
980 | |||
981 | OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d | ||
982 | |||
983 | commit 8fdbc7247f432578abaaca1b72a0dbf5058d67e5 | ||
984 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
985 | Date: Fri Aug 9 04:24:03 2019 +0000 | ||
986 | |||
987 | upstream: Change description of TCPKeepAlive from "inactive" to | ||
988 | |||
989 | "unresponsive" to clarify what it checks for. Patch from jblaine at | ||
990 | kickflop.net via github pr#129, ok djm@. | ||
991 | |||
992 | OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9 | ||
993 | |||
994 | commit 7afc45c3ed72672690014dc432edc223b23ae288 | ||
995 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
996 | Date: Thu Aug 8 08:02:57 2019 +0000 | ||
997 | |||
998 | upstream: Allow the maximimum uint32 value for the argument passed to | ||
999 | |||
1000 | -b which allows better error messages from later validation. bz#3050, ok | ||
1001 | djm@ | ||
1002 | |||
1003 | OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673 | ||
1004 | |||
1005 | commit c31e4f5fb3915c040061981a67224de7650ab34b | ||
1006 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1007 | Date: Mon Aug 5 21:45:27 2019 +0000 | ||
1008 | |||
1009 | upstream: Many key types are supported now, so take care to check | ||
1010 | |||
1011 | the size restrictions and apply the default size only to the matching key | ||
1012 | type. tweak and ok dtucker@ | ||
1013 | |||
1014 | OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e | ||
1015 | |||
1016 | commit 6b39a7b49ebacec4e70e24bfc8ea2f11057aac22 | ||
1017 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1018 | Date: Mon Aug 5 11:50:33 2019 +0000 | ||
1019 | |||
1020 | upstream: Remove now-redundant perm_ok arg since | ||
1021 | |||
1022 | sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that | ||
1023 | case. Patch from jitendra.sharma at intel.com, ok djm@ | ||
1024 | |||
1025 | OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77 | ||
1026 | |||
1027 | commit d46075b923bf25e6f25959a3f5b458852161cb3e | ||
1028 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1029 | Date: Mon Aug 5 21:36:48 2019 +1000 | ||
1030 | |||
1031 | Fix mem leak in unit test. | ||
1032 | |||
1033 | Patch from jitendra.sharma at intel.com. | ||
1034 | |||
1035 | commit c4ffb72593c08921cf9291bc05a5ef1d0aaa6891 | ||
1036 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1037 | Date: Fri Aug 2 01:41:24 2019 +0000 | ||
1038 | |||
1039 | upstream: fix some memleaks in test_helper code | ||
1040 | |||
1041 | bz#3037 from Jitendra Sharma | ||
1042 | |||
1043 | OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751 | ||
1044 | |||
1045 | commit 6e76e69dc0c7712e9ac599af34bd091b0e7dcdb5 | ||
1046 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1047 | Date: Fri Aug 2 01:23:19 2019 +0000 | ||
1048 | |||
1049 | upstream: typo; from Christian Hesse | ||
1050 | |||
1051 | OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3 | ||
1052 | |||
1053 | commit 49fa065a1bfaeb88a59abdfa4432d3b9c35b0655 | ||
1054 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1055 | Date: Tue Jul 30 05:04:49 2019 +0000 | ||
1056 | |||
1057 | upstream: let sshbuf_find/cmp take a void* for the | ||
1058 | |||
1059 | search/comparison argument, instead of a u_char*. Saves callers needing to | ||
1060 | cast. | ||
1061 | |||
1062 | OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed | ||
1063 | |||
1064 | commit 7adf6c430d6fc17901e167bc0789d31638f5c2f8 | ||
1065 | Author: mestre@openbsd.org <mestre@openbsd.org> | ||
1066 | Date: Wed Jul 24 08:57:00 2019 +0000 | ||
1067 | |||
1068 | upstream: When using a combination of a Yubikey+GnuPG+remote | ||
1069 | |||
1070 | forwarding the gpg-agent (and options ControlMaster+RemoteForward in | ||
1071 | ssh_config(5)) then the codepath taken will call mux_client_request_session | ||
1072 | -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath | ||
1073 | then pledge(2) kills the process. | ||
1074 | |||
1075 | The solution is to add "sendfd" to pledge(2), which is not too bad considering | ||
1076 | a little bit later we reduce pledge(2) to only "stdio proc tty" in that | ||
1077 | codepath. | ||
1078 | |||
1079 | Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org> | ||
1080 | |||
1081 | OK deraadt@ | ||
1082 | |||
1083 | OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac | ||
1084 | |||
1085 | commit 0e2fe18acc1da853a9120c2e9af68e8d05e6503e | ||
1086 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1087 | Date: Tue Jul 23 23:06:57 2019 +0000 | ||
1088 | |||
1089 | upstream: Fix typo in CASignatureAlgorithms wherein what should be | ||
1090 | |||
1091 | a comma is a dot. Patch from hnj2 via github pr#141. | ||
1092 | |||
1093 | OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0 | ||
1094 | |||
1095 | commit e93ffd1a19fc47c49d68ae2fb332433690ecd389 | ||
1096 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1097 | Date: Mon Jul 29 16:04:01 2019 +1000 | ||
1098 | |||
1099 | Report success of individual tests as well as all. | ||
1100 | |||
1101 | This puts the "all tests passed" message back at the end where the | ||
1102 | test harnesses can find it. | ||
1103 | |||
1104 | commit 2ad5b36b18bddf2965fe60384c29b3f1d451b4ed | ||
1105 | Author: Damien Miller <djm@mindrot.org> | ||
1106 | Date: Mon Jul 29 09:49:23 2019 +1000 | ||
1107 | |||
1108 | convert to UTF-8; from Mike Frysinger | ||
1109 | |||
1110 | commit d31e7c937ba0b97534f373cf5dea34675bcec602 | ||
1111 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1112 | Date: Fri Jul 26 04:22:21 2019 +0000 | ||
1113 | |||
1114 | upstream: Restrict limit-keytype to types supported by build. This | ||
1115 | |||
1116 | means we have to skip a couple tests when only one key type is supported. | ||
1117 | |||
1118 | OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e | ||
1119 | |||
1120 | commit 0967a233b8a28907ae8a4a6773c89f21d2ace11b | ||
1121 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1122 | Date: Thu Jul 25 18:36:28 2019 +1000 | ||
1123 | |||
1124 | Remove override disabling DH-GEX. | ||
1125 | |||
1126 | The DH-GEX override doesn't work when build without OpenSSL, and | ||
1127 | we'll prefer curve25519 these days, removing the need for it. | ||
1128 | |||
1129 | commit 061407efc19b41ab4a7485e5adcff2a12befacdb | ||
1130 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1131 | Date: Thu Jul 25 09:17:35 2019 +0000 | ||
1132 | |||
1133 | upstream: Only use supported key types during KRL test, preferring | ||
1134 | |||
1135 | ed25519 since it's supported by both OpenSSL and non-OpenSSL builds. | ||
1136 | |||
1137 | OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa | ||
1138 | |||
1139 | commit 47f8ff1fa5b76790c1d785815fd13ee6009f8012 | ||
1140 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1141 | Date: Thu Jul 25 08:48:11 2019 +0000 | ||
1142 | |||
1143 | upstream: Switch keys-command test from rsa to ed25519 since it's | ||
1144 | |||
1145 | supported for both OpenSSL and non-OpenSSL builds. | ||
1146 | |||
1147 | OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a | ||
1148 | |||
1149 | commit 1e94afdfa8df774ab7dd3bad52912b636dc31bbd | ||
1150 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1151 | Date: Thu Jul 25 08:28:15 2019 +0000 | ||
1152 | |||
1153 | upstream: Make certificate tests work with the supported key | ||
1154 | |||
1155 | algorithms. Allows tests to pass when built without OpenSSL. | ||
1156 | |||
1157 | OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc | ||
1158 | |||
1159 | commit 26bf693661a48b97b6023f702b2af643676ac21a | ||
1160 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1161 | Date: Tue Jul 23 13:49:14 2019 +0000 | ||
1162 | |||
1163 | upstream: Construct list of key types to test based on the types | ||
1164 | |||
1165 | supported by the binaries. | ||
1166 | |||
1167 | OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62 | ||
1168 | |||
1169 | commit 773c55b3d1230e8f7714a1b33873c37b85049c74 | ||
1170 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1171 | Date: Tue Jul 23 13:32:48 2019 +0000 | ||
1172 | |||
1173 | upstream: Only use DSA key type in tests if binaries support it. | ||
1174 | |||
1175 | OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96 | ||
1176 | |||
1177 | commit 159e987a54d92ccd73875e7581ffc64e8927a715 | ||
1178 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1179 | Date: Wed Jul 24 14:21:19 2019 +1000 | ||
1180 | |||
1181 | Split test targets further. | ||
1182 | |||
1183 | Splits test into file-tests, t-exec, unit and interop-tests and their | ||
1184 | respective dependencies. Should allow running any set individually | ||
1185 | without having to build the other dependencies that are not needed | ||
1186 | for that specific test. | ||
1187 | |||
1188 | commit 520d4550a2470106d63e30079bb05ce82f3a4f7d | ||
1189 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1190 | Date: Wed Jul 24 11:20:18 2019 +1000 | ||
1191 | |||
1192 | Add lib dependencies for regress binary targets. | ||
1193 | |||
1194 | commit 4e8d0dd78d5f6142841a07dc8b8c6b4730eaf587 | ||
1195 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1196 | Date: Wed Jul 24 00:12:51 2019 +1000 | ||
1197 | |||
1198 | Make "unit" a dependency of "test". | ||
1199 | |||
1200 | commit 4317b2a0480e293e58ba115e47b49d3a384b6568 | ||
1201 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1202 | Date: Tue Jul 23 23:24:47 2019 +1000 | ||
1203 | |||
1204 | upstream rev 1.28: fix comment typo. | ||
1205 | |||
1206 | commit e0055af2bd39fdb44566ff6594147664e1fac8b8 | ||
1207 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1208 | Date: Tue Jul 23 23:06:22 2019 +1000 | ||
1209 | |||
1210 | Split regress-binaries into two targets. | ||
1211 | |||
1212 | Split the binaries for the unit tests out into a regress-unit-binaries | ||
1213 | target, and add a dependency on it for only the unit tests. This allows | ||
1214 | us to run the integration tests only ("make t-exec") without building | ||
1215 | the unit tests, which allows us to run a subset of the tests when | ||
1216 | building --without-openssl without trying (and failing) to build the | ||
1217 | unit tests. | ||
1218 | |||
1219 | This means there are two targets for "unit" which I *think* is valid | ||
1220 | (it works in testing, and makedepend will generate Makefiles of this | ||
1221 | form)a but I could be wrong. | ||
1222 | |||
1223 | commit 7cdf9fdcf11aaaa98c2bd22c92882ea559e772ad | ||
1224 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1225 | Date: Tue Jul 23 08:19:29 2019 +0000 | ||
1226 | |||
1227 | upstream: Skip DH group generation test if binaries don't support | ||
1228 | |||
1229 | DH-GEX. | ||
1230 | |||
1231 | OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd | ||
1232 | |||
1233 | commit 3a3eab8bb0da3d2f0f32cb85a1a268bcca6e4d69 | ||
1234 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1235 | Date: Tue Jul 23 07:55:29 2019 +0000 | ||
1236 | |||
1237 | upstream: Only test conversion of key types supported by the | ||
1238 | |||
1239 | binaries. | ||
1240 | |||
1241 | OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea | ||
1242 | |||
1243 | commit 7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63 | ||
1244 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1245 | Date: Tue Jul 23 07:39:43 2019 +0000 | ||
1246 | |||
1247 | upstream: Only add ssh-dss to allowed key types if it's supported | ||
1248 | |||
1249 | by the binary. | ||
1250 | |||
1251 | OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413 | ||
1252 | |||
1253 | commit fd0684b319e664d8821dc4ca3026126dfea3ccf4 | ||
1254 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1255 | Date: Tue Jul 23 22:36:39 2019 +1000 | ||
1256 | |||
1257 | Remove sys/cdefs.h include. | ||
1258 | |||
1259 | It's not needed on -portable (that's handled by includes.h) and not all | ||
1260 | platforms have it. | ||
1261 | |||
1262 | commit 9634ffbf29b3c2493e69d10b37077b09a8cbf5ff | ||
1263 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1264 | Date: Tue Jul 23 22:25:44 2019 +1000 | ||
1265 | |||
1266 | Add headers to prevent warnings w/out OpenSSL. | ||
1267 | |||
1268 | commit 2ea60312e1c08dea88982fec68244f89a40912ff | ||
1269 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1270 | Date: Tue Jul 23 22:11:50 2019 +1000 | ||
1271 | |||
1272 | Include stdlib.h for free() and calloc(). | ||
1273 | |||
1274 | commit 11cba2a4523fda447e2554ea457484655bedc831 | ||
1275 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1276 | Date: Tue Jul 23 21:51:22 2019 +1000 | ||
1277 | |||
1278 | Re-apply portability changes to current sha2.{c,h}. | ||
1279 | |||
1280 | Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 | ||
1281 | I imported the current versions directly then re-applied the portability | ||
1282 | changes. This also allowed re-syncing digest-libc.c against upstream. | ||
1283 | |||
1284 | commit 09159594a3bbd363429ee6fafde57ce77986dd7c | ||
1285 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1286 | Date: Tue Jul 23 20:27:51 2019 +1000 | ||
1287 | |||
1288 | Import current sha2.c and sha2.h from OpenBSD. | ||
1289 | |||
1290 | These are not changed from their original state, the next commit will | ||
1291 | re-apply the portable changes. | ||
1292 | |||
1293 | commit 2e6035b900cc9d7432d95084e03993d1b426f812 | ||
1294 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1295 | Date: Tue Jul 23 08:11:22 2019 +1000 | ||
1296 | |||
1297 | Rename valgrind "errors" to "failures". | ||
1298 | |||
1299 | When valgrind is enabled, test-exec.sh counts the number of invocations | ||
1300 | that valgrind detects failures in, not the total number of errors detected. | ||
1301 | This makes the name to be more accurate. | ||
1302 | |||
1303 | commit e82c9bb9ffa65725cc2e03ea81cb79ce3387f66b | ||
1304 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1305 | Date: Fri Jul 19 18:51:18 2019 +1000 | ||
1306 | |||
1307 | Skip running sftp-chroot under Valgrind. | ||
1308 | |||
1309 | commit 41e22c2e05cb950b704945ac9408f6109c9b7848 | ||
1310 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1311 | Date: Sat Jul 20 09:50:58 2019 +0000 | ||
1312 | |||
1313 | upstream: Remove the sleeps and thus races from the forwarding | ||
1314 | |||
1315 | test. They were originally required to work with Protocol 1, but now we can | ||
1316 | use ssh -N and the control socket without the sleeps. While there, suppress | ||
1317 | output fro the control exit commands. | ||
1318 | |||
1319 | OpenBSD-Regress-ID: 4c51a1d651242f12c90074c18c61008a74c1c790 | ||
1320 | |||
1321 | commit 0423043c5e54293f4dd56041304fd0046c317be9 | ||
1322 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1323 | Date: Sat Jul 20 09:37:31 2019 +0000 | ||
1324 | |||
1325 | upstream: Allow SLEEPTIME to be overridden. | ||
1326 | |||
1327 | OpenBSD-Regress-ID: 1596ab168729954be3d219933b2d01cc93687e76 | ||
1328 | |||
1329 | commit d466b6a5cfba17a83c7aae9f584ab164e2ece0a1 | ||
1330 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1331 | Date: Sat Jul 20 09:14:40 2019 +0000 | ||
1332 | |||
1333 | upstream: Move sleep time into a variable so that we can increase | ||
1334 | |||
1335 | it for platforms or configurations that are much slower then usual. | ||
1336 | |||
1337 | OpenBSD-Regress-ID: 88586cabc800062c260d0b876bdcd4ca3f58a872 | ||
1338 | |||
1339 | commit b4a7c9d2b5f928e0b902b580d35dc8b244a3aae0 | ||
1340 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1341 | Date: Fri Jul 19 03:45:44 2019 +0000 | ||
1342 | |||
1343 | upstream: add regression tests for scp for out-of-destination path file | ||
1344 | |||
1345 | creation by Harry Sintonen via Jakub Jelen in bz3007 | ||
1346 | |||
1347 | OpenBSD-Regress-ID: 01ae5fbc6ce400b2df5a84dc3152a9e31f354c07 | ||
1348 | |||
1349 | commit bca0582063f148c7ddf409ec51435a5a726bee4c | ||
1350 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1351 | Date: Fri Jul 19 03:38:01 2019 +0000 | ||
1352 | |||
1353 | upstream: Accept the verbose flag when searching for host keys in known | ||
1354 | |||
1355 | hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art | ||
1356 | signature too. bz#3003 "amusing, pretty" deraadt@ | ||
1357 | |||
1358 | OpenBSD-Commit-ID: 686221a5447d6507f40a2ffba5393984d889891f | ||
1359 | |||
1360 | commit 5299a09fa2879a068af200c91028fcfa9283c0f0 | ||
1361 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1362 | Date: Fri Jul 19 13:50:25 2019 +1000 | ||
1363 | |||
1364 | Revert one dependency per line change. | ||
1365 | |||
1366 | It turns out that having such a large number of lines in the .depend | ||
1367 | file will cause the memory usage of awk during AC_SUBST to blow up on at | ||
1368 | least NetBSD's awk, causing configure to fail. | ||
1369 | |||
1370 | commit 01dddb231f23b4a7b616f9d33a0b9d937f9eaf0e | ||
1371 | Author: Damien Miller <djm@mindrot.org> | ||
1372 | Date: Fri Jul 19 13:19:19 2019 +1000 | ||
1373 | |||
1374 | fix SIGWINCH delivery of Solaris for mux sessions | ||
1375 | |||
1376 | Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH | ||
1377 | signals to other sessions. bz#3030; report and fix from Darren Moffat | ||
1378 | |||
1379 | commit 05500af21d27c1a3ddac232b018cc23da7b1ee95 | ||
1380 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1381 | Date: Fri Jul 19 13:20:03 2019 +1000 | ||
1382 | |||
1383 | Force dependencies one per line. | ||
1384 | |||
1385 | Force makedepend to output one dependency per line, which will make | ||
1386 | reading diffs against it much easier. ok djm@ | ||
1387 | |||
1388 | commit b5bc5d016bbb83eb7f8e685390044e78b1ea1427 | ||
1389 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1390 | Date: Fri Jul 19 13:18:07 2019 +1000 | ||
1391 | |||
1392 | make depend. | ||
1393 | |||
1394 | commit 65333f7454365fe40f7367630e7dd10903b9d99e | ||
1395 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1396 | Date: Fri Jul 19 13:16:11 2019 +1000 | ||
1397 | |||
1398 | Show when skipping valgrind for a test. | ||
1399 | |||
1400 | commit fccb7eb3436da8ef3dcd22e5936ba1abc7ae6730 | ||
1401 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1402 | Date: Fri Jul 19 10:41:56 2019 +1000 | ||
1403 | |||
1404 | Enable connect-privsep test with valgrind. | ||
1405 | |||
1406 | connect-privsep seems to work OK with valgrind now so don't skip | ||
1407 | valgrind on it. | ||
1408 | |||
1409 | commit d7423017265c5ae6d0be39340feb6c9f016b1f71 | ||
1410 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1411 | Date: Fri Jul 19 07:43:07 2019 +1000 | ||
1412 | |||
1413 | Show valgrind results and error counts. | ||
1414 | |||
1415 | commit 22b9b3e944880db906c6ac5527c4228bd92b293a | ||
1416 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1417 | Date: Thu Jul 18 13:40:12 2019 +1000 | ||
1418 | |||
1419 | Fix format string integer type in error message. | ||
1420 | |||
1421 | commit ed46a0c0705895834d3f47a46faa89c2a71b760a | ||
1422 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1423 | Date: Thu Jul 18 13:26:00 2019 +0000 | ||
1424 | |||
1425 | upstream: fix off-by-one in sshbuf_dtob64() base64 wrapping that could | ||
1426 | |||
1427 | cause extra newlines to be appended at the end of the base64 text (ugly, but | ||
1428 | harmless). Found and fixed by Sebastian Kinne | ||
1429 | |||
1430 | OpenBSD-Commit-ID: 9fe290bd68f706ed8f986a7704ca5a2bd32d7b68 | ||
1431 | |||
1432 | commit a192021fedead23c375077f92346336d531f8cad | ||
1433 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1434 | Date: Thu Jul 18 11:09:38 2019 +1000 | ||
1435 | |||
1436 | Fail tests if Valgrind enabled and reports errors. | ||
1437 | |||
1438 | Also dump the failing valgrind report to stdout (not the cleanest | ||
1439 | solution, but better than nothing). | ||
1440 | |||
1441 | commit d1c491ecb939ee10b341fa7bb6205dff19d297e5 | ||
1442 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1443 | Date: Thu Jul 18 10:17:54 2019 +1000 | ||
1444 | |||
1445 | Allow low-priv tests to write to pipe dir. | ||
1446 | |||
1447 | When running regression tests with Valgrind and SUDO, the low-priv agent | ||
1448 | tests need to be able to create pipes in the appropriate directory. | ||
1449 | |||
1450 | commit 8a5bb3e78191cc206f970c26d2a26c949971e91a | ||
1451 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1452 | Date: Wed Jul 17 21:24:55 2019 +1000 | ||
1453 | |||
1454 | Put valgrind vgdb files to a specific directory. | ||
1455 | |||
1456 | Valgrind by default puts vgdb files and pipes under /tmp, however it | ||
1457 | is not always able to clean them up, which can cause test failures when | ||
1458 | there's a pid/file collision. Using a specific directory ensures that | ||
1459 | we can clean up and start clean. | ||
1460 | |||
1461 | commit f8829fe57fb0479d6103cfe1190095da3c032c6d | ||
1462 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1463 | Date: Tue Jul 16 22:16:49 2019 +0000 | ||
1464 | |||
1465 | upstream: adapt to sshbuf_dtob64() change | ||
1466 | |||
1467 | OpenBSD-Regress-ID: 82374a83edf0955fd1477169eee3f5d6467405a6 | ||
1468 | |||
1469 | commit 1254fcbb2f005f745f2265016ee9fa52e16d37b0 | ||
1470 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1471 | Date: Tue Jul 16 03:21:54 2019 +0000 | ||
1472 | |||
1473 | upstream: Remove ssh1 files from CLEANFILES since ssh1 no longer | ||
1474 | |||
1475 | supported. | ||
1476 | |||
1477 | OpenBSD-Regress-ID: 5b9ae869dc669bac05939b4a2fdf44ee067acfa0 | ||
1478 | |||
1479 | commit 9dc81a5adabc9a7d611ed2e63fbf4c85d43b15c6 | ||
1480 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1481 | Date: Tue Jul 16 02:09:29 2019 +0000 | ||
1482 | |||
1483 | upstream: Update names of host key files in CLEANFILES to match | ||
1484 | |||
1485 | recent changes to the tests. | ||
1486 | |||
1487 | OpenBSD-Regress-ID: 28743052de3acf70b06f18333561497cd47c4ecf | ||
1488 | |||
1489 | commit e44e4ad1190db22ed407a79f32a8cff5bcd2b815 | ||
1490 | Author: Damien Miller <djm@mindrot.org> | ||
1491 | Date: Tue Jul 16 23:26:53 2019 +1000 | ||
1492 | |||
1493 | depend | ||
1494 | |||
1495 | commit 16dd8b2c78a0de106c7429e2a294d203f6bda3c7 | ||
1496 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1497 | Date: Tue Jul 16 13:18:39 2019 +0000 | ||
1498 | |||
1499 | upstream: remove mostly vestigal uuencode.[ch]; moving the only unique | ||
1500 | |||
1501 | functionality there (wrapping of base64-encoded data) to sshbuf functions; | ||
1502 | feedback and ok markus@ | ||
1503 | |||
1504 | OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c | ||
1505 | |||
1506 | commit 45478898f9590b5cc8bc7104e573b84be67443b0 | ||
1507 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1508 | Date: Tue Jul 16 09:20:23 2019 +1000 | ||
1509 | |||
1510 | Hook memmem compat code into build. | ||
1511 | |||
1512 | This fixes builds on platforms that don't have it (at least old DragonFly, | ||
1513 | probably others). | ||
1514 | |||
1515 | commit c7bd4617293a903bd3fac3394a7e72d439af49a5 | ||
1516 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1517 | Date: Tue Jul 16 09:07:18 2019 +1000 | ||
1518 | |||
1519 | Import memmem.c from OpenBSD. | ||
1520 | |||
1521 | commit 477e2a3be8b10df76e8d76f0427b043280d73d68 | ||
1522 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1523 | Date: Mon Jul 15 13:12:02 2019 +0000 | ||
1524 | |||
1525 | upstream: unit tests for sshbuf_cmp() and sshbuf_find(); ok markus | ||
1526 | |||
1527 | OpenBSD-Regress-ID: b52d36bc3ab6dc158c1e59a9a4735f821cf9e1fd | ||
1528 | |||
1529 | commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a | ||
1530 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1531 | Date: Mon Jul 15 13:16:29 2019 +0000 | ||
1532 | |||
1533 | upstream: support PKCS8 as an optional format for storage of | ||
1534 | |||
1535 | private keys, enabled via "ssh-keygen -m PKCS8" on operations that save | ||
1536 | private keys to disk. | ||
1537 | |||
1538 | The OpenSSH native key format remains the default, but PKCS8 is a | ||
1539 | superior format to PEM if interoperability with non-OpenSSH software | ||
1540 | is required, as it may use a less terrible KDF (IIRC PEM uses a single | ||
1541 | round of MD5 as a KDF). | ||
1542 | |||
1543 | adapted from patch by Jakub Jelen via bz3013; ok markus | ||
1544 | |||
1545 | OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1 | ||
1546 | |||
1547 | commit e18a27eedccb024acb3cd9820b650a5dff323f01 | ||
1548 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1549 | Date: Mon Jul 15 13:11:38 2019 +0000 | ||
1550 | |||
1551 | upstream: two more bounds-checking sshbuf counterparts to common | ||
1552 | |||
1553 | string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like) | ||
1554 | |||
1555 | feedback and ok markus@ | ||
1556 | |||
1557 | OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a | ||
1558 | |||
1559 | commit bc551dfebb55845537b1095cf3ccd01640a147b7 | ||
1560 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1561 | Date: Mon Jul 15 12:52:45 2019 +1000 | ||
1562 | |||
1563 | Clear valgrind-out dir to prevent collisions. | ||
1564 | |||
1565 | commit 5db9ba718e983661a9114ae1418f6e412d1f52d5 | ||
1566 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1567 | Date: Mon Jul 15 12:02:27 2019 +1000 | ||
1568 | |||
1569 | Allow agent tests to write to valgrind dir. | ||
1570 | |||
1571 | commit 121e48fa5305f41f0477d9908e3d862987a68a84 | ||
1572 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1573 | Date: Sun Jul 14 23:33:19 2019 +0000 | ||
1574 | |||
1575 | upstream: unit tests for sshbuf_peek/poke bounds-checked random access | ||
1576 | |||
1577 | functions. ok markus@ | ||
1578 | |||
1579 | OpenBSD-Regress-ID: 034c4284b1da6b12e25c762a6b958efacdafbaef | ||
1580 | |||
1581 | commit 101d164723ffbc38f8036b6f3ea3bfef771ba250 | ||
1582 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1583 | Date: Sun Jul 14 23:32:27 2019 +0000 | ||
1584 | |||
1585 | upstream: add some functions to perform random-access read/write | ||
1586 | |||
1587 | operations inside buffers with bounds checking. Intended to replace manual | ||
1588 | pointer arithmetic wherever possible. | ||
1589 | |||
1590 | feedback and ok markus@ | ||
1591 | |||
1592 | OpenBSD-Commit-ID: 91771fde7732738f1ffed078aa5d3bee6d198409 | ||
1593 | |||
1594 | commit 7250879c72d28275a53f2f220e49646c3e42ef18 | ||
1595 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1596 | Date: Fri Jul 12 04:08:39 2019 +0000 | ||
1597 | |||
1598 | upstream: include SHA2-variant RSA key algorithms in KEX proposal; | ||
1599 | |||
1600 | allows ssh-keyscan to harvest keys from servers that disable olde SHA1 | ||
1601 | ssh-rsa. bz#3029 from Jakub Jelen | ||
1602 | |||
1603 | OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a | ||
1604 | |||
1605 | commit a0876bd994cab9ba6e47ba2a163a4417c7597487 | ||
1606 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1607 | Date: Fri Jul 12 03:56:21 2019 +0000 | ||
1608 | |||
1609 | upstream: print explicit "not modified" message if a file was | ||
1610 | |||
1611 | requested for resumed download but was considered already complete. | ||
1612 | |||
1613 | bz#2978 ok dtucker | ||
1614 | |||
1615 | OpenBSD-Commit-ID: f32084b26a662f16215ee4ca4a403d67e49ab986 | ||
1616 | |||
1617 | commit b9b0f2ac9625933db53a35b1c1ce423876630558 | ||
1618 | Author: tb@openbsd.org <tb@openbsd.org> | ||
1619 | Date: Wed Jul 10 07:04:27 2019 +0000 | ||
1620 | |||
1621 | upstream: Fix a typo and make <esc><right> move right to the | ||
1622 | |||
1623 | closest end of a word just like <esc><left> moves left to the closest | ||
1624 | beginning of a word. | ||
1625 | |||
1626 | ok djm | ||
1627 | |||
1628 | OpenBSD-Commit-ID: 6afe01b05ed52d8b12eb1fda6e9af5afb5e198ee | ||
1629 | |||
1630 | commit 8729498a5d239980a91d32f031b34e8c58c52f62 | ||
1631 | Author: Damien Miller <djm@mindrot.org> | ||
1632 | Date: Wed Jul 10 09:43:19 2019 +1000 | ||
1633 | |||
1634 | fix typo that prevented detection of Linux VRF | ||
1635 | |||
1636 | Reported by hexiaowen AT huawei.com | ||
1637 | |||
1638 | commit 5b2b79ff7c057ee101518545727ed3023372891d | ||
1639 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1640 | Date: Tue Jul 9 04:15:00 2019 +0000 | ||
1641 | |||
1642 | upstream: cap the number of permiopen/permitlisten directives we're | ||
1643 | |||
1644 | willing to parse on a single authorized_keys line; ok deraadt@ | ||
1645 | |||
1646 | OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46 | ||
1647 | |||
1648 | commit eb0b51dac408fadd1fd13fa6d726ab8fdfcc4152 | ||
1649 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1650 | Date: Mon Jul 8 17:27:26 2019 +1000 | ||
1651 | |||
1652 | Move log.h include inside ifdefs. | ||
1653 | |||
1654 | Fixes build on some other platforms that don't have va_list immediately | ||
1655 | available (eg NetBSD). | ||
1656 | |||
1657 | commit 43702f8e6fa22a258e25c4dd950baaae0bc656b7 | ||
1658 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1659 | Date: Sat Jul 6 23:07:04 2019 +1000 | ||
1660 | |||
1661 | Include log.h for debug() and friends. | ||
1662 | |||
1663 | Should fix some compiler warnings on IRIX (bz#3032). | ||
1664 | |||
1665 | commit 53a6ebf1445a857f5e487b18ee5e5830a9575149 | ||
1666 | Author: Damien Miller <djm@mindrot.org> | ||
1667 | Date: Mon Jul 8 13:44:32 2019 +1000 | ||
1668 | |||
1669 | sftp-realpath.c needs includes.h | ||
1670 | |||
1671 | commit 4efe1adf05ee5d3fce44320fcff68735891f4ee6 | ||
1672 | Author: Damien Miller <djm@mindrot.org> | ||
1673 | Date: Mon Jul 8 13:38:39 2019 +1000 | ||
1674 | |||
1675 | remove realpath() compat replacement | ||
1676 | |||
1677 | We shipped a BSD implementation of realpath() because sftp-server | ||
1678 | depended on its behaviour. | ||
1679 | |||
1680 | OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), | ||
1681 | so sftp-server now unconditionally requires its own BSD-style realpath | ||
1682 | implementation. As such, there is no need to carry another independant | ||
1683 | implementation in openbsd-compat. | ||
1684 | |||
1685 | ok dtucker@ | ||
1686 | |||
1687 | commit 696fb4298e80f2ebcd188986a91b49af3b7ca14c | ||
1688 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1689 | Date: Sun Jul 7 01:05:00 2019 +0000 | ||
1690 | |||
1691 | upstream: Remove some set but never used variables. ok daraadt@ | ||
1692 | |||
1693 | OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7 | ||
1694 | |||
1695 | commit 156e9e85e92b46ca90226605d9eff49e8ec31b22 | ||
1696 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1697 | Date: Fri Jul 5 12:35:40 2019 +0000 | ||
1698 | |||
1699 | upstream: still compile uuencode.c, unbreaks build | ||
1700 | |||
1701 | OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f | ||
1702 | |||
1703 | commit cec9ee527a12b1f6c2e0a1c155fec64a38d71cf6 | ||
1704 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1705 | Date: Fri Jul 5 07:32:01 2019 +0000 | ||
1706 | |||
1707 | upstream: revert header removal that snuck into previous | ||
1708 | |||
1709 | OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e | ||
1710 | |||
1711 | commit 569b650f93b561c09c655f83f128e1dfffe74101 | ||
1712 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1713 | Date: Fri Jul 5 04:55:40 2019 +0000 | ||
1714 | |||
1715 | upstream: add a local implementation of BSD realpath() for | ||
1716 | |||
1717 | sftp-server use ahead of OpenBSD's realpath changing to match POSIX; | ||
1718 | |||
1719 | ok deraadt@ (thanks for snaps testing) | ||
1720 | |||
1721 | OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55 | ||
1722 | |||
1723 | commit b8e2b797362526437e0642a6c2f2970d794f2561 | ||
1724 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1725 | Date: Sat Jul 6 13:13:57 2019 +1000 | ||
1726 | |||
1727 | Add prototype for strnlen to prevent warnings. | ||
1728 | |||
1729 | commit 4c3e00b1ed7e596610f34590eb5d54ee50d77878 | ||
1730 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1731 | Date: Sat Jul 6 13:02:34 2019 +1000 | ||
1732 | |||
1733 | Cast *ID types to unsigned long when printing. | ||
1734 | |||
1735 | UID and GID types vary by platform so cast to u_long and use %lu when | ||
1736 | printing them to prevent warnings. | ||
1737 | |||
1738 | commit 2753521e899f30d1d58b5da0b4e68fde6fcf341e | ||
1739 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1740 | Date: Sat Jul 6 12:54:43 2019 +1000 | ||
1741 | |||
1742 | Add prototype for compat strndup.(bz#3032). | ||
1743 | |||
1744 | commit 01a1e21cd55d99293c8ff8ed7c590f2ee440da43 | ||
1745 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1746 | Date: Sat Jul 6 12:00:41 2019 +1000 | ||
1747 | |||
1748 | Add missing bracket in EGD seeding code. | ||
1749 | |||
1750 | When configured --with-prngd-socket the code had a missing bracket after | ||
1751 | an API change. Fix that and a couple of warnings. bz#3032 , from | ||
1752 | ole.weidner at protonmail.ch | ||
1753 | |||
1754 | commit e187b1d4607392cf2c19243afe0d0311a4ff3591 | ||
1755 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1756 | Date: Fri Jul 5 04:19:39 2019 +0000 | ||
1757 | |||
1758 | upstream: Add (recently added) rsa_oldfmt to CLEANFILES. | ||
1759 | |||
1760 | OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3 | ||
1761 | |||
1762 | commit 74b541bfabdcb57c1683cd9b3f1d1f4d5e41563e | ||
1763 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1764 | Date: Fri Jul 5 04:12:46 2019 +0000 | ||
1765 | |||
1766 | upstream: Adapt the PuTTY/Conch tests to new key names. | ||
1767 | |||
1768 | A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in | ||
1769 | portable) broke the PuTTY and Twisted Conch interop tests, because the | ||
1770 | key they want to use is now called ssh-rsa rather than rsa. Adapt the | ||
1771 | tests to the new file names. bz#3020, patch from cjwatson at debian.org. | ||
1772 | |||
1773 | OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e | ||
1774 | |||
1775 | commit de08335a4cfaa9b7081e94ea4a8b7153c230546d | ||
1776 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1777 | Date: Fri Jul 5 04:03:13 2019 +0000 | ||
1778 | |||
1779 | upstream: Add a sleep to allow forwards to come up. | ||
1780 | |||
1781 | Currently when the multiplex client requests a forward it returns | ||
1782 | once the request has been sent but not necessarily when the forward | ||
1783 | is up. This causes intermittent text failures due to this race, | ||
1784 | so add some sleeps to mitigate this until we can fix it properly. | ||
1785 | |||
1786 | OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253 | ||
1787 | |||
1788 | commit 4d249284729f864faa2e8f3e015f9a41b674544a | ||
1789 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1790 | Date: Fri Jul 5 14:58:57 2019 +1000 | ||
1791 | |||
1792 | Remove nc stderr redirection to resync w/OpenBSD. | ||
1793 | |||
1794 | commit c5cfa90e03432181ffcc7ad3f9f815179bd0c626 | ||
1795 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1796 | Date: Fri Jul 5 13:21:45 2019 +1000 | ||
1797 | |||
1798 | Do not fatal on failed lookup of group "tty". | ||
1799 | |||
1800 | Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those | ||
1801 | cases we will fall back to making the tty device the user's primary | ||
1802 | group, so do not fatal if the group lookup fails. ok djm@ | ||
1803 | |||
1804 | commit 8b4cc4bdc8a70bf209a274fa2b2a49c1e3c8d8a2 | ||
1805 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1806 | Date: Thu Jul 4 16:20:10 2019 +0000 | ||
1807 | |||
1808 | upstream: fatal() if getgrnam() cannot find "tty" | ||
1809 | |||
1810 | OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048 | ||
1811 | |||
1812 | commit 48cccc275c6a1e91d3f80fdb0dc0d5baf529aeca | ||
1813 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1814 | Date: Thu Jul 4 16:16:51 2019 +0000 | ||
1815 | |||
1816 | upstream: stat() returns precisely -1 to indicate error | ||
1817 | |||
1818 | OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1 | ||
1819 | |||
1820 | commit 8142fcaf9ed8ff66252deecbfd29fc59d5f2df4f | ||
1821 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1822 | Date: Wed Jul 3 03:24:02 2019 +0000 | ||
1823 | |||
1824 | upstream: snprintf/vsnprintf return < 0 on error, rather than -1. | ||
1825 | |||
1826 | OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d | ||
1827 | |||
1828 | commit 4d28fa78abce2890e136281950633fae2066cc29 | ||
1829 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1830 | Date: Fri Jun 28 13:35:04 2019 +0000 | ||
1831 | |||
1832 | upstream: When system calls indicate an error they return -1, not | ||
1833 | |||
1834 | some arbitrary value < 0. errno is only updated in this case. Change all | ||
1835 | (most?) callers of syscalls to follow this better, and let's see if this | ||
1836 | strictness helps us in the future. | ||
1837 | |||
1838 | OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075 | ||
1839 | |||
1840 | commit e8c974043c1648eab0ad67a7ba6a3e444fe79d2d | ||
1841 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1842 | Date: Fri Jun 28 05:44:09 2019 +0000 | ||
1843 | |||
1844 | upstream: asprintf returns -1, not an arbitrary value < 0. Also | ||
1845 | |||
1846 | upon error the (very sloppy specification) leaves an undefined value in *ret, | ||
1847 | so it is wrong to inspect it, the error condition is enough. discussed a | ||
1848 | little with nicm, and then much more with millert until we were exasperated | ||
1849 | |||
1850 | OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e | ||
1851 | |||
1852 | commit 1b2d55d15c6240c15a1e1cf4203b82e54a766272 | ||
1853 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1854 | Date: Fri Jun 28 01:23:50 2019 +0000 | ||
1855 | |||
1856 | upstream: oops, from asou | ||
1857 | |||
1858 | OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6 | ||
1859 | |||
1860 | commit 5cdbaa78fcb718c39af4522d98016ad89d065427 | ||
1861 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1862 | Date: Thu Jun 27 18:03:37 2019 +0000 | ||
1863 | |||
1864 | upstream: Some asprintf() calls were checked < 0, rather than the | ||
1865 | |||
1866 | precise == -1. ok millert nicm tb, etc | ||
1867 | |||
1868 | OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53 | ||
1869 | |||
1870 | commit b2e3e57be4a933d9464bccbe592573725765486f | ||
1871 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1872 | Date: Thu Jun 27 06:29:35 2019 +0000 | ||
1873 | |||
1874 | upstream: fix NULL deference (bzero) on err | ||
1875 | |||
1876 | =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?= | ||
1877 | =?UTF-8?q?=20Bj=C3=B6rnsson?= | ||
1878 | MIME-Version: 1.0 | ||
1879 | Content-Type: text/plain; charset=UTF-8 | ||
1880 | Content-Transfer-Encoding: 8bit | ||
1881 | |||
1882 | ok deraadt@ markus@ tb@ | ||
1883 | |||
1884 | OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd | ||
1885 | |||
1886 | commit 58ceacdcbaebefc77d120712de55c6fc6aa32bb1 | ||
1887 | Author: Jitendra Sharma <jitendra.sharma@intel.com> | ||
1888 | Date: Fri Jun 21 09:54:17 2019 +0530 | ||
1889 | |||
1890 | Update README doc to include missing test cases | ||
1891 | |||
1892 | Readme regress document is missing various individual tests, | ||
1893 | which are supported currently. Update README to | ||
1894 | include those test cases. | ||
1895 | |||
1896 | commit 7959330a554051b5587f8af3fec0c2c0d5820f64 | ||
1897 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1898 | Date: Wed Jun 26 22:29:43 2019 +0000 | ||
1899 | |||
1900 | upstream: Remove unneeded unlink of xauthfile o | ||
1901 | |||
1902 | =?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?= | ||
1903 | =?UTF-8?q?b,=20ok=20djm@=20deraadt@?= | ||
1904 | MIME-Version: 1.0 | ||
1905 | Content-Type: text/plain; charset=UTF-8 | ||
1906 | Content-Transfer-Encoding: 8bit | ||
1907 | |||
1908 | OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632 | ||
1909 | |||
1910 | commit 8de52eb224143783a49f9bddd9ab7800022a8276 | ||
1911 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1912 | Date: Sun Jun 23 12:21:46 2019 +0000 | ||
1913 | |||
1914 | upstream: fix mismatch proto/decl from key shielding change; spotted | ||
1915 | |||
1916 | via oss-fuzz | ||
1917 | |||
1918 | OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7 | ||
1919 | |||
1920 | commit 1dfadb9b57c2985c95838a0292d1c2f6a501896e | ||
1921 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1922 | Date: Fri Jun 21 04:21:45 2019 +0000 | ||
1923 | |||
1924 | upstream: adapt for key shielding API changes (const removal) | ||
1925 | |||
1926 | OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6 | ||
1927 | |||
1928 | commit 4f7a56d5e02e3d04ab69eac1213817a7536d0562 | ||
1929 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1930 | Date: Fri Jun 21 04:21:04 2019 +0000 | ||
1931 | |||
1932 | upstream: Add protection for private keys at rest in RAM against | ||
1933 | |||
1934 | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer | ||
1935 | and Rambleed. This change encrypts private keys when they are not in use with | ||
1936 | a symmetic key that is derived from a relatively large "prekey" consisting of | ||
1937 | random data (currently 16KB). | ||
1938 | |||
1939 | Attackers must recover the entire prekey with high accuracy before | ||
1940 | they can attempt to decrypt the shielded private key, but the current | ||
1941 | generation of attacks have bit error rates that, when applied | ||
1942 | cumulatively to the entire prekey, make this unlikely. | ||
1943 | |||
1944 | Implementation-wise, keys are encrypted "shielded" when loaded and then | ||
1945 | automatically and transparently unshielded when used for signatures or | ||
1946 | when being saved/serialised. | ||
1947 | |||
1948 | Hopefully we can remove this in a few years time when computer | ||
1949 | architecture has become less unsafe. | ||
1950 | |||
1951 | been in snaps for a bit already; thanks deraadt@ | ||
1952 | |||
1953 | ok dtucker@ deraadt@ | ||
1954 | |||
1955 | OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4 | ||
1956 | |||
1957 | commit 4cd6b12cc9c10bf59c8b425041f3ea5091285a0f | ||
1958 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1959 | Date: Fri Jun 21 03:19:59 2019 +0000 | ||
1960 | |||
1961 | upstream: print the correct AuthorizedPrincipalsCommand rather than | ||
1962 | |||
1963 | an uninitialised variable; spotted by dtucker@ | ||
1964 | |||
1965 | OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638 | ||
1966 | |||
1967 | commit 5f68ab436b0e01751d564e9a9041e6ac3673e45a | ||
1968 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1969 | Date: Wed Jun 19 20:12:44 2019 +0000 | ||
1970 | |||
1971 | upstream: from tim: - for reput, it is remote-path which is | ||
1972 | |||
1973 | optional, not local-path - sync help | ||
1974 | |||
1975 | from deraadt: | ||
1976 | - prefer -R and undocument -r (but add a comment for future editors) | ||
1977 | |||
1978 | from schwarze: | ||
1979 | - prefer -p and undocument -P (as above. the comment was schwarze's too) | ||
1980 | |||
1981 | more: | ||
1982 | - add the -f flag to reput and reget | ||
1983 | - sort help (i can;t remember who suggested this originally) | ||
1984 | |||
1985 | djm and deraadt were ok with earlier versions of this; | ||
1986 | tim and schwarze ok | ||
1987 | |||
1988 | OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd | ||
1989 | |||
1990 | commit 99bcbbc77fbd5a5027031f42a5931b21b07c947e | ||
1991 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1992 | Date: Fri Jun 14 04:03:48 2019 +0000 | ||
1993 | |||
1994 | upstream: check for convtime() refusing to accept times that | ||
1995 | |||
1996 | resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker | ||
1997 | |||
1998 | OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0 | ||
1999 | |||
2000 | commit e5cccb2410247c9b8151b9510a876abdf5424b24 | ||
2001 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2002 | Date: Sun Apr 28 22:53:26 2019 +0000 | ||
2003 | |||
2004 | upstream: Add unit tests for user@host and URI parsing. | ||
2005 | |||
2006 | OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68 | ||
2007 | |||
2008 | commit 0bb7e38834e3f9886302bbaea630a6b0f8cfb520 | ||
2009 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2010 | Date: Thu Apr 18 18:57:16 2019 +0000 | ||
2011 | |||
2012 | upstream: Add tests for sshd -T -C with Match. | ||
2013 | |||
2014 | OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7 | ||
2015 | |||
2016 | commit 73eb6cef41daba0359c1888e4756108d41b4e819 | ||
2017 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2018 | Date: Sun Jun 16 12:55:27 2019 +1000 | ||
2019 | |||
2020 | Include stdio.h for vsnprintf. | ||
2021 | |||
2022 | Patch from mforney at mforney.org. | ||
2023 | |||
2024 | commit adcaf40fd0a180e6cb5798317fdf479b52e3c09a | ||
2025 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2026 | Date: Sat Jun 8 09:07:04 2019 +1000 | ||
2027 | |||
2028 | upstream rev 1.27: fix integer overflow. | ||
2029 | |||
2030 | Cast bitcount to u_in64_t before bit shifting to prevent integer overflow | ||
2031 | on 32bit platforms which cause incorrect results when adding a block | ||
2032 | >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, | ||
2033 | sha2 with djm@, ok tedu@ | ||
2034 | |||
2035 | commit 7689048e6103d3c34cba24ac5aeea7bf8405d19a | ||
2036 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2037 | Date: Sat Jun 8 09:06:06 2019 +1000 | ||
2038 | |||
2039 | upstream rev 1.25: add DEF_WEAK. | ||
2040 | |||
2041 | Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct | ||
2042 | ok deraadt@ | ||
2043 | |||
2044 | commit 55f3153393ac7e072a4b4b21b194864460d8f44a | ||
2045 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2046 | Date: Sat Jun 8 09:02:24 2019 +1000 | ||
2047 | |||
2048 | upstream rev 1.25: add sys/types.h | ||
2049 | |||
2050 | commit 10974f986fa842a3a3a693e3d5761072540002b4 | ||
2051 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2052 | Date: Sat Jun 8 09:01:14 2019 +1000 | ||
2053 | |||
2054 | upstream: Use explicit_bzero instead of memset | ||
2055 | |||
2056 | in hash Final and End functions. OK deraadt@ djm@ | ||
2057 | |||
2058 | commit cb8f56570f70b00abae4267d4bcce2bfae7dfff6 | ||
2059 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2060 | Date: Fri Jun 14 04:13:58 2019 +0000 | ||
2061 | |||
2062 | upstream: slightly more instructive error message when the user | ||
2063 | |||
2064 | specifies multiple -J options on the commandline. bz3015 ok dtucker@ | ||
2065 | |||
2066 | OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179 | ||
2067 | |||
2068 | commit 2317ce4b0ed7d8c4b0c684e2d47bff5006bd1178 | ||
2069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2070 | Date: Fri Jun 14 03:51:47 2019 +0000 | ||
2071 | |||
2072 | upstream: process agent requests for RSA certificate private keys using | ||
2073 | |||
2074 | correct signature algorithm when requested. Patch from Jakub Jelen in bz3016 | ||
2075 | ok dtucker markus | ||
2076 | |||
2077 | OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624 | ||
2078 | |||
2079 | commit c95b90d40170473825904be561b1eafba354f376 | ||
2080 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2081 | Date: Fri Jun 14 03:39:59 2019 +0000 | ||
2082 | |||
2083 | upstream: for public key authentication, check AuthorizedKeysFiles | ||
2084 | |||
2085 | files before consulting AuthorizedKeysCommand; ok dtucker markus | ||
2086 | |||
2087 | OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3 | ||
2088 | |||
2089 | commit a5a53914989ddd3521b6edc452bc3291784a4f4f | ||
2090 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2091 | Date: Fri Jun 14 03:28:19 2019 +0000 | ||
2092 | |||
2093 | upstream: if passed a bad fd, log what it was | ||
2094 | |||
2095 | OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140 | ||
2096 | |||
2097 | commit 7349149da1074d82b71722338e05b6a282f126cc | ||
2098 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2099 | Date: Wed Jun 12 11:31:50 2019 +0000 | ||
2100 | |||
2101 | upstream: Hostname->HostName cleanup; from lauri tirkkonen ok | ||
2102 | |||
2103 | dtucker | ||
2104 | |||
2105 | OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4 | ||
2106 | |||
2107 | commit 76af9c57387243556d38935555c227d0b34062c5 | ||
2108 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2109 | Date: Wed Jun 12 05:53:21 2019 +0000 | ||
2110 | |||
2111 | upstream: deraadt noticed some inconsistency in the way we denote | ||
2112 | |||
2113 | the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent | ||
2114 | (effectively reversing my commit of yesterday); | ||
2115 | |||
2116 | ok deraadt markus djm | ||
2117 | |||
2118 | OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667 | ||
2119 | |||
2120 | commit d1bbfdd932db9b9b799db865ee1ff50060dfc895 | ||
2121 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2122 | Date: Tue Jun 11 13:39:40 2019 +0000 | ||
2123 | |||
2124 | upstream: consistent lettering for "HostName" keyword; from lauri | ||
2125 | |||
2126 | tirkkonen | ||
2127 | |||
2128 | OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563 | ||
2129 | |||
2130 | commit fc0340f7c4ee29bfb12bd1de9f99defa797e16b4 | ||
2131 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2132 | Date: Sat Jun 8 00:10:59 2019 +1000 | ||
2133 | |||
2134 | Typo fixes in error messages. | ||
2135 | |||
2136 | Patch from knweiss at gmail.com via github pull req #97 (portable- | ||
2137 | specific parts). | ||
2138 | |||
2139 | commit 4b7dd22b02b64b1ededd3c0e98a6e7ae21e31d38 | ||
2140 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2141 | Date: Fri Jun 7 14:18:48 2019 +0000 | ||
2142 | |||
2143 | upstream: Typo and spelling fixes in comments and error messages. | ||
2144 | |||
2145 | Patch from knweiss at gmail.com via -portable. | ||
2146 | |||
2147 | OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b | ||
2148 | |||
2149 | commit 130ef0695e1731392ca33831939fe89e8b70cc17 | ||
2150 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2151 | Date: Sat Jun 8 00:47:07 2019 +1000 | ||
2152 | |||
2153 | Include missed bits from previous sync. | ||
2154 | |||
2155 | commit 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6 | ||
2156 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2157 | Date: Fri Jun 7 03:47:12 2019 +0000 | ||
2158 | |||
2159 | upstream: Check for user@host when parsing sftp target. This | ||
2160 | |||
2161 | allows user@[1.2.3.4] to work without a path in addition to with one. | ||
2162 | bz#2999, ok djm@ | ||
2163 | |||
2164 | OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b | ||
2165 | |||
2166 | commit 0323d9b619d512f80c57575b810a05791891f657 | ||
2167 | Author: otto@openbsd.org <otto@openbsd.org> | ||
2168 | Date: Thu Jun 6 05:13:13 2019 +0000 | ||
2169 | |||
2170 | upstream: Replace calls to ssh_malloc_init() by a static init of | ||
2171 | |||
2172 | malloc_options. Prepares for changes in the way malloc is initialized. ok | ||
2173 | guenther@ dtucker@ | ||
2174 | |||
2175 | OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b | ||
2176 | |||
2177 | commit c586d2d3129265ea64b12960c379d634bccb6535 | ||
2178 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2179 | Date: Fri May 31 03:20:07 2019 +0000 | ||
2180 | |||
2181 | upstream: fix ssh-keysign fd handling problem introduced in r1.304 | ||
2182 | |||
2183 | caused by a typo (STDIN_FILENO vs STDERR_FILENO) | ||
2184 | |||
2185 | OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0 | ||
2186 | |||
2187 | commit 410b231aa41ff830b2f5b09b5aaf5e5cdc1ab86b | ||
2188 | Author: lum@openbsd.org <lum@openbsd.org> | ||
2189 | Date: Wed May 29 08:30:26 2019 +0000 | ||
2190 | |||
2191 | upstream: Make the standard output messages of both methods of | ||
2192 | |||
2193 | changing a key pair's comments (using -c and -C) more applicable to both | ||
2194 | methods. ok and suggestions djm@ dtucker@ | ||
2195 | |||
2196 | OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6 | ||
2197 | |||
2198 | commit 2b3402dc9f1d9b0df70291b424f36e436cdfa7e0 | ||
2199 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2200 | Date: Sat Jun 8 00:03:07 2019 +1000 | ||
2201 | |||
2202 | Always clean up before and after utimensat test. | ||
2203 | |||
2204 | commit 182898192d4b720e4faeafd5b39c2cfb3b92aa21 | ||
2205 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2206 | Date: Fri Jun 7 23:47:37 2019 +1000 | ||
2207 | |||
2208 | Update utimensat test. | ||
2209 | |||
2210 | POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should | ||
2211 | update the symlink and not the destination. The compat code doesn't | ||
2212 | have a way to do this, so where possible it fails instead of following a | ||
2213 | symlink when explicitly asked not to. Instead of checking for an explicit | ||
2214 | failure, check that it does not update the destination, which both the | ||
2215 | real and compat implmentations should honour. | ||
2216 | |||
2217 | Inspired by github pull req #125 from chutzpah at gentoo.org. | ||
2218 | |||
2219 | commit d220b675205185e0b4d6b6524acc2e5c599ef0e2 | ||
2220 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2221 | Date: Fri Jun 7 14:26:54 2019 +1000 | ||
2222 | |||
2223 | Have pthread_create return errno on failure. | ||
2224 | |||
2225 | According to POSIX, pthread_create returns the failure reason in | ||
2226 | the non-zero function return code so make the fork wrapper do that. | ||
2227 | Matches previous change. | ||
2228 | |||
2229 | commit 1bd4f7f25f653e0cadb2e6f25d79bc3c35c6aa4d | ||
2230 | Author: Elliott Hughes <enh@google.com> | ||
2231 | Date: Thu Apr 25 13:36:27 2019 -0700 | ||
2232 | |||
2233 | pthread_create(3) returns positive values on failure. | ||
2234 | |||
2235 | Found by inspection after finding similar bugs in other code used by | ||
2236 | Android. | ||
2237 | |||
2238 | commit b3a77b25e5f7880222b179431a74fad76d2cf60c | ||
2239 | Author: Harald Freudenberger <freude@linux.ibm.com> | ||
2240 | Date: Fri May 24 10:11:15 2019 +0200 | ||
2241 | |||
2242 | allow s390 specific ioctl for ecc hardware support | ||
2243 | |||
2244 | Adding another s390 specific ioctl to be able to support ECC hardware | ||
2245 | acceleration to the sandbox seccomp filter rules. | ||
2246 | |||
2247 | Now the ibmca openssl engine provides elliptic curve cryptography | ||
2248 | support with the help of libica and CCA crypto cards. This is done via | ||
2249 | jet another ioctl call to the zcrypt device driver and so there is a | ||
2250 | need to enable this on the openssl sandbox. | ||
2251 | |||
2252 | Code is s390 specific and has been tested, verified and reviewed. | ||
2253 | |||
2254 | Please note that I am also the originator of the previous changes in | ||
2255 | that area. I posted these changes to Eduardo and he forwarded the | ||
2256 | patches to the openssl community. | ||
2257 | |||
2258 | Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> | ||
2259 | Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com> | ||
2260 | |||
2261 | commit 2459df9aa11820f8092a8651aeb381af7ebbccb1 | ||
2262 | Author: Sorin Adrian Savu <sorin25@users.noreply.github.com> | ||
2263 | Date: Sun May 26 21:50:08 2019 +0300 | ||
2264 | |||
2265 | openssl-devel is obsoleted by libssl-devel | ||
2266 | |||
2267 | openssl-devel is no longer installable via the cygwin setup and | ||
2268 | it's hidden by default, so you can't see the replacement very easy. | ||
2269 | |||
2270 | commit 85ceb0e64bff672558fc87958cd548f135c83cdd | ||
2271 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2272 | Date: Mon May 20 06:01:59 2019 +0000 | ||
2273 | |||
2274 | upstream: tweak previous; | ||
2275 | |||
2276 | OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c | ||
2277 | |||
2278 | commit 30615295609f5c57b3137b3021fe63bfa45c1985 | ||
2279 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2280 | Date: Mon May 20 00:25:55 2019 +0000 | ||
2281 | |||
2282 | upstream: embiggen format buffer size for certificate serial number so | ||
2283 | |||
2284 | that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior | ||
2285 | |||
2286 | OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b | ||
2287 | |||
2288 | commit 476e3551b2952ef73acc43d995e832539bf9bc4d | ||
2289 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2290 | Date: Mon May 20 00:20:35 2019 +0000 | ||
2291 | |||
2292 | upstream: When signing certificates with an RSA key, default to | ||
2293 | |||
2294 | using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys | ||
2295 | will therefore be incompatible with OpenSSH < 7.2 unless the default is | ||
2296 | overridden. | ||
2297 | |||
2298 | Document the ability of the ssh-keygen -t flag to override the | ||
2299 | signature algorithm when signing certificates, and the new default. | ||
2300 | |||
2301 | ok deraadt@ | ||
2302 | |||
2303 | OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95 | ||
2304 | |||
2305 | commit 606077ee1e77af5908431d003fb28461ef7be092 | ||
2306 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2307 | Date: Fri May 17 13:14:12 2019 +1000 | ||
2308 | |||
2309 | Add no-op implementation of pam_putenv. | ||
2310 | |||
2311 | Some platforms such as HP-UX do not have pam_putenv. Currently the | ||
2312 | calls are ifdef'ed out, but a new one was recently added. Remove the | ||
2313 | ifdefs and add a no-op implementation. bz#3008, ok djm. | ||
2314 | |||
2315 | commit 1ac98be8724c9789d770ddb8e7f0dbf1b55e05a0 | ||
2316 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2317 | Date: Fri May 17 12:42:17 2019 +1000 | ||
2318 | |||
2319 | Use the correct macro for SSH_ALLOWED_CA_SIGALGS. | ||
2320 | |||
2321 | commit 97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf | ||
2322 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2323 | Date: Fri May 17 10:54:51 2019 +1000 | ||
2324 | |||
2325 | Fix building w/out ECC. | ||
2326 | |||
2327 | Ifdef out ECC specific code so that that it'll build against an OpenSSL | ||
2328 | configured w/out ECC. With & ok djm@ | ||
2329 | |||
2330 | commit 633703babf8d9a88da85f23b800e1b88dec7cdbd | ||
2331 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2332 | Date: Fri May 17 10:50:29 2019 +1000 | ||
2333 | |||
2334 | Conditionalize ECDH methods in CA algos. | ||
2335 | |||
2336 | When building against an OpenSSL configured without ECC, don't include | ||
2337 | those algos in CASignatureAlgorithms. ok djm@ | ||
2338 | |||
2339 | commit 5c8d14c512f5d413095b22bdba08a6bb990f1e97 | ||
2340 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2341 | Date: Thu May 16 08:47:27 2019 +0000 | ||
2342 | |||
2343 | upstream: Move a variable declaration to the block where it's used | ||
2344 | |||
2345 | to make things a little tidier for -portable. | ||
2346 | |||
2347 | OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75 | ||
2348 | |||
2349 | commit a1d29cc36a5e6eeabc935065a8780e1ba5b67014 | ||
2350 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
2351 | Date: Wed May 15 04:43:31 2019 +0000 | ||
2352 | |||
2353 | upstream: When doing the fork+exec'ing for ssh-keysign, rearrange | ||
2354 | |||
2355 | the socket into fd3, so as to not mistakenly leak other fd forward | ||
2356 | accidentally. ok djm | ||
2357 | |||
2358 | OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296 | ||
2359 | |||
2360 | commit db7606d4a62fee67b0cb2f32dfcbd7b3642bfef5 | ||
2361 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
2362 | Date: Tue May 14 12:47:17 2019 +0000 | ||
2363 | |||
2364 | upstream: Delete some .Sx macros that were used in a wrong way. | ||
2365 | |||
2366 | Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>. | ||
2367 | |||
2368 | OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7 | ||
2369 | |||
2370 | commit cb4accb1233865d9151f8a50cc5f0c61a3fd4077 | ||
2371 | Author: florian@openbsd.org <florian@openbsd.org> | ||
2372 | Date: Fri May 10 18:55:17 2019 +0000 | ||
2373 | |||
2374 | upstream: For PermitOpen violations add the remote host and port to | ||
2375 | |||
2376 | be able to find out from where the request was comming. | ||
2377 | |||
2378 | Add the same logging for PermitListen violations which where not | ||
2379 | logged at all. | ||
2380 | |||
2381 | Pointed out by Robert Kisteleki (robert AT ripe.net) | ||
2382 | |||
2383 | input markus | ||
2384 | OK deraadt | ||
2385 | |||
2386 | OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8 | ||
2387 | |||
2388 | commit cd16aceec148d55088fc8df6be88335578d85258 | ||
2389 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2390 | Date: Thu May 16 07:53:20 2019 +1000 | ||
2391 | |||
2392 | Add OpenSSL 1.1.1 to the supported list. | ||
2393 | |||
2394 | Clarify the language around prngd and egd. | ||
2395 | |||
2396 | commit 6fd4aa2aafbce90acb11a328ca0aa0696cb01c6b | ||
2397 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2398 | Date: Wed May 15 16:19:14 2019 +1000 | ||
2399 | |||
2400 | Fix typo in man page formatter selector. | ||
2401 | |||
2402 | commit 285546b73e2c172565c992a695927ac8cf3b4cc6 | ||
2403 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2404 | Date: Fri May 10 15:04:42 2019 +1000 | ||
2405 | |||
2406 | Use "doc" man page format if mandoc present. | ||
2407 | |||
2408 | Previously configure would not select the "doc" man page format if | ||
2409 | mandoc was present but nroff was not. This checks for mandoc first | ||
2410 | and removes a now-superflous AC_PATH_PROG. Based on a patch from | ||
2411 | vehk at vehk.de and feedback from schwarze at usta.de. | ||
2412 | |||
2413 | commit 62dd70613b77b229f53db3cc1c3e8a206fa2b582 | ||
2414 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2415 | Date: Fri May 3 06:06:30 2019 +0000 | ||
2416 | |||
2417 | upstream: Use the correct (according to POSIX) format for | ||
2418 | |||
2419 | left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok | ||
2420 | markus@. | ||
2421 | |||
2422 | OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7 | ||
2423 | |||
2424 | commit 62be1ffe5ffc68cfaac183320503c00a8c72e0b1 | ||
2425 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2426 | Date: Fri May 3 04:11:00 2019 +0000 | ||
2427 | |||
2428 | upstream: Free channel objects on exit path. Patch from markus at | ||
2429 | |||
2430 | blueflash.cc, ok deraadt | ||
2431 | |||
2432 | OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117 | ||
2433 | |||
2434 | commit 1c554a5d94b9de6bd5374e2992a5662746cc39ba | ||
2435 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2436 | Date: Fri May 3 03:27:38 2019 +0000 | ||
2437 | |||
2438 | upstream: Free host on exit path. Patch from markus at | ||
2439 | |||
2440 | blueflash.cc, ok djm@ | ||
2441 | |||
2442 | OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a | ||
2443 | |||
2444 | commit 99043bd64e5e0f427173f4fa83ef25a4676624a3 | ||
2445 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2446 | Date: Fri May 3 03:25:18 2019 +0000 | ||
2447 | |||
2448 | upstream: Wrap XMSS including in ifdef. Patch from markus at | ||
2449 | |||
2450 | blueflash.cc, ok djm | ||
2451 | |||
2452 | OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5 | ||
2453 | |||
2454 | commit 8fcfb7789c43a19d24162a7a4055cd09ee951b34 | ||
2455 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2456 | Date: Fri Apr 26 08:37:17 2019 +0000 | ||
2457 | |||
2458 | upstream: Import regenerated moduli. | ||
2459 | |||
2460 | OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff | ||
2461 | |||
2462 | commit 3a7db919d5dd09f797971b3cf8ee301767459774 | ||
2463 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2464 | Date: Tue Apr 23 11:56:41 2019 +0000 | ||
2465 | |||
2466 | upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@ | ||
2467 | |||
2468 | OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a | ||
2469 | |||
2470 | commit d7c6e38b87efab1f140745fd8b1106b82e6e4a68 | ||
2471 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2472 | Date: Fri Apr 19 05:47:44 2019 +0000 | ||
2473 | |||
2474 | upstream: Document new default RSA key size. From | ||
2475 | |||
2476 | sebastiaanlokhorst at gmail.com via bz#2997. | ||
2477 | |||
2478 | OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1 | ||
2479 | |||
2480 | commit e826bbcafe26dac349a8593da5569e82faa45ab8 | ||
2481 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2482 | Date: Thu Apr 18 18:56:16 2019 +0000 | ||
2483 | |||
2484 | upstream: When running sshd -T, assume any attibute not provided by | ||
2485 | |||
2486 | -C does not match, which allows it to work when sshd_config contains a Match | ||
2487 | directive with or without -C. bz#2858, ok djm@ | ||
2488 | |||
2489 | OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb | ||
2490 | |||
2491 | commit 5696512d7ad57e85e89f8011ce8dec617be686aa | ||
2492 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2493 | Date: Thu Apr 18 07:32:56 2019 +0000 | ||
2494 | |||
2495 | upstream: Remove crc32.{c,h} which were only used by the now-gone | ||
2496 | |||
2497 | SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt. | ||
2498 | |||
2499 | OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240 | ||
2500 | |||
2501 | commit 34e87fb5d9ce607f5701ab4c31d837ad8133e2d1 | ||
2502 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2503 | Date: Tue Apr 30 12:27:57 2019 +1000 | ||
2504 | |||
2505 | Remove unused variables from RLIMIT_NOFILE test. | ||
2506 | |||
2507 | commit 35e82e62c1ef53cfa457473a4c4d957d6197371a | ||
2508 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2509 | Date: Fri Apr 26 18:38:27 2019 +1000 | ||
2510 | |||
2511 | Import regenerated moduli. | ||
2512 | |||
2513 | commit 5590f53f99219e95dc23b0ebd220f19a6f46b101 | ||
2514 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2515 | Date: Fri Apr 26 18:22:10 2019 +1000 | ||
2516 | |||
2517 | Whitespace resync w/OpenBSD. | ||
2518 | |||
2519 | Patch from markus at blueflash.cc via openssh-unix-dev. | ||
2520 | |||
2521 | commit b7b8334914fb9397a6725f3b5d2de999b0bb69ac | ||
2522 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2523 | Date: Fri Apr 26 18:06:34 2019 +1000 | ||
2524 | |||
2525 | Don't install duplicate STREAMS modules on Solaris | ||
2526 | |||
2527 | Check if STREAMS modules are already installed on pty before installing | ||
2528 | since when compiling with XPG>=4 they will likely be installed already. | ||
2529 | Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998, | ||
2530 | patch from djm@ | ||
2531 | |||
2532 | commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d | ||
2533 | Author: Damien Miller <djm@mindrot.org> | ||
2534 | Date: Thu Apr 18 08:52:57 2019 +1000 | ||
2535 | |||
2536 | makedepend | ||
2537 | |||
2538 | commit 5de397a876b587ba05a9169237deffdc71f273b0 | ||
2539 | Author: Damien Miller <djm@mindrot.org> | ||
2540 | Date: Fri Apr 5 11:29:51 2019 -0700 | ||
2541 | |||
2542 | second thoughts: leave README in place | ||
2543 | |||
2544 | A number of contrib/* files refer to the existing README so let's leave | ||
2545 | it in place for release and add the new markdown version in parallel. | ||
2546 | |||
2547 | I'll get rid of README after release. | ||
2548 | |||
2549 | commit 5d3127d9274519b25ed10e320f45045ba8d7f3be | ||
2550 | Author: Damien Miller <djm@mindrot.org> | ||
2551 | Date: Fri Apr 5 11:29:31 2019 -0700 | ||
2552 | |||
2553 | Revert "rewrite README" | ||
2554 | |||
2555 | This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f. | ||
2556 | |||
2557 | commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f | ||
2558 | Author: Damien Miller <djm@mindrot.org> | ||
2559 | Date: Fri Apr 5 11:21:48 2019 -0700 | ||
2560 | |||
2561 | rewrite README | ||
2562 | |||
2563 | Include basic build instructions and comments on commonly-used build- | ||
2564 | time flags, links to the manual pages and other resources. | ||
2565 | |||
2566 | Now in Markdown format for better viewing on github, etc. | ||
2567 | |||
2568 | commit a924de0c4908902433813ba205bee1446bd1a157 | ||
2569 | Author: Damien Miller <djm@mindrot.org> | ||
2570 | Date: Fri Apr 5 03:41:52 2019 +1100 | ||
2571 | |||
2572 | update versions | ||
2573 | |||
2574 | commit 312dcee739bca5d6878c536537b2a8a497314b75 | ||
2575 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2576 | Date: Wed Apr 3 15:48:45 2019 +0000 | ||
2577 | |||
2578 | upstream: openssh-8.0 | ||
2579 | |||
2580 | OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b | ||
2581 | |||
2582 | commit 885bc114692046d55e2a170b932bdc0092fa3456 | ||
2583 | Author: Damien Miller <djm@mindrot.org> | ||
2584 | Date: Thu Apr 4 02:47:40 2019 +1100 | ||
2585 | |||
2586 | session: Do not use removed API | ||
2587 | |||
2588 | from Jakub Jelen | ||
2589 | |||
2590 | commit 9d7b2882b0c9a5e9bf8312ce4075bf178e2b98be | ||
2591 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2592 | Date: Fri Mar 29 11:31:40 2019 +0000 | ||
2593 | |||
2594 | upstream: when logging/fataling on error, include a bit more detail | ||
2595 | |||
2596 | than just the function name and the error message | ||
2597 | |||
2598 | OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f | ||
2599 | |||
2600 | commit 79a87d32783d6c9db40af8f35e091d9d30365ae7 | ||
2601 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2602 | Date: Wed Apr 3 06:27:45 2019 +1100 | ||
2603 | |||
2604 | Remove "struct ssh" from sys_auth_record_login. | ||
2605 | |||
2606 | It's not needed, and is not available from the call site in loginrec.c | ||
2607 | Should only affect AIX, spotted by Kevin Brott. | ||
2608 | |||
2609 | commit 138c0d52cdc90f9895333b82fc57d81cce7a3d90 | ||
2610 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2611 | Date: Tue Apr 2 18:21:35 2019 +1100 | ||
2612 | |||
2613 | Adapt custom_failed_login to new prototype. | ||
2614 | |||
2615 | Spotted by Kevin Brott. | ||
2616 | |||
2617 | commit a0ca4009ab2f0b1007ec8ab6864dbf9b760a8ed5 | ||
2618 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2619 | Date: Mon Apr 1 20:07:23 2019 +1100 | ||
2620 | |||
2621 | Add includes.h for compat layer. | ||
2622 | |||
2623 | Should fix build on AIX 7.2. | ||
2624 | |||
2625 | commit 00991151786ce9b1d577bdad1f83a81d19c8236d | ||
2626 | Author: Tim Rice <tim@multitalents.net> | ||
2627 | Date: Sun Mar 31 22:14:22 2019 -0700 | ||
2628 | |||
2629 | Stop USL compilers for erroring with "integral constant expression expected" | ||
2630 | |||
2631 | commit 43f47ebbdd4037b569c23b8f4f7981f53b567f1d | ||
2632 | Author: Tim Rice <tim@multitalents.net> | ||
2633 | Date: Sun Mar 31 19:22:19 2019 -0700 | ||
2634 | |||
2635 | Only use O_NOFOLLOW in fchownat and fchmodat if defined | ||
2636 | |||
2637 | commit 342d6e51589b184c337cccfc4c788b60ff8b3765 | ||
2638 | Author: Jakub Jelen <jjelen@redhat.com> | ||
2639 | Date: Fri Mar 29 12:29:41 2019 +0100 | ||
2640 | |||
2641 | Adjust softhsm2 path on Fedora Linux for regress | ||
2642 | |||
2643 | The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so | ||
2644 | |||
2645 | commit f5abb05f8c7358dacdcb866fe2813f6d8efd5830 | ||
2646 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2647 | Date: Thu Mar 28 09:26:14 2019 +1100 | ||
2648 | |||
2649 | Only use O_NOFOLLOW in utimensat if defined. | ||
2650 | |||
2651 | Fixes build on systems that don't have it (Solaris <=9) Found by | ||
2652 | Tom G. Christensen. | ||
2653 | |||
2654 | commit 786cd4c1837fdc3fe7b4befe54a3f37db7df8715 | ||
2655 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
2656 | Date: Wed Mar 27 18:18:21 2019 +0100 | ||
2657 | |||
2658 | drop old Cygwin considerations | ||
2659 | |||
2660 | - Cygwin supports non-DOS characters in filenames | ||
2661 | - Cygwin does not support Windows XP anymore | ||
2662 | |||
2663 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
2664 | |||
2665 | commit 21da87f439b48a85b951ef1518fe85ac0273e719 | ||
2666 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2667 | Date: Wed Mar 27 09:29:14 2019 +0000 | ||
2668 | |||
2669 | upstream: fix interaction between ClientAliveInterval and RekeyLimit | ||
2670 | |||
2671 | that could cause connection to close incorrectly; Report and patch from Jakub | ||
2672 | Jelen in bz#2757; ok dtucker@ markus@ | ||
2673 | |||
2674 | OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb | ||
2675 | |||
2676 | commit 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 | ||
2677 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2678 | Date: Mon Mar 25 22:34:52 2019 +0000 | ||
2679 | |||
2680 | upstream: Fix authentication failures when "AuthenticationMethods | ||
2681 | |||
2682 | any" in a Match block overrides a more restrictive global default. | ||
2683 | |||
2684 | Spotted by jmc@, ok markus@ | ||
2685 | |||
2686 | OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666 | ||
2687 | |||
2688 | commit d6e5def308610f194c0ec3ef97a34a3e9630e190 | ||
2689 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2690 | Date: Mon Mar 25 22:33:44 2019 +0000 | ||
2691 | |||
2692 | upstream: whitespace | ||
2693 | |||
2694 | OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07 | ||
2695 | |||
2696 | commit 26e0cef07b04479537c971dec898741df1290fe5 | ||
2697 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2698 | Date: Mon Mar 25 16:19:44 2019 +0000 | ||
2699 | |||
2700 | upstream: Expand comment to document rationale for default key | ||
2701 | |||
2702 | sizes. "seems worthwhile" deraadt. | ||
2703 | |||
2704 | OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456 | ||
2705 | |||
2706 | commit f47269ea67eb4ff87454bf0d2a03e55532786482 | ||
2707 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2708 | Date: Mon Mar 25 15:49:00 2019 +0000 | ||
2709 | |||
2710 | upstream: Increase the default RSA key size to 3072 bits. Based on | ||
2711 | |||
2712 | the estimates from NIST Special Publication 800-57, 3k bits provides security | ||
2713 | equivalent to 128 bits which is the smallest symmetric cipher we enable by | ||
2714 | default. ok markus@ deraadt@ | ||
2715 | |||
2716 | OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b | ||
2717 | |||
2718 | commit 62949c5b37af28d8490d94866e314a76be683a5e | ||
2719 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2720 | Date: Fri Mar 22 20:58:34 2019 +0000 | ||
2721 | |||
2722 | upstream: full stop in the wrong place; | ||
2723 | |||
2724 | OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4 | ||
2725 | |||
2726 | commit 1b1332b5bb975d759a50b37f0e8bc8cfb07a0bb0 | ||
2727 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2728 | Date: Sat Mar 16 19:14:21 2019 +0000 | ||
2729 | |||
2730 | upstream: benno helped me clean up the tcp forwarding section; | ||
2731 | |||
2732 | OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08 | ||
2733 | |||
2734 | commit 2aee9a49f668092ac5c9d34e904ef7a9722e541d | ||
2735 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2736 | Date: Fri Mar 8 17:24:43 2019 +0000 | ||
2737 | |||
2738 | upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL | ||
2739 | |||
2740 | OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c | ||
2741 | |||
2742 | commit 9edbd7821e6837e98e7e95546cede804dac96754 | ||
2743 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2744 | Date: Thu Mar 14 10:17:28 2019 +1100 | ||
2745 | |||
2746 | Fix build when configured --without-openssl. | ||
2747 | |||
2748 | ok djm@ | ||
2749 | |||
2750 | commit 825ab32f0d04a791e9d19d743c61ff8ed9b4d8e5 | ||
2751 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2752 | Date: Thu Mar 14 08:51:17 2019 +1100 | ||
2753 | |||
2754 | On Cygwin run sshd as SYSTEM where possible. | ||
2755 | |||
2756 | Seteuid now creates user token using S4U. We don't create a token | ||
2757 | from scratch anymore, so we don't need the "Create a process token" | ||
2758 | privilege. The service can run under SYSTEM again... | ||
2759 | |||
2760 | ...unless Cygwin is running on Windows Vista or Windows 7 in the | ||
2761 | WOW64 32 bit emulation layer. It turns out that WOW64 on these systems | ||
2762 | didn't implement MsV1_0 S4U Logon so we still need the fallback | ||
2763 | to NtCreateToken for these systems. | ||
2764 | |||
2765 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
2766 | |||
2767 | commit a212107bfdf4d3e870ab7a443e4d906e5b9578c3 | ||
2768 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2769 | Date: Wed Mar 13 10:49:16 2019 +1100 | ||
2770 | |||
2771 | Replace alloca with xcalloc. | ||
2772 | |||
2773 | The latter checks for memory exhaustion and integer overflow and may be | ||
2774 | at a less predictable place. Sanity check by vinschen at redhat.com, ok | ||
2775 | djm@ | ||
2776 | |||
2777 | commit daa7505aadca68ba1a2c70cbdfce423208eb91ee | ||
2778 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2779 | Date: Tue Mar 12 09:19:19 2019 +1100 | ||
2780 | |||
2781 | Use Cygwin-specific matching only for users+groups. | ||
2782 | |||
2783 | Patch from vinschen at redhat.com, updated a little by me. | ||
2784 | |||
2785 | commit fd10cf027b56f9aaa80c9e3844626a05066589a4 | ||
2786 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2787 | Date: Wed Mar 6 22:14:23 2019 +0000 | ||
2788 | |||
2789 | upstream: Move checks for lists of users or groups into their own | ||
2790 | |||
2791 | function. This is a no-op on OpenBSD but will make things easier in | ||
2792 | -portable, eg on systems where these checks should be case-insensitive. ok | ||
2793 | djm@ | ||
2794 | |||
2795 | OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e | ||
2796 | |||
2797 | commit ab5fee8eb6a011002fd9e32b1597f02aa8804a25 | ||
2798 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2799 | Date: Wed Mar 6 21:06:59 2019 +0000 | ||
2800 | |||
2801 | upstream: Reset last-seen time when sending a keepalive. Prevents | ||
2802 | |||
2803 | sending two keepalives successively and prematurely terminating connection | ||
2804 | when ClientAliveCount=1. While there, collapse two similar tests into one. | ||
2805 | ok markus@ | ||
2806 | |||
2807 | OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd | ||
2808 | |||
2809 | commit c13b74530f9f1d9df7aeae012004b31b2de4438e | ||
2810 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2811 | Date: Tue Mar 5 16:17:12 2019 +0000 | ||
2812 | |||
2813 | upstream: PKCS#11 support is no longer limited to RSA; ok benno@ | ||
2814 | |||
2815 | kn@ | ||
2816 | |||
2817 | OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826 | ||
2818 | |||
2819 | commit e9552d6043db7cd170ac6ba1b4d2c7a5eb2c3201 | ||
2820 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2821 | Date: Fri Mar 1 03:29:32 2019 +0000 | ||
2822 | |||
2823 | upstream: in ssh_set_newkeys(), mention the direction that we're | ||
2824 | |||
2825 | keying in debug messages. Previously it would be difficult to tell which | ||
2826 | direction it was talking about | ||
2827 | |||
2828 | OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d | ||
2829 | |||
2830 | commit 76a24b3fa193a9ca3e47a8779d497cb06500798b | ||
2831 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2832 | Date: Fri Mar 1 02:32:39 2019 +0000 | ||
2833 | |||
2834 | upstream: Fix two race conditions in sshd relating to SIGHUP: | ||
2835 | |||
2836 | 1. Recently-forked child processes will briefly remain listening to | ||
2837 | listen_socks. If the main server sshd process completes its restart | ||
2838 | via execv() before these sockets are closed by the child processes | ||
2839 | then it can fail to listen at the desired addresses/ports and/or | ||
2840 | fail to restart. | ||
2841 | |||
2842 | 2. When a SIGHUP is received, there may be forked child processes that | ||
2843 | are awaiting their reexecution state. If the main server sshd | ||
2844 | process restarts before passing this state, these child processes | ||
2845 | will yield errors and use a fallback path of reading the current | ||
2846 | sshd_config from the filesystem rather than use the one that sshd | ||
2847 | was started with. | ||
2848 | |||
2849 | To fix both of these cases, we reuse the startup_pipes that are shared | ||
2850 | between the main server sshd and forked children. Previously this was | ||
2851 | used solely to implement tracking of pre-auth child processes for | ||
2852 | MaxStartups, but this extends the messaging over these pipes to include | ||
2853 | a child->parent message that the parent process is safe to restart. This | ||
2854 | message is sent from the child after it has completed its preliminaries: | ||
2855 | closing listen_socks and receiving its reexec state. | ||
2856 | |||
2857 | bz#2953, reported by Michal Koutný; ok markus@ dtucker@ | ||
2858 | |||
2859 | OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab | ||
2860 | |||
2861 | commit de817e9dfab99473017d28cdf69e60397d00ea21 | ||
2862 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2863 | Date: Fri Mar 1 02:16:47 2019 +0000 | ||
2864 | |||
2865 | upstream: mention PKCS11Provide=none, reword a little and remove | ||
2866 | |||
2867 | mention of RSA keys only (since we support ECDSA now and might support others | ||
2868 | in the future). Inspired by Jakub Jelen via bz#2974 | ||
2869 | |||
2870 | OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5 | ||
2871 | |||
2872 | commit 95a8058c1a90a27acbb91392ba206854abc85226 | ||
2873 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2874 | Date: Fri Mar 1 02:08:50 2019 +0000 | ||
2875 | |||
2876 | upstream: let PKCS11Provider=none do what users expect | ||
2877 | |||
2878 | print PKCS11Provider instead of obsolete SmartcardDevice in config dump. | ||
2879 | |||
2880 | bz#2974 ok dtucker@ | ||
2881 | |||
2882 | OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846 | ||
2883 | |||
2884 | commit 8e7bac35aa576d2fd7560836da83733e864ce649 | ||
2885 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2886 | Date: Wed Feb 27 19:37:01 2019 +0000 | ||
2887 | |||
2888 | upstream: dup stdout/in for proxycommand=-, otherwise stdout might | ||
2889 | |||
2890 | be redirected to /dev/null; ok djm@ | ||
2891 | |||
2892 | OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595 | ||
2893 | |||
2894 | commit 9b61130fbd95d196bce81ebeca94a4cb7c0d5ba0 | ||
2895 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2896 | Date: Sat Feb 23 08:20:43 2019 +0000 | ||
2897 | |||
2898 | upstream: openssh-7.9 accidentally reused the server's algorithm lists | ||
2899 | |||
2900 | in the client for KEX, ciphers and MACs. The ciphers and MACs were identical | ||
2901 | between the client and server, but the error accidentially disabled the | ||
2902 | diffie-hellman-group-exchange-sha1 KEX method. | ||
2903 | |||
2904 | This fixes the client code to use the correct method list, but | ||
2905 | because nobody complained, it also disables the | ||
2906 | diffie-hellman-group-exchange-sha1 KEX method. | ||
2907 | |||
2908 | Reported by nuxi AT vault24.org via bz#2697; ok dtucker | ||
2909 | |||
2910 | OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57 | ||
2911 | |||
2912 | commit 37638c752041d591371900df820f070037878a2d | ||
2913 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
2914 | Date: Wed Feb 20 13:41:25 2019 +0100 | ||
2915 | |||
2916 | Cygwin: implement case-insensitive Unicode user and group name matching | ||
2917 | |||
2918 | The previous revert enabled case-insensitive user names again. This | ||
2919 | patch implements the case-insensitive user and group name matching. | ||
2920 | To allow Unicode chars, implement the matcher using wchar_t chars in | ||
2921 | Cygwin-specific code. Keep the generic code changes as small as possible. | ||
2922 | Cygwin: implement case-insensitive Unicode user and group name matching | ||
2923 | |||
2924 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
2925 | |||
2926 | commit bed1d43698807a07bb4ddb93a46b0bd84b9970b3 | ||
2927 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2928 | Date: Fri Feb 22 15:21:21 2019 +1100 | ||
2929 | |||
2930 | Revert unintended parts of previous commit. | ||
2931 | |||
2932 | commit f02afa350afac1b2f2d1413259a27a4ba1e2ca24 | ||
2933 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
2934 | Date: Wed Feb 20 13:41:24 2019 +0100 | ||
2935 | |||
2936 | Revert "[auth.c] On Cygwin, refuse usernames that have differences in case" | ||
2937 | |||
2938 | This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. | ||
2939 | |||
2940 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
2941 | |||
2942 | commit 4c55b674835478eb80a1a7aeae588aa654e2a433 | ||
2943 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
2944 | Date: Sat Feb 16 14:13:43 2019 +0100 | ||
2945 | |||
2946 | Add tags to .gitignore | ||
2947 | |||
2948 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
2949 | |||
2950 | commit 625b62634c33eaef4b80d07529954fe5c6435fe5 | ||
2951 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2952 | Date: Fri Feb 22 03:37:11 2019 +0000 | ||
2953 | |||
2954 | upstream: perform removal of agent-forwarding directory in forward | ||
2955 | |||
2956 | setup error path with user's privileged. This is a no-op as this code always | ||
2957 | runs with user privilege now that we no longer support running sshd with | ||
2958 | privilege separation disabled, but as long as the privsep skeleton is there | ||
2959 | we should follow the rules. | ||
2960 | MIME-Version: 1.0 | ||
2961 | Content-Type: text/plain; charset=UTF-8 | ||
2962 | Content-Transfer-Encoding: 8bit | ||
2963 | |||
2964 | bz#2969 with patch from Erik Sjölund | ||
2965 | |||
2966 | OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846 | ||
2967 | |||
2968 | commit d9ecfaba0b2f1887d20e4368230632e709ca83be | ||
2969 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2970 | Date: Mon Feb 18 07:02:34 2019 +0000 | ||
2971 | |||
2972 | upstream: sync the description of ~/.ssh/config with djm's updated | ||
2973 | |||
2974 | description in ssh.1; issue pointed out by andreas kahari | ||
2975 | |||
2976 | ok dtucker djm | ||
2977 | |||
2978 | OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c | ||
2979 | |||
2980 | commit 38e83e4f219c752ebb1560633b73f06f0392018b | ||
2981 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2982 | Date: Tue Feb 12 23:53:10 2019 +0000 | ||
2983 | |||
2984 | upstream: fix regression in r1.302 reported by naddy@ - only the first | ||
2985 | |||
2986 | public key from the agent was being attempted for use. | ||
2987 | |||
2988 | OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d | ||
2989 | |||
2990 | commit 5c68ea8da790d711e6dd5f4c30d089c54032c59a | ||
2991 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2992 | Date: Mon Feb 11 09:44:42 2019 +0000 | ||
2993 | |||
2994 | upstream: cleanup GSSAPI authentication context after completion of the | ||
2995 | |||
2996 | authmethod. Move function-static GSSAPI state to the client Authctxt | ||
2997 | structure. Make static a bunch of functions that aren't used outside this | ||
2998 | file. | ||
2999 | |||
3000 | Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@ | ||
3001 | |||
3002 | OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5 | ||
3003 | |||
3004 | commit a8c807f1956f81a92a758d3d0237d0ff06d0be5d | ||
3005 | Author: benno@openbsd.org <benno@openbsd.org> | ||
3006 | Date: Sun Feb 10 16:35:41 2019 +0000 | ||
3007 | |||
3008 | upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11 | ||
3009 | |||
3010 | interactive, so it can ask for the smartcards PIN. ok markus@ | ||
3011 | |||
3012 | OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab | ||
3013 | |||
3014 | commit 3d896c157c722bc47adca51a58dca859225b5874 | ||
3015 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3016 | Date: Sun Feb 10 11:15:52 2019 +0000 | ||
3017 | |||
3018 | upstream: when checking that filenames sent by the server side | ||
3019 | |||
3020 | match what the client requested, be prepared to handle shell-style brace | ||
3021 | alternations, e.g. "{foo,bar}". | ||
3022 | |||
3023 | "looks good to me" millert@ + in snaps for the last week courtesy | ||
3024 | deraadt@ | ||
3025 | |||
3026 | OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e | ||
3027 | |||
3028 | commit 318e4f8548a4f5c0c913f61e27d4fc21ffb1eaae | ||
3029 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3030 | Date: Sun Feb 10 11:10:57 2019 +0000 | ||
3031 | |||
3032 | upstream: syslog when connection is dropped for attempting to run a | ||
3033 | |||
3034 | command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ | ||
3035 | |||
3036 | OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8 | ||
3037 | |||
3038 | commit 2ff2e19653b8c0798b8b8eff209651bdb1be2761 | ||
3039 | Author: Damien Miller <djm@mindrot.org> | ||
3040 | Date: Fri Feb 8 14:53:35 2019 +1100 | ||
3041 | |||
3042 | don't set $MAIL if UsePam=yes | ||
3043 | |||
3044 | PAM typically specifies the user environment if it's enabled, so don't | ||
3045 | second guess. bz#2937; ok dtucker@ | ||
3046 | |||
3047 | commit 03e92dd27d491fe6d1a54e7b2f44ef1b0a916e52 | ||
3048 | Author: Damien Miller <djm@mindrot.org> | ||
3049 | Date: Fri Feb 8 14:50:36 2019 +1100 | ||
3050 | |||
3051 | use same close logic for stderr as stdout | ||
3052 | |||
3053 | Avoids sending SIGPIPE to child processes after their parent exits | ||
3054 | if they attempt to write to stderr. | ||
3055 | |||
3056 | Analysis and patch from JD Paul; patch reworked by Jakub Jelen and | ||
3057 | myself. bz#2071; ok dtucker@ | ||
3058 | |||
3059 | commit 8c53d409baeeaf652c0c125a9b164edc9dbeb6de | ||
3060 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3061 | Date: Tue Feb 5 11:35:56 2019 +0000 | ||
3062 | |||
3063 | upstream: Adapt code in the non-USE_PIPES codepath to the new packet | ||
3064 | |||
3065 | API. This code is not normally reachable since USE_PIPES is always defined. | ||
3066 | bz#2961, patch from adrian.fita at gmail com. | ||
3067 | |||
3068 | OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a | ||
3069 | |||
3070 | commit 7a7fdca78de4b4774950be056099e579ef595414 | ||
3071 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3072 | Date: Mon Feb 4 23:37:54 2019 +0000 | ||
3073 | |||
3074 | upstream: fix NULL-deref crash in PKCS#11 code when attempting | ||
3075 | |||
3076 | login to a token requiring a PIN; reported by benno@ fix mostly by markus@ | ||
3077 | |||
3078 | OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31 | ||
3079 | |||
3080 | commit cac302a4b42a988e54d32eb254b29b79b648dbf5 | ||
3081 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3082 | Date: Mon Feb 4 02:39:42 2019 +0000 | ||
3083 | |||
3084 | upstream: Remove obsolete "Protocol" from commented out examples. Patch | ||
3085 | |||
3086 | from samy.mahmoudi at gmail com. | ||
3087 | |||
3088 | OpenBSD-Commit-ID: 16aede33dae299725a03abdac5dcb4d73f5d0cbf | ||
3089 | |||
3090 | commit 483b3b638500fd498b4b529356e5a0e18cf76891 | ||
3091 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3092 | Date: Fri Feb 1 03:52:23 2019 +0000 | ||
3093 | |||
3094 | upstream: Save connection timeout and restore for 2nd and | ||
3095 | |||
3096 | subsequent attempts, preventing them from having no timeout. bz#2918, ok | ||
3097 | djm@ | ||
3098 | |||
3099 | OpenBSD-Commit-ID: 4977f1d0521d9b6bba0c9a20d3d226cefac48292 | ||
3100 | |||
3101 | commit 5f004620fdc1b2108139300ee12f4014530fb559 | ||
3102 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3103 | Date: Wed Jan 30 19:51:15 2019 +0000 | ||
3104 | |||
3105 | upstream: Add authors for public domain sntrup4591761 code; | ||
3106 | |||
3107 | confirmed by Daniel J. Bernstein | ||
3108 | |||
3109 | OpenBSD-Commit-ID: b4621f22b8b8ef13e063c852af5e54dbbfa413c1 | ||
3110 | |||
3111 | commit 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8 | ||
3112 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3113 | Date: Sun Jan 27 07:14:11 2019 +0000 | ||
3114 | |||
3115 | upstream: add -T to usage(); | ||
3116 | |||
3117 | OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899 | ||
3118 | |||
3119 | commit 19a0f0529d3df04118da829528cac7ceff380b24 | ||
3120 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3121 | Date: Mon Jan 28 03:50:39 2019 +0000 | ||
3122 | |||
3123 | upstream: The test sshd_config in in $OBJ. | ||
3124 | |||
3125 | OpenBSD-Regress-ID: 1e5d908a286d8e7de3a15a0020c8857f3a7c9172 | ||
3126 | |||
3127 | commit 8fe25440206319d15b52d12b948a5dfdec14dca3 | ||
3128 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3129 | Date: Mon Jan 28 03:28:10 2019 +0000 | ||
3130 | |||
3131 | upstream: Remove leftover debugging. | ||
3132 | |||
3133 | OpenBSD-Regress-ID: 3d86c3d4867e46b35af3fd2ac8c96df0ffdcfeb9 | ||
3134 | |||
3135 | commit e30d32364d12c351eec9e14be6c61116f9d6cc90 | ||
3136 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3137 | Date: Mon Jan 28 00:12:36 2019 +0000 | ||
3138 | |||
3139 | upstream: Enable ssh-dss for the agent test. Disable it for the | ||
3140 | |||
3141 | certificate test. | ||
3142 | |||
3143 | OpenBSD-Regress-ID: 388c1e03e1def539d350f139b37d69f12334668d | ||
3144 | |||
3145 | commit ffdde469ed56249f5dc8af98da468dde35531398 | ||
3146 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3147 | Date: Mon Jan 28 00:08:26 2019 +0000 | ||
3148 | |||
3149 | upstream: Count the number of key types instead of assuming there | ||
3150 | |||
3151 | are only two. | ||
3152 | |||
3153 | OpenBSD-Regress-ID: 0998702c41235782cf0beee396ec49b5056eaed9 | ||
3154 | |||
3155 | commit 1d05b4adcba08ab068466e5c08dee2f5417ec53a | ||
3156 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
3157 | Date: Sat Jan 26 23:42:40 2019 +0100 | ||
3158 | |||
3159 | Cygwin: only tweak sshd_config file if it's new, drop creating sshd user | ||
3160 | |||
3161 | The sshd_config tweaks were executed even if the old file was | ||
3162 | still in place. Fix that. Also disable sshd user creation. | ||
3163 | It's not used on Cygwin. | ||
3164 | |||
3165 | commit 89843de0c4c733501f6b4f988098e6e06963df37 | ||
3166 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
3167 | Date: Sat Jan 26 23:03:12 2019 +0100 | ||
3168 | |||
3169 | Cygwin: Change service name to cygsshd | ||
3170 | |||
3171 | Microsoft hijacked the sshd service name without asking. | ||
3172 | |||
3173 | commit 2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 | ||
3174 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3175 | Date: Sun Jan 27 06:30:53 2019 +0000 | ||
3176 | |||
3177 | upstream: Generate all key supported key types and enable for keyscan | ||
3178 | |||
3179 | test. | ||
3180 | |||
3181 | OpenBSD-Regress-ID: 72f72ff49946c61bc949e1692dd9e3d71370891b | ||
3182 | |||
3183 | commit 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc | ||
3184 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3185 | Date: Sat Jan 26 22:41:28 2019 +0000 | ||
3186 | |||
3187 | upstream: check in scp client that filenames sent during | ||
3188 | |||
3189 | remote->local directory copies satisfy the wildcard specified by the user. | ||
3190 | |||
3191 | This checking provides some protection against a malicious server | ||
3192 | sending unexpected filenames, but it comes at a risk of rejecting wanted | ||
3193 | files due to differences between client and server wildcard expansion rules. | ||
3194 | |||
3195 | For this reason, this also adds a new -T flag to disable the check. | ||
3196 | |||
3197 | reported by Harry Sintonen | ||
3198 | fix approach suggested by markus@; | ||
3199 | has been in snaps for ~1wk courtesy deraadt@ | ||
3200 | |||
3201 | OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda | ||
3202 | |||
3203 | commit c2c18a39683db382a15b438632afab3f551d50ce | ||
3204 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3205 | Date: Sat Jan 26 22:35:01 2019 +0000 | ||
3206 | |||
3207 | upstream: make ssh-keyscan return a non-zero exit status if it | ||
3208 | |||
3209 | finds no keys. bz#2903 | ||
3210 | |||
3211 | OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488 | ||
3212 | |||
3213 | commit 05b9a466700b44d49492edc2aa415fc2e8913dfe | ||
3214 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3215 | Date: Thu Jan 24 17:00:29 2019 +0000 | ||
3216 | |||
3217 | upstream: Accept the host key fingerprint as a synonym for "yes" | ||
3218 | |||
3219 | when accepting an unknown host key. This allows you to paste a fingerprint | ||
3220 | obtained out of band into the yes/no prompt and have the client do the | ||
3221 | comparison for you. ok markus@ djm@ | ||
3222 | |||
3223 | OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767 | ||
3224 | |||
3225 | commit bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb | ||
3226 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3227 | Date: Thu Jan 24 16:52:17 2019 +0000 | ||
3228 | |||
3229 | upstream: Have progressmeter force an update at the beginning and | ||
3230 | |||
3231 | end of each transfer. Fixes the problem recently introduces where very quick | ||
3232 | transfers do not display the progressmeter at all. Spotted by naddy@ | ||
3233 | |||
3234 | OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a | ||
3235 | |||
3236 | commit 258e6ca003e47f944688ad8b8de087b58a7d966c | ||
3237 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3238 | Date: Thu Jan 24 02:42:23 2019 +0000 | ||
3239 | |||
3240 | upstream: Check for both EAGAIN and EWOULDBLOCK. This is a no-op | ||
3241 | |||
3242 | in OpenBSD (they are the same value) but makes things easier in -portable | ||
3243 | where they may be distinct values. "sigh ok" deraadt@ | ||
3244 | |||
3245 | (ID sync only, portable already had this change). | ||
3246 | |||
3247 | OpenBSD-Commit-ID: 91f2bc7c0ecec905915ed59fa37feb9cc90e17d7 | ||
3248 | |||
3249 | commit 281ce042579b834cdc1e74314f1fb2eeb75d2612 | ||
3250 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3251 | Date: Thu Jan 24 02:34:52 2019 +0000 | ||
3252 | |||
3253 | upstream: Always initialize 2nd arg to hpdelim2. It populates that | ||
3254 | |||
3255 | *ONLY IF* there's a delimiter. If there's not (the common case) it checked | ||
3256 | uninitialized memory, which usually passed, but if not would cause spurious | ||
3257 | failures when the uninitialized memory happens to contain "/". ok deraadt. | ||
3258 | |||
3259 | OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3 | ||
3260 | |||
3261 | commit d05ea255678d9402beda4416cd0360f3e5dfe938 | ||
3262 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3263 | Date: Wed Jan 23 21:50:56 2019 +0000 | ||
3264 | |||
3265 | upstream: Remove support for obsolete host/port syntax. | ||
3266 | |||
3267 | host/port was added in 2001 as an alternative to host:port syntax for | ||
3268 | the benefit of IPv6 users. These days there are establised standards | ||
3269 | for this like [::1]:22 and the slash syntax is easily mistaken for CIDR | ||
3270 | notation, which OpenSSH now supports for some things. Remove the slash | ||
3271 | notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen | ||
3272 | at redhat.com, ok markus@ | ||
3273 | |||
3274 | OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7 | ||
3275 | |||
3276 | commit 177d6c80c557a5e060cd343a0c116a2f1a7f43db | ||
3277 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3278 | Date: Wed Jan 23 20:48:52 2019 +0000 | ||
3279 | |||
3280 | upstream: Remove duplicate word. bz#2958, patch from jjelen at | ||
3281 | |||
3282 | redhat.com | ||
3283 | |||
3284 | OpenBSD-Commit-ID: cca3965a8333f2b6aae48b79ec1d72f7a830dd2c | ||
3285 | |||
3286 | commit be3e6cba95dffe5fcf190c713525b48c837e7875 | ||
3287 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3288 | Date: Wed Jan 23 09:49:00 2019 +0000 | ||
3289 | |||
3290 | upstream: Remove 3 as a guess for possible generator during moduli | ||
3291 | |||
3292 | generation. It's not mentioned in RFC4419 and it's not possible for | ||
3293 | Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst , | ||
3294 | ok djm@ tb@ | ||
3295 | |||
3296 | OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd | ||
3297 | |||
3298 | commit 8976f1c4b2721c26e878151f52bdf346dfe2d54c | ||
3299 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3300 | Date: Wed Jan 23 08:01:46 2019 +0000 | ||
3301 | |||
3302 | upstream: Sanitize scp filenames via snmprintf. To do this we move | ||
3303 | |||
3304 | the progressmeter formatting outside of signal handler context and have the | ||
3305 | atomicio callback called for EINTR too. bz#2434 with contributions from djm | ||
3306 | and jjelen at redhat.com, ok djm@ | ||
3307 | |||
3308 | OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 | ||
3309 | |||
3310 | commit 6249451f381755f792c6b9e2c2f80cdc699c14e2 | ||
3311 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3312 | Date: Thu Jan 24 10:00:20 2019 +1100 | ||
3313 | |||
3314 | For broken read/readv comparisons, poll(RW). | ||
3315 | |||
3316 | In the cases where we can't compare to read or readv function pointers | ||
3317 | for some reason we currently ifdef out the poll() used to block while | ||
3318 | waiting for reads or writes, falling back to busy waiting. This restores | ||
3319 | the poll() in this case, but has it always check for read or write, | ||
3320 | removing an inline ifdef in the process. | ||
3321 | |||
3322 | commit 5cb503dff4db251520e8bf7d23b9c97c06eee031 | ||
3323 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3324 | Date: Thu Jan 24 09:55:16 2019 +1100 | ||
3325 | |||
3326 | Include unistd.h for strmode(). | ||
3327 | |||
3328 | commit f236ca2741f29b5c443c0b2db3aa9afb9ad9befe | ||
3329 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3330 | Date: Thu Jan 24 09:50:58 2019 +1100 | ||
3331 | |||
3332 | Also undef SIMPLEQ_FOREACH_SAFE. | ||
3333 | |||
3334 | Prevents macro redefinition warning on at least NetBSD 6.1. | ||
3335 | |||
3336 | commit be063945e4e7d46b1734d973bf244c350fae172a | ||
3337 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3338 | Date: Wed Jan 23 04:51:02 2019 +0000 | ||
3339 | |||
3340 | upstream: allow auto-incrementing certificate serial number for certs | ||
3341 | |||
3342 | signed in a single commandline. | ||
3343 | |||
3344 | OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b | ||
3345 | |||
3346 | commit 851f80328931975fe68f71af363c4537cb896da2 | ||
3347 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3348 | Date: Wed Jan 23 04:16:22 2019 +0000 | ||
3349 | |||
3350 | upstream: move a bunch of global flag variables to main(); make the | ||
3351 | |||
3352 | rest static | ||
3353 | |||
3354 | OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc | ||
3355 | |||
3356 | commit 2265402dc7d701a9aca9f8a7b7b0fd45b65c479f | ||
3357 | Author: Damien Miller <djm@mindrot.org> | ||
3358 | Date: Wed Jan 23 13:03:16 2019 +1100 | ||
3359 | |||
3360 | depend | ||
3361 | |||
3362 | commit 2c223878e53cc46def760add459f5f7c4fb43e35 | ||
3363 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3364 | Date: Wed Jan 23 02:01:10 2019 +0000 | ||
3365 | |||
3366 | upstream: switch mainloop from select(2) to poll(2); ok deraadt@ | ||
3367 | |||
3368 | OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e | ||
3369 | |||
3370 | commit bb956eaa94757ad058ff43631c3a7d6c94d38c2f | ||
3371 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3372 | Date: Wed Jan 23 00:30:41 2019 +0000 | ||
3373 | |||
3374 | upstream: pass most arguments to the KEX hash functions as sshbuf | ||
3375 | |||
3376 | rather than pointer+length; ok markus@ | ||
3377 | |||
3378 | OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 | ||
3379 | |||
3380 | commit d691588b8e29622c66abf8932362b522cf7f4051 | ||
3381 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3382 | Date: Tue Jan 22 22:58:50 2019 +0000 | ||
3383 | |||
3384 | upstream: backoff reading messages from active connections when the | ||
3385 | |||
3386 | input buffer is too full to read one, or if the output buffer is too full to | ||
3387 | enqueue a response; feedback & ok dtucker@ | ||
3388 | |||
3389 | OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8 | ||
3390 | |||
3391 | commit f99ef8de967949a1fc25a5c28263ea32736e5943 | ||
3392 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3393 | Date: Tue Jan 22 20:48:01 2019 +0000 | ||
3394 | |||
3395 | upstream: add -m to usage(); reminded by jmc@ | ||
3396 | |||
3397 | OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e | ||
3398 | |||
3399 | commit 41923ce06ac149453debe472238e0cca7d5a2e5f | ||
3400 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3401 | Date: Tue Jan 22 12:03:58 2019 +0000 | ||
3402 | |||
3403 | upstream: Correct some bugs in PKCS#11 token PIN handling at | ||
3404 | |||
3405 | initial login, the attempt at reading the PIN could be skipped in some cases | ||
3406 | especially on devices with integrated PIN readers. | ||
3407 | |||
3408 | based on patch from Daniel Kucera in bz#2652; ok markus@ | ||
3409 | |||
3410 | OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e | ||
3411 | |||
3412 | commit 2162171ad517501ba511fa9f8191945d01857bb4 | ||
3413 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3414 | Date: Tue Jan 22 12:00:50 2019 +0000 | ||
3415 | |||
3416 | upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by | ||
3417 | |||
3418 | requring a fresh login after the C_SignInit operation. | ||
3419 | |||
3420 | based on patch from Jakub Jelen in bz#2638; ok markus | ||
3421 | |||
3422 | OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661 | ||
3423 | |||
3424 | commit 7a2cb18a215b2cb335da3dc99489c52a91f4925b | ||
3425 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3426 | Date: Tue Jan 22 11:51:25 2019 +0000 | ||
3427 | |||
3428 | upstream: Mention that configuration for the destination host is | ||
3429 | |||
3430 | not applied to any ProxyJump/-J hosts. This has confused a few people... | ||
3431 | |||
3432 | OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b | ||
3433 | |||
3434 | commit ecd2f33cb772db4fa76776543599f1c1ab6f9fa0 | ||
3435 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3436 | Date: Tue Jan 22 11:40:42 2019 +0000 | ||
3437 | |||
3438 | upstream: Include -m in the synopsis for a few more commands that | ||
3439 | |||
3440 | support it | ||
3441 | |||
3442 | Be more explicit in the description of -m about where it may be used | ||
3443 | |||
3444 | Prompted by Jakub Jelen in bz2904 | ||
3445 | |||
3446 | OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c | ||
3447 | |||
3448 | commit ff5d2cf4ca373bb4002eef395ed2cbe2ff0826c1 | ||
3449 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3450 | Date: Tue Jan 22 11:26:16 2019 +0000 | ||
3451 | |||
3452 | upstream: print the full pubkey being attempted at loglevel >= | ||
3453 | |||
3454 | debug2; bz2939 | ||
3455 | |||
3456 | OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290 | ||
3457 | |||
3458 | commit 180b520e2bab33b566b4b0cbac7d5f9940935011 | ||
3459 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3460 | Date: Tue Jan 22 11:19:42 2019 +0000 | ||
3461 | |||
3462 | upstream: clarify: ssh-keygen -e only writes public keys, never | ||
3463 | |||
3464 | private | ||
3465 | |||
3466 | OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb | ||
3467 | |||
3468 | commit c45616a199c322ca674315de88e788f1d2596e26 | ||
3469 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3470 | Date: Tue Jan 22 11:00:15 2019 +0000 | ||
3471 | |||
3472 | upstream: mention the new vs. old key formats in the introduction | ||
3473 | |||
3474 | and give some hints on how keys may be converted or written in the old | ||
3475 | format. | ||
3476 | |||
3477 | OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823 | ||
3478 | |||
3479 | commit fd8eb1383a34c986a00ef13d745ae9bd3ea21760 | ||
3480 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3481 | Date: Tue Jan 22 06:58:31 2019 +0000 | ||
3482 | |||
3483 | upstream: tweak previous; | ||
3484 | |||
3485 | OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8 | ||
3486 | |||
3487 | commit 68e924d5473c00057f8532af57741d258c478223 | ||
3488 | Author: tb@openbsd.org <tb@openbsd.org> | ||
3489 | Date: Mon Jan 21 23:55:12 2019 +0000 | ||
3490 | |||
3491 | upstream: Forgot to add -J to the synopsis. | ||
3492 | |||
3493 | OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e | ||
3494 | |||
3495 | commit 622dedf1a884f2927a9121e672bd9955e12ba108 | ||
3496 | Author: tb@openbsd.org <tb@openbsd.org> | ||
3497 | Date: Mon Jan 21 22:50:42 2019 +0000 | ||
3498 | |||
3499 | upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1) | ||
3500 | |||
3501 | and sftp(1) to match ssh(1)'s interface. | ||
3502 | |||
3503 | ok djm | ||
3504 | |||
3505 | OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc | ||
3506 | |||
3507 | commit c882d74652800150d538e22c80dd2bd3cdd5fae2 | ||
3508 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3509 | Date: Tue Jan 22 20:38:40 2019 +1100 | ||
3510 | |||
3511 | Allow building against OpenSSL dev (3.x) version. | ||
3512 | |||
3513 | commit d5520393572eb24aa0e001a1c61f49b104396e45 | ||
3514 | Author: Damien Miller <djm@mindrot.org> | ||
3515 | Date: Tue Jan 22 10:50:40 2019 +1100 | ||
3516 | |||
3517 | typo | ||
3518 | |||
3519 | commit 2de9cec54230998ab10161576f77860a2559ccb7 | ||
3520 | Author: Damien Miller <djm@mindrot.org> | ||
3521 | Date: Tue Jan 22 10:49:52 2019 +1100 | ||
3522 | |||
3523 | add missing header | ||
3524 | |||
3525 | commit 533cfb01e49a2a30354e191669dc3159e03e99a7 | ||
3526 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3527 | Date: Mon Jan 21 22:18:24 2019 +0000 | ||
3528 | |||
3529 | upstream: switch sntrup implementation source from supercop to | ||
3530 | |||
3531 | libpqcrypto; the latter is almost identical but doesn't rely on signed | ||
3532 | underflow to implement an optimised integer sort; from markus@ | ||
3533 | |||
3534 | OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8 | ||
3535 | |||
3536 | commit d50ab3cd6fb859888a26b4d4e333239b4f6bf573 | ||
3537 | Author: Damien Miller <djm@mindrot.org> | ||
3538 | Date: Tue Jan 22 00:02:23 2019 +1100 | ||
3539 | |||
3540 | new files need includes.h | ||
3541 | |||
3542 | commit c7670b091a7174760d619ef6738b4f26b2093301 | ||
3543 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3544 | Date: Mon Jan 21 12:53:35 2019 +0000 | ||
3545 | |||
3546 | upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up | ||
3547 | |||
3548 | debug verbosity. | ||
3549 | |||
3550 | Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run | ||
3551 | in debug mode ("ssh-agent -d"), so we get to see errors from the | ||
3552 | PKCS#11 code. | ||
3553 | |||
3554 | ok markus@ | ||
3555 | |||
3556 | OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d | ||
3557 | |||
3558 | commit 49d8c8e214d39acf752903566b105d06c565442a | ||
3559 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3560 | Date: Mon Jan 21 12:50:12 2019 +0000 | ||
3561 | |||
3562 | upstream: adapt to changes in KEX APIs and file removals | ||
3563 | |||
3564 | OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca | ||
3565 | |||
3566 | commit 35ecc53a83f8e8baab2e37549addfd05c73c30f1 | ||
3567 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3568 | Date: Mon Jan 21 12:35:20 2019 +0000 | ||
3569 | |||
3570 | upstream: adapt to changes in KEX API and file removals | ||
3571 | |||
3572 | OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7 | ||
3573 | |||
3574 | commit 7d69aae64c35868cc4f644583ab973113a79480e | ||
3575 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3576 | Date: Mon Jan 21 12:29:35 2019 +0000 | ||
3577 | |||
3578 | upstream: adapt to bignum1 API removal and bignum2 API change | ||
3579 | |||
3580 | OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63 | ||
3581 | |||
3582 | commit beab553f0a9578ef9bffe28b2c779725e77b39ec | ||
3583 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3584 | Date: Mon Jan 21 09:13:41 2019 +0000 | ||
3585 | |||
3586 | upstream: remove hack to use non-system libcrypto | ||
3587 | |||
3588 | OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f | ||
3589 | |||
3590 | commit 4dc06bd57996f1a46b4c3bababe0d09bc89098f7 | ||
3591 | Author: Damien Miller <djm@mindrot.org> | ||
3592 | Date: Mon Jan 21 23:14:04 2019 +1100 | ||
3593 | |||
3594 | depend | ||
3595 | |||
3596 | commit 70edd73edc4df54e5eee50cd27c25427b34612f8 | ||
3597 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3598 | Date: Mon Jan 21 12:08:13 2019 +0000 | ||
3599 | |||
3600 | upstream: fix reversed arguments to kex_load_hostkey(); manifested as | ||
3601 | |||
3602 | errors in cert-hostkey.sh regress failures. | ||
3603 | |||
3604 | OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba | ||
3605 | |||
3606 | commit f1185abbf0c9108e639297addc77f8757ee00eb3 | ||
3607 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3608 | Date: Mon Jan 21 11:22:00 2019 +0000 | ||
3609 | |||
3610 | upstream: forgot to cvs add this file in previous series of commits; | ||
3611 | |||
3612 | grrr | ||
3613 | |||
3614 | OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0 | ||
3615 | |||
3616 | commit 7bef390b625bdc080f0fd4499ef03cef60fca4fa | ||
3617 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3618 | Date: Mon Jan 21 10:44:21 2019 +0000 | ||
3619 | |||
3620 | upstream: nothing shall escape this purge | ||
3621 | |||
3622 | OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217 | ||
3623 | |||
3624 | commit aaca72d6f1279b842066e07bff797019efeb2c23 | ||
3625 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3626 | Date: Mon Jan 21 10:40:11 2019 +0000 | ||
3627 | |||
3628 | upstream: rename kex->kem_client_pub -> kex->client_pub now that | ||
3629 | |||
3630 | KEM has been renamed to kexgen | ||
3631 | |||
3632 | from markus@ ok djm@ | ||
3633 | |||
3634 | OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8 | ||
3635 | |||
3636 | commit 70867e1ca2eb08bbd494fe9c568df4fd3b35b867 | ||
3637 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3638 | Date: Mon Jan 21 10:38:54 2019 +0000 | ||
3639 | |||
3640 | upstream: merge kexkem[cs] into kexgen | ||
3641 | |||
3642 | from markus@ ok djm@ | ||
3643 | |||
3644 | OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89 | ||
3645 | |||
3646 | commit 71e67fff946396caa110a7964da23480757258ff | ||
3647 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3648 | Date: Mon Jan 21 10:35:09 2019 +0000 | ||
3649 | |||
3650 | upstream: pass values used in KEX hash computation as sshbuf | ||
3651 | |||
3652 | rather than pointer+len | ||
3653 | |||
3654 | suggested by me; implemented by markus@ ok me | ||
3655 | |||
3656 | OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0 | ||
3657 | |||
3658 | commit 4b83e2a2cc0c12e671a77eaba1c1245894f4e884 | ||
3659 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3660 | Date: Mon Jan 21 10:33:49 2019 +0000 | ||
3661 | |||
3662 | upstream: remove kex_derive_keys_bn wrapper; no unused since the | ||
3663 | |||
3664 | DH-like KEX methods have moved to KEM | ||
3665 | |||
3666 | from markus@ ok djm@ | ||
3667 | |||
3668 | OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060 | ||
3669 | |||
3670 | commit 92dda34e373832f34a1944e5d9ebbebb184dedc1 | ||
3671 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3672 | Date: Mon Jan 21 10:29:56 2019 +0000 | ||
3673 | |||
3674 | upstream: use KEM API for vanilla ECDH | ||
3675 | |||
3676 | from markus@ ok djm@ | ||
3677 | |||
3678 | OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c | ||
3679 | |||
3680 | commit b72357217cbe510a3ae155307a7be6b9181f1d1b | ||
3681 | Author: Damien Miller <djm@mindrot.org> | ||
3682 | Date: Mon Jan 21 23:11:21 2019 +1100 | ||
3683 | |||
3684 | fixup missing ssherr.h | ||
3685 | |||
3686 | commit 9c9c97e14fe190931f341876ad98213e1e1dc19f | ||
3687 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3688 | Date: Mon Jan 21 10:28:01 2019 +0000 | ||
3689 | |||
3690 | upstream: use KEM API for vanilla DH KEX | ||
3691 | |||
3692 | from markus@ ok djm@ | ||
3693 | |||
3694 | OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9 | ||
3695 | |||
3696 | commit 2f6a9ddbbf6ca8623c53c323ff17fb6d68d66970 | ||
3697 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3698 | Date: Mon Jan 21 10:24:09 2019 +0000 | ||
3699 | |||
3700 | upstream: use KEM API for vanilla c25519 KEX | ||
3701 | |||
3702 | OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f | ||
3703 | |||
3704 | commit dfd591618cdf2c96727ac0eb65f89cf54af0d97e | ||
3705 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3706 | Date: Mon Jan 21 10:20:12 2019 +0000 | ||
3707 | |||
3708 | upstream: Add support for a PQC KEX/KEM: | ||
3709 | |||
3710 | sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime | ||
3711 | 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not | ||
3712 | enabled by default. | ||
3713 | |||
3714 | introduce KEM API; a simplified framework for DH-ish KEX methods. | ||
3715 | |||
3716 | from markus@ feedback & ok djm@ | ||
3717 | |||
3718 | OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7 | ||
3719 | |||
3720 | commit b1b2ff4ed559051d1035419f8f236275fa66d5d6 | ||
3721 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3722 | Date: Mon Jan 21 10:07:22 2019 +0000 | ||
3723 | |||
3724 | upstream: factor out kex_verify_hostkey() - again, duplicated | ||
3725 | |||
3726 | almost exactly across client and server for several KEX methods. | ||
3727 | |||
3728 | from markus@ ok djm@ | ||
3729 | |||
3730 | OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c | ||
3731 | |||
3732 | commit bb39bafb6dc520cc097780f4611a52da7f19c3e2 | ||
3733 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3734 | Date: Mon Jan 21 10:05:09 2019 +0000 | ||
3735 | |||
3736 | upstream: factor out kex_load_hostkey() - this is duplicated in | ||
3737 | |||
3738 | both the client and server implementations for most KEX methods. | ||
3739 | |||
3740 | from markus@ ok djm@ | ||
3741 | |||
3742 | OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c | ||
3743 | |||
3744 | commit dec5e9d33891e3bc3f1395d7db0e56fdc7f86dfc | ||
3745 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3746 | Date: Mon Jan 21 10:03:37 2019 +0000 | ||
3747 | |||
3748 | upstream: factor out kex_dh_compute_key() - it's shared between | ||
3749 | |||
3750 | plain DH KEX and DH GEX in both the client and server implementations | ||
3751 | |||
3752 | from markus@ ok djm@ | ||
3753 | |||
3754 | OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec | ||
3755 | |||
3756 | commit e93bd98eab79b9a78f64ee8dd4dffc4d3979c7ae | ||
3757 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3758 | Date: Mon Jan 21 10:00:23 2019 +0000 | ||
3759 | |||
3760 | upstream: factor out DH keygen; it's identical between the client | ||
3761 | |||
3762 | and the server | ||
3763 | |||
3764 | from markus@ ok djm@ | ||
3765 | |||
3766 | OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9 | ||
3767 | |||
3768 | commit 5ae3f6d314465026d028af82609c1d49ad197655 | ||
3769 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3770 | Date: Mon Jan 21 09:55:52 2019 +0000 | ||
3771 | |||
3772 | upstream: save the derived session id in kex_derive_keys() rather | ||
3773 | |||
3774 | than making each kex method implementation do it. | ||
3775 | |||
3776 | from markus@ ok djm@ | ||
3777 | |||
3778 | OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673 | ||
3779 | |||
3780 | commit 7be8572b32a15d5c3dba897f252e2e04e991c307 | ||
3781 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3782 | Date: Mon Jan 21 09:54:11 2019 +0000 | ||
3783 | |||
3784 | upstream: Make sshpkt_get_bignum2() allocate the bignum it is | ||
3785 | |||
3786 | parsing rather than make the caller do it. Saves a lot of boilerplate code. | ||
3787 | |||
3788 | from markus@ ok djm@ | ||
3789 | |||
3790 | OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9 | ||
3791 | |||
3792 | commit 803178bd5da7e72be94ba5b4c4c196d4b542da4d | ||
3793 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3794 | Date: Mon Jan 21 09:52:25 2019 +0000 | ||
3795 | |||
3796 | upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1 | ||
3797 | |||
3798 | functions | ||
3799 | |||
3800 | from markus@ ok djm@ | ||
3801 | |||
3802 | OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e | ||
3803 | |||
3804 | commit f3ebaffd8714be31d4345f90af64992de4b3bba2 | ||
3805 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3806 | Date: Mon Jan 21 09:49:37 2019 +0000 | ||
3807 | |||
3808 | upstream: fix all-zero check in kexc25519_shared_key | ||
3809 | |||
3810 | from markus@ ok djm@ | ||
3811 | |||
3812 | OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d | ||
3813 | |||
3814 | commit 9d1a9771d0ad3a83af733bf3d2650b53f43c269f | ||
3815 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3816 | Date: Mon Jan 21 07:09:10 2019 +0000 | ||
3817 | |||
3818 | upstream: - -T was added to the first synopsis by mistake - since | ||
3819 | |||
3820 | "..." denotes optional, no need to surround it in [] | ||
3821 | |||
3822 | ok djm | ||
3823 | |||
3824 | OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25 | ||
3825 | |||
3826 | commit 2f0bad2bf85391dbb41315ab55032ec522660617 | ||
3827 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3828 | Date: Mon Jan 21 21:28:27 2019 +1100 | ||
3829 | |||
3830 | Make --with-rpath take a flag instead of yes/no. | ||
3831 | |||
3832 | Linkers need various flags for -rpath and similar, so make --with-rpath | ||
3833 | take an optional flag argument which is passed to the linker. ok djm@ | ||
3834 | |||
3835 | commit 23490a6c970ea1d03581a3b4208f2eb7a675f453 | ||
3836 | Author: Damien Miller <djm@mindrot.org> | ||
3837 | Date: Mon Jan 21 15:05:43 2019 +1100 | ||
3838 | |||
3839 | fix previous test | ||
3840 | |||
3841 | commit b6dd3277f2c49f9584a2097bc792e8f480397e87 | ||
3842 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3843 | Date: Mon Jan 21 13:50:17 2019 +1100 | ||
3844 | |||
3845 | Wrap ECC static globals in EC_KEY_METHOD_NEW too. | ||
3846 | |||
3847 | commit b2eb9db35b7191613f2f4b934d57b25938bb34b3 | ||
3848 | Author: Damien Miller <djm@mindrot.org> | ||
3849 | Date: Mon Jan 21 12:53:40 2019 +1100 | ||
3850 | |||
3851 | pass TEST_SSH_SSHPKCS11HELPER to regress tests | ||
3852 | |||
3853 | commit ba58a529f45b3dae2db68607d8c54ae96e90e705 | ||
3854 | Author: Damien Miller <djm@mindrot.org> | ||
3855 | Date: Mon Jan 21 12:31:29 2019 +1100 | ||
3856 | |||
3857 | make agent-pkcs11 search harder for softhsm2.so | ||
3858 | |||
3859 | commit 662be40c62339ab645113c930ce689466f028938 | ||
3860 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3861 | Date: Mon Jan 21 02:05:38 2019 +0000 | ||
3862 | |||
3863 | upstream: always print the caller's error message in ossl_error(), | ||
3864 | |||
3865 | even when there are no libcrypto errors to report. | ||
3866 | |||
3867 | OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a | ||
3868 | |||
3869 | commit ce46c3a077dfb4c531ccffcfff03f37775725b75 | ||
3870 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3871 | Date: Mon Jan 21 02:01:03 2019 +0000 | ||
3872 | |||
3873 | upstream: get the ex_data (pkcs11_key object) back from the keys at | ||
3874 | |||
3875 | the index at which it was inserted, rather than assuming index 0 | ||
3876 | |||
3877 | OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8 | ||
3878 | |||
3879 | commit 0a5f2ea35626022299ece3c8817a1abe8cf37b3e | ||
3880 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3881 | Date: Mon Jan 21 01:05:00 2019 +0000 | ||
3882 | |||
3883 | upstream: GSSAPI code got missed when converting to new packet API | ||
3884 | |||
3885 | OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851 | ||
3886 | |||
3887 | commit 2efcf812b4c1555ca3aff744820a3b3bccd68298 | ||
3888 | Author: Damien Miller <djm@mindrot.org> | ||
3889 | Date: Mon Jan 21 11:57:21 2019 +1100 | ||
3890 | |||
3891 | Fix -Wunused when compiling PKCS#11 without ECDSA | ||
3892 | |||
3893 | commit 3c0c657ed7cd335fc05c0852d88232ca7e92a5d9 | ||
3894 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3895 | Date: Sun Jan 20 23:26:44 2019 +0000 | ||
3896 | |||
3897 | upstream: allow override of ssh-pkcs11-helper binary via | ||
3898 | |||
3899 | $TEST_SSH_SSHPKCS11HELPER from markus@ | ||
3900 | |||
3901 | OpenBSD-Regress-ID: 7382a3d76746f5a792d106912a5819fd5e49e469 | ||
3902 | |||
3903 | commit 760ae37b4505453c6fa4faf1aa39a8671ab053af | ||
3904 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3905 | Date: Sun Jan 20 23:25:25 2019 +0000 | ||
3906 | |||
3907 | upstream: adapt agent-pkcs11.sh test to softhsm2 and add support | ||
3908 | |||
3909 | for ECDSA keys | ||
3910 | |||
3911 | work by markus@, ok djm@ | ||
3912 | |||
3913 | OpenBSD-Regress-ID: 1ebc2be0e88eff1b6d8be2f9c00cdc60723509fe | ||
3914 | |||
3915 | commit b2ce8b31a1f974a13e6d12e0a0c132b50bc45115 | ||
3916 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3917 | Date: Sun Jan 20 23:24:19 2019 +0000 | ||
3918 | |||
3919 | upstream: add "extra:" target to run some extra tests that are not | ||
3920 | |||
3921 | enabled by default (currently includes agent-pkcs11.sh); from markus@ | ||
3922 | |||
3923 | OpenBSD-Regress-ID: 9a969e1adcd117fea174d368dcb9c61eb50a2a3c | ||
3924 | |||
3925 | commit 632976418d60b7193597bbc6ac7ca33981a41aab | ||
3926 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3927 | Date: Mon Jan 21 00:47:34 2019 +0000 | ||
3928 | |||
3929 | upstream: use ECDSA_SIG_set0() instead of poking signature values into | ||
3930 | |||
3931 | structure directly; the latter works on LibreSSL but not on OpenSSL. From | ||
3932 | portable. | ||
3933 | |||
3934 | OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a029167f70a481891c6 | ||
3935 | |||
3936 | commit 5de6ac2bad11175135d9b819b3546db0ca0b4878 | ||
3937 | Author: Damien Miller <djm@mindrot.org> | ||
3938 | Date: Mon Jan 21 11:44:19 2019 +1100 | ||
3939 | |||
3940 | remove HAVE_DLOPEN that snuck in | ||
3941 | |||
3942 | portable doesn't use this | ||
3943 | |||
3944 | commit e2cb445d786f7572da2af93e3433308eaed1093a | ||
3945 | Author: Damien Miller <djm@mindrot.org> | ||
3946 | Date: Mon Jan 21 11:32:28 2019 +1100 | ||
3947 | |||
3948 | conditionalise ECDSA PKCS#11 support | ||
3949 | |||
3950 | Require EC_KEY_METHOD support in libcrypto, evidenced by presence | ||
3951 | of EC_KEY_METHOD_new() function. | ||
3952 | |||
3953 | commit fcb1b0937182d0137a3c357c89735d0dc5869d54 | ||
3954 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3955 | Date: Sun Jan 20 23:12:35 2019 +0000 | ||
3956 | |||
3957 | upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD | ||
3958 | |||
3959 | now, so there is no need to keep a copy of each in the pkcs11_key object. | ||
3960 | |||
3961 | work by markus@, ok djm@ | ||
3962 | |||
3963 | OpenBSD-Commit-ID: 43b4856516e45c0595f17a8e95b2daee05f12faa | ||
3964 | |||
3965 | commit 6529409e85890cd6df7e5e81d04e393b1d2e4b0b | ||
3966 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3967 | Date: Sun Jan 20 23:11:11 2019 +0000 | ||
3968 | |||
3969 | upstream: KNF previous; from markus@ | ||
3970 | |||
3971 | OpenBSD-Commit-ID: 3dfe35e25b310c3968b1e4e53a0cb1d03bda5395 | ||
3972 | |||
3973 | commit 58622a8c82f4e2aad630580543f51ba537c1f39e | ||
3974 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3975 | Date: Sun Jan 20 23:10:33 2019 +0000 | ||
3976 | |||
3977 | upstream: use OpenSSL's RSA reference counting hooks to | ||
3978 | |||
3979 | implicitly clean up pkcs11_key objects when their owning RSA object's | ||
3980 | reference count drops to zero. Simplifies the cleanup path and makes it more | ||
3981 | like ECDSA's | ||
3982 | |||
3983 | work by markus@, ok djm@ | ||
3984 | |||
3985 | OpenBSD-Commit-ID: 74b9c98f405cd78f7148e9e4a4982336cd3df25c | ||
3986 | |||
3987 | commit f118542fc82a3b3ab0360955b33bc5a271ea709f | ||
3988 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3989 | Date: Sun Jan 20 23:08:24 2019 +0000 | ||
3990 | |||
3991 | upstream: make the PKCS#11 RSA code more like the new PKCS#11 | ||
3992 | |||
3993 | ECDSA code: use a single custom RSA_METHOD instead of a method per key | ||
3994 | |||
3995 | suggested by me, but markus@ did all the work. | ||
3996 | ok djm@ | ||
3997 | |||
3998 | OpenBSD-Commit-ID: 8aafcebe923dc742fc5537a995cee549d07e4b2e | ||
3999 | |||
4000 | commit 445cfce49dfc904c6b8ab25afa2f43130296c1a5 | ||
4001 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4002 | Date: Sun Jan 20 23:05:52 2019 +0000 | ||
4003 | |||
4004 | upstream: fix leak of ECDSA pkcs11_key objects | ||
4005 | |||
4006 | work by markus, ok djm@ | ||
4007 | |||
4008 | OpenBSD-Commit-ID: 9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1 | ||
4009 | |||
4010 | commit 8a2467583f0b5760787273796ec929190c3f16ee | ||
4011 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4012 | Date: Sun Jan 20 23:03:26 2019 +0000 | ||
4013 | |||
4014 | upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of | ||
4015 | |||
4016 | EC_KEY internals as that won't work on OpenSSL | ||
4017 | |||
4018 | work by markus@, feedback and ok djm@ | ||
4019 | |||
4020 | OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700 | ||
4021 | |||
4022 | commit 24757c1ae309324e98d50e5935478655be04e549 | ||
4023 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4024 | Date: Sun Jan 20 23:01:59 2019 +0000 | ||
4025 | |||
4026 | upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned | ||
4027 | |||
4028 | object should never have a DER header | ||
4029 | |||
4030 | work by markus; feedback and ok djm@ | ||
4031 | |||
4032 | OpenBSD-Commit-ID: b617fa585eddbbf0b1245b58b7a3c4b8d613db17 | ||
4033 | |||
4034 | commit 749aef30321595435ddacef2f31d7a8f2b289309 | ||
4035 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4036 | Date: Sun Jan 20 23:00:12 2019 +0000 | ||
4037 | |||
4038 | upstream: cleanup unnecessary code in ECDSA pkcs#11 signature | ||
4039 | |||
4040 | work by markus@, feedback and ok djm@ | ||
4041 | |||
4042 | OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d | ||
4043 | |||
4044 | commit 0c50992af49b562970dd0ba3f8f151f1119e260e | ||
4045 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4046 | Date: Sun Jan 20 22:57:45 2019 +0000 | ||
4047 | |||
4048 | upstream: cleanup pkcs#11 client code: use sshkey_new in instead | ||
4049 | |||
4050 | of stack- allocating a sshkey | ||
4051 | |||
4052 | work by markus@, ok djm@ | ||
4053 | |||
4054 | OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91 | ||
4055 | |||
4056 | commit 854bd8674ee5074a239f7cadf757d55454802e41 | ||
4057 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4058 | Date: Sun Jan 20 22:54:30 2019 +0000 | ||
4059 | |||
4060 | upstream: allow override of the pkcs#11 helper binary via | ||
4061 | |||
4062 | $SSH_PKCS11_HELPER; needed for regress tests. | ||
4063 | |||
4064 | work by markus@, ok me | ||
4065 | |||
4066 | OpenBSD-Commit-ID: f78d8185500bd7c37aeaf7bd27336db62f0f7a83 | ||
4067 | |||
4068 | commit 93f02107f44d63a016d8c23ebd2ca9205c495c48 | ||
4069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4070 | Date: Sun Jan 20 22:51:37 2019 +0000 | ||
4071 | |||
4072 | upstream: add support for ECDSA keys in PKCS#11 tokens | ||
4073 | |||
4074 | Work by markus@ and Pedro Martelletto, feedback and ok me@ | ||
4075 | |||
4076 | OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424 | ||
4077 | |||
4078 | commit aa22c20e0c36c2fc610cfcc793b0d14079c38814 | ||
4079 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4080 | Date: Sun Jan 20 22:03:29 2019 +0000 | ||
4081 | |||
4082 | upstream: add option to test whether keys in an agent are usable, | ||
4083 | |||
4084 | by performing a signature and a verification using each key "ssh-add -T | ||
4085 | pubkey [...]" | ||
4086 | |||
4087 | work by markus@, ok djm@ | ||
4088 | |||
4089 | OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b | ||
4090 | |||
4091 | commit a36b0b14a12971086034d53c0c3dfbad07665abe | ||
4092 | Author: tb@openbsd.org <tb@openbsd.org> | ||
4093 | Date: Sun Jan 20 02:01:59 2019 +0000 | ||
4094 | |||
4095 | upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on | ||
4096 | |||
4097 | error. | ||
4098 | |||
4099 | Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd | ||
4100 | by David Benjamin. | ||
4101 | |||
4102 | ok djm, dtucker | ||
4103 | |||
4104 | OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8 | ||
4105 | |||
4106 | commit ec4776bb01dd8d61fddc7d2a31ab10bf3d3d829a | ||
4107 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4108 | Date: Sun Jan 20 01:12:40 2019 +0000 | ||
4109 | |||
4110 | upstream: DH-GEX min value is now specified in RFC8270. ok djm@ | ||
4111 | |||
4112 | OpenBSD-Commit-ID: 1229d0feb1d0ecefe05bf67a17578b263e991acc | ||
4113 | |||
4114 | commit c90a7928c4191303e76a8c58b9008d464287ae1b | ||
4115 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4116 | Date: Mon Jan 21 09:22:36 2019 +1100 | ||
4117 | |||
4118 | Check for cc before gcc. | ||
4119 | |||
4120 | If cc is something other than gcc and is the system compiler prefer using | ||
4121 | that, unless otherwise told via $CC. ok djm@ | ||
4122 | |||
4123 | commit 9b655dc9c9a353f0a527f0c6c43a5e35653c9503 | ||
4124 | Author: Damien Miller <djm@mindrot.org> | ||
4125 | Date: Sun Jan 20 14:55:27 2019 +1100 | ||
4126 | |||
4127 | last bits of old packet API / active_state global | ||
4128 | |||
4129 | commit 3f0786bbe73609ac96e5a0d91425ee21129f8e04 | ||
4130 | Author: Damien Miller <djm@mindrot.org> | ||
4131 | Date: Sun Jan 20 10:22:18 2019 +1100 | ||
4132 | |||
4133 | remove PAM dependencies on old packet API | ||
4134 | |||
4135 | Requires some caching of values, because the PAM code isn't | ||
4136 | always called with packet context. | ||
4137 | |||
4138 | commit 08f66d9f17e12c1140d1f1cf5c4dce67e915d3cc | ||
4139 | Author: Damien Miller <djm@mindrot.org> | ||
4140 | Date: Sun Jan 20 09:58:45 2019 +1100 | ||
4141 | |||
4142 | remove vestiges of old packet API from loginrec.c | ||
4143 | |||
4144 | commit c327813ea1d740e3e367109c17873815aba1328e | ||
4145 | Author: Damien Miller <djm@mindrot.org> | ||
4146 | Date: Sun Jan 20 09:45:38 2019 +1100 | ||
4147 | |||
4148 | depend | ||
4149 | |||
4150 | commit 135e302cfdbe91817294317c337cc38c3ff01cba | ||
4151 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4152 | Date: Sat Jan 19 22:30:52 2019 +0000 | ||
4153 | |||
4154 | upstream: fix error in refactor: use ssh_packet_disconnect() instead of | ||
4155 | |||
4156 | sshpkt_error(). The first one logs the error and exits (what we want) instead | ||
4157 | of just logging and blundering on. | ||
4158 | |||
4159 | OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae | ||
4160 | |||
4161 | commit 245c6a0b220b58686ee35bc5fc1c359e9be2faaa | ||
4162 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4163 | Date: Sat Jan 19 21:45:31 2019 +0000 | ||
4164 | |||
4165 | upstream: remove last traces of old packet API! | ||
4166 | |||
4167 | with & ok markus@ | ||
4168 | |||
4169 | OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d | ||
4170 | |||
4171 | commit 04c091fc199f17dacf8921df0a06634b454e2722 | ||
4172 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4173 | Date: Sat Jan 19 21:43:56 2019 +0000 | ||
4174 | |||
4175 | upstream: remove last references to active_state | ||
4176 | |||
4177 | with & ok markus@ | ||
4178 | |||
4179 | OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2 | ||
4180 | |||
4181 | commit ec00f918b8ad90295044266c433340a8adc93452 | ||
4182 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4183 | Date: Sat Jan 19 21:43:07 2019 +0000 | ||
4184 | |||
4185 | upstream: convert monitor.c to new packet API | ||
4186 | |||
4187 | with & ok markus@ | ||
4188 | |||
4189 | OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5 | ||
4190 | |||
4191 | commit 6350e0316981489d4205952d6904d6fedba5bfe0 | ||
4192 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4193 | Date: Sat Jan 19 21:42:30 2019 +0000 | ||
4194 | |||
4195 | upstream: convert sshd.c to new packet API | ||
4196 | |||
4197 | with & ok markus@ | ||
4198 | |||
4199 | OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891 | ||
4200 | |||
4201 | commit a5e2ad88acff2b7d131ee6d5dc5d339b0f8c6a6d | ||
4202 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4203 | Date: Sat Jan 19 21:41:53 2019 +0000 | ||
4204 | |||
4205 | upstream: convert session.c to new packet API | ||
4206 | |||
4207 | with & ok markus@ | ||
4208 | |||
4209 | OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e | ||
4210 | |||
4211 | commit 3a00a921590d4c4b7e96df11bb10e6f9253ad45e | ||
4212 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4213 | Date: Sat Jan 19 21:41:18 2019 +0000 | ||
4214 | |||
4215 | upstream: convert auth.c to new packet API | ||
4216 | |||
4217 | with & ok markus@ | ||
4218 | |||
4219 | OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4 | ||
4220 | |||
4221 | commit 7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d | ||
4222 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4223 | Date: Sat Jan 19 21:40:48 2019 +0000 | ||
4224 | |||
4225 | upstream: convert serverloop.c to new packet API | ||
4226 | |||
4227 | with & ok markus@ | ||
4228 | |||
4229 | OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885 | ||
4230 | |||
4231 | commit 64c9598ac05332d1327cbf55334dee4172d216c4 | ||
4232 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4233 | Date: Sat Jan 19 21:40:21 2019 +0000 | ||
4234 | |||
4235 | upstream: convert the remainder of sshconnect2.c to new packet | ||
4236 | |||
4237 | API | ||
4238 | |||
4239 | with & ok markus@ | ||
4240 | |||
4241 | OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71 | ||
4242 | |||
4243 | commit bc5e1169d101d16e3a5962a928db2bc49a8ef5a3 | ||
4244 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4245 | Date: Sat Jan 19 21:39:12 2019 +0000 | ||
4246 | |||
4247 | upstream: convert the remainder of clientloop.c to new packet API | ||
4248 | |||
4249 | with & ok markus@ | ||
4250 | |||
4251 | OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e | ||
4252 | |||
4253 | commit 5ebce136a6105f084db8f0d7ee41981d42daec40 | ||
4254 | Author: Damien Miller <djm@mindrot.org> | ||
4255 | Date: Sun Jan 20 09:44:53 2019 +1100 | ||
4256 | |||
4257 | upstream: convert auth2.c to new packet API | ||
4258 | |||
4259 | OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999 | ||
4260 | |||
4261 | commit 172a592a53ebe8649c4ac0d7946e6c08eb151af6 | ||
4262 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4263 | Date: Sat Jan 19 21:37:48 2019 +0000 | ||
4264 | |||
4265 | upstream: convert servconf.c to new packet API | ||
4266 | |||
4267 | with & ok markus@ | ||
4268 | |||
4269 | OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4 | ||
4270 | |||
4271 | commit 8cc7a679d29cf6ecccfa08191e688c7f81ef95c2 | ||
4272 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4273 | Date: Sat Jan 19 21:37:13 2019 +0000 | ||
4274 | |||
4275 | upstream: convert channels.c to new packet API | ||
4276 | |||
4277 | with & ok markus@ | ||
4278 | |||
4279 | OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c | ||
4280 | |||
4281 | commit 06232038c794c7dfcb087be0ab0b3e65b09fd396 | ||
4282 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4283 | Date: Sat Jan 19 21:36:38 2019 +0000 | ||
4284 | |||
4285 | upstream: convert sshconnect.c to new packet API | ||
4286 | |||
4287 | with & ok markus@ | ||
4288 | |||
4289 | OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f | ||
4290 | |||
4291 | commit 25b2ed667216314471bb66752442c55b95792dc3 | ||
4292 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4293 | Date: Sat Jan 19 21:36:06 2019 +0000 | ||
4294 | |||
4295 | upstream: convert ssh.c to new packet API | ||
4296 | |||
4297 | with & ok markus@ | ||
4298 | |||
4299 | OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21 | ||
4300 | |||
4301 | commit e3128b38623eef2fa8d6e7ae934d3bd08c7e973e | ||
4302 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4303 | Date: Sat Jan 19 21:35:25 2019 +0000 | ||
4304 | |||
4305 | upstream: convert mux.c to new packet API | ||
4306 | |||
4307 | with & ok markus@ | ||
4308 | |||
4309 | OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802 | ||
4310 | |||
4311 | commit ed1df7226caf3a943a36d580d4d4e9275f8a61ee | ||
4312 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4313 | Date: Sat Jan 19 21:34:45 2019 +0000 | ||
4314 | |||
4315 | upstream: convert sshconnect2.c to new packet API | ||
4316 | |||
4317 | with & ok markus@ | ||
4318 | |||
4319 | OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58 | ||
4320 | |||
4321 | commit 23f22a4aaa923c61ec49a99ebaa383656e87fa40 | ||
4322 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4323 | Date: Sat Jan 19 21:33:57 2019 +0000 | ||
4324 | |||
4325 | upstream: convert clientloop.c to new packet API | ||
4326 | |||
4327 | with & ok markus@ | ||
4328 | |||
4329 | OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa | ||
4330 | |||
4331 | commit ad60b1179c9682ca5aef0b346f99ef68cbbbc4e5 | ||
4332 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4333 | Date: Sat Jan 19 21:33:13 2019 +0000 | ||
4334 | |||
4335 | upstream: allow sshpkt_fatal() to take a varargs format; we'll | ||
4336 | |||
4337 | use this to give packet-related fatal error messages more context (esp. the | ||
4338 | remote endpoint) ok markus@ | ||
4339 | |||
4340 | OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50 | ||
4341 | |||
4342 | commit 0fa174ebe129f3d0aeaf4e2d1dd8de745870d0ff | ||
4343 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4344 | Date: Sat Jan 19 21:31:32 2019 +0000 | ||
4345 | |||
4346 | upstream: begin landing remaining refactoring of packet parsing | ||
4347 | |||
4348 | API, started almost exactly six years ago. | ||
4349 | |||
4350 | This change stops including the old packet_* API by default and makes | ||
4351 | each file that requires the old API include it explicitly. We will | ||
4352 | commit file-by-file refactoring to remove the old API in consistent | ||
4353 | steps. | ||
4354 | |||
4355 | with & ok markus@ | ||
4356 | |||
4357 | OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4 | ||
4358 | |||
4359 | commit 4ae7f80dfd02f2bde912a67c9f338f61e90fa79f | ||
4360 | Author: tb@openbsd.org <tb@openbsd.org> | ||
4361 | Date: Sat Jan 19 04:15:56 2019 +0000 | ||
4362 | |||
4363 | upstream: Print an \r in front of the password prompt so parts of | ||
4364 | |||
4365 | a password that was entered too early are likely clobbered by the prompt. | ||
4366 | Idea from doas. | ||
4367 | |||
4368 | from and ok djm | ||
4369 | "i like it" deraadt | ||
4370 | |||
4371 | OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e | ||
4372 | |||
4373 | commit a6258e5dc314c7d504ac9f0fbc3be96475581dbe | ||
4374 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4375 | Date: Fri Jan 18 11:09:01 2019 +1100 | ||
4376 | |||
4377 | Add minimal fchownat and fchmodat implementations. | ||
4378 | |||
4379 | Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10. | ||
4380 | |||
4381 | commit 091093d25802b87d3b2b09f2c88d9f33e1ae5562 | ||
4382 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4383 | Date: Fri Jan 18 12:11:42 2019 +1300 | ||
4384 | |||
4385 | Add a minimal implementation of utimensat(). | ||
4386 | |||
4387 | Some systems (eg older OS X) do not have utimensat, so provide minimal | ||
4388 | implementation in compat layer. Fixes build on at least El Capitan. | ||
4389 | |||
4390 | commit 609644027dde1f82213699cb6599e584c7efcb75 | ||
4391 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4392 | Date: Tue Jan 1 22:20:16 2019 +0000 | ||
4393 | |||
4394 | upstream: regress bits for banner processing refactor (this test was | ||
4395 | |||
4396 | depending on ssh returning a particular error message for banner parsing | ||
4397 | failure) | ||
4398 | |||
4399 | reminded by bluhm@ | ||
4400 | |||
4401 | OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575 | ||
4402 | |||
4403 | commit f47d72ddad75b93d3cbc781718b0fa9046c03df8 | ||
4404 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4405 | Date: Thu Jan 17 04:45:09 2019 +0000 | ||
4406 | |||
4407 | upstream: tun_fwd_ifnames variable should b | ||
4408 | |||
4409 | =?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?= | ||
4410 | MIME-Version: 1.0 | ||
4411 | Content-Type: text/plain; charset=UTF-8 | ||
4412 | Content-Transfer-Encoding: 8bit | ||
4413 | |||
4414 | OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271 | ||
4415 | |||
4416 | commit 943d0965263cae1c080ce5a9d0b5aa341885e55d | ||
4417 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4418 | Date: Thu Jan 17 04:20:53 2019 +0000 | ||
4419 | |||
4420 | upstream: include time.h for time(3)/nanosleep(2); from Ian | ||
4421 | |||
4422 | McKellar | ||
4423 | |||
4424 | OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51 | ||
4425 | |||
4426 | commit dbb4dec6d5d671b5e9d67ef02162a610ad052068 | ||
4427 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4428 | Date: Thu Jan 17 01:50:24 2019 +0000 | ||
4429 | |||
4430 | upstream: many of the global variables in this file can be made static; | ||
4431 | |||
4432 | patch from Markus Schmidt | ||
4433 | |||
4434 | OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737 | ||
4435 | |||
4436 | commit 60d8c84e0887514c99c9ce071965fafaa1c3d34a | ||
4437 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4438 | Date: Wed Jan 16 23:23:45 2019 +0000 | ||
4439 | |||
4440 | upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to | ||
4441 | |||
4442 | request they do not follow symlinks. Requires recently-committed | ||
4443 | lsetstat@openssh.com extension on the server side. | ||
4444 | |||
4445 | ok markus@ dtucker@ | ||
4446 | |||
4447 | OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604 | ||
4448 | |||
4449 | commit dbbc7e0eab7262f34b8e0cd6efecd1c77b905ed0 | ||
4450 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4451 | Date: Wed Jan 16 23:22:10 2019 +0000 | ||
4452 | |||
4453 | upstream: add support for a "lsetstat@openssh.com" extension. This | ||
4454 | |||
4455 | replicates the functionality of the existing SSH2_FXP_SETSTAT operation but | ||
4456 | does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but | ||
4457 | with more attribute modifications supported. | ||
4458 | |||
4459 | ok markus@ dtucker@ | ||
4460 | |||
4461 | OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80 | ||
4462 | |||
4463 | commit 4a526941d328fc3d97068c6a4cbd9b71b70fe5e1 | ||
4464 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4465 | Date: Fri Jan 4 03:27:50 2019 +0000 | ||
4466 | |||
4467 | upstream: eliminate function-static attempt counters for | ||
4468 | |||
4469 | passwd/kbdint authmethods by moving them to the client authctxt; Patch from | ||
4470 | Markus Schmidt, ok markus@ | ||
4471 | |||
4472 | OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f | ||
4473 | |||
4474 | commit 8a8183474c41bd6cebaa917346b549af2239ba2f | ||
4475 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4476 | Date: Fri Jan 4 03:23:00 2019 +0000 | ||
4477 | |||
4478 | upstream: fix memory leak of ciphercontext when rekeying; bz#2942 | ||
4479 | |||
4480 | Patch from Markus Schmidt; ok markus@ | ||
4481 | |||
4482 | OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd | ||
4483 | |||
4484 | commit 5bed70afce0907b6217418d0655724c99b683d93 | ||
4485 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4486 | Date: Tue Jan 1 23:10:53 2019 +0000 | ||
4487 | |||
4488 | upstream: static on global vars, const on handler tables that contain | ||
4489 | |||
4490 | function pointers; from Mike Frysinger | ||
4491 | |||
4492 | OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0 | ||
4493 | |||
4494 | commit 007a88b48c97d092ed2f501bbdcb70d9925277be | ||
4495 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4496 | Date: Thu Dec 27 23:02:11 2018 +0000 | ||
4497 | |||
4498 | upstream: Request RSA-SHA2 signatures for | ||
4499 | |||
4500 | rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@ | ||
4501 | |||
4502 | OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033 | ||
4503 | |||
4504 | commit eb347d086c35428c47fe52b34588cbbc9b49d9a6 | ||
4505 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4506 | Date: Thu Dec 27 03:37:49 2018 +0000 | ||
4507 | |||
4508 | upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so | ||
4509 | |||
4510 | don't do explicit kex_free() beforehand | ||
4511 | |||
4512 | OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf | ||
4513 | |||
4514 | commit bb542f0cf6f7511a22a08c492861e256a82376a9 | ||
4515 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
4516 | Date: Sat Dec 15 00:50:21 2018 +0000 | ||
4517 | |||
4518 | upstream: remove unused and problematic sudo clean. ok espie | ||
4519 | |||
4520 | OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b | ||
4521 | |||
4522 | commit 0a843d9a0e805f14653a555f5c7a8ba99d62c12d | ||
4523 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4524 | Date: Thu Dec 27 03:25:24 2018 +0000 | ||
4525 | |||
4526 | upstream: move client/server SSH-* banners to buffers under | ||
4527 | |||
4528 | ssh->kex and factor out the banner exchange. This eliminates some common code | ||
4529 | from the client and server. | ||
4530 | |||
4531 | Also be more strict about handling \r characters - these should only | ||
4532 | be accepted immediately before \n (pointed out by Jann Horn). | ||
4533 | |||
4534 | Inspired by a patch from Markus Schmidt. | ||
4535 | (lots of) feedback and ok markus@ | ||
4536 | |||
4537 | OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b | ||
4538 | |||
4539 | commit 434b587afe41c19391821e7392005068fda76248 | ||
4540 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4541 | Date: Fri Dec 7 04:36:09 2018 +0000 | ||
4542 | |||
4543 | upstream: Fix calculation of initial bandwidth limits. Account for | ||
4544 | |||
4545 | written bytes before the initial timer check so that the first buffer written | ||
4546 | is accounted. Set the threshold after which the timer is checked such that | ||
4547 | the limit starts being computed as soon as possible, ie after the second | ||
4548 | buffer is written. This prevents an initial burst of traffic and provides a | ||
4549 | more accurate bandwidth limit. bz#2927, ok djm. | ||
4550 | |||
4551 | OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6 | ||
4552 | |||
4553 | commit a6a0788cbbe8dfce2819ee43b09c80725742e21c | ||
4554 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4555 | Date: Fri Dec 7 03:39:40 2018 +0000 | ||
4556 | |||
4557 | upstream: only consider the ext-info-c extension during the initial | ||
4558 | |||
4559 | KEX. It shouldn't be sent in subsequent ones, but if it is present we should | ||
4560 | ignore it. | ||
4561 | |||
4562 | This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy | ||
4563 | these clients. Reported by Jakub Jelen via bz2929; ok dtucker@ | ||
4564 | |||
4565 | OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9 | ||
4566 | |||
4567 | commit 63bba57a32c5bb6158d57cf4c47022daf89c14a0 | ||
4568 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4569 | Date: Fri Dec 7 03:33:18 2018 +0000 | ||
4570 | |||
4571 | upstream: fix option letter pasto in previous | ||
4572 | |||
4573 | OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39 | ||
4574 | |||
4575 | commit 737e4edd82406595815efadc28ed5161b8b0c01a | ||
4576 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4577 | Date: Fri Dec 7 03:32:26 2018 +0000 | ||
4578 | |||
4579 | upstream: mention that the ssh-keygen -F (find host in | ||
4580 | |||
4581 | authorized_keys) and -R (remove host from authorized_keys) options may accept | ||
4582 | either a bare hostname or a [hostname]:port combo. bz#2935 | ||
4583 | |||
4584 | OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780 | ||
4585 | |||
4586 | commit 8a22ffaa13391cfe5b40316d938fe0fb931e9296 | ||
4587 | Author: Damien Miller <djm@mindrot.org> | ||
4588 | Date: Fri Dec 7 15:41:16 2018 +1100 | ||
4589 | |||
4590 | expose $SSH_CONNECTION in the PAM environment | ||
4591 | |||
4592 | This makes the connection 4-tuple available to PAM modules that | ||
4593 | wish to use it in decision-making. bz#2741 | ||
4594 | |||
4595 | commit a784fa8c7a7b084d63bae82ccfea902131bb45c5 | ||
4596 | Author: Kevin Adler <kadler@us.ibm.com> | ||
4597 | Date: Wed Dec 12 22:12:45 2018 -0600 | ||
4598 | |||
4599 | Don't pass loginmsg by address now that it's an sshbuf* | ||
4600 | |||
4601 | In 120a1ec74, loginmsg was changed from the legacy Buffer type | ||
4602 | to struct sshbuf*, but it missed changing calls to | ||
4603 | sys_auth_allowed_user and sys_auth_record_login which passed | ||
4604 | loginmsg by address. Now that it's a pointer, just pass it directly. | ||
4605 | |||
4606 | This only affects AIX, unless there are out of tree users. | ||
4607 | |||
4608 | commit 285310b897969a63ef224d39e7cc2b7316d86940 | ||
4609 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4610 | Date: Fri Dec 7 02:31:20 2018 +0000 | ||
4611 | |||
4612 | upstream: no need to allocate channels_pre/channels_post in | ||
4613 | |||
4614 | channel_init_channels() as we do it anyway in channel_handler_init() that we | ||
4615 | call at the end of the function. Fix from Markus Schmidt via bz#2938 | ||
4616 | |||
4617 | OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed | ||
4618 | |||
4619 | commit 87d6cf1cbc91df6815db8fe0acc7c910bc3d18e4 | ||
4620 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4621 | Date: Fri Nov 30 02:24:52 2018 +0000 | ||
4622 | |||
4623 | upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293 | ||
4624 | |||
4625 | OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929 | ||
4626 | |||
4627 | commit 91b19198c3f604f5eef2c56dbe36f29478243141 | ||
4628 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4629 | Date: Wed Nov 28 06:00:38 2018 +0000 | ||
4630 | |||
4631 | upstream: don't truncate user or host name in "user@host's | ||
4632 | |||
4633 | OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360 | ||
4634 | |||
4635 | commit dd0cf6318d9b4b3533bda1e3bc021b2cd7246b7a | ||
4636 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
4637 | Date: Fri Nov 23 06:58:28 2018 +0000 | ||
4638 | |||
4639 | upstream: tweak previous; | ||
4640 | |||
4641 | OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f | ||
4642 | |||
4643 | commit 8a85f5458d1c802471ca899c97f89946f6666e61 | ||
4644 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4645 | Date: Sun Nov 25 21:44:05 2018 +1100 | ||
4646 | |||
4647 | Include stdio.h for FILE if needed. | ||
4648 | |||
4649 | commit 16fb23f25454991272bfe4598cc05d20fcd25116 | ||
4650 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4651 | Date: Sun Nov 25 14:05:57 2018 +1100 | ||
4652 | |||
4653 | Reverse order of OpenSSL init functions. | ||
4654 | |||
4655 | Try the new init function (OPENSSL_init_crypto) before falling back to | ||
4656 | the old one (OpenSSL_add_all_algorithms). | ||
4657 | |||
4658 | commit 98f878d2272bf8dff21f2a0265d963c29e33fed2 | ||
4659 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4660 | Date: Sun Nov 25 14:05:08 2018 +1100 | ||
4661 | |||
4662 | Improve OpenSSL_add_all_algorithms check. | ||
4663 | |||
4664 | OpenSSL_add_all_algorithms() may be a macro so check for that too. | ||
4665 | |||
4666 | commit 9e34e0c59ab04514f9de9934a772283f7f372afe | ||
4667 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4668 | Date: Fri Nov 23 05:08:07 2018 +0000 | ||
4669 | |||
4670 | upstream: add a ssh_config "Match final" predicate | ||
4671 | |||
4672 | Matches in same pass as "Match canonical" but doesn't require | ||
4673 | hostname canonicalisation be enabled. bz#2906 ok markus | ||
4674 | |||
4675 | OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa | ||
4676 | |||
4677 | commit 4da58d58736b065b1182b563d10ad6765d811c6d | ||
4678 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4679 | Date: Fri Nov 23 02:53:57 2018 +0000 | ||
4680 | |||
4681 | upstream: Remove now-unneeded ifdef SIGINFO around handler since it is | ||
4682 | |||
4683 | now always used for SIGUSR1 even when SIGINFO is not defined. This will make | ||
4684 | things simpler in -portable. | ||
4685 | |||
4686 | OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f | ||
4687 | |||
4688 | commit c721d5877509875c8515df0215fa1dab862013bc | ||
4689 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4690 | Date: Fri Nov 23 14:11:20 2018 +1100 | ||
4691 | |||
4692 | Move RANDOM_SEED_SIZE outside ifdef. | ||
4693 | |||
4694 | RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code | ||
4695 | This fixes the build with configureed --without-openssl. | ||
4696 | |||
4697 | commit deb51552c3ce7ce72c8d0232e4f36f2e7c118c7d | ||
4698 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4699 | Date: Thu Nov 22 19:59:28 2018 +1100 | ||
4700 | |||
4701 | Resync with OpenBSD by pulling in an ifdef SIGINFO. | ||
4702 | |||
4703 | commit 28c7b2cd050f4416bfcf3869a20e3ea138aa52fe | ||
4704 | Author: Damien Miller <djm@mindrot.org> | ||
4705 | Date: Fri Nov 23 10:45:20 2018 +1100 | ||
4706 | |||
4707 | fix configure test for OpenSSL version | ||
4708 | |||
4709 | square brackets in case statements may be eaten by autoconf. | ||
4710 | |||
4711 | Report and fix from Filipp Gunbin; tweaked by naddy@ | ||
4712 | |||
4713 | commit 42c5ec4b97b6a1bae70f323952d0646af16ce710 | ||
4714 | Author: Damien Miller <djm@mindrot.org> | ||
4715 | Date: Fri Nov 23 10:40:06 2018 +1100 | ||
4716 | |||
4717 | refactor libcrypto initialisation | ||
4718 | |||
4719 | Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually | ||
4720 | supports it. | ||
4721 | |||
4722 | Move all libcrypto initialisation to a single function, and call that | ||
4723 | from seed_rng() that is called early in each tool's main(). | ||
4724 | |||
4725 | Prompted by patch from Rosen Penev | ||
4726 | |||
4727 | commit 5b60b6c02009547a3e2a99d4886965de2a4719da | ||
4728 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4729 | Date: Thu Nov 22 08:59:11 2018 +0000 | ||
4730 | |||
4731 | upstream: Output info on SIGUSR1 as well as | ||
4732 | |||
4733 | SIGINFO to resync with portable. (ID sync only). | ||
4734 | |||
4735 | OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16 | ||
4736 | |||
4737 | commit e4ae345dc75b34fd870c2e8690d831d2c1088eb7 | ||
4738 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4739 | Date: Thu Nov 22 08:48:32 2018 +0000 | ||
4740 | |||
4741 | upstream: Append pid to temp files in /var/run and set a cleanup | ||
4742 | |||
4743 | trap for them. This allows multiple instances of tests to run without | ||
4744 | colliding. | ||
4745 | |||
4746 | OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c | ||
4747 | |||
4748 | commit f72d0f52effca5aa20a193217346615ecd3eed53 | ||
4749 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4750 | Date: Wed Oct 31 11:09:27 2018 +0000 | ||
4751 | |||
4752 | upstream: UsePrivilegeSeparation no is deprecated | ||
4753 | |||
4754 | test "yes" and "sandbox". | ||
4755 | |||
4756 | OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da | ||
4757 | |||
4758 | commit 35d0e5fefc419bddcbe09d7fc163d8cd3417125b | ||
4759 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4760 | Date: Wed Oct 17 23:28:05 2018 +0000 | ||
4761 | |||
4762 | upstream: add some knobs: | ||
4763 | |||
4764 | UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing). | ||
4765 | UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing). | ||
4766 | UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names). | ||
4767 | |||
4768 | useful if you want to run the tests as a smoke test to exercise the | ||
4769 | functionality without waiting for all the fuzzers to run. | ||
4770 | |||
4771 | OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e | ||
4772 | |||
4773 | commit c1941293d9422a14dda372b4c21895e72aa7a063 | ||
4774 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4775 | Date: Thu Nov 22 15:52:26 2018 +1100 | ||
4776 | |||
4777 | Resync Makefile.inc with upstream. | ||
4778 | |||
4779 | It's unused in -portable, but having it out of sync makes other syncs | ||
4780 | fail to apply. | ||
4781 | |||
4782 | commit 928f1231f65f88cd4c73e6e0edd63d2cf6295d77 | ||
4783 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4784 | Date: Mon Nov 19 04:12:32 2018 +0000 | ||
4785 | |||
4786 | upstream: silence (to log level debug2) failure messages when | ||
4787 | |||
4788 | loading the default hostkeys. Hostkeys explicitly specified in the | ||
4789 | configuration or on the command-line are still reported as errors, and | ||
4790 | failure to load at least one host key remains a fatal error. | ||
4791 | MIME-Version: 1.0 | ||
4792 | Content-Type: text/plain; charset=UTF-8 | ||
4793 | Content-Transfer-Encoding: 8bit | ||
4794 | |||
4795 | Based on patch from Dag-Erling Smørgrav via | ||
4796 | https://github.com/openssh/openssh-portable/pull/103 | ||
4797 | |||
4798 | ok markus@ | ||
4799 | |||
4800 | OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684 | ||
4801 | |||
4802 | commit 7fca94edbe8ca9f879da9fdd2afd959c4180f4c7 | ||
4803 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4804 | Date: Sun Nov 18 22:43:29 2018 +0000 | ||
4805 | |||
4806 | upstream: Fix inverted logic for redirecting ProxyCommand stderr to | ||
4807 | |||
4808 | /dev/null. Fixes mosh in proxycommand mode that was broken by the previous | ||
4809 | ProxyCommand change that was reported by matthieu@. ok djm@ danj@ | ||
4810 | |||
4811 | OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6 | ||
4812 | |||
4813 | commit ccef7c4faf914993b53035cd2b25ce02ab039c9d | ||
4814 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4815 | Date: Fri Nov 16 06:17:38 2018 +0000 | ||
4816 | |||
4817 | upstream: redirect stderr of ProxyCommands to /dev/null when ssh is | ||
4818 | |||
4819 | started with ControlPersist; based on patch from Steffen Prohaska | ||
4820 | |||
4821 | OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957 | ||
4822 | |||
4823 | commit 15182fd96845a03216d7ac5a2cf31c4e77e406e3 | ||
4824 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4825 | Date: Fri Nov 16 06:10:29 2018 +0000 | ||
4826 | |||
4827 | upstream: make grandparent-parent-child sshbuf chains robust to | ||
4828 | |||
4829 | use-after-free faults if the ancestors are freed before the descendents. | ||
4830 | Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn | ||
4831 | |||
4832 | OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2 | ||
4833 | |||
4834 | commit 2a35862e664afde774d4a72497d394fe7306ccb5 | ||
4835 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4836 | Date: Fri Nov 16 03:26:01 2018 +0000 | ||
4837 | |||
4838 | upstream: use path_absolute() for pathname checks; from Manoj Ampalam | ||
4839 | |||
4840 | OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925 | ||
4841 | |||
4842 | commit d0d1dfa55be1c5c0d77ab3096b198a64235f936d | ||
4843 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4844 | Date: Fri Nov 16 14:11:44 2018 +1100 | ||
4845 | |||
4846 | Test for OPENSSL_init_crypto before using. | ||
4847 | |||
4848 | Check for the presence of OPENSSL_init_crypto and all the flags we want | ||
4849 | before trying to use it (bz#2931). | ||
4850 | |||
4851 | commit 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 | ||
4852 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4853 | Date: Fri Nov 16 03:03:10 2018 +0000 | ||
4854 | |||
4855 | upstream: disallow empty incoming filename or ones that refer to the | ||
4856 | |||
4857 | current directory; based on report/patch from Harry Sintonen | ||
4858 | |||
4859 | OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 | ||
4860 | |||
4861 | commit aaed635e3a401cfcc4cc97f33788179c458901c3 | ||
4862 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4863 | Date: Fri Nov 16 02:46:20 2018 +0000 | ||
4864 | |||
4865 | upstream: fix bug in client that was keeping a redundant ssh-agent | ||
4866 | |||
4867 | socket around for the life of the connection; bz#2912; reported by Simon | ||
4868 | Tatham; ok dtucker@ | ||
4869 | |||
4870 | OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478 | ||
4871 | |||
4872 | commit e76135e3007f1564427b2956c628923d8dc2f75a | ||
4873 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4874 | Date: Fri Nov 16 02:43:56 2018 +0000 | ||
4875 | |||
4876 | upstream: fix bug in HostbasedAcceptedKeyTypes and | ||
4877 | |||
4878 | PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were | ||
4879 | specified, then authentication would always fail for RSA keys as the monitor | ||
4880 | checks only the base key (not the signature algorithm) type against | ||
4881 | *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker | ||
4882 | |||
4883 | OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b | ||
4884 | |||
4885 | commit 5c1a63562cac0574c226224075b0829a50b48c9d | ||
4886 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4887 | Date: Fri Nov 16 02:30:20 2018 +0000 | ||
4888 | |||
4889 | upstream: support a prefix of '@' to suppress echo of sftp batch | ||
4890 | |||
4891 | commands; bz#2926; ok dtucker@ | ||
4892 | |||
4893 | OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d | ||
4894 | |||
4895 | commit 90ef45f7aac33eaf55ec344e101548a01e570f29 | ||
4896 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
4897 | Date: Tue Nov 13 07:22:45 2018 +0000 | ||
4898 | |||
4899 | upstream: fix markup error (missing blank before delimiter); from | ||
4900 | |||
4901 | Mike Frysinger <vapier at gentoo dot org> | ||
4902 | |||
4903 | OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9 | ||
4904 | |||
4905 | commit 960e7c672dc106f3b759c081de3edb4d1138b36e | ||
4906 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4907 | Date: Fri Nov 9 02:57:58 2018 +0000 | ||
4908 | |||
4909 | upstream: typo in error message; caught by Debian lintian, via | ||
4910 | |||
4911 | Colin Watson | ||
4912 | |||
4913 | OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758 | ||
4914 | |||
4915 | commit 81f1620c836e6c79c0823ba44acca605226a80f1 | ||
4916 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4917 | Date: Fri Nov 9 02:56:22 2018 +0000 | ||
4918 | |||
4919 | upstream: correct local variable name; from yawang AT microsoft.com | ||
4920 | |||
4921 | OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87 | ||
4922 | |||
4923 | commit 1293740e800fa2e5ccd38842a2e4970c6f3b9831 | ||
4924 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4925 | Date: Wed Oct 31 11:20:05 2018 +0000 | ||
4926 | |||
4927 | upstream: Import new moduli. | ||
4928 | |||
4929 | OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403 | ||
4930 | |||
4931 | commit 46925ae28e53fc9add336a4fcdb7ed4b86c3591c | ||
4932 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4933 | Date: Fri Oct 26 01:23:03 2018 +0000 | ||
4934 | |||
4935 | upstream: mention ssh-ed25519-cert-v01@openssh.com in list of cert | ||
4936 | |||
4937 | key type at start of doc | ||
4938 | |||
4939 | OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324 | ||
4940 | |||
4941 | commit 8d8340e2c215155637fe19cb1a837f71b2d55f7b | ||
4942 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4943 | Date: Fri Nov 16 13:32:13 2018 +1100 | ||
4944 | |||
4945 | Remove fallback check for /usr/local/ssl. | ||
4946 | |||
4947 | If configure could not find a working OpenSSL installation it would | ||
4948 | fall back to checking in /usr/local/ssl. This made sense back when | ||
4949 | systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't | ||
4950 | use that as a default any more. The fallback behaviour also meant | ||
4951 | that if you pointed --with-ssl-dir at a specific directory and it | ||
4952 | didn't work, it would silently use either the system libs or the ones | ||
4953 | in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to | ||
4954 | pass configure --with-ssl-dir=/usr/local/ssl. ok djm@ | ||
4955 | |||
4956 | commit ce93472134fb22eff73edbcd173a21ae38889331 | ||
4957 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4958 | Date: Fri Nov 16 12:44:01 2018 +1100 | ||
4959 | |||
4960 | Fix check for OpenSSL 1.0.1 exactly. | ||
4961 | |||
4962 | Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix | ||
4963 | compile-time check for 1.0.1 to match. | ||
4964 | |||
4965 | commit f2970868f86161a22b2c377057fa3891863a692a | ||
4966 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4967 | Date: Sun Nov 11 15:58:20 2018 +1100 | ||
4968 | |||
4969 | Improve warnings in cygwin service setup. | ||
4970 | |||
4971 | bz#2922, patch from vinschen at redhat.com. | ||
4972 | |||
4973 | commit bd2d54fc1eee84bf87158a1277a50e6c8a303339 | ||
4974 | Author: Darren Tucker <dtucker@dtucker.net> | ||
4975 | Date: Sun Nov 11 15:54:54 2018 +1100 | ||
4976 | |||
4977 | Remove hardcoded service name in cygwin setup. | ||
4978 | |||
4979 | bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check | ||
4980 | by vinschen at redhat.com. | ||
4981 | |||
4982 | commit d0153c77bf7964e694f1d26c56c41a571b8e9466 | ||
4983 | Author: Dag-Erling Smørgrav <des@des.no> | ||
4984 | Date: Tue Oct 9 23:03:40 2018 +0200 | ||
4985 | |||
4986 | AC_CHECK_SIZEOF() no longer needs a second argument. | ||
4987 | |||
4988 | commit 9b47b083ca9d866249ada9f02dbd57c87b13806e | ||
4989 | Author: Manoj Ampalam <manojamp@microsoft.com> | ||
4990 | Date: Thu Nov 8 22:41:59 2018 -0800 | ||
4991 | |||
4992 | Fix error message w/out nistp521. | ||
4993 | |||
4994 | Correct error message when OpenSSL doesn't support certain ECDSA key | ||
4995 | lengths. | ||
4996 | |||
4997 | commit 624d19ac2d56fa86a22417c35536caceb3be346f | ||
4998 | Author: Eneas U de Queiroz <cote2004-github@yahoo.com> | ||
4999 | Date: Tue Oct 9 16:17:42 2018 -0300 | ||
5000 | |||
5001 | fix compilation with openssl built without ECC | ||
5002 | |||
5003 | ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be | ||
5004 | guarded by OPENSSL_HAS_ECC | ||
5005 | |||
5006 | Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> | ||
5007 | |||
5008 | commit 1801cd11d99d05a66ab5248c0555f55909a355ce | ||
5009 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5010 | Date: Thu Nov 8 15:03:11 2018 +1100 | ||
5011 | |||
5012 | Simplify OpenSSL 1.1 function checks. | ||
5013 | |||
5014 | Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single | ||
5015 | AC_CHECK_FUNCS. ok djm@ | ||
5016 | |||
5017 | commit bc32f118d484e4d71d2a0828fd4eab7e4176c9af | ||
5018 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5019 | Date: Mon Nov 5 17:31:24 2018 +1100 | ||
5020 | |||
5021 | Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV. | ||
5022 | |||
5023 | Prevents unnecessary redefinition. Patch from mforney at mforney.org. | ||
5024 | |||
5025 | commit 3719df60c66abc4b47200d41f571d67772f293ba | ||
5026 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5027 | Date: Wed Oct 31 22:21:03 2018 +1100 | ||
5028 | |||
5029 | Import new moduli. | ||
5030 | |||
5031 | commit 595605d4abede475339d6a1f07a8cc674c11d1c3 | ||
5032 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5033 | Date: Sun Oct 28 15:18:13 2018 +1100 | ||
5034 | |||
5035 | Update check for minimum OpenSSL version. | ||
5036 | |||
5037 | commit 6ab75aba340d827140d7ba719787aabaf39a0355 | ||
5038 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5039 | Date: Sun Oct 28 15:16:31 2018 +1100 | ||
5040 | |||
5041 | Update required OpenSSL versions to match current. | ||
5042 | |||
5043 | commit c801b0e38eae99427f37869370151b78f8e15c5d | ||
5044 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5045 | Date: Sun Oct 28 14:34:12 2018 +1100 | ||
5046 | |||
5047 | Use detected version functions in openssl compat. | ||
5048 | |||
5049 | Use detected functions in compat layer instead of guessing based on | ||
5050 | versions. Really fixes builds with LibreSSL, not just configure. | ||
5051 | |||
5052 | commit 262d81a259d4aa1507c709ec9d5caa21c7740722 | ||
5053 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5054 | Date: Sat Oct 27 16:45:59 2018 +1100 | ||
5055 | |||
5056 | Check for the existence of openssl version funcs. | ||
5057 | |||
5058 | Check for the existence of openssl version functions and use the ones | ||
5059 | detected instead of trying to guess based on the int32 version | ||
5060 | identifier. Fixes builds with LibreSSL. | ||
5061 | |||
5062 | commit 406a24b25d6a2bdd70cacd16de7e899dcb2a8829 | ||
5063 | Author: Damien Miller <djm@mindrot.org> | ||
5064 | Date: Fri Oct 26 13:43:28 2018 +1100 | ||
5065 | |||
5066 | fix builds on OpenSSL <= 1.0.x | ||
5067 | |||
5068 | I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API | ||
5069 | to obtain version number, but they don't. | ||
5070 | |||
5071 | commit 859754bdeb41373d372e36b5dc89c547453addb3 | ||
5072 | Author: Damien Miller <djm@mindrot.org> | ||
5073 | Date: Tue Oct 23 17:10:41 2018 +1100 | ||
5074 | |||
5075 | remove remaining references to SSLeay | ||
5076 | |||
5077 | Prompted by Rosen Penev | ||
5078 | |||
5079 | commit b9fea45a68946c8dfeace72ad1f6657c18f2a98a | ||
5080 | Author: Damien Miller <djm@mindrot.org> | ||
5081 | Date: Tue Oct 23 17:10:35 2018 +1100 | ||
5082 | |||
5083 | regen depend | ||
5084 | |||
5085 | commit a65784c9f9c5d00cf1a0e235090170abc8d07c73 | ||
5086 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5087 | Date: Tue Oct 23 05:56:35 2018 +0000 | ||
5088 | |||
5089 | upstream: refer to OpenSSL not SSLeay; | ||
5090 | |||
5091 | we're old, but we don't have to act it | ||
5092 | |||
5093 | OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec | ||
5094 | |||
5095 | commit c0a35265907533be10ca151ac797f34ae0d68969 | ||
5096 | Author: Damien Miller <djm@mindrot.org> | ||
5097 | Date: Mon Oct 22 11:22:50 2018 +1100 | ||
5098 | |||
5099 | fix compile for openssl 1.0.x w/ --with-ssl-engine | ||
5100 | |||
5101 | bz#2921, patch from cotequeiroz | ||
5102 | |||
5103 | commit 31b49525168245abe16ad49d7b7f519786b53a38 | ||
5104 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5105 | Date: Mon Oct 22 20:05:18 2018 +1100 | ||
5106 | |||
5107 | Include openssl compatibility. | ||
5108 | |||
5109 | Patch from rosenp at gmail.com via openssh-unix-dev. | ||
5110 | |||
5111 | commit a4fc253f5f44f0e4c47aafe2a17d2c46481d3c04 | ||
5112 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5113 | Date: Fri Oct 19 03:12:42 2018 +0000 | ||
5114 | |||
5115 | upstream: when printing certificate contents "ssh-keygen -Lf | ||
5116 | |||
5117 | /path/certificate", include the algorithm that the CA used to sign the cert. | ||
5118 | |||
5119 | OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd | ||
5120 | |||
5121 | commit 83b3d99d2b47321b7ebb8db6f6ea04f3808bc069 | ||
5122 | Author: florian@openbsd.org <florian@openbsd.org> | ||
5123 | Date: Mon Oct 15 11:28:50 2018 +0000 | ||
5124 | |||
5125 | upstream: struct sockaddr_storage is guaranteed to be large enough, | ||
5126 | |||
5127 | no need to check the size. OK kn, deraadt | ||
5128 | |||
5129 | OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439 | ||
5130 | |||
5131 | commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d | ||
5132 | Author: Damien Miller <djm@mindrot.org> | ||
5133 | Date: Wed Oct 17 11:01:20 2018 +1100 | ||
5134 | |||
5135 | Require OpenSSL 1.1.x series 1.1.0g or greater | ||
5136 | |||
5137 | Previous versions have a bug with EVP_CipherInit() when passed a | ||
5138 | NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 | ||
5139 | |||
5140 | ok dtucker@ | ||
5141 | |||
5142 | commit 08300c211409c212e010fe2e2f2883e573a04ce2 | ||
5143 | Author: Damien Miller <djm@mindrot.org> | ||
5144 | Date: Wed Oct 17 08:12:02 2018 +1100 | ||
5145 | |||
5146 | unbreak compilation with --with-ssl-engine | ||
5147 | |||
5148 | Missing last argument to OPENSSL_init_crypto() | ||
5149 | |||
5150 | commit 1673274aee67ce0eb6f00578b6f3d2bcbd58f937 | ||
5151 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5152 | Date: Tue Oct 16 14:45:57 2018 +1100 | ||
5153 | |||
5154 | Remove gcc spectre mitigation flags. | ||
5155 | |||
5156 | Current impementions of the gcc spectre mitigation flags cause | ||
5157 | miscompilations when combined with other flags and do not provide much | ||
5158 | protection. Found by fweimer at redhat.com, ok djm@ | ||
5159 | |||
5160 | commit 4e23deefd7959ef83c73ed9cce574423438f6133 | ||
5161 | Author: Damien Miller <djm@mindrot.org> | ||
5162 | Date: Tue Oct 16 10:51:52 2018 +1100 | ||
5163 | |||
5164 | Avoid deprecated OPENSSL_config when using 1.1.x | ||
5165 | |||
5166 | OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of | ||
5167 | OPENSSL_init_crypto; pointed out by Jakub Jelen | ||
5168 | |||
5169 | commit 797cdd9c8468ed1125ce60d590ae3f1397866af4 | ||
5170 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5171 | Date: Fri Oct 12 16:58:47 2018 +1100 | ||
5172 | |||
5173 | Don't avoid our *sprintf replacements. | ||
5174 | |||
5175 | Don't let systems with broken printf(3) avoid our replacements | ||
5176 | via asprintf(3)/vasprintf(3) calling libc internally. From djm@ | ||
5177 | |||
5178 | commit e526127cbd2f8ad88fb41229df0c9b850c722830 | ||
5179 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5180 | Date: Fri Oct 12 16:43:35 2018 +1100 | ||
5181 | |||
5182 | Check if snprintf understands %zu. | ||
5183 | |||
5184 | If the platforms snprintf and friends don't understand %zu, use the | ||
5185 | compat replacement. Prevents segfaults on those platforms. | ||
5186 | |||
5187 | commit cf39f875191708c5f2f1a3c1c9019f106e74aea3 | ||
5188 | Author: Damien Miller <djm@mindrot.org> | ||
5189 | Date: Fri Oct 12 09:48:05 2018 +1100 | ||
5190 | |||
5191 | remove stale link, tweak | ||
5192 | |||
5193 | commit a7205e68decf7de2005810853b4ce6b222b65e2a | ||
5194 | Author: Damien Miller <djm@mindrot.org> | ||
5195 | Date: Fri Oct 12 09:47:20 2018 +1100 | ||
5196 | |||
5197 | update version numbers ahead of release | ||
5198 | |||
5199 | commit 1a4a9cf80f5b92b9d1dadd0bfa8867c04d195391 | ||
5200 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5201 | Date: Thu Oct 11 03:48:04 2018 +0000 | ||
5202 | |||
5203 | upstream: don't send new-style rsa-sha2-*-cert-v01@openssh.com names to | ||
5204 | |||
5205 | older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker | ||
5206 | |||
5207 | OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631 | ||
5208 | |||
5209 | commit dc8ddcdf1a95e011c263486c25869bb5bf4e30ec | ||
5210 | Author: Damien Miller <djm@mindrot.org> | ||
5211 | Date: Thu Oct 11 13:08:59 2018 +1100 | ||
5212 | |||
5213 | update depends | ||
5214 | |||
5215 | commit 26841ac265603fd2253e6832e03602823dbb4022 | ||
5216 | Author: Damien Miller <djm@mindrot.org> | ||
5217 | Date: Thu Oct 11 13:02:11 2018 +1100 | ||
5218 | |||
5219 | some more duplicated key algorithm lines | ||
5220 | |||
5221 | From Adam Eijdenberg | ||
5222 | |||
5223 | commit 5d9d17603bfbb620195a4581025052832b4c4adc | ||
5224 | Author: Damien Miller <djm@mindrot.org> | ||
5225 | Date: Thu Oct 11 11:56:36 2018 +1100 | ||
5226 | |||
5227 | fix duplicated algorithm specification lines | ||
5228 | |||
5229 | Spotted by Adam Eijdenberg | ||
5230 | |||
5231 | commit ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663 | ||
5232 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5233 | Date: Thu Oct 11 00:52:46 2018 +0000 | ||
5234 | |||
5235 | upstream: typo in plain RSA algorithm counterpart names for | ||
5236 | |||
5237 | certificates; spotted by Adam Eijdenberg; ok dtucker@ | ||
5238 | |||
5239 | OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00 | ||
5240 | |||
5241 | commit c29b111e7d87c2324ff71c80653dd8da168c13b9 | ||
5242 | Author: Damien Miller <djm@mindrot.org> | ||
5243 | Date: Thu Oct 11 11:29:35 2018 +1100 | ||
5244 | |||
5245 | check pw_passwd != NULL here too | ||
5246 | |||
5247 | Again, for systems with broken NIS implementations. | ||
5248 | |||
5249 | Prompted by coolbugcheckers AT gmail.com | ||
5250 | |||
5251 | commit fe8e8f349a553ef4c567acd418aac769a82b7729 | ||
5252 | Author: Damien Miller <djm@mindrot.org> | ||
5253 | Date: Thu Oct 11 11:03:15 2018 +1100 | ||
5254 | |||
5255 | check for NULL return from shadow_pw() | ||
5256 | |||
5257 | probably unreachable on this platform; pointed out by | ||
5258 | coolbugcheckers AT gmail.com | ||
5259 | |||
5260 | commit acc59cbe7a1fb169e1c3caba65a39bd74d6e030d | ||
5261 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
5262 | Date: Wed Oct 10 16:43:49 2018 +0000 | ||
5263 | |||
5264 | upstream: introducing openssh 7.9 | ||
5265 | |||
5266 | OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25 | ||
5267 | |||
5268 | commit 12731158c75c8760a8bea06350eeb3e763fe1a07 | ||
5269 | Author: Damien Miller <djm@mindrot.org> | ||
5270 | Date: Thu Oct 11 10:29:29 2018 +1100 | ||
5271 | |||
5272 | supply callback to PEM_read_bio_PrivateKey | ||
5273 | |||
5274 | OpenSSL 1.1.0i has changed the behaviour of their PEM APIs, | ||
5275 | so that empty passphrases are interpreted differently. This | ||
5276 | probabalistically breaks loading some keys, because the PEM format | ||
5277 | is terrible and doesn't include a proper MAC. | ||
5278 | |||
5279 | Avoid this by providing a basic callback to avoid passing empty | ||
5280 | passphrases to OpenSSL in cases where one is required. | ||
5281 | |||
5282 | Based on patch from Jakub Jelen in bz#2913; ok dtucker@ | ||
5283 | |||
5284 | commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 | ||
5285 | Author: Damien Miller <djm@mindrot.org> | ||
5286 | Date: Wed Oct 10 14:57:00 2018 +1100 | ||
5287 | |||
5288 | in pick_salt() avoid dereference of NULL passwords | ||
5289 | |||
5290 | Apparently some NIS implementations can leave pw->pw_passwd (or the | ||
5291 | shadow equivalent) NULL. | ||
5292 | |||
5293 | bz#2909; based on patch from Todd Eigenschink | ||
5294 | |||
5295 | commit edbb6febccee084d212fdc0cb05b40cb1c646ab1 | ||
5296 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5297 | Date: Tue Oct 9 05:42:23 2018 +0000 | ||
5298 | |||
5299 | upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase | ||
5300 | |||
5301 | is specified as "incorrect passphrase" instead of trying to choose between | ||
5302 | that and "invalid format". | ||
5303 | |||
5304 | libcrypto can return ASN1 parsing errors rather than the expected | ||
5305 | decrypt error in certain infrequent cases when trying to decrypt/parse | ||
5306 | PEM private keys when supplied with an invalid passphrase. | ||
5307 | |||
5308 | Report and repro recipe from Thomas Deutschmann in bz#2901 | ||
5309 | |||
5310 | ok markus@ | ||
5311 | |||
5312 | OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870 | ||
5313 | |||
5314 | commit 2581333d564d8697837729b3d07d45738eaf5a54 | ||
5315 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
5316 | Date: Fri Oct 5 14:26:09 2018 +0000 | ||
5317 | |||
5318 | upstream: Support using service names for port numbers. | ||
5319 | |||
5320 | * Try to resolve a port specification with getservbyname(3) if a | ||
5321 | numeric conversion fails. | ||
5322 | * Make the "Port" option in ssh_config handle its argument as a | ||
5323 | port rather than a plain integer. | ||
5324 | |||
5325 | ok dtucker@ deraadt@ | ||
5326 | |||
5327 | OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d | ||
5328 | |||
5329 | commit e0d6501e86734c48c8c503f81e1c0926e98c5c4c | ||
5330 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5331 | Date: Thu Oct 4 07:47:35 2018 +0000 | ||
5332 | |||
5333 | upstream: when the peer sends a channel-close message, make sure we | ||
5334 | |||
5335 | close the local extended read fd (stderr) along with the regular read fd | ||
5336 | (stdout). Avoids weird stuck processed in multiplexing mode. | ||
5337 | |||
5338 | Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863 | ||
5339 | |||
5340 | ok dtucker@ markus@ | ||
5341 | |||
5342 | OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9 | ||
5343 | |||
5344 | commit 6f1aabb128246f445e33b8844fad3de9cb1d18cb | ||
5345 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5346 | Date: Thu Oct 4 01:04:52 2018 +0000 | ||
5347 | |||
5348 | upstream: factor out channel status formatting from | ||
5349 | |||
5350 | channel_open_message() so we can use it in other debug messages | ||
5351 | |||
5352 | OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba | ||
5353 | |||
5354 | commit f1dd179e122bdfdb7ca3072d9603607740efda05 | ||
5355 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5356 | Date: Thu Oct 4 00:10:11 2018 +0000 | ||
5357 | |||
5358 | upstream: include a little more information about the status and | ||
5359 | |||
5360 | disposition of channel's extended (stderr) fd; makes debugging some things a | ||
5361 | bit easier. No behaviour change. | ||
5362 | |||
5363 | OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce | ||
5364 | |||
5365 | commit 2d1428b11c8b6f616f070f2ecedce12328526944 | ||
5366 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5367 | Date: Thu Oct 4 00:04:41 2018 +0000 | ||
5368 | |||
5369 | upstream: explicit_bzero here to be consistent with other kex*.c; | ||
5370 | |||
5371 | report from coolbugcheckers AT gmail.com | ||
5372 | |||
5373 | OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb | ||
5374 | |||
5375 | commit 5eff5b858e717e901e6af6596306a114de9f79f2 | ||
5376 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5377 | Date: Wed Oct 3 06:38:35 2018 +0000 | ||
5378 | |||
5379 | upstream: Allow ssh_config IdentityAgent directive to accept | ||
5380 | |||
5381 | environment variable names as well as explicit paths. ok dtucker@ | ||
5382 | |||
5383 | OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b | ||
5384 | |||
5385 | commit a46ac4d86b25414d78b632e8173578b37e5f8a83 | ||
5386 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5387 | Date: Tue Oct 2 12:51:58 2018 +0000 | ||
5388 | |||
5389 | upstream: mention INFO@openssh.com for sending SIGINFO | ||
5390 | |||
5391 | OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900 | ||
5392 | |||
5393 | commit ff3a411cae0b484274b7900ef52ff4dad3e12876 | ||
5394 | Author: Damien Miller <djm@mindrot.org> | ||
5395 | Date: Tue Oct 2 22:49:40 2018 +1000 | ||
5396 | |||
5397 | only support SIGINFO on systems with SIGINFO | ||
5398 | |||
5399 | commit cd98925c6405e972dc9f211afc7e75e838abe81c | ||
5400 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5401 | Date: Tue Oct 2 12:40:07 2018 +0000 | ||
5402 | |||
5403 | upstream: Add server support for signalling sessions via the SSH | ||
5404 | |||
5405 | channel/ session protocol. Signalling is only supported to sesssions that are | ||
5406 | not subsystems and were not started with a forced command. | ||
5407 | |||
5408 | Long requested in bz#1424 | ||
5409 | |||
5410 | Based on a patch from markus@ and reworked by dtucker@; | ||
5411 | ok markus@ dtucker@ | ||
5412 | |||
5413 | OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3 | ||
5414 | |||
5415 | commit dba50258333f2604a87848762af07ba2cc40407a | ||
5416 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5417 | Date: Wed Sep 26 07:32:44 2018 +0000 | ||
5418 | |||
5419 | upstream: remove big ugly TODO comment from start of file. Some of | ||
5420 | |||
5421 | the mentioned tasks are obsolete and, of the remainder, most are already | ||
5422 | captured in PROTOCOL.mux where they better belong | ||
5423 | |||
5424 | OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407 | ||
5425 | |||
5426 | commit 92b61a38ee9b765f5049f03cd1143e13f3878905 | ||
5427 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5428 | Date: Wed Sep 26 07:30:05 2018 +0000 | ||
5429 | |||
5430 | upstream: Document mux proxy mode; added by Markus in openssh-7.4 | ||
5431 | |||
5432 | Also add a little bit of information about the overall packet format | ||
5433 | |||
5434 | OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95 | ||
5435 | |||
5436 | commit 9d883a1ce4f89b175fd77405ff32674620703fb2 | ||
5437 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5438 | Date: Wed Sep 26 01:48:57 2018 +0000 | ||
5439 | |||
5440 | upstream: s/process_mux_master/mux_master_process/ in mux master | ||
5441 | |||
5442 | function names, | ||
5443 | |||
5444 | Gives better symmetry with the existing mux_client_*() names and makes | ||
5445 | it more obvious when a message comes from the master vs client (they | ||
5446 | are interleved in ControlMaster=auto mode). | ||
5447 | |||
5448 | no functional change beyond prefixing a could of log messages with | ||
5449 | __func__ where they were previously lacking. | ||
5450 | |||
5451 | OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75 | ||
5452 | |||
5453 | commit c2fa53cd6462da82d3a851dc3a4a3f6b920337c8 | ||
5454 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5455 | Date: Sat Sep 22 14:41:24 2018 +1000 | ||
5456 | |||
5457 | Remove unused variable in _ssh_compat_fflush. | ||
5458 | |||
5459 | commit d1b3540c21212624af907488960d703c7d987b42 | ||
5460 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5461 | Date: Thu Sep 20 18:08:43 2018 +1000 | ||
5462 | |||
5463 | Import updated moduli. | ||
5464 | |||
5465 | commit b5e412a8993ad17b9e1141c78408df15d3d987e1 | ||
5466 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5467 | Date: Fri Sep 21 12:46:22 2018 +0000 | ||
5468 | |||
5469 | upstream: Allow ssh_config ForwardX11Timeout=0 to disable the | ||
5470 | |||
5471 | timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ | ||
5472 | |||
5473 | OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69 | ||
5474 | |||
5475 | commit cb24d9fcc901429d77211f274031653476864ec6 | ||
5476 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5477 | Date: Fri Sep 21 12:23:17 2018 +0000 | ||
5478 | |||
5479 | upstream: when compiled with GSSAPI support, cache supported method | ||
5480 | |||
5481 | OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether | ||
5482 | GSSAPI authentication is enabled in the main config. | ||
5483 | |||
5484 | This avoids sandbox violations for configurations that enable GSSAPI | ||
5485 | auth later, e.g. | ||
5486 | |||
5487 | Match user djm | ||
5488 | GSSAPIAuthentication yes | ||
5489 | |||
5490 | bz#2107; ok dtucker@ | ||
5491 | |||
5492 | OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d | ||
5493 | |||
5494 | commit bbc8af72ba68da014d4de6e21a85eb5123384226 | ||
5495 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5496 | Date: Fri Sep 21 12:20:12 2018 +0000 | ||
5497 | |||
5498 | upstream: In sshkey_in_file(), ignore keys that are considered for | ||
5499 | |||
5500 | being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered | ||
5501 | to be "in the file". This allows key revocation lists to contain short keys | ||
5502 | without the entire revocation list being considered invalid. | ||
5503 | |||
5504 | bz#2897; ok dtucker | ||
5505 | |||
5506 | OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b | ||
5507 | |||
5508 | commit 383a33d160cefbfd1b40fef81f72eadbf9303a66 | ||
5509 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5510 | Date: Fri Sep 21 03:11:36 2018 +0000 | ||
5511 | |||
5512 | upstream: Treat connections with ProxyJump specified the same as ones | ||
5513 | |||
5514 | with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't | ||
5515 | try to canonicalise the hostname unless CanonicalizeHostname is set to | ||
5516 | 'always'). | ||
5517 | |||
5518 | Patch from Sven Wegener via bz#2896 | ||
5519 | |||
5520 | OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37 | ||
5521 | |||
5522 | commit 0cbed248ed81584129b67c348dbb801660f25a6a | ||
5523 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5524 | Date: Thu Sep 20 23:40:16 2018 +0000 | ||
5525 | |||
5526 | upstream: actually make CASignatureAlgorithms available as a config | ||
5527 | |||
5528 | option | ||
5529 | |||
5530 | OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52 | ||
5531 | |||
5532 | commit 62528870c0ec48cd86a37dd7320fb85886c3e6ee | ||
5533 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5534 | Date: Thu Sep 20 08:07:03 2018 +0000 | ||
5535 | |||
5536 | upstream: Import updated moduli. | ||
5537 | |||
5538 | OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40 | ||
5539 | |||
5540 | commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 | ||
5541 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
5542 | Date: Thu Sep 20 06:58:48 2018 +0000 | ||
5543 | |||
5544 | upstream: reorder CASignatureAlgorithms, and add them to the | ||
5545 | |||
5546 | various -o lists; ok djm | ||
5547 | |||
5548 | OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288 | ||
5549 | |||
5550 | commit aa083aa9624ea7b764d5a81c4c676719a1a3e42b | ||
5551 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5552 | Date: Thu Sep 20 03:31:49 2018 +0000 | ||
5553 | |||
5554 | upstream: fix "ssh -Q sig" to show correct signature algorithm list | ||
5555 | |||
5556 | (it was erroneously showing certificate algorithms); prompted by markus@ | ||
5557 | |||
5558 | OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d | ||
5559 | |||
5560 | commit ecac7e1f7add6b28874959a11f2238d149dc2c07 | ||
5561 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5562 | Date: Thu Sep 20 03:30:44 2018 +0000 | ||
5563 | |||
5564 | upstream: add CASignatureAlgorithms option for the client, allowing | ||
5565 | |||
5566 | it to specify which signature algorithms may be used by CAs when signing | ||
5567 | certificates. Useful if you want to ban RSA/SHA1; ok markus@ | ||
5568 | |||
5569 | OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f | ||
5570 | |||
5571 | commit 86e5737c39153af134158f24d0cab5827cbd5852 | ||
5572 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5573 | Date: Thu Sep 20 03:28:06 2018 +0000 | ||
5574 | |||
5575 | upstream: Add sshd_config CASignatureAlgorithms option to allow | ||
5576 | |||
5577 | control over which signature algorithms a CA may use when signing | ||
5578 | certificates. In particular, this allows a sshd to ban certificates signed | ||
5579 | with RSA/SHA1. | ||
5580 | |||
5581 | ok markus@ | ||
5582 | |||
5583 | OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac | ||
5584 | |||
5585 | commit f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f | ||
5586 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5587 | Date: Wed Sep 19 02:03:02 2018 +0000 | ||
5588 | |||
5589 | upstream: Make "ssh-add -q" do what it says on the tin: silence | ||
5590 | |||
5591 | output from successful operations. | ||
5592 | |||
5593 | Based on patch from Thijs van Dijk; ok dtucker@ deraadt@ | ||
5594 | |||
5595 | OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1 | ||
5596 | |||
5597 | commit 5e532320e9e51de720d5f3cc2596e95d29f6e98f | ||
5598 | Author: millert@openbsd.org <millert@openbsd.org> | ||
5599 | Date: Mon Sep 17 15:40:14 2018 +0000 | ||
5600 | |||
5601 | upstream: When choosing a prime from the moduli file, avoid | ||
5602 | |||
5603 | re-using the linenum variable for something that is not a line number to | ||
5604 | avoid the confusion that resulted in the bug in rev. 1.64. This also lets us | ||
5605 | pass the actual linenum to parse_prime() so the error messages include the | ||
5606 | correct line number. OK markus@ some time ago. | ||
5607 | |||
5608 | OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084 | ||
5609 | |||
5610 | commit cce8cbe0ed7d1ba3a575310e0b63c193326ae616 | ||
5611 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5612 | Date: Sat Sep 15 19:44:06 2018 +1000 | ||
5613 | |||
5614 | Fix openssl-1.1 fallout for --without-openssl. | ||
5615 | |||
5616 | ok djm@ | ||
5617 | |||
5618 | commit 149519b9f201dac755f3cba4789f4d76fecf0ee1 | ||
5619 | Author: Damien Miller <djm@mindrot.org> | ||
5620 | Date: Sat Sep 15 19:37:48 2018 +1000 | ||
5621 | |||
5622 | add futex(2) syscall to seccomp sandbox | ||
5623 | |||
5624 | Apparently needed for some glibc/openssl combinations. | ||
5625 | |||
5626 | Patch from Arkadiusz Miśkiewicz | ||
5627 | |||
5628 | commit 4488ae1a6940af704c4dbf70f55bf2f756a16536 | ||
5629 | Author: Damien Miller <djm@mindrot.org> | ||
5630 | Date: Sat Sep 15 19:36:55 2018 +1000 | ||
5631 | |||
5632 | really add source for authopt_fuzz this time | ||
5633 | |||
5634 | commit 9201784b4a257c8345fbd740bcbdd70054885707 | ||
5635 | Author: Damien Miller <djm@mindrot.org> | ||
5636 | Date: Sat Sep 15 19:35:40 2018 +1000 | ||
5637 | |||
5638 | remove accidentally checked-in authopt_fuzz binary | ||
5639 | |||
5640 | commit beb9e522dc7717df08179f9e59f36b361bfa14ab | ||
5641 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5642 | Date: Fri Sep 14 05:26:27 2018 +0000 | ||
5643 | |||
5644 | upstream: second try, deals properly with missing and private-only | ||
5645 | |||
5646 | Use consistent format in debug log for keys readied, offered and | ||
5647 | received during public key authentication. | ||
5648 | |||
5649 | This makes it a little easier to see what is going on, as each message | ||
5650 | now contains (where available) the key filename, its type and fingerprint, | ||
5651 | and whether the key is hosted in an agent or a token. | ||
5652 | |||
5653 | OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7 | ||
5654 | |||
5655 | commit 6bc5a24ac867bfdc3ed615589d69ac640f51674b | ||
5656 | Author: Damien Miller <djm@mindrot.org> | ||
5657 | Date: Fri Sep 14 15:16:34 2018 +1000 | ||
5658 | |||
5659 | fuzzer harness for authorized_keys option parsing | ||
5660 | |||
5661 | commit 6c8b82fc6929b6a9a3f645151b6ec26c5507d9ef | ||
5662 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5663 | Date: Fri Sep 14 04:44:04 2018 +0000 | ||
5664 | |||
5665 | upstream: revert following; deals badly with agent keys | ||
5666 | |||
5667 | revision 1.285 | ||
5668 | date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK; | ||
5669 | Use consistent format in debug log for keys readied, offered and | ||
5670 | received during public key authentication. | ||
5671 | |||
5672 | This makes it a little easier to see what is going on, as each message | ||
5673 | now contains the key filename, its type and fingerprint, and whether | ||
5674 | the key is hosted in an agent or a token. | ||
5675 | |||
5676 | OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d | ||
5677 | |||
5678 | commit 6da046f9c3374ce7e269ded15d8ff8bc45017301 | ||
5679 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5680 | Date: Fri Sep 14 04:17:44 2018 +0000 | ||
5681 | |||
5682 | upstream: garbage-collect moribund ssh_new_private() API. | ||
5683 | |||
5684 | OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c | ||
5685 | |||
5686 | commit 1f24ac5fc05252ceb1c1d0e8cab6a283b883c780 | ||
5687 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5688 | Date: Fri Sep 14 04:17:12 2018 +0000 | ||
5689 | |||
5690 | upstream: Use consistent format in debug log for keys readied, | ||
5691 | |||
5692 | offered and received during public key authentication. | ||
5693 | |||
5694 | This makes it a little easier to see what is going on, as each message | ||
5695 | now contains the key filename, its type and fingerprint, and whether | ||
5696 | the key is hosted in an agent or a token. | ||
5697 | |||
5698 | OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f | ||
5699 | |||
5700 | commit 488c9325bb7233e975dbfbf89fa055edc3d3eddc | ||
5701 | Author: millert@openbsd.org <millert@openbsd.org> | ||
5702 | Date: Thu Sep 13 15:23:32 2018 +0000 | ||
5703 | |||
5704 | upstream: Fix warnings caused by user_from_uid() and group_from_gid() | ||
5705 | |||
5706 | now returning const char *. | ||
5707 | |||
5708 | OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f | ||
5709 | |||
5710 | commit 0aa1f230846ebce698e52051a107f3127024a05a | ||
5711 | Author: Damien Miller <djm@mindrot.org> | ||
5712 | Date: Fri Sep 14 10:31:47 2018 +1000 | ||
5713 | |||
5714 | allow SIGUSR1 as synonym for SIGINFO | ||
5715 | |||
5716 | Lets users on those unfortunate operating systems that lack SIGINFO | ||
5717 | still be able to obtain progress information from unit tests :) | ||
5718 | |||
5719 | commit d64e78526596f098096113fcf148216798c327ff | ||
5720 | Author: Damien Miller <djm@mindrot.org> | ||
5721 | Date: Thu Sep 13 19:05:48 2018 +1000 | ||
5722 | |||
5723 | add compat header | ||
5724 | |||
5725 | commit a3fd8074e2e2f06602e25618721f9556c731312c | ||
5726 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5727 | Date: Thu Sep 13 09:03:20 2018 +0000 | ||
5728 | |||
5729 | upstream: missed a bit of openssl-1.0.x API in this unittest | ||
5730 | |||
5731 | OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9 | ||
5732 | |||
5733 | commit 86e0a9f3d249d5580390daf58e015e68b01cef10 | ||
5734 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5735 | Date: Thu Sep 13 05:06:51 2018 +0000 | ||
5736 | |||
5737 | upstream: use only openssl-1.1.x API here too | ||
5738 | |||
5739 | OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f | ||
5740 | |||
5741 | commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc | ||
5742 | Author: Damien Miller <djm@mindrot.org> | ||
5743 | Date: Thu Sep 13 12:13:50 2018 +1000 | ||
5744 | |||
5745 | adapt -portable to OpenSSL 1.1x API | ||
5746 | |||
5747 | Polyfill missing API with replacement functions extracted from LibreSSL | ||
5748 | |||
5749 | commit 86112951d63d48839f035b5795be62635a463f99 | ||
5750 | Author: Damien Miller <djm@mindrot.org> | ||
5751 | Date: Thu Sep 13 12:12:42 2018 +1000 | ||
5752 | |||
5753 | forgot to stage these test files in commit d70d061 | ||
5754 | |||
5755 | commit 482d23bcacdd3664f21cc82a5135f66fc598275f | ||
5756 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5757 | Date: Thu Sep 13 02:08:33 2018 +0000 | ||
5758 | |||
5759 | upstream: hold our collective noses and use the openssl-1.1.x API in | ||
5760 | |||
5761 | OpenSSH; feedback and ok tb@ jsing@ markus@ | ||
5762 | |||
5763 | OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417 | ||
5764 | |||
5765 | commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1 | ||
5766 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5767 | Date: Wed Sep 12 01:36:45 2018 +0000 | ||
5768 | |||
5769 | upstream: Include certs with multiple RSA signature variants in | ||
5770 | |||
5771 | test data Ensure that cert->signature_key is populated correctly | ||
5772 | |||
5773 | OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a | ||
5774 | |||
5775 | commit f803b2682992cfededd40c91818b653b5d923ef5 | ||
5776 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5777 | Date: Wed Sep 12 01:23:48 2018 +0000 | ||
5778 | |||
5779 | upstream: test revocation by explicit hash and by fingerprint | ||
5780 | |||
5781 | OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8 | ||
5782 | |||
5783 | commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4 | ||
5784 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5785 | Date: Wed Sep 12 01:22:43 2018 +0000 | ||
5786 | |||
5787 | upstream: s/sshkey_demote/sshkey_from_private/g | ||
5788 | |||
5789 | OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4 | ||
5790 | |||
5791 | commit 41c115a5ea1cb79a6a3182773c58a23f760e8076 | ||
5792 | Author: Damien Miller <djm@mindrot.org> | ||
5793 | Date: Wed Sep 12 16:50:01 2018 +1000 | ||
5794 | |||
5795 | delete the correct thing; kexfuzz binary | ||
5796 | |||
5797 | commit f0fcd7e65087db8c2496f13ed39d772f8e38b088 | ||
5798 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5799 | Date: Wed Sep 12 06:18:59 2018 +0000 | ||
5800 | |||
5801 | upstream: fix edit mistake; spotted by jmc@ | ||
5802 | |||
5803 | OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6 | ||
5804 | |||
5805 | commit 4cc259bac699f4d2a5c52b92230f9e488c88a223 | ||
5806 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5807 | Date: Wed Sep 12 01:34:02 2018 +0000 | ||
5808 | |||
5809 | upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of | ||
5810 | |||
5811 | signature algorithms that are allowed for CA signatures. Notably excludes | ||
5812 | ssh-dsa. | ||
5813 | |||
5814 | ok markus@ | ||
5815 | |||
5816 | OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4 | ||
5817 | |||
5818 | commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89 | ||
5819 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5820 | Date: Wed Sep 12 01:32:54 2018 +0000 | ||
5821 | |||
5822 | upstream: add sshkey_check_cert_sigtype() that checks a | ||
5823 | |||
5824 | cert->signature_type against a supplied whitelist; ok markus | ||
5825 | |||
5826 | OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302 | ||
5827 | |||
5828 | commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b | ||
5829 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5830 | Date: Wed Sep 12 01:31:30 2018 +0000 | ||
5831 | |||
5832 | upstream: add cert->signature_type field and keep it in sync with | ||
5833 | |||
5834 | certificate signature wrt loading and certification operations; ok markus@ | ||
5835 | |||
5836 | OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3 | ||
5837 | |||
5838 | commit 357128ac48630a9970e3af0e6ff820300a28da47 | ||
5839 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5840 | Date: Wed Sep 12 01:30:10 2018 +0000 | ||
5841 | |||
5842 | upstream: Add "ssh -Q sig" to allow listing supported signature | ||
5843 | |||
5844 | algorithms ok markus@ | ||
5845 | |||
5846 | OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b | ||
5847 | |||
5848 | commit 9405c6214f667be604a820c6823b27d0ea77937d | ||
5849 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5850 | Date: Wed Sep 12 01:21:34 2018 +0000 | ||
5851 | |||
5852 | upstream: allow key revocation by SHA256 hash and allow ssh-keygen | ||
5853 | |||
5854 | to create KRLs using SHA256/base64 key fingerprints; ok markus@ | ||
5855 | |||
5856 | OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94 | ||
5857 | |||
5858 | commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 | ||
5859 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5860 | Date: Wed Sep 12 01:19:12 2018 +0000 | ||
5861 | |||
5862 | upstream: log certificate fingerprint in authentication | ||
5863 | |||
5864 | success/failure message (previously we logged only key ID and CA key | ||
5865 | fingerprint). | ||
5866 | |||
5867 | ok markus@ | ||
5868 | |||
5869 | OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d | ||
5870 | |||
5871 | commit de37ca909487d23e5844aca289b3f5e75d3f1e1f | ||
5872 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5873 | Date: Fri Sep 7 04:26:56 2018 +0000 | ||
5874 | |||
5875 | upstream: Add FALLTHROUGH comments where appropriate. Patch from | ||
5876 | |||
5877 | jjelen at redhat via bz#2687. | ||
5878 | |||
5879 | OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3 | ||
5880 | |||
5881 | commit 247766cd3111d5d8c6ea39833a3257ca8fb820f2 | ||
5882 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5883 | Date: Fri Sep 7 01:42:54 2018 +0000 | ||
5884 | |||
5885 | upstream: ssh -MM requires confirmation for all operations that | ||
5886 | |||
5887 | change the multiplexing state, not just new sessions. | ||
5888 | |||
5889 | mention that confirmation is checked via ssh-askpass | ||
5890 | |||
5891 | OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2 | ||
5892 | |||
5893 | commit db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f | ||
5894 | Author: mestre@openbsd.org <mestre@openbsd.org> | ||
5895 | Date: Tue Aug 28 12:25:53 2018 +0000 | ||
5896 | |||
5897 | upstream: fix misplaced parenthesis inside if-clause. it's harmless | ||
5898 | |||
5899 | and the only issue is showing an unknown error (since it's not defined) | ||
5900 | during fatal(), if it ever an error occurs inside that condition. | ||
5901 | |||
5902 | OK deraadt@ markus@ djm@ | ||
5903 | |||
5904 | OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8 | ||
5905 | |||
5906 | commit 086cc614f550b7d4f100c95e472a6b6b823938ab | ||
5907 | Author: mestre@openbsd.org <mestre@openbsd.org> | ||
5908 | Date: Tue Aug 28 12:17:45 2018 +0000 | ||
5909 | |||
5910 | upstream: fix build with DEBUG_PK enabled | ||
5911 | |||
5912 | OK dtucker@ | ||
5913 | |||
5914 | OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c | ||
5915 | |||
5916 | commit 2678833013e97f8b18f09779b7f70bcbf5eb2ab2 | ||
5917 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5918 | Date: Fri Sep 7 14:41:53 2018 +1000 | ||
5919 | |||
5920 | Handle ngroups>_SC_NGROUPS_MAX. | ||
5921 | |||
5922 | Based on github pull request #99 from Darren Maffat at Oracle: Solaris' | ||
5923 | getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return | ||
5924 | a larger number of groups. In this case, retry getgrouplist with a | ||
5925 | larger array and defer allocating groups_byname. ok djm@ | ||
5926 | |||
5927 | commit 039bf2a81797b8f3af6058d34005a4896a363221 | ||
5928 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5929 | Date: Fri Sep 7 14:06:57 2018 +1000 | ||
5930 | |||
5931 | Initial len for the fmt=NULL case. | ||
5932 | |||
5933 | Patch from jjelen at redhat via bz#2687. (OpenSSH never calls | ||
5934 | setproctitle with a null format so len is always initialized). | ||
5935 | |||
5936 | commit ea9c06e11d2e8fb2f4d5e02f8a41e23d2bd31ca9 | ||
5937 | Author: Darren Tucker <dtucker@dtucker.net> | ||
5938 | Date: Fri Sep 7 14:01:39 2018 +1000 | ||
5939 | |||
5940 | Include stdlib.h. | ||
5941 | |||
5942 | Patch from jjelen at redhat via bz#2687. | ||
5943 | |||
5944 | commit 9617816dbe73ec4d65075f4d897443f63a97c87f | ||
5945 | Author: Damien Miller <djm@mindrot.org> | ||
5946 | Date: Mon Aug 27 13:08:01 2018 +1000 | ||
5947 | |||
5948 | document some more regress control env variables | ||
5949 | |||
5950 | Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of | ||
5951 | environment variables. | ||
5952 | |||
5953 | Based on patch from Jakub Jelen | ||
5954 | |||
5955 | commit 71508e06fab14bc415a79a08f5535ad7bffa93d9 | ||
5956 | Author: Damien Miller <djm@mindrot.org> | ||
5957 | Date: Thu Aug 23 15:41:42 2018 +1000 | ||
5958 | |||
5959 | shorten temporary SSH_REGRESS_TMP path | ||
5960 | |||
5961 | Previous path was exceeding max socket length on at least one platform (OSX) | ||
5962 | |||
5963 | commit 26739cf5bdc9030a583b41ae5261dedd862060f0 | ||
5964 | Author: Damien Miller <djm@mindrot.org> | ||
5965 | Date: Thu Aug 23 13:06:02 2018 +1000 | ||
5966 | |||
5967 | rebuild dependencies | ||
5968 | |||
5969 | commit ff729025c7463cf5d0a8d1ca1823306e48c6d4cf | ||
5970 | Author: Damien Miller <djm@mindrot.org> | ||
5971 | Date: Thu Aug 23 13:03:32 2018 +1000 | ||
5972 | |||
5973 | fix path in distclean target | ||
5974 | |||
5975 | Patch from Jakub Jelen | ||
5976 | |||
5977 | commit 7fef173c28f7462dcd8ee017fdf12b5073f54c02 | ||
5978 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5979 | Date: Thu Aug 23 03:01:08 2018 +0000 | ||
5980 | |||
5981 | upstream: memleak introduced in r1.83; from Colin Watson | ||
5982 | |||
5983 | OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc | ||
5984 | |||
5985 | commit b8ae02a2896778b8984c7f51566c7f0f56fa8b56 | ||
5986 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
5987 | Date: Tue Aug 21 13:56:27 2018 +0000 | ||
5988 | |||
5989 | upstream: AIX reports the CODESET as "ISO8859-1" in the POSIX locale. | ||
5990 | |||
5991 | Treating that as a safe encoding is OK because even when other systems return | ||
5992 | that string for real ISO8859-1, it is still safe in the sense that it is | ||
5993 | ASCII-compatible and stateless. | ||
5994 | |||
5995 | Issue reported by Val dot Baranov at duke dot edu. Additional | ||
5996 | information provided by Michael dot Felt at felt dot demon dot nl. | ||
5997 | Tested by Michael Felt on AIX 6.1 and by Val Baranov on AIX 7.1. | ||
5998 | Tweak and OK djm@. | ||
5999 | |||
6000 | OpenBSD-Commit-ID: 36f1210e0b229817d10eb490d6038f507b8256a7 | ||
6001 | |||
6002 | commit bc44ee088ad269d232e514f037c87ada4c2fd3f0 | ||
6003 | Author: Tim Rice <tim@multitalents.net> | ||
6004 | Date: Tue Aug 21 08:57:24 2018 -0700 | ||
6005 | |||
6006 | modified: openbsd-compat/port-uw.c | ||
6007 | remove obsolete and un-needed include | ||
6008 | |||
6009 | commit 829fc28a9c54e3f812ee7248c7a3e31eeb4f0b3a | ||
6010 | Author: Damien Miller <djm@mindrot.org> | ||
6011 | Date: Mon Aug 20 15:57:29 2018 +1000 | ||
6012 | |||
6013 | Missing unistd.h for regress/mkdtemp.c | ||
6014 | |||
6015 | commit c8313e492355a368a91799131520d92743d8d16c | ||
6016 | Author: Damien Miller <djm@mindrot.org> | ||
6017 | Date: Fri Aug 17 05:45:20 2018 +1000 | ||
6018 | |||
6019 | update version numbers in anticipation of release | ||
6020 | |||
6021 | commit 477b49a34b89f506f4794b35e3c70b3e2e83cd38 | ||
6022 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
6023 | Date: Mon Aug 13 17:08:51 2018 +0200 | ||
6024 | |||
6025 | configure: work around GCC shortcoming on Cygwin | ||
6026 | |||
6027 | Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk | ||
6028 | as well as -mindirect-branch=thunk on the command line, albeit | ||
6029 | producing invalid code, leading to an error at link stage. | ||
6030 | |||
6031 | The check in configure.ac only checks if the option is present, | ||
6032 | but not if it produces valid code. | ||
6033 | |||
6034 | This patch fixes it by special-casing Cygwin. Another solution | ||
6035 | may be to change these to linker checks. | ||
6036 | |||
6037 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
6038 | |||
6039 | commit b0917945efa374be7648d67dbbaaff323ab39edc | ||
6040 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
6041 | Date: Mon Aug 13 17:05:05 2018 +0200 | ||
6042 | |||
6043 | cygwin: add missing stdarg.h include | ||
6044 | |||
6045 | Further header file standarization in Cygwin uncovered a lazy | ||
6046 | indirect include in bsd-cygwin_util.c | ||
6047 | |||
6048 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
6049 | |||
6050 | commit c3903c38b0fd168ab3d925c2b129d1a599593426 | ||
6051 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6052 | Date: Mon Aug 13 02:41:05 2018 +0000 | ||
6053 | |||
6054 | upstream: revert compat.[ch] section of the following change. It | ||
6055 | |||
6056 | causes double-free under some circumstances. | ||
6057 | |||
6058 | -- | ||
6059 | |||
6060 | date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; | ||
6061 | fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 | ||
6062 | feedback and ok dtucker@ | ||
6063 | |||
6064 | OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137 | ||
6065 | |||
6066 | commit 1b9dd4aa15208100fbc3650f33ea052255578282 | ||
6067 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6068 | Date: Sun Aug 12 20:19:13 2018 +0000 | ||
6069 | |||
6070 | upstream: better diagnosics on alg list assembly errors; ok | ||
6071 | |||
6072 | deraadt@ markus@ | ||
6073 | |||
6074 | OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee | ||
6075 | |||
6076 | commit e36a5f61b0f5bebf6d49c215d228cd99dfe86e28 | ||
6077 | Author: Damien Miller <djm@mindrot.org> | ||
6078 | Date: Sat Aug 11 18:08:45 2018 -0700 | ||
6079 | |||
6080 | Some AIX fixes; report from Michael Felt | ||
6081 | |||
6082 | commit 2f4766ceefe6657c5ad5fe92d13c411872acae0e | ||
6083 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6084 | Date: Fri Aug 10 01:35:49 2018 +0000 | ||
6085 | |||
6086 | upstream: The script that cooks up PuTTY format host keys does not | ||
6087 | |||
6088 | understand the new key format so convert back to old format to create the | ||
6089 | PuTTY key and remove it once done. | ||
6090 | |||
6091 | OpenBSD-Regress-ID: 2a449a18846c3a144bc645135b551ba6177e38d3 | ||
6092 | |||
6093 | commit e1b26ce504662a5d5b991091228984ccfd25f280 | ||
6094 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6095 | Date: Fri Aug 10 00:44:01 2018 +0000 | ||
6096 | |||
6097 | upstream: improve | ||
6098 | |||
6099 | OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60 | ||
6100 | |||
6101 | commit 7c712966a3139622f7fb55045368d05de4e6782c | ||
6102 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6103 | Date: Fri Aug 10 00:42:29 2018 +0000 | ||
6104 | |||
6105 | upstream: Describe pubkey format, prompted by bz#2853 | ||
6106 | |||
6107 | While I'm here, describe and link to the remaining local PROTOCOL.* | ||
6108 | docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and | ||
6109 | PROTOCOL.mux) | ||
6110 | |||
6111 | OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231 | ||
6112 | |||
6113 | commit ef100a2c5a8ed83afac0b8f36520815803da227a | ||
6114 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6115 | Date: Fri Aug 10 00:27:15 2018 +0000 | ||
6116 | |||
6117 | upstream: fix numbering | ||
6118 | |||
6119 | OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596 | ||
6120 | |||
6121 | commit ed7bd5d93fe14c7bd90febd29b858ea985d14d45 | ||
6122 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6123 | Date: Wed Aug 8 01:16:01 2018 +0000 | ||
6124 | |||
6125 | upstream: Use new private key format by default. This format is | ||
6126 | |||
6127 | suported by OpenSSH >= 6.5 (released January 2014), so it should be supported | ||
6128 | by most OpenSSH versions in active use. | ||
6129 | |||
6130 | It is possible to convert new-format private keys to the older | ||
6131 | format using "ssh-keygen -f /path/key -pm PEM". | ||
6132 | |||
6133 | ok deraadt dtucker | ||
6134 | |||
6135 | OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8 | ||
6136 | |||
6137 | commit 967226a1bdde59ea137e8f0df871854ff7b91366 | ||
6138 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6139 | Date: Sat Aug 4 00:55:06 2018 +0000 | ||
6140 | |||
6141 | upstream: invalidate dh->priv_key after freeing it in error path; | ||
6142 | |||
6143 | avoids unlikely double-free later. Reported by Viktor Dukhovni via | ||
6144 | https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ | ||
6145 | |||
6146 | OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805 | ||
6147 | |||
6148 | commit 74287f5df9966a0648b4a68417451dd18f079ab8 | ||
6149 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6150 | Date: Tue Jul 31 03:10:27 2018 +0000 | ||
6151 | |||
6152 | upstream: delay bailout for invalid authentic | ||
6153 | |||
6154 | =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= | ||
6155 | =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= | ||
6156 | =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= | ||
6157 | MIME-Version: 1.0 | ||
6158 | Content-Type: text/plain; charset=UTF-8 | ||
6159 | Content-Transfer-Encoding: 8bit | ||
6160 | |||
6161 | OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d | ||
6162 | |||
6163 | commit 1a66079c0669813306cc69e5776a4acd9fb49015 | ||
6164 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6165 | Date: Tue Jul 31 03:07:24 2018 +0000 | ||
6166 | |||
6167 | upstream: fix some memory leaks spotted by Coverity via Jakub Jelen | ||
6168 | |||
6169 | in bz#2366 feedback and ok dtucker@ | ||
6170 | |||
6171 | OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563 | ||
6172 | |||
6173 | commit 87f08be054b7eeadbb9cdeb3fb4872be79ccf218 | ||
6174 | Author: Damien Miller <djm@mindrot.org> | ||
6175 | Date: Fri Jul 20 13:18:28 2018 +1000 | ||
6176 | |||
6177 | Remove support for S/Key | ||
6178 | |||
6179 | Most people will 1) be using modern multi-factor authentication methods | ||
6180 | like TOTP/OATH etc and 2) be getting support for multi-factor | ||
6181 | authentication via PAM or BSD Auth. | ||
6182 | |||
6183 | commit 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 | ||
6184 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6185 | Date: Fri Jul 27 12:03:17 2018 +0000 | ||
6186 | |||
6187 | upstream: avoid expensive channel_open_message() calls; ok djm@ | ||
6188 | |||
6189 | OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9 | ||
6190 | |||
6191 | commit e655ee04a3cb7999dbf9641b25192353e2b69418 | ||
6192 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6193 | Date: Fri Jul 27 05:34:42 2018 +0000 | ||
6194 | |||
6195 | upstream: Now that ssh can't be setuid, remove the | ||
6196 | |||
6197 | original_real_uid and original_effective_uid globals and replace with calls | ||
6198 | to plain getuid(). ok djm@ | ||
6199 | |||
6200 | OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c | ||
6201 | |||
6202 | commit 73ddb25bae4c33a0db361ac13f2e3a60d7c6c4a5 | ||
6203 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6204 | Date: Fri Jul 27 05:13:02 2018 +0000 | ||
6205 | |||
6206 | upstream: Remove uid checks from low port binds. Now that ssh | ||
6207 | |||
6208 | cannot be setuid and sshd always has privsep on, we can remove the uid checks | ||
6209 | for low port binds and just let the system do the check. We leave a sanity | ||
6210 | check for the !privsep case so long as the code is stil there. with & ok | ||
6211 | djm@ | ||
6212 | |||
6213 | OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0 | ||
6214 | |||
6215 | commit c12033e102760d043bc5c98e6c8180e4d331b0df | ||
6216 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6217 | Date: Fri Jul 27 03:55:22 2018 +0000 | ||
6218 | |||
6219 | upstream: ssh(1) no longer supports being setuid root. Remove reference | ||
6220 | |||
6221 | to crc32 which went with protocol 1. Pointed out by deraadt@. | ||
6222 | |||
6223 | OpenBSD-Commit-ID: f8763c25fd96ed91dd1abdab5667fd2e27e377b6 | ||
6224 | |||
6225 | commit 4492e2ec4e1956a277ef507f51d66e5c2aafaaf8 | ||
6226 | Author: Damien Miller <djm@mindrot.org> | ||
6227 | Date: Fri Jul 27 14:15:28 2018 +1000 | ||
6228 | |||
6229 | correct snprintf truncation check in closefrom() | ||
6230 | |||
6231 | Truncation cannot happen unless the system has set PATH_MAX to some | ||
6232 | nonsensically low value. | ||
6233 | |||
6234 | bz#2862, patch from Daniel Le | ||
6235 | |||
6236 | commit 149cab325a8599a003364ed833f878449c15f259 | ||
6237 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6238 | Date: Fri Jul 27 13:46:06 2018 +1000 | ||
6239 | |||
6240 | Include stdarg.h in mkdtemp for va_list. | ||
6241 | |||
6242 | commit 6728f31bdfdc864d192773c32465b1860e23f556 | ||
6243 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
6244 | Date: Wed Jul 25 17:12:35 2018 +0000 | ||
6245 | |||
6246 | upstream: Don't redefine Makefile choices which come correct from | ||
6247 | |||
6248 | bsd.*.mk ok markus | ||
6249 | |||
6250 | OpenBSD-Commit-ID: 814b2f670df75759e1581ecef530980b2b3d7e0f | ||
6251 | |||
6252 | commit 21fd477a855753c1a8e450963669e28e39c3b5d2 | ||
6253 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
6254 | Date: Wed Jul 25 13:56:23 2018 +0000 | ||
6255 | |||
6256 | upstream: fix indent; Clemens Goessnitzer | ||
6257 | |||
6258 | OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83 | ||
6259 | |||
6260 | commit 8e433c2083db8664c41499ee146448ea7ebe7dbf | ||
6261 | Author: beck@openbsd.org <beck@openbsd.org> | ||
6262 | Date: Wed Jul 25 13:10:56 2018 +0000 | ||
6263 | |||
6264 | upstream: Use the caller provided (copied) pwent struct in | ||
6265 | |||
6266 | load_public_identity_files instead of calling getpwuid() again and discarding | ||
6267 | the argument. This prevents a client crash where tilde_expand_filename calls | ||
6268 | getpwuid() again before the pwent pointer is used. Issue noticed and reported | ||
6269 | by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@ | ||
6270 | |||
6271 | OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157 | ||
6272 | |||
6273 | commit e2127abb105ae72b6fda64fff150e6b24b3f1317 | ||
6274 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6275 | Date: Mon Jul 23 19:53:55 2018 +0000 | ||
6276 | |||
6277 | upstream: oops, failed to notice that SEE ALSO got messed up; | ||
6278 | |||
6279 | OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d | ||
6280 | |||
6281 | commit ddf1b797c2d26bbbc9d410aa4f484cbe94673587 | ||
6282 | Author: kn@openbsd.org <kn@openbsd.org> | ||
6283 | Date: Mon Jul 23 19:02:49 2018 +0000 | ||
6284 | |||
6285 | upstream: Point to glob in section 7 for the actual list of special | ||
6286 | |||
6287 | characters instead the C API in section 3. | ||
6288 | |||
6289 | OK millert jmc nicm, "the right idea" deraadt | ||
6290 | |||
6291 | OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6 | ||
6292 | |||
6293 | commit 01c98d9661d0ed6156e8602b650f72eed9fc4d12 | ||
6294 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6295 | Date: Sun Jul 22 12:16:59 2018 +0000 | ||
6296 | |||
6297 | upstream: Switch authorized_keys example from ssh-dss to ssh-rsa | ||
6298 | |||
6299 | since the former is no longer enabled by default. Pointed out by Daniel A. | ||
6300 | Maierhofer, ok jmc | ||
6301 | |||
6302 | OpenBSD-Commit-ID: 6a196cef53d7524e0c9b58cdbc1b5609debaf8c7 | ||
6303 | |||
6304 | commit 472269f8fe19343971c2d08f504ab5cbb8234b33 | ||
6305 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6306 | Date: Fri Jul 20 05:01:10 2018 +0000 | ||
6307 | |||
6308 | upstream: slightly-clearer description for AuthenticationMethods - the | ||
6309 | |||
6310 | lists have comma-separated elements; bz#2663 from Hans Meier | ||
6311 | |||
6312 | OpenBSD-Commit-ID: 931c983d0fde4764d0942fb2c2b5017635993b5a | ||
6313 | |||
6314 | commit c59aca8adbdf7f5597084ad360a19bedb3f80970 | ||
6315 | Author: Damien Miller <djm@mindrot.org> | ||
6316 | Date: Fri Jul 20 14:53:42 2018 +1000 | ||
6317 | |||
6318 | Create control sockets in clean temp directories | ||
6319 | |||
6320 | Adds a regress/mkdtemp tool and uses it to create empty temp | ||
6321 | directories for tests needing control sockets. | ||
6322 | |||
6323 | Patch from Colin Watson via bz#2660; ok dtucker | ||
6324 | |||
6325 | commit 6ad8648e83e4f4ace37b742a05c2a6b6b872514e | ||
6326 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6327 | Date: Fri Jul 20 03:46:34 2018 +0000 | ||
6328 | |||
6329 | upstream: remove unused zlib.h | ||
6330 | |||
6331 | OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1 | ||
6332 | |||
6333 | commit 3ba6e6883527fe517b6e4a824876e2fe62af22fc | ||
6334 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6335 | Date: Thu Jul 19 23:03:16 2018 +0000 | ||
6336 | |||
6337 | upstream: Fix typo in comment. From Alexandru Iacob via github. | ||
6338 | |||
6339 | OpenBSD-Commit-ID: eff4ec07c6c8c5483533da43a4dda37d72ef7f1d | ||
6340 | |||
6341 | commit c77bc73c91bc656e343a1961756e09dd1b170820 | ||
6342 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6343 | Date: Fri Jul 20 13:48:51 2018 +1000 | ||
6344 | |||
6345 | Explicitly include openssl before zlib. | ||
6346 | |||
6347 | Some versions of OpenSSL have "free_func" in their headers, which zlib | ||
6348 | typedefs. Including openssl after zlib (eg via sshkey.h) results in | ||
6349 | "syntax error before `free_func'", which this fixes. | ||
6350 | |||
6351 | commit 95d41e90eafcd1286a901e8e361e4a37b98aeb52 | ||
6352 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6353 | Date: Thu Jul 19 10:28:47 2018 +0000 | ||
6354 | |||
6355 | upstream: Deprecate UsePrivilegedPort now that support for running | ||
6356 | |||
6357 | ssh(1) setuid has been removed, remove supporting code and clean up | ||
6358 | references to it in the man pages | ||
6359 | |||
6360 | We have not shipped ssh(1) the setuid bit since 2002. If ayone | ||
6361 | really needs to make connections from a low port number this can | ||
6362 | be implemented via a small setuid ProxyCommand. | ||
6363 | |||
6364 | ok markus@ jmc@ djm@ | ||
6365 | |||
6366 | OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e | ||
6367 | |||
6368 | commit 258dc8bb07dfb35a46e52b0822a2c5b7027df60a | ||
6369 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6370 | Date: Wed Jul 18 11:34:04 2018 +0000 | ||
6371 | |||
6372 | upstream: Remove support for running ssh(1) setuid and fatal if | ||
6373 | |||
6374 | attempted. Do not link uidwap.c into ssh any more. Neuters | ||
6375 | UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ | ||
6376 | djm@ | ||
6377 | |||
6378 | OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42 | ||
6379 | |||
6380 | commit ac590760b251506b0a152551abbf8e8d6dc2f527 | ||
6381 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6382 | Date: Mon Jul 16 22:25:01 2018 +0000 | ||
6383 | |||
6384 | upstream: Slot 0 in the hostbased key array was previously RSA1, | ||
6385 | |||
6386 | but that is now gone and the slot is unused so remove it. Remove two | ||
6387 | now-unused macros, and add an array bounds check to the two remaining ones | ||
6388 | (array is statically sized, so mostly a safety check on future changes). ok | ||
6389 | markus@ | ||
6390 | |||
6391 | OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a | ||
6392 | |||
6393 | commit 26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145 | ||
6394 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6395 | Date: Mon Jul 16 11:05:41 2018 +0000 | ||
6396 | |||
6397 | upstream: Remove support for loading HostBasedAuthentication keys | ||
6398 | |||
6399 | directly in ssh(1) and always use ssh-keysign. This removes one of the few | ||
6400 | remaining reasons why ssh(1) might be setuid. ok markus@ | ||
6401 | |||
6402 | OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d | ||
6403 | |||
6404 | commit 3eb7f1038d17af7aea3c2c62d1e30cd545607640 | ||
6405 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6406 | Date: Mon Jul 16 07:06:50 2018 +0000 | ||
6407 | |||
6408 | upstream: keep options.identity_file_userprovided array in sync when we | ||
6409 | |||
6410 | load keys, fixing some spurious error messages; ok markus | ||
6411 | |||
6412 | OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00 | ||
6413 | |||
6414 | commit 2f131e1b34502aa19f345e89cabf6fa3fc097f09 | ||
6415 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6416 | Date: Mon Jul 16 03:09:59 2018 +0000 | ||
6417 | |||
6418 | upstream: memleak in unittest; found by valgrind | ||
6419 | |||
6420 | OpenBSD-Regress-ID: 168c23b0fb09fc3d0b438628990d3fd9260a8a5e | ||
6421 | |||
6422 | commit de2997a4cf22ca0a524f0e5b451693c583e2fd89 | ||
6423 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6424 | Date: Mon Jul 16 03:09:13 2018 +0000 | ||
6425 | |||
6426 | upstream: memleaks; found by valgrind | ||
6427 | |||
6428 | OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844 | ||
6429 | |||
6430 | commit 61cc0003eb37fa07603c969c12b7c795caa498f3 | ||
6431 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6432 | Date: Sat Jul 14 16:49:01 2018 +1000 | ||
6433 | |||
6434 | Undef a few new macros in sys-queue.h. | ||
6435 | |||
6436 | Prevents macro redefinition warnings on OSX. | ||
6437 | |||
6438 | commit 30a2c213877a54a44dfdffb6ca8db70be5b457e0 | ||
6439 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6440 | Date: Fri Jul 13 13:40:20 2018 +1000 | ||
6441 | |||
6442 | Include unistd.h for geteuid declaration. | ||
6443 | |||
6444 | commit 1dd32c23f2a85714dfafe2a9cc516971d187caa4 | ||
6445 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6446 | Date: Fri Jul 13 13:38:10 2018 +1000 | ||
6447 | |||
6448 | Fallout from buffer conversion in AUDIT_EVENTS. | ||
6449 | |||
6450 | Supply missing "int r" and fix error path for sshbuf_new(). | ||
6451 | |||
6452 | commit 7449c178e943e5c4f6c8416a4e41d93b70c11c9e | ||
6453 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6454 | Date: Fri Jul 13 02:13:50 2018 +0000 | ||
6455 | |||
6456 | upstream: make this use ssh_proxy rather than starting/stopping a | ||
6457 | |||
6458 | daemon for each testcase | ||
6459 | |||
6460 | OpenBSD-Regress-ID: 608b7655ea65b1ba8fff5a13ce9caa60ef0c8166 | ||
6461 | |||
6462 | commit dbab02f9208d9baa134cec1d007054ec82b96ca9 | ||
6463 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6464 | Date: Fri Jul 13 02:13:19 2018 +0000 | ||
6465 | |||
6466 | upstream: fix leaks in unit test; with this, all unit tests are | ||
6467 | |||
6468 | leak free (as far as valgrind can spot anyway) | ||
6469 | |||
6470 | OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17 | ||
6471 | |||
6472 | commit 2f6accff5085eb79b0dbe262d8b85ed017d1a51c | ||
6473 | Author: Damien Miller <djm@mindrot.org> | ||
6474 | Date: Fri Jul 13 11:39:25 2018 +1000 | ||
6475 | |||
6476 | Enable leak checks for unit tests with valgrind | ||
6477 | |||
6478 | Leave the leak checking on unconditionally when running with valgrind. | ||
6479 | The unit tests are leak-free and I want them to stay that way. | ||
6480 | |||
6481 | commit e46cfbd9db5e907b821bf4fd0184d4dab99815ee | ||
6482 | Author: Damien Miller <djm@mindrot.org> | ||
6483 | Date: Fri Jul 13 11:38:59 2018 +1000 | ||
6484 | |||
6485 | increase timeout to match cfgmatch.sh | ||
6486 | |||
6487 | lets test pass under valgrind (on my workstation at least) | ||
6488 | |||
6489 | commit 6aa1bf475cf3e7a2149acc5a1e80e904749f064c | ||
6490 | Author: Damien Miller <djm@mindrot.org> | ||
6491 | Date: Thu Jul 12 14:54:18 2018 +1000 | ||
6492 | |||
6493 | rm regress/misc/kexfuzz/*.o in distclean target | ||
6494 | |||
6495 | commit eef1447ddb559c03725a23d4aa6d03f40e8b0049 | ||
6496 | Author: Damien Miller <djm@mindrot.org> | ||
6497 | Date: Thu Jul 12 14:49:26 2018 +1000 | ||
6498 | |||
6499 | repair !WITH_OPENSSL build | ||
6500 | |||
6501 | commit 4d3b2f36fd831941d1627ac587faae37b6d3570f | ||
6502 | Author: Damien Miller <djm@mindrot.org> | ||
6503 | Date: Thu Jul 12 14:49:14 2018 +1000 | ||
6504 | |||
6505 | missing headers | ||
6506 | |||
6507 | commit 3f420a692b293921216549c1099c2e46ff284eae | ||
6508 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6509 | Date: Thu Jul 12 14:57:46 2018 +1000 | ||
6510 | |||
6511 | Remove key.h from portable files too. | ||
6512 | |||
6513 | Commit 5467fbcb removed key.h so stop including it in portable files | ||
6514 | too. Fixes builds on lots of platforms. | ||
6515 | |||
6516 | commit e2c4af311543093f16005c10044f7e06af0426f0 | ||
6517 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6518 | Date: Thu Jul 12 04:35:25 2018 +0000 | ||
6519 | |||
6520 | upstream: remove prototype to long-gone function | ||
6521 | |||
6522 | OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd | ||
6523 | |||
6524 | commit 394a842e60674bf8ee5130b9f15b01452a0b0285 | ||
6525 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6526 | Date: Wed Jul 11 18:55:11 2018 +0000 | ||
6527 | |||
6528 | upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@ | ||
6529 | |||
6530 | OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3 | ||
6531 | |||
6532 | commit 5467fbcb09528ecdcb914f4f2452216c24796790 | ||
6533 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6534 | Date: Wed Jul 11 18:53:29 2018 +0000 | ||
6535 | |||
6536 | upstream: remove legacy key emulation layer; ok djm@ | ||
6537 | |||
6538 | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d | ||
6539 | |||
6540 | commit 5dc4c59d5441a19c99e7945779f7ec9051126c25 | ||
6541 | Author: martijn@openbsd.org <martijn@openbsd.org> | ||
6542 | Date: Wed Jul 11 08:19:35 2018 +0000 | ||
6543 | |||
6544 | upstream: s/wuth/with/ in comment | ||
6545 | |||
6546 | OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c | ||
6547 | |||
6548 | commit 1c688801e9dd7f9889fb2a29bc2b6fbfbc35a11f | ||
6549 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6550 | Date: Wed Jul 11 12:12:38 2018 +1000 | ||
6551 | |||
6552 | Include stdlib.h for declaration of free. | ||
6553 | |||
6554 | Fixes build with -Werror on at least Fedora and probably others. | ||
6555 | |||
6556 | commit fccfa239def497615f92ed28acc57cfe63da3666 | ||
6557 | Author: Damien Miller <djm@mindrot.org> | ||
6558 | Date: Wed Jul 11 10:19:56 2018 +1000 | ||
6559 | |||
6560 | VALGRIND_CHECK_LEAKS logic was backwards :( | ||
6561 | |||
6562 | commit 416287d45fcde0a8e66eee8b99aa73bd58607588 | ||
6563 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6564 | Date: Wed Jul 11 10:10:26 2018 +1000 | ||
6565 | |||
6566 | Fix sshbuf_new error path in skey. | ||
6567 | |||
6568 | commit 7aab109b8b90a353c1af780524f1ac0d3af47bab | ||
6569 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6570 | Date: Wed Jul 11 10:06:18 2018 +1000 | ||
6571 | |||
6572 | Supply missing third arg in skey. | ||
6573 | |||
6574 | During the change to the new buffer api the third arg to | ||
6575 | sshbuf_get_cstring was ommitted. Fixes build when configured with skey. | ||
6576 | |||
6577 | commit 380320bb72cc353a901790ab04b6287fd335dc4a | ||
6578 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6579 | Date: Wed Jul 11 10:03:34 2018 +1000 | ||
6580 | |||
6581 | Supply some more missing "int r" in skey | ||
6582 | |||
6583 | commit d20720d373d8563ee737d1a45dc5e0804d622dbc | ||
6584 | Author: Damien Miller <djm@mindrot.org> | ||
6585 | Date: Wed Jul 11 09:56:36 2018 +1000 | ||
6586 | |||
6587 | disable valgrind memleak checking by default | ||
6588 | |||
6589 | Add VALGRIND_CHECK_LEAKS knob to turn it back on. | ||
6590 | |||
6591 | commit 79c9d35018f3a5e30ae437880b669aa8636cd3cd | ||
6592 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6593 | Date: Wed Jul 11 09:54:00 2018 +1000 | ||
6594 | |||
6595 | Supply missing "int r" in skey code. | ||
6596 | |||
6597 | commit 984bacfaacbbe31c35191b828fb5b5b2f0362c36 | ||
6598 | Author: sf@openbsd.org <sf@openbsd.org> | ||
6599 | Date: Tue Jul 10 09:36:58 2018 +0000 | ||
6600 | |||
6601 | upstream: re-remove some pre-auth compression bits | ||
6602 | |||
6603 | This time, make sure to not remove things that are necessary for | ||
6604 | pre-auth compression on the client. Add a comment that pre-auth | ||
6605 | compression is still supported in the client. | ||
6606 | |||
6607 | ok markus@ | ||
6608 | |||
6609 | OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784 | ||
6610 | |||
6611 | commit 120a1ec74e8d9d29f4eb9a27972ddd22351ddef9 | ||
6612 | Author: Damien Miller <djm@mindrot.org> | ||
6613 | Date: Tue Jul 10 19:39:52 2018 +1000 | ||
6614 | |||
6615 | Adapt portable to legacy buffer API removal | ||
6616 | |||
6617 | commit 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 | ||
6618 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6619 | Date: Tue Jul 10 09:13:30 2018 +0000 | ||
6620 | |||
6621 | upstream: kerberos/gssapi fixes for buffer removal | ||
6622 | |||
6623 | OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c | ||
6624 | |||
6625 | commit c74ae8e7c45f325f3387abd48fa7dfef07a08069 | ||
6626 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6627 | Date: Tue Jul 10 06:45:29 2018 +0000 | ||
6628 | |||
6629 | upstream: buffer.[ch] and bufaux.c are no more | ||
6630 | |||
6631 | OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0 | ||
6632 | |||
6633 | commit a881e5a133d661eca923fb0633a03152ab2b70b2 | ||
6634 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6635 | Date: Tue Jul 10 06:43:52 2018 +0000 | ||
6636 | |||
6637 | upstream: one mention of Buffer that almost got away :) | ||
6638 | |||
6639 | OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02 | ||
6640 | |||
6641 | commit 49f47e656b60bcd1d1db98d88105295f4b4e600d | ||
6642 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6643 | Date: Mon Jul 9 21:59:10 2018 +0000 | ||
6644 | |||
6645 | upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@ | ||
6646 | |||
6647 | OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29 | ||
6648 | |||
6649 | commit cb30cd47041edb03476be1c8ef7bc1f4b69d1555 | ||
6650 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6651 | Date: Mon Jul 9 21:56:06 2018 +0000 | ||
6652 | |||
6653 | upstream: remove legacy buffer API emulation layer; ok djm@ | ||
6654 | |||
6655 | OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9 | ||
6656 | |||
6657 | commit 235c7c4e3bf046982c2d8242f30aacffa01073d1 | ||
6658 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6659 | Date: Mon Jul 9 21:53:45 2018 +0000 | ||
6660 | |||
6661 | upstream: sshd: switch monitor to sshbuf API; lots of help & ok | ||
6662 | |||
6663 | djm@ | ||
6664 | |||
6665 | OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48 | ||
6666 | |||
6667 | commit b8d9214d969775e409e1408ecdf0d58fad99b344 | ||
6668 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6669 | Date: Mon Jul 9 21:37:55 2018 +0000 | ||
6670 | |||
6671 | upstream: sshd: switch GSSAPI to sshbuf API; ok djm@ | ||
6672 | |||
6673 | OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30 | ||
6674 | |||
6675 | commit c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8 | ||
6676 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6677 | Date: Mon Jul 9 21:35:50 2018 +0000 | ||
6678 | |||
6679 | upstream: sshd: switch authentication to sshbuf API; ok djm@ | ||
6680 | |||
6681 | OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641 | ||
6682 | |||
6683 | commit c3cb7790e9efb14ba74b2d9f543ad593b3d55b31 | ||
6684 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6685 | Date: Mon Jul 9 21:29:36 2018 +0000 | ||
6686 | |||
6687 | upstream: sshd: switch config to sshbuf API; ok djm@ | ||
6688 | |||
6689 | OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd | ||
6690 | |||
6691 | commit 2808d18ca47ad3d251836c555f0e22aaca03d15c | ||
6692 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6693 | Date: Mon Jul 9 21:26:02 2018 +0000 | ||
6694 | |||
6695 | upstream: sshd: switch loginmsg to sshbuf API; ok djm@ | ||
6696 | |||
6697 | OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42 | ||
6698 | |||
6699 | commit 89dd615b8b531979be63f05f9d5624367c9b28e6 | ||
6700 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6701 | Date: Mon Jul 9 21:20:26 2018 +0000 | ||
6702 | |||
6703 | upstream: ttymodes: switch to sshbuf API; ok djm@ | ||
6704 | |||
6705 | OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429 | ||
6706 | |||
6707 | commit f4608a7065480516ab46214f554e5f853fb7870f | ||
6708 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6709 | Date: Mon Jul 9 21:18:10 2018 +0000 | ||
6710 | |||
6711 | upstream: client: switch mux to sshbuf API; with & ok djm@ | ||
6712 | |||
6713 | OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2 | ||
6714 | |||
6715 | commit cecee2d607099a7bba0a84803e2325d15be4277b | ||
6716 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6717 | Date: Mon Jul 9 21:03:30 2018 +0000 | ||
6718 | |||
6719 | upstream: client: switch to sshbuf API; ok djm@ | ||
6720 | |||
6721 | OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05 | ||
6722 | |||
6723 | commit ff55f4ad898137d4703e7a2bcc81167dfe8e9324 | ||
6724 | Author: markus@openbsd.org <markus@openbsd.org> | ||
6725 | Date: Mon Jul 9 20:39:28 2018 +0000 | ||
6726 | |||
6727 | upstream: pkcs11: switch to sshbuf API; ok djm@ | ||
6728 | |||
6729 | OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79 | ||
6730 | |||
6731 | commit 168b46f405d6736960ba7930389eecb9b6710b7e | ||
6732 | Author: sf@openbsd.org <sf@openbsd.org> | ||
6733 | Date: Mon Jul 9 13:37:10 2018 +0000 | ||
6734 | |||
6735 | upstream: Revert previous two commits | ||
6736 | |||
6737 | It turns out we still support pre-auth compression on the client. | ||
6738 | Therefore revert the previous two commits: | ||
6739 | |||
6740 | date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; | ||
6741 | Rename COMP_DELAYED to COMP_ZLIB | ||
6742 | |||
6743 | Only delayed compression is supported nowadays. | ||
6744 | |||
6745 | ok markus@ | ||
6746 | |||
6747 | date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; | ||
6748 | Remove leftovers from pre-authentication compression | ||
6749 | |||
6750 | Support for this has been removed in 2016. | ||
6751 | COMP_DELAYED will be renamed in a later commit. | ||
6752 | |||
6753 | ok markus@ | ||
6754 | |||
6755 | OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772 | ||
6756 | |||
6757 | commit ab39267fa1243d02b6c330615539fc4b21e17dc4 | ||
6758 | Author: sf@openbsd.org <sf@openbsd.org> | ||
6759 | Date: Fri Jul 6 09:06:14 2018 +0000 | ||
6760 | |||
6761 | upstream: Rename COMP_DELAYED to COMP_ZLIB | ||
6762 | |||
6763 | Only delayed compression is supported nowadays. | ||
6764 | |||
6765 | ok markus@ | ||
6766 | |||
6767 | OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821 | ||
6768 | |||
6769 | commit 95db395d2e56a6f868193aead6cadb2493f036c6 | ||
6770 | Author: sf@openbsd.org <sf@openbsd.org> | ||
6771 | Date: Fri Jul 6 09:05:01 2018 +0000 | ||
6772 | |||
6773 | upstream: Remove leftovers from pre-authentication compression | ||
6774 | |||
6775 | Support for this has been removed in 2016. | ||
6776 | COMP_DELAYED will be renamed in a later commit. | ||
6777 | |||
6778 | ok markus@ | ||
6779 | |||
6780 | OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58 | ||
6781 | |||
6782 | commit f28a4d5cd24c4aa177e96b4f96957991e552cb70 | ||
6783 | Author: sf@openbsd.org <sf@openbsd.org> | ||
6784 | Date: Fri Jul 6 09:03:02 2018 +0000 | ||
6785 | |||
6786 | upstream: Remove unused ssh_packet_start_compression() | ||
6787 | |||
6788 | ok markus@ | ||
6789 | |||
6790 | OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4 | ||
6791 | |||
6792 | commit 872517ddbb72deaff31d4760f28f2b0a1c16358f | ||
6793 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6794 | Date: Fri Jul 6 13:32:02 2018 +1000 | ||
6795 | |||
6796 | Defer setting bufsiz in getdelim. | ||
6797 | |||
6798 | Do not write to bufsiz until we are sure the malloc has succeeded, | ||
6799 | in case any callers rely on it (which they shouldn't). ok djm@ | ||
6800 | |||
6801 | commit 3deb56f7190a414dc264e21e087a934fa1847283 | ||
6802 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6803 | Date: Thu Jul 5 13:32:01 2018 +1000 | ||
6804 | |||
6805 | Fix other callers of read_environment_file. | ||
6806 | |||
6807 | read_environment_file recently gained an extra argument Some platform | ||
6808 | specific code also calls it so add the argument to those too. Fixes | ||
6809 | build on Solaris and AIX. | ||
6810 | |||
6811 | commit 314908f451e6b2d4ccf6212ad246fa4619c721d3 | ||
6812 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6813 | Date: Wed Jul 4 13:51:45 2018 +0000 | ||
6814 | |||
6815 | upstream: deal with API rename: match_filter_list() => | ||
6816 | |||
6817 | match_filter_blacklist() | ||
6818 | |||
6819 | OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f | ||
6820 | |||
6821 | commit 89f54cdf6b9cf1cf5528fd33897f1443913ddfb4 | ||
6822 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6823 | Date: Wed Jul 4 13:51:12 2018 +0000 | ||
6824 | |||
6825 | upstream: exercise new expansion behaviour of | ||
6826 | |||
6827 | PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names() | ||
6828 | |||
6829 | ok markus@ | ||
6830 | |||
6831 | OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736 | ||
6832 | |||
6833 | commit 187633f24c71564e970681c8906df5a6017dcccf | ||
6834 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6835 | Date: Tue Jul 3 13:53:26 2018 +0000 | ||
6836 | |||
6837 | upstream: add a comment that could have saved me 45 minutes of wild | ||
6838 | |||
6839 | goose chasing | ||
6840 | |||
6841 | OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297 | ||
6842 | |||
6843 | commit 312d2f2861a2598ed08587cb6c45c0e98a85408f | ||
6844 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6845 | Date: Wed Jul 4 13:49:31 2018 +0000 | ||
6846 | |||
6847 | upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA | ||
6848 | |||
6849 | signature work - returns ability to add/remove/specify algorithms by | ||
6850 | wildcard. | ||
6851 | |||
6852 | Algorithm lists are now fully expanded when the server/client configs | ||
6853 | are finalised, so errors are reported early and the config dumps | ||
6854 | (e.g. "ssh -G ...") now list the actual algorithms selected. | ||
6855 | |||
6856 | Clarify that, while wildcards are accepted in algorithm lists, they | ||
6857 | aren't full pattern-lists that support negation. | ||
6858 | |||
6859 | (lots of) feedback, ok markus@ | ||
6860 | |||
6861 | OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207 | ||
6862 | |||
6863 | commit 303af5803bd74bf05d375c04e1a83b40c30b2be5 | ||
6864 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6865 | Date: Tue Jul 3 11:43:49 2018 +0000 | ||
6866 | |||
6867 | upstream: some magic for RSA-SHA2 checks | ||
6868 | |||
6869 | OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4 | ||
6870 | |||
6871 | commit 7d68e262944c1fff1574600fe0e5e92ec8b398f5 | ||
6872 | Author: Damien Miller <djm@mindrot.org> | ||
6873 | Date: Tue Jul 3 23:27:11 2018 +1000 | ||
6874 | |||
6875 | depend | ||
6876 | |||
6877 | commit b4d4eda633af433d20232cbf7e855ceac8b83fe5 | ||
6878 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6879 | Date: Tue Jul 3 13:20:25 2018 +0000 | ||
6880 | |||
6881 | upstream: some finesse to fix RSA-SHA2 certificate authentication | ||
6882 | |||
6883 | for certs hosted in ssh-agent | ||
6884 | |||
6885 | OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f | ||
6886 | |||
6887 | commit d78b75df4a57e0f92295f24298e5f2930e71c172 | ||
6888 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6889 | Date: Tue Jul 3 13:07:58 2018 +0000 | ||
6890 | |||
6891 | upstream: check correct variable; unbreak agent keys | ||
6892 | |||
6893 | OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e | ||
6894 | |||
6895 | commit 2f30300c5e15929d0e34013f38d73e857f445e12 | ||
6896 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6897 | Date: Tue Jul 3 11:42:12 2018 +0000 | ||
6898 | |||
6899 | upstream: crank version number to 7.8; needed for new compat flag | ||
6900 | |||
6901 | for prior version; part of RSA-SHA2 strictification, ok markus@ | ||
6902 | |||
6903 | OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b | ||
6904 | |||
6905 | commit 4ba0d54794814ec0de1ec87987d0c3b89379b436 | ||
6906 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6907 | Date: Tue Jul 3 11:39:54 2018 +0000 | ||
6908 | |||
6909 | upstream: Improve strictness and control over RSA-SHA2 signature | ||
6910 | |||
6911 | In ssh, when an agent fails to return a RSA-SHA2 signature when | ||
6912 | requested and falls back to RSA-SHA1 instead, retry the signature to | ||
6913 | ensure that the public key algorithm sent in the SSH_MSG_USERAUTH | ||
6914 | matches the one in the signature itself. | ||
6915 | |||
6916 | In sshd, strictly enforce that the public key algorithm sent in the | ||
6917 | SSH_MSG_USERAUTH message matches what appears in the signature. | ||
6918 | |||
6919 | Make the sshd_config PubkeyAcceptedKeyTypes and | ||
6920 | HostbasedAcceptedKeyTypes options control accepted signature algorithms | ||
6921 | (previously they selected supported key types). This allows these | ||
6922 | options to ban RSA-SHA1 in favour of RSA-SHA2. | ||
6923 | |||
6924 | Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and | ||
6925 | "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures | ||
6926 | with certificate keys. | ||
6927 | |||
6928 | feedback and ok markus@ | ||
6929 | |||
6930 | OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde | ||
6931 | |||
6932 | commit 95344c257412b51199ead18d54eaed5bafb75617 | ||
6933 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6934 | Date: Tue Jul 3 10:59:35 2018 +0000 | ||
6935 | |||
6936 | upstream: allow sshd_config PermitUserEnvironment to accept a | ||
6937 | |||
6938 | pattern-list of whitelisted environment variable names in addition to yes|no. | ||
6939 | |||
6940 | bz#1800, feedback and ok markus@ | ||
6941 | |||
6942 | OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24 | ||
6943 | |||
6944 | commit 6f56fe4b9578b0627667f8bce69d4d938a88324c | ||
6945 | Author: millert@openbsd.org <millert@openbsd.org> | ||
6946 | Date: Tue Jun 26 11:23:59 2018 +0000 | ||
6947 | |||
6948 | upstream: Fix "WARNING: line 6 disappeared in /etc/moduli, giving up" | ||
6949 | |||
6950 | when choosing a prime. An extra increment of linenum snuck in as part of the | ||
6951 | conversion to getline(). OK djm@ markus@ | ||
6952 | |||
6953 | OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38 | ||
6954 | |||
6955 | commit 1eee79a11c1b3594f055b01e387c49c9a6e80005 | ||
6956 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6957 | Date: Mon Jul 2 14:13:30 2018 +0000 | ||
6958 | |||
6959 | upstream: One ampersand is enough to backgroud an process. OpenBSD | ||
6960 | |||
6961 | doesn't seem to mind, but some platforms in -portable object to the second. | ||
6962 | |||
6963 | OpenBSD-Regress-ID: d6c3e404871764343761dc25c3bbe29c2621ff74 | ||
6964 | |||
6965 | commit 6301e6c787d4e26bfae1119ab4f747bbcaa94e44 | ||
6966 | Author: Darren Tucker <dtucker@dtucker.net> | ||
6967 | Date: Mon Jul 2 21:16:58 2018 +1000 | ||
6968 | |||
6969 | Add implementation of getline. | ||
6970 | |||
6971 | Add getline for the benefit of platforms that don't have it. Sourced | ||
6972 | from NetBSD (OpenBSD's implementation is a little too chummy with the | ||
6973 | internals of FILE). | ||
6974 | |||
6975 | commit 84623e0037628f9992839063151f7a9f5f13099a | ||
6976 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6977 | Date: Tue Jun 26 02:02:36 2018 +0000 | ||
6978 | |||
6979 | upstream: whitespace | ||
6980 | |||
6981 | OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572 | ||
6982 | |||
6983 | commit 90e51d672711c19a36573be1785caf35019ae7a8 | ||
6984 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6985 | Date: Mon Jun 25 22:28:33 2018 +0000 | ||
6986 | |||
6987 | upstream: fix NULL dereference in open_listen_match_tcpip() | ||
6988 | |||
6989 | OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9 | ||
6990 | |||
6991 | commit f535ff922a67d9fcc5ee69d060d1b21c8bb01d14 | ||
6992 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6993 | Date: Tue Jun 19 05:36:57 2018 +0000 | ||
6994 | |||
6995 | upstream: spelling; | ||
6996 | |||
6997 | OpenBSD-Commit-ID: db542918185243bea17202383a581851736553cc | ||
6998 | |||
6999 | commit 80e199d6175904152aafc5c297096c3e18297691 | ||
7000 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7001 | Date: Tue Jun 19 03:02:17 2018 +0000 | ||
7002 | |||
7003 | upstream: test PermitListen with bare port numbers | ||
7004 | |||
7005 | OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3 | ||
7006 | |||
7007 | commit 87ddd676da0f3abd08b778b12b53b91b670dc93c | ||
7008 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7009 | Date: Tue Jun 19 02:59:41 2018 +0000 | ||
7010 | |||
7011 | upstream: allow bare port numbers to appear in PermitListen directives, | ||
7012 | |||
7013 | e.g. | ||
7014 | |||
7015 | PermitListen 2222 8080 | ||
7016 | |||
7017 | is equivalent to: | ||
7018 | |||
7019 | PermitListen *:2222 *:8080 | ||
7020 | |||
7021 | Some bonus manpage improvements, mostly from markus@ | ||
7022 | |||
7023 | "looks fine" markus@ | ||
7024 | |||
7025 | OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24 | ||
7026 | |||
7027 | commit 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be | ||
7028 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7029 | Date: Fri Jun 15 07:01:11 2018 +0000 | ||
7030 | |||
7031 | upstream: invalidate supplemental group cache used by | ||
7032 | |||
7033 | temporarily_use_uid() when the target uid differs; could cause failure to | ||
7034 | read authorized_keys under some configurations. patch by Jakub Jelen via | ||
7035 | bz2873; ok dtucker, markus | ||
7036 | |||
7037 | OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1 | ||
7038 | |||
7039 | commit 89a85d724765b6b82e0135ee5a1181fdcccea9c6 | ||
7040 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7041 | Date: Sun Jun 10 23:45:41 2018 +0000 | ||
7042 | |||
7043 | upstream: unbreak SendEnv; patch from tb@ | ||
7044 | |||
7045 | OpenBSD-Commit-ID: fc808daced813242563b80976e1478de95940056 | ||
7046 | |||
7047 | commit acf4260f0951f89c64e1ebbc4c92f451768871ad | ||
7048 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7049 | Date: Sat Jun 9 06:36:31 2018 +0000 | ||
7050 | |||
7051 | upstream: sort previous; | ||
7052 | |||
7053 | OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411 | ||
7054 | |||
7055 | commit 1678d4236451060b735cb242d2e26e1ac99f0947 | ||
7056 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7057 | Date: Sat Jun 9 03:18:11 2018 +0000 | ||
7058 | |||
7059 | upstream: slightly better wording re handing of $TERM, from Jakub | ||
7060 | |||
7061 | Jelen via bz2386 | ||
7062 | |||
7063 | OpenBSD-Commit-ID: 14bea3f069a93c8be66a7b97794255a91fece964 | ||
7064 | |||
7065 | commit 28013759f09ed3ebf7e8335e83a62936bd7a7f47 | ||
7066 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7067 | Date: Sat Jun 9 03:03:10 2018 +0000 | ||
7068 | |||
7069 | upstream: add a SetEnv directive for sshd_config to allow an | ||
7070 | |||
7071 | administrator to explicitly specify environment variables set in sessions | ||
7072 | started by sshd. These override the default environment and any variables set | ||
7073 | by user configuration (PermitUserEnvironment, etc), but not the SSH_* | ||
7074 | variables set by sshd itself. | ||
7075 | |||
7076 | ok markus@ | ||
7077 | |||
7078 | OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0 | ||
7079 | |||
7080 | commit 7082bb58a2eb878d23ec674587c742e5e9673c36 | ||
7081 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7082 | Date: Sat Jun 9 03:01:12 2018 +0000 | ||
7083 | |||
7084 | upstream: add a SetEnv directive to ssh_config that allows setting | ||
7085 | |||
7086 | environment variables for the remote session (subject to the server accepting | ||
7087 | them) | ||
7088 | |||
7089 | refactor SendEnv to remove the arbitrary limit of variable names. | ||
7090 | |||
7091 | ok markus@ | ||
7092 | |||
7093 | OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be | ||
7094 | |||
7095 | commit 3b9798bda15bd3f598f5ef07595d64e23504da91 | ||
7096 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7097 | Date: Sat Jun 9 02:58:02 2018 +0000 | ||
7098 | |||
7099 | upstream: reorder child environment preparation so that variables | ||
7100 | |||
7101 | read from ~/.ssh/environment (if enabled) do not override SSH_* variables set | ||
7102 | by the server. | ||
7103 | |||
7104 | OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a | ||
7105 | |||
7106 | commit 0368889f82f63c82ff8db9f8c944d89e7c657db4 | ||
7107 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7108 | Date: Fri Jun 8 03:35:36 2018 +0000 | ||
7109 | |||
7110 | upstream: fix incorrect expansion of %i in | ||
7111 | |||
7112 | load_public_identity_files(); reported by Roumen Petrov | ||
7113 | |||
7114 | OpenBSD-Commit-ID: a827289e77149b5e0850d72a350c8b0300e7ef25 | ||
7115 | |||
7116 | commit 027607fc2db6a0475a3380f8d95c635482714cb0 | ||
7117 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7118 | Date: Fri Jun 8 01:55:40 2018 +0000 | ||
7119 | |||
7120 | upstream: fix some over-long lines and __func__ up some debug | ||
7121 | |||
7122 | messages | ||
7123 | |||
7124 | OpenBSD-Commit-ID: c70a60b4c8207d9f242fc2351941ba50916bb267 | ||
7125 | |||
7126 | commit 6ff6fda705bc204456a5fa12518dde6e8790bb02 | ||
7127 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7128 | Date: Thu Jun 7 11:26:14 2018 +0000 | ||
7129 | |||
7130 | upstream: tweak previous; | ||
7131 | |||
7132 | OpenBSD-Commit-ID: f98f16af10b28e24bcecb806cb71ea994b648fd6 | ||
7133 | |||
7134 | commit f2c06ab8dd90582030991f631a2715216bf45e5a | ||
7135 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7136 | Date: Fri Jun 8 17:43:36 2018 +1000 | ||
7137 | |||
7138 | Remove ability to override $LD. | ||
7139 | |||
7140 | Since autoconf always uses $CC to link C programs, allowing users to | ||
7141 | override LD caused mismatches between what LD_LINK_IFELSE thought worked | ||
7142 | and what ld thought worked. If you do need to do this kind of thing you | ||
7143 | need to set a compiler flag such as gcc's -fuse-ld in LDFLAGS. | ||
7144 | |||
7145 | commit e1542a80797b4ea40a91d2896efdcc76a57056d2 | ||
7146 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7147 | Date: Fri Jun 8 13:55:59 2018 +1000 | ||
7148 | |||
7149 | Better detection of unsupported compiler options. | ||
7150 | |||
7151 | Should prevent "unsupported -Wl,-z,retpoline" warnings during linking. | ||
7152 | ok djm@ | ||
7153 | |||
7154 | commit 57379dbd013ad32ee3f9989bf5f5741065428360 | ||
7155 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7156 | Date: Thu Jun 7 14:29:43 2018 +0000 | ||
7157 | |||
7158 | upstream: test the correct configuration option name | ||
7159 | |||
7160 | OpenBSD-Regress-ID: 492279ea9f65657f97a970e0e7c7fd0b339fee23 | ||
7161 | |||
7162 | commit 6d41815e202fbd6182c79780b6cc90e1ec1c9981 | ||
7163 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7164 | Date: Thu Jun 7 09:26:42 2018 +0000 | ||
7165 | |||
7166 | upstream: some permitlisten fixes from markus@ that I missed in my | ||
7167 | |||
7168 | insomnia-fueled commits last night | ||
7169 | |||
7170 | OpenBSD-Commit-ID: 26f23622e928996086e85b1419cc1c0f136e359c | ||
7171 | |||
7172 | commit 4319f7a868d86d435fa07112fcb6153895d03a7f | ||
7173 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7174 | Date: Thu Jun 7 04:46:34 2018 +0000 | ||
7175 | |||
7176 | upstream: permitlisten/PermitListen unit test from Markus | ||
7177 | |||
7178 | OpenBSD-Regress-ID: ab12eb42f0e14926980441cf7c058a6d1d832ea5 | ||
7179 | |||
7180 | commit fa09076410ffc2d34d454145af23c790d728921e | ||
7181 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7182 | Date: Thu Jun 7 04:31:51 2018 +0000 | ||
7183 | |||
7184 | upstream: fix regression caused by recent permitlisten option commit: | ||
7185 | |||
7186 | authorized_keys lines that contained permitopen/permitlisten were being | ||
7187 | treated as invalid. | ||
7188 | |||
7189 | OpenBSD-Commit-ID: 7ef41d63a5a477b405d142dc925b67d9e7aaa31b | ||
7190 | |||
7191 | commit 7f90635216851f6cb4bf3999e98b825f85d604f8 | ||
7192 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7193 | Date: Wed Jun 6 18:29:18 2018 +0000 | ||
7194 | |||
7195 | upstream: switch config file parsing to getline(3) as this avoids | ||
7196 | |||
7197 | static limits noted by gerhard@; ok dtucker@, djm@ | ||
7198 | |||
7199 | OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c | ||
7200 | |||
7201 | commit 392db2bc83215986a91c0b65feb0e40e7619ce7e | ||
7202 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7203 | Date: Wed Jun 6 18:25:33 2018 +0000 | ||
7204 | |||
7205 | upstream: regress test for PermitOpen | ||
7206 | |||
7207 | OpenBSD-Regress-ID: ce8b5f28fc039f09bb297fc4a92319e65982ddaf | ||
7208 | |||
7209 | commit 803d896ef30758135e2f438bdd1a0be27989e018 | ||
7210 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7211 | Date: Wed Jun 6 18:24:15 2018 +0000 | ||
7212 | |||
7213 | upstream: man bits for permitlisten authorized_keys option | ||
7214 | |||
7215 | OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78 | ||
7216 | |||
7217 | commit 04df43208b5b460d7360e1598f876b92a32f5922 | ||
7218 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7219 | Date: Wed Jun 6 18:24:00 2018 +0000 | ||
7220 | |||
7221 | upstream: man bits for PermitListen | ||
7222 | |||
7223 | OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c | ||
7224 | |||
7225 | commit 93c06ab6b77514e0447fe4f1d822afcbb2a9be08 | ||
7226 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7227 | Date: Wed Jun 6 18:23:32 2018 +0000 | ||
7228 | |||
7229 | upstream: permitlisten option for authorized_keys; ok markus@ | ||
7230 | |||
7231 | OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672 | ||
7232 | |||
7233 | commit 115063a6647007286cc8ca70abfd2a7585f26ccc | ||
7234 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7235 | Date: Wed Jun 6 18:22:41 2018 +0000 | ||
7236 | |||
7237 | upstream: Add a PermitListen directive to control which server-side | ||
7238 | |||
7239 | addresses may be listened on when the client requests remote forwarding (ssh | ||
7240 | -R). | ||
7241 | |||
7242 | This is the converse of the existing PermitOpen directive and this | ||
7243 | includes some refactoring to share much of its implementation. | ||
7244 | |||
7245 | feedback and ok markus@ | ||
7246 | |||
7247 | OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f | ||
7248 | |||
7249 | commit 7703ae5f5d42eb302ded51705166ff6e19c92892 | ||
7250 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7251 | Date: Wed Jun 6 16:04:29 2018 +1000 | ||
7252 | |||
7253 | Use ssh-keygen -A to generate missing host keys. | ||
7254 | |||
7255 | Instead of testing for each specific key type, use ssh-keygen -A to | ||
7256 | generate any missing host key types. | ||
7257 | |||
7258 | commit e8d59fef1098e24f408248dc64e5c8efa5d01f3c | ||
7259 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7260 | Date: Fri Jun 1 06:23:10 2018 +0000 | ||
7261 | |||
7262 | upstream: add missing punctuation after %i in ssh_config.5, and | ||
7263 | |||
7264 | make the grammatical format in sshd_config.5 match that in ssh_config.5; | ||
7265 | |||
7266 | OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0 | ||
7267 | |||
7268 | commit a1f737d6a99314e291a87856122cb4dbaf64c641 | ||
7269 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7270 | Date: Fri Jun 1 05:52:26 2018 +0000 | ||
7271 | |||
7272 | upstream: oops - further adjustment to text neccessary; | ||
7273 | |||
7274 | OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025 | ||
7275 | |||
7276 | commit 294028493471e0bd0c7ffe55dc0c0a67cba6ec41 | ||
7277 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7278 | Date: Fri Jun 1 05:50:18 2018 +0000 | ||
7279 | |||
7280 | upstream: %U needs to be escaped; tweak text; | ||
7281 | |||
7282 | OpenBSD-Commit-ID: 30887b73ece257273fb619ab6f4e86dc92ddc15e | ||
7283 | |||
7284 | commit e5019da3c5a31e6e729a565f2b886a80c4be96cc | ||
7285 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7286 | Date: Fri Jun 1 04:31:48 2018 +0000 | ||
7287 | |||
7288 | upstream: Apply umask to all incoming files and directories not | ||
7289 | |||
7290 | just files. This makes sure it gets applied to directories too, and prevents | ||
7291 | a race where files get chmodded after creation. bz#2839, ok djm@ | ||
7292 | |||
7293 | OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b | ||
7294 | |||
7295 | commit a1dcafc41c376332493b9385ee39f9754dc145ec | ||
7296 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7297 | Date: Fri Jun 1 03:52:37 2018 +0000 | ||
7298 | |||
7299 | upstream: Adapt to extra default verboisity from ssh-keygen when | ||
7300 | |||
7301 | searching for and hashing known_hosts entries in a single operation | ||
7302 | (ssh-keygen -HF ...) Patch from Anton Kremenetsky | ||
7303 | |||
7304 | OpenBSD-Regress-ID: 519585a4de35c4611285bd6a7272766c229b19dd | ||
7305 | |||
7306 | commit 76f314c75dffd4a55839d50ee23622edad52c168 | ||
7307 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7308 | Date: Tue May 22 00:22:49 2018 +0000 | ||
7309 | |||
7310 | upstream: Add TEST_SSH_FAIL_FATAL variable, to force all failures | ||
7311 | |||
7312 | to instantly abort the test. Useful in capturing clean logs for individual | ||
7313 | failure cases. | ||
7314 | |||
7315 | OpenBSD-Regress-ID: feba18cf338c2328b9601bd4093cabdd9baa3af1 | ||
7316 | |||
7317 | commit 065c8c055df8d83ae7c92e5e524a579d87668aab | ||
7318 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7319 | Date: Fri May 11 03:51:06 2018 +0000 | ||
7320 | |||
7321 | upstream: Clean up comment. | ||
7322 | |||
7323 | OpenBSD-Regress-ID: 6adb35f384d447e7dcb9f170d4f0d546d3973e10 | ||
7324 | |||
7325 | commit 01b048c8eba3b021701bd0ab26257fc82903cba8 | ||
7326 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7327 | Date: Fri Jun 1 04:21:29 2018 +0000 | ||
7328 | |||
7329 | upstream: whitespace | ||
7330 | |||
7331 | OpenBSD-Commit-ID: e5edb5e843ddc9b73a8e46518899be41d5709add | ||
7332 | |||
7333 | commit 854ae209f992465a276de0b5f10ef770510c2418 | ||
7334 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7335 | Date: Fri Jun 1 04:05:29 2018 +0000 | ||
7336 | |||
7337 | upstream: make ssh_remote_ipaddr() capable of being called after | ||
7338 | |||
7339 | the ssh->state has been torn down; bz#2773 | ||
7340 | |||
7341 | OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb | ||
7342 | |||
7343 | commit 3e088aaf236ef35beeef3c9be93fd53700df5861 | ||
7344 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7345 | Date: Fri Jun 1 03:51:34 2018 +0000 | ||
7346 | |||
7347 | upstream: return correct exit code when searching for and hashing | ||
7348 | |||
7349 | known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772 | ||
7350 | Report and fix from Anton Kremenetsky | ||
7351 | |||
7352 | OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58 | ||
7353 | |||
7354 | commit 9c935dd9bf05628826ad2495d3e8bdf3d3271c21 | ||
7355 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7356 | Date: Fri Jun 1 03:33:53 2018 +0000 | ||
7357 | |||
7358 | upstream: make UID available as a %-expansion everywhere that the | ||
7359 | |||
7360 | username is available currently. In the client this is via %i, in the server | ||
7361 | %U (since %i was already used in the client in some places for this, but used | ||
7362 | for something different in the server); bz#2870, ok dtucker@ | ||
7363 | |||
7364 | OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95 | ||
7365 | |||
7366 | commit d8748b91d1d6c108c0c260ed41fa55f37b9ef34b | ||
7367 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7368 | Date: Fri Jun 1 03:11:49 2018 +0000 | ||
7369 | |||
7370 | upstream: prefer argv0 to "ssh" when re-executing ssh for ProxyJump | ||
7371 | |||
7372 | directive; bz2831, feedback and ok dtucker@ | ||
7373 | |||
7374 | OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e | ||
7375 | |||
7376 | commit fbb4b5fd4f8e0bb89732670a01954e18b69e15ba | ||
7377 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7378 | Date: Fri May 25 07:11:01 2018 +0000 | ||
7379 | |||
7380 | upstream: Do not ban PTY allocation when a sshd session is restricted | ||
7381 | |||
7382 | because the user password is expired as it breaks password change dialog. | ||
7383 | |||
7384 | regression in openssh-7.7 reported by Daniel Wagner | ||
7385 | |||
7386 | OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73 | ||
7387 | |||
7388 | commit f6a59a22b0c157c4c4e5fd7232f868138223be64 | ||
7389 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7390 | Date: Fri May 25 04:25:46 2018 +0000 | ||
7391 | |||
7392 | upstream: Fix return value confusion in several functions (readdir, | ||
7393 | |||
7394 | download and fsync). These should return -1 on error, not a sftp status code. | ||
7395 | |||
7396 | patch from Petr Cerny in bz#2871 | ||
7397 | |||
7398 | OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09 | ||
7399 | |||
7400 | commit 1da5934b860ac0378d52d3035b22b6670f6a967e | ||
7401 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7402 | Date: Fri May 25 03:20:59 2018 +0000 | ||
7403 | |||
7404 | upstream: If select() fails in ssh_packet_read_seqnr go directly to | ||
7405 | |||
7406 | the error path instead of trying to read from the socket on the way out, | ||
7407 | which resets errno and causes the true error to be misreported. ok djm@ | ||
7408 | |||
7409 | OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a | ||
7410 | |||
7411 | commit 4ef75926ef517d539f2c7aac3188b09f315c86a7 | ||
7412 | Author: Damien Miller <djm@mindrot.org> | ||
7413 | Date: Fri May 25 13:36:58 2018 +1000 | ||
7414 | |||
7415 | Permit getuid()/geteuid() syscalls. | ||
7416 | |||
7417 | Requested for Linux/s390; patch from Eduardo Barretto via bz#2752; | ||
7418 | ok dtucker | ||
7419 | |||
7420 | commit 4b22fd8ecefd059a66140be67f352eb6145a9d88 | ||
7421 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7422 | Date: Tue May 22 00:13:26 2018 +0000 | ||
7423 | |||
7424 | upstream: support ProxyJump=none to disable ProxyJump | ||
7425 | |||
7426 | functionality; bz#2869 ok dtucker@ | ||
7427 | |||
7428 | OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01 | ||
7429 | |||
7430 | commit f41bcd70f55b4f0fc4d8e1039cb361ac922b23fb | ||
7431 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7432 | Date: Tue May 15 05:40:11 2018 +0000 | ||
7433 | |||
7434 | upstream: correct keyowrd name (permitemptypasswords); from brendan | ||
7435 | |||
7436 | macdonell | ||
7437 | |||
7438 | OpenBSD-Commit-ID: ef1bdbc936b2ea693ee37a4c20a94d4d43f5fda3 | ||
7439 | |||
7440 | commit f18bc97151340127859634d20d79fd39ec8a7f39 | ||
7441 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7442 | Date: Fri May 11 04:01:11 2018 +0000 | ||
7443 | |||
7444 | upstream: Emphasise that -w implicitly sets Tunnel=point-to-point | ||
7445 | |||
7446 | and that users should specify an explicit Tunnel directive if they don't want | ||
7447 | this. bz#2365. | ||
7448 | |||
7449 | OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d | ||
7450 | |||
7451 | commit 32e4e94e1511fe0020fbfbb62399d31b2d22a801 | ||
7452 | Author: Damien Miller <djm@mindrot.org> | ||
7453 | Date: Mon May 14 14:40:08 2018 +1000 | ||
7454 | |||
7455 | sync fmt_scaled.c | ||
7456 | |||
7457 | revision 1.17 | ||
7458 | date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2; | ||
7459 | commitid: 53zY8GjViUBnWo8Z; | ||
7460 | constrain fractional part to [0-9] (less confusing to static analysis); ok ian@ | ||
7461 | |||
7462 | commit 54268d589e85ecc43d3eba8d83f327bdada9d696 | ||
7463 | Author: Damien Miller <djm@mindrot.org> | ||
7464 | Date: Fri May 11 14:04:40 2018 +1000 | ||
7465 | |||
7466 | fix key-options.sh on platforms without openpty(3) | ||
7467 | |||
7468 | Skip the pty tests if the platform lacks openpty(3) and has to chown(2) | ||
7469 | the pty device explicitly. This typically requires root permissions that | ||
7470 | this test lacks. | ||
7471 | |||
7472 | bz#2856 ok dtucker@ | ||
7473 | |||
7474 | commit b2140a739be4c3b43cc1dc08322dca39a1e39d20 | ||
7475 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7476 | Date: Fri May 11 03:38:51 2018 +0000 | ||
7477 | |||
7478 | upstream: implement EMFILE mitigation for ssh-agent: remember the | ||
7479 | |||
7480 | fd rlimit and stop accepting new connections when it is exceeded (with some | ||
7481 | grace). Accept is resumed when enough connections are closed. | ||
7482 | |||
7483 | bz#2576. feedback deraadt; ok dtucker@ | ||
7484 | |||
7485 | OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea | ||
7486 | |||
7487 | commit fdba503fdfc647ee8a244002f1581e869c1f3d90 | ||
7488 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7489 | Date: Fri May 11 03:22:55 2018 +0000 | ||
7490 | |||
7491 | upstream: Explicit cast when snprintf'ing an uint64. Prevents | ||
7492 | |||
7493 | warnings on platforms where int64 is long not long long. ok djm@ | ||
7494 | |||
7495 | OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001 | ||
7496 | |||
7497 | commit e7751aa4094d51a9bc00778aa8d07e22934c55ee | ||
7498 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
7499 | Date: Thu Apr 26 14:47:03 2018 +0000 | ||
7500 | |||
7501 | upstream: Since the previous commit, ssh regress test sftp-chroot was | ||
7502 | |||
7503 | failing. The sftp program terminated with the wrong exit code as sftp called | ||
7504 | fatal() instad of exit(0). So when the sigchld handler waits for the child, | ||
7505 | remember that it was found. Then don't expect that main() can wait again. OK | ||
7506 | dtucker@ | ||
7507 | |||
7508 | OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266 | ||
7509 | |||
7510 | commit 7c15301841e2e9d37cae732400de63ae9c0961d6 | ||
7511 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7512 | Date: Sun Apr 29 17:54:12 2018 +1000 | ||
7513 | |||
7514 | Use includes.h instead of config.h. | ||
7515 | |||
7516 | This ensures it picks up the definition of DEF_WEAK, the lack of which | ||
7517 | can cause compile errors in some cases (eg modern AIX). From | ||
7518 | michael at felt.demon.nl. | ||
7519 | |||
7520 | commit cec338967a666b7c8ad8b88175f2faeddf268116 | ||
7521 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7522 | Date: Thu Apr 19 09:53:14 2018 +1000 | ||
7523 | |||
7524 | Omit 3des-cbc if OpenSSL built without DES. | ||
7525 | |||
7526 | Patch from hongxu.jia at windriver.com, ok djm@ | ||
7527 | |||
7528 | commit a575ddd58835759393d2dddd16ebe5abdb56485e | ||
7529 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7530 | Date: Mon Apr 16 22:50:44 2018 +0000 | ||
7531 | |||
7532 | upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients | ||
7533 | |||
7534 | without version numbers since they choke on them under some circumstances. | ||
7535 | https://twistedmatrix.com/trac/ticket/9422 via Colin Watson | ||
7536 | |||
7537 | Newer Conch versions have a version number in their ident string and | ||
7538 | handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424 | ||
7539 | |||
7540 | OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539 | ||
7541 | |||
7542 | commit 390c7000a8946db565b66eab9e52fb11948711fa | ||
7543 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7544 | Date: Sat Apr 14 21:50:41 2018 +0000 | ||
7545 | |||
7546 | upstream: don't free the %C expansion, it's used later for | ||
7547 | |||
7548 | LocalCommand | ||
7549 | |||
7550 | OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1 | ||
7551 | |||
7552 | commit 3455f1e7c48e2e549192998d330214975b9b1dc7 | ||
7553 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7554 | Date: Fri Apr 13 05:04:12 2018 +0000 | ||
7555 | |||
7556 | upstream: notify user immediately when underlying ssh process dies; | ||
7557 | |||
7558 | patch from Thomas Kuthan in bz2719; ok dtucker@ | ||
7559 | |||
7560 | OpenBSD-Commit-ID: 78fac88c2f08054d1fc5162c43c24162b131cf78 | ||
7561 | |||
7562 | commit 1c5b4bc827f4abc3e65888cda061ad5edf1b8c7c | ||
7563 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7564 | Date: Fri Apr 13 16:23:57 2018 +1000 | ||
7565 | |||
7566 | Allow nanosleep in preauth privsep child. | ||
7567 | |||
7568 | The new timing attack mitigation code uses nanosleep in the preauth | ||
7569 | codepath, allow in systrace andbox too. | ||
7570 | |||
7571 | commit 0e73428038d5ecfa5d2a28cff26661502a7aff4e | ||
7572 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7573 | Date: Fri Apr 13 16:06:29 2018 +1000 | ||
7574 | |||
7575 | Allow nanosleep in preauth privsep child. | ||
7576 | |||
7577 | The new timing attack mitigation code uses nanosleep in the preauth | ||
7578 | codepath, allow in sandbox. | ||
7579 | |||
7580 | commit e9d910b0289c820852f7afa67f584cef1c05fe95 | ||
7581 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7582 | Date: Fri Apr 13 03:57:26 2018 +0000 | ||
7583 | |||
7584 | upstream: Defend against user enumeration timing attacks. This | ||
7585 | |||
7586 | establishes a minimum time for each failed authentication attempt (5ms) and | ||
7587 | adds a per-user constant derived from a host secret (0-4ms). Based on work | ||
7588 | by joona.kannisto at tut.fi, ok markus@ djm@. | ||
7589 | |||
7590 | OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca | ||
7591 | |||
7592 | commit d97874cbd909eb706886cd0cdd418f812c119ef9 | ||
7593 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7594 | Date: Fri Apr 13 13:43:55 2018 +1000 | ||
7595 | |||
7596 | Using "==" in shell tests is not portable. | ||
7597 | |||
7598 | Patch from rsbecker at nexbridge.com. | ||
7599 | |||
7600 | commit cfb1d9bc76734681e3dea532a1504fcd466fbe91 | ||
7601 | Author: Damien Miller <djm@mindrot.org> | ||
7602 | Date: Fri Apr 13 13:38:06 2018 +1000 | ||
7603 | |||
7604 | Fix tunnel forwarding broken in 7.7p1 | ||
7605 | |||
7606 | bz2855, ok dtucker@ | ||
7607 | |||
7608 | commit afa6e79b76fb52a0c09a29688b5c0d125eb08302 | ||
7609 | Author: Damien Miller <djm@mindrot.org> | ||
7610 | Date: Fri Apr 13 13:31:42 2018 +1000 | ||
7611 | |||
7612 | prefer to use getrandom() for PRNG seeding | ||
7613 | |||
7614 | Only applies when built --without-openssl. Thanks Jann Horn for | ||
7615 | reminder. | ||
7616 | |||
7617 | commit 575fac34a97f69bc217b235f81de9f8f433eceed | ||
7618 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7619 | Date: Fri Apr 13 13:13:33 2018 +1000 | ||
7620 | |||
7621 | Revert $REGRESSTMP changes. | ||
7622 | |||
7623 | Revert 3fd2d229 and subsequent changes as they turned out to be a | ||
7624 | portability hassle. | ||
7625 | |||
7626 | commit 10479cc2a4acd6faaf643eb305233b49d70c31c1 | ||
7627 | Author: Damien Miller <djm@mindrot.org> | ||
7628 | Date: Tue Apr 10 10:19:02 2018 +1000 | ||
7629 | |||
7630 | Many typo fixes from Karsten Weiss | ||
7631 | |||
7632 | Spotted using https://github.com/lucasdemarchi/codespell | ||
7633 | |||
7634 | commit 907da2f88519b34189fd03fac96de0c52d448233 | ||
7635 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7636 | Date: Tue Apr 10 00:14:10 2018 +0000 | ||
7637 | |||
7638 | upstream: more typos spotted by Karsten Weiss using codespell | ||
7639 | |||
7640 | OpenBSD-Regress-ID: d906a2aea0663810a658b7d0bc61a1d2907d4d69 | ||
7641 | |||
7642 | commit 37e5f4a7ab9a8026e5fc2f47dafb0f1b123d39e9 | ||
7643 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7644 | Date: Tue Apr 10 00:13:27 2018 +0000 | ||
7645 | |||
7646 | upstream: make this a bit more portable-friendly | ||
7647 | |||
7648 | OpenBSD-Regress-ID: 62f7b9e055e8dfaab92b3825f158beeb4ca3f963 | ||
7649 | |||
7650 | commit 001aa55484852370488786bd40e9fdad4b465811 | ||
7651 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7652 | Date: Tue Apr 10 00:10:49 2018 +0000 | ||
7653 | |||
7654 | upstream: lots of typos in comments/docs. Patch from Karsten Weiss | ||
7655 | |||
7656 | after checking with codespell tool | ||
7657 | (https://github.com/lucasdemarchi/codespell) | ||
7658 | |||
7659 | OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528 | ||
7660 | |||
7661 | commit 260ede2787fe80b18b8d5920455b4fb268519c7d | ||
7662 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7663 | Date: Mon Apr 9 23:54:49 2018 +0000 | ||
7664 | |||
7665 | upstream: don't kill ssh-agent's listening socket entriely if we | ||
7666 | |||
7667 | fail to accept a connection; bz#2837, patch from Lukas Kuster | ||
7668 | |||
7669 | OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f | ||
7670 | |||
7671 | commit ebc8b4656f9b0f834a642a9fb3c9fbca86a61838 | ||
7672 | Author: tj@openbsd.org <tj@openbsd.org> | ||
7673 | Date: Mon Apr 9 20:41:22 2018 +0000 | ||
7674 | |||
7675 | upstream: the UseLogin option was removed, so remove it here too. | ||
7676 | |||
7677 | ok dtucker | ||
7678 | |||
7679 | OpenBSD-Commit-ID: 7080be73a64d68e21f22f5408a67a0ba8b1b6b06 | ||
7680 | |||
7681 | commit 3e36f281851fc8e9c996b33f108b2ae167314fbe | ||
7682 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7683 | Date: Sun Apr 8 07:36:02 2018 +0000 | ||
7684 | |||
7685 | upstream: tweak previous; | ||
7686 | |||
7687 | OpenBSD-Commit-ID: 2b9c23022ea7b9dddb62864de4e906000f9d7474 | ||
7688 | |||
7689 | commit 8368571efd6693c5c57f850e23a2372acf3f865f | ||
7690 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7691 | Date: Sat Apr 7 13:50:10 2018 +0000 | ||
7692 | |||
7693 | upstream: tweak previous; | ||
7694 | |||
7695 | OpenBSD-Commit-ID: 38e347b6f8e888f5e0700d01abb1eba7caa154f9 | ||
7696 | |||
7697 | commit 555294a7279914ae6795b71bedf4e6011b7636df | ||
7698 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7699 | Date: Fri Apr 6 13:02:39 2018 +0000 | ||
7700 | |||
7701 | upstream: Allow "SendEnv -PATTERN" to clear environment variables | ||
7702 | |||
7703 | previously labeled for sendind. bz#1285 ok dtucker@ | ||
7704 | |||
7705 | OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9 | ||
7706 | |||
7707 | commit 40f5f03544a07ebd2003b443d42e85cb51d94d59 | ||
7708 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7709 | Date: Fri Apr 6 04:15:45 2018 +0000 | ||
7710 | |||
7711 | upstream: relax checking of authorized_keys environment="..." | ||
7712 | |||
7713 | options to allow underscores in variable names (regression introduced in | ||
7714 | 7.7). bz2851, ok deraadt@ | ||
7715 | |||
7716 | OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c | ||
7717 | |||
7718 | commit 30fd7f9af0f553aaa2eeda5a1f53f26cfc222b5e | ||
7719 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7720 | Date: Fri Apr 6 03:51:27 2018 +0000 | ||
7721 | |||
7722 | upstream: add a couple of missed options to the config dump; patch | ||
7723 | |||
7724 | from Jakub Jelen via bz2835 | ||
7725 | |||
7726 | OpenBSD-Commit-ID: 5970adadf6ef206bee0dddfc75d24c2019861446 | ||
7727 | |||
7728 | commit 8d6829be324452d2acd282d5f8ceb0adaa89a4de | ||
7729 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7730 | Date: Fri Apr 6 03:34:27 2018 +0000 | ||
7731 | |||
7732 | upstream: ssh does not accept -oInclude=... on the commandline, the | ||
7733 | |||
7734 | Include keyword is for configuration files only. bz#2840, patch from Jakub | ||
7735 | Jelen | ||
7736 | |||
7737 | OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0 | ||
7738 | |||
7739 | commit 00c5222ddc0c8edcaa4ea45ac03befdc8013d137 | ||
7740 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7741 | Date: Thu Apr 5 22:54:28 2018 +0000 | ||
7742 | |||
7743 | upstream: We don't offer CBC cipher by default any more. Spotted by | ||
7744 | |||
7745 | Renaud Allard (via otto@) | ||
7746 | |||
7747 | OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca | ||
7748 | |||
7749 | commit 5ee8448ad7c306f05a9f56769f95336a8269f379 | ||
7750 | Author: job@openbsd.org <job@openbsd.org> | ||
7751 | Date: Wed Apr 4 15:12:17 2018 +0000 | ||
7752 | |||
7753 | upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for | ||
7754 | |||
7755 | interactive and CS1 for bulk | ||
7756 | |||
7757 | AF21 was selected as this is the highest priority within the low-latency | ||
7758 | service class (and it is higher than what we have today). SSH is elastic | ||
7759 | and time-sensitive data, where a user is waiting for a response via the | ||
7760 | network in order to continue with a task at hand. As such, these flows | ||
7761 | should be considered foreground traffic, with delays or drops to such | ||
7762 | traffic directly impacting user-productivity. | ||
7763 | |||
7764 | For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable | ||
7765 | networks implementing a scavanger/lower-than-best effort class to | ||
7766 | discriminate scp(1) below normal activities, such as web surfing. In | ||
7767 | general this type of bulk SSH traffic is a background activity. | ||
7768 | |||
7769 | An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH | ||
7770 | is that they are recognisable values on all common platforms (IANA | ||
7771 | https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and | ||
7772 | for AF21 specifically a definition of the intended behavior exists | ||
7773 | https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition | ||
7774 | of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and | ||
7775 | for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662 | ||
7776 | |||
7777 | The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE | ||
7778 | 802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate", | ||
7779 | or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e, | ||
7780 | MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK"). | ||
7781 | |||
7782 | OK deraadt@, "no objection" djm@ | ||
7783 | |||
7784 | OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181 | ||
7785 | |||
7786 | commit 424b544fbda963f973da80f884717c3e0a513288 | ||
7787 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7788 | Date: Tue Apr 3 02:14:08 2018 +0000 | ||
7789 | |||
7790 | upstream: Import regenerated moduli file. | ||
7791 | |||
7792 | OpenBSD-Commit-ID: 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e | ||
7793 | |||
7794 | commit 323f66ce934df2da551f256f37d69822428e1ca1 | ||
7795 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7796 | Date: Fri Apr 6 04:18:35 2018 +0000 | ||
7797 | |||
7798 | upstream: Add test for username options parsing order, prompted by | ||
7799 | |||
7800 | bz#2849. | ||
7801 | |||
7802 | OpenBSD-Regress-ID: 6985cd32f38596882a3ac172ff8c510693b65283 | ||
7803 | |||
7804 | commit e8f474554e3bda102a797a2fbab0594ccc66f097 | ||
7805 | Author: Damien Miller <djm@mindrot.org> | ||
7806 | Date: Fri Apr 6 14:11:44 2018 +1000 | ||
7807 | |||
7808 | Expose SSH_AUTH_INFO_0 to PAM auth modules | ||
7809 | |||
7810 | bz#2408, patch from Radoslaw Ejsmont; ok dtucker@ | ||
7811 | |||
7812 | commit 014ba209cf4c6a159baa30ecebbaddfa97da7100 | ||
7813 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7814 | Date: Tue Apr 3 12:18:00 2018 +1000 | ||
7815 | |||
7816 | Import regenerated moduli file. | ||
7817 | |||
7818 | commit a0349a1cc4a18967ad1dbff5389bcdf9da098814 | ||
7819 | Author: Damien Miller <djm@mindrot.org> | ||
7820 | Date: Mon Apr 2 15:38:28 2018 +1000 | ||
7821 | |||
7822 | update versions in .spec files | ||
7823 | |||
7824 | commit 816ad38f79792f5617e3913be306ddb27e91091c | ||
7825 | Author: Damien Miller <djm@mindrot.org> | ||
7826 | Date: Mon Apr 2 15:38:20 2018 +1000 | ||
7827 | |||
7828 | update version number | ||
7829 | |||
7830 | commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2 | ||
7831 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7832 | Date: Fri Mar 30 18:23:07 2018 +1100 | ||
7833 | |||
7834 | Disable native strndup and strnlen on AIX. | ||
7835 | |||
7836 | On at least some revisions of AIX, strndup returns unterminated strings | ||
7837 | under some conditions, apparently because strnlen returns incorrect | ||
7838 | values in those cases. Disable both on AIX and use the replacements | ||
7839 | from openbsd-compat. Fixes problem with ECDSA keys there, ok djm. | ||
7840 | |||
7841 | commit 6b5a17bc14e896e3904dc58d889b58934cfacd24 | ||
7842 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7843 | Date: Mon Mar 26 13:12:44 2018 +1100 | ||
7844 | |||
7845 | Include ssh_api.h for struct ssh. | ||
7846 | |||
7847 | struct ssh is needed by implementations of sys_auth_passwd() that were | ||
7848 | converted in commit bba02a50. Needed to fix build on AIX, I assume for | ||
7849 | the other platforms too (although it should be harmless if not needed). | ||
7850 | |||
7851 | commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d | ||
7852 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7853 | Date: Mon Mar 26 12:58:09 2018 +1100 | ||
7854 | |||
7855 | Remove UNICOS code missed during removal. | ||
7856 | |||
7857 | Fixes compile error on AIX. | ||
7858 | |||
7859 | commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738 | ||
7860 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7861 | Date: Sat Mar 24 19:29:03 2018 +0000 | ||
7862 | |||
7863 | upstream: openssh-7.7 | ||
7864 | |||
7865 | OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 | ||
7866 | |||
7867 | commit 4b7d8acdbbceef247dc035e611e577174ed8a87e | ||
7868 | Author: Damien Miller <djm@mindrot.org> | ||
7869 | Date: Mon Mar 26 09:37:02 2018 +1100 | ||
7870 | |||
7871 | Remove authinfo.sh test dependency on printenv | ||
7872 | |||
7873 | Some platforms lack printenv in the default $PATH. | ||
7874 | Reported by Tom G. Christensen | ||
7875 | |||
7876 | commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e | ||
7877 | Author: Tim Rice <tim@multitalents.net> | ||
7878 | Date: Sun Mar 25 10:00:21 2018 -0700 | ||
7879 | |||
7880 | Use libiaf on all sysv5 systems | ||
7881 | |||
7882 | commit bba02a5094b3db228ceac41cb4bfca165d0735f3 | ||
7883 | Author: Tim Rice <tim@multitalents.net> | ||
7884 | Date: Sun Mar 25 09:17:33 2018 -0700 | ||
7885 | |||
7886 | modified: auth-sia.c | ||
7887 | modified: openbsd-compat/port-aix.c | ||
7888 | modified: openbsd-compat/port-uw.c | ||
7889 | |||
7890 | propogate changes to auth-passwd.c in commit | ||
7891 | 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers | ||
7892 | of sys_auth_passwd() | ||
7893 | |||
7894 | commit d7a7a39168bdfe273587bf85d779d60569100a3f | ||
7895 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7896 | Date: Sat Mar 24 19:29:03 2018 +0000 | ||
7897 | |||
7898 | upstream: openssh-7.7 | ||
7899 | |||
7900 | OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 | ||
7901 | |||
7902 | commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2 | ||
7903 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7904 | Date: Sat Mar 24 19:28:43 2018 +0000 | ||
7905 | |||
7906 | upstream: fix bogus warning when signing cert keys using agent; | ||
7907 | |||
7908 | from djm; ok deraadt dtucker | ||
7909 | |||
7910 | OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d | ||
7911 | |||
7912 | commit 393436024d2e4b4c7a01f9cfa5854e7437896d11 | ||
7913 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7914 | Date: Sun Mar 25 09:40:46 2018 +1100 | ||
7915 | |||
7916 | Replace /dev/stdin with "-". | ||
7917 | |||
7918 | For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted | ||
7919 | and suggested by vinschen at redhat.com. | ||
7920 | |||
7921 | commit b5974de1a1d419e316ffb6524b1b277dda2f3b49 | ||
7922 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7923 | Date: Fri Mar 23 13:21:14 2018 +1100 | ||
7924 | |||
7925 | Provide $OBJ to paths in PuTTY interop tests. | ||
7926 | |||
7927 | commit dc31e79454e9b9140b33ad380565fdb59b9c4f33 | ||
7928 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7929 | Date: Fri Mar 16 09:06:31 2018 +0000 | ||
7930 | |||
7931 | upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On | ||
7932 | |||
7933 | OpenBSD they are both non-blocking, but on many other -portable platforms it | ||
7934 | blocks, stalling tests. | ||
7935 | |||
7936 | OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc | ||
7937 | |||
7938 | commit cb1f94431ef319cd48618b8b771b58739a8210cf | ||
7939 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7940 | Date: Thu Mar 22 07:06:11 2018 +0000 | ||
7941 | |||
7942 | upstream: ssh/xmss: fix build; ok djm@ | ||
7943 | |||
7944 | OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186 | ||
7945 | |||
7946 | commit 27979da9e4074322611355598f69175b9ff10d39 | ||
7947 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7948 | Date: Thu Mar 22 07:05:48 2018 +0000 | ||
7949 | |||
7950 | upstream: ssh/xmss: fix deserialize for certs; ok djm@ | ||
7951 | |||
7952 | OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc | ||
7953 | |||
7954 | commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f | ||
7955 | Author: Darren Tucker <dtucker@dtucker.net> | ||
7956 | Date: Thu Mar 22 17:00:28 2018 +1100 | ||
7957 | |||
7958 | Save $? before case statement. | ||
7959 | |||
7960 | In some shells (FreeBSD 9, ash) the case statement resets $?, so save | ||
7961 | for later testing. | ||
7962 | |||
7963 | commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d | ||
7964 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7965 | Date: Wed Mar 14 05:35:40 2018 +0000 | ||
7966 | |||
7967 | upstream: rename recently-added "valid-before" key restriction to | ||
7968 | |||
7969 | "expiry-time" as the former is confusing wrt similar terminology in X.509; | ||
7970 | pointed out by jsing@ | ||
7971 | |||
7972 | OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793 | ||
7973 | |||
7974 | commit 500396b204c58e78ad9d081516a365a9f28dc3fd | ||
7975 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7976 | Date: Mon Mar 12 00:56:03 2018 +0000 | ||
7977 | |||
7978 | upstream: check valid-before option in authorized_keys | ||
7979 | |||
7980 | OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11 | ||
7981 | |||
7982 | commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215 | ||
7983 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7984 | Date: Mon Mar 12 00:54:04 2018 +0000 | ||
7985 | |||
7986 | upstream: explicitly specify RSA/SHA-2 keytype here too | ||
7987 | |||
7988 | OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62 | ||
7989 | |||
7990 | commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1 | ||
7991 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7992 | Date: Mon Mar 12 00:52:57 2018 +0000 | ||
7993 | |||
7994 | upstream: exlicitly include RSA/SHA-2 keytypes in | ||
7995 | |||
7996 | PubkeyAcceptedKeyTypes here | ||
7997 | |||
7998 | OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9 | ||
7999 | |||
8000 | commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8 | ||
8001 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8002 | Date: Wed Mar 14 06:56:20 2018 +0000 | ||
8003 | |||
8004 | upstream: sort expiry-time; | ||
8005 | |||
8006 | OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf | ||
8007 | |||
8008 | commit abc0fa38c9bc136871f28e452c3465c3051fc785 | ||
8009 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8010 | Date: Wed Mar 14 05:35:40 2018 +0000 | ||
8011 | |||
8012 | upstream: rename recently-added "valid-before" key restriction to | ||
8013 | |||
8014 | "expiry-time" as the former is confusing wrt similar terminology in X.509; | ||
8015 | pointed out by jsing@ | ||
8016 | |||
8017 | OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6 | ||
8018 | |||
8019 | commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13 | ||
8020 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8021 | Date: Mon Mar 12 00:52:01 2018 +0000 | ||
8022 | |||
8023 | upstream: add valid-before="[time]" authorized_keys option. A | ||
8024 | |||
8025 | simple way of giving a key an expiry date. ok markus@ | ||
8026 | |||
8027 | OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947 | ||
8028 | |||
8029 | commit fbd733ab7adc907118a6cf56c08ed90c7000043f | ||
8030 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8031 | Date: Mon Mar 12 19:17:26 2018 +1100 | ||
8032 | |||
8033 | Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE. | ||
8034 | |||
8035 | The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent | ||
8036 | warnings from autoconf. Pointed out by klausz at haus-gisela.de. | ||
8037 | |||
8038 | commit c7c458e8261b04d161763cd333d74e7a5842e917 | ||
8039 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8040 | Date: Wed Mar 7 23:53:08 2018 +0000 | ||
8041 | |||
8042 | upstream: revert recent strdelim() change, it causes problems with | ||
8043 | |||
8044 | some configs. | ||
8045 | |||
8046 | revision 1.124 | ||
8047 | date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; | ||
8048 | Allow escaped quotes \" and \' in ssh_config and sshd_config quotes | ||
8049 | option strings. bz#1596 ok markus@ | ||
8050 | |||
8051 | OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5 | ||
8052 | |||
8053 | commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2 | ||
8054 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8055 | Date: Mon Mar 5 07:03:18 2018 +0000 | ||
8056 | |||
8057 | upstream: move the input format details to -f; remove the output | ||
8058 | |||
8059 | format details and point to sshd(8), where it is documented; | ||
8060 | |||
8061 | ok dtucker | ||
8062 | |||
8063 | OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a | ||
8064 | |||
8065 | commit 45011511a09e03493568506ce32f4891a174a3bd | ||
8066 | Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com> | ||
8067 | Date: Tue Jun 20 16:42:28 2017 +0100 | ||
8068 | |||
8069 | configure.ac: properly set seccomp_audit_arch for MIPS64 | ||
8070 | |||
8071 | Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or | ||
8072 | AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built | ||
8073 | for MIPS64. However, that's only valid for n64 ABI. The right macros for | ||
8074 | n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and | ||
8075 | AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. | ||
8076 | |||
8077 | Because of that an sshd built for MIPS64 n32 rejects connection attempts | ||
8078 | and the output of strace reveals that the problem is related to seccomp | ||
8079 | audit: | ||
8080 | |||
8081 | [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, | ||
8082 | filter=0x555d5da0}) = 0 | ||
8083 | [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? | ||
8084 | [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, | ||
8085 | {fd=6, revents=POLLHUP}]) | ||
8086 | [pid 194] +++ killed by SIGSYS +++ | ||
8087 | |||
8088 | This patch fixes that problem by setting the right value to | ||
8089 | seccomp_audit_arch taking into account the MIPS64 ABI. | ||
8090 | |||
8091 | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> | ||
8092 | |||
8093 | commit 580086704c31de91dc7ba040a28e416bf1fefbca | ||
8094 | Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com> | ||
8095 | Date: Tue Jun 20 16:42:11 2017 +0100 | ||
8096 | |||
8097 | configure.ac: detect MIPS ABI | ||
8098 | |||
8099 | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> | ||
8100 | |||
8101 | commit cd4e937aa701f70366cd5b5969af525dff6fdf15 | ||
8102 | Author: Alan Yee <alyee@ucsd.edu> | ||
8103 | Date: Wed Mar 7 15:12:14 2018 -0800 | ||
8104 | |||
8105 | Use https URLs for links that support it. | ||
8106 | |||
8107 | commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9 | ||
8108 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8109 | Date: Mon Mar 5 20:03:07 2018 +1100 | ||
8110 | |||
8111 | Disable UTMPX on SunOS4. | ||
8112 | |||
8113 | commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9 | ||
8114 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8115 | Date: Mon Mar 5 19:28:08 2018 +1100 | ||
8116 | |||
8117 | Check for and work around buggy fflush(NULL). | ||
8118 | |||
8119 | Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check | ||
8120 | for and work around. With klausz at haus-gisela.de. | ||
8121 | |||
8122 | commit 71e48bc7945f867029e50e06c665c66aed6d3c64 | ||
8123 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8124 | Date: Mon Mar 5 10:22:32 2018 +1100 | ||
8125 | |||
8126 | Remove extra XMSS #endif | ||
8127 | |||
8128 | Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack | ||
8129 | Schmidt via github. | ||
8130 | |||
8131 | commit 055e09e2212ff52067786bf6d794ca9512ff7f0c | ||
8132 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8133 | Date: Sat Mar 3 06:37:53 2018 +0000 | ||
8134 | |||
8135 | upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18 | ||
8136 | |||
8137 | bumped the minimum from 768 to 1024, update man page accordingly. | ||
8138 | |||
8139 | OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338 | ||
8140 | |||
8141 | commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1 | ||
8142 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8143 | Date: Sun Mar 4 01:46:48 2018 +0000 | ||
8144 | |||
8145 | upstream: for the pty control tests, just check that the PTY path | ||
8146 | |||
8147 | points to something in /dev (rather than checking the device node itself); | ||
8148 | makes life easier for portable, where systems with dynamic ptys can delete | ||
8149 | nodes before we get around to testing their existence. | ||
8150 | |||
8151 | OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994 | ||
8152 | |||
8153 | commit 13ef4cf53f24753fe920832b990b25c9c9cd0530 | ||
8154 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8155 | Date: Sat Mar 3 16:21:20 2018 +1100 | ||
8156 | |||
8157 | Update PAM password change to new opts API. | ||
8158 | |||
8159 | commit 33561e68e0b27366cb769295a077aabc6a49d2a1 | ||
8160 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8161 | Date: Sat Mar 3 14:56:09 2018 +1100 | ||
8162 | |||
8163 | Add strndup for platforms that need it. | ||
8164 | |||
8165 | Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 | ||
8166 | and FreeBSD 6. | ||
8167 | |||
8168 | commit e8a17feba95eef424303fb94441008f6c5347aaf | ||
8169 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8170 | Date: Sat Mar 3 14:49:07 2018 +1100 | ||
8171 | |||
8172 | Flatten and alphabetize object file lists. | ||
8173 | |||
8174 | This will make maintenance and changes easier. "no objection" tim@ | ||
8175 | |||
8176 | commit de1920d743d295f50e6905e5957c4172c038e8eb | ||
8177 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8178 | Date: Sat Mar 3 03:16:17 2018 +0000 | ||
8179 | |||
8180 | upstream: unit tests for new authorized_keys options API | ||
8181 | |||
8182 | OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1 | ||
8183 | |||
8184 | commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 | ||
8185 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8186 | Date: Fri Mar 2 02:53:27 2018 +0000 | ||
8187 | |||
8188 | upstream: fix testing of pty option, include positive test and | ||
8189 | |||
8190 | testing of restrict keyword | ||
8191 | |||
8192 | OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d | ||
8193 | |||
8194 | commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61 | ||
8195 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8196 | Date: Fri Mar 2 02:51:55 2018 +0000 | ||
8197 | |||
8198 | upstream: better testing for port-forwarding and restrict flags in | ||
8199 | |||
8200 | authorized_keys | ||
8201 | |||
8202 | OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa | ||
8203 | |||
8204 | commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 | ||
8205 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8206 | Date: Sat Mar 3 03:15:51 2018 +0000 | ||
8207 | |||
8208 | upstream: switch over to the new authorized_keys options API and | ||
8209 | |||
8210 | remove the legacy one. | ||
8211 | |||
8212 | Includes a fairly big refactor of auth2-pubkey.c to retain less state | ||
8213 | between key file lines. | ||
8214 | |||
8215 | feedback and ok markus@ | ||
8216 | |||
8217 | OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df | ||
8218 | |||
8219 | commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b | ||
8220 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8221 | Date: Sat Mar 3 03:06:02 2018 +0000 | ||
8222 | |||
8223 | upstream: Introduce a new API for handling authorized_keys options. | ||
8224 | |||
8225 | This API parses options to a dedicated structure rather than the old API's | ||
8226 | approach of setting global state. It also includes support for merging | ||
8227 | options, e.g. from authorized_keys, authorized_principals and/or | ||
8228 | certificates. | ||
8229 | |||
8230 | feedback and ok markus@ | ||
8231 | |||
8232 | OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2 | ||
8233 | |||
8234 | commit 26074380767e639ef89321610e146ae11016b385 | ||
8235 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8236 | Date: Sat Mar 3 03:01:50 2018 +0000 | ||
8237 | |||
8238 | upstream: warn when the agent returns a signature type that was | ||
8239 | |||
8240 | different to what was requested. This might happen when an old/non-OpenSSH | ||
8241 | agent is asked to make a rsa-sha2-256/512 signature but only supports | ||
8242 | ssh-rsa. bz#2799 feedback and ok markus@ | ||
8243 | |||
8244 | OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce | ||
8245 | |||
8246 | commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc | ||
8247 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8248 | Date: Fri Mar 2 21:40:15 2018 +0000 | ||
8249 | |||
8250 | upstream: apply a lick of paint; tweaks/ok dtucker | ||
8251 | |||
8252 | OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703 | ||
8253 | |||
8254 | commit 713d9cb510e0e7759398716cbe6dcf43e574be71 | ||
8255 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8256 | Date: Fri Mar 2 03:02:11 2018 +0000 | ||
8257 | |||
8258 | upstream: Allow escaped quotes \" and \' in ssh_config and | ||
8259 | |||
8260 | sshd_config quotes option strings. bz#1596 ok markus@ | ||
8261 | |||
8262 | OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb | ||
8263 | |||
8264 | commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd | ||
8265 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8266 | Date: Fri Mar 2 02:08:03 2018 +0000 | ||
8267 | |||
8268 | upstream: refactor sshkey_read() to make it a little more, err, | ||
8269 | |||
8270 | readable. ok markus | ||
8271 | |||
8272 | OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28 | ||
8273 | |||
8274 | commit 5886b92968b360623491699247caddfb77a74d80 | ||
8275 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8276 | Date: Thu Mar 1 20:32:16 2018 +0000 | ||
8277 | |||
8278 | upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by | ||
8279 | |||
8280 | jmc@ | ||
8281 | |||
8282 | OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b | ||
8283 | |||
8284 | commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4 | ||
8285 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8286 | Date: Mon Feb 26 12:14:53 2018 +0000 | ||
8287 | |||
8288 | upstream: Remove unneeded (local) include. ok markus@ | ||
8289 | |||
8290 | OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93 | ||
8291 | |||
8292 | commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b | ||
8293 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8294 | Date: Mon Feb 26 03:56:44 2018 +0000 | ||
8295 | |||
8296 | upstream: Add $OpenBSD$ markers to xmss files to help keep synced | ||
8297 | |||
8298 | with portable. ok djm@. | ||
8299 | |||
8300 | OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1 | ||
8301 | |||
8302 | commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd | ||
8303 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8304 | Date: Mon Feb 26 03:03:05 2018 +0000 | ||
8305 | |||
8306 | upstream: Add newline at end of file to prevent compiler warnings. | ||
8307 | |||
8308 | OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063 | ||
8309 | |||
8310 | commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84 | ||
8311 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8312 | Date: Wed Feb 28 19:59:35 2018 +1100 | ||
8313 | |||
8314 | Add WITH_XMSS, move to prevent conflicts. | ||
8315 | |||
8316 | Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after | ||
8317 | includes.h so it's less likely to conflict and will pick up WITH_XMSS if | ||
8318 | added to config.h. | ||
8319 | |||
8320 | commit a10d8552d0d2438da4ed539275abcbf557d1e7a8 | ||
8321 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8322 | Date: Tue Feb 27 14:45:17 2018 +1100 | ||
8323 | |||
8324 | Conditionally compile XMSS code. | ||
8325 | |||
8326 | The XMSS code is currently experimental and, unlike the rest of OpenSSH | ||
8327 | cannot currently be compiled with a c89 compiler. | ||
8328 | |||
8329 | commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b | ||
8330 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8331 | Date: Mon Feb 26 12:51:29 2018 +1100 | ||
8332 | |||
8333 | Check dlopen has RTLD_NOW before enabling pkcs11. | ||
8334 | |||
8335 | commit 1323f120d06a26074c4d154fcbe7f49bcad3d741 | ||
8336 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8337 | Date: Tue Feb 27 08:41:25 2018 +1100 | ||
8338 | |||
8339 | Check for attributes on prototype args. | ||
8340 | |||
8341 | Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) | ||
8342 | do not accept __attribute__ on function pointer prototype args. Check for | ||
8343 | this and hide them if they're not accepted. | ||
8344 | |||
8345 | commit f0b245b0439e600fab782d19e97980e9f2c2533c | ||
8346 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8347 | Date: Mon Feb 26 11:43:48 2018 +1100 | ||
8348 | |||
8349 | Check if HAVE_DECL_BZERO correctly. | ||
8350 | |||
8351 | commit c7ef4a399155e1621a532cc5e08e6fa773658dd4 | ||
8352 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8353 | Date: Mon Feb 26 17:42:56 2018 +1100 | ||
8354 | |||
8355 | Wrap <stdint.h> in #ifdef HAVE_STDINT_H. | ||
8356 | |||
8357 | commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31 | ||
8358 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8359 | Date: Mon Feb 26 16:24:23 2018 +1100 | ||
8360 | |||
8361 | Replace $(CURDIR) with $(PWD). | ||
8362 | |||
8363 | The former doesn't work on Solaris or BSDs. | ||
8364 | |||
8365 | commit 534b2680a15d14e7e60274d5b29b812d44cc5a44 | ||
8366 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8367 | Date: Mon Feb 26 14:51:59 2018 +1100 | ||
8368 | |||
8369 | Comment out hexdump(). | ||
8370 | |||
8371 | Nothing currently uses them but they cause conflicts on at least | ||
8372 | FreeBSD, possibly others. ok djm@ | ||
8373 | |||
8374 | commit 5aea4aa522f61bb2f34c3055a7de203909dfae77 | ||
8375 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8376 | Date: Mon Feb 26 14:39:14 2018 +1100 | ||
8377 | |||
8378 | typo: missing ; | ||
8379 | |||
8380 | commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e | ||
8381 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8382 | Date: Mon Feb 26 14:37:06 2018 +1100 | ||
8383 | |||
8384 | Hook up flock() compat code. | ||
8385 | |||
8386 | Also a couple of minor changes: fail if we can't lock instead of | ||
8387 | silently succeeding, and apply a couple of minor style fixes. | ||
8388 | |||
8389 | commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798 | ||
8390 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8391 | Date: Mon Feb 26 14:27:02 2018 +1100 | ||
8392 | |||
8393 | Import flock() compat from NetBSD. | ||
8394 | |||
8395 | From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet. | ||
8396 | |||
8397 | commit 89212533dde6798324e835b1499084658df4579e | ||
8398 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8399 | Date: Mon Feb 26 12:32:14 2018 +1100 | ||
8400 | |||
8401 | Fix breakage when REGRESSTMP not set. | ||
8402 | |||
8403 | BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR | ||
8404 | instead. Pointed out by djm@. | ||
8405 | |||
8406 | commit f885474137df4b89498c0b8834c2ac72c47aa4bd | ||
8407 | Author: Damien Miller <djm@mindrot.org> | ||
8408 | Date: Mon Feb 26 12:18:14 2018 +1100 | ||
8409 | |||
8410 | XMSS-related files get includes.h | ||
8411 | |||
8412 | commit 612faa34c72e421cdc9e63f624526bae62d557cc | ||
8413 | Author: Damien Miller <djm@mindrot.org> | ||
8414 | Date: Mon Feb 26 12:17:55 2018 +1100 | ||
8415 | |||
8416 | object files end with .o - not .c | ||
8417 | |||
8418 | commit bda709b8e13d3eef19e69c2d1684139e3af728f5 | ||
8419 | Author: Damien Miller <djm@mindrot.org> | ||
8420 | Date: Mon Feb 26 12:17:22 2018 +1100 | ||
8421 | |||
8422 | avoid inclusion of deprecated selinux/flask.h | ||
8423 | |||
8424 | Use string_to_security_class() instead. | ||
8425 | |||
8426 | commit 2e396439365c4ca352cac222717d09b14f8a0dfd | ||
8427 | Author: Damien Miller <djm@mindrot.org> | ||
8428 | Date: Mon Feb 26 11:48:27 2018 +1100 | ||
8429 | |||
8430 | updatedepend | ||
8431 | |||
8432 | commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 | ||
8433 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8434 | Date: Fri Feb 23 15:58:37 2018 +0000 | ||
8435 | |||
8436 | upstream: Add experimental support for PQC XMSS keys (Extended | ||
8437 | |||
8438 | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS | ||
8439 | in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See | ||
8440 | https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok | ||
8441 | djm@ | ||
8442 | |||
8443 | OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac | ||
8444 | |||
8445 | commit 7d330a1ac02076de98cfc8fda05353d57b603755 | ||
8446 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8447 | Date: Fri Feb 23 07:38:09 2018 +0000 | ||
8448 | |||
8449 | upstream: some cleanup for BindInterface and ssh-keyscan; | ||
8450 | |||
8451 | OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c | ||
8452 | |||
8453 | commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b | ||
8454 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8455 | Date: Sun Feb 25 23:55:41 2018 +1100 | ||
8456 | |||
8457 | Invert sense of getpgrp test. | ||
8458 | |||
8459 | AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not | ||
8460 | declared. Instead, test if the zero-arg version we want to use works. | ||
8461 | |||
8462 | commit b39593a6de5290650a01adf8699c6460570403c2 | ||
8463 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8464 | Date: Sun Feb 25 13:25:15 2018 +1100 | ||
8465 | |||
8466 | Add no-op getsid implmentation. | ||
8467 | |||
8468 | commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7 | ||
8469 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8470 | Date: Sun Feb 25 11:22:57 2018 +1100 | ||
8471 | |||
8472 | bsd-statvfs: include sys/vfs.h, check for f_flags. | ||
8473 | |||
8474 | commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609 | ||
8475 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8476 | Date: Sun Feb 25 10:20:31 2018 +1100 | ||
8477 | |||
8478 | Handle calloc(0,x) where different from malloc. | ||
8479 | |||
8480 | Configure assumes that if malloc(0) returns null then calloc(0,n) | ||
8481 | also does. On some old platforms (SunOS4) malloc behaves as expected | ||
8482 | (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this | ||
8483 | at configure time and activate the replacement function if found, plus | ||
8484 | handle this case in rpl_calloc. | ||
8485 | |||
8486 | commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b | ||
8487 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8488 | Date: Sat Feb 24 21:06:48 2018 +1100 | ||
8489 | |||
8490 | Add prototype for readv if needed. | ||
8491 | |||
8492 | commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e | ||
8493 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8494 | Date: Sat Feb 24 20:46:37 2018 +1100 | ||
8495 | |||
8496 | Check for raise and supply if needed. | ||
8497 | |||
8498 | commit a9004425a032d7a7141a5437cfabfd02431e2a74 | ||
8499 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8500 | Date: Sat Feb 24 20:25:22 2018 +1100 | ||
8501 | |||
8502 | Check for bzero and supply if needed. | ||
8503 | |||
8504 | Since explicit_bzero uses it via an indirect it needs to be a function | ||
8505 | not just a macro. | ||
8506 | |||
8507 | commit 1a348359e4d2876203b5255941bae348557f4f54 | ||
8508 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8509 | Date: Fri Feb 23 05:14:05 2018 +0000 | ||
8510 | |||
8511 | upstream: Add ssh-keyscan -D option to make it print its results in | ||
8512 | |||
8513 | SSHFP format bz#2821, ok dtucker@ | ||
8514 | |||
8515 | OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221 | ||
8516 | |||
8517 | commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c | ||
8518 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8519 | Date: Fri Feb 23 04:18:46 2018 +0000 | ||
8520 | |||
8521 | upstream: Add missing braces. | ||
8522 | |||
8523 | Caught by the tinderbox's -Werror=misleading-indentation, ok djm@ | ||
8524 | |||
8525 | OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca | ||
8526 | |||
8527 | commit b59162da99399d89bd57f71c170c0003c55b1583 | ||
8528 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8529 | Date: Fri Feb 23 15:20:42 2018 +1100 | ||
8530 | |||
8531 | Check for ifaddrs.h for BindInterface. | ||
8532 | |||
8533 | BindInterface required getifaddr and friends so disable if not available | ||
8534 | (eg Solaris 10). We should be able to add support for some systems with | ||
8535 | a bit more work but this gets the building again. | ||
8536 | |||
8537 | commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88 | ||
8538 | Author: Damien Miller <djm@mindrot.org> | ||
8539 | Date: Fri Feb 23 14:19:11 2018 +1100 | ||
8540 | |||
8541 | space before tab in previous | ||
8542 | |||
8543 | commit b5e9263c7704247f9624c8f5c458e9181fcdbc09 | ||
8544 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8545 | Date: Fri Feb 9 03:40:22 2018 +0000 | ||
8546 | |||
8547 | upstream: Replace fatal with exit in the case that we do not have | ||
8548 | |||
8549 | $SUDO set. Prevents test failures when neither sudo nor doas are configured. | ||
8550 | |||
8551 | OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b | ||
8552 | |||
8553 | commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2 | ||
8554 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8555 | Date: Fri Feb 23 14:10:53 2018 +1100 | ||
8556 | |||
8557 | Use portable syntax for REGRESSTMP. | ||
8558 | |||
8559 | commit 73282b61187883a2b2bb48e087fdda1d751d6059 | ||
8560 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8561 | Date: Fri Feb 23 03:03:00 2018 +0000 | ||
8562 | |||
8563 | upstream: unbreak interop test after SSHv1 purge; patch from Colin | ||
8564 | |||
8565 | Watson via bz#2823 | ||
8566 | |||
8567 | OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a | ||
8568 | |||
8569 | commit f8985dde5f46aedade0373365cbf86ed3f1aead2 | ||
8570 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8571 | Date: Fri Feb 9 03:42:57 2018 +0000 | ||
8572 | |||
8573 | upstream: Skip sftp-chroot test when SUDO not set instead of | ||
8574 | |||
8575 | fatal(). | ||
8576 | |||
8577 | OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88 | ||
8578 | |||
8579 | commit df88551c02d4e3445c44ff67ba8757cff718609a | ||
8580 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8581 | Date: Fri Feb 9 03:40:22 2018 +0000 | ||
8582 | |||
8583 | upstream: Replace fatal with exit in the case that we do not have | ||
8584 | |||
8585 | $SUDO set. Prevents test failures when neither sudo nor doas are configured. | ||
8586 | |||
8587 | OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b | ||
8588 | |||
8589 | commit 3b252c20b19f093e87363de197f1100b79705dd3 | ||
8590 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8591 | Date: Thu Feb 8 08:46:20 2018 +0000 | ||
8592 | |||
8593 | upstream: some helpers to check verbose/quiet mode | ||
8594 | |||
8595 | OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de | ||
8596 | |||
8597 | commit ac2e3026bbee1367e4cda34765d1106099be3287 | ||
8598 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8599 | Date: Fri Feb 23 02:34:33 2018 +0000 | ||
8600 | |||
8601 | upstream: Add BindInterface ssh_config directive and -B | ||
8602 | |||
8603 | command-line argument to ssh(1) that directs it to bind its outgoing | ||
8604 | connection to the address of the specified network interface. | ||
8605 | |||
8606 | BindInterface prefers to use addresses that aren't loopback or link- | ||
8607 | local, but will fall back to those if no other addresses of the | ||
8608 | required family are available on that interface. | ||
8609 | |||
8610 | Based on patch by Mike Manning in bz#2820, ok dtucker@ | ||
8611 | |||
8612 | OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713 | ||
8613 | |||
8614 | commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679 | ||
8615 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8616 | Date: Mon Feb 19 00:55:02 2018 +0000 | ||
8617 | |||
8618 | upstream: emphasise that the hostkey rotation may send key types | ||
8619 | |||
8620 | that the client may not support, and that the client should simply disregard | ||
8621 | such keys (this is what ssh does already). | ||
8622 | |||
8623 | OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf | ||
8624 | |||
8625 | commit ce066f688dc166506c082dac41ca686066e3de5f | ||
8626 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8627 | Date: Thu Feb 22 20:45:09 2018 +1100 | ||
8628 | |||
8629 | Add headers for sys/audit.h. | ||
8630 | |||
8631 | On some older platforms (at least sunos4, probably others) sys/audit.h | ||
8632 | requires some other headers. Patch from klausz at haus-gisela.de. | ||
8633 | |||
8634 | commit 3fd2d2291a695c96a54269deae079bacce6e3fb9 | ||
8635 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8636 | Date: Mon Feb 19 18:37:40 2018 +1100 | ||
8637 | |||
8638 | Add REGRESSTMP make var override. | ||
8639 | |||
8640 | Defaults to original location ($srcdir/regress) but allows overriding | ||
8641 | if desired, eg a directory in /tmp. | ||
8642 | |||
8643 | commit f8338428588f3ecb5243c86336eccaa28809f97e | ||
8644 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8645 | Date: Sun Feb 18 15:53:15 2018 +1100 | ||
8646 | |||
8647 | Remove now-unused check for getrusage. | ||
8648 | |||
8649 | getrusage was used in ssh-rand-helper but that's now long gone. | ||
8650 | Patch from klauszh at haus-gisela.de. | ||
8651 | |||
8652 | commit 8570177195f6a4b3173c0a25484a83641ee3faa6 | ||
8653 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8654 | Date: Fri Feb 16 04:43:11 2018 +0000 | ||
8655 | |||
8656 | upstream: Don't send IUTF8 to servers that don't like them. | ||
8657 | |||
8658 | Some SSH servers eg "ConfD" drop the connection if the client sends the | ||
8659 | new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit | ||
8660 | for such servers and avoid sending IUTF8 to them. ok djm@ | ||
8661 | |||
8662 | OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda | ||
8663 | |||
8664 | commit f6dc2ba3c9d12be53057b9371f5109ec553a399f | ||
8665 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8666 | Date: Fri Feb 16 17:32:28 2018 +1100 | ||
8667 | |||
8668 | freezero should check for NULL. | ||
8669 | |||
8670 | commit 680321f3eb46773883111e234b3c262142ff7c5b | ||
8671 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8672 | Date: Fri Feb 16 02:40:45 2018 +0000 | ||
8673 | |||
8674 | upstream: Mention recent DH KEX methods: | ||
8675 | |||
8676 | diffie-hellman-group14-sha256 | ||
8677 | diffie-hellman-group16-sha512 | ||
8678 | diffie-hellman-group18-sha512 | ||
8679 | |||
8680 | From Jakub Jelen via bz#2826 | ||
8681 | |||
8682 | OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a | ||
8683 | |||
8684 | commit 88c50a5ae20902715f0fca306bb9c38514f71679 | ||
8685 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8686 | Date: Fri Feb 16 02:32:40 2018 +0000 | ||
8687 | |||
8688 | upstream: stop loading DSA keys by default, remove sshd_config | ||
8689 | |||
8690 | stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@ | ||
8691 | |||
8692 | OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09 | ||
8693 | |||
8694 | commit d2b3db2860c962927def39a52f67f1c23f7b201a | ||
8695 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
8696 | Date: Wed Feb 14 16:27:24 2018 +0000 | ||
8697 | |||
8698 | upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in | ||
8699 | |||
8700 | constant time. | ||
8701 | |||
8702 | This avoids a potential side channel timing leak. | ||
8703 | |||
8704 | ok djm@ markus@ | ||
8705 | |||
8706 | OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c | ||
8707 | |||
8708 | commit 4270efad7048535b4f250f493d70f9acfb201593 | ||
8709 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
8710 | Date: Wed Feb 14 16:03:32 2018 +0000 | ||
8711 | |||
8712 | upstream: Some obvious freezero() conversions. | ||
8713 | |||
8714 | This also zeros an ed25519_pk when it was not being zeroed previously. | ||
8715 | |||
8716 | ok djm@ dtucker@ | ||
8717 | |||
8718 | OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82 | ||
8719 | |||
8720 | commit affa6ba67ffccc30b85d6e98f36eb5afd9386882 | ||
8721 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8722 | Date: Thu Feb 15 22:32:04 2018 +1100 | ||
8723 | |||
8724 | Remove execute bit from modpipe.c. | ||
8725 | |||
8726 | commit 9879dca438526ae6dfd656fecb26b0558c29c731 | ||
8727 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8728 | Date: Thu Feb 15 22:26:16 2018 +1100 | ||
8729 | |||
8730 | Update prngd link to point to sourceforge. | ||
8731 | |||
8732 | commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014 | ||
8733 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8734 | Date: Thu Feb 15 22:22:38 2018 +1100 | ||
8735 | |||
8736 | Remove references to UNICOS. | ||
8737 | |||
8738 | commit f1ca487940449f0b64f38f1da575078257609966 | ||
8739 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8740 | Date: Thu Feb 15 22:18:37 2018 +1100 | ||
8741 | |||
8742 | Remove extra newline. | ||
8743 | |||
8744 | commit 6d4e980f3cf27f409489cf89cd46c21501b13731 | ||
8745 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8746 | Date: Thu Feb 15 22:16:54 2018 +1100 | ||
8747 | |||
8748 | OpenSSH's builtin entropy gathering is long gone. | ||
8749 | |||
8750 | commit 389125b25d1a1d7f22e907463b7e8eca74af79ea | ||
8751 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8752 | Date: Thu Feb 15 21:43:01 2018 +1100 | ||
8753 | |||
8754 | Replace remaining mysignal() with signal(). | ||
8755 | |||
8756 | These seem to have been missed during the replacement of mysignal | ||
8757 | with #define signal in commit 5ade9ab. Both include the requisite | ||
8758 | headers to pick up the #define. | ||
8759 | |||
8760 | commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d | ||
8761 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8762 | Date: Thu Feb 15 20:06:19 2018 +1100 | ||
8763 | |||
8764 | Remove remaining now-obsolete cvs $Ids. | ||
8765 | |||
8766 | commit 015749e9b1d2f6e14733466d19ba72f014d0845c | ||
8767 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8768 | Date: Thu Feb 15 17:01:54 2018 +1100 | ||
8769 | |||
8770 | Regenerate dependencies after UNICOS removal. | ||
8771 | |||
8772 | commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 | ||
8773 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8774 | Date: Tue Feb 13 09:10:46 2018 +1100 | ||
8775 | |||
8776 | Remove UNICOS support. | ||
8777 | |||
8778 | The code required to support it is quite invasive to the mainline | ||
8779 | code that is synced with upstream and is an ongoing maintenance burden. | ||
8780 | Both the hardware and software are literal museum pieces these days and | ||
8781 | we could not find anyone still running OpenSSH on one. | ||
8782 | |||
8783 | commit 174bed686968494723e6db881208cc4dac0d020f | ||
8784 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8785 | Date: Tue Feb 13 18:12:47 2018 +1100 | ||
8786 | |||
8787 | Retpoline linker flag only needed for linking. | ||
8788 | |||
8789 | commit 075e258c2cc41e1d7f3ea2d292c5342091728d40 | ||
8790 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8791 | Date: Tue Feb 13 17:36:43 2018 +1100 | ||
8792 | |||
8793 | Default PidFile is sshd.pid not ssh.pid. | ||
8794 | |||
8795 | commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df | ||
8796 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8797 | Date: Tue Feb 13 16:27:09 2018 +1100 | ||
8798 | |||
8799 | Remove assigned-to-but-never-used variable. | ||
8800 | |||
8801 | 'p' was removed in previous change but I neglected to remove the | ||
8802 | otherwise-unused assignment to it. | ||
8803 | |||
8804 | commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1 | ||
8805 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8806 | Date: Tue Feb 13 03:36:56 2018 +0000 | ||
8807 | |||
8808 | upstream: remove space before tab | ||
8809 | |||
8810 | OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890 | ||
8811 | |||
8812 | commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab | ||
8813 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8814 | Date: Sun Feb 11 21:16:56 2018 +0000 | ||
8815 | |||
8816 | upstream Don't reset signal handlers inside handlers. | ||
8817 | |||
8818 | The signal handlers from the original ssh1 code on which OpenSSH | ||
8819 | is based assume unreliable signals and reinstall their handlers. | ||
8820 | Since OpenBSD (and pretty much every current system) has reliable | ||
8821 | signals this is not needed. In the unlikely even that -portable | ||
8822 | is still being used on such systems we will deal with it in the | ||
8823 | compat layer. ok deraadt@ | ||
8824 | |||
8825 | OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c | ||
8826 | |||
8827 | commit 3c51143c639ac686687c7acf9b373b8c08195ffb | ||
8828 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8829 | Date: Tue Feb 13 09:07:29 2018 +1100 | ||
8830 | |||
8831 | Whitespace sync with upstream. | ||
8832 | |||
8833 | commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7 | ||
8834 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8835 | Date: Tue Feb 13 08:25:46 2018 +1100 | ||
8836 | |||
8837 | Whitespace sync with upstream. | ||
8838 | |||
8839 | commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 | ||
8840 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8841 | Date: Sun Feb 11 21:25:11 2018 +1300 | ||
8842 | |||
8843 | Move signal compat code into bsd-signal.{c,h} | ||
8844 | |||
8845 | commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab | ||
8846 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8847 | Date: Sun Feb 11 21:20:39 2018 +1300 | ||
8848 | |||
8849 | Include headers for linux/if.h. | ||
8850 | |||
8851 | Prevents configure-time "present but cannot be compiled" warning. | ||
8852 | |||
8853 | commit bc02181c24fc551aab85eb2cff0f90380928ef43 | ||
8854 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8855 | Date: Sun Feb 11 19:45:47 2018 +1300 | ||
8856 | |||
8857 | Fix test for -z,retpolineplt linker flag. | ||
8858 | |||
8859 | commit 3377df00ea3fece5293db85fe63baef33bf5152e | ||
8860 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8861 | Date: Sun Feb 11 09:32:37 2018 +1100 | ||
8862 | |||
8863 | Add checks for Spectre v2 mitigation (retpoline) | ||
8864 | |||
8865 | This adds checks for gcc and clang flags for mitigations for Spectre | ||
8866 | variant 2, ie "retpoline". It'll automatically enabled if the compiler | ||
8867 | supports it as part of toolchain hardening flag. ok djm@ | ||
8868 | |||
8869 | commit d9e5cf078ea5380da6df767bb1773802ec557ef0 | ||
8870 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8871 | Date: Sat Feb 10 09:25:34 2018 +0000 | ||
8872 | |||
8873 | upstream commit | ||
8874 | |||
8875 | constify some private key-related functions; based on | ||
8876 | https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault | ||
8877 | |||
8878 | OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c | ||
8879 | |||
8880 | commit a7c38215d564bf98e8e9eb40c1079e3adf686f15 | ||
8881 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8882 | Date: Sat Feb 10 09:03:54 2018 +0000 | ||
8883 | |||
8884 | upstream commit | ||
8885 | |||
8886 | Mention ServerAliveTimeout in context of TCPKeepAlives; | ||
8887 | prompted by Christoph Anton Mitterer via github | ||
8888 | |||
8889 | OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2 | ||
8890 | |||
8891 | commit 62562ceae61e4f7cf896566592bb840216e71061 | ||
8892 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8893 | Date: Sat Feb 10 06:54:38 2018 +0000 | ||
8894 | |||
8895 | upstream commit | ||
8896 | |||
8897 | clarify IgnoreUserKnownHosts; based on github PR from | ||
8898 | Christoph Anton Mitterer. | ||
8899 | |||
8900 | OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3 | ||
8901 | |||
8902 | commit 4f011daa4cada6450fa810f7563b8968639bb562 | ||
8903 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8904 | Date: Sat Feb 10 06:40:28 2018 +0000 | ||
8905 | |||
8906 | upstream commit | ||
8907 | |||
8908 | Shorter, more accurate explanation of | ||
8909 | NoHostAuthenticationForLocalhost without the confusing example. Prompted by | ||
8910 | Christoph Anton Mitterer via github and bz#2293. | ||
8911 | |||
8912 | OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df | ||
8913 | |||
8914 | commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f | ||
8915 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8916 | Date: Sat Feb 10 06:15:12 2018 +0000 | ||
8917 | |||
8918 | upstream commit | ||
8919 | |||
8920 | Disable RemoteCommand and RequestTTY in the ssh session | ||
8921 | started by scp. sftp is already doing this. From Camden Narzt via github; ok | ||
8922 | dtucker | ||
8923 | |||
8924 | OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b | ||
8925 | |||
8926 | commit ca613249a00b64b2eea9f52d3834b55c28cf2862 | ||
8927 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8928 | Date: Sat Feb 10 05:48:46 2018 +0000 | ||
8929 | |||
8930 | upstream commit | ||
8931 | |||
8932 | Refuse to create a certificate with an unusable number of | ||
8933 | principals; Prompted by gdestuynder via github | ||
8934 | |||
8935 | OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29 | ||
8936 | |||
8937 | commit b56ac069d46b6f800de34e1e935f98d050731d14 | ||
8938 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8939 | Date: Sat Feb 10 05:43:26 2018 +0000 | ||
8940 | |||
8941 | upstream commit | ||
8942 | |||
8943 | fatal if we're unable to write all the public key; previously | ||
8944 | we would silently ignore errors writing the comment and terminating newline. | ||
8945 | Prompted by github PR from WillerZ; ok dtucker | ||
8946 | |||
8947 | OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831 | ||
8948 | |||
8949 | commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db | ||
8950 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8951 | Date: Sat Feb 10 11:18:38 2018 +1100 | ||
8952 | |||
8953 | Add changelog entry for binary strip change. | ||
8954 | |||
8955 | commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf | ||
8956 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8957 | Date: Sat Feb 10 11:14:54 2018 +1100 | ||
8958 | |||
8959 | Remove unused variables. | ||
8960 | |||
8961 | commit 937d96587df99c16c611d828cded292fa474a32b | ||
8962 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8963 | Date: Sat Feb 10 11:12:45 2018 +1100 | ||
8964 | |||
8965 | Don't strip binaries so debuginfo gets built. | ||
8966 | |||
8967 | Tell install not to strip binaries during package creation so that the | ||
8968 | debuginfo package can be built. | ||
8969 | |||
8970 | commit eb0865f330f59c889ec92696b97bd397090e720c | ||
8971 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8972 | Date: Sat Feb 10 10:33:11 2018 +1100 | ||
8973 | |||
8974 | Fix bogus dates in changelog. | ||
8975 | |||
8976 | commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165 | ||
8977 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8978 | Date: Sat Feb 10 10:25:15 2018 +1100 | ||
8979 | |||
8980 | Remove SSH1 from description. | ||
8981 | |||
8982 | commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4 | ||
8983 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8984 | Date: Sat Feb 10 10:19:16 2018 +1100 | ||
8985 | |||
8986 | Add support for compat-openssl10 build dep. | ||
8987 | |||
8988 | commit 04f4e8193cb5a5a751fcc356bd6656291fec539e | ||
8989 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8990 | Date: Sat Feb 10 09:57:04 2018 +1100 | ||
8991 | |||
8992 | Add leading zero so it'll work when rhel not set. | ||
8993 | |||
8994 | When rhel is not set it will error out with "bad if". Add leading zero | ||
8995 | as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work | ||
8996 | on non-RHEL. | ||
8997 | |||
8998 | commit 12abd67a6af28476550807a443b38def2076bb92 | ||
8999 | Author: Darren Tucker <dtucker@dtucker.net> | ||
9000 | Date: Sat Feb 10 09:56:34 2018 +1100 | ||
9001 | |||
9002 | Update openssl-devel dependency. | ||
9003 | |||
9004 | commit b33e7645f8813719d7f9173fef24463c8833ebb3 | ||
9005 | Author: nkadel <nkadel@gmail.com> | ||
9006 | Date: Sun Nov 16 18:19:58 2014 -0500 | ||
9007 | |||
9008 | Add mandir with-mandir' for RHEL 5 compatibility. | ||
9009 | |||
9010 | Activate '--mandir' and '--with-mandir' settings in setup for RHEL | ||
9011 | 5 compatibility. | ||
9012 | |||
9013 | commit 94f8bf360eb0162e39ddf39d69925c2e93511e40 | ||
9014 | Author: nkadel <nkadel@gmail.com> | ||
9015 | Date: Sun Nov 16 18:18:51 2014 -0500 | ||
9016 | |||
9017 | Discard 'K5DIR' reporting. | ||
9018 | |||
9019 | It does not work inside 'mock' build environment. | ||
9020 | |||
9021 | commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5 | ||
9022 | Author: nkadel <nkadel@gmail.com> | ||
9023 | Date: Sun Nov 16 18:17:15 2014 -0500 | ||
9024 | |||
9025 | Add 'dist' to 'rel' for OS specific RPM names. | ||
9026 | |||
9027 | commit 87346f1f57f71150a9b8c7029d8c210e27027716 | ||
9028 | Author: nkadel <nkadel@gmail.com> | ||
9029 | Date: Sun Nov 16 14:17:38 2014 -0500 | ||
9030 | |||
9031 | Add openssh-devel >= 0.9.8f for redhat spec file. | ||
9032 | |||
9033 | commit bec1478d710866d3c1b119343a35567a8fc71ec3 | ||
9034 | Author: nkadel <nkadel@gmail.com> | ||
9035 | Date: Sun Nov 16 13:10:24 2014 -0500 | ||
9036 | |||
9037 | Enhance BuildRequires for openssh-x11-askpass. | ||
9038 | |||
9039 | commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f | ||
9040 | Author: nkadel <nkadel@gmail.com> | ||
9041 | Date: Sun Nov 16 13:04:14 2014 -0500 | ||
9042 | |||
9043 | Always include x11-ssh-askpass SRPM. | ||
9044 | |||
9045 | Always include x11-ssh-askpass tarball in redhat SRPM, even if unused. | ||
9046 | |||
9047 | commit c61d0d038d58eebc365f31830be6e04ce373ad1b | ||
9048 | Author: Damien Miller <djm@mindrot.org> | ||
9049 | Date: Sat Feb 10 09:43:12 2018 +1100 | ||
9050 | |||
9051 | this is long unused; prompted by dtucker@ | ||
9052 | |||
9053 | commit 745771fb788e41bb7cdad34e5555bf82da3af7ed | ||
9054 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9055 | Date: Fri Feb 9 02:37:36 2018 +0000 | ||
9056 | |||
9057 | upstream commit | ||
9058 | |||
9059 | Remove unused sKerberosTgtPassing from enum. From | ||
9060 | calestyo via github pull req #11, ok djm@ | ||
9061 | |||
9062 | OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540 | ||
9063 | |||
9064 | commit 1f385f55332db830b0ae22a7663b98279ca2d657 | ||
9065 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9066 | Date: Thu Feb 8 04:12:32 2018 +0000 | ||
9067 | |||
9068 | upstream commit | ||
9069 | |||
9070 | Rename struct umac_ctx to umac128_ctx too. In portable | ||
9071 | some linkers complain about two symbols with the same name having differing | ||
9072 | sizes. ok djm@ | ||
9073 | |||
9074 | OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3 | ||
9075 | |||
9076 | commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf | ||
9077 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9078 | Date: Wed Feb 7 22:52:45 2018 +0000 | ||
9079 | |||
9080 | upstream commit | ||
9081 | |||
9082 | ssh_free checks for and handles NULL args, remove NULL | ||
9083 | checks from remaining callers. ok djm@ | ||
9084 | |||
9085 | OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b | ||
9086 | |||
9087 | commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c | ||
9088 | Author: Darren Tucker <dtucker@dtucker.net> | ||
9089 | Date: Thu Feb 8 12:36:22 2018 +1100 | ||
9090 | |||
9091 | Set SO_REUSEADDR in regression test netcat. | ||
9092 | |||
9093 | Sometimes multiplex tests fail on Solaris with "netcat: local_listen: | ||
9094 | Address already in use" which is likely due to previous invocations | ||
9095 | leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to | ||
9096 | SO_REUSEPORT which is alread set on platforms that support it). ok djm@ | ||
9097 | |||
9098 | commit 1749991c55bab716877b7c687cbfbf19189ac6f1 | ||
9099 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
9100 | Date: Wed Feb 7 05:17:56 2018 +0000 | ||
9101 | |||
9102 | upstream commit | ||
9103 | |||
9104 | Convert some explicit_bzero()/free() calls to freezero(). | ||
9105 | |||
9106 | ok deraadt@ dtucker@ | ||
9107 | |||
9108 | OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609 | ||
9109 | |||
9110 | commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2 | ||
9111 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
9112 | Date: Wed Feb 7 05:15:49 2018 +0000 | ||
9113 | |||
9114 | upstream commit | ||
9115 | |||
9116 | Remove some #ifdef notyet code from OpenSSL 0.9.8 days. | ||
9117 | |||
9118 | These functions have never appeared in OpenSSL and are likely never to do | ||
9119 | so. | ||
9120 | |||
9121 | "kill it with fire" djm@ | ||
9122 | |||
9123 | OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e | ||
9124 | |||
9125 | commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377 | ||
9126 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
9127 | Date: Wed Feb 7 02:06:50 2018 +0000 | ||
9128 | |||
9129 | upstream commit | ||
9130 | |||
9131 | Remove all guards for calls to OpenSSL free functions - | ||
9132 | all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. | ||
9133 | |||
9134 | Prompted by dtucker@ asking about guards for RSA_free(), when looking at | ||
9135 | openssh-portable pr#84 on github. | ||
9136 | |||
9137 | ok deraadt@ dtucker@ | ||
9138 | |||
9139 | OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae | ||
9140 | |||
9141 | commit 3c000d57d46882eb736c6563edfc4995915c24a2 | ||
9142 | Author: Darren Tucker <dtucker@dtucker.net> | ||
9143 | Date: Wed Feb 7 09:19:38 2018 +1100 | ||
9144 | |||
9145 | Remove obsolete "Smartcard support" message | ||
9146 | |||
9147 | The configure checks that populated $SCARD_MSG were removed in commits | ||
9148 | 7ea845e4 and d8f60022 when the smartcard support was replaced with | ||
9149 | PKCS#11. | ||
9150 | |||
9151 | commit 3e615090de0ce36a833d811e01c28aec531247c4 | ||
9152 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9153 | Date: Tue Feb 6 06:01:54 2018 +0000 | ||
9154 | |||
9155 | upstream commit | ||
9156 | |||
9157 | Replace "trojan horse" with the correct term (MITM). | ||
9158 | From maikel at predikkta.com via bz#2822, ok markus@ | ||
9159 | |||
9160 | OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53 | ||
9161 | |||
9162 | commit 3484380110d437c50e17f87d18544286328c75cb | ||
9163 | Author: tb@openbsd.org <tb@openbsd.org> | ||
9164 | Date: Mon Feb 5 05:37:46 2018 +0000 | ||
9165 | |||
9166 | upstream commit | ||
9167 | |||
9168 | Add a couple of non-negativity checks to avoid close(-1). | ||
9169 | |||
9170 | ok djm | ||
9171 | |||
9172 | OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880 | ||
9173 | |||
9174 | commit 5069320be93c8b2a6584b9f944c86f60c2b04e48 | ||
9175 | Author: tb@openbsd.org <tb@openbsd.org> | ||
9176 | Date: Mon Feb 5 05:36:49 2018 +0000 | ||
9177 | |||
9178 | upstream commit | ||
9179 | |||
9180 | The file descriptors for socket, stdin, stdout and stderr | ||
9181 | aren't necessarily distinct, so check if they are the same to avoid closing | ||
9182 | the same fd several times. | ||
9183 | |||
9184 | ok djm | ||
9185 | |||
9186 | OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1 | ||
9187 | |||
9188 | commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d | ||
9189 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9190 | Date: Mon Feb 5 04:02:53 2018 +0000 | ||
9191 | |||
9192 | upstream commit | ||
9193 | |||
9194 | I accidentially a word | ||
9195 | |||
9196 | OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a | ||
9197 | |||
9198 | commit 130283d5c2545ff017c2162dc1258c5354e29399 | ||
9199 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9200 | Date: Thu Jan 25 03:34:43 2018 +0000 | ||
9201 | |||
9202 | upstream commit | ||
9203 | |||
9204 | certificate options are case-sensitive; fix case on one | ||
9205 | that had it wrong. | ||
9206 | |||
9207 | move a badly-place sentence to a less bad place | ||
9208 | |||
9209 | OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b | ||
9210 | |||
9211 | commit 89f09ee68730337015bf0c3f138504494a34e9a6 | ||
9212 | Author: Damien Miller <djm@mindrot.org> | ||
9213 | Date: Wed Jan 24 12:20:44 2018 +1100 | ||
9214 | |||
9215 | crypto_api.h needs includes.h | ||
9216 | |||
9217 | commit c9c1bba06ad1c7cad8548549a68c071bd807af60 | ||
9218 | Author: stsp@openbsd.org <stsp@openbsd.org> | ||
9219 | Date: Tue Jan 23 20:00:58 2018 +0000 | ||
9220 | |||
9221 | upstream commit | ||
9222 | |||
9223 | Fix a logic bug in sshd_exchange_identification which | ||
9224 | prevented clients using major protocol version 2 from connecting to the | ||
9225 | server. ok millert@ | ||
9226 | |||
9227 | OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 | ||
9228 | |||
9229 | commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb | ||
9230 | Author: stsp@openbsd.org <stsp@openbsd.org> | ||
9231 | Date: Tue Jan 23 18:33:49 2018 +0000 | ||
9232 | |||
9233 | upstream commit | ||
9234 | |||
9235 | Add missing braces; fixes 'write: Socket is not | ||
9236 | connected' error in ssh. ok deraadt@ | ||
9237 | |||
9238 | OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24 | ||
9239 | |||
9240 | commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a | ||
9241 | Author: Damien Miller <djm@mindrot.org> | ||
9242 | Date: Tue Jan 23 16:49:43 2018 +1100 | ||
9243 | |||
9244 | rebuild depends | ||
9245 | |||
9246 | commit 552ea155be44f9c439c1f9f0c38f9e593428f838 | ||
9247 | Author: Damien Miller <djm@mindrot.org> | ||
9248 | Date: Tue Jan 23 16:49:22 2018 +1100 | ||
9249 | |||
9250 | one SSH_BUG_BANNER instance that got away | ||
9251 | |||
9252 | commit 14b5c635d1190633b23ac3372379517fb645b0c2 | ||
9253 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9254 | Date: Tue Jan 23 05:27:21 2018 +0000 | ||
9255 | |||
9256 | upstream commit | ||
9257 | |||
9258 | Drop compatibility hacks for some ancient SSH | ||
9259 | implementations, including ssh.com <=2.* and OpenSSH <= 3.*. | ||
9260 | |||
9261 | These versions were all released in or before 2001 and predate the | ||
9262 | final SSH RFCs. The hacks in question aren't necessary for RFC- | ||
9263 | compliant SSH implementations. | ||
9264 | |||
9265 | ok markus@ | ||
9266 | |||
9267 | OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138 | ||
9268 | |||
9269 | commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb | ||
9270 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9271 | Date: Tue Jan 23 05:17:04 2018 +0000 | ||
9272 | |||
9273 | upstream commit | ||
9274 | |||
9275 | try harder to preserve errno during | ||
9276 | ssh_connect_direct() to make the final error message possibly accurate; | ||
9277 | bz#2814, ok dtucker@ | ||
9278 | |||
9279 | OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca | ||
9280 | |||
9281 | commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec | ||
9282 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9283 | Date: Tue Jan 23 05:12:12 2018 +0000 | ||
9284 | |||
9285 | upstream commit | ||
9286 | |||
9287 | unbreak support for clients that advertise a protocol | ||
9288 | version of "1.99" (indicating both v2 and v1 support). Busted by me during | ||
9289 | SSHv1 purge in r1.358; bz2810, ok dtucker | ||
9290 | |||
9291 | OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b | ||
9292 | |||
9293 | commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d | ||
9294 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9295 | Date: Tue Jan 23 05:06:25 2018 +0000 | ||
9296 | |||
9297 | upstream commit | ||
9298 | |||
9299 | don't attempt to force hostnames that are addresses to | ||
9300 | lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to | ||
9301 | remove ambiguities (e.g. ::0001 => ::1) before they are matched against | ||
9302 | known_hosts; bz#2763, ok dtucker@ | ||
9303 | |||
9304 | OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0 | ||
9305 | |||
9306 | commit d6364f6fb1a3d753d7ca9bf15b2adce961324513 | ||
9307 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9308 | Date: Tue Jan 23 05:01:15 2018 +0000 | ||
9309 | |||
9310 | upstream commit | ||
9311 | |||
9312 | avoid modifying pw->pw_passwd; let endpwent() clean up | ||
9313 | for us, but keep a scrubbed copy; bz2777, ok dtucker@ | ||
9314 | |||
9315 | OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752 | ||
9316 | |||
9317 | commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215 | ||
9318 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9319 | Date: Sat Jan 13 00:24:09 2018 +0000 | ||
9320 | |||
9321 | upstream commit | ||
9322 | |||
9323 | clarify authorship; prodded by and ok markus@ | ||
9324 | |||
9325 | OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c | ||
9326 | |||
9327 | commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4 | ||
9328 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9329 | Date: Mon Jan 8 15:37:21 2018 +0000 | ||
9330 | |||
9331 | upstream commit | ||
9332 | |||
9333 | group shared source files (e.g. SRCS_KEX) and allow | ||
9334 | compilation w/o OPENSSL ok djm@ | ||
9335 | |||
9336 | OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62 | ||
9337 | |||
9338 | commit 25cf9105b849932fc3b141590c009e704f2eeba6 | ||
9339 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9340 | Date: Mon Jan 8 15:21:49 2018 +0000 | ||
9341 | |||
9342 | upstream commit | ||
9343 | |||
9344 | move subprocess() so scp/sftp do not need uidswap.o; ok | ||
9345 | djm@ | ||
9346 | |||
9347 | OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8 | ||
9348 | |||
9349 | commit b0d34132b3ca26fe94013f01d7b92101e70b68bb | ||
9350 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9351 | Date: Mon Jan 8 15:18:46 2018 +0000 | ||
9352 | |||
9353 | upstream commit | ||
9354 | |||
9355 | switch ssh-pkcs11-helper to new API; ok djm@ | ||
9356 | |||
9357 | OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42 | ||
9358 | |||
9359 | commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3 | ||
9360 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9361 | Date: Mon Jan 8 15:15:36 2018 +0000 | ||
9362 | |||
9363 | upstream commit | ||
9364 | |||
9365 | split client/server kex; only ssh-keygen needs | ||
9366 | uuencode.o; only scp/sftp use progressmeter.o; ok djm@ | ||
9367 | |||
9368 | OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee | ||
9369 | |||
9370 | commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e | ||
9371 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9372 | Date: Mon Jan 8 15:15:17 2018 +0000 | ||
9373 | |||
9374 | upstream commit | ||
9375 | |||
9376 | only ssh-keygen needs uuencode.o; only scp/sftp use | ||
9377 | progressmeter.o | ||
9378 | |||
9379 | OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85 | ||
9380 | |||
9381 | commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172 | ||
9382 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9383 | Date: Mon Jan 8 15:14:44 2018 +0000 | ||
9384 | |||
9385 | upstream commit | ||
9386 | |||
9387 | uuencode.h is not used | ||
9388 | |||
9389 | OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c | ||
9390 | |||
9391 | commit 4f29309c4cb19bcb1774931db84cacc414f17d29 | ||
9392 | Author: Damien Miller <djm@mindrot.org> | ||
9393 | Date: Wed Jan 3 19:50:43 2018 +1100 | ||
9394 | |||
9395 | unbreak fuzz harness | ||
9396 | |||
9397 | commit f6b50bf84dc0b61f22c887c00423e0ea7644e844 | ||
9398 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9399 | Date: Thu Dec 21 05:46:35 2017 +0000 | ||
9400 | |||
9401 | upstream commit | ||
9402 | |||
9403 | another libssh casualty | ||
9404 | |||
9405 | OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec | ||
9406 | |||
9407 | commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13 | ||
9408 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9409 | Date: Thu Dec 21 03:01:49 2017 +0000 | ||
9410 | |||
9411 | upstream commit | ||
9412 | |||
9413 | missed one (unbreak after ssh/lib removal) | ||
9414 | |||
9415 | OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322 | ||
9416 | |||
9417 | commit e6c4134165d05447009437a96e7201276688807f | ||
9418 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9419 | Date: Thu Dec 21 00:41:22 2017 +0000 | ||
9420 | |||
9421 | upstream commit | ||
9422 | |||
9423 | unbreak unit tests after removal of src/usr.bin/ssh/lib | ||
9424 | |||
9425 | OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9 | ||
9426 | |||
9427 | commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe | ||
9428 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9429 | Date: Thu Dec 21 00:00:28 2017 +0000 | ||
9430 | |||
9431 | upstream commit | ||
9432 | |||
9433 | revert stricter key type / signature type checking in | ||
9434 | userauth path; too much software generates inconsistent messages, so we need | ||
9435 | a better plan. | ||
9436 | |||
9437 | OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519 | ||
9438 | |||
9439 | commit c5a6cbdb79752f7e761074abdb487953ea6db671 | ||
9440 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9441 | Date: Tue Dec 19 00:49:30 2017 +0000 | ||
9442 | |||
9443 | upstream commit | ||
9444 | |||
9445 | explicitly test all key types and their certificate | ||
9446 | counterparts | ||
9447 | |||
9448 | refactor a little | ||
9449 | |||
9450 | OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4 | ||
9451 | |||
9452 | commit f689adb7a370b5572612d88be9837ca9aea75447 | ||
9453 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9454 | Date: Mon Dec 11 11:41:56 2017 +0000 | ||
9455 | |||
9456 | upstream commit | ||
9457 | |||
9458 | use cmp in a loop instead of diff -N to compare | ||
9459 | directories. The former works on more platforms for Portable. | ||
9460 | |||
9461 | OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099 | ||
9462 | |||
9463 | commit 748dd8e5de332b24c40f4b3bbedb902acb048c98 | ||
9464 | Author: Damien Miller <djm@mindrot.org> | ||
9465 | Date: Tue Dec 19 16:17:59 2017 +1100 | ||
9466 | |||
9467 | remove blocks.c from Makefile | ||
9468 | |||
9469 | commit 278856320520e851063b06cef6ef1c60d4c5d652 | ||
9470 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9471 | Date: Tue Dec 19 00:24:34 2017 +0000 | ||
9472 | |||
9473 | upstream commit | ||
9474 | |||
9475 | include signature type and CA key (if applicable) in some | ||
9476 | debug messages | ||
9477 | |||
9478 | OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5 | ||
9479 | |||
9480 | commit 7860731ef190b52119fa480f8064ab03c44a120a | ||
9481 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9482 | Date: Mon Dec 18 23:16:23 2017 +0000 | ||
9483 | |||
9484 | upstream commit | ||
9485 | |||
9486 | unbreak hostkey rotation; attempting to sign with a | ||
9487 | desired signature algorithm of kex->hostkey_alg is incorrect when the key | ||
9488 | type isn't capable of making those signatures. ok markus@ | ||
9489 | |||
9490 | OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906 | ||
9491 | |||
9492 | commit 966ef478339ad5e631fb684d2a8effe846ce3fd4 | ||
9493 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9494 | Date: Mon Dec 18 23:14:34 2017 +0000 | ||
9495 | |||
9496 | upstream commit | ||
9497 | |||
9498 | log mismatched RSA signature types; ok markus@ | ||
9499 | |||
9500 | OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418 | ||
9501 | |||
9502 | commit 349ecd4da3a985359694a74635748009be6baca6 | ||
9503 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9504 | Date: Mon Dec 18 23:13:42 2017 +0000 | ||
9505 | |||
9506 | upstream commit | ||
9507 | |||
9508 | pass kex->hostkey_alg and kex->hostkey_nid from pre-auth | ||
9509 | to post-auth unpriviledged child processes; ok markus@ | ||
9510 | |||
9511 | OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302 | ||
9512 | |||
9513 | commit c9e37a8725c083441dd34a8a53768aa45c3c53fe | ||
9514 | Author: millert@openbsd.org <millert@openbsd.org> | ||
9515 | Date: Mon Dec 18 17:28:54 2017 +0000 | ||
9516 | |||
9517 | upstream commit | ||
9518 | |||
9519 | Add helper function for uri handing in scp where a | ||
9520 | missing path simply means ".". Also fix exit code and add warnings when an | ||
9521 | invalid uri is encountered. OK otto@ | ||
9522 | |||
9523 | OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a | ||
9524 | |||
9525 | commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 | ||
9526 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9527 | Date: Mon Dec 18 02:25:15 2017 +0000 | ||
9528 | |||
9529 | upstream commit | ||
9530 | |||
9531 | pass negotiated signing algorithm though to | ||
9532 | sshkey_verify() and check that the negotiated algorithm matches the type in | ||
9533 | the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ | ||
9534 | |||
9535 | OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9 | ||
9536 | |||
9537 | commit 931c78dfd7fe30669681a59e536bbe66535f3ee9 | ||
9538 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9539 | Date: Mon Dec 18 02:22:29 2017 +0000 | ||
9540 | |||
9541 | upstream commit | ||
9542 | |||
9543 | sshkey_sigtype() function to return the type of a | ||
9544 | signature; ok markus@ | ||
9545 | |||
9546 | OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8 | ||
9547 | |||
9548 | commit 4cdc5956f2fcc9e9078938db833142dc07d8f523 | ||
9549 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9550 | Date: Thu Dec 14 21:07:39 2017 +0000 | ||
9551 | |||
9552 | upstream commit | ||
9553 | |||
9554 | Replace ED25519's private SHA-512 implementation with a | ||
9555 | call to the regular digest code. This speeds up compilation considerably. ok | ||
9556 | markus@ | ||
9557 | |||
9558 | OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c | ||
9559 | |||
9560 | commit 012e5cb839faf76549e3b6101b192fe1a74d367e | ||
9561 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9562 | Date: Tue Dec 12 15:06:12 2017 +0000 | ||
9563 | |||
9564 | upstream commit | ||
9565 | |||
9566 | Create a persistent umac128.c source file: #define the | ||
9567 | output size and the name of the entry points for UMAC-128 before including | ||
9568 | umac.c. Idea from FreeBSD. ok dtucker@ | ||
9569 | |||
9570 | OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1 | ||
9571 | |||
9572 | commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7 | ||
9573 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9574 | Date: Mon Dec 11 16:23:28 2017 +1100 | ||
9575 | |||
9576 | Update .depend with empty config.h | ||
9577 | |||
9578 | commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3 | ||
9579 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9580 | Date: Mon Dec 11 16:21:55 2017 +1100 | ||
9581 | |||
9582 | Ensure config.h is always in dependencies. | ||
9583 | |||
9584 | Put an empty config.h into the dependency list to ensure that it's | ||
9585 | always listed and consistent. | ||
9586 | |||
9587 | commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71 | ||
9588 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9589 | Date: Sun Dec 10 19:37:57 2017 +0000 | ||
9590 | |||
9591 | upstream commit | ||
9592 | |||
9593 | ssh/lib hasn't worked towards our code-sharing goals for | ||
9594 | a quit while, perhaps it is too verbose? Change each */Makefile to | ||
9595 | specifying exactly what sources that program requires, compiling it seperate. | ||
9596 | Maybe we'll iterate by sorting those into seperatable chunks, splitting up | ||
9597 | files which contain common code + server/client specific code, or whatnot. | ||
9598 | But this isn't one step, or we'd have done it a long time ago.. ok dtucker | ||
9599 | markus djm | ||
9600 | |||
9601 | OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d | ||
9602 | |||
9603 | commit 48c23a39a8f1069a57264dd826f6c90aa12778d5 | ||
9604 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9605 | Date: Sun Dec 10 05:55:29 2017 +0000 | ||
9606 | |||
9607 | upstream commit | ||
9608 | |||
9609 | Put remote client info back into the ClientAlive | ||
9610 | connection termination message. Based in part on diff from lars.nooden at | ||
9611 | gmail, ok djm | ||
9612 | |||
9613 | OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0 | ||
9614 | |||
9615 | commit aabd75ec76575c1b17232e6526a644097cd798e5 | ||
9616 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9617 | Date: Fri Dec 8 03:45:52 2017 +0000 | ||
9618 | |||
9619 | upstream commit | ||
9620 | |||
9621 | time_t printing needs %lld and (long long) casts ok djm | ||
9622 | |||
9623 | OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7 | ||
9624 | |||
9625 | commit fd4eeeec16537870bd40d04836c7906ec141c17d | ||
9626 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9627 | Date: Fri Dec 8 02:14:33 2017 +0000 | ||
9628 | |||
9629 | upstream commit | ||
9630 | |||
9631 | fix ordering in previous to ensure errno isn't clobbered | ||
9632 | before logging. | ||
9633 | |||
9634 | OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2 | ||
9635 | |||
9636 | commit 155072fdb0d938015df828836beb2f18a294ab8a | ||
9637 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9638 | Date: Fri Dec 8 02:13:02 2017 +0000 | ||
9639 | |||
9640 | upstream commit | ||
9641 | |||
9642 | for some reason unix_listener() logged most errors twice | ||
9643 | with each message containing only some of the useful information; merge these | ||
9644 | |||
9645 | OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a | ||
9646 | |||
9647 | commit 79c0e1d29959304e5a49af1dbc58b144628c09f3 | ||
9648 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9649 | Date: Mon Dec 11 14:38:33 2017 +1100 | ||
9650 | |||
9651 | Add autogenerated dependency info to Makefile. | ||
9652 | |||
9653 | Adds a .depend file containing dependency information generated by | ||
9654 | makedepend, which is appended to the generated Makefile by configure. | ||
9655 | |||
9656 | You can regen the file with "make -f Makefile.in depend" if necessary, | ||
9657 | but we'll be looking at some way to automatically keep this up to date. | ||
9658 | |||
9659 | "no objection" djm@ | ||
9660 | |||
9661 | commit f001de8fbf7f3faddddd8efd03df18e57601f7eb | ||
9662 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9663 | Date: Mon Dec 11 13:42:51 2017 +1100 | ||
9664 | |||
9665 | Fix pasto in ldns handling. | ||
9666 | |||
9667 | When ldns-config is not found, configure would check the wrong variable. | ||
9668 | ok djm@ | ||
9669 | |||
9670 | commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee | ||
9671 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9672 | Date: Sat Dec 9 10:12:23 2017 +1100 | ||
9673 | |||
9674 | Portable switched to git so s/CVS/git/. | ||
9675 | |||
9676 | commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b | ||
9677 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9678 | Date: Sat Dec 9 08:06:00 2017 +1100 | ||
9679 | |||
9680 | Remove now-used check for perl. | ||
9681 | |||
9682 | commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 | ||
9683 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9684 | Date: Wed Dec 6 05:06:21 2017 +0000 | ||
9685 | |||
9686 | upstream commit | ||
9687 | |||
9688 | don't accept junk after "yes" or "no" responses to | ||
9689 | hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ | ||
9690 | |||
9691 | OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c | ||
9692 | |||
9693 | commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 | ||
9694 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9695 | Date: Tue Dec 5 23:59:47 2017 +0000 | ||
9696 | |||
9697 | upstream commit | ||
9698 | |||
9699 | Replace atoi and strtol conversions for integer arguments | ||
9700 | to config keywords with a checking wrapper around strtonum. This will | ||
9701 | prevent and flag invalid and negative arguments to these keywords. ok djm@ | ||
9702 | |||
9703 | OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998 | ||
9704 | |||
9705 | commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 | ||
9706 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9707 | Date: Tue Dec 5 23:56:07 2017 +0000 | ||
9708 | |||
9709 | upstream commit | ||
9710 | |||
9711 | Add missing break for rdomain. Prevents spurious | ||
9712 | "Deprecated option" warnings. ok djm@ | ||
9713 | |||
9714 | OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a | ||
9715 | |||
9716 | commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198 | ||
9717 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9718 | Date: Tue Dec 5 01:30:19 2017 +0000 | ||
9719 | |||
9720 | upstream commit | ||
9721 | |||
9722 | include the addr:port in bind/listen failure messages | ||
9723 | |||
9724 | OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e | ||
9725 | |||
9726 | commit a8c89499543e2d889629c4e5e8dcf47a655cf889 | ||
9727 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9728 | Date: Wed Nov 29 05:49:54 2017 +0000 | ||
9729 | |||
9730 | upstream commit | ||
9731 | |||
9732 | Import updated moduli. | ||
9733 | |||
9734 | OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a | ||
9735 | |||
9736 | commit 3dde09ab38c8e1cfc28252be473541a81bc57097 | ||
9737 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9738 | Date: Tue Nov 28 21:10:22 2017 +0000 | ||
9739 | |||
9740 | upstream commit | ||
9741 | |||
9742 | Have sftp print a warning about shell cleanliness when | ||
9743 | decoding the first packet fails, which is usually caused by shells polluting | ||
9744 | stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. | ||
9745 | |||
9746 | OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5 | ||
9747 | |||
9748 | commit 6c8a246437f612ada8541076be2414846d767319 | ||
9749 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9750 | Date: Fri Dec 1 17:11:47 2017 +1100 | ||
9751 | |||
9752 | Replace mkinstalldirs with mkdir -p. | ||
9753 | |||
9754 | Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: | ||
9755 | cannot create directory:... File exists" during "make install". | ||
9756 | Patch from eb at emlix.com. | ||
9757 | |||
9758 | commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023 | ||
9759 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9760 | Date: Fri Dec 1 17:07:08 2017 +1100 | ||
9761 | |||
9762 | Pull in newer install-sh from autoconf-2.69. | ||
9763 | |||
9764 | Suggested by eb at emlix.com | ||
9765 | |||
9766 | commit 79226e5413c5b0fda3511351a8511ff457e306d8 | ||
9767 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9768 | Date: Fri Dec 1 16:55:35 2017 +1100 | ||
9769 | |||
9770 | Remove RSA1 host key generation. | ||
9771 | |||
9772 | SSH1 support is now gone, remove SSH1 key generation. | ||
9773 | Patch from eb at emlix.com. | ||
9774 | |||
9775 | commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb | ||
9776 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9777 | Date: Tue Nov 28 06:09:38 2017 +0000 | ||
9778 | |||
9779 | upstream commit | ||
9780 | |||
9781 | more whitespace errors | ||
9782 | |||
9783 | OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb | ||
9784 | |||
9785 | commit 7f257bf3fd3a759f31098960cbbd1453fafc4164 | ||
9786 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9787 | Date: Tue Nov 28 06:04:51 2017 +0000 | ||
9788 | |||
9789 | upstream commit | ||
9790 | |||
9791 | whitespace at EOL | ||
9792 | |||
9793 | OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a | ||
9794 | |||
9795 | commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4 | ||
9796 | Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | ||
9797 | Date: Sat Nov 25 06:46:22 2017 +0000 | ||
9798 | |||
9799 | upstream commit | ||
9800 | |||
9801 | Add monotime_ts and monotime_tv that return monotonic | ||
9802 | timespec and timeval respectively. Replace calls to gettimeofday() in packet | ||
9803 | timing with monotime_tv so that the callers will work over a clock step. | ||
9804 | Should prevent integer overflow during clock steps reported by wangle6 at | ||
9805 | huawei.com. "I like" markus@ | ||
9806 | |||
9807 | OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a | ||
9808 | |||
9809 | commit 2d638e986085bdf1a40310ed6e2307463db96ea0 | ||
9810 | Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | ||
9811 | Date: Sat Nov 25 05:58:47 2017 +0000 | ||
9812 | |||
9813 | upstream commit | ||
9814 | |||
9815 | Remove get_current_time() and replace with calls to | ||
9816 | monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I | ||
9817 | like" markus@ | ||
9818 | |||
9819 | OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952 | ||
9820 | |||
9821 | commit ba460acae48a36ef749cb23068f968f4d5d90a24 | ||
9822 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9823 | Date: Fri Nov 24 16:24:31 2017 +1100 | ||
9824 | |||
9825 | Include string.h for explicit_bzero. | ||
9826 | |||
9827 | commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff | ||
9828 | Author: Damien Miller <djm@mindrot.org> | ||
9829 | Date: Fri Nov 24 10:23:47 2017 +1100 | ||
9830 | |||
9831 | fix incorrect range of OpenSSL versions supported | ||
9832 | |||
9833 | Pointed out by Solar Designer | ||
9834 | |||
9835 | commit 83a1e5dbec52d05775174f368e0c44b08619a308 | ||
9836 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9837 | Date: Wed Nov 15 02:10:16 2017 +0000 | ||
9838 | |||
9839 | upstream commit | ||
9840 | |||
9841 | downgrade a couple more request parsing errors from | ||
9842 | process-fatal to just returning failure, making them consistent with the | ||
9843 | others that were already like that. | ||
9844 | |||
9845 | OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918 | ||
9846 | |||
9847 | commit 93c68a8f3da8e5e6acdc3396f54d73919165e242 | ||
9848 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9849 | Date: Wed Nov 15 00:13:40 2017 +0000 | ||
9850 | |||
9851 | upstream commit | ||
9852 | |||
9853 | fix regression in 7.6: failure to parse a signature request | ||
9854 | message shouldn't be fatal to the process, just the request. Reported by Ron | ||
9855 | Frederick | ||
9856 | |||
9857 | OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05 | ||
9858 | |||
9859 | commit 548d3a66feb64c405733932a6b1abeaf7198fa71 | ||
9860 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9861 | Date: Tue Nov 14 00:45:29 2017 +0000 | ||
9862 | |||
9863 | upstream commit | ||
9864 | |||
9865 | fix problem in configuration parsing when in config dump mode | ||
9866 | (sshd -T) without providing a full connection specification (sshd -T -C ...) | ||
9867 | |||
9868 | spotted by bluhm@ | ||
9869 | |||
9870 | OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f | ||
9871 | |||
9872 | commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88 | ||
9873 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9874 | Date: Fri Nov 3 05:18:44 2017 +0000 | ||
9875 | |||
9876 | upstream commit | ||
9877 | |||
9878 | reuse parse_multistate for parse_flag (yes/no arguments). | ||
9879 | Saves a few lines of code and makes the parser more consistent wrt case- | ||
9880 | sensitivity. bz#2664 ok dtucker@ | ||
9881 | |||
9882 | OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef | ||
9883 | |||
9884 | commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9 | ||
9885 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9886 | Date: Fri Nov 3 05:14:04 2017 +0000 | ||
9887 | |||
9888 | upstream commit | ||
9889 | |||
9890 | allow certificate validity intervals that specify only a | ||
9891 | start or stop time (we already support specifying both or neither) | ||
9892 | |||
9893 | OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42 | ||
9894 | |||
9895 | commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91 | ||
9896 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9897 | Date: Fri Nov 3 03:46:52 2017 +0000 | ||
9898 | |||
9899 | upstream commit | ||
9900 | |||
9901 | allow "cd" and "lcd" commands with no explicit path | ||
9902 | argument. lcd will change to the local user's home directory as usual. cd | ||
9903 | will change to the starting directory for session (because the protocol | ||
9904 | offers no way to obtain the remote user's home directory). bz#2760 ok | ||
9905 | dtucker@ | ||
9906 | |||
9907 | OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393 | ||
9908 | |||
9909 | commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e | ||
9910 | Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | ||
9911 | Date: Fri Nov 3 03:18:53 2017 +0000 | ||
9912 | |||
9913 | upstream commit | ||
9914 | |||
9915 | When doing a config test with sshd -T, only require the | ||
9916 | attributes that are actually used in Match criteria rather than (an | ||
9917 | incomplete list of) all criteria. ok djm@, man page help jmc@ | ||
9918 | |||
9919 | OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc | ||
9920 | |||
9921 | commit c357eed5a52cd2f4ff358b17e30e3f9a800644da | ||
9922 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9923 | Date: Fri Nov 3 02:32:19 2017 +0000 | ||
9924 | |||
9925 | upstream commit | ||
9926 | |||
9927 | typos in ECDSA certificate names; bz#2787 reported by | ||
9928 | Mike Gerow | ||
9929 | |||
9930 | OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163 | ||
9931 | |||
9932 | commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395 | ||
9933 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9934 | Date: Fri Nov 3 02:29:17 2017 +0000 | ||
9935 | |||
9936 | upstream commit | ||
9937 | |||
9938 | Private keys in PEM format have been encrypted by AES-128 for | ||
9939 | a while (not 3DES). bz#2788 reported by Calum Mackay | ||
9940 | |||
9941 | OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a | ||
9942 | |||
9943 | commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185 | ||
9944 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9945 | Date: Fri Nov 3 14:52:51 2017 +1100 | ||
9946 | |||
9947 | Check for linux/if.h when enabling rdomain. | ||
9948 | |||
9949 | musl libc doesn't seem to have linux/if.h, so check for its presence | ||
9950 | before enabling rdomain support on Linux. | ||
9951 | |||
9952 | commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f | ||
9953 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9954 | Date: Fri Nov 3 14:09:45 2017 +1100 | ||
9955 | |||
9956 | Add headers for sys/sysctl.h and net/route.h | ||
9957 | |||
9958 | On at least older OpenBSDs, sys/sysctl.h and net/route.h require | ||
9959 | sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME. | ||
9960 | |||
9961 | commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb | ||
9962 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9963 | Date: Fri Nov 3 02:22:41 2017 +0000 | ||
9964 | |||
9965 | upstream commit | ||
9966 | |||
9967 | avoid unused variable warnings for !WITH_OPENSSL; patch from | ||
9968 | Marcus Folkesson | ||
9969 | |||
9970 | OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229 | ||
9971 | |||
9972 | commit 6b373e4635a7470baa94253dd1dc8953663da9e8 | ||
9973 | Author: Marcus Folkesson <marcus.folkesson@gmail.com> | ||
9974 | Date: Sat Oct 28 19:48:39 2017 +0200 | ||
9975 | |||
9976 | only enable functions in dh.c when openssl is used | ||
9977 | |||
9978 | Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> | ||
9979 | |||
9980 | commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b | ||
9981 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9982 | Date: Wed Nov 1 00:04:15 2017 +0000 | ||
9983 | |||
9984 | upstream commit | ||
9985 | |||
9986 | fix broken stdout in ControlPersist mode, introduced by me in | ||
9987 | r1.467 and reported by Alf Schlichting | ||
9988 | |||
9989 | OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509 | ||
9990 | |||
9991 | commit f21455a084f9cc3942cf1bde64055a4916849fed | ||
9992 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9993 | Date: Tue Oct 31 10:09:33 2017 +1100 | ||
9994 | |||
9995 | Include includes.h for HAVE_GETPAGESIZE. | ||
9996 | |||
9997 | The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in | ||
9998 | config.h, but bsd-getpagesize.c forgot to include includes.h (which | ||
9999 | indirectly includes config.h) so the checks always fails, causing linker | ||
10000 | issues when linking statically on systems with getpagesize(). | ||
10001 | |||
10002 | Patch from Peter Korsgaard <peter at korsgaard.com> | ||
10003 | |||
10004 | commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5 | ||
10005 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10006 | Date: Mon Oct 30 22:01:52 2017 +0000 | ||
10007 | |||
10008 | upstream commit | ||
10009 | |||
10010 | whitespace at EOL | ||
10011 | |||
10012 | OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07 | ||
10013 | |||
10014 | commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e | ||
10015 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10016 | Date: Mon Oct 30 21:59:43 2017 +0000 | ||
10017 | |||
10018 | upstream commit | ||
10019 | |||
10020 | whitespace at EOL | ||
10021 | |||
10022 | OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd | ||
10023 | |||
10024 | commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3 | ||
10025 | Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org> | ||
10026 | Date: Wed Oct 25 20:08:36 2017 +0000 | ||
10027 | |||
10028 | upstream commit | ||
10029 | |||
10030 | Use printenv to test whether an SSH_USER_AUTH is set | ||
10031 | instead of using $SSH_USER_AUTH. The latter won't work with csh which treats | ||
10032 | unknown variables as an error when expanding them. OK markus@ | ||
10033 | |||
10034 | OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1 | ||
10035 | |||
10036 | commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7 | ||
10037 | Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org> | ||
10038 | Date: Tue Oct 24 19:33:32 2017 +0000 | ||
10039 | |||
10040 | upstream commit | ||
10041 | |||
10042 | Add tests for URI parsing. OK markus@ | ||
10043 | |||
10044 | OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b | ||
10045 | |||
10046 | commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4 | ||
10047 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10048 | Date: Fri Oct 27 01:57:06 2017 +0000 | ||
10049 | |||
10050 | upstream commit | ||
10051 | |||
10052 | whitespace at EOL | ||
10053 | |||
10054 | OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6 | ||
10055 | |||
10056 | commit d2135474344335a7c6ee643b6ade6db400fa76ee | ||
10057 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10058 | Date: Fri Oct 27 01:01:17 2017 +0000 | ||
10059 | |||
10060 | upstream commit | ||
10061 | |||
10062 | whitespace at EOL (lots) | ||
10063 | |||
10064 | OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747 | ||
10065 | |||
10066 | commit b77c29a07f5a02c7c1998701c73d92bde7ae1608 | ||
10067 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10068 | Date: Fri Oct 27 00:18:41 2017 +0000 | ||
10069 | |||
10070 | upstream commit | ||
10071 | |||
10072 | improve printing of rdomain on accept() a little | ||
10073 | |||
10074 | OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a | ||
10075 | |||
10076 | commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b | ||
10077 | Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> | ||
10078 | Date: Thu Oct 26 06:44:01 2017 +0000 | ||
10079 | |||
10080 | upstream commit | ||
10081 | |||
10082 | mark up the rdomain keyword; | ||
10083 | |||
10084 | OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a | ||
10085 | |||
10086 | commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b | ||
10087 | Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> | ||
10088 | Date: Wed Oct 25 06:19:46 2017 +0000 | ||
10089 | |||
10090 | upstream commit | ||
10091 | |||
10092 | tweak the uri text, specifically removing some markup to | ||
10093 | make it a bit more readable; | ||
10094 | |||
10095 | issue reported by - and diff ok - millert | ||
10096 | |||
10097 | OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f | ||
10098 | |||
10099 | commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40 | ||
10100 | Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> | ||
10101 | Date: Wed Oct 25 06:18:06 2017 +0000 | ||
10102 | |||
10103 | upstream commit | ||
10104 | |||
10105 | simplify macros in previous, and some minor tweaks; | ||
10106 | |||
10107 | OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca | ||
10108 | |||
10109 | commit eb9c582b710dc48976b48eb2204218f6863bae9a | ||
10110 | Author: Damien Miller <djm@mindrot.org> | ||
10111 | Date: Tue Oct 31 00:46:29 2017 +1100 | ||
10112 | |||
10113 | Switch upstream git repository. | ||
10114 | |||
10115 | Previously portable OpenSSH has synced against a conversion of OpenBSD's | ||
10116 | CVS repository made using the git cvsimport tool, but this has become | ||
10117 | increasingly unreliable. | ||
10118 | |||
10119 | As of this commit, portable OpenSSH now tracks a conversion of the | ||
10120 | OpenBSD CVS upstream made using the excellent cvs2gitdump tool from | ||
10121 | YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump | ||
10122 | |||
10123 | cvs2gitdump is considerably more reliable than gitcvsimport and the old | ||
10124 | version of cvsps that it uses under the hood, and is the same tool used | ||
10125 | to export the entire OpenBSD repository to git (so we know it can cope | ||
10126 | with future growth). | ||
10127 | |||
10128 | These new conversions are mirrored at github, so interested parties can | ||
10129 | match portable OpenSSH commits to their upstream counterparts. | ||
10130 | |||
10131 | https://github.com/djmdjm/openbsd-openssh-src | ||
10132 | https://github.com/djmdjm/openbsd-openssh-regress | ||
10133 | |||
10134 | An unfortunate side effect of switching upstreams is that we must have | ||
10135 | a flag day, across which the upstream commit IDs will be inconsistent. | ||
10136 | The old commit IDs are recorded with the tags "Upstream-ID" for main | ||
10137 | directory commits and "Upstream-Regress-ID" for regress commits. | ||
10138 | |||
10139 | To make it clear that the commit IDs do not refer to the same | ||
10140 | things, the new repository will instead use "OpenBSD-ID" and | ||
10141 | "OpenBSD-Regress-ID" tags instead. | ||
10142 | |||
10143 | Apart from being a longwinded explanation of what is going on, this | ||
10144 | commit message also serves to synchronise our tools with the state of | ||
10145 | the tree, which happens to be: | ||
10146 | |||
10147 | OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 | ||
10148 | OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef | ||
10149 | |||
10150 | commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea | ||
10151 | Author: Damien Miller <djm@mindrot.org> | ||
10152 | Date: Fri Oct 27 08:42:33 2017 +1100 | ||
10153 | |||
10154 | fix rdomain compilation errors | ||
10155 | |||
10156 | commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab | ||
10157 | Author: Damien Miller <djm@mindrot.org> | ||
10158 | Date: Wed Oct 25 14:15:42 2017 +1100 | ||
10159 | |||
10160 | autoconf glue to enable Linux VRF | ||
10161 | |||
10162 | commit 97c5aaf925d61641d599071abb56012cde265978 | ||
10163 | Author: Damien Miller <djm@mindrot.org> | ||
10164 | Date: Wed Oct 25 14:09:56 2017 +1100 | ||
10165 | |||
10166 | basic valid_rdomain() implementation for Linux | ||
10167 | |||
10168 | commit ce1cca39d7935dd394080ce2df62f5ce5b51f485 | ||
10169 | Author: Damien Miller <djm@mindrot.org> | ||
10170 | Date: Wed Oct 25 13:47:59 2017 +1100 | ||
10171 | |||
10172 | implement get/set_rdomain() for Linux | ||
10173 | |||
10174 | Not enabled, pending implementation of valid_rdomain() and autoconf glue | ||
10175 | |||
10176 | commit 6eee79f9b8d4a3b113b698383948a119acb82415 | ||
10177 | Author: Damien Miller <djm@mindrot.org> | ||
10178 | Date: Wed Oct 25 13:22:29 2017 +1100 | ||
10179 | |||
10180 | stubs for rdomain replacement functions | ||
10181 | |||
10182 | commit f5594f939f844bbb688313697d6676238da355b3 | ||
10183 | Author: Damien Miller <djm@mindrot.org> | ||
10184 | Date: Wed Oct 25 13:13:57 2017 +1100 | ||
10185 | |||
10186 | rename port-tun.[ch] => port-net.[ch] | ||
10187 | |||
10188 | Ahead of adding rdomain support | ||
10189 | |||
10190 | commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb | ||
10191 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10192 | Date: Wed Oct 25 02:10:39 2017 +0000 | ||
10193 | |||
10194 | upstream commit | ||
10195 | |||
10196 | uninitialised variable in PermitTunnel printing code | ||
10197 | |||
10198 | Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a | ||
10199 | |||
10200 | commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f | ||
10201 | Author: Damien Miller <djm@mindrot.org> | ||
10202 | Date: Wed Oct 25 13:10:59 2017 +1100 | ||
10203 | |||
10204 | provide hooks and fallbacks for rdomain support | ||
10205 | |||
10206 | commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04 | ||
10207 | Author: Damien Miller <djm@mindrot.org> | ||
10208 | Date: Wed Oct 25 11:25:43 2017 +1100 | ||
10209 | |||
10210 | check for net/route.h and sys/sysctl.h | ||
10211 | |||
10212 | commit 4d5456c7de108e17603a0920c4d15bca87244921 | ||
10213 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10214 | Date: Wed Oct 25 00:21:37 2017 +0000 | ||
10215 | |||
10216 | upstream commit | ||
10217 | |||
10218 | transfer ownership of stdout to the session channel by | ||
10219 | dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to | ||
10220 | the local side; reported by David Newall, ok markus@ | ||
10221 | |||
10222 | Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79 | ||
10223 | |||
10224 | commit 68af80e6fdeaeb79432209db614386ff0f37e75f | ||
10225 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10226 | Date: Wed Oct 25 00:19:47 2017 +0000 | ||
10227 | |||
10228 | upstream commit | ||
10229 | |||
10230 | add a "rdomain" criteria for the sshd_config Match | ||
10231 | keyword to allow conditional configuration that depends on which rdomain(4) a | ||
10232 | connection was recevied on. ok markus@ | ||
10233 | |||
10234 | Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb | ||
10235 | |||
10236 | commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a | ||
10237 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10238 | Date: Wed Oct 25 00:17:08 2017 +0000 | ||
10239 | |||
10240 | upstream commit | ||
10241 | |||
10242 | add sshd_config RDomain keyword to place sshd and the | ||
10243 | subsequent user session (including the shell and any TCP/IP forwardings) into | ||
10244 | the specified rdomain(4) | ||
10245 | |||
10246 | ok markus@ | ||
10247 | |||
10248 | Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 | ||
10249 | |||
10250 | commit acf559e1cffbd1d6167cc1742729fc381069f06b | ||
10251 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10252 | Date: Wed Oct 25 00:15:35 2017 +0000 | ||
10253 | |||
10254 | upstream commit | ||
10255 | |||
10256 | Add optional rdomain qualifier to sshd_config's | ||
10257 | ListenAddress option to allow listening on a different rdomain(4), e.g. | ||
10258 | |||
10259 | ListenAddress 0.0.0.0 rdomain 4 | ||
10260 | |||
10261 | Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091 | ||
10262 | |||
10263 | commit b9903ee8ee8671b447fc260c2bee3761e26c7227 | ||
10264 | Author: millert@openbsd.org <millert@openbsd.org> | ||
10265 | Date: Tue Oct 24 19:41:45 2017 +0000 | ||
10266 | |||
10267 | upstream commit | ||
10268 | |||
10269 | Kill dead store and some spaces vs. tabs indent in | ||
10270 | parse_user_host_path(). Noticed by markus@ | ||
10271 | |||
10272 | Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200 | ||
10273 | |||
10274 | commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800 | ||
10275 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10276 | Date: Tue Oct 24 06:27:42 2017 +0000 | ||
10277 | |||
10278 | upstream commit | ||
10279 | |||
10280 | tweak previous; ok djm | ||
10281 | |||
10282 | Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9 | ||
10283 | |||
10284 | commit e3fa20e2e58fdc88a0e842358778f2de448b771b | ||
10285 | Author: Damien Miller <djm@mindrot.org> | ||
10286 | Date: Mon Oct 23 16:25:24 2017 +1100 | ||
10287 | |||
10288 | avoid -Wsign-compare warning in argv copying | ||
10289 | |||
10290 | commit b7548b12a6b2b4abf4d057192c353147e0abba08 | ||
10291 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10292 | Date: Mon Oct 23 05:08:00 2017 +0000 | ||
10293 | |||
10294 | upstream commit | ||
10295 | |||
10296 | Expose devices allocated for tun/tap forwarding. | ||
10297 | |||
10298 | At the client, the device may be obtained from a new %T expansion | ||
10299 | for LocalCommand. | ||
10300 | |||
10301 | At the server, the allocated devices will be listed in a | ||
10302 | SSH_TUNNEL variable exposed to the environment of any user sessions | ||
10303 | started after the tunnel forwarding was established. | ||
10304 | |||
10305 | ok markus | ||
10306 | |||
10307 | Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e | ||
10308 | |||
10309 | commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 | ||
10310 | Author: millert@openbsd.org <millert@openbsd.org> | ||
10311 | Date: Sat Oct 21 23:06:24 2017 +0000 | ||
10312 | |||
10313 | upstream commit | ||
10314 | |||
10315 | Add URI support to ssh, sftp and scp. For example | ||
10316 | ssh://user@host or sftp://user@host/path. The connection parameters | ||
10317 | described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since | ||
10318 | the ssh fingerprint format in the draft uses md5 with no way to specify the | ||
10319 | hash function type. OK djm@ | ||
10320 | |||
10321 | Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc | ||
10322 | |||
10323 | commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98 | ||
10324 | Author: Damien Miller <djm@mindrot.org> | ||
10325 | Date: Fri Oct 20 13:22:00 2017 +1100 | ||
10326 | |||
10327 | Fix missed RCSID merges | ||
10328 | |||
10329 | commit d3b6aeb546242c9e61721225ac4387d416dd3d5e | ||
10330 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10331 | Date: Fri Oct 20 02:13:41 2017 +0000 | ||
10332 | |||
10333 | upstream commit | ||
10334 | |||
10335 | more RCSIDs | ||
10336 | |||
10337 | Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be | ||
10338 | |||
10339 | commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a | ||
10340 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10341 | Date: Fri Oct 20 01:56:39 2017 +0000 | ||
10342 | |||
10343 | upstream commit | ||
10344 | |||
10345 | add RCSIDs to these; they make syncing portable a bit | ||
10346 | easier | ||
10347 | |||
10348 | Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68 | ||
10349 | |||
10350 | commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464 | ||
10351 | Author: Damien Miller <djm@mindrot.org> | ||
10352 | Date: Fri Oct 20 12:54:15 2017 +1100 | ||
10353 | |||
10354 | upstream commit | ||
10355 | |||
10356 | Apply missing commit 1.11 to kexc25519s.c | ||
10357 | |||
10358 | Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8 | ||
10359 | |||
10360 | commit 6f72280553cb6918859ebcacc717f2d2fafc1a27 | ||
10361 | Author: Damien Miller <djm@mindrot.org> | ||
10362 | Date: Fri Oct 20 12:52:50 2017 +1100 | ||
10363 | |||
10364 | upstream commit | ||
10365 | |||
10366 | Apply missing commit 1.127 to servconf.h | ||
10367 | |||
10368 | Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15 | ||
10369 | |||
10370 | commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc | ||
10371 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10372 | Date: Wed Oct 18 05:36:59 2017 +0000 | ||
10373 | |||
10374 | upstream commit | ||
10375 | |||
10376 | remove unused Pp; | ||
10377 | |||
10378 | Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550 | ||
10379 | |||
10380 | commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14 | ||
10381 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10382 | Date: Wed Oct 18 02:49:44 2017 +0000 | ||
10383 | |||
10384 | upstream commit | ||
10385 | |||
10386 | In the description of pattern-lists, clarify negated | ||
10387 | matches by explicitly stating that a negated match will never yield a | ||
10388 | positive result, and that at least one positive term in the pattern-list must | ||
10389 | match. bz#1918 | ||
10390 | |||
10391 | Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 | ||
10392 | |||
10393 | commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd | ||
10394 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10395 | Date: Fri Oct 13 21:13:54 2017 +0000 | ||
10396 | |||
10397 | upstream commit | ||
10398 | |||
10399 | log debug messages sent to peer; ok deraadt markus | ||
10400 | |||
10401 | Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9 | ||
10402 | |||
10403 | commit 071325f458d615d7740da5c1c1d5a8b68a0b4605 | ||
10404 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10405 | Date: Fri Oct 13 16:50:45 2017 +0000 | ||
10406 | |||
10407 | upstream commit | ||
10408 | |||
10409 | trim permitrootlogin description somewhat, to avoid | ||
10410 | ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and | ||
10411 | myself | ||
10412 | |||
10413 | ok sthen schwarze deraadt | ||
10414 | |||
10415 | Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2 | ||
10416 | |||
10417 | commit 10727487becb897a15f658e0cb2d05466236e622 | ||
10418 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10419 | Date: Fri Oct 13 06:45:18 2017 +0000 | ||
10420 | |||
10421 | upstream commit | ||
10422 | |||
10423 | mention SSH_USER_AUTH in the list of environment | ||
10424 | variables | ||
10425 | |||
10426 | Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691 | ||
10427 | |||
10428 | commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2 | ||
10429 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10430 | Date: Fri Oct 13 06:24:51 2017 +0000 | ||
10431 | |||
10432 | upstream commit | ||
10433 | |||
10434 | BIO_get_mem_data() is supposed to take a char* as pointer | ||
10435 | argument, so don't pass it a const char* | ||
10436 | |||
10437 | Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec | ||
10438 | |||
10439 | commit cfa46825b5ef7097373ed8e31b01a4538a8db565 | ||
10440 | Author: benno@openbsd.org <benno@openbsd.org> | ||
10441 | Date: Mon Oct 9 20:12:51 2017 +0000 | ||
10442 | |||
10443 | upstream commit | ||
10444 | |||
10445 | clarify the order in which config statements are used. ok | ||
10446 | jmc@ djm@ | ||
10447 | |||
10448 | Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed | ||
10449 | |||
10450 | commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 | ||
10451 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10452 | Date: Thu Oct 5 15:52:03 2017 +0000 | ||
10453 | |||
10454 | upstream commit | ||
10455 | |||
10456 | replace statically-sized arrays in ServerOptions with | ||
10457 | dynamic ones managed by xrecallocarray, removing some arbitrary (though | ||
10458 | large) limits and saving a bit of memory; "much nicer" markus@ | ||
10459 | |||
10460 | Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2 | ||
10461 | |||
10462 | commit 2b4f3ab050c2aaf6977604dd037041372615178d | ||
10463 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10464 | Date: Thu Oct 5 12:56:50 2017 +0000 | ||
10465 | |||
10466 | upstream commit | ||
10467 | |||
10468 | %C is hashed; from klemens nanni ok markus | ||
10469 | |||
10470 | Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 | ||
diff --git a/config.h.in b/config.h.in new file mode 100644 index 000000000..00fe91741 --- /dev/null +++ b/config.h.in | |||
@@ -0,0 +1,1990 @@ | |||
1 | /* config.h.in. Generated from configure.ac by autoheader. */ | ||
2 | |||
3 | /* Define if building universal (internal helper macro) */ | ||
4 | #undef AC_APPLE_UNIVERSAL_BUILD | ||
5 | |||
6 | /* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address | ||
7 | */ | ||
8 | #undef AIX_GETNAMEINFO_HACK | ||
9 | |||
10 | /* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ | ||
11 | #undef AIX_LOGINFAILED_4ARG | ||
12 | |||
13 | /* System only supports IPv4 audit records */ | ||
14 | #undef AU_IPv4 | ||
15 | |||
16 | /* Define if your resolver libs need this for getrrsetbyname */ | ||
17 | #undef BIND_8_COMPAT | ||
18 | |||
19 | /* The system has incomplete BSM API */ | ||
20 | #undef BROKEN_BSM_API | ||
21 | |||
22 | /* Define if cmsg_type is not passed correctly */ | ||
23 | #undef BROKEN_CMSG_TYPE | ||
24 | |||
25 | /* getaddrinfo is broken (if present) */ | ||
26 | #undef BROKEN_GETADDRINFO | ||
27 | |||
28 | /* getgroups(0,NULL) will return -1 */ | ||
29 | #undef BROKEN_GETGROUPS | ||
30 | |||
31 | /* FreeBSD glob does not do what we need */ | ||
32 | #undef BROKEN_GLOB | ||
33 | |||
34 | /* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ | ||
35 | #undef BROKEN_INET_NTOA | ||
36 | |||
37 | /* Define if your struct dirent expects you to allocate extra space for d_name | ||
38 | */ | ||
39 | #undef BROKEN_ONE_BYTE_DIRENT_D_NAME | ||
40 | |||
41 | /* Can't do comparisons on readv */ | ||
42 | #undef BROKEN_READV_COMPARISON | ||
43 | |||
44 | /* NetBSD read function is sometimes redirected, breaking atomicio comparisons | ||
45 | against it */ | ||
46 | #undef BROKEN_READ_COMPARISON | ||
47 | |||
48 | /* Needed for NeXT */ | ||
49 | #undef BROKEN_SAVED_UIDS | ||
50 | |||
51 | /* Define if your setregid() is broken */ | ||
52 | #undef BROKEN_SETREGID | ||
53 | |||
54 | /* Define if your setresgid() is broken */ | ||
55 | #undef BROKEN_SETRESGID | ||
56 | |||
57 | /* Define if your setresuid() is broken */ | ||
58 | #undef BROKEN_SETRESUID | ||
59 | |||
60 | /* Define if your setreuid() is broken */ | ||
61 | #undef BROKEN_SETREUID | ||
62 | |||
63 | /* LynxOS has broken setvbuf() implementation */ | ||
64 | #undef BROKEN_SETVBUF | ||
65 | |||
66 | /* QNX shadow support is broken */ | ||
67 | #undef BROKEN_SHADOW_EXPIRE | ||
68 | |||
69 | /* Define if your snprintf is busted */ | ||
70 | #undef BROKEN_SNPRINTF | ||
71 | |||
72 | /* strndup broken, see APAR IY61211 */ | ||
73 | #undef BROKEN_STRNDUP | ||
74 | |||
75 | /* strnlen broken, see APAR IY62551 */ | ||
76 | #undef BROKEN_STRNLEN | ||
77 | |||
78 | /* strnvis detected broken */ | ||
79 | #undef BROKEN_STRNVIS | ||
80 | |||
81 | /* tcgetattr with ICANON may hang */ | ||
82 | #undef BROKEN_TCGETATTR_ICANON | ||
83 | |||
84 | /* updwtmpx is broken (if present) */ | ||
85 | #undef BROKEN_UPDWTMPX | ||
86 | |||
87 | /* Define if you have BSD auth support */ | ||
88 | #undef BSD_AUTH | ||
89 | |||
90 | /* Define if you want to specify the path to your lastlog file */ | ||
91 | #undef CONF_LASTLOG_FILE | ||
92 | |||
93 | /* Define if you want to specify the path to your utmp file */ | ||
94 | #undef CONF_UTMP_FILE | ||
95 | |||
96 | /* Define if you want to specify the path to your wtmpx file */ | ||
97 | #undef CONF_WTMPX_FILE | ||
98 | |||
99 | /* Define if you want to specify the path to your wtmp file */ | ||
100 | #undef CONF_WTMP_FILE | ||
101 | |||
102 | /* Define if your platform needs to skip post auth file descriptor passing */ | ||
103 | #undef DISABLE_FD_PASSING | ||
104 | |||
105 | /* Define if you don't want to use lastlog */ | ||
106 | #undef DISABLE_LASTLOG | ||
107 | |||
108 | /* Define if you don't want to use your system's login() call */ | ||
109 | #undef DISABLE_LOGIN | ||
110 | |||
111 | /* Define if you don't want to use pututline() etc. to write [uw]tmp */ | ||
112 | #undef DISABLE_PUTUTLINE | ||
113 | |||
114 | /* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ | ||
115 | #undef DISABLE_PUTUTXLINE | ||
116 | |||
117 | /* Define if you want to disable shadow passwords */ | ||
118 | #undef DISABLE_SHADOW | ||
119 | |||
120 | /* Define if you don't want to use utmp */ | ||
121 | #undef DISABLE_UTMP | ||
122 | |||
123 | /* Define if you don't want to use utmpx */ | ||
124 | #undef DISABLE_UTMPX | ||
125 | |||
126 | /* Define if you don't want to use wtmp */ | ||
127 | #undef DISABLE_WTMP | ||
128 | |||
129 | /* Define if you don't want to use wtmpx */ | ||
130 | #undef DISABLE_WTMPX | ||
131 | |||
132 | /* Enable for PKCS#11 support */ | ||
133 | #undef ENABLE_PKCS11 | ||
134 | |||
135 | /* define if fflush(NULL) does not work */ | ||
136 | #undef FFLUSH_NULL_BUG | ||
137 | |||
138 | /* File names may not contain backslash characters */ | ||
139 | #undef FILESYSTEM_NO_BACKSLASH | ||
140 | |||
141 | /* fsid_t has member val */ | ||
142 | #undef FSID_HAS_VAL | ||
143 | |||
144 | /* fsid_t has member __val */ | ||
145 | #undef FSID_HAS___VAL | ||
146 | |||
147 | /* getpgrp takes one arg */ | ||
148 | #undef GETPGRP_VOID | ||
149 | |||
150 | /* Conflicting defs for getspnam */ | ||
151 | #undef GETSPNAM_CONFLICTING_DEFS | ||
152 | |||
153 | /* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ | ||
154 | #undef GLOB_HAS_ALTDIRFUNC | ||
155 | |||
156 | /* Define if your system glob() function has gl_matchc options in glob_t */ | ||
157 | #undef GLOB_HAS_GL_MATCHC | ||
158 | |||
159 | /* Define if your system glob() function has gl_statv options in glob_t */ | ||
160 | #undef GLOB_HAS_GL_STATV | ||
161 | |||
162 | /* Define this if you want GSSAPI support in the version 2 protocol */ | ||
163 | #undef GSSAPI | ||
164 | |||
165 | /* Define if you want to use shadow password expire field */ | ||
166 | #undef HAS_SHADOW_EXPIRE | ||
167 | |||
168 | /* Define if your system uses access rights style file descriptor passing */ | ||
169 | #undef HAVE_ACCRIGHTS_IN_MSGHDR | ||
170 | |||
171 | /* Define if you have ut_addr in utmp.h */ | ||
172 | #undef HAVE_ADDR_IN_UTMP | ||
173 | |||
174 | /* Define if you have ut_addr in utmpx.h */ | ||
175 | #undef HAVE_ADDR_IN_UTMPX | ||
176 | |||
177 | /* Define if you have ut_addr_v6 in utmp.h */ | ||
178 | #undef HAVE_ADDR_V6_IN_UTMP | ||
179 | |||
180 | /* Define if you have ut_addr_v6 in utmpx.h */ | ||
181 | #undef HAVE_ADDR_V6_IN_UTMPX | ||
182 | |||
183 | /* Define to 1 if you have the `arc4random' function. */ | ||
184 | #undef HAVE_ARC4RANDOM | ||
185 | |||
186 | /* Define to 1 if you have the `arc4random_buf' function. */ | ||
187 | #undef HAVE_ARC4RANDOM_BUF | ||
188 | |||
189 | /* Define to 1 if you have the `arc4random_stir' function. */ | ||
190 | #undef HAVE_ARC4RANDOM_STIR | ||
191 | |||
192 | /* Define to 1 if you have the `arc4random_uniform' function. */ | ||
193 | #undef HAVE_ARC4RANDOM_UNIFORM | ||
194 | |||
195 | /* Define to 1 if you have the `asprintf' function. */ | ||
196 | #undef HAVE_ASPRINTF | ||
197 | |||
198 | /* OpenBSD's gcc has bounded */ | ||
199 | #undef HAVE_ATTRIBUTE__BOUNDED__ | ||
200 | |||
201 | /* Have attribute nonnull */ | ||
202 | #undef HAVE_ATTRIBUTE__NONNULL__ | ||
203 | |||
204 | /* OpenBSD's gcc has sentinel */ | ||
205 | #undef HAVE_ATTRIBUTE__SENTINEL__ | ||
206 | |||
207 | /* Define to 1 if you have the `aug_get_machine' function. */ | ||
208 | #undef HAVE_AUG_GET_MACHINE | ||
209 | |||
210 | /* Define to 1 if you have the `b64_ntop' function. */ | ||
211 | #undef HAVE_B64_NTOP | ||
212 | |||
213 | /* Define to 1 if you have the `b64_pton' function. */ | ||
214 | #undef HAVE_B64_PTON | ||
215 | |||
216 | /* Define if you have the basename function. */ | ||
217 | #undef HAVE_BASENAME | ||
218 | |||
219 | /* Define to 1 if you have the `bcopy' function. */ | ||
220 | #undef HAVE_BCOPY | ||
221 | |||
222 | /* Define to 1 if you have the `bcrypt_pbkdf' function. */ | ||
223 | #undef HAVE_BCRYPT_PBKDF | ||
224 | |||
225 | /* Define to 1 if you have the `bindresvport_sa' function. */ | ||
226 | #undef HAVE_BINDRESVPORT_SA | ||
227 | |||
228 | /* Define to 1 if you have the `blf_enc' function. */ | ||
229 | #undef HAVE_BLF_ENC | ||
230 | |||
231 | /* Define to 1 if you have the <blf.h> header file. */ | ||
232 | #undef HAVE_BLF_H | ||
233 | |||
234 | /* Define to 1 if you have the `Blowfish_expand0state' function. */ | ||
235 | #undef HAVE_BLOWFISH_EXPAND0STATE | ||
236 | |||
237 | /* Define to 1 if you have the `Blowfish_expandstate' function. */ | ||
238 | #undef HAVE_BLOWFISH_EXPANDSTATE | ||
239 | |||
240 | /* Define to 1 if you have the `Blowfish_initstate' function. */ | ||
241 | #undef HAVE_BLOWFISH_INITSTATE | ||
242 | |||
243 | /* Define to 1 if you have the `Blowfish_stream2word' function. */ | ||
244 | #undef HAVE_BLOWFISH_STREAM2WORD | ||
245 | |||
246 | /* Define to 1 if you have the `BN_is_prime_ex' function. */ | ||
247 | #undef HAVE_BN_IS_PRIME_EX | ||
248 | |||
249 | /* Define to 1 if you have the <bsd/libutil.h> header file. */ | ||
250 | #undef HAVE_BSD_LIBUTIL_H | ||
251 | |||
252 | /* Define to 1 if you have the <bsm/audit.h> header file. */ | ||
253 | #undef HAVE_BSM_AUDIT_H | ||
254 | |||
255 | /* Define to 1 if you have the <bstring.h> header file. */ | ||
256 | #undef HAVE_BSTRING_H | ||
257 | |||
258 | /* Define to 1 if you have the `bzero' function. */ | ||
259 | #undef HAVE_BZERO | ||
260 | |||
261 | /* calloc(0, x) returns NULL */ | ||
262 | #undef HAVE_CALLOC | ||
263 | |||
264 | /* Define to 1 if you have the `cap_rights_limit' function. */ | ||
265 | #undef HAVE_CAP_RIGHTS_LIMIT | ||
266 | |||
267 | /* Define to 1 if you have the `clock' function. */ | ||
268 | #undef HAVE_CLOCK | ||
269 | |||
270 | /* Have clock_gettime */ | ||
271 | #undef HAVE_CLOCK_GETTIME | ||
272 | |||
273 | /* define if you have clock_t data type */ | ||
274 | #undef HAVE_CLOCK_T | ||
275 | |||
276 | /* Define to 1 if you have the `closefrom' function. */ | ||
277 | #undef HAVE_CLOSEFROM | ||
278 | |||
279 | /* Define if gai_strerror() returns const char * */ | ||
280 | #undef HAVE_CONST_GAI_STRERROR_PROTO | ||
281 | |||
282 | /* Define if your system uses ancillary data style file descriptor passing */ | ||
283 | #undef HAVE_CONTROL_IN_MSGHDR | ||
284 | |||
285 | /* Define to 1 if you have the `crypt' function. */ | ||
286 | #undef HAVE_CRYPT | ||
287 | |||
288 | /* Define to 1 if you have the <crypto/sha2.h> header file. */ | ||
289 | #undef HAVE_CRYPTO_SHA2_H | ||
290 | |||
291 | /* Define to 1 if you have the <crypt.h> header file. */ | ||
292 | #undef HAVE_CRYPT_H | ||
293 | |||
294 | /* Define if you are on Cygwin */ | ||
295 | #undef HAVE_CYGWIN | ||
296 | |||
297 | /* Define if your libraries define daemon() */ | ||
298 | #undef HAVE_DAEMON | ||
299 | |||
300 | /* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if | ||
301 | you don't. */ | ||
302 | #undef HAVE_DECL_AI_NUMERICSERV | ||
303 | |||
304 | /* Define to 1 if you have the declaration of `authenticate', and to 0 if you | ||
305 | don't. */ | ||
306 | #undef HAVE_DECL_AUTHENTICATE | ||
307 | |||
308 | /* Define to 1 if you have the declaration of `bzero', and to 0 if you don't. | ||
309 | */ | ||
310 | #undef HAVE_DECL_BZERO | ||
311 | |||
312 | /* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you | ||
313 | don't. */ | ||
314 | #undef HAVE_DECL_GLOB_NOMATCH | ||
315 | |||
316 | /* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', | ||
317 | and to 0 if you don't. */ | ||
318 | #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE | ||
319 | |||
320 | /* Define to 1 if you have the declaration of `howmany', and to 0 if you | ||
321 | don't. */ | ||
322 | #undef HAVE_DECL_HOWMANY | ||
323 | |||
324 | /* Define to 1 if you have the declaration of `h_errno', and to 0 if you | ||
325 | don't. */ | ||
326 | #undef HAVE_DECL_H_ERRNO | ||
327 | |||
328 | /* Define to 1 if you have the declaration of `loginfailed', and to 0 if you | ||
329 | don't. */ | ||
330 | #undef HAVE_DECL_LOGINFAILED | ||
331 | |||
332 | /* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if | ||
333 | you don't. */ | ||
334 | #undef HAVE_DECL_LOGINRESTRICTIONS | ||
335 | |||
336 | /* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you | ||
337 | don't. */ | ||
338 | #undef HAVE_DECL_LOGINSUCCESS | ||
339 | |||
340 | /* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you | ||
341 | don't. */ | ||
342 | #undef HAVE_DECL_MAXSYMLINKS | ||
343 | |||
344 | /* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you | ||
345 | don't. */ | ||
346 | #undef HAVE_DECL_NFDBITS | ||
347 | |||
348 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you | ||
349 | don't. */ | ||
350 | #undef HAVE_DECL_OFFSETOF | ||
351 | |||
352 | /* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you | ||
353 | don't. */ | ||
354 | #undef HAVE_DECL_O_NONBLOCK | ||
355 | |||
356 | /* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you | ||
357 | don't. */ | ||
358 | #undef HAVE_DECL_PASSWDEXPIRED | ||
359 | |||
360 | /* Define to 1 if you have the declaration of `readv', and to 0 if you don't. | ||
361 | */ | ||
362 | #undef HAVE_DECL_READV | ||
363 | |||
364 | /* Define to 1 if you have the declaration of `setauthdb', and to 0 if you | ||
365 | don't. */ | ||
366 | #undef HAVE_DECL_SETAUTHDB | ||
367 | |||
368 | /* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you | ||
369 | don't. */ | ||
370 | #undef HAVE_DECL_SHUT_RD | ||
371 | |||
372 | /* Define to 1 if you have the declaration of `writev', and to 0 if you don't. | ||
373 | */ | ||
374 | #undef HAVE_DECL_WRITEV | ||
375 | |||
376 | /* Define to 1 if you have the declaration of `_getlong', and to 0 if you | ||
377 | don't. */ | ||
378 | #undef HAVE_DECL__GETLONG | ||
379 | |||
380 | /* Define to 1 if you have the declaration of `_getshort', and to 0 if you | ||
381 | don't. */ | ||
382 | #undef HAVE_DECL__GETSHORT | ||
383 | |||
384 | /* Define to 1 if you have the `DES_crypt' function. */ | ||
385 | #undef HAVE_DES_CRYPT | ||
386 | |||
387 | /* Define if you have /dev/ptmx */ | ||
388 | #undef HAVE_DEV_PTMX | ||
389 | |||
390 | /* Define if you have /dev/ptc */ | ||
391 | #undef HAVE_DEV_PTS_AND_PTC | ||
392 | |||
393 | /* Define to 1 if you have the `DH_get0_key' function. */ | ||
394 | #undef HAVE_DH_GET0_KEY | ||
395 | |||
396 | /* Define to 1 if you have the `DH_get0_pqg' function. */ | ||
397 | #undef HAVE_DH_GET0_PQG | ||
398 | |||
399 | /* Define to 1 if you have the `DH_set0_key' function. */ | ||
400 | #undef HAVE_DH_SET0_KEY | ||
401 | |||
402 | /* Define to 1 if you have the `DH_set0_pqg' function. */ | ||
403 | #undef HAVE_DH_SET0_PQG | ||
404 | |||
405 | /* Define to 1 if you have the `DH_set_length' function. */ | ||
406 | #undef HAVE_DH_SET_LENGTH | ||
407 | |||
408 | /* Define to 1 if you have the <dirent.h> header file. */ | ||
409 | #undef HAVE_DIRENT_H | ||
410 | |||
411 | /* Define to 1 if you have the `dirfd' function. */ | ||
412 | #undef HAVE_DIRFD | ||
413 | |||
414 | /* Define to 1 if you have the `dirname' function. */ | ||
415 | #undef HAVE_DIRNAME | ||
416 | |||
417 | /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ | ||
418 | #undef HAVE_DSA_GENERATE_PARAMETERS_EX | ||
419 | |||
420 | /* Define to 1 if you have the `DSA_get0_key' function. */ | ||
421 | #undef HAVE_DSA_GET0_KEY | ||
422 | |||
423 | /* Define to 1 if you have the `DSA_get0_pqg' function. */ | ||
424 | #undef HAVE_DSA_GET0_PQG | ||
425 | |||
426 | /* Define to 1 if you have the `DSA_set0_key' function. */ | ||
427 | #undef HAVE_DSA_SET0_KEY | ||
428 | |||
429 | /* Define to 1 if you have the `DSA_set0_pqg' function. */ | ||
430 | #undef HAVE_DSA_SET0_PQG | ||
431 | |||
432 | /* Define to 1 if you have the `DSA_SIG_get0' function. */ | ||
433 | #undef HAVE_DSA_SIG_GET0 | ||
434 | |||
435 | /* Define to 1 if you have the `DSA_SIG_set0' function. */ | ||
436 | #undef HAVE_DSA_SIG_SET0 | ||
437 | |||
438 | /* Define to 1 if you have the `ECDSA_SIG_get0' function. */ | ||
439 | #undef HAVE_ECDSA_SIG_GET0 | ||
440 | |||
441 | /* Define to 1 if you have the `ECDSA_SIG_set0' function. */ | ||
442 | #undef HAVE_ECDSA_SIG_SET0 | ||
443 | |||
444 | /* Define to 1 if you have the `EC_KEY_METHOD_new' function. */ | ||
445 | #undef HAVE_EC_KEY_METHOD_NEW | ||
446 | |||
447 | /* Define to 1 if you have the <elf.h> header file. */ | ||
448 | #undef HAVE_ELF_H | ||
449 | |||
450 | /* Define to 1 if you have the `endgrent' function. */ | ||
451 | #undef HAVE_ENDGRENT | ||
452 | |||
453 | /* Define to 1 if you have the <endian.h> header file. */ | ||
454 | #undef HAVE_ENDIAN_H | ||
455 | |||
456 | /* Define to 1 if you have the `endutent' function. */ | ||
457 | #undef HAVE_ENDUTENT | ||
458 | |||
459 | /* Define to 1 if you have the `endutxent' function. */ | ||
460 | #undef HAVE_ENDUTXENT | ||
461 | |||
462 | /* Define to 1 if you have the `err' function. */ | ||
463 | #undef HAVE_ERR | ||
464 | |||
465 | /* Define to 1 if you have the `errx' function. */ | ||
466 | #undef HAVE_ERRX | ||
467 | |||
468 | /* Define to 1 if you have the <err.h> header file. */ | ||
469 | #undef HAVE_ERR_H | ||
470 | |||
471 | /* Define if your system has /etc/default/login */ | ||
472 | #undef HAVE_ETC_DEFAULT_LOGIN | ||
473 | |||
474 | /* Define to 1 if you have the `EVP_CIPHER_CTX_ctrl' function. */ | ||
475 | #undef HAVE_EVP_CIPHER_CTX_CTRL | ||
476 | |||
477 | /* Define to 1 if you have the `EVP_CIPHER_CTX_get_iv' function. */ | ||
478 | #undef HAVE_EVP_CIPHER_CTX_GET_IV | ||
479 | |||
480 | /* Define to 1 if you have the `EVP_CIPHER_CTX_iv' function. */ | ||
481 | #undef HAVE_EVP_CIPHER_CTX_IV | ||
482 | |||
483 | /* Define to 1 if you have the `EVP_CIPHER_CTX_iv_noconst' function. */ | ||
484 | #undef HAVE_EVP_CIPHER_CTX_IV_NOCONST | ||
485 | |||
486 | /* Define to 1 if you have the `EVP_CIPHER_CTX_set_iv' function. */ | ||
487 | #undef HAVE_EVP_CIPHER_CTX_SET_IV | ||
488 | |||
489 | /* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ | ||
490 | #undef HAVE_EVP_DIGESTFINAL_EX | ||
491 | |||
492 | /* Define to 1 if you have the `EVP_DigestInit_ex' function. */ | ||
493 | #undef HAVE_EVP_DIGESTINIT_EX | ||
494 | |||
495 | /* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ | ||
496 | #undef HAVE_EVP_MD_CTX_CLEANUP | ||
497 | |||
498 | /* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ | ||
499 | #undef HAVE_EVP_MD_CTX_COPY_EX | ||
500 | |||
501 | /* Define to 1 if you have the `EVP_MD_CTX_free' function. */ | ||
502 | #undef HAVE_EVP_MD_CTX_FREE | ||
503 | |||
504 | /* Define to 1 if you have the `EVP_MD_CTX_init' function. */ | ||
505 | #undef HAVE_EVP_MD_CTX_INIT | ||
506 | |||
507 | /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ | ||
508 | #undef HAVE_EVP_MD_CTX_NEW | ||
509 | |||
510 | /* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */ | ||
511 | #undef HAVE_EVP_PKEY_GET0_RSA | ||
512 | |||
513 | /* Define to 1 if you have the `EVP_ripemd160' function. */ | ||
514 | #undef HAVE_EVP_RIPEMD160 | ||
515 | |||
516 | /* Define to 1 if you have the `EVP_sha256' function. */ | ||
517 | #undef HAVE_EVP_SHA256 | ||
518 | |||
519 | /* Define to 1 if you have the `EVP_sha384' function. */ | ||
520 | #undef HAVE_EVP_SHA384 | ||
521 | |||
522 | /* Define to 1 if you have the `EVP_sha512' function. */ | ||
523 | #undef HAVE_EVP_SHA512 | ||
524 | |||
525 | /* Define if you have ut_exit in utmp.h */ | ||
526 | #undef HAVE_EXIT_IN_UTMP | ||
527 | |||
528 | /* Define to 1 if you have the `explicit_bzero' function. */ | ||
529 | #undef HAVE_EXPLICIT_BZERO | ||
530 | |||
531 | /* Define to 1 if you have the `fchmod' function. */ | ||
532 | #undef HAVE_FCHMOD | ||
533 | |||
534 | /* Define to 1 if you have the `fchmodat' function. */ | ||
535 | #undef HAVE_FCHMODAT | ||
536 | |||
537 | /* Define to 1 if you have the `fchown' function. */ | ||
538 | #undef HAVE_FCHOWN | ||
539 | |||
540 | /* Define to 1 if you have the `fchownat' function. */ | ||
541 | #undef HAVE_FCHOWNAT | ||
542 | |||
543 | /* Use F_CLOSEM fcntl for closefrom */ | ||
544 | #undef HAVE_FCNTL_CLOSEM | ||
545 | |||
546 | /* Define to 1 if you have the <fcntl.h> header file. */ | ||
547 | #undef HAVE_FCNTL_H | ||
548 | |||
549 | /* Define to 1 if the system has the type `fd_mask'. */ | ||
550 | #undef HAVE_FD_MASK | ||
551 | |||
552 | /* Define to 1 if you have the <features.h> header file. */ | ||
553 | #undef HAVE_FEATURES_H | ||
554 | |||
555 | /* Define to 1 if you have the <floatingpoint.h> header file. */ | ||
556 | #undef HAVE_FLOATINGPOINT_H | ||
557 | |||
558 | /* Define to 1 if you have the `flock' function. */ | ||
559 | #undef HAVE_FLOCK | ||
560 | |||
561 | /* Define to 1 if you have the `fmt_scaled' function. */ | ||
562 | #undef HAVE_FMT_SCALED | ||
563 | |||
564 | /* Define to 1 if you have the `freeaddrinfo' function. */ | ||
565 | #undef HAVE_FREEADDRINFO | ||
566 | |||
567 | /* Define to 1 if you have the `freezero' function. */ | ||
568 | #undef HAVE_FREEZERO | ||
569 | |||
570 | /* Define to 1 if the system has the type `fsblkcnt_t'. */ | ||
571 | #undef HAVE_FSBLKCNT_T | ||
572 | |||
573 | /* Define to 1 if the system has the type `fsfilcnt_t'. */ | ||
574 | #undef HAVE_FSFILCNT_T | ||
575 | |||
576 | /* Define to 1 if you have the `fstatfs' function. */ | ||
577 | #undef HAVE_FSTATFS | ||
578 | |||
579 | /* Define to 1 if you have the `fstatvfs' function. */ | ||
580 | #undef HAVE_FSTATVFS | ||
581 | |||
582 | /* Define to 1 if you have the `futimes' function. */ | ||
583 | #undef HAVE_FUTIMES | ||
584 | |||
585 | /* Define to 1 if you have the `gai_strerror' function. */ | ||
586 | #undef HAVE_GAI_STRERROR | ||
587 | |||
588 | /* Define to 1 if you have the `getaddrinfo' function. */ | ||
589 | #undef HAVE_GETADDRINFO | ||
590 | |||
591 | /* Define to 1 if you have the `getaudit' function. */ | ||
592 | #undef HAVE_GETAUDIT | ||
593 | |||
594 | /* Define to 1 if you have the `getaudit_addr' function. */ | ||
595 | #undef HAVE_GETAUDIT_ADDR | ||
596 | |||
597 | /* Define to 1 if you have the `getcwd' function. */ | ||
598 | #undef HAVE_GETCWD | ||
599 | |||
600 | /* Define to 1 if you have the `getgrouplist' function. */ | ||
601 | #undef HAVE_GETGROUPLIST | ||
602 | |||
603 | /* Define to 1 if you have the `getgrset' function. */ | ||
604 | #undef HAVE_GETGRSET | ||
605 | |||
606 | /* Define to 1 if you have the `getlastlogxbyname' function. */ | ||
607 | #undef HAVE_GETLASTLOGXBYNAME | ||
608 | |||
609 | /* Define to 1 if you have the `getline' function. */ | ||
610 | #undef HAVE_GETLINE | ||
611 | |||
612 | /* Define to 1 if you have the `getluid' function. */ | ||
613 | #undef HAVE_GETLUID | ||
614 | |||
615 | /* Define to 1 if you have the `getnameinfo' function. */ | ||
616 | #undef HAVE_GETNAMEINFO | ||
617 | |||
618 | /* Define to 1 if you have the `getopt' function. */ | ||
619 | #undef HAVE_GETOPT | ||
620 | |||
621 | /* Define to 1 if you have the <getopt.h> header file. */ | ||
622 | #undef HAVE_GETOPT_H | ||
623 | |||
624 | /* Define if your getopt(3) defines and uses optreset */ | ||
625 | #undef HAVE_GETOPT_OPTRESET | ||
626 | |||
627 | /* Define if your libraries define getpagesize() */ | ||
628 | #undef HAVE_GETPAGESIZE | ||
629 | |||
630 | /* Define to 1 if you have the `getpeereid' function. */ | ||
631 | #undef HAVE_GETPEEREID | ||
632 | |||
633 | /* Define to 1 if you have the `getpeerucred' function. */ | ||
634 | #undef HAVE_GETPEERUCRED | ||
635 | |||
636 | /* Define to 1 if you have the `getpgid' function. */ | ||
637 | #undef HAVE_GETPGID | ||
638 | |||
639 | /* Define to 1 if you have the `getpgrp' function. */ | ||
640 | #undef HAVE_GETPGRP | ||
641 | |||
642 | /* Define to 1 if you have the `getpwanam' function. */ | ||
643 | #undef HAVE_GETPWANAM | ||
644 | |||
645 | /* Define to 1 if you have the `getrandom' function. */ | ||
646 | #undef HAVE_GETRANDOM | ||
647 | |||
648 | /* Define to 1 if you have the `getrlimit' function. */ | ||
649 | #undef HAVE_GETRLIMIT | ||
650 | |||
651 | /* Define if getrrsetbyname() exists */ | ||
652 | #undef HAVE_GETRRSETBYNAME | ||
653 | |||
654 | /* Define to 1 if you have the `getseuserbyname' function. */ | ||
655 | #undef HAVE_GETSEUSERBYNAME | ||
656 | |||
657 | /* Define to 1 if you have the `getsid' function. */ | ||
658 | #undef HAVE_GETSID | ||
659 | |||
660 | /* Define to 1 if you have the `gettimeofday' function. */ | ||
661 | #undef HAVE_GETTIMEOFDAY | ||
662 | |||
663 | /* Define to 1 if you have the `getttyent' function. */ | ||
664 | #undef HAVE_GETTTYENT | ||
665 | |||
666 | /* Define to 1 if you have the `getutent' function. */ | ||
667 | #undef HAVE_GETUTENT | ||
668 | |||
669 | /* Define to 1 if you have the `getutid' function. */ | ||
670 | #undef HAVE_GETUTID | ||
671 | |||
672 | /* Define to 1 if you have the `getutline' function. */ | ||
673 | #undef HAVE_GETUTLINE | ||
674 | |||
675 | /* Define to 1 if you have the `getutxent' function. */ | ||
676 | #undef HAVE_GETUTXENT | ||
677 | |||
678 | /* Define to 1 if you have the `getutxid' function. */ | ||
679 | #undef HAVE_GETUTXID | ||
680 | |||
681 | /* Define to 1 if you have the `getutxline' function. */ | ||
682 | #undef HAVE_GETUTXLINE | ||
683 | |||
684 | /* Define to 1 if you have the `getutxuser' function. */ | ||
685 | #undef HAVE_GETUTXUSER | ||
686 | |||
687 | /* Define to 1 if you have the `get_default_context_with_level' function. */ | ||
688 | #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL | ||
689 | |||
690 | /* Define to 1 if you have the `glob' function. */ | ||
691 | #undef HAVE_GLOB | ||
692 | |||
693 | /* Define to 1 if you have the <glob.h> header file. */ | ||
694 | #undef HAVE_GLOB_H | ||
695 | |||
696 | /* Define to 1 if you have the `group_from_gid' function. */ | ||
697 | #undef HAVE_GROUP_FROM_GID | ||
698 | |||
699 | /* Define to 1 if you have the <gssapi_generic.h> header file. */ | ||
700 | #undef HAVE_GSSAPI_GENERIC_H | ||
701 | |||
702 | /* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */ | ||
703 | #undef HAVE_GSSAPI_GSSAPI_GENERIC_H | ||
704 | |||
705 | /* Define to 1 if you have the <gssapi/gssapi.h> header file. */ | ||
706 | #undef HAVE_GSSAPI_GSSAPI_H | ||
707 | |||
708 | /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ | ||
709 | #undef HAVE_GSSAPI_GSSAPI_KRB5_H | ||
710 | |||
711 | /* Define to 1 if you have the <gssapi.h> header file. */ | ||
712 | #undef HAVE_GSSAPI_H | ||
713 | |||
714 | /* Define to 1 if you have the <gssapi_krb5.h> header file. */ | ||
715 | #undef HAVE_GSSAPI_KRB5_H | ||
716 | |||
717 | /* Define if HEADER.ad exists in arpa/nameser.h */ | ||
718 | #undef HAVE_HEADER_AD | ||
719 | |||
720 | /* Define to 1 if you have the `HMAC_CTX_init' function. */ | ||
721 | #undef HAVE_HMAC_CTX_INIT | ||
722 | |||
723 | /* Define if you have ut_host in utmp.h */ | ||
724 | #undef HAVE_HOST_IN_UTMP | ||
725 | |||
726 | /* Define if you have ut_host in utmpx.h */ | ||
727 | #undef HAVE_HOST_IN_UTMPX | ||
728 | |||
729 | /* Define to 1 if you have the <iaf.h> header file. */ | ||
730 | #undef HAVE_IAF_H | ||
731 | |||
732 | /* Define to 1 if you have the <ia.h> header file. */ | ||
733 | #undef HAVE_IA_H | ||
734 | |||
735 | /* Define if you have ut_id in utmp.h */ | ||
736 | #undef HAVE_ID_IN_UTMP | ||
737 | |||
738 | /* Define if you have ut_id in utmpx.h */ | ||
739 | #undef HAVE_ID_IN_UTMPX | ||
740 | |||
741 | /* Define to 1 if you have the <ifaddrs.h> header file. */ | ||
742 | #undef HAVE_IFADDRS_H | ||
743 | |||
744 | /* Define to 1 if you have the `inet_aton' function. */ | ||
745 | #undef HAVE_INET_ATON | ||
746 | |||
747 | /* Define to 1 if you have the `inet_ntoa' function. */ | ||
748 | #undef HAVE_INET_NTOA | ||
749 | |||
750 | /* Define to 1 if you have the `inet_ntop' function. */ | ||
751 | #undef HAVE_INET_NTOP | ||
752 | |||
753 | /* Define to 1 if you have the `innetgr' function. */ | ||
754 | #undef HAVE_INNETGR | ||
755 | |||
756 | /* define if you have int64_t data type */ | ||
757 | #undef HAVE_INT64_T | ||
758 | |||
759 | /* Define to 1 if the system has the type `intmax_t'. */ | ||
760 | #undef HAVE_INTMAX_T | ||
761 | |||
762 | /* Define to 1 if you have the <inttypes.h> header file. */ | ||
763 | #undef HAVE_INTTYPES_H | ||
764 | |||
765 | /* define if you have intxx_t data type */ | ||
766 | #undef HAVE_INTXX_T | ||
767 | |||
768 | /* Define to 1 if the system has the type `in_addr_t'. */ | ||
769 | #undef HAVE_IN_ADDR_T | ||
770 | |||
771 | /* Define to 1 if the system has the type `in_port_t'. */ | ||
772 | #undef HAVE_IN_PORT_T | ||
773 | |||
774 | /* Define if you have isblank(3C). */ | ||
775 | #undef HAVE_ISBLANK | ||
776 | |||
777 | /* Define to 1 if you have the `krb5_cc_new_unique' function. */ | ||
778 | #undef HAVE_KRB5_CC_NEW_UNIQUE | ||
779 | |||
780 | /* Define to 1 if you have the `krb5_free_error_message' function. */ | ||
781 | #undef HAVE_KRB5_FREE_ERROR_MESSAGE | ||
782 | |||
783 | /* Define to 1 if you have the `krb5_get_error_message' function. */ | ||
784 | #undef HAVE_KRB5_GET_ERROR_MESSAGE | ||
785 | |||
786 | /* Define to 1 if you have the <langinfo.h> header file. */ | ||
787 | #undef HAVE_LANGINFO_H | ||
788 | |||
789 | /* Define to 1 if you have the <lastlog.h> header file. */ | ||
790 | #undef HAVE_LASTLOG_H | ||
791 | |||
792 | /* Define if you want ldns support */ | ||
793 | #undef HAVE_LDNS | ||
794 | |||
795 | /* Define to 1 if you have the <libaudit.h> header file. */ | ||
796 | #undef HAVE_LIBAUDIT_H | ||
797 | |||
798 | /* Define to 1 if you have the `bsm' library (-lbsm). */ | ||
799 | #undef HAVE_LIBBSM | ||
800 | |||
801 | /* Define to 1 if you have the `crypt' library (-lcrypt). */ | ||
802 | #undef HAVE_LIBCRYPT | ||
803 | |||
804 | /* Define to 1 if you have the `dl' library (-ldl). */ | ||
805 | #undef HAVE_LIBDL | ||
806 | |||
807 | /* Define to 1 if you have the <libgen.h> header file. */ | ||
808 | #undef HAVE_LIBGEN_H | ||
809 | |||
810 | /* Define if system has libiaf that supports set_id */ | ||
811 | #undef HAVE_LIBIAF | ||
812 | |||
813 | /* Define to 1 if you have the `network' library (-lnetwork). */ | ||
814 | #undef HAVE_LIBNETWORK | ||
815 | |||
816 | /* Define to 1 if you have the `pam' library (-lpam). */ | ||
817 | #undef HAVE_LIBPAM | ||
818 | |||
819 | /* Define to 1 if you have the <libproc.h> header file. */ | ||
820 | #undef HAVE_LIBPROC_H | ||
821 | |||
822 | /* Define to 1 if you have the `socket' library (-lsocket). */ | ||
823 | #undef HAVE_LIBSOCKET | ||
824 | |||
825 | /* Define to 1 if you have the <libutil.h> header file. */ | ||
826 | #undef HAVE_LIBUTIL_H | ||
827 | |||
828 | /* Define to 1 if you have the `xnet' library (-lxnet). */ | ||
829 | #undef HAVE_LIBXNET | ||
830 | |||
831 | /* Define to 1 if you have the `z' library (-lz). */ | ||
832 | #undef HAVE_LIBZ | ||
833 | |||
834 | /* Define to 1 if you have the <limits.h> header file. */ | ||
835 | #undef HAVE_LIMITS_H | ||
836 | |||
837 | /* Define to 1 if you have the <linux/audit.h> header file. */ | ||
838 | #undef HAVE_LINUX_AUDIT_H | ||
839 | |||
840 | /* Define to 1 if you have the <linux/filter.h> header file. */ | ||
841 | #undef HAVE_LINUX_FILTER_H | ||
842 | |||
843 | /* Define to 1 if you have the <linux/if_tun.h> header file. */ | ||
844 | #undef HAVE_LINUX_IF_TUN_H | ||
845 | |||
846 | /* Define to 1 if you have the <linux/seccomp.h> header file. */ | ||
847 | #undef HAVE_LINUX_SECCOMP_H | ||
848 | |||
849 | /* Define to 1 if you have the `llabs' function. */ | ||
850 | #undef HAVE_LLABS | ||
851 | |||
852 | /* Define to 1 if you have the <locale.h> header file. */ | ||
853 | #undef HAVE_LOCALE_H | ||
854 | |||
855 | /* Define to 1 if you have the `login' function. */ | ||
856 | #undef HAVE_LOGIN | ||
857 | |||
858 | /* Define to 1 if you have the <login_cap.h> header file. */ | ||
859 | #undef HAVE_LOGIN_CAP_H | ||
860 | |||
861 | /* Define to 1 if you have the `login_getcapbool' function. */ | ||
862 | #undef HAVE_LOGIN_GETCAPBOOL | ||
863 | |||
864 | /* Define to 1 if you have the <login.h> header file. */ | ||
865 | #undef HAVE_LOGIN_H | ||
866 | |||
867 | /* Define to 1 if you have the `logout' function. */ | ||
868 | #undef HAVE_LOGOUT | ||
869 | |||
870 | /* Define to 1 if you have the `logwtmp' function. */ | ||
871 | #undef HAVE_LOGWTMP | ||
872 | |||
873 | /* Define to 1 if the system has the type `long double'. */ | ||
874 | #undef HAVE_LONG_DOUBLE | ||
875 | |||
876 | /* Define to 1 if the system has the type `long long'. */ | ||
877 | #undef HAVE_LONG_LONG | ||
878 | |||
879 | /* Define to 1 if you have the <maillock.h> header file. */ | ||
880 | #undef HAVE_MAILLOCK_H | ||
881 | |||
882 | /* Define to 1 if your system has a GNU libc compatible `malloc' function, and | ||
883 | to 0 otherwise. */ | ||
884 | #undef HAVE_MALLOC | ||
885 | |||
886 | /* Define to 1 if you have the `mblen' function. */ | ||
887 | #undef HAVE_MBLEN | ||
888 | |||
889 | /* Define to 1 if you have the `mbtowc' function. */ | ||
890 | #undef HAVE_MBTOWC | ||
891 | |||
892 | /* Define to 1 if you have the `md5_crypt' function. */ | ||
893 | #undef HAVE_MD5_CRYPT | ||
894 | |||
895 | /* Define if you want to allow MD5 passwords */ | ||
896 | #undef HAVE_MD5_PASSWORDS | ||
897 | |||
898 | /* Define to 1 if you have the `memmem' function. */ | ||
899 | #undef HAVE_MEMMEM | ||
900 | |||
901 | /* Define to 1 if you have the `memmove' function. */ | ||
902 | #undef HAVE_MEMMOVE | ||
903 | |||
904 | /* Define to 1 if you have the <memory.h> header file. */ | ||
905 | #undef HAVE_MEMORY_H | ||
906 | |||
907 | /* Define to 1 if you have the `memset_s' function. */ | ||
908 | #undef HAVE_MEMSET_S | ||
909 | |||
910 | /* Define to 1 if you have the `mkdtemp' function. */ | ||
911 | #undef HAVE_MKDTEMP | ||
912 | |||
913 | /* define if you have mode_t data type */ | ||
914 | #undef HAVE_MODE_T | ||
915 | |||
916 | /* Some systems put nanosleep outside of libc */ | ||
917 | #undef HAVE_NANOSLEEP | ||
918 | |||
919 | /* Define to 1 if you have the <ndir.h> header file. */ | ||
920 | #undef HAVE_NDIR_H | ||
921 | |||
922 | /* Define to 1 if you have the <netdb.h> header file. */ | ||
923 | #undef HAVE_NETDB_H | ||
924 | |||
925 | /* Define to 1 if you have the <netgroup.h> header file. */ | ||
926 | #undef HAVE_NETGROUP_H | ||
927 | |||
928 | /* Define to 1 if you have the <net/if_tun.h> header file. */ | ||
929 | #undef HAVE_NET_IF_TUN_H | ||
930 | |||
931 | /* Define to 1 if you have the <net/route.h> header file. */ | ||
932 | #undef HAVE_NET_ROUTE_H | ||
933 | |||
934 | /* Define if you are on NeXT */ | ||
935 | #undef HAVE_NEXT | ||
936 | |||
937 | /* Define to 1 if you have the `ngetaddrinfo' function. */ | ||
938 | #undef HAVE_NGETADDRINFO | ||
939 | |||
940 | /* Define to 1 if you have the `nl_langinfo' function. */ | ||
941 | #undef HAVE_NL_LANGINFO | ||
942 | |||
943 | /* Define to 1 if you have the `nsleep' function. */ | ||
944 | #undef HAVE_NSLEEP | ||
945 | |||
946 | /* Define to 1 if you have the `ogetaddrinfo' function. */ | ||
947 | #undef HAVE_OGETADDRINFO | ||
948 | |||
949 | /* Define if you have an old version of PAM which takes only one argument to | ||
950 | pam_strerror */ | ||
951 | #undef HAVE_OLD_PAM | ||
952 | |||
953 | /* Define to 1 if you have the `openlog_r' function. */ | ||
954 | #undef HAVE_OPENLOG_R | ||
955 | |||
956 | /* Define to 1 if you have the `openpty' function. */ | ||
957 | #undef HAVE_OPENPTY | ||
958 | |||
959 | /* as a macro */ | ||
960 | #undef HAVE_OPENSSL_ADD_ALL_ALGORITHMS | ||
961 | |||
962 | /* Define to 1 if you have the `OPENSSL_init_crypto' function. */ | ||
963 | #undef HAVE_OPENSSL_INIT_CRYPTO | ||
964 | |||
965 | /* Define to 1 if you have the `OpenSSL_version' function. */ | ||
966 | #undef HAVE_OPENSSL_VERSION | ||
967 | |||
968 | /* Define to 1 if you have the `OpenSSL_version_num' function. */ | ||
969 | #undef HAVE_OPENSSL_VERSION_NUM | ||
970 | |||
971 | /* Define if you have Digital Unix Security Integration Architecture */ | ||
972 | #undef HAVE_OSF_SIA | ||
973 | |||
974 | /* Define to 1 if you have the `pam_getenvlist' function. */ | ||
975 | #undef HAVE_PAM_GETENVLIST | ||
976 | |||
977 | /* Define to 1 if you have the <pam/pam_appl.h> header file. */ | ||
978 | #undef HAVE_PAM_PAM_APPL_H | ||
979 | |||
980 | /* Define to 1 if you have the `pam_putenv' function. */ | ||
981 | #undef HAVE_PAM_PUTENV | ||
982 | |||
983 | /* Define to 1 if you have the <paths.h> header file. */ | ||
984 | #undef HAVE_PATHS_H | ||
985 | |||
986 | /* Define if you have ut_pid in utmp.h */ | ||
987 | #undef HAVE_PID_IN_UTMP | ||
988 | |||
989 | /* define if you have pid_t data type */ | ||
990 | #undef HAVE_PID_T | ||
991 | |||
992 | /* Define to 1 if you have the `pledge' function. */ | ||
993 | #undef HAVE_PLEDGE | ||
994 | |||
995 | /* Define to 1 if you have the `poll' function. */ | ||
996 | #undef HAVE_POLL | ||
997 | |||
998 | /* Define to 1 if you have the <poll.h> header file. */ | ||
999 | #undef HAVE_POLL_H | ||
1000 | |||
1001 | /* Define to 1 if you have the `prctl' function. */ | ||
1002 | #undef HAVE_PRCTL | ||
1003 | |||
1004 | /* Define to 1 if you have the `priv_basicset' function. */ | ||
1005 | #undef HAVE_PRIV_BASICSET | ||
1006 | |||
1007 | /* Define to 1 if you have the <priv.h> header file. */ | ||
1008 | #undef HAVE_PRIV_H | ||
1009 | |||
1010 | /* Define if you have /proc/$pid/fd */ | ||
1011 | #undef HAVE_PROC_PID | ||
1012 | |||
1013 | /* Define to 1 if you have the `proc_pidinfo' function. */ | ||
1014 | #undef HAVE_PROC_PIDINFO | ||
1015 | |||
1016 | /* Define to 1 if you have the `pstat' function. */ | ||
1017 | #undef HAVE_PSTAT | ||
1018 | |||
1019 | /* Define to 1 if you have the <pty.h> header file. */ | ||
1020 | #undef HAVE_PTY_H | ||
1021 | |||
1022 | /* Define to 1 if you have the `pututline' function. */ | ||
1023 | #undef HAVE_PUTUTLINE | ||
1024 | |||
1025 | /* Define to 1 if you have the `pututxline' function. */ | ||
1026 | #undef HAVE_PUTUTXLINE | ||
1027 | |||
1028 | /* Define to 1 if you have the `raise' function. */ | ||
1029 | #undef HAVE_RAISE | ||
1030 | |||
1031 | /* Define to 1 if you have the `readpassphrase' function. */ | ||
1032 | #undef HAVE_READPASSPHRASE | ||
1033 | |||
1034 | /* Define to 1 if you have the <readpassphrase.h> header file. */ | ||
1035 | #undef HAVE_READPASSPHRASE_H | ||
1036 | |||
1037 | /* Define to 1 if your system has a GNU libc compatible `realloc' function, | ||
1038 | and to 0 otherwise. */ | ||
1039 | #undef HAVE_REALLOC | ||
1040 | |||
1041 | /* Define to 1 if you have the `reallocarray' function. */ | ||
1042 | #undef HAVE_REALLOCARRAY | ||
1043 | |||
1044 | /* Define to 1 if you have the `recallocarray' function. */ | ||
1045 | #undef HAVE_RECALLOCARRAY | ||
1046 | |||
1047 | /* Define to 1 if you have the `recvmsg' function. */ | ||
1048 | #undef HAVE_RECVMSG | ||
1049 | |||
1050 | /* sys/resource.h has RLIMIT_NPROC */ | ||
1051 | #undef HAVE_RLIMIT_NPROC | ||
1052 | |||
1053 | /* Define to 1 if you have the <rpc/types.h> header file. */ | ||
1054 | #undef HAVE_RPC_TYPES_H | ||
1055 | |||
1056 | /* Define to 1 if you have the `rresvport_af' function. */ | ||
1057 | #undef HAVE_RRESVPORT_AF | ||
1058 | |||
1059 | /* Define to 1 if you have the `RSA_generate_key_ex' function. */ | ||
1060 | #undef HAVE_RSA_GENERATE_KEY_EX | ||
1061 | |||
1062 | /* Define to 1 if you have the `RSA_get0_crt_params' function. */ | ||
1063 | #undef HAVE_RSA_GET0_CRT_PARAMS | ||
1064 | |||
1065 | /* Define to 1 if you have the `RSA_get0_factors' function. */ | ||
1066 | #undef HAVE_RSA_GET0_FACTORS | ||
1067 | |||
1068 | /* Define to 1 if you have the `RSA_get0_key' function. */ | ||
1069 | #undef HAVE_RSA_GET0_KEY | ||
1070 | |||
1071 | /* Define to 1 if you have the `RSA_get_default_method' function. */ | ||
1072 | #undef HAVE_RSA_GET_DEFAULT_METHOD | ||
1073 | |||
1074 | /* Define to 1 if you have the `RSA_meth_dup' function. */ | ||
1075 | #undef HAVE_RSA_METH_DUP | ||
1076 | |||
1077 | /* Define to 1 if you have the `RSA_meth_free' function. */ | ||
1078 | #undef HAVE_RSA_METH_FREE | ||
1079 | |||
1080 | /* Define to 1 if you have the `RSA_meth_get_finish' function. */ | ||
1081 | #undef HAVE_RSA_METH_GET_FINISH | ||
1082 | |||
1083 | /* Define to 1 if you have the `RSA_meth_set1_name' function. */ | ||
1084 | #undef HAVE_RSA_METH_SET1_NAME | ||
1085 | |||
1086 | /* Define to 1 if you have the `RSA_meth_set_finish' function. */ | ||
1087 | #undef HAVE_RSA_METH_SET_FINISH | ||
1088 | |||
1089 | /* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */ | ||
1090 | #undef HAVE_RSA_METH_SET_PRIV_DEC | ||
1091 | |||
1092 | /* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */ | ||
1093 | #undef HAVE_RSA_METH_SET_PRIV_ENC | ||
1094 | |||
1095 | /* Define to 1 if you have the `RSA_set0_crt_params' function. */ | ||
1096 | #undef HAVE_RSA_SET0_CRT_PARAMS | ||
1097 | |||
1098 | /* Define to 1 if you have the `RSA_set0_factors' function. */ | ||
1099 | #undef HAVE_RSA_SET0_FACTORS | ||
1100 | |||
1101 | /* Define to 1 if you have the `RSA_set0_key' function. */ | ||
1102 | #undef HAVE_RSA_SET0_KEY | ||
1103 | |||
1104 | /* Define to 1 if you have the <sandbox.h> header file. */ | ||
1105 | #undef HAVE_SANDBOX_H | ||
1106 | |||
1107 | /* Define to 1 if you have the `sandbox_init' function. */ | ||
1108 | #undef HAVE_SANDBOX_INIT | ||
1109 | |||
1110 | /* define if you have sa_family_t data type */ | ||
1111 | #undef HAVE_SA_FAMILY_T | ||
1112 | |||
1113 | /* Define to 1 if you have the `scan_scaled' function. */ | ||
1114 | #undef HAVE_SCAN_SCALED | ||
1115 | |||
1116 | /* Define if you have SecureWare-based protected password database */ | ||
1117 | #undef HAVE_SECUREWARE | ||
1118 | |||
1119 | /* Define to 1 if you have the <security/pam_appl.h> header file. */ | ||
1120 | #undef HAVE_SECURITY_PAM_APPL_H | ||
1121 | |||
1122 | /* Define to 1 if you have the `sendmsg' function. */ | ||
1123 | #undef HAVE_SENDMSG | ||
1124 | |||
1125 | /* Define to 1 if you have the `setauthdb' function. */ | ||
1126 | #undef HAVE_SETAUTHDB | ||
1127 | |||
1128 | /* Define to 1 if you have the `setdtablesize' function. */ | ||
1129 | #undef HAVE_SETDTABLESIZE | ||
1130 | |||
1131 | /* Define to 1 if you have the `setegid' function. */ | ||
1132 | #undef HAVE_SETEGID | ||
1133 | |||
1134 | /* Define to 1 if you have the `setenv' function. */ | ||
1135 | #undef HAVE_SETENV | ||
1136 | |||
1137 | /* Define to 1 if you have the `seteuid' function. */ | ||
1138 | #undef HAVE_SETEUID | ||
1139 | |||
1140 | /* Define to 1 if you have the `setgroupent' function. */ | ||
1141 | #undef HAVE_SETGROUPENT | ||
1142 | |||
1143 | /* Define to 1 if you have the `setgroups' function. */ | ||
1144 | #undef HAVE_SETGROUPS | ||
1145 | |||
1146 | /* Define to 1 if you have the `setlinebuf' function. */ | ||
1147 | #undef HAVE_SETLINEBUF | ||
1148 | |||
1149 | /* Define to 1 if you have the `setlogin' function. */ | ||
1150 | #undef HAVE_SETLOGIN | ||
1151 | |||
1152 | /* Define to 1 if you have the `setluid' function. */ | ||
1153 | #undef HAVE_SETLUID | ||
1154 | |||
1155 | /* Define to 1 if you have the `setpassent' function. */ | ||
1156 | #undef HAVE_SETPASSENT | ||
1157 | |||
1158 | /* Define to 1 if you have the `setpcred' function. */ | ||
1159 | #undef HAVE_SETPCRED | ||
1160 | |||
1161 | /* Define to 1 if you have the `setpflags' function. */ | ||
1162 | #undef HAVE_SETPFLAGS | ||
1163 | |||
1164 | /* Define to 1 if you have the `setppriv' function. */ | ||
1165 | #undef HAVE_SETPPRIV | ||
1166 | |||
1167 | /* Define to 1 if you have the `setproctitle' function. */ | ||
1168 | #undef HAVE_SETPROCTITLE | ||
1169 | |||
1170 | /* Define to 1 if you have the `setregid' function. */ | ||
1171 | #undef HAVE_SETREGID | ||
1172 | |||
1173 | /* Define to 1 if you have the `setresgid' function. */ | ||
1174 | #undef HAVE_SETRESGID | ||
1175 | |||
1176 | /* Define to 1 if you have the `setresuid' function. */ | ||
1177 | #undef HAVE_SETRESUID | ||
1178 | |||
1179 | /* Define to 1 if you have the `setreuid' function. */ | ||
1180 | #undef HAVE_SETREUID | ||
1181 | |||
1182 | /* Define to 1 if you have the `setrlimit' function. */ | ||
1183 | #undef HAVE_SETRLIMIT | ||
1184 | |||
1185 | /* Define to 1 if you have the `setsid' function. */ | ||
1186 | #undef HAVE_SETSID | ||
1187 | |||
1188 | /* Define to 1 if you have the `setutent' function. */ | ||
1189 | #undef HAVE_SETUTENT | ||
1190 | |||
1191 | /* Define to 1 if you have the `setutxdb' function. */ | ||
1192 | #undef HAVE_SETUTXDB | ||
1193 | |||
1194 | /* Define to 1 if you have the `setutxent' function. */ | ||
1195 | #undef HAVE_SETUTXENT | ||
1196 | |||
1197 | /* Define to 1 if you have the `setvbuf' function. */ | ||
1198 | #undef HAVE_SETVBUF | ||
1199 | |||
1200 | /* Define to 1 if you have the `set_id' function. */ | ||
1201 | #undef HAVE_SET_ID | ||
1202 | |||
1203 | /* Define to 1 if you have the `SHA256Update' function. */ | ||
1204 | #undef HAVE_SHA256UPDATE | ||
1205 | |||
1206 | /* Define to 1 if you have the <sha2.h> header file. */ | ||
1207 | #undef HAVE_SHA2_H | ||
1208 | |||
1209 | /* Define to 1 if you have the `SHA384Update' function. */ | ||
1210 | #undef HAVE_SHA384UPDATE | ||
1211 | |||
1212 | /* Define to 1 if you have the `SHA512Update' function. */ | ||
1213 | #undef HAVE_SHA512UPDATE | ||
1214 | |||
1215 | /* Define to 1 if you have the <shadow.h> header file. */ | ||
1216 | #undef HAVE_SHADOW_H | ||
1217 | |||
1218 | /* Define to 1 if you have the `sigaction' function. */ | ||
1219 | #undef HAVE_SIGACTION | ||
1220 | |||
1221 | /* Define to 1 if you have the `sigvec' function. */ | ||
1222 | #undef HAVE_SIGVEC | ||
1223 | |||
1224 | /* Define to 1 if the system has the type `sig_atomic_t'. */ | ||
1225 | #undef HAVE_SIG_ATOMIC_T | ||
1226 | |||
1227 | /* define if you have size_t data type */ | ||
1228 | #undef HAVE_SIZE_T | ||
1229 | |||
1230 | /* Define to 1 if you have the `snprintf' function. */ | ||
1231 | #undef HAVE_SNPRINTF | ||
1232 | |||
1233 | /* Define to 1 if you have the `socketpair' function. */ | ||
1234 | #undef HAVE_SOCKETPAIR | ||
1235 | |||
1236 | /* Have PEERCRED socket option */ | ||
1237 | #undef HAVE_SO_PEERCRED | ||
1238 | |||
1239 | /* define if you have ssize_t data type */ | ||
1240 | #undef HAVE_SSIZE_T | ||
1241 | |||
1242 | /* Fields in struct sockaddr_storage */ | ||
1243 | #undef HAVE_SS_FAMILY_IN_SS | ||
1244 | |||
1245 | /* Define to 1 if you have the `statfs' function. */ | ||
1246 | #undef HAVE_STATFS | ||
1247 | |||
1248 | /* Define to 1 if you have the `statvfs' function. */ | ||
1249 | #undef HAVE_STATVFS | ||
1250 | |||
1251 | /* Define to 1 if you have the <stddef.h> header file. */ | ||
1252 | #undef HAVE_STDDEF_H | ||
1253 | |||
1254 | /* Define to 1 if you have the <stdint.h> header file. */ | ||
1255 | #undef HAVE_STDINT_H | ||
1256 | |||
1257 | /* Define to 1 if you have the <stdlib.h> header file. */ | ||
1258 | #undef HAVE_STDLIB_H | ||
1259 | |||
1260 | /* Define to 1 if you have the `strcasestr' function. */ | ||
1261 | #undef HAVE_STRCASESTR | ||
1262 | |||
1263 | /* Define to 1 if you have the `strdup' function. */ | ||
1264 | #undef HAVE_STRDUP | ||
1265 | |||
1266 | /* Define to 1 if you have the `strerror' function. */ | ||
1267 | #undef HAVE_STRERROR | ||
1268 | |||
1269 | /* Define to 1 if you have the `strftime' function. */ | ||
1270 | #undef HAVE_STRFTIME | ||
1271 | |||
1272 | /* Silly mkstemp() */ | ||
1273 | #undef HAVE_STRICT_MKSTEMP | ||
1274 | |||
1275 | /* Define to 1 if you have the <strings.h> header file. */ | ||
1276 | #undef HAVE_STRINGS_H | ||
1277 | |||
1278 | /* Define to 1 if you have the <string.h> header file. */ | ||
1279 | #undef HAVE_STRING_H | ||
1280 | |||
1281 | /* Define to 1 if you have the `strlcat' function. */ | ||
1282 | #undef HAVE_STRLCAT | ||
1283 | |||
1284 | /* Define to 1 if you have the `strlcpy' function. */ | ||
1285 | #undef HAVE_STRLCPY | ||
1286 | |||
1287 | /* Define to 1 if you have the `strmode' function. */ | ||
1288 | #undef HAVE_STRMODE | ||
1289 | |||
1290 | /* Define to 1 if you have the `strndup' function. */ | ||
1291 | #undef HAVE_STRNDUP | ||
1292 | |||
1293 | /* Define to 1 if you have the `strnlen' function. */ | ||
1294 | #undef HAVE_STRNLEN | ||
1295 | |||
1296 | /* Define to 1 if you have the `strnvis' function. */ | ||
1297 | #undef HAVE_STRNVIS | ||
1298 | |||
1299 | /* Define to 1 if you have the `strptime' function. */ | ||
1300 | #undef HAVE_STRPTIME | ||
1301 | |||
1302 | /* Define to 1 if you have the `strsep' function. */ | ||
1303 | #undef HAVE_STRSEP | ||
1304 | |||
1305 | /* Define to 1 if you have the `strsignal' function. */ | ||
1306 | #undef HAVE_STRSIGNAL | ||
1307 | |||
1308 | /* Define to 1 if you have the `strtoll' function. */ | ||
1309 | #undef HAVE_STRTOLL | ||
1310 | |||
1311 | /* Define to 1 if you have the `strtonum' function. */ | ||
1312 | #undef HAVE_STRTONUM | ||
1313 | |||
1314 | /* Define to 1 if you have the `strtoul' function. */ | ||
1315 | #undef HAVE_STRTOUL | ||
1316 | |||
1317 | /* Define to 1 if you have the `strtoull' function. */ | ||
1318 | #undef HAVE_STRTOULL | ||
1319 | |||
1320 | /* define if you have struct addrinfo data type */ | ||
1321 | #undef HAVE_STRUCT_ADDRINFO | ||
1322 | |||
1323 | /* define if you have struct in6_addr data type */ | ||
1324 | #undef HAVE_STRUCT_IN6_ADDR | ||
1325 | |||
1326 | /* Define to 1 if `pw_change' is a member of `struct passwd'. */ | ||
1327 | #undef HAVE_STRUCT_PASSWD_PW_CHANGE | ||
1328 | |||
1329 | /* Define to 1 if `pw_class' is a member of `struct passwd'. */ | ||
1330 | #undef HAVE_STRUCT_PASSWD_PW_CLASS | ||
1331 | |||
1332 | /* Define to 1 if `pw_expire' is a member of `struct passwd'. */ | ||
1333 | #undef HAVE_STRUCT_PASSWD_PW_EXPIRE | ||
1334 | |||
1335 | /* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ | ||
1336 | #undef HAVE_STRUCT_PASSWD_PW_GECOS | ||
1337 | |||
1338 | /* define if you have struct sockaddr_in6 data type */ | ||
1339 | #undef HAVE_STRUCT_SOCKADDR_IN6 | ||
1340 | |||
1341 | /* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ | ||
1342 | #undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID | ||
1343 | |||
1344 | /* define if you have struct sockaddr_storage data type */ | ||
1345 | #undef HAVE_STRUCT_SOCKADDR_STORAGE | ||
1346 | |||
1347 | /* Define to 1 if `f_flags' is a member of `struct statfs'. */ | ||
1348 | #undef HAVE_STRUCT_STATFS_F_FLAGS | ||
1349 | |||
1350 | /* Define to 1 if `st_blksize' is a member of `struct stat'. */ | ||
1351 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE | ||
1352 | |||
1353 | /* Define to 1 if `st_mtim' is a member of `struct stat'. */ | ||
1354 | #undef HAVE_STRUCT_STAT_ST_MTIM | ||
1355 | |||
1356 | /* Define to 1 if `st_mtime' is a member of `struct stat'. */ | ||
1357 | #undef HAVE_STRUCT_STAT_ST_MTIME | ||
1358 | |||
1359 | /* Define to 1 if the system has the type `struct timespec'. */ | ||
1360 | #undef HAVE_STRUCT_TIMESPEC | ||
1361 | |||
1362 | /* define if you have struct timeval */ | ||
1363 | #undef HAVE_STRUCT_TIMEVAL | ||
1364 | |||
1365 | /* Define to 1 if you have the `swap32' function. */ | ||
1366 | #undef HAVE_SWAP32 | ||
1367 | |||
1368 | /* Define to 1 if you have the `sysconf' function. */ | ||
1369 | #undef HAVE_SYSCONF | ||
1370 | |||
1371 | /* Define if you have syslen in utmpx.h */ | ||
1372 | #undef HAVE_SYSLEN_IN_UTMPX | ||
1373 | |||
1374 | /* Define to 1 if you have the <sys/audit.h> header file. */ | ||
1375 | #undef HAVE_SYS_AUDIT_H | ||
1376 | |||
1377 | /* Define to 1 if you have the <sys/bitypes.h> header file. */ | ||
1378 | #undef HAVE_SYS_BITYPES_H | ||
1379 | |||
1380 | /* Define to 1 if you have the <sys/bsdtty.h> header file. */ | ||
1381 | #undef HAVE_SYS_BSDTTY_H | ||
1382 | |||
1383 | /* Define to 1 if you have the <sys/capsicum.h> header file. */ | ||
1384 | #undef HAVE_SYS_CAPSICUM_H | ||
1385 | |||
1386 | /* Define to 1 if you have the <sys/cdefs.h> header file. */ | ||
1387 | #undef HAVE_SYS_CDEFS_H | ||
1388 | |||
1389 | /* Define to 1 if you have the <sys/dir.h> header file. */ | ||
1390 | #undef HAVE_SYS_DIR_H | ||
1391 | |||
1392 | /* Define if your system defines sys_errlist[] */ | ||
1393 | #undef HAVE_SYS_ERRLIST | ||
1394 | |||
1395 | /* Define to 1 if you have the <sys/file.h> header file. */ | ||
1396 | #undef HAVE_SYS_FILE_H | ||
1397 | |||
1398 | /* Define to 1 if you have the <sys/label.h> header file. */ | ||
1399 | #undef HAVE_SYS_LABEL_H | ||
1400 | |||
1401 | /* Define to 1 if you have the <sys/mman.h> header file. */ | ||
1402 | #undef HAVE_SYS_MMAN_H | ||
1403 | |||
1404 | /* Define to 1 if you have the <sys/mount.h> header file. */ | ||
1405 | #undef HAVE_SYS_MOUNT_H | ||
1406 | |||
1407 | /* Define to 1 if you have the <sys/ndir.h> header file. */ | ||
1408 | #undef HAVE_SYS_NDIR_H | ||
1409 | |||
1410 | /* Define if your system defines sys_nerr */ | ||
1411 | #undef HAVE_SYS_NERR | ||
1412 | |||
1413 | /* Define to 1 if you have the <sys/poll.h> header file. */ | ||
1414 | #undef HAVE_SYS_POLL_H | ||
1415 | |||
1416 | /* Define to 1 if you have the <sys/prctl.h> header file. */ | ||
1417 | #undef HAVE_SYS_PRCTL_H | ||
1418 | |||
1419 | /* Define to 1 if you have the <sys/pstat.h> header file. */ | ||
1420 | #undef HAVE_SYS_PSTAT_H | ||
1421 | |||
1422 | /* Define to 1 if you have the <sys/ptms.h> header file. */ | ||
1423 | #undef HAVE_SYS_PTMS_H | ||
1424 | |||
1425 | /* Define to 1 if you have the <sys/ptrace.h> header file. */ | ||
1426 | #undef HAVE_SYS_PTRACE_H | ||
1427 | |||
1428 | /* Define to 1 if you have the <sys/random.h> header file. */ | ||
1429 | #undef HAVE_SYS_RANDOM_H | ||
1430 | |||
1431 | /* Define to 1 if you have the <sys/select.h> header file. */ | ||
1432 | #undef HAVE_SYS_SELECT_H | ||
1433 | |||
1434 | /* Define to 1 if you have the <sys/statvfs.h> header file. */ | ||
1435 | #undef HAVE_SYS_STATVFS_H | ||
1436 | |||
1437 | /* Define to 1 if you have the <sys/stat.h> header file. */ | ||
1438 | #undef HAVE_SYS_STAT_H | ||
1439 | |||
1440 | /* Define to 1 if you have the <sys/stream.h> header file. */ | ||
1441 | #undef HAVE_SYS_STREAM_H | ||
1442 | |||
1443 | /* Define to 1 if you have the <sys/stropts.h> header file. */ | ||
1444 | #undef HAVE_SYS_STROPTS_H | ||
1445 | |||
1446 | /* Define to 1 if you have the <sys/strtio.h> header file. */ | ||
1447 | #undef HAVE_SYS_STRTIO_H | ||
1448 | |||
1449 | /* Define to 1 if you have the <sys/sysctl.h> header file. */ | ||
1450 | #undef HAVE_SYS_SYSCTL_H | ||
1451 | |||
1452 | /* Force use of sys/syslog.h on Ultrix */ | ||
1453 | #undef HAVE_SYS_SYSLOG_H | ||
1454 | |||
1455 | /* Define to 1 if you have the <sys/sysmacros.h> header file. */ | ||
1456 | #undef HAVE_SYS_SYSMACROS_H | ||
1457 | |||
1458 | /* Define to 1 if you have the <sys/timers.h> header file. */ | ||
1459 | #undef HAVE_SYS_TIMERS_H | ||
1460 | |||
1461 | /* Define to 1 if you have the <sys/time.h> header file. */ | ||
1462 | #undef HAVE_SYS_TIME_H | ||
1463 | |||
1464 | /* Define to 1 if you have the <sys/types.h> header file. */ | ||
1465 | #undef HAVE_SYS_TYPES_H | ||
1466 | |||
1467 | /* Define to 1 if you have the <sys/un.h> header file. */ | ||
1468 | #undef HAVE_SYS_UN_H | ||
1469 | |||
1470 | /* Define to 1 if you have the <sys/vfs.h> header file. */ | ||
1471 | #undef HAVE_SYS_VFS_H | ||
1472 | |||
1473 | /* Define to 1 if you have the `tcgetpgrp' function. */ | ||
1474 | #undef HAVE_TCGETPGRP | ||
1475 | |||
1476 | /* Define to 1 if you have the `tcsendbreak' function. */ | ||
1477 | #undef HAVE_TCSENDBREAK | ||
1478 | |||
1479 | /* Define to 1 if you have the `time' function. */ | ||
1480 | #undef HAVE_TIME | ||
1481 | |||
1482 | /* Define to 1 if you have the <time.h> header file. */ | ||
1483 | #undef HAVE_TIME_H | ||
1484 | |||
1485 | /* Define if you have ut_time in utmp.h */ | ||
1486 | #undef HAVE_TIME_IN_UTMP | ||
1487 | |||
1488 | /* Define if you have ut_time in utmpx.h */ | ||
1489 | #undef HAVE_TIME_IN_UTMPX | ||
1490 | |||
1491 | /* Define to 1 if you have the `timingsafe_bcmp' function. */ | ||
1492 | #undef HAVE_TIMINGSAFE_BCMP | ||
1493 | |||
1494 | /* Define to 1 if you have the <tmpdir.h> header file. */ | ||
1495 | #undef HAVE_TMPDIR_H | ||
1496 | |||
1497 | /* Define to 1 if you have the `truncate' function. */ | ||
1498 | #undef HAVE_TRUNCATE | ||
1499 | |||
1500 | /* Define to 1 if you have the <ttyent.h> header file. */ | ||
1501 | #undef HAVE_TTYENT_H | ||
1502 | |||
1503 | /* Define if you have ut_tv in utmp.h */ | ||
1504 | #undef HAVE_TV_IN_UTMP | ||
1505 | |||
1506 | /* Define if you have ut_tv in utmpx.h */ | ||
1507 | #undef HAVE_TV_IN_UTMPX | ||
1508 | |||
1509 | /* Define if you have ut_type in utmp.h */ | ||
1510 | #undef HAVE_TYPE_IN_UTMP | ||
1511 | |||
1512 | /* Define if you have ut_type in utmpx.h */ | ||
1513 | #undef HAVE_TYPE_IN_UTMPX | ||
1514 | |||
1515 | /* Define to 1 if you have the <ucred.h> header file. */ | ||
1516 | #undef HAVE_UCRED_H | ||
1517 | |||
1518 | /* Define to 1 if the system has the type `uintmax_t'. */ | ||
1519 | #undef HAVE_UINTMAX_T | ||
1520 | |||
1521 | /* define if you have uintxx_t data type */ | ||
1522 | #undef HAVE_UINTXX_T | ||
1523 | |||
1524 | /* Define to 1 if you have the <unistd.h> header file. */ | ||
1525 | #undef HAVE_UNISTD_H | ||
1526 | |||
1527 | /* Define to 1 if you have the `unsetenv' function. */ | ||
1528 | #undef HAVE_UNSETENV | ||
1529 | |||
1530 | /* Define to 1 if the system has the type `unsigned long long'. */ | ||
1531 | #undef HAVE_UNSIGNED_LONG_LONG | ||
1532 | |||
1533 | /* Define to 1 if you have the `updwtmp' function. */ | ||
1534 | #undef HAVE_UPDWTMP | ||
1535 | |||
1536 | /* Define to 1 if you have the `updwtmpx' function. */ | ||
1537 | #undef HAVE_UPDWTMPX | ||
1538 | |||
1539 | /* Define to 1 if you have the <usersec.h> header file. */ | ||
1540 | #undef HAVE_USERSEC_H | ||
1541 | |||
1542 | /* Define to 1 if you have the `user_from_uid' function. */ | ||
1543 | #undef HAVE_USER_FROM_UID | ||
1544 | |||
1545 | /* Define to 1 if you have the `usleep' function. */ | ||
1546 | #undef HAVE_USLEEP | ||
1547 | |||
1548 | /* Define to 1 if you have the <util.h> header file. */ | ||
1549 | #undef HAVE_UTIL_H | ||
1550 | |||
1551 | /* Define to 1 if you have the `utimensat' function. */ | ||
1552 | #undef HAVE_UTIMENSAT | ||
1553 | |||
1554 | /* Define to 1 if you have the `utimes' function. */ | ||
1555 | #undef HAVE_UTIMES | ||
1556 | |||
1557 | /* Define to 1 if you have the <utime.h> header file. */ | ||
1558 | #undef HAVE_UTIME_H | ||
1559 | |||
1560 | /* Define to 1 if you have the `utmpname' function. */ | ||
1561 | #undef HAVE_UTMPNAME | ||
1562 | |||
1563 | /* Define to 1 if you have the `utmpxname' function. */ | ||
1564 | #undef HAVE_UTMPXNAME | ||
1565 | |||
1566 | /* Define to 1 if you have the <utmpx.h> header file. */ | ||
1567 | #undef HAVE_UTMPX_H | ||
1568 | |||
1569 | /* Define to 1 if you have the <utmp.h> header file. */ | ||
1570 | #undef HAVE_UTMP_H | ||
1571 | |||
1572 | /* define if you have u_char data type */ | ||
1573 | #undef HAVE_U_CHAR | ||
1574 | |||
1575 | /* define if you have u_int data type */ | ||
1576 | #undef HAVE_U_INT | ||
1577 | |||
1578 | /* define if you have u_int64_t data type */ | ||
1579 | #undef HAVE_U_INT64_T | ||
1580 | |||
1581 | /* define if you have u_intxx_t data type */ | ||
1582 | #undef HAVE_U_INTXX_T | ||
1583 | |||
1584 | /* Define to 1 if you have the `vasprintf' function. */ | ||
1585 | #undef HAVE_VASPRINTF | ||
1586 | |||
1587 | /* Define if va_copy exists */ | ||
1588 | #undef HAVE_VA_COPY | ||
1589 | |||
1590 | /* Define to 1 if you have the <vis.h> header file. */ | ||
1591 | #undef HAVE_VIS_H | ||
1592 | |||
1593 | /* Define to 1 if you have the `vsnprintf' function. */ | ||
1594 | #undef HAVE_VSNPRINTF | ||
1595 | |||
1596 | /* Define to 1 if you have the `waitpid' function. */ | ||
1597 | #undef HAVE_WAITPID | ||
1598 | |||
1599 | /* Define to 1 if you have the `warn' function. */ | ||
1600 | #undef HAVE_WARN | ||
1601 | |||
1602 | /* Define to 1 if you have the <wchar.h> header file. */ | ||
1603 | #undef HAVE_WCHAR_H | ||
1604 | |||
1605 | /* Define to 1 if you have the `wcwidth' function. */ | ||
1606 | #undef HAVE_WCWIDTH | ||
1607 | |||
1608 | /* Define to 1 if you have the `_getlong' function. */ | ||
1609 | #undef HAVE__GETLONG | ||
1610 | |||
1611 | /* Define to 1 if you have the `_getpty' function. */ | ||
1612 | #undef HAVE__GETPTY | ||
1613 | |||
1614 | /* Define to 1 if you have the `_getshort' function. */ | ||
1615 | #undef HAVE__GETSHORT | ||
1616 | |||
1617 | /* Define if you have struct __res_state _res as an extern */ | ||
1618 | #undef HAVE__RES_EXTERN | ||
1619 | |||
1620 | /* Define to 1 if you have the `__b64_ntop' function. */ | ||
1621 | #undef HAVE___B64_NTOP | ||
1622 | |||
1623 | /* Define to 1 if you have the `__b64_pton' function. */ | ||
1624 | #undef HAVE___B64_PTON | ||
1625 | |||
1626 | /* Define if compiler implements __FUNCTION__ */ | ||
1627 | #undef HAVE___FUNCTION__ | ||
1628 | |||
1629 | /* Define if libc defines __progname */ | ||
1630 | #undef HAVE___PROGNAME | ||
1631 | |||
1632 | /* Fields in struct sockaddr_storage */ | ||
1633 | #undef HAVE___SS_FAMILY_IN_SS | ||
1634 | |||
1635 | /* Define if __va_copy exists */ | ||
1636 | #undef HAVE___VA_COPY | ||
1637 | |||
1638 | /* Define if compiler implements __func__ */ | ||
1639 | #undef HAVE___func__ | ||
1640 | |||
1641 | /* Define this if you are using the Heimdal version of Kerberos V5 */ | ||
1642 | #undef HEIMDAL | ||
1643 | |||
1644 | /* Define if you need to use IP address instead of hostname in $DISPLAY */ | ||
1645 | #undef IPADDR_IN_DISPLAY | ||
1646 | |||
1647 | /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ | ||
1648 | #undef IPV4_IN_IPV6 | ||
1649 | |||
1650 | /* Define if your system choked on IP TOS setting */ | ||
1651 | #undef IP_TOS_IS_BROKEN | ||
1652 | |||
1653 | /* Define if you want Kerberos 5 support */ | ||
1654 | #undef KRB5 | ||
1655 | |||
1656 | /* Define if pututxline updates lastlog too */ | ||
1657 | #undef LASTLOG_WRITE_PUTUTXLINE | ||
1658 | |||
1659 | /* Define to whatever link() returns for "not supported" if it doesn't return | ||
1660 | EOPNOTSUPP. */ | ||
1661 | #undef LINK_OPNOTSUPP_ERRNO | ||
1662 | |||
1663 | /* Adjust Linux out-of-memory killer */ | ||
1664 | #undef LINUX_OOM_ADJUST | ||
1665 | |||
1666 | /* max value of long long calculated by configure */ | ||
1667 | #undef LLONG_MAX | ||
1668 | |||
1669 | /* min value of long long calculated by configure */ | ||
1670 | #undef LLONG_MIN | ||
1671 | |||
1672 | /* Account locked with pw(1) */ | ||
1673 | #undef LOCKED_PASSWD_PREFIX | ||
1674 | |||
1675 | /* String used in /etc/passwd to denote locked account */ | ||
1676 | #undef LOCKED_PASSWD_STRING | ||
1677 | |||
1678 | /* String used in /etc/passwd to denote locked account */ | ||
1679 | #undef LOCKED_PASSWD_SUBSTR | ||
1680 | |||
1681 | /* Some systems need a utmpx entry for /bin/login to work */ | ||
1682 | #undef LOGIN_NEEDS_UTMPX | ||
1683 | |||
1684 | /* Set this to your mail directory if you do not have _PATH_MAILDIR */ | ||
1685 | #undef MAIL_DIRECTORY | ||
1686 | |||
1687 | /* Need setpgrp to acquire controlling tty */ | ||
1688 | #undef NEED_SETPGRP | ||
1689 | |||
1690 | /* compiler does not accept __attribute__ on prototype args */ | ||
1691 | #undef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS | ||
1692 | |||
1693 | /* compiler does not accept __attribute__ on return types */ | ||
1694 | #undef NO_ATTRIBUTE_ON_RETURN_TYPE | ||
1695 | |||
1696 | /* Define to disable UID restoration test */ | ||
1697 | #undef NO_UID_RESTORATION_TEST | ||
1698 | |||
1699 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | ||
1700 | #undef NO_X11_UNIX_SOCKETS | ||
1701 | |||
1702 | /* Define if EVP_DigestUpdate returns void */ | ||
1703 | #undef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
1704 | |||
1705 | /* OpenSSL has ECC */ | ||
1706 | #undef OPENSSL_HAS_ECC | ||
1707 | |||
1708 | /* libcrypto has NID_X9_62_prime256v1 */ | ||
1709 | #undef OPENSSL_HAS_NISTP256 | ||
1710 | |||
1711 | /* libcrypto has NID_secp384r1 */ | ||
1712 | #undef OPENSSL_HAS_NISTP384 | ||
1713 | |||
1714 | /* libcrypto has NID_secp521r1 */ | ||
1715 | #undef OPENSSL_HAS_NISTP521 | ||
1716 | |||
1717 | /* libcrypto has EVP AES CTR */ | ||
1718 | #undef OPENSSL_HAVE_EVPCTR | ||
1719 | |||
1720 | /* libcrypto has EVP AES GCM */ | ||
1721 | #undef OPENSSL_HAVE_EVPGCM | ||
1722 | |||
1723 | /* libcrypto is missing AES 192 and 256 bit functions */ | ||
1724 | #undef OPENSSL_LOBOTOMISED_AES | ||
1725 | |||
1726 | /* Define if you want the OpenSSL internally seeded PRNG only */ | ||
1727 | #undef OPENSSL_PRNG_ONLY | ||
1728 | |||
1729 | /* Define to the address where bug reports for this package should be sent. */ | ||
1730 | #undef PACKAGE_BUGREPORT | ||
1731 | |||
1732 | /* Define to the full name of this package. */ | ||
1733 | #undef PACKAGE_NAME | ||
1734 | |||
1735 | /* Define to the full name and version of this package. */ | ||
1736 | #undef PACKAGE_STRING | ||
1737 | |||
1738 | /* Define to the one symbol short name of this package. */ | ||
1739 | #undef PACKAGE_TARNAME | ||
1740 | |||
1741 | /* Define to the home page for this package. */ | ||
1742 | #undef PACKAGE_URL | ||
1743 | |||
1744 | /* Define to the version of this package. */ | ||
1745 | #undef PACKAGE_VERSION | ||
1746 | |||
1747 | /* Define if you are using Solaris-derived PAM which passes pam_messages to | ||
1748 | the conversation function with an extra level of indirection */ | ||
1749 | #undef PAM_SUN_CODEBASE | ||
1750 | |||
1751 | /* Work around problematic Linux PAM modules handling of PAM_TTY */ | ||
1752 | #undef PAM_TTY_KLUDGE | ||
1753 | |||
1754 | /* must supply username to passwd */ | ||
1755 | #undef PASSWD_NEEDS_USERNAME | ||
1756 | |||
1757 | /* System dirs owned by bin (uid 2) */ | ||
1758 | #undef PLATFORM_SYS_DIR_UID | ||
1759 | |||
1760 | /* Port number of PRNGD/EGD random number socket */ | ||
1761 | #undef PRNGD_PORT | ||
1762 | |||
1763 | /* Location of PRNGD/EGD random number socket */ | ||
1764 | #undef PRNGD_SOCKET | ||
1765 | |||
1766 | /* read(1) can return 0 for a non-closed fd */ | ||
1767 | #undef PTY_ZEROREAD | ||
1768 | |||
1769 | /* Sandbox using capsicum */ | ||
1770 | #undef SANDBOX_CAPSICUM | ||
1771 | |||
1772 | /* Sandbox using Darwin sandbox_init(3) */ | ||
1773 | #undef SANDBOX_DARWIN | ||
1774 | |||
1775 | /* no privsep sandboxing */ | ||
1776 | #undef SANDBOX_NULL | ||
1777 | |||
1778 | /* Sandbox using pledge(2) */ | ||
1779 | #undef SANDBOX_PLEDGE | ||
1780 | |||
1781 | /* Sandbox using setrlimit(2) */ | ||
1782 | #undef SANDBOX_RLIMIT | ||
1783 | |||
1784 | /* Sandbox using seccomp filter */ | ||
1785 | #undef SANDBOX_SECCOMP_FILTER | ||
1786 | |||
1787 | /* setrlimit RLIMIT_FSIZE works */ | ||
1788 | #undef SANDBOX_SKIP_RLIMIT_FSIZE | ||
1789 | |||
1790 | /* define if setrlimit RLIMIT_NOFILE breaks things */ | ||
1791 | #undef SANDBOX_SKIP_RLIMIT_NOFILE | ||
1792 | |||
1793 | /* Sandbox using Solaris/Illumos privileges */ | ||
1794 | #undef SANDBOX_SOLARIS | ||
1795 | |||
1796 | /* Sandbox using systrace(4) */ | ||
1797 | #undef SANDBOX_SYSTRACE | ||
1798 | |||
1799 | /* Specify the system call convention in use */ | ||
1800 | #undef SECCOMP_AUDIT_ARCH | ||
1801 | |||
1802 | /* Define if your platform breaks doing a seteuid before a setuid */ | ||
1803 | #undef SETEUID_BREAKS_SETUID | ||
1804 | |||
1805 | /* The size of `int', as computed by sizeof. */ | ||
1806 | #undef SIZEOF_INT | ||
1807 | |||
1808 | /* The size of `long int', as computed by sizeof. */ | ||
1809 | #undef SIZEOF_LONG_INT | ||
1810 | |||
1811 | /* The size of `long long int', as computed by sizeof. */ | ||
1812 | #undef SIZEOF_LONG_LONG_INT | ||
1813 | |||
1814 | /* The size of `short int', as computed by sizeof. */ | ||
1815 | #undef SIZEOF_SHORT_INT | ||
1816 | |||
1817 | /* Define as const if snprintf() can declare const char *fmt */ | ||
1818 | #undef SNPRINTF_CONST | ||
1819 | |||
1820 | /* Define to a Set Process Title type if your system is supported by | ||
1821 | bsd-setproctitle.c */ | ||
1822 | #undef SPT_TYPE | ||
1823 | |||
1824 | /* Define if sshd somehow reacquires a controlling TTY after setsid() */ | ||
1825 | #undef SSHD_ACQUIRES_CTTY | ||
1826 | |||
1827 | /* sshd PAM service name */ | ||
1828 | #undef SSHD_PAM_SERVICE | ||
1829 | |||
1830 | /* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ | ||
1831 | #undef SSHPAM_CHAUTHTOK_NEEDS_RUID | ||
1832 | |||
1833 | /* Use audit debugging module */ | ||
1834 | #undef SSH_AUDIT_EVENTS | ||
1835 | |||
1836 | /* Windows is sensitive to read buffer size */ | ||
1837 | #undef SSH_IOBUFSZ | ||
1838 | |||
1839 | /* non-privileged user for privilege separation */ | ||
1840 | #undef SSH_PRIVSEP_USER | ||
1841 | |||
1842 | /* Use tunnel device compatibility to OpenBSD */ | ||
1843 | #undef SSH_TUN_COMPAT_AF | ||
1844 | |||
1845 | /* Open tunnel devices the FreeBSD way */ | ||
1846 | #undef SSH_TUN_FREEBSD | ||
1847 | |||
1848 | /* Open tunnel devices the Linux tun/tap way */ | ||
1849 | #undef SSH_TUN_LINUX | ||
1850 | |||
1851 | /* No layer 2 tunnel support */ | ||
1852 | #undef SSH_TUN_NO_L2 | ||
1853 | |||
1854 | /* Open tunnel devices the OpenBSD way */ | ||
1855 | #undef SSH_TUN_OPENBSD | ||
1856 | |||
1857 | /* Prepend the address family to IP tunnel traffic */ | ||
1858 | #undef SSH_TUN_PREPEND_AF | ||
1859 | |||
1860 | /* Define to 1 if you have the ANSI C header files. */ | ||
1861 | #undef STDC_HEADERS | ||
1862 | |||
1863 | /* Define if you want a different $PATH for the superuser */ | ||
1864 | #undef SUPERUSER_PATH | ||
1865 | |||
1866 | /* syslog_r function is safe to use in in a signal handler */ | ||
1867 | #undef SYSLOG_R_SAFE_IN_SIGHAND | ||
1868 | |||
1869 | /* Support routing domains using Linux VRF */ | ||
1870 | #undef SYS_RDOMAIN_LINUX | ||
1871 | |||
1872 | /* Support passwords > 8 chars */ | ||
1873 | #undef UNIXWARE_LONG_PASSWORDS | ||
1874 | |||
1875 | /* Specify default $PATH */ | ||
1876 | #undef USER_PATH | ||
1877 | |||
1878 | /* Define this if you want to use libkafs' AFS support */ | ||
1879 | #undef USE_AFS | ||
1880 | |||
1881 | /* Use BSM audit module */ | ||
1882 | #undef USE_BSM_AUDIT | ||
1883 | |||
1884 | /* Use btmp to log bad logins */ | ||
1885 | #undef USE_BTMP | ||
1886 | |||
1887 | /* Use libedit for sftp */ | ||
1888 | #undef USE_LIBEDIT | ||
1889 | |||
1890 | /* Use Linux audit module */ | ||
1891 | #undef USE_LINUX_AUDIT | ||
1892 | |||
1893 | /* Enable OpenSSL engine support */ | ||
1894 | #undef USE_OPENSSL_ENGINE | ||
1895 | |||
1896 | /* Define if you want to enable PAM support */ | ||
1897 | #undef USE_PAM | ||
1898 | |||
1899 | /* Use PIPES instead of a socketpair() */ | ||
1900 | #undef USE_PIPES | ||
1901 | |||
1902 | /* Define if you have Solaris privileges */ | ||
1903 | #undef USE_SOLARIS_PRIVS | ||
1904 | |||
1905 | /* Define if you have Solaris process contracts */ | ||
1906 | #undef USE_SOLARIS_PROCESS_CONTRACTS | ||
1907 | |||
1908 | /* Define if you have Solaris projects */ | ||
1909 | #undef USE_SOLARIS_PROJECTS | ||
1910 | |||
1911 | /* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ | ||
1912 | #undef WITH_ABBREV_NO_TTY | ||
1913 | |||
1914 | /* Define if you want to enable AIX4's authenticate function */ | ||
1915 | #undef WITH_AIXAUTHENTICATE | ||
1916 | |||
1917 | /* Define if you have/want arrays (cluster-wide session management, not C | ||
1918 | arrays) */ | ||
1919 | #undef WITH_IRIX_ARRAY | ||
1920 | |||
1921 | /* Define if you want IRIX audit trails */ | ||
1922 | #undef WITH_IRIX_AUDIT | ||
1923 | |||
1924 | /* Define if you want IRIX kernel jobs */ | ||
1925 | #undef WITH_IRIX_JOBS | ||
1926 | |||
1927 | /* Define if you want IRIX project management */ | ||
1928 | #undef WITH_IRIX_PROJECT | ||
1929 | |||
1930 | /* use libcrypto for cryptography */ | ||
1931 | #undef WITH_OPENSSL | ||
1932 | |||
1933 | /* Define if you want SELinux support. */ | ||
1934 | #undef WITH_SELINUX | ||
1935 | |||
1936 | /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most | ||
1937 | significant byte first (like Motorola and SPARC, unlike Intel). */ | ||
1938 | #if defined AC_APPLE_UNIVERSAL_BUILD | ||
1939 | # if defined __BIG_ENDIAN__ | ||
1940 | # define WORDS_BIGENDIAN 1 | ||
1941 | # endif | ||
1942 | #else | ||
1943 | # ifndef WORDS_BIGENDIAN | ||
1944 | # undef WORDS_BIGENDIAN | ||
1945 | # endif | ||
1946 | #endif | ||
1947 | |||
1948 | /* Define if xauth is found in your path */ | ||
1949 | #undef XAUTH_PATH | ||
1950 | |||
1951 | /* Enable large inode numbers on Mac OS X 10.5. */ | ||
1952 | #ifndef _DARWIN_USE_64_BIT_INODE | ||
1953 | # define _DARWIN_USE_64_BIT_INODE 1 | ||
1954 | #endif | ||
1955 | |||
1956 | /* Number of bits in a file offset, on hosts where this is settable. */ | ||
1957 | #undef _FILE_OFFSET_BITS | ||
1958 | |||
1959 | /* Define for large files, on AIX-style hosts. */ | ||
1960 | #undef _LARGE_FILES | ||
1961 | |||
1962 | /* log for bad login attempts */ | ||
1963 | #undef _PATH_BTMP | ||
1964 | |||
1965 | /* Full path of your "passwd" program */ | ||
1966 | #undef _PATH_PASSWD_PROG | ||
1967 | |||
1968 | /* Specify location of ssh.pid */ | ||
1969 | #undef _PATH_SSH_PIDDIR | ||
1970 | |||
1971 | /* Define if we don't have struct __res_state in resolv.h */ | ||
1972 | #undef __res_state | ||
1973 | |||
1974 | /* Define to rpl_calloc if the replacement function should be used. */ | ||
1975 | #undef calloc | ||
1976 | |||
1977 | /* Define to `__inline__' or `__inline' if that's what the C compiler | ||
1978 | calls it, or to nothing if 'inline' is not supported under any name. */ | ||
1979 | #ifndef __cplusplus | ||
1980 | #undef inline | ||
1981 | #endif | ||
1982 | |||
1983 | /* Define to rpl_malloc if the replacement function should be used. */ | ||
1984 | #undef malloc | ||
1985 | |||
1986 | /* Define to rpl_realloc if the replacement function should be used. */ | ||
1987 | #undef realloc | ||
1988 | |||
1989 | /* type to use in place of socklen_t if not defined */ | ||
1990 | #undef socklen_t | ||
diff --git a/configure b/configure new file mode 100755 index 000000000..1e67db268 --- /dev/null +++ b/configure | |||
@@ -0,0 +1,20824 @@ | |||
1 | #! /bin/sh | ||
2 | # From configure.ac Revision: 1.583 . | ||
3 | # Guess values for system-dependent variables and create Makefiles. | ||
4 | # Generated by GNU Autoconf 2.69 for OpenSSH Portable. | ||
5 | # | ||
6 | # Report bugs to <openssh-unix-dev@mindrot.org>. | ||
7 | # | ||
8 | # | ||
9 | # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. | ||
10 | # | ||
11 | # | ||
12 | # This configure script is free software; the Free Software Foundation | ||
13 | # gives unlimited permission to copy, distribute and modify it. | ||
14 | ## -------------------- ## | ||
15 | ## M4sh Initialization. ## | ||
16 | ## -------------------- ## | ||
17 | |||
18 | # Be more Bourne compatible | ||
19 | DUALCASE=1; export DUALCASE # for MKS sh | ||
20 | if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : | ||
21 | emulate sh | ||
22 | NULLCMD=: | ||
23 | # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which | ||
24 | # is contrary to our usage. Disable this feature. | ||
25 | alias -g '${1+"$@"}'='"$@"' | ||
26 | setopt NO_GLOB_SUBST | ||
27 | else | ||
28 | case `(set -o) 2>/dev/null` in #( | ||
29 | *posix*) : | ||
30 | set -o posix ;; #( | ||
31 | *) : | ||
32 | ;; | ||
33 | esac | ||
34 | fi | ||
35 | |||
36 | |||
37 | as_nl=' | ||
38 | ' | ||
39 | export as_nl | ||
40 | # Printing a long string crashes Solaris 7 /usr/bin/printf. | ||
41 | as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' | ||
42 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo | ||
43 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo | ||
44 | # Prefer a ksh shell builtin over an external printf program on Solaris, | ||
45 | # but without wasting forks for bash or zsh. | ||
46 | if test -z "$BASH_VERSION$ZSH_VERSION" \ | ||
47 | && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
48 | as_echo='print -r --' | ||
49 | as_echo_n='print -rn --' | ||
50 | elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
51 | as_echo='printf %s\n' | ||
52 | as_echo_n='printf %s' | ||
53 | else | ||
54 | if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then | ||
55 | as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' | ||
56 | as_echo_n='/usr/ucb/echo -n' | ||
57 | else | ||
58 | as_echo_body='eval expr "X$1" : "X\\(.*\\)"' | ||
59 | as_echo_n_body='eval | ||
60 | arg=$1; | ||
61 | case $arg in #( | ||
62 | *"$as_nl"*) | ||
63 | expr "X$arg" : "X\\(.*\\)$as_nl"; | ||
64 | arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; | ||
65 | esac; | ||
66 | expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" | ||
67 | ' | ||
68 | export as_echo_n_body | ||
69 | as_echo_n='sh -c $as_echo_n_body as_echo' | ||
70 | fi | ||
71 | export as_echo_body | ||
72 | as_echo='sh -c $as_echo_body as_echo' | ||
73 | fi | ||
74 | |||
75 | # The user is always right. | ||
76 | if test "${PATH_SEPARATOR+set}" != set; then | ||
77 | PATH_SEPARATOR=: | ||
78 | (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { | ||
79 | (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || | ||
80 | PATH_SEPARATOR=';' | ||
81 | } | ||
82 | fi | ||
83 | |||
84 | |||
85 | # IFS | ||
86 | # We need space, tab and new line, in precisely that order. Quoting is | ||
87 | # there to prevent editors from complaining about space-tab. | ||
88 | # (If _AS_PATH_WALK were called with IFS unset, it would disable word | ||
89 | # splitting by setting IFS to empty value.) | ||
90 | IFS=" "" $as_nl" | ||
91 | |||
92 | # Find who we are. Look in the path if we contain no directory separator. | ||
93 | as_myself= | ||
94 | case $0 in #(( | ||
95 | *[\\/]* ) as_myself=$0 ;; | ||
96 | *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
97 | for as_dir in $PATH | ||
98 | do | ||
99 | IFS=$as_save_IFS | ||
100 | test -z "$as_dir" && as_dir=. | ||
101 | test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break | ||
102 | done | ||
103 | IFS=$as_save_IFS | ||
104 | |||
105 | ;; | ||
106 | esac | ||
107 | # We did not find ourselves, most probably we were run as `sh COMMAND' | ||
108 | # in which case we are not to be found in the path. | ||
109 | if test "x$as_myself" = x; then | ||
110 | as_myself=$0 | ||
111 | fi | ||
112 | if test ! -f "$as_myself"; then | ||
113 | $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 | ||
114 | exit 1 | ||
115 | fi | ||
116 | |||
117 | # Unset variables that we do not need and which cause bugs (e.g. in | ||
118 | # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" | ||
119 | # suppresses any "Segmentation fault" message there. '((' could | ||
120 | # trigger a bug in pdksh 5.2.14. | ||
121 | for as_var in BASH_ENV ENV MAIL MAILPATH | ||
122 | do eval test x\${$as_var+set} = xset \ | ||
123 | && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : | ||
124 | done | ||
125 | PS1='$ ' | ||
126 | PS2='> ' | ||
127 | PS4='+ ' | ||
128 | |||
129 | # NLS nuisances. | ||
130 | LC_ALL=C | ||
131 | export LC_ALL | ||
132 | LANGUAGE=C | ||
133 | export LANGUAGE | ||
134 | |||
135 | # CDPATH. | ||
136 | (unset CDPATH) >/dev/null 2>&1 && unset CDPATH | ||
137 | |||
138 | # Use a proper internal environment variable to ensure we don't fall | ||
139 | # into an infinite loop, continuously re-executing ourselves. | ||
140 | if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then | ||
141 | _as_can_reexec=no; export _as_can_reexec; | ||
142 | # We cannot yet assume a decent shell, so we have to provide a | ||
143 | # neutralization value for shells without unset; and this also | ||
144 | # works around shells that cannot unset nonexistent variables. | ||
145 | # Preserve -v and -x to the replacement shell. | ||
146 | BASH_ENV=/dev/null | ||
147 | ENV=/dev/null | ||
148 | (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
149 | case $- in # (((( | ||
150 | *v*x* | *x*v* ) as_opts=-vx ;; | ||
151 | *v* ) as_opts=-v ;; | ||
152 | *x* ) as_opts=-x ;; | ||
153 | * ) as_opts= ;; | ||
154 | esac | ||
155 | exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} | ||
156 | # Admittedly, this is quite paranoid, since all the known shells bail | ||
157 | # out after a failed `exec'. | ||
158 | $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 | ||
159 | as_fn_exit 255 | ||
160 | fi | ||
161 | # We don't want this to propagate to other subprocesses. | ||
162 | { _as_can_reexec=; unset _as_can_reexec;} | ||
163 | if test "x$CONFIG_SHELL" = x; then | ||
164 | as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : | ||
165 | emulate sh | ||
166 | NULLCMD=: | ||
167 | # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which | ||
168 | # is contrary to our usage. Disable this feature. | ||
169 | alias -g '\${1+\"\$@\"}'='\"\$@\"' | ||
170 | setopt NO_GLOB_SUBST | ||
171 | else | ||
172 | case \`(set -o) 2>/dev/null\` in #( | ||
173 | *posix*) : | ||
174 | set -o posix ;; #( | ||
175 | *) : | ||
176 | ;; | ||
177 | esac | ||
178 | fi | ||
179 | " | ||
180 | as_required="as_fn_return () { (exit \$1); } | ||
181 | as_fn_success () { as_fn_return 0; } | ||
182 | as_fn_failure () { as_fn_return 1; } | ||
183 | as_fn_ret_success () { return 0; } | ||
184 | as_fn_ret_failure () { return 1; } | ||
185 | |||
186 | exitcode=0 | ||
187 | as_fn_success || { exitcode=1; echo as_fn_success failed.; } | ||
188 | as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } | ||
189 | as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } | ||
190 | as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } | ||
191 | if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : | ||
192 | |||
193 | else | ||
194 | exitcode=1; echo positional parameters were not saved. | ||
195 | fi | ||
196 | test x\$exitcode = x0 || exit 1 | ||
197 | test -x / || exit 1" | ||
198 | as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO | ||
199 | as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO | ||
200 | eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && | ||
201 | test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 | ||
202 | test \$(( 1 + 1 )) = 2 || exit 1" | ||
203 | if (eval "$as_required") 2>/dev/null; then : | ||
204 | as_have_required=yes | ||
205 | else | ||
206 | as_have_required=no | ||
207 | fi | ||
208 | if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : | ||
209 | |||
210 | else | ||
211 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
212 | as_found=false | ||
213 | for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH | ||
214 | do | ||
215 | IFS=$as_save_IFS | ||
216 | test -z "$as_dir" && as_dir=. | ||
217 | as_found=: | ||
218 | case $as_dir in #( | ||
219 | /*) | ||
220 | for as_base in sh bash ksh sh5; do | ||
221 | # Try only shells that exist, to save several forks. | ||
222 | as_shell=$as_dir/$as_base | ||
223 | if { test -f "$as_shell" || test -f "$as_shell.exe"; } && | ||
224 | { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : | ||
225 | CONFIG_SHELL=$as_shell as_have_required=yes | ||
226 | if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : | ||
227 | break 2 | ||
228 | fi | ||
229 | fi | ||
230 | done;; | ||
231 | esac | ||
232 | as_found=false | ||
233 | done | ||
234 | $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && | ||
235 | { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : | ||
236 | CONFIG_SHELL=$SHELL as_have_required=yes | ||
237 | fi; } | ||
238 | IFS=$as_save_IFS | ||
239 | |||
240 | |||
241 | if test "x$CONFIG_SHELL" != x; then : | ||
242 | export CONFIG_SHELL | ||
243 | # We cannot yet assume a decent shell, so we have to provide a | ||
244 | # neutralization value for shells without unset; and this also | ||
245 | # works around shells that cannot unset nonexistent variables. | ||
246 | # Preserve -v and -x to the replacement shell. | ||
247 | BASH_ENV=/dev/null | ||
248 | ENV=/dev/null | ||
249 | (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
250 | case $- in # (((( | ||
251 | *v*x* | *x*v* ) as_opts=-vx ;; | ||
252 | *v* ) as_opts=-v ;; | ||
253 | *x* ) as_opts=-x ;; | ||
254 | * ) as_opts= ;; | ||
255 | esac | ||
256 | exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} | ||
257 | # Admittedly, this is quite paranoid, since all the known shells bail | ||
258 | # out after a failed `exec'. | ||
259 | $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 | ||
260 | exit 255 | ||
261 | fi | ||
262 | |||
263 | if test x$as_have_required = xno; then : | ||
264 | $as_echo "$0: This script requires a shell more modern than all" | ||
265 | $as_echo "$0: the shells that I found on your system." | ||
266 | if test x${ZSH_VERSION+set} = xset ; then | ||
267 | $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" | ||
268 | $as_echo "$0: be upgraded to zsh 4.3.4 or later." | ||
269 | else | ||
270 | $as_echo "$0: Please tell bug-autoconf@gnu.org and | ||
271 | $0: openssh-unix-dev@mindrot.org about your system, | ||
272 | $0: including any error possibly output before this | ||
273 | $0: message. Then install a modern shell, or manually run | ||
274 | $0: the script under such a shell if you do have one." | ||
275 | fi | ||
276 | exit 1 | ||
277 | fi | ||
278 | fi | ||
279 | fi | ||
280 | SHELL=${CONFIG_SHELL-/bin/sh} | ||
281 | export SHELL | ||
282 | # Unset more variables known to interfere with behavior of common tools. | ||
283 | CLICOLOR_FORCE= GREP_OPTIONS= | ||
284 | unset CLICOLOR_FORCE GREP_OPTIONS | ||
285 | |||
286 | ## --------------------- ## | ||
287 | ## M4sh Shell Functions. ## | ||
288 | ## --------------------- ## | ||
289 | # as_fn_unset VAR | ||
290 | # --------------- | ||
291 | # Portably unset VAR. | ||
292 | as_fn_unset () | ||
293 | { | ||
294 | { eval $1=; unset $1;} | ||
295 | } | ||
296 | as_unset=as_fn_unset | ||
297 | |||
298 | # as_fn_set_status STATUS | ||
299 | # ----------------------- | ||
300 | # Set $? to STATUS, without forking. | ||
301 | as_fn_set_status () | ||
302 | { | ||
303 | return $1 | ||
304 | } # as_fn_set_status | ||
305 | |||
306 | # as_fn_exit STATUS | ||
307 | # ----------------- | ||
308 | # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. | ||
309 | as_fn_exit () | ||
310 | { | ||
311 | set +e | ||
312 | as_fn_set_status $1 | ||
313 | exit $1 | ||
314 | } # as_fn_exit | ||
315 | |||
316 | # as_fn_mkdir_p | ||
317 | # ------------- | ||
318 | # Create "$as_dir" as a directory, including parents if necessary. | ||
319 | as_fn_mkdir_p () | ||
320 | { | ||
321 | |||
322 | case $as_dir in #( | ||
323 | -*) as_dir=./$as_dir;; | ||
324 | esac | ||
325 | test -d "$as_dir" || eval $as_mkdir_p || { | ||
326 | as_dirs= | ||
327 | while :; do | ||
328 | case $as_dir in #( | ||
329 | *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( | ||
330 | *) as_qdir=$as_dir;; | ||
331 | esac | ||
332 | as_dirs="'$as_qdir' $as_dirs" | ||
333 | as_dir=`$as_dirname -- "$as_dir" || | ||
334 | $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
335 | X"$as_dir" : 'X\(//\)[^/]' \| \ | ||
336 | X"$as_dir" : 'X\(//\)$' \| \ | ||
337 | X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || | ||
338 | $as_echo X"$as_dir" | | ||
339 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
340 | s//\1/ | ||
341 | q | ||
342 | } | ||
343 | /^X\(\/\/\)[^/].*/{ | ||
344 | s//\1/ | ||
345 | q | ||
346 | } | ||
347 | /^X\(\/\/\)$/{ | ||
348 | s//\1/ | ||
349 | q | ||
350 | } | ||
351 | /^X\(\/\).*/{ | ||
352 | s//\1/ | ||
353 | q | ||
354 | } | ||
355 | s/.*/./; q'` | ||
356 | test -d "$as_dir" && break | ||
357 | done | ||
358 | test -z "$as_dirs" || eval "mkdir $as_dirs" | ||
359 | } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" | ||
360 | |||
361 | |||
362 | } # as_fn_mkdir_p | ||
363 | |||
364 | # as_fn_executable_p FILE | ||
365 | # ----------------------- | ||
366 | # Test if FILE is an executable regular file. | ||
367 | as_fn_executable_p () | ||
368 | { | ||
369 | test -f "$1" && test -x "$1" | ||
370 | } # as_fn_executable_p | ||
371 | # as_fn_append VAR VALUE | ||
372 | # ---------------------- | ||
373 | # Append the text in VALUE to the end of the definition contained in VAR. Take | ||
374 | # advantage of any shell optimizations that allow amortized linear growth over | ||
375 | # repeated appends, instead of the typical quadratic growth present in naive | ||
376 | # implementations. | ||
377 | if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : | ||
378 | eval 'as_fn_append () | ||
379 | { | ||
380 | eval $1+=\$2 | ||
381 | }' | ||
382 | else | ||
383 | as_fn_append () | ||
384 | { | ||
385 | eval $1=\$$1\$2 | ||
386 | } | ||
387 | fi # as_fn_append | ||
388 | |||
389 | # as_fn_arith ARG... | ||
390 | # ------------------ | ||
391 | # Perform arithmetic evaluation on the ARGs, and store the result in the | ||
392 | # global $as_val. Take advantage of shells that can avoid forks. The arguments | ||
393 | # must be portable across $(()) and expr. | ||
394 | if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : | ||
395 | eval 'as_fn_arith () | ||
396 | { | ||
397 | as_val=$(( $* )) | ||
398 | }' | ||
399 | else | ||
400 | as_fn_arith () | ||
401 | { | ||
402 | as_val=`expr "$@" || test $? -eq 1` | ||
403 | } | ||
404 | fi # as_fn_arith | ||
405 | |||
406 | |||
407 | # as_fn_error STATUS ERROR [LINENO LOG_FD] | ||
408 | # ---------------------------------------- | ||
409 | # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are | ||
410 | # provided, also output the error to LOG_FD, referencing LINENO. Then exit the | ||
411 | # script with STATUS, using 1 if that was 0. | ||
412 | as_fn_error () | ||
413 | { | ||
414 | as_status=$1; test $as_status -eq 0 && as_status=1 | ||
415 | if test "$4"; then | ||
416 | as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
417 | $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 | ||
418 | fi | ||
419 | $as_echo "$as_me: error: $2" >&2 | ||
420 | as_fn_exit $as_status | ||
421 | } # as_fn_error | ||
422 | |||
423 | if expr a : '\(a\)' >/dev/null 2>&1 && | ||
424 | test "X`expr 00001 : '.*\(...\)'`" = X001; then | ||
425 | as_expr=expr | ||
426 | else | ||
427 | as_expr=false | ||
428 | fi | ||
429 | |||
430 | if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then | ||
431 | as_basename=basename | ||
432 | else | ||
433 | as_basename=false | ||
434 | fi | ||
435 | |||
436 | if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then | ||
437 | as_dirname=dirname | ||
438 | else | ||
439 | as_dirname=false | ||
440 | fi | ||
441 | |||
442 | as_me=`$as_basename -- "$0" || | ||
443 | $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ | ||
444 | X"$0" : 'X\(//\)$' \| \ | ||
445 | X"$0" : 'X\(/\)' \| . 2>/dev/null || | ||
446 | $as_echo X/"$0" | | ||
447 | sed '/^.*\/\([^/][^/]*\)\/*$/{ | ||
448 | s//\1/ | ||
449 | q | ||
450 | } | ||
451 | /^X\/\(\/\/\)$/{ | ||
452 | s//\1/ | ||
453 | q | ||
454 | } | ||
455 | /^X\/\(\/\).*/{ | ||
456 | s//\1/ | ||
457 | q | ||
458 | } | ||
459 | s/.*/./; q'` | ||
460 | |||
461 | # Avoid depending upon Character Ranges. | ||
462 | as_cr_letters='abcdefghijklmnopqrstuvwxyz' | ||
463 | as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' | ||
464 | as_cr_Letters=$as_cr_letters$as_cr_LETTERS | ||
465 | as_cr_digits='0123456789' | ||
466 | as_cr_alnum=$as_cr_Letters$as_cr_digits | ||
467 | |||
468 | |||
469 | as_lineno_1=$LINENO as_lineno_1a=$LINENO | ||
470 | as_lineno_2=$LINENO as_lineno_2a=$LINENO | ||
471 | eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && | ||
472 | test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { | ||
473 | # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) | ||
474 | sed -n ' | ||
475 | p | ||
476 | /[$]LINENO/= | ||
477 | ' <$as_myself | | ||
478 | sed ' | ||
479 | s/[$]LINENO.*/&-/ | ||
480 | t lineno | ||
481 | b | ||
482 | :lineno | ||
483 | N | ||
484 | :loop | ||
485 | s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ | ||
486 | t loop | ||
487 | s/-\n.*// | ||
488 | ' >$as_me.lineno && | ||
489 | chmod +x "$as_me.lineno" || | ||
490 | { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } | ||
491 | |||
492 | # If we had to re-execute with $CONFIG_SHELL, we're ensured to have | ||
493 | # already done that, so ensure we don't try to do so again and fall | ||
494 | # in an infinite loop. This has already happened in practice. | ||
495 | _as_can_reexec=no; export _as_can_reexec | ||
496 | # Don't try to exec as it changes $[0], causing all sort of problems | ||
497 | # (the dirname of $[0] is not the place where we might find the | ||
498 | # original and so on. Autoconf is especially sensitive to this). | ||
499 | . "./$as_me.lineno" | ||
500 | # Exit status is that of the last command. | ||
501 | exit | ||
502 | } | ||
503 | |||
504 | ECHO_C= ECHO_N= ECHO_T= | ||
505 | case `echo -n x` in #((((( | ||
506 | -n*) | ||
507 | case `echo 'xy\c'` in | ||
508 | *c*) ECHO_T=' ';; # ECHO_T is single tab character. | ||
509 | xy) ECHO_C='\c';; | ||
510 | *) echo `echo ksh88 bug on AIX 6.1` > /dev/null | ||
511 | ECHO_T=' ';; | ||
512 | esac;; | ||
513 | *) | ||
514 | ECHO_N='-n';; | ||
515 | esac | ||
516 | |||
517 | rm -f conf$$ conf$$.exe conf$$.file | ||
518 | if test -d conf$$.dir; then | ||
519 | rm -f conf$$.dir/conf$$.file | ||
520 | else | ||
521 | rm -f conf$$.dir | ||
522 | mkdir conf$$.dir 2>/dev/null | ||
523 | fi | ||
524 | if (echo >conf$$.file) 2>/dev/null; then | ||
525 | if ln -s conf$$.file conf$$ 2>/dev/null; then | ||
526 | as_ln_s='ln -s' | ||
527 | # ... but there are two gotchas: | ||
528 | # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. | ||
529 | # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. | ||
530 | # In both cases, we have to default to `cp -pR'. | ||
531 | ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || | ||
532 | as_ln_s='cp -pR' | ||
533 | elif ln conf$$.file conf$$ 2>/dev/null; then | ||
534 | as_ln_s=ln | ||
535 | else | ||
536 | as_ln_s='cp -pR' | ||
537 | fi | ||
538 | else | ||
539 | as_ln_s='cp -pR' | ||
540 | fi | ||
541 | rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file | ||
542 | rmdir conf$$.dir 2>/dev/null | ||
543 | |||
544 | if mkdir -p . 2>/dev/null; then | ||
545 | as_mkdir_p='mkdir -p "$as_dir"' | ||
546 | else | ||
547 | test -d ./-p && rmdir ./-p | ||
548 | as_mkdir_p=false | ||
549 | fi | ||
550 | |||
551 | as_test_x='test -x' | ||
552 | as_executable_p=as_fn_executable_p | ||
553 | |||
554 | # Sed expression to map a string onto a valid CPP name. | ||
555 | as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" | ||
556 | |||
557 | # Sed expression to map a string onto a valid variable name. | ||
558 | as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" | ||
559 | |||
560 | |||
561 | test -n "$DJDIR" || exec 7<&0 </dev/null | ||
562 | exec 6>&1 | ||
563 | |||
564 | # Name of the host. | ||
565 | # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, | ||
566 | # so uname gets run too. | ||
567 | ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` | ||
568 | |||
569 | # | ||
570 | # Initializations. | ||
571 | # | ||
572 | ac_default_prefix=/usr/local | ||
573 | ac_clean_files= | ||
574 | ac_config_libobj_dir=. | ||
575 | LIBOBJS= | ||
576 | cross_compiling=no | ||
577 | subdirs= | ||
578 | MFLAGS= | ||
579 | MAKEFLAGS= | ||
580 | |||
581 | # Identity of this package. | ||
582 | PACKAGE_NAME='OpenSSH' | ||
583 | PACKAGE_TARNAME='openssh' | ||
584 | PACKAGE_VERSION='Portable' | ||
585 | PACKAGE_STRING='OpenSSH Portable' | ||
586 | PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org' | ||
587 | PACKAGE_URL='' | ||
588 | |||
589 | ac_unique_file="ssh.c" | ||
590 | # Factoring default headers for most tests. | ||
591 | ac_includes_default="\ | ||
592 | #include <stdio.h> | ||
593 | #ifdef HAVE_SYS_TYPES_H | ||
594 | # include <sys/types.h> | ||
595 | #endif | ||
596 | #ifdef HAVE_SYS_STAT_H | ||
597 | # include <sys/stat.h> | ||
598 | #endif | ||
599 | #ifdef STDC_HEADERS | ||
600 | # include <stdlib.h> | ||
601 | # include <stddef.h> | ||
602 | #else | ||
603 | # ifdef HAVE_STDLIB_H | ||
604 | # include <stdlib.h> | ||
605 | # endif | ||
606 | #endif | ||
607 | #ifdef HAVE_STRING_H | ||
608 | # if !defined STDC_HEADERS && defined HAVE_MEMORY_H | ||
609 | # include <memory.h> | ||
610 | # endif | ||
611 | # include <string.h> | ||
612 | #endif | ||
613 | #ifdef HAVE_STRINGS_H | ||
614 | # include <strings.h> | ||
615 | #endif | ||
616 | #ifdef HAVE_INTTYPES_H | ||
617 | # include <inttypes.h> | ||
618 | #endif | ||
619 | #ifdef HAVE_STDINT_H | ||
620 | # include <stdint.h> | ||
621 | #endif | ||
622 | #ifdef HAVE_UNISTD_H | ||
623 | # include <unistd.h> | ||
624 | #endif" | ||
625 | |||
626 | ac_subst_vars='LTLIBOBJS | ||
627 | DEPEND | ||
628 | UNSUPPORTED_ALGORITHMS | ||
629 | TEST_MALLOC_OPTIONS | ||
630 | TEST_SSH_UTF8 | ||
631 | TEST_SSH_IPV6 | ||
632 | piddir | ||
633 | user_path | ||
634 | mansubdir | ||
635 | MANTYPE | ||
636 | XAUTH_PATH | ||
637 | STRIP_OPT | ||
638 | xauth_path | ||
639 | PRIVSEP_PATH | ||
640 | K5LIBS | ||
641 | GSSLIBS | ||
642 | KRB5CONF | ||
643 | SSHDLIBS | ||
644 | SSHLIBS | ||
645 | SSH_PRIVSEP_USER | ||
646 | COMMENT_OUT_ECC | ||
647 | TEST_SSH_ECC | ||
648 | LIBEDIT | ||
649 | PKGCONFIG | ||
650 | LDNSCONFIG | ||
651 | LIBOBJS | ||
652 | LD | ||
653 | PATH_PASSWD_PROG | ||
654 | STARTUP_SCRIPT_SHELL | ||
655 | MAKE_PACKAGE_SUPPORTED | ||
656 | PATH_USERADD_PROG | ||
657 | PATH_GROUPADD_PROG | ||
658 | MANFMT | ||
659 | TEST_SHELL | ||
660 | MANDOC | ||
661 | NROFF | ||
662 | GROFF | ||
663 | SH | ||
664 | TEST_MINUS_S_SH | ||
665 | ENT | ||
666 | SED | ||
667 | KILL | ||
668 | CAT | ||
669 | ac_ct_AR | ||
670 | AR | ||
671 | MKDIR_P | ||
672 | INSTALL_DATA | ||
673 | INSTALL_SCRIPT | ||
674 | INSTALL_PROGRAM | ||
675 | RANLIB | ||
676 | AWK | ||
677 | EGREP | ||
678 | GREP | ||
679 | CPP | ||
680 | host_os | ||
681 | host_vendor | ||
682 | host_cpu | ||
683 | host | ||
684 | build_os | ||
685 | build_vendor | ||
686 | build_cpu | ||
687 | build | ||
688 | OBJEXT | ||
689 | EXEEXT | ||
690 | ac_ct_CC | ||
691 | CPPFLAGS | ||
692 | LDFLAGS | ||
693 | CFLAGS | ||
694 | CC | ||
695 | target_alias | ||
696 | host_alias | ||
697 | build_alias | ||
698 | LIBS | ||
699 | ECHO_T | ||
700 | ECHO_N | ||
701 | ECHO_C | ||
702 | DEFS | ||
703 | mandir | ||
704 | localedir | ||
705 | libdir | ||
706 | psdir | ||
707 | pdfdir | ||
708 | dvidir | ||
709 | htmldir | ||
710 | infodir | ||
711 | docdir | ||
712 | oldincludedir | ||
713 | includedir | ||
714 | localstatedir | ||
715 | sharedstatedir | ||
716 | sysconfdir | ||
717 | datadir | ||
718 | datarootdir | ||
719 | libexecdir | ||
720 | sbindir | ||
721 | bindir | ||
722 | program_transform_name | ||
723 | prefix | ||
724 | exec_prefix | ||
725 | PACKAGE_URL | ||
726 | PACKAGE_BUGREPORT | ||
727 | PACKAGE_STRING | ||
728 | PACKAGE_VERSION | ||
729 | PACKAGE_TARNAME | ||
730 | PACKAGE_NAME | ||
731 | PATH_SEPARATOR | ||
732 | SHELL' | ||
733 | ac_subst_files='' | ||
734 | ac_user_opts=' | ||
735 | enable_option_checking | ||
736 | enable_largefile | ||
737 | with_openssl | ||
738 | with_stackprotect | ||
739 | with_hardening | ||
740 | with_rpath | ||
741 | with_cflags | ||
742 | with_cflags_after | ||
743 | with_cppflags | ||
744 | with_ldflags | ||
745 | with_ldflags_after | ||
746 | with_libs | ||
747 | with_Werror | ||
748 | with_solaris_contracts | ||
749 | with_solaris_projects | ||
750 | with_solaris_privs | ||
751 | with_osfsia | ||
752 | with_zlib | ||
753 | with_zlib_version_check | ||
754 | with_ldns | ||
755 | with_libedit | ||
756 | with_audit | ||
757 | with_pie | ||
758 | enable_pkcs11 | ||
759 | with_ssl_dir | ||
760 | with_openssl_header_check | ||
761 | with_ssl_engine | ||
762 | with_prngd_port | ||
763 | with_prngd_socket | ||
764 | with_pam | ||
765 | with_pam_service | ||
766 | with_privsep_user | ||
767 | with_sandbox | ||
768 | with_selinux | ||
769 | with_kerberos5 | ||
770 | with_privsep_path | ||
771 | with_xauth | ||
772 | enable_strip | ||
773 | with_maildir | ||
774 | with_mantype | ||
775 | with_md5_passwords | ||
776 | with_shadow | ||
777 | with_ipaddr_display | ||
778 | enable_etc_default_login | ||
779 | with_default_path | ||
780 | with_superuser_path | ||
781 | with_4in6 | ||
782 | with_bsd_auth | ||
783 | with_pid_dir | ||
784 | enable_lastlog | ||
785 | enable_utmp | ||
786 | enable_utmpx | ||
787 | enable_wtmp | ||
788 | enable_wtmpx | ||
789 | enable_libutil | ||
790 | enable_pututline | ||
791 | enable_pututxline | ||
792 | with_lastlog | ||
793 | ' | ||
794 | ac_precious_vars='build_alias | ||
795 | host_alias | ||
796 | target_alias | ||
797 | CC | ||
798 | CFLAGS | ||
799 | LDFLAGS | ||
800 | LIBS | ||
801 | CPPFLAGS | ||
802 | CPP' | ||
803 | |||
804 | |||
805 | # Initialize some variables set by options. | ||
806 | ac_init_help= | ||
807 | ac_init_version=false | ||
808 | ac_unrecognized_opts= | ||
809 | ac_unrecognized_sep= | ||
810 | # The variables have the same names as the options, with | ||
811 | # dashes changed to underlines. | ||
812 | cache_file=/dev/null | ||
813 | exec_prefix=NONE | ||
814 | no_create= | ||
815 | no_recursion= | ||
816 | prefix=NONE | ||
817 | program_prefix=NONE | ||
818 | program_suffix=NONE | ||
819 | program_transform_name=s,x,x, | ||
820 | silent= | ||
821 | site= | ||
822 | srcdir= | ||
823 | verbose= | ||
824 | x_includes=NONE | ||
825 | x_libraries=NONE | ||
826 | |||
827 | # Installation directory options. | ||
828 | # These are left unexpanded so users can "make install exec_prefix=/foo" | ||
829 | # and all the variables that are supposed to be based on exec_prefix | ||
830 | # by default will actually change. | ||
831 | # Use braces instead of parens because sh, perl, etc. also accept them. | ||
832 | # (The list follows the same order as the GNU Coding Standards.) | ||
833 | bindir='${exec_prefix}/bin' | ||
834 | sbindir='${exec_prefix}/sbin' | ||
835 | libexecdir='${exec_prefix}/libexec' | ||
836 | datarootdir='${prefix}/share' | ||
837 | datadir='${datarootdir}' | ||
838 | sysconfdir='${prefix}/etc' | ||
839 | sharedstatedir='${prefix}/com' | ||
840 | localstatedir='${prefix}/var' | ||
841 | includedir='${prefix}/include' | ||
842 | oldincludedir='/usr/include' | ||
843 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' | ||
844 | infodir='${datarootdir}/info' | ||
845 | htmldir='${docdir}' | ||
846 | dvidir='${docdir}' | ||
847 | pdfdir='${docdir}' | ||
848 | psdir='${docdir}' | ||
849 | libdir='${exec_prefix}/lib' | ||
850 | localedir='${datarootdir}/locale' | ||
851 | mandir='${datarootdir}/man' | ||
852 | |||
853 | ac_prev= | ||
854 | ac_dashdash= | ||
855 | for ac_option | ||
856 | do | ||
857 | # If the previous option needs an argument, assign it. | ||
858 | if test -n "$ac_prev"; then | ||
859 | eval $ac_prev=\$ac_option | ||
860 | ac_prev= | ||
861 | continue | ||
862 | fi | ||
863 | |||
864 | case $ac_option in | ||
865 | *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; | ||
866 | *=) ac_optarg= ;; | ||
867 | *) ac_optarg=yes ;; | ||
868 | esac | ||
869 | |||
870 | # Accept the important Cygnus configure options, so we can diagnose typos. | ||
871 | |||
872 | case $ac_dashdash$ac_option in | ||
873 | --) | ||
874 | ac_dashdash=yes ;; | ||
875 | |||
876 | -bindir | --bindir | --bindi | --bind | --bin | --bi) | ||
877 | ac_prev=bindir ;; | ||
878 | -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) | ||
879 | bindir=$ac_optarg ;; | ||
880 | |||
881 | -build | --build | --buil | --bui | --bu) | ||
882 | ac_prev=build_alias ;; | ||
883 | -build=* | --build=* | --buil=* | --bui=* | --bu=*) | ||
884 | build_alias=$ac_optarg ;; | ||
885 | |||
886 | -cache-file | --cache-file | --cache-fil | --cache-fi \ | ||
887 | | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) | ||
888 | ac_prev=cache_file ;; | ||
889 | -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | ||
890 | | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) | ||
891 | cache_file=$ac_optarg ;; | ||
892 | |||
893 | --config-cache | -C) | ||
894 | cache_file=config.cache ;; | ||
895 | |||
896 | -datadir | --datadir | --datadi | --datad) | ||
897 | ac_prev=datadir ;; | ||
898 | -datadir=* | --datadir=* | --datadi=* | --datad=*) | ||
899 | datadir=$ac_optarg ;; | ||
900 | |||
901 | -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | ||
902 | | --dataroo | --dataro | --datar) | ||
903 | ac_prev=datarootdir ;; | ||
904 | -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | ||
905 | | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) | ||
906 | datarootdir=$ac_optarg ;; | ||
907 | |||
908 | -disable-* | --disable-*) | ||
909 | ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` | ||
910 | # Reject names that are not valid shell variable names. | ||
911 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
912 | as_fn_error $? "invalid feature name: $ac_useropt" | ||
913 | ac_useropt_orig=$ac_useropt | ||
914 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
915 | case $ac_user_opts in | ||
916 | *" | ||
917 | "enable_$ac_useropt" | ||
918 | "*) ;; | ||
919 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" | ||
920 | ac_unrecognized_sep=', ';; | ||
921 | esac | ||
922 | eval enable_$ac_useropt=no ;; | ||
923 | |||
924 | -docdir | --docdir | --docdi | --doc | --do) | ||
925 | ac_prev=docdir ;; | ||
926 | -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) | ||
927 | docdir=$ac_optarg ;; | ||
928 | |||
929 | -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) | ||
930 | ac_prev=dvidir ;; | ||
931 | -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) | ||
932 | dvidir=$ac_optarg ;; | ||
933 | |||
934 | -enable-* | --enable-*) | ||
935 | ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` | ||
936 | # Reject names that are not valid shell variable names. | ||
937 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
938 | as_fn_error $? "invalid feature name: $ac_useropt" | ||
939 | ac_useropt_orig=$ac_useropt | ||
940 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
941 | case $ac_user_opts in | ||
942 | *" | ||
943 | "enable_$ac_useropt" | ||
944 | "*) ;; | ||
945 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" | ||
946 | ac_unrecognized_sep=', ';; | ||
947 | esac | ||
948 | eval enable_$ac_useropt=\$ac_optarg ;; | ||
949 | |||
950 | -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | ||
951 | | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | ||
952 | | --exec | --exe | --ex) | ||
953 | ac_prev=exec_prefix ;; | ||
954 | -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | ||
955 | | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | ||
956 | | --exec=* | --exe=* | --ex=*) | ||
957 | exec_prefix=$ac_optarg ;; | ||
958 | |||
959 | -gas | --gas | --ga | --g) | ||
960 | # Obsolete; use --with-gas. | ||
961 | with_gas=yes ;; | ||
962 | |||
963 | -help | --help | --hel | --he | -h) | ||
964 | ac_init_help=long ;; | ||
965 | -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) | ||
966 | ac_init_help=recursive ;; | ||
967 | -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) | ||
968 | ac_init_help=short ;; | ||
969 | |||
970 | -host | --host | --hos | --ho) | ||
971 | ac_prev=host_alias ;; | ||
972 | -host=* | --host=* | --hos=* | --ho=*) | ||
973 | host_alias=$ac_optarg ;; | ||
974 | |||
975 | -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) | ||
976 | ac_prev=htmldir ;; | ||
977 | -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | ||
978 | | --ht=*) | ||
979 | htmldir=$ac_optarg ;; | ||
980 | |||
981 | -includedir | --includedir | --includedi | --included | --include \ | ||
982 | | --includ | --inclu | --incl | --inc) | ||
983 | ac_prev=includedir ;; | ||
984 | -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | ||
985 | | --includ=* | --inclu=* | --incl=* | --inc=*) | ||
986 | includedir=$ac_optarg ;; | ||
987 | |||
988 | -infodir | --infodir | --infodi | --infod | --info | --inf) | ||
989 | ac_prev=infodir ;; | ||
990 | -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) | ||
991 | infodir=$ac_optarg ;; | ||
992 | |||
993 | -libdir | --libdir | --libdi | --libd) | ||
994 | ac_prev=libdir ;; | ||
995 | -libdir=* | --libdir=* | --libdi=* | --libd=*) | ||
996 | libdir=$ac_optarg ;; | ||
997 | |||
998 | -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | ||
999 | | --libexe | --libex | --libe) | ||
1000 | ac_prev=libexecdir ;; | ||
1001 | -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | ||
1002 | | --libexe=* | --libex=* | --libe=*) | ||
1003 | libexecdir=$ac_optarg ;; | ||
1004 | |||
1005 | -localedir | --localedir | --localedi | --localed | --locale) | ||
1006 | ac_prev=localedir ;; | ||
1007 | -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) | ||
1008 | localedir=$ac_optarg ;; | ||
1009 | |||
1010 | -localstatedir | --localstatedir | --localstatedi | --localstated \ | ||
1011 | | --localstate | --localstat | --localsta | --localst | --locals) | ||
1012 | ac_prev=localstatedir ;; | ||
1013 | -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | ||
1014 | | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) | ||
1015 | localstatedir=$ac_optarg ;; | ||
1016 | |||
1017 | -mandir | --mandir | --mandi | --mand | --man | --ma | --m) | ||
1018 | ac_prev=mandir ;; | ||
1019 | -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) | ||
1020 | mandir=$ac_optarg ;; | ||
1021 | |||
1022 | -nfp | --nfp | --nf) | ||
1023 | # Obsolete; use --without-fp. | ||
1024 | with_fp=no ;; | ||
1025 | |||
1026 | -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | ||
1027 | | --no-cr | --no-c | -n) | ||
1028 | no_create=yes ;; | ||
1029 | |||
1030 | -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | ||
1031 | | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) | ||
1032 | no_recursion=yes ;; | ||
1033 | |||
1034 | -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | ||
1035 | | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | ||
1036 | | --oldin | --oldi | --old | --ol | --o) | ||
1037 | ac_prev=oldincludedir ;; | ||
1038 | -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | ||
1039 | | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | ||
1040 | | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) | ||
1041 | oldincludedir=$ac_optarg ;; | ||
1042 | |||
1043 | -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) | ||
1044 | ac_prev=prefix ;; | ||
1045 | -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) | ||
1046 | prefix=$ac_optarg ;; | ||
1047 | |||
1048 | -program-prefix | --program-prefix | --program-prefi | --program-pref \ | ||
1049 | | --program-pre | --program-pr | --program-p) | ||
1050 | ac_prev=program_prefix ;; | ||
1051 | -program-prefix=* | --program-prefix=* | --program-prefi=* \ | ||
1052 | | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) | ||
1053 | program_prefix=$ac_optarg ;; | ||
1054 | |||
1055 | -program-suffix | --program-suffix | --program-suffi | --program-suff \ | ||
1056 | | --program-suf | --program-su | --program-s) | ||
1057 | ac_prev=program_suffix ;; | ||
1058 | -program-suffix=* | --program-suffix=* | --program-suffi=* \ | ||
1059 | | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) | ||
1060 | program_suffix=$ac_optarg ;; | ||
1061 | |||
1062 | -program-transform-name | --program-transform-name \ | ||
1063 | | --program-transform-nam | --program-transform-na \ | ||
1064 | | --program-transform-n | --program-transform- \ | ||
1065 | | --program-transform | --program-transfor \ | ||
1066 | | --program-transfo | --program-transf \ | ||
1067 | | --program-trans | --program-tran \ | ||
1068 | | --progr-tra | --program-tr | --program-t) | ||
1069 | ac_prev=program_transform_name ;; | ||
1070 | -program-transform-name=* | --program-transform-name=* \ | ||
1071 | | --program-transform-nam=* | --program-transform-na=* \ | ||
1072 | | --program-transform-n=* | --program-transform-=* \ | ||
1073 | | --program-transform=* | --program-transfor=* \ | ||
1074 | | --program-transfo=* | --program-transf=* \ | ||
1075 | | --program-trans=* | --program-tran=* \ | ||
1076 | | --progr-tra=* | --program-tr=* | --program-t=*) | ||
1077 | program_transform_name=$ac_optarg ;; | ||
1078 | |||
1079 | -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) | ||
1080 | ac_prev=pdfdir ;; | ||
1081 | -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) | ||
1082 | pdfdir=$ac_optarg ;; | ||
1083 | |||
1084 | -psdir | --psdir | --psdi | --psd | --ps) | ||
1085 | ac_prev=psdir ;; | ||
1086 | -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) | ||
1087 | psdir=$ac_optarg ;; | ||
1088 | |||
1089 | -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | ||
1090 | | -silent | --silent | --silen | --sile | --sil) | ||
1091 | silent=yes ;; | ||
1092 | |||
1093 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) | ||
1094 | ac_prev=sbindir ;; | ||
1095 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | ||
1096 | | --sbi=* | --sb=*) | ||
1097 | sbindir=$ac_optarg ;; | ||
1098 | |||
1099 | -sharedstatedir | --sharedstatedir | --sharedstatedi \ | ||
1100 | | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | ||
1101 | | --sharedst | --shareds | --shared | --share | --shar \ | ||
1102 | | --sha | --sh) | ||
1103 | ac_prev=sharedstatedir ;; | ||
1104 | -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | ||
1105 | | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | ||
1106 | | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | ||
1107 | | --sha=* | --sh=*) | ||
1108 | sharedstatedir=$ac_optarg ;; | ||
1109 | |||
1110 | -site | --site | --sit) | ||
1111 | ac_prev=site ;; | ||
1112 | -site=* | --site=* | --sit=*) | ||
1113 | site=$ac_optarg ;; | ||
1114 | |||
1115 | -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) | ||
1116 | ac_prev=srcdir ;; | ||
1117 | -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) | ||
1118 | srcdir=$ac_optarg ;; | ||
1119 | |||
1120 | -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | ||
1121 | | --syscon | --sysco | --sysc | --sys | --sy) | ||
1122 | ac_prev=sysconfdir ;; | ||
1123 | -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | ||
1124 | | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) | ||
1125 | sysconfdir=$ac_optarg ;; | ||
1126 | |||
1127 | -target | --target | --targe | --targ | --tar | --ta | --t) | ||
1128 | ac_prev=target_alias ;; | ||
1129 | -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) | ||
1130 | target_alias=$ac_optarg ;; | ||
1131 | |||
1132 | -v | -verbose | --verbose | --verbos | --verbo | --verb) | ||
1133 | verbose=yes ;; | ||
1134 | |||
1135 | -version | --version | --versio | --versi | --vers | -V) | ||
1136 | ac_init_version=: ;; | ||
1137 | |||
1138 | -with-* | --with-*) | ||
1139 | ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` | ||
1140 | # Reject names that are not valid shell variable names. | ||
1141 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
1142 | as_fn_error $? "invalid package name: $ac_useropt" | ||
1143 | ac_useropt_orig=$ac_useropt | ||
1144 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
1145 | case $ac_user_opts in | ||
1146 | *" | ||
1147 | "with_$ac_useropt" | ||
1148 | "*) ;; | ||
1149 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" | ||
1150 | ac_unrecognized_sep=', ';; | ||
1151 | esac | ||
1152 | eval with_$ac_useropt=\$ac_optarg ;; | ||
1153 | |||
1154 | -without-* | --without-*) | ||
1155 | ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` | ||
1156 | # Reject names that are not valid shell variable names. | ||
1157 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
1158 | as_fn_error $? "invalid package name: $ac_useropt" | ||
1159 | ac_useropt_orig=$ac_useropt | ||
1160 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
1161 | case $ac_user_opts in | ||
1162 | *" | ||
1163 | "with_$ac_useropt" | ||
1164 | "*) ;; | ||
1165 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" | ||
1166 | ac_unrecognized_sep=', ';; | ||
1167 | esac | ||
1168 | eval with_$ac_useropt=no ;; | ||
1169 | |||
1170 | --x) | ||
1171 | # Obsolete; use --with-x. | ||
1172 | with_x=yes ;; | ||
1173 | |||
1174 | -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | ||
1175 | | --x-incl | --x-inc | --x-in | --x-i) | ||
1176 | ac_prev=x_includes ;; | ||
1177 | -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | ||
1178 | | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) | ||
1179 | x_includes=$ac_optarg ;; | ||
1180 | |||
1181 | -x-libraries | --x-libraries | --x-librarie | --x-librari \ | ||
1182 | | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) | ||
1183 | ac_prev=x_libraries ;; | ||
1184 | -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | ||
1185 | | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) | ||
1186 | x_libraries=$ac_optarg ;; | ||
1187 | |||
1188 | -*) as_fn_error $? "unrecognized option: \`$ac_option' | ||
1189 | Try \`$0 --help' for more information" | ||
1190 | ;; | ||
1191 | |||
1192 | *=*) | ||
1193 | ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` | ||
1194 | # Reject names that are not valid shell variable names. | ||
1195 | case $ac_envvar in #( | ||
1196 | '' | [0-9]* | *[!_$as_cr_alnum]* ) | ||
1197 | as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; | ||
1198 | esac | ||
1199 | eval $ac_envvar=\$ac_optarg | ||
1200 | export $ac_envvar ;; | ||
1201 | |||
1202 | *) | ||
1203 | # FIXME: should be removed in autoconf 3.0. | ||
1204 | $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 | ||
1205 | expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && | ||
1206 | $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 | ||
1207 | : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" | ||
1208 | ;; | ||
1209 | |||
1210 | esac | ||
1211 | done | ||
1212 | |||
1213 | if test -n "$ac_prev"; then | ||
1214 | ac_option=--`echo $ac_prev | sed 's/_/-/g'` | ||
1215 | as_fn_error $? "missing argument to $ac_option" | ||
1216 | fi | ||
1217 | |||
1218 | if test -n "$ac_unrecognized_opts"; then | ||
1219 | case $enable_option_checking in | ||
1220 | no) ;; | ||
1221 | fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; | ||
1222 | *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; | ||
1223 | esac | ||
1224 | fi | ||
1225 | |||
1226 | # Check all directory arguments for consistency. | ||
1227 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ | ||
1228 | datadir sysconfdir sharedstatedir localstatedir includedir \ | ||
1229 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ | ||
1230 | libdir localedir mandir | ||
1231 | do | ||
1232 | eval ac_val=\$$ac_var | ||
1233 | # Remove trailing slashes. | ||
1234 | case $ac_val in | ||
1235 | */ ) | ||
1236 | ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` | ||
1237 | eval $ac_var=\$ac_val;; | ||
1238 | esac | ||
1239 | # Be sure to have absolute directory names. | ||
1240 | case $ac_val in | ||
1241 | [\\/$]* | ?:[\\/]* ) continue;; | ||
1242 | NONE | '' ) case $ac_var in *prefix ) continue;; esac;; | ||
1243 | esac | ||
1244 | as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" | ||
1245 | done | ||
1246 | |||
1247 | # There might be people who depend on the old broken behavior: `$host' | ||
1248 | # used to hold the argument of --host etc. | ||
1249 | # FIXME: To remove some day. | ||
1250 | build=$build_alias | ||
1251 | host=$host_alias | ||
1252 | target=$target_alias | ||
1253 | |||
1254 | # FIXME: To remove some day. | ||
1255 | if test "x$host_alias" != x; then | ||
1256 | if test "x$build_alias" = x; then | ||
1257 | cross_compiling=maybe | ||
1258 | elif test "x$build_alias" != "x$host_alias"; then | ||
1259 | cross_compiling=yes | ||
1260 | fi | ||
1261 | fi | ||
1262 | |||
1263 | ac_tool_prefix= | ||
1264 | test -n "$host_alias" && ac_tool_prefix=$host_alias- | ||
1265 | |||
1266 | test "$silent" = yes && exec 6>/dev/null | ||
1267 | |||
1268 | |||
1269 | ac_pwd=`pwd` && test -n "$ac_pwd" && | ||
1270 | ac_ls_di=`ls -di .` && | ||
1271 | ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || | ||
1272 | as_fn_error $? "working directory cannot be determined" | ||
1273 | test "X$ac_ls_di" = "X$ac_pwd_ls_di" || | ||
1274 | as_fn_error $? "pwd does not report name of working directory" | ||
1275 | |||
1276 | |||
1277 | # Find the source files, if location was not specified. | ||
1278 | if test -z "$srcdir"; then | ||
1279 | ac_srcdir_defaulted=yes | ||
1280 | # Try the directory containing this script, then the parent directory. | ||
1281 | ac_confdir=`$as_dirname -- "$as_myself" || | ||
1282 | $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
1283 | X"$as_myself" : 'X\(//\)[^/]' \| \ | ||
1284 | X"$as_myself" : 'X\(//\)$' \| \ | ||
1285 | X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || | ||
1286 | $as_echo X"$as_myself" | | ||
1287 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
1288 | s//\1/ | ||
1289 | q | ||
1290 | } | ||
1291 | /^X\(\/\/\)[^/].*/{ | ||
1292 | s//\1/ | ||
1293 | q | ||
1294 | } | ||
1295 | /^X\(\/\/\)$/{ | ||
1296 | s//\1/ | ||
1297 | q | ||
1298 | } | ||
1299 | /^X\(\/\).*/{ | ||
1300 | s//\1/ | ||
1301 | q | ||
1302 | } | ||
1303 | s/.*/./; q'` | ||
1304 | srcdir=$ac_confdir | ||
1305 | if test ! -r "$srcdir/$ac_unique_file"; then | ||
1306 | srcdir=.. | ||
1307 | fi | ||
1308 | else | ||
1309 | ac_srcdir_defaulted=no | ||
1310 | fi | ||
1311 | if test ! -r "$srcdir/$ac_unique_file"; then | ||
1312 | test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." | ||
1313 | as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" | ||
1314 | fi | ||
1315 | ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" | ||
1316 | ac_abs_confdir=`( | ||
1317 | cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" | ||
1318 | pwd)` | ||
1319 | # When building in place, set srcdir=. | ||
1320 | if test "$ac_abs_confdir" = "$ac_pwd"; then | ||
1321 | srcdir=. | ||
1322 | fi | ||
1323 | # Remove unnecessary trailing slashes from srcdir. | ||
1324 | # Double slashes in file names in object file debugging info | ||
1325 | # mess up M-x gdb in Emacs. | ||
1326 | case $srcdir in | ||
1327 | */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; | ||
1328 | esac | ||
1329 | for ac_var in $ac_precious_vars; do | ||
1330 | eval ac_env_${ac_var}_set=\${${ac_var}+set} | ||
1331 | eval ac_env_${ac_var}_value=\$${ac_var} | ||
1332 | eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} | ||
1333 | eval ac_cv_env_${ac_var}_value=\$${ac_var} | ||
1334 | done | ||
1335 | |||
1336 | # | ||
1337 | # Report the --help message. | ||
1338 | # | ||
1339 | if test "$ac_init_help" = "long"; then | ||
1340 | # Omit some internal or obsolete options to make the list less imposing. | ||
1341 | # This message is too long to be a string in the A/UX 3.1 sh. | ||
1342 | cat <<_ACEOF | ||
1343 | \`configure' configures OpenSSH Portable to adapt to many kinds of systems. | ||
1344 | |||
1345 | Usage: $0 [OPTION]... [VAR=VALUE]... | ||
1346 | |||
1347 | To assign environment variables (e.g., CC, CFLAGS...), specify them as | ||
1348 | VAR=VALUE. See below for descriptions of some of the useful variables. | ||
1349 | |||
1350 | Defaults for the options are specified in brackets. | ||
1351 | |||
1352 | Configuration: | ||
1353 | -h, --help display this help and exit | ||
1354 | --help=short display options specific to this package | ||
1355 | --help=recursive display the short help of all the included packages | ||
1356 | -V, --version display version information and exit | ||
1357 | -q, --quiet, --silent do not print \`checking ...' messages | ||
1358 | --cache-file=FILE cache test results in FILE [disabled] | ||
1359 | -C, --config-cache alias for \`--cache-file=config.cache' | ||
1360 | -n, --no-create do not create output files | ||
1361 | --srcdir=DIR find the sources in DIR [configure dir or \`..'] | ||
1362 | |||
1363 | Installation directories: | ||
1364 | --prefix=PREFIX install architecture-independent files in PREFIX | ||
1365 | [$ac_default_prefix] | ||
1366 | --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX | ||
1367 | [PREFIX] | ||
1368 | |||
1369 | By default, \`make install' will install all the files in | ||
1370 | \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify | ||
1371 | an installation prefix other than \`$ac_default_prefix' using \`--prefix', | ||
1372 | for instance \`--prefix=\$HOME'. | ||
1373 | |||
1374 | For better control, use the options below. | ||
1375 | |||
1376 | Fine tuning of the installation directories: | ||
1377 | --bindir=DIR user executables [EPREFIX/bin] | ||
1378 | --sbindir=DIR system admin executables [EPREFIX/sbin] | ||
1379 | --libexecdir=DIR program executables [EPREFIX/libexec] | ||
1380 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | ||
1381 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | ||
1382 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | ||
1383 | --libdir=DIR object code libraries [EPREFIX/lib] | ||
1384 | --includedir=DIR C header files [PREFIX/include] | ||
1385 | --oldincludedir=DIR C header files for non-gcc [/usr/include] | ||
1386 | --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] | ||
1387 | --datadir=DIR read-only architecture-independent data [DATAROOTDIR] | ||
1388 | --infodir=DIR info documentation [DATAROOTDIR/info] | ||
1389 | --localedir=DIR locale-dependent data [DATAROOTDIR/locale] | ||
1390 | --mandir=DIR man documentation [DATAROOTDIR/man] | ||
1391 | --docdir=DIR documentation root [DATAROOTDIR/doc/openssh] | ||
1392 | --htmldir=DIR html documentation [DOCDIR] | ||
1393 | --dvidir=DIR dvi documentation [DOCDIR] | ||
1394 | --pdfdir=DIR pdf documentation [DOCDIR] | ||
1395 | --psdir=DIR ps documentation [DOCDIR] | ||
1396 | _ACEOF | ||
1397 | |||
1398 | cat <<\_ACEOF | ||
1399 | |||
1400 | System types: | ||
1401 | --build=BUILD configure for building on BUILD [guessed] | ||
1402 | --host=HOST cross-compile to build programs to run on HOST [BUILD] | ||
1403 | _ACEOF | ||
1404 | fi | ||
1405 | |||
1406 | if test -n "$ac_init_help"; then | ||
1407 | case $ac_init_help in | ||
1408 | short | recursive ) echo "Configuration of OpenSSH Portable:";; | ||
1409 | esac | ||
1410 | cat <<\_ACEOF | ||
1411 | |||
1412 | Optional Features: | ||
1413 | --disable-option-checking ignore unrecognized --enable/--with options | ||
1414 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) | ||
1415 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | ||
1416 | --disable-largefile omit support for large files | ||
1417 | --disable-pkcs11 disable PKCS#11 support code [no] | ||
1418 | --disable-strip Disable calling strip(1) on install | ||
1419 | --disable-etc-default-login Disable using PATH from /etc/default/login no | ||
1420 | --disable-lastlog disable use of lastlog even if detected no | ||
1421 | --disable-utmp disable use of utmp even if detected no | ||
1422 | --disable-utmpx disable use of utmpx even if detected no | ||
1423 | --disable-wtmp disable use of wtmp even if detected no | ||
1424 | --disable-wtmpx disable use of wtmpx even if detected no | ||
1425 | --disable-libutil disable use of libutil (login() etc.) no | ||
1426 | --disable-pututline disable use of pututline() etc. (uwtmp) no | ||
1427 | --disable-pututxline disable use of pututxline() etc. (uwtmpx) no | ||
1428 | |||
1429 | Optional Packages: | ||
1430 | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] | ||
1431 | --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) | ||
1432 | --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** | ||
1433 | --without-stackprotect Don't use compiler's stack protection | ||
1434 | --without-hardening Don't use toolchain hardening flags | ||
1435 | --without-rpath Disable auto-added -R linker paths | ||
1436 | --with-cflags Specify additional flags to pass to compiler | ||
1437 | --with-cflags-after Specify additional flags to pass to compiler after configure | ||
1438 | --with-cppflags Specify additional flags to pass to preprocessor | ||
1439 | --with-ldflags Specify additional flags to pass to linker | ||
1440 | --with-ldflags-after Specify additional flags to pass to linker after configure | ||
1441 | --with-libs Specify additional libraries to link with | ||
1442 | --with-Werror Build main code with -Werror | ||
1443 | --with-solaris-contracts Enable Solaris process contracts (experimental) | ||
1444 | --with-solaris-projects Enable Solaris projects (experimental) | ||
1445 | --with-solaris-privs Enable Solaris/Illumos privileges (experimental) | ||
1446 | --with-osfsia Enable Digital Unix SIA | ||
1447 | --with-zlib=PATH Use zlib in PATH | ||
1448 | --without-zlib-version-check Disable zlib version check | ||
1449 | --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) | ||
1450 | --with-libedit[=PATH] Enable libedit support for sftp | ||
1451 | --with-audit=module Enable audit support (modules=debug,bsm,linux) | ||
1452 | --with-pie Build Position Independent Executables if possible | ||
1453 | --with-ssl-dir=PATH Specify path to OpenSSL installation | ||
1454 | --without-openssl-header-check Disable OpenSSL version consistency check | ||
1455 | --with-ssl-engine Enable OpenSSL (hardware) ENGINE support | ||
1456 | --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT | ||
1457 | --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) | ||
1458 | --with-pam Enable PAM support | ||
1459 | --with-pam-service=name Specify PAM service name | ||
1460 | --with-privsep-user=user Specify non-privileged user for privilege separation | ||
1461 | --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge) | ||
1462 | --with-selinux Enable SELinux support | ||
1463 | --with-kerberos5=PATH Enable Kerberos 5 support | ||
1464 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | ||
1465 | --with-xauth=PATH Specify path to xauth program | ||
1466 | --with-maildir=/path/to/mail Specify your system mail directory | ||
1467 | --with-mantype=man|cat|doc Set man page type | ||
1468 | --with-md5-passwords Enable use of MD5 passwords | ||
1469 | --without-shadow Disable shadow password support | ||
1470 | --with-ipaddr-display Use ip address instead of hostname in $DISPLAY | ||
1471 | --with-default-path= Specify default $PATH environment for server | ||
1472 | --with-superuser-path= Specify different path for super-user | ||
1473 | --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses | ||
1474 | --with-bsd-auth Enable BSD auth support | ||
1475 | --with-pid-dir=PATH Specify location of sshd.pid file | ||
1476 | --with-lastlog=FILE|DIR specify lastlog location common locations | ||
1477 | |||
1478 | Some influential environment variables: | ||
1479 | CC C compiler command | ||
1480 | CFLAGS C compiler flags | ||
1481 | LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a | ||
1482 | nonstandard directory <lib dir> | ||
1483 | LIBS libraries to pass to the linker, e.g. -l<library> | ||
1484 | CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if | ||
1485 | you have headers in a nonstandard directory <include dir> | ||
1486 | CPP C preprocessor | ||
1487 | |||
1488 | Use these variables to override the choices made by `configure' or to help | ||
1489 | it to find libraries and programs with nonstandard names/locations. | ||
1490 | |||
1491 | Report bugs to <openssh-unix-dev@mindrot.org>. | ||
1492 | _ACEOF | ||
1493 | ac_status=$? | ||
1494 | fi | ||
1495 | |||
1496 | if test "$ac_init_help" = "recursive"; then | ||
1497 | # If there are subdirs, report their specific --help. | ||
1498 | for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue | ||
1499 | test -d "$ac_dir" || | ||
1500 | { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || | ||
1501 | continue | ||
1502 | ac_builddir=. | ||
1503 | |||
1504 | case "$ac_dir" in | ||
1505 | .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
1506 | *) | ||
1507 | ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` | ||
1508 | # A ".." for each directory in $ac_dir_suffix. | ||
1509 | ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` | ||
1510 | case $ac_top_builddir_sub in | ||
1511 | "") ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
1512 | *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; | ||
1513 | esac ;; | ||
1514 | esac | ||
1515 | ac_abs_top_builddir=$ac_pwd | ||
1516 | ac_abs_builddir=$ac_pwd$ac_dir_suffix | ||
1517 | # for backward compatibility: | ||
1518 | ac_top_builddir=$ac_top_build_prefix | ||
1519 | |||
1520 | case $srcdir in | ||
1521 | .) # We are building in place. | ||
1522 | ac_srcdir=. | ||
1523 | ac_top_srcdir=$ac_top_builddir_sub | ||
1524 | ac_abs_top_srcdir=$ac_pwd ;; | ||
1525 | [\\/]* | ?:[\\/]* ) # Absolute name. | ||
1526 | ac_srcdir=$srcdir$ac_dir_suffix; | ||
1527 | ac_top_srcdir=$srcdir | ||
1528 | ac_abs_top_srcdir=$srcdir ;; | ||
1529 | *) # Relative name. | ||
1530 | ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix | ||
1531 | ac_top_srcdir=$ac_top_build_prefix$srcdir | ||
1532 | ac_abs_top_srcdir=$ac_pwd/$srcdir ;; | ||
1533 | esac | ||
1534 | ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix | ||
1535 | |||
1536 | cd "$ac_dir" || { ac_status=$?; continue; } | ||
1537 | # Check for guested configure. | ||
1538 | if test -f "$ac_srcdir/configure.gnu"; then | ||
1539 | echo && | ||
1540 | $SHELL "$ac_srcdir/configure.gnu" --help=recursive | ||
1541 | elif test -f "$ac_srcdir/configure"; then | ||
1542 | echo && | ||
1543 | $SHELL "$ac_srcdir/configure" --help=recursive | ||
1544 | else | ||
1545 | $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 | ||
1546 | fi || ac_status=$? | ||
1547 | cd "$ac_pwd" || { ac_status=$?; break; } | ||
1548 | done | ||
1549 | fi | ||
1550 | |||
1551 | test -n "$ac_init_help" && exit $ac_status | ||
1552 | if $ac_init_version; then | ||
1553 | cat <<\_ACEOF | ||
1554 | OpenSSH configure Portable | ||
1555 | generated by GNU Autoconf 2.69 | ||
1556 | |||
1557 | Copyright (C) 2012 Free Software Foundation, Inc. | ||
1558 | This configure script is free software; the Free Software Foundation | ||
1559 | gives unlimited permission to copy, distribute and modify it. | ||
1560 | _ACEOF | ||
1561 | exit | ||
1562 | fi | ||
1563 | |||
1564 | ## ------------------------ ## | ||
1565 | ## Autoconf initialization. ## | ||
1566 | ## ------------------------ ## | ||
1567 | |||
1568 | # ac_fn_c_try_compile LINENO | ||
1569 | # -------------------------- | ||
1570 | # Try to compile conftest.$ac_ext, and return whether this succeeded. | ||
1571 | ac_fn_c_try_compile () | ||
1572 | { | ||
1573 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1574 | rm -f conftest.$ac_objext | ||
1575 | if { { ac_try="$ac_compile" | ||
1576 | case "(($ac_try" in | ||
1577 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1578 | *) ac_try_echo=$ac_try;; | ||
1579 | esac | ||
1580 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1581 | $as_echo "$ac_try_echo"; } >&5 | ||
1582 | (eval "$ac_compile") 2>conftest.err | ||
1583 | ac_status=$? | ||
1584 | if test -s conftest.err; then | ||
1585 | grep -v '^ *+' conftest.err >conftest.er1 | ||
1586 | cat conftest.er1 >&5 | ||
1587 | mv -f conftest.er1 conftest.err | ||
1588 | fi | ||
1589 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1590 | test $ac_status = 0; } && { | ||
1591 | test -z "$ac_c_werror_flag" || | ||
1592 | test ! -s conftest.err | ||
1593 | } && test -s conftest.$ac_objext; then : | ||
1594 | ac_retval=0 | ||
1595 | else | ||
1596 | $as_echo "$as_me: failed program was:" >&5 | ||
1597 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1598 | |||
1599 | ac_retval=1 | ||
1600 | fi | ||
1601 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1602 | as_fn_set_status $ac_retval | ||
1603 | |||
1604 | } # ac_fn_c_try_compile | ||
1605 | |||
1606 | # ac_fn_c_try_run LINENO | ||
1607 | # ---------------------- | ||
1608 | # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes | ||
1609 | # that executables *can* be run. | ||
1610 | ac_fn_c_try_run () | ||
1611 | { | ||
1612 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1613 | if { { ac_try="$ac_link" | ||
1614 | case "(($ac_try" in | ||
1615 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1616 | *) ac_try_echo=$ac_try;; | ||
1617 | esac | ||
1618 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1619 | $as_echo "$ac_try_echo"; } >&5 | ||
1620 | (eval "$ac_link") 2>&5 | ||
1621 | ac_status=$? | ||
1622 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1623 | test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' | ||
1624 | { { case "(($ac_try" in | ||
1625 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1626 | *) ac_try_echo=$ac_try;; | ||
1627 | esac | ||
1628 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1629 | $as_echo "$ac_try_echo"; } >&5 | ||
1630 | (eval "$ac_try") 2>&5 | ||
1631 | ac_status=$? | ||
1632 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1633 | test $ac_status = 0; }; }; then : | ||
1634 | ac_retval=0 | ||
1635 | else | ||
1636 | $as_echo "$as_me: program exited with status $ac_status" >&5 | ||
1637 | $as_echo "$as_me: failed program was:" >&5 | ||
1638 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1639 | |||
1640 | ac_retval=$ac_status | ||
1641 | fi | ||
1642 | rm -rf conftest.dSYM conftest_ipa8_conftest.oo | ||
1643 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1644 | as_fn_set_status $ac_retval | ||
1645 | |||
1646 | } # ac_fn_c_try_run | ||
1647 | |||
1648 | # ac_fn_c_try_cpp LINENO | ||
1649 | # ---------------------- | ||
1650 | # Try to preprocess conftest.$ac_ext, and return whether this succeeded. | ||
1651 | ac_fn_c_try_cpp () | ||
1652 | { | ||
1653 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1654 | if { { ac_try="$ac_cpp conftest.$ac_ext" | ||
1655 | case "(($ac_try" in | ||
1656 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1657 | *) ac_try_echo=$ac_try;; | ||
1658 | esac | ||
1659 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1660 | $as_echo "$ac_try_echo"; } >&5 | ||
1661 | (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err | ||
1662 | ac_status=$? | ||
1663 | if test -s conftest.err; then | ||
1664 | grep -v '^ *+' conftest.err >conftest.er1 | ||
1665 | cat conftest.er1 >&5 | ||
1666 | mv -f conftest.er1 conftest.err | ||
1667 | fi | ||
1668 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1669 | test $ac_status = 0; } > conftest.i && { | ||
1670 | test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || | ||
1671 | test ! -s conftest.err | ||
1672 | }; then : | ||
1673 | ac_retval=0 | ||
1674 | else | ||
1675 | $as_echo "$as_me: failed program was:" >&5 | ||
1676 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1677 | |||
1678 | ac_retval=1 | ||
1679 | fi | ||
1680 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1681 | as_fn_set_status $ac_retval | ||
1682 | |||
1683 | } # ac_fn_c_try_cpp | ||
1684 | |||
1685 | # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES | ||
1686 | # ------------------------------------------------------- | ||
1687 | # Tests whether HEADER exists and can be compiled using the include files in | ||
1688 | # INCLUDES, setting the cache variable VAR accordingly. | ||
1689 | ac_fn_c_check_header_compile () | ||
1690 | { | ||
1691 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1692 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1693 | $as_echo_n "checking for $2... " >&6; } | ||
1694 | if eval \${$3+:} false; then : | ||
1695 | $as_echo_n "(cached) " >&6 | ||
1696 | else | ||
1697 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1698 | /* end confdefs.h. */ | ||
1699 | $4 | ||
1700 | #include <$2> | ||
1701 | _ACEOF | ||
1702 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1703 | eval "$3=yes" | ||
1704 | else | ||
1705 | eval "$3=no" | ||
1706 | fi | ||
1707 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
1708 | fi | ||
1709 | eval ac_res=\$$3 | ||
1710 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1711 | $as_echo "$ac_res" >&6; } | ||
1712 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1713 | |||
1714 | } # ac_fn_c_check_header_compile | ||
1715 | |||
1716 | # ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES | ||
1717 | # --------------------------------------------- | ||
1718 | # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR | ||
1719 | # accordingly. | ||
1720 | ac_fn_c_check_decl () | ||
1721 | { | ||
1722 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1723 | as_decl_name=`echo $2|sed 's/ *(.*//'` | ||
1724 | as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` | ||
1725 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 | ||
1726 | $as_echo_n "checking whether $as_decl_name is declared... " >&6; } | ||
1727 | if eval \${$3+:} false; then : | ||
1728 | $as_echo_n "(cached) " >&6 | ||
1729 | else | ||
1730 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1731 | /* end confdefs.h. */ | ||
1732 | $4 | ||
1733 | int | ||
1734 | main () | ||
1735 | { | ||
1736 | #ifndef $as_decl_name | ||
1737 | #ifdef __cplusplus | ||
1738 | (void) $as_decl_use; | ||
1739 | #else | ||
1740 | (void) $as_decl_name; | ||
1741 | #endif | ||
1742 | #endif | ||
1743 | |||
1744 | ; | ||
1745 | return 0; | ||
1746 | } | ||
1747 | _ACEOF | ||
1748 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1749 | eval "$3=yes" | ||
1750 | else | ||
1751 | eval "$3=no" | ||
1752 | fi | ||
1753 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
1754 | fi | ||
1755 | eval ac_res=\$$3 | ||
1756 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1757 | $as_echo "$ac_res" >&6; } | ||
1758 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1759 | |||
1760 | } # ac_fn_c_check_decl | ||
1761 | |||
1762 | # ac_fn_c_try_link LINENO | ||
1763 | # ----------------------- | ||
1764 | # Try to link conftest.$ac_ext, and return whether this succeeded. | ||
1765 | ac_fn_c_try_link () | ||
1766 | { | ||
1767 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1768 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
1769 | if { { ac_try="$ac_link" | ||
1770 | case "(($ac_try" in | ||
1771 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1772 | *) ac_try_echo=$ac_try;; | ||
1773 | esac | ||
1774 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1775 | $as_echo "$ac_try_echo"; } >&5 | ||
1776 | (eval "$ac_link") 2>conftest.err | ||
1777 | ac_status=$? | ||
1778 | if test -s conftest.err; then | ||
1779 | grep -v '^ *+' conftest.err >conftest.er1 | ||
1780 | cat conftest.er1 >&5 | ||
1781 | mv -f conftest.er1 conftest.err | ||
1782 | fi | ||
1783 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1784 | test $ac_status = 0; } && { | ||
1785 | test -z "$ac_c_werror_flag" || | ||
1786 | test ! -s conftest.err | ||
1787 | } && test -s conftest$ac_exeext && { | ||
1788 | test "$cross_compiling" = yes || | ||
1789 | test -x conftest$ac_exeext | ||
1790 | }; then : | ||
1791 | ac_retval=0 | ||
1792 | else | ||
1793 | $as_echo "$as_me: failed program was:" >&5 | ||
1794 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1795 | |||
1796 | ac_retval=1 | ||
1797 | fi | ||
1798 | # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information | ||
1799 | # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would | ||
1800 | # interfere with the next link command; also delete a directory that is | ||
1801 | # left behind by Apple's compiler. We do this before executing the actions. | ||
1802 | rm -rf conftest.dSYM conftest_ipa8_conftest.oo | ||
1803 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1804 | as_fn_set_status $ac_retval | ||
1805 | |||
1806 | } # ac_fn_c_try_link | ||
1807 | |||
1808 | # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES | ||
1809 | # ------------------------------------------------------- | ||
1810 | # Tests whether HEADER exists, giving a warning if it cannot be compiled using | ||
1811 | # the include files in INCLUDES and setting the cache variable VAR | ||
1812 | # accordingly. | ||
1813 | ac_fn_c_check_header_mongrel () | ||
1814 | { | ||
1815 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1816 | if eval \${$3+:} false; then : | ||
1817 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1818 | $as_echo_n "checking for $2... " >&6; } | ||
1819 | if eval \${$3+:} false; then : | ||
1820 | $as_echo_n "(cached) " >&6 | ||
1821 | fi | ||
1822 | eval ac_res=\$$3 | ||
1823 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1824 | $as_echo "$ac_res" >&6; } | ||
1825 | else | ||
1826 | # Is the header compilable? | ||
1827 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 | ||
1828 | $as_echo_n "checking $2 usability... " >&6; } | ||
1829 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1830 | /* end confdefs.h. */ | ||
1831 | $4 | ||
1832 | #include <$2> | ||
1833 | _ACEOF | ||
1834 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1835 | ac_header_compiler=yes | ||
1836 | else | ||
1837 | ac_header_compiler=no | ||
1838 | fi | ||
1839 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
1840 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 | ||
1841 | $as_echo "$ac_header_compiler" >&6; } | ||
1842 | |||
1843 | # Is the header present? | ||
1844 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 | ||
1845 | $as_echo_n "checking $2 presence... " >&6; } | ||
1846 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1847 | /* end confdefs.h. */ | ||
1848 | #include <$2> | ||
1849 | _ACEOF | ||
1850 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
1851 | ac_header_preproc=yes | ||
1852 | else | ||
1853 | ac_header_preproc=no | ||
1854 | fi | ||
1855 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
1856 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 | ||
1857 | $as_echo "$ac_header_preproc" >&6; } | ||
1858 | |||
1859 | # So? What about this header? | ||
1860 | case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( | ||
1861 | yes:no: ) | ||
1862 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 | ||
1863 | $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} | ||
1864 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 | ||
1865 | $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} | ||
1866 | ;; | ||
1867 | no:yes:* ) | ||
1868 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 | ||
1869 | $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} | ||
1870 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 | ||
1871 | $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} | ||
1872 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 | ||
1873 | $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} | ||
1874 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 | ||
1875 | $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} | ||
1876 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 | ||
1877 | $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} | ||
1878 | ( $as_echo "## ------------------------------------------- ## | ||
1879 | ## Report this to openssh-unix-dev@mindrot.org ## | ||
1880 | ## ------------------------------------------- ##" | ||
1881 | ) | sed "s/^/$as_me: WARNING: /" >&2 | ||
1882 | ;; | ||
1883 | esac | ||
1884 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1885 | $as_echo_n "checking for $2... " >&6; } | ||
1886 | if eval \${$3+:} false; then : | ||
1887 | $as_echo_n "(cached) " >&6 | ||
1888 | else | ||
1889 | eval "$3=\$ac_header_compiler" | ||
1890 | fi | ||
1891 | eval ac_res=\$$3 | ||
1892 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1893 | $as_echo "$ac_res" >&6; } | ||
1894 | fi | ||
1895 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1896 | |||
1897 | } # ac_fn_c_check_header_mongrel | ||
1898 | |||
1899 | # ac_fn_c_check_func LINENO FUNC VAR | ||
1900 | # ---------------------------------- | ||
1901 | # Tests whether FUNC exists, setting the cache variable VAR accordingly | ||
1902 | ac_fn_c_check_func () | ||
1903 | { | ||
1904 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1905 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1906 | $as_echo_n "checking for $2... " >&6; } | ||
1907 | if eval \${$3+:} false; then : | ||
1908 | $as_echo_n "(cached) " >&6 | ||
1909 | else | ||
1910 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1911 | /* end confdefs.h. */ | ||
1912 | /* Define $2 to an innocuous variant, in case <limits.h> declares $2. | ||
1913 | For example, HP-UX 11i <limits.h> declares gettimeofday. */ | ||
1914 | #define $2 innocuous_$2 | ||
1915 | |||
1916 | /* System header to define __stub macros and hopefully few prototypes, | ||
1917 | which can conflict with char $2 (); below. | ||
1918 | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
1919 | <limits.h> exists even on freestanding compilers. */ | ||
1920 | |||
1921 | #ifdef __STDC__ | ||
1922 | # include <limits.h> | ||
1923 | #else | ||
1924 | # include <assert.h> | ||
1925 | #endif | ||
1926 | |||
1927 | #undef $2 | ||
1928 | |||
1929 | /* Override any GCC internal prototype to avoid an error. | ||
1930 | Use char because int might match the return type of a GCC | ||
1931 | builtin and then its argument prototype would still apply. */ | ||
1932 | #ifdef __cplusplus | ||
1933 | extern "C" | ||
1934 | #endif | ||
1935 | char $2 (); | ||
1936 | /* The GNU C library defines this for functions which it implements | ||
1937 | to always fail with ENOSYS. Some functions are actually named | ||
1938 | something starting with __ and the normal name is an alias. */ | ||
1939 | #if defined __stub_$2 || defined __stub___$2 | ||
1940 | choke me | ||
1941 | #endif | ||
1942 | |||
1943 | int | ||
1944 | main () | ||
1945 | { | ||
1946 | return $2 (); | ||
1947 | ; | ||
1948 | return 0; | ||
1949 | } | ||
1950 | _ACEOF | ||
1951 | if ac_fn_c_try_link "$LINENO"; then : | ||
1952 | eval "$3=yes" | ||
1953 | else | ||
1954 | eval "$3=no" | ||
1955 | fi | ||
1956 | rm -f core conftest.err conftest.$ac_objext \ | ||
1957 | conftest$ac_exeext conftest.$ac_ext | ||
1958 | fi | ||
1959 | eval ac_res=\$$3 | ||
1960 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1961 | $as_echo "$ac_res" >&6; } | ||
1962 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1963 | |||
1964 | } # ac_fn_c_check_func | ||
1965 | |||
1966 | # ac_fn_c_check_type LINENO TYPE VAR INCLUDES | ||
1967 | # ------------------------------------------- | ||
1968 | # Tests whether TYPE exists after having included INCLUDES, setting cache | ||
1969 | # variable VAR accordingly. | ||
1970 | ac_fn_c_check_type () | ||
1971 | { | ||
1972 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1973 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1974 | $as_echo_n "checking for $2... " >&6; } | ||
1975 | if eval \${$3+:} false; then : | ||
1976 | $as_echo_n "(cached) " >&6 | ||
1977 | else | ||
1978 | eval "$3=no" | ||
1979 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1980 | /* end confdefs.h. */ | ||
1981 | $4 | ||
1982 | int | ||
1983 | main () | ||
1984 | { | ||
1985 | if (sizeof ($2)) | ||
1986 | return 0; | ||
1987 | ; | ||
1988 | return 0; | ||
1989 | } | ||
1990 | _ACEOF | ||
1991 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1992 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1993 | /* end confdefs.h. */ | ||
1994 | $4 | ||
1995 | int | ||
1996 | main () | ||
1997 | { | ||
1998 | if (sizeof (($2))) | ||
1999 | return 0; | ||
2000 | ; | ||
2001 | return 0; | ||
2002 | } | ||
2003 | _ACEOF | ||
2004 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2005 | |||
2006 | else | ||
2007 | eval "$3=yes" | ||
2008 | fi | ||
2009 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2010 | fi | ||
2011 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2012 | fi | ||
2013 | eval ac_res=\$$3 | ||
2014 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
2015 | $as_echo "$ac_res" >&6; } | ||
2016 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
2017 | |||
2018 | } # ac_fn_c_check_type | ||
2019 | |||
2020 | # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES | ||
2021 | # -------------------------------------------- | ||
2022 | # Tries to find the compile-time value of EXPR in a program that includes | ||
2023 | # INCLUDES, setting VAR accordingly. Returns whether the value could be | ||
2024 | # computed | ||
2025 | ac_fn_c_compute_int () | ||
2026 | { | ||
2027 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
2028 | if test "$cross_compiling" = yes; then | ||
2029 | # Depending upon the size, compute the lo and hi bounds. | ||
2030 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2031 | /* end confdefs.h. */ | ||
2032 | $4 | ||
2033 | int | ||
2034 | main () | ||
2035 | { | ||
2036 | static int test_array [1 - 2 * !(($2) >= 0)]; | ||
2037 | test_array [0] = 0; | ||
2038 | return test_array [0]; | ||
2039 | |||
2040 | ; | ||
2041 | return 0; | ||
2042 | } | ||
2043 | _ACEOF | ||
2044 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2045 | ac_lo=0 ac_mid=0 | ||
2046 | while :; do | ||
2047 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2048 | /* end confdefs.h. */ | ||
2049 | $4 | ||
2050 | int | ||
2051 | main () | ||
2052 | { | ||
2053 | static int test_array [1 - 2 * !(($2) <= $ac_mid)]; | ||
2054 | test_array [0] = 0; | ||
2055 | return test_array [0]; | ||
2056 | |||
2057 | ; | ||
2058 | return 0; | ||
2059 | } | ||
2060 | _ACEOF | ||
2061 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2062 | ac_hi=$ac_mid; break | ||
2063 | else | ||
2064 | as_fn_arith $ac_mid + 1 && ac_lo=$as_val | ||
2065 | if test $ac_lo -le $ac_mid; then | ||
2066 | ac_lo= ac_hi= | ||
2067 | break | ||
2068 | fi | ||
2069 | as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val | ||
2070 | fi | ||
2071 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2072 | done | ||
2073 | else | ||
2074 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2075 | /* end confdefs.h. */ | ||
2076 | $4 | ||
2077 | int | ||
2078 | main () | ||
2079 | { | ||
2080 | static int test_array [1 - 2 * !(($2) < 0)]; | ||
2081 | test_array [0] = 0; | ||
2082 | return test_array [0]; | ||
2083 | |||
2084 | ; | ||
2085 | return 0; | ||
2086 | } | ||
2087 | _ACEOF | ||
2088 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2089 | ac_hi=-1 ac_mid=-1 | ||
2090 | while :; do | ||
2091 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2092 | /* end confdefs.h. */ | ||
2093 | $4 | ||
2094 | int | ||
2095 | main () | ||
2096 | { | ||
2097 | static int test_array [1 - 2 * !(($2) >= $ac_mid)]; | ||
2098 | test_array [0] = 0; | ||
2099 | return test_array [0]; | ||
2100 | |||
2101 | ; | ||
2102 | return 0; | ||
2103 | } | ||
2104 | _ACEOF | ||
2105 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2106 | ac_lo=$ac_mid; break | ||
2107 | else | ||
2108 | as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val | ||
2109 | if test $ac_mid -le $ac_hi; then | ||
2110 | ac_lo= ac_hi= | ||
2111 | break | ||
2112 | fi | ||
2113 | as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val | ||
2114 | fi | ||
2115 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2116 | done | ||
2117 | else | ||
2118 | ac_lo= ac_hi= | ||
2119 | fi | ||
2120 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2121 | fi | ||
2122 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2123 | # Binary search between lo and hi bounds. | ||
2124 | while test "x$ac_lo" != "x$ac_hi"; do | ||
2125 | as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val | ||
2126 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2127 | /* end confdefs.h. */ | ||
2128 | $4 | ||
2129 | int | ||
2130 | main () | ||
2131 | { | ||
2132 | static int test_array [1 - 2 * !(($2) <= $ac_mid)]; | ||
2133 | test_array [0] = 0; | ||
2134 | return test_array [0]; | ||
2135 | |||
2136 | ; | ||
2137 | return 0; | ||
2138 | } | ||
2139 | _ACEOF | ||
2140 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2141 | ac_hi=$ac_mid | ||
2142 | else | ||
2143 | as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val | ||
2144 | fi | ||
2145 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2146 | done | ||
2147 | case $ac_lo in #(( | ||
2148 | ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; | ||
2149 | '') ac_retval=1 ;; | ||
2150 | esac | ||
2151 | else | ||
2152 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2153 | /* end confdefs.h. */ | ||
2154 | $4 | ||
2155 | static long int longval () { return $2; } | ||
2156 | static unsigned long int ulongval () { return $2; } | ||
2157 | #include <stdio.h> | ||
2158 | #include <stdlib.h> | ||
2159 | int | ||
2160 | main () | ||
2161 | { | ||
2162 | |||
2163 | FILE *f = fopen ("conftest.val", "w"); | ||
2164 | if (! f) | ||
2165 | return 1; | ||
2166 | if (($2) < 0) | ||
2167 | { | ||
2168 | long int i = longval (); | ||
2169 | if (i != ($2)) | ||
2170 | return 1; | ||
2171 | fprintf (f, "%ld", i); | ||
2172 | } | ||
2173 | else | ||
2174 | { | ||
2175 | unsigned long int i = ulongval (); | ||
2176 | if (i != ($2)) | ||
2177 | return 1; | ||
2178 | fprintf (f, "%lu", i); | ||
2179 | } | ||
2180 | /* Do not output a trailing newline, as this causes \r\n confusion | ||
2181 | on some platforms. */ | ||
2182 | return ferror (f) || fclose (f) != 0; | ||
2183 | |||
2184 | ; | ||
2185 | return 0; | ||
2186 | } | ||
2187 | _ACEOF | ||
2188 | if ac_fn_c_try_run "$LINENO"; then : | ||
2189 | echo >>conftest.val; read $3 <conftest.val; ac_retval=0 | ||
2190 | else | ||
2191 | ac_retval=1 | ||
2192 | fi | ||
2193 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
2194 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
2195 | rm -f conftest.val | ||
2196 | |||
2197 | fi | ||
2198 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
2199 | as_fn_set_status $ac_retval | ||
2200 | |||
2201 | } # ac_fn_c_compute_int | ||
2202 | |||
2203 | # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES | ||
2204 | # ---------------------------------------------------- | ||
2205 | # Tries to find if the field MEMBER exists in type AGGR, after including | ||
2206 | # INCLUDES, setting cache variable VAR accordingly. | ||
2207 | ac_fn_c_check_member () | ||
2208 | { | ||
2209 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
2210 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 | ||
2211 | $as_echo_n "checking for $2.$3... " >&6; } | ||
2212 | if eval \${$4+:} false; then : | ||
2213 | $as_echo_n "(cached) " >&6 | ||
2214 | else | ||
2215 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2216 | /* end confdefs.h. */ | ||
2217 | $5 | ||
2218 | int | ||
2219 | main () | ||
2220 | { | ||
2221 | static $2 ac_aggr; | ||
2222 | if (ac_aggr.$3) | ||
2223 | return 0; | ||
2224 | ; | ||
2225 | return 0; | ||
2226 | } | ||
2227 | _ACEOF | ||
2228 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2229 | eval "$4=yes" | ||
2230 | else | ||
2231 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2232 | /* end confdefs.h. */ | ||
2233 | $5 | ||
2234 | int | ||
2235 | main () | ||
2236 | { | ||
2237 | static $2 ac_aggr; | ||
2238 | if (sizeof ac_aggr.$3) | ||
2239 | return 0; | ||
2240 | ; | ||
2241 | return 0; | ||
2242 | } | ||
2243 | _ACEOF | ||
2244 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2245 | eval "$4=yes" | ||
2246 | else | ||
2247 | eval "$4=no" | ||
2248 | fi | ||
2249 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2250 | fi | ||
2251 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2252 | fi | ||
2253 | eval ac_res=\$$4 | ||
2254 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
2255 | $as_echo "$ac_res" >&6; } | ||
2256 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
2257 | |||
2258 | } # ac_fn_c_check_member | ||
2259 | cat >config.log <<_ACEOF | ||
2260 | This file contains any messages produced by compilers while | ||
2261 | running configure, to aid debugging if configure makes a mistake. | ||
2262 | |||
2263 | It was created by OpenSSH $as_me Portable, which was | ||
2264 | generated by GNU Autoconf 2.69. Invocation command line was | ||
2265 | |||
2266 | $ $0 $@ | ||
2267 | |||
2268 | _ACEOF | ||
2269 | exec 5>>config.log | ||
2270 | { | ||
2271 | cat <<_ASUNAME | ||
2272 | ## --------- ## | ||
2273 | ## Platform. ## | ||
2274 | ## --------- ## | ||
2275 | |||
2276 | hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` | ||
2277 | uname -m = `(uname -m) 2>/dev/null || echo unknown` | ||
2278 | uname -r = `(uname -r) 2>/dev/null || echo unknown` | ||
2279 | uname -s = `(uname -s) 2>/dev/null || echo unknown` | ||
2280 | uname -v = `(uname -v) 2>/dev/null || echo unknown` | ||
2281 | |||
2282 | /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` | ||
2283 | /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` | ||
2284 | |||
2285 | /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` | ||
2286 | /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` | ||
2287 | /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` | ||
2288 | /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` | ||
2289 | /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` | ||
2290 | /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` | ||
2291 | /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` | ||
2292 | |||
2293 | _ASUNAME | ||
2294 | |||
2295 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2296 | for as_dir in $PATH | ||
2297 | do | ||
2298 | IFS=$as_save_IFS | ||
2299 | test -z "$as_dir" && as_dir=. | ||
2300 | $as_echo "PATH: $as_dir" | ||
2301 | done | ||
2302 | IFS=$as_save_IFS | ||
2303 | |||
2304 | } >&5 | ||
2305 | |||
2306 | cat >&5 <<_ACEOF | ||
2307 | |||
2308 | |||
2309 | ## ----------- ## | ||
2310 | ## Core tests. ## | ||
2311 | ## ----------- ## | ||
2312 | |||
2313 | _ACEOF | ||
2314 | |||
2315 | |||
2316 | # Keep a trace of the command line. | ||
2317 | # Strip out --no-create and --no-recursion so they do not pile up. | ||
2318 | # Strip out --silent because we don't want to record it for future runs. | ||
2319 | # Also quote any args containing shell meta-characters. | ||
2320 | # Make two passes to allow for proper duplicate-argument suppression. | ||
2321 | ac_configure_args= | ||
2322 | ac_configure_args0= | ||
2323 | ac_configure_args1= | ||
2324 | ac_must_keep_next=false | ||
2325 | for ac_pass in 1 2 | ||
2326 | do | ||
2327 | for ac_arg | ||
2328 | do | ||
2329 | case $ac_arg in | ||
2330 | -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; | ||
2331 | -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | ||
2332 | | -silent | --silent | --silen | --sile | --sil) | ||
2333 | continue ;; | ||
2334 | *\'*) | ||
2335 | ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
2336 | esac | ||
2337 | case $ac_pass in | ||
2338 | 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; | ||
2339 | 2) | ||
2340 | as_fn_append ac_configure_args1 " '$ac_arg'" | ||
2341 | if test $ac_must_keep_next = true; then | ||
2342 | ac_must_keep_next=false # Got value, back to normal. | ||
2343 | else | ||
2344 | case $ac_arg in | ||
2345 | *=* | --config-cache | -C | -disable-* | --disable-* \ | ||
2346 | | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | ||
2347 | | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | ||
2348 | | -with-* | --with-* | -without-* | --without-* | --x) | ||
2349 | case "$ac_configure_args0 " in | ||
2350 | "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; | ||
2351 | esac | ||
2352 | ;; | ||
2353 | -* ) ac_must_keep_next=true ;; | ||
2354 | esac | ||
2355 | fi | ||
2356 | as_fn_append ac_configure_args " '$ac_arg'" | ||
2357 | ;; | ||
2358 | esac | ||
2359 | done | ||
2360 | done | ||
2361 | { ac_configure_args0=; unset ac_configure_args0;} | ||
2362 | { ac_configure_args1=; unset ac_configure_args1;} | ||
2363 | |||
2364 | # When interrupted or exit'd, cleanup temporary files, and complete | ||
2365 | # config.log. We remove comments because anyway the quotes in there | ||
2366 | # would cause problems or look ugly. | ||
2367 | # WARNING: Use '\'' to represent an apostrophe within the trap. | ||
2368 | # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. | ||
2369 | trap 'exit_status=$? | ||
2370 | # Save into config.log some information that might help in debugging. | ||
2371 | { | ||
2372 | echo | ||
2373 | |||
2374 | $as_echo "## ---------------- ## | ||
2375 | ## Cache variables. ## | ||
2376 | ## ---------------- ##" | ||
2377 | echo | ||
2378 | # The following way of writing the cache mishandles newlines in values, | ||
2379 | ( | ||
2380 | for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do | ||
2381 | eval ac_val=\$$ac_var | ||
2382 | case $ac_val in #( | ||
2383 | *${as_nl}*) | ||
2384 | case $ac_var in #( | ||
2385 | *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 | ||
2386 | $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; | ||
2387 | esac | ||
2388 | case $ac_var in #( | ||
2389 | _ | IFS | as_nl) ;; #( | ||
2390 | BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( | ||
2391 | *) { eval $ac_var=; unset $ac_var;} ;; | ||
2392 | esac ;; | ||
2393 | esac | ||
2394 | done | ||
2395 | (set) 2>&1 | | ||
2396 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( | ||
2397 | *${as_nl}ac_space=\ *) | ||
2398 | sed -n \ | ||
2399 | "s/'\''/'\''\\\\'\'''\''/g; | ||
2400 | s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" | ||
2401 | ;; #( | ||
2402 | *) | ||
2403 | sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" | ||
2404 | ;; | ||
2405 | esac | | ||
2406 | sort | ||
2407 | ) | ||
2408 | echo | ||
2409 | |||
2410 | $as_echo "## ----------------- ## | ||
2411 | ## Output variables. ## | ||
2412 | ## ----------------- ##" | ||
2413 | echo | ||
2414 | for ac_var in $ac_subst_vars | ||
2415 | do | ||
2416 | eval ac_val=\$$ac_var | ||
2417 | case $ac_val in | ||
2418 | *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; | ||
2419 | esac | ||
2420 | $as_echo "$ac_var='\''$ac_val'\''" | ||
2421 | done | sort | ||
2422 | echo | ||
2423 | |||
2424 | if test -n "$ac_subst_files"; then | ||
2425 | $as_echo "## ------------------- ## | ||
2426 | ## File substitutions. ## | ||
2427 | ## ------------------- ##" | ||
2428 | echo | ||
2429 | for ac_var in $ac_subst_files | ||
2430 | do | ||
2431 | eval ac_val=\$$ac_var | ||
2432 | case $ac_val in | ||
2433 | *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; | ||
2434 | esac | ||
2435 | $as_echo "$ac_var='\''$ac_val'\''" | ||
2436 | done | sort | ||
2437 | echo | ||
2438 | fi | ||
2439 | |||
2440 | if test -s confdefs.h; then | ||
2441 | $as_echo "## ----------- ## | ||
2442 | ## confdefs.h. ## | ||
2443 | ## ----------- ##" | ||
2444 | echo | ||
2445 | cat confdefs.h | ||
2446 | echo | ||
2447 | fi | ||
2448 | test "$ac_signal" != 0 && | ||
2449 | $as_echo "$as_me: caught signal $ac_signal" | ||
2450 | $as_echo "$as_me: exit $exit_status" | ||
2451 | } >&5 | ||
2452 | rm -f core *.core core.conftest.* && | ||
2453 | rm -f -r conftest* confdefs* conf$$* $ac_clean_files && | ||
2454 | exit $exit_status | ||
2455 | ' 0 | ||
2456 | for ac_signal in 1 2 13 15; do | ||
2457 | trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal | ||
2458 | done | ||
2459 | ac_signal=0 | ||
2460 | |||
2461 | # confdefs.h avoids OS command line length limits that DEFS can exceed. | ||
2462 | rm -f -r conftest* confdefs.h | ||
2463 | |||
2464 | $as_echo "/* confdefs.h */" > confdefs.h | ||
2465 | |||
2466 | # Predefined preprocessor variables. | ||
2467 | |||
2468 | cat >>confdefs.h <<_ACEOF | ||
2469 | #define PACKAGE_NAME "$PACKAGE_NAME" | ||
2470 | _ACEOF | ||
2471 | |||
2472 | cat >>confdefs.h <<_ACEOF | ||
2473 | #define PACKAGE_TARNAME "$PACKAGE_TARNAME" | ||
2474 | _ACEOF | ||
2475 | |||
2476 | cat >>confdefs.h <<_ACEOF | ||
2477 | #define PACKAGE_VERSION "$PACKAGE_VERSION" | ||
2478 | _ACEOF | ||
2479 | |||
2480 | cat >>confdefs.h <<_ACEOF | ||
2481 | #define PACKAGE_STRING "$PACKAGE_STRING" | ||
2482 | _ACEOF | ||
2483 | |||
2484 | cat >>confdefs.h <<_ACEOF | ||
2485 | #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" | ||
2486 | _ACEOF | ||
2487 | |||
2488 | cat >>confdefs.h <<_ACEOF | ||
2489 | #define PACKAGE_URL "$PACKAGE_URL" | ||
2490 | _ACEOF | ||
2491 | |||
2492 | |||
2493 | # Let the site file select an alternate cache file if it wants to. | ||
2494 | # Prefer an explicitly selected file to automatically selected ones. | ||
2495 | ac_site_file1=NONE | ||
2496 | ac_site_file2=NONE | ||
2497 | if test -n "$CONFIG_SITE"; then | ||
2498 | # We do not want a PATH search for config.site. | ||
2499 | case $CONFIG_SITE in #(( | ||
2500 | -*) ac_site_file1=./$CONFIG_SITE;; | ||
2501 | */*) ac_site_file1=$CONFIG_SITE;; | ||
2502 | *) ac_site_file1=./$CONFIG_SITE;; | ||
2503 | esac | ||
2504 | elif test "x$prefix" != xNONE; then | ||
2505 | ac_site_file1=$prefix/share/config.site | ||
2506 | ac_site_file2=$prefix/etc/config.site | ||
2507 | else | ||
2508 | ac_site_file1=$ac_default_prefix/share/config.site | ||
2509 | ac_site_file2=$ac_default_prefix/etc/config.site | ||
2510 | fi | ||
2511 | for ac_site_file in "$ac_site_file1" "$ac_site_file2" | ||
2512 | do | ||
2513 | test "x$ac_site_file" = xNONE && continue | ||
2514 | if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then | ||
2515 | { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 | ||
2516 | $as_echo "$as_me: loading site script $ac_site_file" >&6;} | ||
2517 | sed 's/^/| /' "$ac_site_file" >&5 | ||
2518 | . "$ac_site_file" \ | ||
2519 | || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2520 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2521 | as_fn_error $? "failed to load site script $ac_site_file | ||
2522 | See \`config.log' for more details" "$LINENO" 5; } | ||
2523 | fi | ||
2524 | done | ||
2525 | |||
2526 | if test -r "$cache_file"; then | ||
2527 | # Some versions of bash will fail to source /dev/null (special files | ||
2528 | # actually), so we avoid doing that. DJGPP emulates it as a regular file. | ||
2529 | if test /dev/null != "$cache_file" && test -f "$cache_file"; then | ||
2530 | { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 | ||
2531 | $as_echo "$as_me: loading cache $cache_file" >&6;} | ||
2532 | case $cache_file in | ||
2533 | [\\/]* | ?:[\\/]* ) . "$cache_file";; | ||
2534 | *) . "./$cache_file";; | ||
2535 | esac | ||
2536 | fi | ||
2537 | else | ||
2538 | { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 | ||
2539 | $as_echo "$as_me: creating cache $cache_file" >&6;} | ||
2540 | >$cache_file | ||
2541 | fi | ||
2542 | |||
2543 | # Check that the precious variables saved in the cache have kept the same | ||
2544 | # value. | ||
2545 | ac_cache_corrupted=false | ||
2546 | for ac_var in $ac_precious_vars; do | ||
2547 | eval ac_old_set=\$ac_cv_env_${ac_var}_set | ||
2548 | eval ac_new_set=\$ac_env_${ac_var}_set | ||
2549 | eval ac_old_val=\$ac_cv_env_${ac_var}_value | ||
2550 | eval ac_new_val=\$ac_env_${ac_var}_value | ||
2551 | case $ac_old_set,$ac_new_set in | ||
2552 | set,) | ||
2553 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 | ||
2554 | $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} | ||
2555 | ac_cache_corrupted=: ;; | ||
2556 | ,set) | ||
2557 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 | ||
2558 | $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} | ||
2559 | ac_cache_corrupted=: ;; | ||
2560 | ,);; | ||
2561 | *) | ||
2562 | if test "x$ac_old_val" != "x$ac_new_val"; then | ||
2563 | # differences in whitespace do not lead to failure. | ||
2564 | ac_old_val_w=`echo x $ac_old_val` | ||
2565 | ac_new_val_w=`echo x $ac_new_val` | ||
2566 | if test "$ac_old_val_w" != "$ac_new_val_w"; then | ||
2567 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 | ||
2568 | $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} | ||
2569 | ac_cache_corrupted=: | ||
2570 | else | ||
2571 | { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 | ||
2572 | $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} | ||
2573 | eval $ac_var=\$ac_old_val | ||
2574 | fi | ||
2575 | { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 | ||
2576 | $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} | ||
2577 | { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 | ||
2578 | $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} | ||
2579 | fi;; | ||
2580 | esac | ||
2581 | # Pass precious variables to config.status. | ||
2582 | if test "$ac_new_set" = set; then | ||
2583 | case $ac_new_val in | ||
2584 | *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
2585 | *) ac_arg=$ac_var=$ac_new_val ;; | ||
2586 | esac | ||
2587 | case " $ac_configure_args " in | ||
2588 | *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. | ||
2589 | *) as_fn_append ac_configure_args " '$ac_arg'" ;; | ||
2590 | esac | ||
2591 | fi | ||
2592 | done | ||
2593 | if $ac_cache_corrupted; then | ||
2594 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2595 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2596 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 | ||
2597 | $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} | ||
2598 | as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 | ||
2599 | fi | ||
2600 | ## -------------------- ## | ||
2601 | ## Main body of script. ## | ||
2602 | ## -------------------- ## | ||
2603 | |||
2604 | ac_ext=c | ||
2605 | ac_cpp='$CPP $CPPFLAGS' | ||
2606 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
2607 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
2608 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
2609 | |||
2610 | |||
2611 | |||
2612 | |||
2613 | ac_ext=c | ||
2614 | ac_cpp='$CPP $CPPFLAGS' | ||
2615 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
2616 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
2617 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
2618 | |||
2619 | |||
2620 | ac_config_headers="$ac_config_headers config.h" | ||
2621 | |||
2622 | ac_ext=c | ||
2623 | ac_cpp='$CPP $CPPFLAGS' | ||
2624 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
2625 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
2626 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
2627 | if test -n "$ac_tool_prefix"; then | ||
2628 | for ac_prog in cc gcc | ||
2629 | do | ||
2630 | # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. | ||
2631 | set dummy $ac_tool_prefix$ac_prog; ac_word=$2 | ||
2632 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2633 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2634 | if ${ac_cv_prog_CC+:} false; then : | ||
2635 | $as_echo_n "(cached) " >&6 | ||
2636 | else | ||
2637 | if test -n "$CC"; then | ||
2638 | ac_cv_prog_CC="$CC" # Let the user override the test. | ||
2639 | else | ||
2640 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2641 | for as_dir in $PATH | ||
2642 | do | ||
2643 | IFS=$as_save_IFS | ||
2644 | test -z "$as_dir" && as_dir=. | ||
2645 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2646 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2647 | ac_cv_prog_CC="$ac_tool_prefix$ac_prog" | ||
2648 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2649 | break 2 | ||
2650 | fi | ||
2651 | done | ||
2652 | done | ||
2653 | IFS=$as_save_IFS | ||
2654 | |||
2655 | fi | ||
2656 | fi | ||
2657 | CC=$ac_cv_prog_CC | ||
2658 | if test -n "$CC"; then | ||
2659 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 | ||
2660 | $as_echo "$CC" >&6; } | ||
2661 | else | ||
2662 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2663 | $as_echo "no" >&6; } | ||
2664 | fi | ||
2665 | |||
2666 | |||
2667 | test -n "$CC" && break | ||
2668 | done | ||
2669 | fi | ||
2670 | if test -z "$CC"; then | ||
2671 | ac_ct_CC=$CC | ||
2672 | for ac_prog in cc gcc | ||
2673 | do | ||
2674 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
2675 | set dummy $ac_prog; ac_word=$2 | ||
2676 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2677 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2678 | if ${ac_cv_prog_ac_ct_CC+:} false; then : | ||
2679 | $as_echo_n "(cached) " >&6 | ||
2680 | else | ||
2681 | if test -n "$ac_ct_CC"; then | ||
2682 | ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. | ||
2683 | else | ||
2684 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2685 | for as_dir in $PATH | ||
2686 | do | ||
2687 | IFS=$as_save_IFS | ||
2688 | test -z "$as_dir" && as_dir=. | ||
2689 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2690 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2691 | ac_cv_prog_ac_ct_CC="$ac_prog" | ||
2692 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2693 | break 2 | ||
2694 | fi | ||
2695 | done | ||
2696 | done | ||
2697 | IFS=$as_save_IFS | ||
2698 | |||
2699 | fi | ||
2700 | fi | ||
2701 | ac_ct_CC=$ac_cv_prog_ac_ct_CC | ||
2702 | if test -n "$ac_ct_CC"; then | ||
2703 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 | ||
2704 | $as_echo "$ac_ct_CC" >&6; } | ||
2705 | else | ||
2706 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2707 | $as_echo "no" >&6; } | ||
2708 | fi | ||
2709 | |||
2710 | |||
2711 | test -n "$ac_ct_CC" && break | ||
2712 | done | ||
2713 | |||
2714 | if test "x$ac_ct_CC" = x; then | ||
2715 | CC="" | ||
2716 | else | ||
2717 | case $cross_compiling:$ac_tool_warned in | ||
2718 | yes:) | ||
2719 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
2720 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
2721 | ac_tool_warned=yes ;; | ||
2722 | esac | ||
2723 | CC=$ac_ct_CC | ||
2724 | fi | ||
2725 | fi | ||
2726 | |||
2727 | |||
2728 | test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2729 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2730 | as_fn_error $? "no acceptable C compiler found in \$PATH | ||
2731 | See \`config.log' for more details" "$LINENO" 5; } | ||
2732 | |||
2733 | # Provide some information about the compiler. | ||
2734 | $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 | ||
2735 | set X $ac_compile | ||
2736 | ac_compiler=$2 | ||
2737 | for ac_option in --version -v -V -qversion; do | ||
2738 | { { ac_try="$ac_compiler $ac_option >&5" | ||
2739 | case "(($ac_try" in | ||
2740 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2741 | *) ac_try_echo=$ac_try;; | ||
2742 | esac | ||
2743 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2744 | $as_echo "$ac_try_echo"; } >&5 | ||
2745 | (eval "$ac_compiler $ac_option >&5") 2>conftest.err | ||
2746 | ac_status=$? | ||
2747 | if test -s conftest.err; then | ||
2748 | sed '10a\ | ||
2749 | ... rest of stderr output deleted ... | ||
2750 | 10q' conftest.err >conftest.er1 | ||
2751 | cat conftest.er1 >&5 | ||
2752 | fi | ||
2753 | rm -f conftest.er1 conftest.err | ||
2754 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2755 | test $ac_status = 0; } | ||
2756 | done | ||
2757 | |||
2758 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2759 | /* end confdefs.h. */ | ||
2760 | |||
2761 | int | ||
2762 | main () | ||
2763 | { | ||
2764 | |||
2765 | ; | ||
2766 | return 0; | ||
2767 | } | ||
2768 | _ACEOF | ||
2769 | ac_clean_files_save=$ac_clean_files | ||
2770 | ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" | ||
2771 | # Try to create an executable without -o first, disregard a.out. | ||
2772 | # It will help us diagnose broken compilers, and finding out an intuition | ||
2773 | # of exeext. | ||
2774 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 | ||
2775 | $as_echo_n "checking whether the C compiler works... " >&6; } | ||
2776 | ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` | ||
2777 | |||
2778 | # The possible output files: | ||
2779 | ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" | ||
2780 | |||
2781 | ac_rmfiles= | ||
2782 | for ac_file in $ac_files | ||
2783 | do | ||
2784 | case $ac_file in | ||
2785 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; | ||
2786 | * ) ac_rmfiles="$ac_rmfiles $ac_file";; | ||
2787 | esac | ||
2788 | done | ||
2789 | rm -f $ac_rmfiles | ||
2790 | |||
2791 | if { { ac_try="$ac_link_default" | ||
2792 | case "(($ac_try" in | ||
2793 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2794 | *) ac_try_echo=$ac_try;; | ||
2795 | esac | ||
2796 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2797 | $as_echo "$ac_try_echo"; } >&5 | ||
2798 | (eval "$ac_link_default") 2>&5 | ||
2799 | ac_status=$? | ||
2800 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2801 | test $ac_status = 0; }; then : | ||
2802 | # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. | ||
2803 | # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' | ||
2804 | # in a Makefile. We should not override ac_cv_exeext if it was cached, | ||
2805 | # so that the user can short-circuit this test for compilers unknown to | ||
2806 | # Autoconf. | ||
2807 | for ac_file in $ac_files '' | ||
2808 | do | ||
2809 | test -f "$ac_file" || continue | ||
2810 | case $ac_file in | ||
2811 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) | ||
2812 | ;; | ||
2813 | [ab].out ) | ||
2814 | # We found the default executable, but exeext='' is most | ||
2815 | # certainly right. | ||
2816 | break;; | ||
2817 | *.* ) | ||
2818 | if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; | ||
2819 | then :; else | ||
2820 | ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` | ||
2821 | fi | ||
2822 | # We set ac_cv_exeext here because the later test for it is not | ||
2823 | # safe: cross compilers may not add the suffix if given an `-o' | ||
2824 | # argument, so we may need to know it at that point already. | ||
2825 | # Even if this section looks crufty: it has the advantage of | ||
2826 | # actually working. | ||
2827 | break;; | ||
2828 | * ) | ||
2829 | break;; | ||
2830 | esac | ||
2831 | done | ||
2832 | test "$ac_cv_exeext" = no && ac_cv_exeext= | ||
2833 | |||
2834 | else | ||
2835 | ac_file='' | ||
2836 | fi | ||
2837 | if test -z "$ac_file"; then : | ||
2838 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2839 | $as_echo "no" >&6; } | ||
2840 | $as_echo "$as_me: failed program was:" >&5 | ||
2841 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
2842 | |||
2843 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2844 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2845 | as_fn_error 77 "C compiler cannot create executables | ||
2846 | See \`config.log' for more details" "$LINENO" 5; } | ||
2847 | else | ||
2848 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
2849 | $as_echo "yes" >&6; } | ||
2850 | fi | ||
2851 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 | ||
2852 | $as_echo_n "checking for C compiler default output file name... " >&6; } | ||
2853 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 | ||
2854 | $as_echo "$ac_file" >&6; } | ||
2855 | ac_exeext=$ac_cv_exeext | ||
2856 | |||
2857 | rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out | ||
2858 | ac_clean_files=$ac_clean_files_save | ||
2859 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 | ||
2860 | $as_echo_n "checking for suffix of executables... " >&6; } | ||
2861 | if { { ac_try="$ac_link" | ||
2862 | case "(($ac_try" in | ||
2863 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2864 | *) ac_try_echo=$ac_try;; | ||
2865 | esac | ||
2866 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2867 | $as_echo "$ac_try_echo"; } >&5 | ||
2868 | (eval "$ac_link") 2>&5 | ||
2869 | ac_status=$? | ||
2870 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2871 | test $ac_status = 0; }; then : | ||
2872 | # If both `conftest.exe' and `conftest' are `present' (well, observable) | ||
2873 | # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will | ||
2874 | # work properly (i.e., refer to `conftest.exe'), while it won't with | ||
2875 | # `rm'. | ||
2876 | for ac_file in conftest.exe conftest conftest.*; do | ||
2877 | test -f "$ac_file" || continue | ||
2878 | case $ac_file in | ||
2879 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; | ||
2880 | *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` | ||
2881 | break;; | ||
2882 | * ) break;; | ||
2883 | esac | ||
2884 | done | ||
2885 | else | ||
2886 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2887 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2888 | as_fn_error $? "cannot compute suffix of executables: cannot compile and link | ||
2889 | See \`config.log' for more details" "$LINENO" 5; } | ||
2890 | fi | ||
2891 | rm -f conftest conftest$ac_cv_exeext | ||
2892 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 | ||
2893 | $as_echo "$ac_cv_exeext" >&6; } | ||
2894 | |||
2895 | rm -f conftest.$ac_ext | ||
2896 | EXEEXT=$ac_cv_exeext | ||
2897 | ac_exeext=$EXEEXT | ||
2898 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2899 | /* end confdefs.h. */ | ||
2900 | #include <stdio.h> | ||
2901 | int | ||
2902 | main () | ||
2903 | { | ||
2904 | FILE *f = fopen ("conftest.out", "w"); | ||
2905 | return ferror (f) || fclose (f) != 0; | ||
2906 | |||
2907 | ; | ||
2908 | return 0; | ||
2909 | } | ||
2910 | _ACEOF | ||
2911 | ac_clean_files="$ac_clean_files conftest.out" | ||
2912 | # Check that the compiler produces executables we can run. If not, either | ||
2913 | # the compiler is broken, or we cross compile. | ||
2914 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 | ||
2915 | $as_echo_n "checking whether we are cross compiling... " >&6; } | ||
2916 | if test "$cross_compiling" != yes; then | ||
2917 | { { ac_try="$ac_link" | ||
2918 | case "(($ac_try" in | ||
2919 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2920 | *) ac_try_echo=$ac_try;; | ||
2921 | esac | ||
2922 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2923 | $as_echo "$ac_try_echo"; } >&5 | ||
2924 | (eval "$ac_link") 2>&5 | ||
2925 | ac_status=$? | ||
2926 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2927 | test $ac_status = 0; } | ||
2928 | if { ac_try='./conftest$ac_cv_exeext' | ||
2929 | { { case "(($ac_try" in | ||
2930 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2931 | *) ac_try_echo=$ac_try;; | ||
2932 | esac | ||
2933 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2934 | $as_echo "$ac_try_echo"; } >&5 | ||
2935 | (eval "$ac_try") 2>&5 | ||
2936 | ac_status=$? | ||
2937 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2938 | test $ac_status = 0; }; }; then | ||
2939 | cross_compiling=no | ||
2940 | else | ||
2941 | if test "$cross_compiling" = maybe; then | ||
2942 | cross_compiling=yes | ||
2943 | else | ||
2944 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2945 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2946 | as_fn_error $? "cannot run C compiled programs. | ||
2947 | If you meant to cross compile, use \`--host'. | ||
2948 | See \`config.log' for more details" "$LINENO" 5; } | ||
2949 | fi | ||
2950 | fi | ||
2951 | fi | ||
2952 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 | ||
2953 | $as_echo "$cross_compiling" >&6; } | ||
2954 | |||
2955 | rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out | ||
2956 | ac_clean_files=$ac_clean_files_save | ||
2957 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 | ||
2958 | $as_echo_n "checking for suffix of object files... " >&6; } | ||
2959 | if ${ac_cv_objext+:} false; then : | ||
2960 | $as_echo_n "(cached) " >&6 | ||
2961 | else | ||
2962 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2963 | /* end confdefs.h. */ | ||
2964 | |||
2965 | int | ||
2966 | main () | ||
2967 | { | ||
2968 | |||
2969 | ; | ||
2970 | return 0; | ||
2971 | } | ||
2972 | _ACEOF | ||
2973 | rm -f conftest.o conftest.obj | ||
2974 | if { { ac_try="$ac_compile" | ||
2975 | case "(($ac_try" in | ||
2976 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2977 | *) ac_try_echo=$ac_try;; | ||
2978 | esac | ||
2979 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2980 | $as_echo "$ac_try_echo"; } >&5 | ||
2981 | (eval "$ac_compile") 2>&5 | ||
2982 | ac_status=$? | ||
2983 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2984 | test $ac_status = 0; }; then : | ||
2985 | for ac_file in conftest.o conftest.obj conftest.*; do | ||
2986 | test -f "$ac_file" || continue; | ||
2987 | case $ac_file in | ||
2988 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; | ||
2989 | *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` | ||
2990 | break;; | ||
2991 | esac | ||
2992 | done | ||
2993 | else | ||
2994 | $as_echo "$as_me: failed program was:" >&5 | ||
2995 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
2996 | |||
2997 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2998 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2999 | as_fn_error $? "cannot compute suffix of object files: cannot compile | ||
3000 | See \`config.log' for more details" "$LINENO" 5; } | ||
3001 | fi | ||
3002 | rm -f conftest.$ac_cv_objext conftest.$ac_ext | ||
3003 | fi | ||
3004 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 | ||
3005 | $as_echo "$ac_cv_objext" >&6; } | ||
3006 | OBJEXT=$ac_cv_objext | ||
3007 | ac_objext=$OBJEXT | ||
3008 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 | ||
3009 | $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } | ||
3010 | if ${ac_cv_c_compiler_gnu+:} false; then : | ||
3011 | $as_echo_n "(cached) " >&6 | ||
3012 | else | ||
3013 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3014 | /* end confdefs.h. */ | ||
3015 | |||
3016 | int | ||
3017 | main () | ||
3018 | { | ||
3019 | #ifndef __GNUC__ | ||
3020 | choke me | ||
3021 | #endif | ||
3022 | |||
3023 | ; | ||
3024 | return 0; | ||
3025 | } | ||
3026 | _ACEOF | ||
3027 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3028 | ac_compiler_gnu=yes | ||
3029 | else | ||
3030 | ac_compiler_gnu=no | ||
3031 | fi | ||
3032 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3033 | ac_cv_c_compiler_gnu=$ac_compiler_gnu | ||
3034 | |||
3035 | fi | ||
3036 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 | ||
3037 | $as_echo "$ac_cv_c_compiler_gnu" >&6; } | ||
3038 | if test $ac_compiler_gnu = yes; then | ||
3039 | GCC=yes | ||
3040 | else | ||
3041 | GCC= | ||
3042 | fi | ||
3043 | ac_test_CFLAGS=${CFLAGS+set} | ||
3044 | ac_save_CFLAGS=$CFLAGS | ||
3045 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 | ||
3046 | $as_echo_n "checking whether $CC accepts -g... " >&6; } | ||
3047 | if ${ac_cv_prog_cc_g+:} false; then : | ||
3048 | $as_echo_n "(cached) " >&6 | ||
3049 | else | ||
3050 | ac_save_c_werror_flag=$ac_c_werror_flag | ||
3051 | ac_c_werror_flag=yes | ||
3052 | ac_cv_prog_cc_g=no | ||
3053 | CFLAGS="-g" | ||
3054 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3055 | /* end confdefs.h. */ | ||
3056 | |||
3057 | int | ||
3058 | main () | ||
3059 | { | ||
3060 | |||
3061 | ; | ||
3062 | return 0; | ||
3063 | } | ||
3064 | _ACEOF | ||
3065 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3066 | ac_cv_prog_cc_g=yes | ||
3067 | else | ||
3068 | CFLAGS="" | ||
3069 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3070 | /* end confdefs.h. */ | ||
3071 | |||
3072 | int | ||
3073 | main () | ||
3074 | { | ||
3075 | |||
3076 | ; | ||
3077 | return 0; | ||
3078 | } | ||
3079 | _ACEOF | ||
3080 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3081 | |||
3082 | else | ||
3083 | ac_c_werror_flag=$ac_save_c_werror_flag | ||
3084 | CFLAGS="-g" | ||
3085 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3086 | /* end confdefs.h. */ | ||
3087 | |||
3088 | int | ||
3089 | main () | ||
3090 | { | ||
3091 | |||
3092 | ; | ||
3093 | return 0; | ||
3094 | } | ||
3095 | _ACEOF | ||
3096 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3097 | ac_cv_prog_cc_g=yes | ||
3098 | fi | ||
3099 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3100 | fi | ||
3101 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3102 | fi | ||
3103 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3104 | ac_c_werror_flag=$ac_save_c_werror_flag | ||
3105 | fi | ||
3106 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 | ||
3107 | $as_echo "$ac_cv_prog_cc_g" >&6; } | ||
3108 | if test "$ac_test_CFLAGS" = set; then | ||
3109 | CFLAGS=$ac_save_CFLAGS | ||
3110 | elif test $ac_cv_prog_cc_g = yes; then | ||
3111 | if test "$GCC" = yes; then | ||
3112 | CFLAGS="-g -O2" | ||
3113 | else | ||
3114 | CFLAGS="-g" | ||
3115 | fi | ||
3116 | else | ||
3117 | if test "$GCC" = yes; then | ||
3118 | CFLAGS="-O2" | ||
3119 | else | ||
3120 | CFLAGS= | ||
3121 | fi | ||
3122 | fi | ||
3123 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 | ||
3124 | $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } | ||
3125 | if ${ac_cv_prog_cc_c89+:} false; then : | ||
3126 | $as_echo_n "(cached) " >&6 | ||
3127 | else | ||
3128 | ac_cv_prog_cc_c89=no | ||
3129 | ac_save_CC=$CC | ||
3130 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3131 | /* end confdefs.h. */ | ||
3132 | #include <stdarg.h> | ||
3133 | #include <stdio.h> | ||
3134 | struct stat; | ||
3135 | /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ | ||
3136 | struct buf { int x; }; | ||
3137 | FILE * (*rcsopen) (struct buf *, struct stat *, int); | ||
3138 | static char *e (p, i) | ||
3139 | char **p; | ||
3140 | int i; | ||
3141 | { | ||
3142 | return p[i]; | ||
3143 | } | ||
3144 | static char *f (char * (*g) (char **, int), char **p, ...) | ||
3145 | { | ||
3146 | char *s; | ||
3147 | va_list v; | ||
3148 | va_start (v,p); | ||
3149 | s = g (p, va_arg (v,int)); | ||
3150 | va_end (v); | ||
3151 | return s; | ||
3152 | } | ||
3153 | |||
3154 | /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has | ||
3155 | function prototypes and stuff, but not '\xHH' hex character constants. | ||
3156 | These don't provoke an error unfortunately, instead are silently treated | ||
3157 | as 'x'. The following induces an error, until -std is added to get | ||
3158 | proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an | ||
3159 | array size at least. It's necessary to write '\x00'==0 to get something | ||
3160 | that's true only with -std. */ | ||
3161 | int osf4_cc_array ['\x00' == 0 ? 1 : -1]; | ||
3162 | |||
3163 | /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters | ||
3164 | inside strings and character constants. */ | ||
3165 | #define FOO(x) 'x' | ||
3166 | int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; | ||
3167 | |||
3168 | int test (int i, double x); | ||
3169 | struct s1 {int (*f) (int a);}; | ||
3170 | struct s2 {int (*f) (double a);}; | ||
3171 | int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); | ||
3172 | int argc; | ||
3173 | char **argv; | ||
3174 | int | ||
3175 | main () | ||
3176 | { | ||
3177 | return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; | ||
3178 | ; | ||
3179 | return 0; | ||
3180 | } | ||
3181 | _ACEOF | ||
3182 | for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ | ||
3183 | -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" | ||
3184 | do | ||
3185 | CC="$ac_save_CC $ac_arg" | ||
3186 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3187 | ac_cv_prog_cc_c89=$ac_arg | ||
3188 | fi | ||
3189 | rm -f core conftest.err conftest.$ac_objext | ||
3190 | test "x$ac_cv_prog_cc_c89" != "xno" && break | ||
3191 | done | ||
3192 | rm -f conftest.$ac_ext | ||
3193 | CC=$ac_save_CC | ||
3194 | |||
3195 | fi | ||
3196 | # AC_CACHE_VAL | ||
3197 | case "x$ac_cv_prog_cc_c89" in | ||
3198 | x) | ||
3199 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 | ||
3200 | $as_echo "none needed" >&6; } ;; | ||
3201 | xno) | ||
3202 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 | ||
3203 | $as_echo "unsupported" >&6; } ;; | ||
3204 | *) | ||
3205 | CC="$CC $ac_cv_prog_cc_c89" | ||
3206 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 | ||
3207 | $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; | ||
3208 | esac | ||
3209 | if test "x$ac_cv_prog_cc_c89" != xno; then : | ||
3210 | |||
3211 | fi | ||
3212 | |||
3213 | ac_ext=c | ||
3214 | ac_cpp='$CPP $CPPFLAGS' | ||
3215 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3216 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3217 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3218 | |||
3219 | ac_aux_dir= | ||
3220 | for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do | ||
3221 | if test -f "$ac_dir/install-sh"; then | ||
3222 | ac_aux_dir=$ac_dir | ||
3223 | ac_install_sh="$ac_aux_dir/install-sh -c" | ||
3224 | break | ||
3225 | elif test -f "$ac_dir/install.sh"; then | ||
3226 | ac_aux_dir=$ac_dir | ||
3227 | ac_install_sh="$ac_aux_dir/install.sh -c" | ||
3228 | break | ||
3229 | elif test -f "$ac_dir/shtool"; then | ||
3230 | ac_aux_dir=$ac_dir | ||
3231 | ac_install_sh="$ac_aux_dir/shtool install -c" | ||
3232 | break | ||
3233 | fi | ||
3234 | done | ||
3235 | if test -z "$ac_aux_dir"; then | ||
3236 | as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 | ||
3237 | fi | ||
3238 | |||
3239 | # These three variables are undocumented and unsupported, | ||
3240 | # and are intended to be withdrawn in a future Autoconf release. | ||
3241 | # They can cause serious problems if a builder's source tree is in a directory | ||
3242 | # whose full name contains unusual characters. | ||
3243 | ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. | ||
3244 | ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. | ||
3245 | ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. | ||
3246 | |||
3247 | |||
3248 | # Make sure we can run config.sub. | ||
3249 | $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || | ||
3250 | as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 | ||
3251 | |||
3252 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 | ||
3253 | $as_echo_n "checking build system type... " >&6; } | ||
3254 | if ${ac_cv_build+:} false; then : | ||
3255 | $as_echo_n "(cached) " >&6 | ||
3256 | else | ||
3257 | ac_build_alias=$build_alias | ||
3258 | test "x$ac_build_alias" = x && | ||
3259 | ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` | ||
3260 | test "x$ac_build_alias" = x && | ||
3261 | as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 | ||
3262 | ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || | ||
3263 | as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 | ||
3264 | |||
3265 | fi | ||
3266 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 | ||
3267 | $as_echo "$ac_cv_build" >&6; } | ||
3268 | case $ac_cv_build in | ||
3269 | *-*-*) ;; | ||
3270 | *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; | ||
3271 | esac | ||
3272 | build=$ac_cv_build | ||
3273 | ac_save_IFS=$IFS; IFS='-' | ||
3274 | set x $ac_cv_build | ||
3275 | shift | ||
3276 | build_cpu=$1 | ||
3277 | build_vendor=$2 | ||
3278 | shift; shift | ||
3279 | # Remember, the first character of IFS is used to create $*, | ||
3280 | # except with old shells: | ||
3281 | build_os=$* | ||
3282 | IFS=$ac_save_IFS | ||
3283 | case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac | ||
3284 | |||
3285 | |||
3286 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 | ||
3287 | $as_echo_n "checking host system type... " >&6; } | ||
3288 | if ${ac_cv_host+:} false; then : | ||
3289 | $as_echo_n "(cached) " >&6 | ||
3290 | else | ||
3291 | if test "x$host_alias" = x; then | ||
3292 | ac_cv_host=$ac_cv_build | ||
3293 | else | ||
3294 | ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || | ||
3295 | as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 | ||
3296 | fi | ||
3297 | |||
3298 | fi | ||
3299 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 | ||
3300 | $as_echo "$ac_cv_host" >&6; } | ||
3301 | case $ac_cv_host in | ||
3302 | *-*-*) ;; | ||
3303 | *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; | ||
3304 | esac | ||
3305 | host=$ac_cv_host | ||
3306 | ac_save_IFS=$IFS; IFS='-' | ||
3307 | set x $ac_cv_host | ||
3308 | shift | ||
3309 | host_cpu=$1 | ||
3310 | host_vendor=$2 | ||
3311 | shift; shift | ||
3312 | # Remember, the first character of IFS is used to create $*, | ||
3313 | # except with old shells: | ||
3314 | host_os=$* | ||
3315 | IFS=$ac_save_IFS | ||
3316 | case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac | ||
3317 | |||
3318 | |||
3319 | |||
3320 | ac_ext=c | ||
3321 | ac_cpp='$CPP $CPPFLAGS' | ||
3322 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3323 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3324 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3325 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 | ||
3326 | $as_echo_n "checking how to run the C preprocessor... " >&6; } | ||
3327 | # On Suns, sometimes $CPP names a directory. | ||
3328 | if test -n "$CPP" && test -d "$CPP"; then | ||
3329 | CPP= | ||
3330 | fi | ||
3331 | if test -z "$CPP"; then | ||
3332 | if ${ac_cv_prog_CPP+:} false; then : | ||
3333 | $as_echo_n "(cached) " >&6 | ||
3334 | else | ||
3335 | # Double quotes because CPP needs to be expanded | ||
3336 | for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" | ||
3337 | do | ||
3338 | ac_preproc_ok=false | ||
3339 | for ac_c_preproc_warn_flag in '' yes | ||
3340 | do | ||
3341 | # Use a header file that comes with gcc, so configuring glibc | ||
3342 | # with a fresh cross-compiler works. | ||
3343 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
3344 | # <limits.h> exists even on freestanding compilers. | ||
3345 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
3346 | # not just through cpp. "Syntax error" is here to catch this case. | ||
3347 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3348 | /* end confdefs.h. */ | ||
3349 | #ifdef __STDC__ | ||
3350 | # include <limits.h> | ||
3351 | #else | ||
3352 | # include <assert.h> | ||
3353 | #endif | ||
3354 | Syntax error | ||
3355 | _ACEOF | ||
3356 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3357 | |||
3358 | else | ||
3359 | # Broken: fails on valid input. | ||
3360 | continue | ||
3361 | fi | ||
3362 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3363 | |||
3364 | # OK, works on sane cases. Now check whether nonexistent headers | ||
3365 | # can be detected and how. | ||
3366 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3367 | /* end confdefs.h. */ | ||
3368 | #include <ac_nonexistent.h> | ||
3369 | _ACEOF | ||
3370 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3371 | # Broken: success on invalid input. | ||
3372 | continue | ||
3373 | else | ||
3374 | # Passes both tests. | ||
3375 | ac_preproc_ok=: | ||
3376 | break | ||
3377 | fi | ||
3378 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3379 | |||
3380 | done | ||
3381 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
3382 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
3383 | if $ac_preproc_ok; then : | ||
3384 | break | ||
3385 | fi | ||
3386 | |||
3387 | done | ||
3388 | ac_cv_prog_CPP=$CPP | ||
3389 | |||
3390 | fi | ||
3391 | CPP=$ac_cv_prog_CPP | ||
3392 | else | ||
3393 | ac_cv_prog_CPP=$CPP | ||
3394 | fi | ||
3395 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 | ||
3396 | $as_echo "$CPP" >&6; } | ||
3397 | ac_preproc_ok=false | ||
3398 | for ac_c_preproc_warn_flag in '' yes | ||
3399 | do | ||
3400 | # Use a header file that comes with gcc, so configuring glibc | ||
3401 | # with a fresh cross-compiler works. | ||
3402 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
3403 | # <limits.h> exists even on freestanding compilers. | ||
3404 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
3405 | # not just through cpp. "Syntax error" is here to catch this case. | ||
3406 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3407 | /* end confdefs.h. */ | ||
3408 | #ifdef __STDC__ | ||
3409 | # include <limits.h> | ||
3410 | #else | ||
3411 | # include <assert.h> | ||
3412 | #endif | ||
3413 | Syntax error | ||
3414 | _ACEOF | ||
3415 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3416 | |||
3417 | else | ||
3418 | # Broken: fails on valid input. | ||
3419 | continue | ||
3420 | fi | ||
3421 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3422 | |||
3423 | # OK, works on sane cases. Now check whether nonexistent headers | ||
3424 | # can be detected and how. | ||
3425 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3426 | /* end confdefs.h. */ | ||
3427 | #include <ac_nonexistent.h> | ||
3428 | _ACEOF | ||
3429 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3430 | # Broken: success on invalid input. | ||
3431 | continue | ||
3432 | else | ||
3433 | # Passes both tests. | ||
3434 | ac_preproc_ok=: | ||
3435 | break | ||
3436 | fi | ||
3437 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3438 | |||
3439 | done | ||
3440 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
3441 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
3442 | if $ac_preproc_ok; then : | ||
3443 | |||
3444 | else | ||
3445 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
3446 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
3447 | as_fn_error $? "C preprocessor \"$CPP\" fails sanity check | ||
3448 | See \`config.log' for more details" "$LINENO" 5; } | ||
3449 | fi | ||
3450 | |||
3451 | ac_ext=c | ||
3452 | ac_cpp='$CPP $CPPFLAGS' | ||
3453 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3454 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3455 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3456 | |||
3457 | |||
3458 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 | ||
3459 | $as_echo_n "checking for grep that handles long lines and -e... " >&6; } | ||
3460 | if ${ac_cv_path_GREP+:} false; then : | ||
3461 | $as_echo_n "(cached) " >&6 | ||
3462 | else | ||
3463 | if test -z "$GREP"; then | ||
3464 | ac_path_GREP_found=false | ||
3465 | # Loop through the user's path and test for each of PROGNAME-LIST | ||
3466 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
3467 | for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin | ||
3468 | do | ||
3469 | IFS=$as_save_IFS | ||
3470 | test -z "$as_dir" && as_dir=. | ||
3471 | for ac_prog in grep ggrep; do | ||
3472 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
3473 | ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" | ||
3474 | as_fn_executable_p "$ac_path_GREP" || continue | ||
3475 | # Check for GNU ac_path_GREP and select it if it is found. | ||
3476 | # Check for GNU $ac_path_GREP | ||
3477 | case `"$ac_path_GREP" --version 2>&1` in | ||
3478 | *GNU*) | ||
3479 | ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; | ||
3480 | *) | ||
3481 | ac_count=0 | ||
3482 | $as_echo_n 0123456789 >"conftest.in" | ||
3483 | while : | ||
3484 | do | ||
3485 | cat "conftest.in" "conftest.in" >"conftest.tmp" | ||
3486 | mv "conftest.tmp" "conftest.in" | ||
3487 | cp "conftest.in" "conftest.nl" | ||
3488 | $as_echo 'GREP' >> "conftest.nl" | ||
3489 | "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break | ||
3490 | diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break | ||
3491 | as_fn_arith $ac_count + 1 && ac_count=$as_val | ||
3492 | if test $ac_count -gt ${ac_path_GREP_max-0}; then | ||
3493 | # Best one so far, save it but keep looking for a better one | ||
3494 | ac_cv_path_GREP="$ac_path_GREP" | ||
3495 | ac_path_GREP_max=$ac_count | ||
3496 | fi | ||
3497 | # 10*(2^10) chars as input seems more than enough | ||
3498 | test $ac_count -gt 10 && break | ||
3499 | done | ||
3500 | rm -f conftest.in conftest.tmp conftest.nl conftest.out;; | ||
3501 | esac | ||
3502 | |||
3503 | $ac_path_GREP_found && break 3 | ||
3504 | done | ||
3505 | done | ||
3506 | done | ||
3507 | IFS=$as_save_IFS | ||
3508 | if test -z "$ac_cv_path_GREP"; then | ||
3509 | as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 | ||
3510 | fi | ||
3511 | else | ||
3512 | ac_cv_path_GREP=$GREP | ||
3513 | fi | ||
3514 | |||
3515 | fi | ||
3516 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 | ||
3517 | $as_echo "$ac_cv_path_GREP" >&6; } | ||
3518 | GREP="$ac_cv_path_GREP" | ||
3519 | |||
3520 | |||
3521 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 | ||
3522 | $as_echo_n "checking for egrep... " >&6; } | ||
3523 | if ${ac_cv_path_EGREP+:} false; then : | ||
3524 | $as_echo_n "(cached) " >&6 | ||
3525 | else | ||
3526 | if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 | ||
3527 | then ac_cv_path_EGREP="$GREP -E" | ||
3528 | else | ||
3529 | if test -z "$EGREP"; then | ||
3530 | ac_path_EGREP_found=false | ||
3531 | # Loop through the user's path and test for each of PROGNAME-LIST | ||
3532 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
3533 | for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin | ||
3534 | do | ||
3535 | IFS=$as_save_IFS | ||
3536 | test -z "$as_dir" && as_dir=. | ||
3537 | for ac_prog in egrep; do | ||
3538 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
3539 | ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" | ||
3540 | as_fn_executable_p "$ac_path_EGREP" || continue | ||
3541 | # Check for GNU ac_path_EGREP and select it if it is found. | ||
3542 | # Check for GNU $ac_path_EGREP | ||
3543 | case `"$ac_path_EGREP" --version 2>&1` in | ||
3544 | *GNU*) | ||
3545 | ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; | ||
3546 | *) | ||
3547 | ac_count=0 | ||
3548 | $as_echo_n 0123456789 >"conftest.in" | ||
3549 | while : | ||
3550 | do | ||
3551 | cat "conftest.in" "conftest.in" >"conftest.tmp" | ||
3552 | mv "conftest.tmp" "conftest.in" | ||
3553 | cp "conftest.in" "conftest.nl" | ||
3554 | $as_echo 'EGREP' >> "conftest.nl" | ||
3555 | "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break | ||
3556 | diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break | ||
3557 | as_fn_arith $ac_count + 1 && ac_count=$as_val | ||
3558 | if test $ac_count -gt ${ac_path_EGREP_max-0}; then | ||
3559 | # Best one so far, save it but keep looking for a better one | ||
3560 | ac_cv_path_EGREP="$ac_path_EGREP" | ||
3561 | ac_path_EGREP_max=$ac_count | ||
3562 | fi | ||
3563 | # 10*(2^10) chars as input seems more than enough | ||
3564 | test $ac_count -gt 10 && break | ||
3565 | done | ||
3566 | rm -f conftest.in conftest.tmp conftest.nl conftest.out;; | ||
3567 | esac | ||
3568 | |||
3569 | $ac_path_EGREP_found && break 3 | ||
3570 | done | ||
3571 | done | ||
3572 | done | ||
3573 | IFS=$as_save_IFS | ||
3574 | if test -z "$ac_cv_path_EGREP"; then | ||
3575 | as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 | ||
3576 | fi | ||
3577 | else | ||
3578 | ac_cv_path_EGREP=$EGREP | ||
3579 | fi | ||
3580 | |||
3581 | fi | ||
3582 | fi | ||
3583 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 | ||
3584 | $as_echo "$ac_cv_path_EGREP" >&6; } | ||
3585 | EGREP="$ac_cv_path_EGREP" | ||
3586 | |||
3587 | |||
3588 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 | ||
3589 | $as_echo_n "checking for ANSI C header files... " >&6; } | ||
3590 | if ${ac_cv_header_stdc+:} false; then : | ||
3591 | $as_echo_n "(cached) " >&6 | ||
3592 | else | ||
3593 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3594 | /* end confdefs.h. */ | ||
3595 | #include <stdlib.h> | ||
3596 | #include <stdarg.h> | ||
3597 | #include <string.h> | ||
3598 | #include <float.h> | ||
3599 | |||
3600 | int | ||
3601 | main () | ||
3602 | { | ||
3603 | |||
3604 | ; | ||
3605 | return 0; | ||
3606 | } | ||
3607 | _ACEOF | ||
3608 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3609 | ac_cv_header_stdc=yes | ||
3610 | else | ||
3611 | ac_cv_header_stdc=no | ||
3612 | fi | ||
3613 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3614 | |||
3615 | if test $ac_cv_header_stdc = yes; then | ||
3616 | # SunOS 4.x string.h does not declare mem*, contrary to ANSI. | ||
3617 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3618 | /* end confdefs.h. */ | ||
3619 | #include <string.h> | ||
3620 | |||
3621 | _ACEOF | ||
3622 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
3623 | $EGREP "memchr" >/dev/null 2>&1; then : | ||
3624 | |||
3625 | else | ||
3626 | ac_cv_header_stdc=no | ||
3627 | fi | ||
3628 | rm -f conftest* | ||
3629 | |||
3630 | fi | ||
3631 | |||
3632 | if test $ac_cv_header_stdc = yes; then | ||
3633 | # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. | ||
3634 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3635 | /* end confdefs.h. */ | ||
3636 | #include <stdlib.h> | ||
3637 | |||
3638 | _ACEOF | ||
3639 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
3640 | $EGREP "free" >/dev/null 2>&1; then : | ||
3641 | |||
3642 | else | ||
3643 | ac_cv_header_stdc=no | ||
3644 | fi | ||
3645 | rm -f conftest* | ||
3646 | |||
3647 | fi | ||
3648 | |||
3649 | if test $ac_cv_header_stdc = yes; then | ||
3650 | # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. | ||
3651 | if test "$cross_compiling" = yes; then : | ||
3652 | : | ||
3653 | else | ||
3654 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3655 | /* end confdefs.h. */ | ||
3656 | #include <ctype.h> | ||
3657 | #include <stdlib.h> | ||
3658 | #if ((' ' & 0x0FF) == 0x020) | ||
3659 | # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') | ||
3660 | # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) | ||
3661 | #else | ||
3662 | # define ISLOWER(c) \ | ||
3663 | (('a' <= (c) && (c) <= 'i') \ | ||
3664 | || ('j' <= (c) && (c) <= 'r') \ | ||
3665 | || ('s' <= (c) && (c) <= 'z')) | ||
3666 | # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) | ||
3667 | #endif | ||
3668 | |||
3669 | #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) | ||
3670 | int | ||
3671 | main () | ||
3672 | { | ||
3673 | int i; | ||
3674 | for (i = 0; i < 256; i++) | ||
3675 | if (XOR (islower (i), ISLOWER (i)) | ||
3676 | || toupper (i) != TOUPPER (i)) | ||
3677 | return 2; | ||
3678 | return 0; | ||
3679 | } | ||
3680 | _ACEOF | ||
3681 | if ac_fn_c_try_run "$LINENO"; then : | ||
3682 | |||
3683 | else | ||
3684 | ac_cv_header_stdc=no | ||
3685 | fi | ||
3686 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
3687 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
3688 | fi | ||
3689 | |||
3690 | fi | ||
3691 | fi | ||
3692 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 | ||
3693 | $as_echo "$ac_cv_header_stdc" >&6; } | ||
3694 | if test $ac_cv_header_stdc = yes; then | ||
3695 | |||
3696 | $as_echo "#define STDC_HEADERS 1" >>confdefs.h | ||
3697 | |||
3698 | fi | ||
3699 | |||
3700 | # On IRIX 5.3, sys/types and inttypes.h are conflicting. | ||
3701 | for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ | ||
3702 | inttypes.h stdint.h unistd.h | ||
3703 | do : | ||
3704 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
3705 | ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default | ||
3706 | " | ||
3707 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
3708 | cat >>confdefs.h <<_ACEOF | ||
3709 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
3710 | _ACEOF | ||
3711 | |||
3712 | fi | ||
3713 | |||
3714 | done | ||
3715 | |||
3716 | |||
3717 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 | ||
3718 | $as_echo_n "checking whether byte ordering is bigendian... " >&6; } | ||
3719 | if ${ac_cv_c_bigendian+:} false; then : | ||
3720 | $as_echo_n "(cached) " >&6 | ||
3721 | else | ||
3722 | ac_cv_c_bigendian=unknown | ||
3723 | # See if we're dealing with a universal compiler. | ||
3724 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3725 | /* end confdefs.h. */ | ||
3726 | #ifndef __APPLE_CC__ | ||
3727 | not a universal capable compiler | ||
3728 | #endif | ||
3729 | typedef int dummy; | ||
3730 | |||
3731 | _ACEOF | ||
3732 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3733 | |||
3734 | # Check for potential -arch flags. It is not universal unless | ||
3735 | # there are at least two -arch flags with different values. | ||
3736 | ac_arch= | ||
3737 | ac_prev= | ||
3738 | for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do | ||
3739 | if test -n "$ac_prev"; then | ||
3740 | case $ac_word in | ||
3741 | i?86 | x86_64 | ppc | ppc64) | ||
3742 | if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then | ||
3743 | ac_arch=$ac_word | ||
3744 | else | ||
3745 | ac_cv_c_bigendian=universal | ||
3746 | break | ||
3747 | fi | ||
3748 | ;; | ||
3749 | esac | ||
3750 | ac_prev= | ||
3751 | elif test "x$ac_word" = "x-arch"; then | ||
3752 | ac_prev=arch | ||
3753 | fi | ||
3754 | done | ||
3755 | fi | ||
3756 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3757 | if test $ac_cv_c_bigendian = unknown; then | ||
3758 | # See if sys/param.h defines the BYTE_ORDER macro. | ||
3759 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3760 | /* end confdefs.h. */ | ||
3761 | #include <sys/types.h> | ||
3762 | #include <sys/param.h> | ||
3763 | |||
3764 | int | ||
3765 | main () | ||
3766 | { | ||
3767 | #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ | ||
3768 | && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ | ||
3769 | && LITTLE_ENDIAN) | ||
3770 | bogus endian macros | ||
3771 | #endif | ||
3772 | |||
3773 | ; | ||
3774 | return 0; | ||
3775 | } | ||
3776 | _ACEOF | ||
3777 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3778 | # It does; now see whether it defined to BIG_ENDIAN or not. | ||
3779 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3780 | /* end confdefs.h. */ | ||
3781 | #include <sys/types.h> | ||
3782 | #include <sys/param.h> | ||
3783 | |||
3784 | int | ||
3785 | main () | ||
3786 | { | ||
3787 | #if BYTE_ORDER != BIG_ENDIAN | ||
3788 | not big endian | ||
3789 | #endif | ||
3790 | |||
3791 | ; | ||
3792 | return 0; | ||
3793 | } | ||
3794 | _ACEOF | ||
3795 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3796 | ac_cv_c_bigendian=yes | ||
3797 | else | ||
3798 | ac_cv_c_bigendian=no | ||
3799 | fi | ||
3800 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3801 | fi | ||
3802 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3803 | fi | ||
3804 | if test $ac_cv_c_bigendian = unknown; then | ||
3805 | # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). | ||
3806 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3807 | /* end confdefs.h. */ | ||
3808 | #include <limits.h> | ||
3809 | |||
3810 | int | ||
3811 | main () | ||
3812 | { | ||
3813 | #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) | ||
3814 | bogus endian macros | ||
3815 | #endif | ||
3816 | |||
3817 | ; | ||
3818 | return 0; | ||
3819 | } | ||
3820 | _ACEOF | ||
3821 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3822 | # It does; now see whether it defined to _BIG_ENDIAN or not. | ||
3823 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3824 | /* end confdefs.h. */ | ||
3825 | #include <limits.h> | ||
3826 | |||
3827 | int | ||
3828 | main () | ||
3829 | { | ||
3830 | #ifndef _BIG_ENDIAN | ||
3831 | not big endian | ||
3832 | #endif | ||
3833 | |||
3834 | ; | ||
3835 | return 0; | ||
3836 | } | ||
3837 | _ACEOF | ||
3838 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3839 | ac_cv_c_bigendian=yes | ||
3840 | else | ||
3841 | ac_cv_c_bigendian=no | ||
3842 | fi | ||
3843 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3844 | fi | ||
3845 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3846 | fi | ||
3847 | if test $ac_cv_c_bigendian = unknown; then | ||
3848 | # Compile a test program. | ||
3849 | if test "$cross_compiling" = yes; then : | ||
3850 | # Try to guess by grepping values from an object file. | ||
3851 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3852 | /* end confdefs.h. */ | ||
3853 | short int ascii_mm[] = | ||
3854 | { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; | ||
3855 | short int ascii_ii[] = | ||
3856 | { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; | ||
3857 | int use_ascii (int i) { | ||
3858 | return ascii_mm[i] + ascii_ii[i]; | ||
3859 | } | ||
3860 | short int ebcdic_ii[] = | ||
3861 | { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; | ||
3862 | short int ebcdic_mm[] = | ||
3863 | { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; | ||
3864 | int use_ebcdic (int i) { | ||
3865 | return ebcdic_mm[i] + ebcdic_ii[i]; | ||
3866 | } | ||
3867 | extern int foo; | ||
3868 | |||
3869 | int | ||
3870 | main () | ||
3871 | { | ||
3872 | return use_ascii (foo) == use_ebcdic (foo); | ||
3873 | ; | ||
3874 | return 0; | ||
3875 | } | ||
3876 | _ACEOF | ||
3877 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3878 | if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then | ||
3879 | ac_cv_c_bigendian=yes | ||
3880 | fi | ||
3881 | if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then | ||
3882 | if test "$ac_cv_c_bigendian" = unknown; then | ||
3883 | ac_cv_c_bigendian=no | ||
3884 | else | ||
3885 | # finding both strings is unlikely to happen, but who knows? | ||
3886 | ac_cv_c_bigendian=unknown | ||
3887 | fi | ||
3888 | fi | ||
3889 | fi | ||
3890 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3891 | else | ||
3892 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3893 | /* end confdefs.h. */ | ||
3894 | $ac_includes_default | ||
3895 | int | ||
3896 | main () | ||
3897 | { | ||
3898 | |||
3899 | /* Are we little or big endian? From Harbison&Steele. */ | ||
3900 | union | ||
3901 | { | ||
3902 | long int l; | ||
3903 | char c[sizeof (long int)]; | ||
3904 | } u; | ||
3905 | u.l = 1; | ||
3906 | return u.c[sizeof (long int) - 1] == 1; | ||
3907 | |||
3908 | ; | ||
3909 | return 0; | ||
3910 | } | ||
3911 | _ACEOF | ||
3912 | if ac_fn_c_try_run "$LINENO"; then : | ||
3913 | ac_cv_c_bigendian=no | ||
3914 | else | ||
3915 | ac_cv_c_bigendian=yes | ||
3916 | fi | ||
3917 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
3918 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
3919 | fi | ||
3920 | |||
3921 | fi | ||
3922 | fi | ||
3923 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 | ||
3924 | $as_echo "$ac_cv_c_bigendian" >&6; } | ||
3925 | case $ac_cv_c_bigendian in #( | ||
3926 | yes) | ||
3927 | $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h | ||
3928 | ;; #( | ||
3929 | no) | ||
3930 | ;; #( | ||
3931 | universal) | ||
3932 | |||
3933 | $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h | ||
3934 | |||
3935 | ;; #( | ||
3936 | *) | ||
3937 | as_fn_error $? "unknown endianness | ||
3938 | presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; | ||
3939 | esac | ||
3940 | |||
3941 | |||
3942 | # Checks for programs. | ||
3943 | for ac_prog in gawk mawk nawk awk | ||
3944 | do | ||
3945 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
3946 | set dummy $ac_prog; ac_word=$2 | ||
3947 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
3948 | $as_echo_n "checking for $ac_word... " >&6; } | ||
3949 | if ${ac_cv_prog_AWK+:} false; then : | ||
3950 | $as_echo_n "(cached) " >&6 | ||
3951 | else | ||
3952 | if test -n "$AWK"; then | ||
3953 | ac_cv_prog_AWK="$AWK" # Let the user override the test. | ||
3954 | else | ||
3955 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
3956 | for as_dir in $PATH | ||
3957 | do | ||
3958 | IFS=$as_save_IFS | ||
3959 | test -z "$as_dir" && as_dir=. | ||
3960 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
3961 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
3962 | ac_cv_prog_AWK="$ac_prog" | ||
3963 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
3964 | break 2 | ||
3965 | fi | ||
3966 | done | ||
3967 | done | ||
3968 | IFS=$as_save_IFS | ||
3969 | |||
3970 | fi | ||
3971 | fi | ||
3972 | AWK=$ac_cv_prog_AWK | ||
3973 | if test -n "$AWK"; then | ||
3974 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 | ||
3975 | $as_echo "$AWK" >&6; } | ||
3976 | else | ||
3977 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
3978 | $as_echo "no" >&6; } | ||
3979 | fi | ||
3980 | |||
3981 | |||
3982 | test -n "$AWK" && break | ||
3983 | done | ||
3984 | |||
3985 | ac_ext=c | ||
3986 | ac_cpp='$CPP $CPPFLAGS' | ||
3987 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3988 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3989 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3990 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 | ||
3991 | $as_echo_n "checking how to run the C preprocessor... " >&6; } | ||
3992 | # On Suns, sometimes $CPP names a directory. | ||
3993 | if test -n "$CPP" && test -d "$CPP"; then | ||
3994 | CPP= | ||
3995 | fi | ||
3996 | if test -z "$CPP"; then | ||
3997 | if ${ac_cv_prog_CPP+:} false; then : | ||
3998 | $as_echo_n "(cached) " >&6 | ||
3999 | else | ||
4000 | # Double quotes because CPP needs to be expanded | ||
4001 | for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" | ||
4002 | do | ||
4003 | ac_preproc_ok=false | ||
4004 | for ac_c_preproc_warn_flag in '' yes | ||
4005 | do | ||
4006 | # Use a header file that comes with gcc, so configuring glibc | ||
4007 | # with a fresh cross-compiler works. | ||
4008 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
4009 | # <limits.h> exists even on freestanding compilers. | ||
4010 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
4011 | # not just through cpp. "Syntax error" is here to catch this case. | ||
4012 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4013 | /* end confdefs.h. */ | ||
4014 | #ifdef __STDC__ | ||
4015 | # include <limits.h> | ||
4016 | #else | ||
4017 | # include <assert.h> | ||
4018 | #endif | ||
4019 | Syntax error | ||
4020 | _ACEOF | ||
4021 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4022 | |||
4023 | else | ||
4024 | # Broken: fails on valid input. | ||
4025 | continue | ||
4026 | fi | ||
4027 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4028 | |||
4029 | # OK, works on sane cases. Now check whether nonexistent headers | ||
4030 | # can be detected and how. | ||
4031 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4032 | /* end confdefs.h. */ | ||
4033 | #include <ac_nonexistent.h> | ||
4034 | _ACEOF | ||
4035 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4036 | # Broken: success on invalid input. | ||
4037 | continue | ||
4038 | else | ||
4039 | # Passes both tests. | ||
4040 | ac_preproc_ok=: | ||
4041 | break | ||
4042 | fi | ||
4043 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4044 | |||
4045 | done | ||
4046 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
4047 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
4048 | if $ac_preproc_ok; then : | ||
4049 | break | ||
4050 | fi | ||
4051 | |||
4052 | done | ||
4053 | ac_cv_prog_CPP=$CPP | ||
4054 | |||
4055 | fi | ||
4056 | CPP=$ac_cv_prog_CPP | ||
4057 | else | ||
4058 | ac_cv_prog_CPP=$CPP | ||
4059 | fi | ||
4060 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 | ||
4061 | $as_echo "$CPP" >&6; } | ||
4062 | ac_preproc_ok=false | ||
4063 | for ac_c_preproc_warn_flag in '' yes | ||
4064 | do | ||
4065 | # Use a header file that comes with gcc, so configuring glibc | ||
4066 | # with a fresh cross-compiler works. | ||
4067 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
4068 | # <limits.h> exists even on freestanding compilers. | ||
4069 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
4070 | # not just through cpp. "Syntax error" is here to catch this case. | ||
4071 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4072 | /* end confdefs.h. */ | ||
4073 | #ifdef __STDC__ | ||
4074 | # include <limits.h> | ||
4075 | #else | ||
4076 | # include <assert.h> | ||
4077 | #endif | ||
4078 | Syntax error | ||
4079 | _ACEOF | ||
4080 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4081 | |||
4082 | else | ||
4083 | # Broken: fails on valid input. | ||
4084 | continue | ||
4085 | fi | ||
4086 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4087 | |||
4088 | # OK, works on sane cases. Now check whether nonexistent headers | ||
4089 | # can be detected and how. | ||
4090 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4091 | /* end confdefs.h. */ | ||
4092 | #include <ac_nonexistent.h> | ||
4093 | _ACEOF | ||
4094 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4095 | # Broken: success on invalid input. | ||
4096 | continue | ||
4097 | else | ||
4098 | # Passes both tests. | ||
4099 | ac_preproc_ok=: | ||
4100 | break | ||
4101 | fi | ||
4102 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4103 | |||
4104 | done | ||
4105 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
4106 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
4107 | if $ac_preproc_ok; then : | ||
4108 | |||
4109 | else | ||
4110 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
4111 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
4112 | as_fn_error $? "C preprocessor \"$CPP\" fails sanity check | ||
4113 | See \`config.log' for more details" "$LINENO" 5; } | ||
4114 | fi | ||
4115 | |||
4116 | ac_ext=c | ||
4117 | ac_cpp='$CPP $CPPFLAGS' | ||
4118 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
4119 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
4120 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
4121 | |||
4122 | if test -n "$ac_tool_prefix"; then | ||
4123 | # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. | ||
4124 | set dummy ${ac_tool_prefix}ranlib; ac_word=$2 | ||
4125 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4126 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4127 | if ${ac_cv_prog_RANLIB+:} false; then : | ||
4128 | $as_echo_n "(cached) " >&6 | ||
4129 | else | ||
4130 | if test -n "$RANLIB"; then | ||
4131 | ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. | ||
4132 | else | ||
4133 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4134 | for as_dir in $PATH | ||
4135 | do | ||
4136 | IFS=$as_save_IFS | ||
4137 | test -z "$as_dir" && as_dir=. | ||
4138 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4139 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4140 | ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" | ||
4141 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4142 | break 2 | ||
4143 | fi | ||
4144 | done | ||
4145 | done | ||
4146 | IFS=$as_save_IFS | ||
4147 | |||
4148 | fi | ||
4149 | fi | ||
4150 | RANLIB=$ac_cv_prog_RANLIB | ||
4151 | if test -n "$RANLIB"; then | ||
4152 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 | ||
4153 | $as_echo "$RANLIB" >&6; } | ||
4154 | else | ||
4155 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4156 | $as_echo "no" >&6; } | ||
4157 | fi | ||
4158 | |||
4159 | |||
4160 | fi | ||
4161 | if test -z "$ac_cv_prog_RANLIB"; then | ||
4162 | ac_ct_RANLIB=$RANLIB | ||
4163 | # Extract the first word of "ranlib", so it can be a program name with args. | ||
4164 | set dummy ranlib; ac_word=$2 | ||
4165 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4166 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4167 | if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : | ||
4168 | $as_echo_n "(cached) " >&6 | ||
4169 | else | ||
4170 | if test -n "$ac_ct_RANLIB"; then | ||
4171 | ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. | ||
4172 | else | ||
4173 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4174 | for as_dir in $PATH | ||
4175 | do | ||
4176 | IFS=$as_save_IFS | ||
4177 | test -z "$as_dir" && as_dir=. | ||
4178 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4179 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4180 | ac_cv_prog_ac_ct_RANLIB="ranlib" | ||
4181 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4182 | break 2 | ||
4183 | fi | ||
4184 | done | ||
4185 | done | ||
4186 | IFS=$as_save_IFS | ||
4187 | |||
4188 | fi | ||
4189 | fi | ||
4190 | ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB | ||
4191 | if test -n "$ac_ct_RANLIB"; then | ||
4192 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 | ||
4193 | $as_echo "$ac_ct_RANLIB" >&6; } | ||
4194 | else | ||
4195 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4196 | $as_echo "no" >&6; } | ||
4197 | fi | ||
4198 | |||
4199 | if test "x$ac_ct_RANLIB" = x; then | ||
4200 | RANLIB=":" | ||
4201 | else | ||
4202 | case $cross_compiling:$ac_tool_warned in | ||
4203 | yes:) | ||
4204 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
4205 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
4206 | ac_tool_warned=yes ;; | ||
4207 | esac | ||
4208 | RANLIB=$ac_ct_RANLIB | ||
4209 | fi | ||
4210 | else | ||
4211 | RANLIB="$ac_cv_prog_RANLIB" | ||
4212 | fi | ||
4213 | |||
4214 | # Find a good install program. We prefer a C program (faster), | ||
4215 | # so one script is as good as another. But avoid the broken or | ||
4216 | # incompatible versions: | ||
4217 | # SysV /etc/install, /usr/sbin/install | ||
4218 | # SunOS /usr/etc/install | ||
4219 | # IRIX /sbin/install | ||
4220 | # AIX /bin/install | ||
4221 | # AmigaOS /C/install, which installs bootblocks on floppy discs | ||
4222 | # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag | ||
4223 | # AFS /usr/afsws/bin/install, which mishandles nonexistent args | ||
4224 | # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" | ||
4225 | # OS/2's system install, which has a completely different semantic | ||
4226 | # ./install, which can be erroneously created by make from ./install.sh. | ||
4227 | # Reject install programs that cannot install multiple files. | ||
4228 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 | ||
4229 | $as_echo_n "checking for a BSD-compatible install... " >&6; } | ||
4230 | if test -z "$INSTALL"; then | ||
4231 | if ${ac_cv_path_install+:} false; then : | ||
4232 | $as_echo_n "(cached) " >&6 | ||
4233 | else | ||
4234 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4235 | for as_dir in $PATH | ||
4236 | do | ||
4237 | IFS=$as_save_IFS | ||
4238 | test -z "$as_dir" && as_dir=. | ||
4239 | # Account for people who put trailing slashes in PATH elements. | ||
4240 | case $as_dir/ in #(( | ||
4241 | ./ | .// | /[cC]/* | \ | ||
4242 | /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ | ||
4243 | ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ | ||
4244 | /usr/ucb/* ) ;; | ||
4245 | *) | ||
4246 | # OSF1 and SCO ODT 3.0 have their own names for install. | ||
4247 | # Don't use installbsd from OSF since it installs stuff as root | ||
4248 | # by default. | ||
4249 | for ac_prog in ginstall scoinst install; do | ||
4250 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4251 | if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then | ||
4252 | if test $ac_prog = install && | ||
4253 | grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then | ||
4254 | # AIX install. It has an incompatible calling convention. | ||
4255 | : | ||
4256 | elif test $ac_prog = install && | ||
4257 | grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then | ||
4258 | # program-specific install script used by HP pwplus--don't use. | ||
4259 | : | ||
4260 | else | ||
4261 | rm -rf conftest.one conftest.two conftest.dir | ||
4262 | echo one > conftest.one | ||
4263 | echo two > conftest.two | ||
4264 | mkdir conftest.dir | ||
4265 | if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && | ||
4266 | test -s conftest.one && test -s conftest.two && | ||
4267 | test -s conftest.dir/conftest.one && | ||
4268 | test -s conftest.dir/conftest.two | ||
4269 | then | ||
4270 | ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" | ||
4271 | break 3 | ||
4272 | fi | ||
4273 | fi | ||
4274 | fi | ||
4275 | done | ||
4276 | done | ||
4277 | ;; | ||
4278 | esac | ||
4279 | |||
4280 | done | ||
4281 | IFS=$as_save_IFS | ||
4282 | |||
4283 | rm -rf conftest.one conftest.two conftest.dir | ||
4284 | |||
4285 | fi | ||
4286 | if test "${ac_cv_path_install+set}" = set; then | ||
4287 | INSTALL=$ac_cv_path_install | ||
4288 | else | ||
4289 | # As a last resort, use the slow shell script. Don't cache a | ||
4290 | # value for INSTALL within a source directory, because that will | ||
4291 | # break other packages using the cache if that directory is | ||
4292 | # removed, or if the value is a relative name. | ||
4293 | INSTALL=$ac_install_sh | ||
4294 | fi | ||
4295 | fi | ||
4296 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 | ||
4297 | $as_echo "$INSTALL" >&6; } | ||
4298 | |||
4299 | # Use test -z because SunOS4 sh mishandles braces in ${var-val}. | ||
4300 | # It thinks the first close brace ends the variable substitution. | ||
4301 | test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' | ||
4302 | |||
4303 | test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' | ||
4304 | |||
4305 | test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' | ||
4306 | |||
4307 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 | ||
4308 | $as_echo_n "checking for egrep... " >&6; } | ||
4309 | if ${ac_cv_path_EGREP+:} false; then : | ||
4310 | $as_echo_n "(cached) " >&6 | ||
4311 | else | ||
4312 | if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 | ||
4313 | then ac_cv_path_EGREP="$GREP -E" | ||
4314 | else | ||
4315 | if test -z "$EGREP"; then | ||
4316 | ac_path_EGREP_found=false | ||
4317 | # Loop through the user's path and test for each of PROGNAME-LIST | ||
4318 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4319 | for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin | ||
4320 | do | ||
4321 | IFS=$as_save_IFS | ||
4322 | test -z "$as_dir" && as_dir=. | ||
4323 | for ac_prog in egrep; do | ||
4324 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4325 | ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" | ||
4326 | as_fn_executable_p "$ac_path_EGREP" || continue | ||
4327 | # Check for GNU ac_path_EGREP and select it if it is found. | ||
4328 | # Check for GNU $ac_path_EGREP | ||
4329 | case `"$ac_path_EGREP" --version 2>&1` in | ||
4330 | *GNU*) | ||
4331 | ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; | ||
4332 | *) | ||
4333 | ac_count=0 | ||
4334 | $as_echo_n 0123456789 >"conftest.in" | ||
4335 | while : | ||
4336 | do | ||
4337 | cat "conftest.in" "conftest.in" >"conftest.tmp" | ||
4338 | mv "conftest.tmp" "conftest.in" | ||
4339 | cp "conftest.in" "conftest.nl" | ||
4340 | $as_echo 'EGREP' >> "conftest.nl" | ||
4341 | "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break | ||
4342 | diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break | ||
4343 | as_fn_arith $ac_count + 1 && ac_count=$as_val | ||
4344 | if test $ac_count -gt ${ac_path_EGREP_max-0}; then | ||
4345 | # Best one so far, save it but keep looking for a better one | ||
4346 | ac_cv_path_EGREP="$ac_path_EGREP" | ||
4347 | ac_path_EGREP_max=$ac_count | ||
4348 | fi | ||
4349 | # 10*(2^10) chars as input seems more than enough | ||
4350 | test $ac_count -gt 10 && break | ||
4351 | done | ||
4352 | rm -f conftest.in conftest.tmp conftest.nl conftest.out;; | ||
4353 | esac | ||
4354 | |||
4355 | $ac_path_EGREP_found && break 3 | ||
4356 | done | ||
4357 | done | ||
4358 | done | ||
4359 | IFS=$as_save_IFS | ||
4360 | if test -z "$ac_cv_path_EGREP"; then | ||
4361 | as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 | ||
4362 | fi | ||
4363 | else | ||
4364 | ac_cv_path_EGREP=$EGREP | ||
4365 | fi | ||
4366 | |||
4367 | fi | ||
4368 | fi | ||
4369 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 | ||
4370 | $as_echo "$ac_cv_path_EGREP" >&6; } | ||
4371 | EGREP="$ac_cv_path_EGREP" | ||
4372 | |||
4373 | |||
4374 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 | ||
4375 | $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } | ||
4376 | if test -z "$MKDIR_P"; then | ||
4377 | if ${ac_cv_path_mkdir+:} false; then : | ||
4378 | $as_echo_n "(cached) " >&6 | ||
4379 | else | ||
4380 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4381 | for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin | ||
4382 | do | ||
4383 | IFS=$as_save_IFS | ||
4384 | test -z "$as_dir" && as_dir=. | ||
4385 | for ac_prog in mkdir gmkdir; do | ||
4386 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4387 | as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue | ||
4388 | case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( | ||
4389 | 'mkdir (GNU coreutils) '* | \ | ||
4390 | 'mkdir (coreutils) '* | \ | ||
4391 | 'mkdir (fileutils) '4.1*) | ||
4392 | ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext | ||
4393 | break 3;; | ||
4394 | esac | ||
4395 | done | ||
4396 | done | ||
4397 | done | ||
4398 | IFS=$as_save_IFS | ||
4399 | |||
4400 | fi | ||
4401 | |||
4402 | test -d ./--version && rmdir ./--version | ||
4403 | if test "${ac_cv_path_mkdir+set}" = set; then | ||
4404 | MKDIR_P="$ac_cv_path_mkdir -p" | ||
4405 | else | ||
4406 | # As a last resort, use the slow shell script. Don't cache a | ||
4407 | # value for MKDIR_P within a source directory, because that will | ||
4408 | # break other packages using the cache if that directory is | ||
4409 | # removed, or if the value is a relative name. | ||
4410 | MKDIR_P="$ac_install_sh -d" | ||
4411 | fi | ||
4412 | fi | ||
4413 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 | ||
4414 | $as_echo "$MKDIR_P" >&6; } | ||
4415 | |||
4416 | if test -n "$ac_tool_prefix"; then | ||
4417 | for ac_prog in ar | ||
4418 | do | ||
4419 | # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. | ||
4420 | set dummy $ac_tool_prefix$ac_prog; ac_word=$2 | ||
4421 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4422 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4423 | if ${ac_cv_prog_AR+:} false; then : | ||
4424 | $as_echo_n "(cached) " >&6 | ||
4425 | else | ||
4426 | if test -n "$AR"; then | ||
4427 | ac_cv_prog_AR="$AR" # Let the user override the test. | ||
4428 | else | ||
4429 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4430 | for as_dir in $PATH | ||
4431 | do | ||
4432 | IFS=$as_save_IFS | ||
4433 | test -z "$as_dir" && as_dir=. | ||
4434 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4435 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4436 | ac_cv_prog_AR="$ac_tool_prefix$ac_prog" | ||
4437 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4438 | break 2 | ||
4439 | fi | ||
4440 | done | ||
4441 | done | ||
4442 | IFS=$as_save_IFS | ||
4443 | |||
4444 | fi | ||
4445 | fi | ||
4446 | AR=$ac_cv_prog_AR | ||
4447 | if test -n "$AR"; then | ||
4448 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 | ||
4449 | $as_echo "$AR" >&6; } | ||
4450 | else | ||
4451 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4452 | $as_echo "no" >&6; } | ||
4453 | fi | ||
4454 | |||
4455 | |||
4456 | test -n "$AR" && break | ||
4457 | done | ||
4458 | fi | ||
4459 | if test -z "$AR"; then | ||
4460 | ac_ct_AR=$AR | ||
4461 | for ac_prog in ar | ||
4462 | do | ||
4463 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
4464 | set dummy $ac_prog; ac_word=$2 | ||
4465 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4466 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4467 | if ${ac_cv_prog_ac_ct_AR+:} false; then : | ||
4468 | $as_echo_n "(cached) " >&6 | ||
4469 | else | ||
4470 | if test -n "$ac_ct_AR"; then | ||
4471 | ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. | ||
4472 | else | ||
4473 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4474 | for as_dir in $PATH | ||
4475 | do | ||
4476 | IFS=$as_save_IFS | ||
4477 | test -z "$as_dir" && as_dir=. | ||
4478 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4479 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4480 | ac_cv_prog_ac_ct_AR="$ac_prog" | ||
4481 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4482 | break 2 | ||
4483 | fi | ||
4484 | done | ||
4485 | done | ||
4486 | IFS=$as_save_IFS | ||
4487 | |||
4488 | fi | ||
4489 | fi | ||
4490 | ac_ct_AR=$ac_cv_prog_ac_ct_AR | ||
4491 | if test -n "$ac_ct_AR"; then | ||
4492 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 | ||
4493 | $as_echo "$ac_ct_AR" >&6; } | ||
4494 | else | ||
4495 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4496 | $as_echo "no" >&6; } | ||
4497 | fi | ||
4498 | |||
4499 | |||
4500 | test -n "$ac_ct_AR" && break | ||
4501 | done | ||
4502 | |||
4503 | if test "x$ac_ct_AR" = x; then | ||
4504 | AR="" | ||
4505 | else | ||
4506 | case $cross_compiling:$ac_tool_warned in | ||
4507 | yes:) | ||
4508 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
4509 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
4510 | ac_tool_warned=yes ;; | ||
4511 | esac | ||
4512 | AR=$ac_ct_AR | ||
4513 | fi | ||
4514 | fi | ||
4515 | |||
4516 | # Extract the first word of "cat", so it can be a program name with args. | ||
4517 | set dummy cat; ac_word=$2 | ||
4518 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4519 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4520 | if ${ac_cv_path_CAT+:} false; then : | ||
4521 | $as_echo_n "(cached) " >&6 | ||
4522 | else | ||
4523 | case $CAT in | ||
4524 | [\\/]* | ?:[\\/]*) | ||
4525 | ac_cv_path_CAT="$CAT" # Let the user override the test with a path. | ||
4526 | ;; | ||
4527 | *) | ||
4528 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4529 | for as_dir in $PATH | ||
4530 | do | ||
4531 | IFS=$as_save_IFS | ||
4532 | test -z "$as_dir" && as_dir=. | ||
4533 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4534 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4535 | ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext" | ||
4536 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4537 | break 2 | ||
4538 | fi | ||
4539 | done | ||
4540 | done | ||
4541 | IFS=$as_save_IFS | ||
4542 | |||
4543 | ;; | ||
4544 | esac | ||
4545 | fi | ||
4546 | CAT=$ac_cv_path_CAT | ||
4547 | if test -n "$CAT"; then | ||
4548 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5 | ||
4549 | $as_echo "$CAT" >&6; } | ||
4550 | else | ||
4551 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4552 | $as_echo "no" >&6; } | ||
4553 | fi | ||
4554 | |||
4555 | |||
4556 | # Extract the first word of "kill", so it can be a program name with args. | ||
4557 | set dummy kill; ac_word=$2 | ||
4558 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4559 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4560 | if ${ac_cv_path_KILL+:} false; then : | ||
4561 | $as_echo_n "(cached) " >&6 | ||
4562 | else | ||
4563 | case $KILL in | ||
4564 | [\\/]* | ?:[\\/]*) | ||
4565 | ac_cv_path_KILL="$KILL" # Let the user override the test with a path. | ||
4566 | ;; | ||
4567 | *) | ||
4568 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4569 | for as_dir in $PATH | ||
4570 | do | ||
4571 | IFS=$as_save_IFS | ||
4572 | test -z "$as_dir" && as_dir=. | ||
4573 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4574 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4575 | ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" | ||
4576 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4577 | break 2 | ||
4578 | fi | ||
4579 | done | ||
4580 | done | ||
4581 | IFS=$as_save_IFS | ||
4582 | |||
4583 | ;; | ||
4584 | esac | ||
4585 | fi | ||
4586 | KILL=$ac_cv_path_KILL | ||
4587 | if test -n "$KILL"; then | ||
4588 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 | ||
4589 | $as_echo "$KILL" >&6; } | ||
4590 | else | ||
4591 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4592 | $as_echo "no" >&6; } | ||
4593 | fi | ||
4594 | |||
4595 | |||
4596 | # Extract the first word of "sed", so it can be a program name with args. | ||
4597 | set dummy sed; ac_word=$2 | ||
4598 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4599 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4600 | if ${ac_cv_path_SED+:} false; then : | ||
4601 | $as_echo_n "(cached) " >&6 | ||
4602 | else | ||
4603 | case $SED in | ||
4604 | [\\/]* | ?:[\\/]*) | ||
4605 | ac_cv_path_SED="$SED" # Let the user override the test with a path. | ||
4606 | ;; | ||
4607 | *) | ||
4608 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4609 | for as_dir in $PATH | ||
4610 | do | ||
4611 | IFS=$as_save_IFS | ||
4612 | test -z "$as_dir" && as_dir=. | ||
4613 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4614 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4615 | ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" | ||
4616 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4617 | break 2 | ||
4618 | fi | ||
4619 | done | ||
4620 | done | ||
4621 | IFS=$as_save_IFS | ||
4622 | |||
4623 | ;; | ||
4624 | esac | ||
4625 | fi | ||
4626 | SED=$ac_cv_path_SED | ||
4627 | if test -n "$SED"; then | ||
4628 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5 | ||
4629 | $as_echo "$SED" >&6; } | ||
4630 | else | ||
4631 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4632 | $as_echo "no" >&6; } | ||
4633 | fi | ||
4634 | |||
4635 | |||
4636 | # Extract the first word of "ent", so it can be a program name with args. | ||
4637 | set dummy ent; ac_word=$2 | ||
4638 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4639 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4640 | if ${ac_cv_path_ENT+:} false; then : | ||
4641 | $as_echo_n "(cached) " >&6 | ||
4642 | else | ||
4643 | case $ENT in | ||
4644 | [\\/]* | ?:[\\/]*) | ||
4645 | ac_cv_path_ENT="$ENT" # Let the user override the test with a path. | ||
4646 | ;; | ||
4647 | *) | ||
4648 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4649 | for as_dir in $PATH | ||
4650 | do | ||
4651 | IFS=$as_save_IFS | ||
4652 | test -z "$as_dir" && as_dir=. | ||
4653 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4654 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4655 | ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext" | ||
4656 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4657 | break 2 | ||
4658 | fi | ||
4659 | done | ||
4660 | done | ||
4661 | IFS=$as_save_IFS | ||
4662 | |||
4663 | ;; | ||
4664 | esac | ||
4665 | fi | ||
4666 | ENT=$ac_cv_path_ENT | ||
4667 | if test -n "$ENT"; then | ||
4668 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5 | ||
4669 | $as_echo "$ENT" >&6; } | ||
4670 | else | ||
4671 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4672 | $as_echo "no" >&6; } | ||
4673 | fi | ||
4674 | |||
4675 | |||
4676 | |||
4677 | # Extract the first word of "bash", so it can be a program name with args. | ||
4678 | set dummy bash; ac_word=$2 | ||
4679 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4680 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4681 | if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : | ||
4682 | $as_echo_n "(cached) " >&6 | ||
4683 | else | ||
4684 | case $TEST_MINUS_S_SH in | ||
4685 | [\\/]* | ?:[\\/]*) | ||
4686 | ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. | ||
4687 | ;; | ||
4688 | *) | ||
4689 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4690 | for as_dir in $PATH | ||
4691 | do | ||
4692 | IFS=$as_save_IFS | ||
4693 | test -z "$as_dir" && as_dir=. | ||
4694 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4695 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4696 | ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4697 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4698 | break 2 | ||
4699 | fi | ||
4700 | done | ||
4701 | done | ||
4702 | IFS=$as_save_IFS | ||
4703 | |||
4704 | ;; | ||
4705 | esac | ||
4706 | fi | ||
4707 | TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH | ||
4708 | if test -n "$TEST_MINUS_S_SH"; then | ||
4709 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 | ||
4710 | $as_echo "$TEST_MINUS_S_SH" >&6; } | ||
4711 | else | ||
4712 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4713 | $as_echo "no" >&6; } | ||
4714 | fi | ||
4715 | |||
4716 | |||
4717 | # Extract the first word of "ksh", so it can be a program name with args. | ||
4718 | set dummy ksh; ac_word=$2 | ||
4719 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4720 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4721 | if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : | ||
4722 | $as_echo_n "(cached) " >&6 | ||
4723 | else | ||
4724 | case $TEST_MINUS_S_SH in | ||
4725 | [\\/]* | ?:[\\/]*) | ||
4726 | ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. | ||
4727 | ;; | ||
4728 | *) | ||
4729 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4730 | for as_dir in $PATH | ||
4731 | do | ||
4732 | IFS=$as_save_IFS | ||
4733 | test -z "$as_dir" && as_dir=. | ||
4734 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4735 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4736 | ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4737 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4738 | break 2 | ||
4739 | fi | ||
4740 | done | ||
4741 | done | ||
4742 | IFS=$as_save_IFS | ||
4743 | |||
4744 | ;; | ||
4745 | esac | ||
4746 | fi | ||
4747 | TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH | ||
4748 | if test -n "$TEST_MINUS_S_SH"; then | ||
4749 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 | ||
4750 | $as_echo "$TEST_MINUS_S_SH" >&6; } | ||
4751 | else | ||
4752 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4753 | $as_echo "no" >&6; } | ||
4754 | fi | ||
4755 | |||
4756 | |||
4757 | # Extract the first word of "sh", so it can be a program name with args. | ||
4758 | set dummy sh; ac_word=$2 | ||
4759 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4760 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4761 | if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : | ||
4762 | $as_echo_n "(cached) " >&6 | ||
4763 | else | ||
4764 | case $TEST_MINUS_S_SH in | ||
4765 | [\\/]* | ?:[\\/]*) | ||
4766 | ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. | ||
4767 | ;; | ||
4768 | *) | ||
4769 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4770 | for as_dir in $PATH | ||
4771 | do | ||
4772 | IFS=$as_save_IFS | ||
4773 | test -z "$as_dir" && as_dir=. | ||
4774 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4775 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4776 | ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4777 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4778 | break 2 | ||
4779 | fi | ||
4780 | done | ||
4781 | done | ||
4782 | IFS=$as_save_IFS | ||
4783 | |||
4784 | ;; | ||
4785 | esac | ||
4786 | fi | ||
4787 | TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH | ||
4788 | if test -n "$TEST_MINUS_S_SH"; then | ||
4789 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 | ||
4790 | $as_echo "$TEST_MINUS_S_SH" >&6; } | ||
4791 | else | ||
4792 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4793 | $as_echo "no" >&6; } | ||
4794 | fi | ||
4795 | |||
4796 | |||
4797 | # Extract the first word of "sh", so it can be a program name with args. | ||
4798 | set dummy sh; ac_word=$2 | ||
4799 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4800 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4801 | if ${ac_cv_path_SH+:} false; then : | ||
4802 | $as_echo_n "(cached) " >&6 | ||
4803 | else | ||
4804 | case $SH in | ||
4805 | [\\/]* | ?:[\\/]*) | ||
4806 | ac_cv_path_SH="$SH" # Let the user override the test with a path. | ||
4807 | ;; | ||
4808 | *) | ||
4809 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4810 | for as_dir in $PATH | ||
4811 | do | ||
4812 | IFS=$as_save_IFS | ||
4813 | test -z "$as_dir" && as_dir=. | ||
4814 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4815 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4816 | ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4817 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4818 | break 2 | ||
4819 | fi | ||
4820 | done | ||
4821 | done | ||
4822 | IFS=$as_save_IFS | ||
4823 | |||
4824 | ;; | ||
4825 | esac | ||
4826 | fi | ||
4827 | SH=$ac_cv_path_SH | ||
4828 | if test -n "$SH"; then | ||
4829 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 | ||
4830 | $as_echo "$SH" >&6; } | ||
4831 | else | ||
4832 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4833 | $as_echo "no" >&6; } | ||
4834 | fi | ||
4835 | |||
4836 | |||
4837 | # Extract the first word of "groff", so it can be a program name with args. | ||
4838 | set dummy groff; ac_word=$2 | ||
4839 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4840 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4841 | if ${ac_cv_path_GROFF+:} false; then : | ||
4842 | $as_echo_n "(cached) " >&6 | ||
4843 | else | ||
4844 | case $GROFF in | ||
4845 | [\\/]* | ?:[\\/]*) | ||
4846 | ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. | ||
4847 | ;; | ||
4848 | *) | ||
4849 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4850 | for as_dir in $PATH | ||
4851 | do | ||
4852 | IFS=$as_save_IFS | ||
4853 | test -z "$as_dir" && as_dir=. | ||
4854 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4855 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4856 | ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" | ||
4857 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4858 | break 2 | ||
4859 | fi | ||
4860 | done | ||
4861 | done | ||
4862 | IFS=$as_save_IFS | ||
4863 | |||
4864 | ;; | ||
4865 | esac | ||
4866 | fi | ||
4867 | GROFF=$ac_cv_path_GROFF | ||
4868 | if test -n "$GROFF"; then | ||
4869 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 | ||
4870 | $as_echo "$GROFF" >&6; } | ||
4871 | else | ||
4872 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4873 | $as_echo "no" >&6; } | ||
4874 | fi | ||
4875 | |||
4876 | |||
4877 | # Extract the first word of "nroff awf", so it can be a program name with args. | ||
4878 | set dummy nroff awf; ac_word=$2 | ||
4879 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4880 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4881 | if ${ac_cv_path_NROFF+:} false; then : | ||
4882 | $as_echo_n "(cached) " >&6 | ||
4883 | else | ||
4884 | case $NROFF in | ||
4885 | [\\/]* | ?:[\\/]*) | ||
4886 | ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. | ||
4887 | ;; | ||
4888 | *) | ||
4889 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4890 | for as_dir in $PATH | ||
4891 | do | ||
4892 | IFS=$as_save_IFS | ||
4893 | test -z "$as_dir" && as_dir=. | ||
4894 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4895 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4896 | ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" | ||
4897 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4898 | break 2 | ||
4899 | fi | ||
4900 | done | ||
4901 | done | ||
4902 | IFS=$as_save_IFS | ||
4903 | |||
4904 | ;; | ||
4905 | esac | ||
4906 | fi | ||
4907 | NROFF=$ac_cv_path_NROFF | ||
4908 | if test -n "$NROFF"; then | ||
4909 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 | ||
4910 | $as_echo "$NROFF" >&6; } | ||
4911 | else | ||
4912 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4913 | $as_echo "no" >&6; } | ||
4914 | fi | ||
4915 | |||
4916 | |||
4917 | # Extract the first word of "mandoc", so it can be a program name with args. | ||
4918 | set dummy mandoc; ac_word=$2 | ||
4919 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4920 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4921 | if ${ac_cv_path_MANDOC+:} false; then : | ||
4922 | $as_echo_n "(cached) " >&6 | ||
4923 | else | ||
4924 | case $MANDOC in | ||
4925 | [\\/]* | ?:[\\/]*) | ||
4926 | ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path. | ||
4927 | ;; | ||
4928 | *) | ||
4929 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4930 | for as_dir in $PATH | ||
4931 | do | ||
4932 | IFS=$as_save_IFS | ||
4933 | test -z "$as_dir" && as_dir=. | ||
4934 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4935 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4936 | ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext" | ||
4937 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4938 | break 2 | ||
4939 | fi | ||
4940 | done | ||
4941 | done | ||
4942 | IFS=$as_save_IFS | ||
4943 | |||
4944 | ;; | ||
4945 | esac | ||
4946 | fi | ||
4947 | MANDOC=$ac_cv_path_MANDOC | ||
4948 | if test -n "$MANDOC"; then | ||
4949 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5 | ||
4950 | $as_echo "$MANDOC" >&6; } | ||
4951 | else | ||
4952 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4953 | $as_echo "no" >&6; } | ||
4954 | fi | ||
4955 | |||
4956 | |||
4957 | TEST_SHELL=sh | ||
4958 | |||
4959 | |||
4960 | if test "x$MANDOC" != "x" ; then | ||
4961 | MANFMT="$MANDOC" | ||
4962 | elif test "x$NROFF" != "x" ; then | ||
4963 | MANFMT="$NROFF -mandoc" | ||
4964 | elif test "x$GROFF" != "x" ; then | ||
4965 | MANFMT="$GROFF -mandoc -Tascii" | ||
4966 | else | ||
4967 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatter found" >&5 | ||
4968 | $as_echo "$as_me: WARNING: no manpage formatter found" >&2;} | ||
4969 | MANFMT="false" | ||
4970 | fi | ||
4971 | |||
4972 | |||
4973 | # Extract the first word of "groupadd", so it can be a program name with args. | ||
4974 | set dummy groupadd; ac_word=$2 | ||
4975 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4976 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4977 | if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then : | ||
4978 | $as_echo_n "(cached) " >&6 | ||
4979 | else | ||
4980 | case $PATH_GROUPADD_PROG in | ||
4981 | [\\/]* | ?:[\\/]*) | ||
4982 | ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path. | ||
4983 | ;; | ||
4984 | *) | ||
4985 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4986 | for as_dir in /usr/sbin${PATH_SEPARATOR}/etc | ||
4987 | do | ||
4988 | IFS=$as_save_IFS | ||
4989 | test -z "$as_dir" && as_dir=. | ||
4990 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4991 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4992 | ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext" | ||
4993 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4994 | break 2 | ||
4995 | fi | ||
4996 | done | ||
4997 | done | ||
4998 | IFS=$as_save_IFS | ||
4999 | |||
5000 | test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd" | ||
5001 | ;; | ||
5002 | esac | ||
5003 | fi | ||
5004 | PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG | ||
5005 | if test -n "$PATH_GROUPADD_PROG"; then | ||
5006 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5 | ||
5007 | $as_echo "$PATH_GROUPADD_PROG" >&6; } | ||
5008 | else | ||
5009 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5010 | $as_echo "no" >&6; } | ||
5011 | fi | ||
5012 | |||
5013 | |||
5014 | # Extract the first word of "useradd", so it can be a program name with args. | ||
5015 | set dummy useradd; ac_word=$2 | ||
5016 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5017 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5018 | if ${ac_cv_path_PATH_USERADD_PROG+:} false; then : | ||
5019 | $as_echo_n "(cached) " >&6 | ||
5020 | else | ||
5021 | case $PATH_USERADD_PROG in | ||
5022 | [\\/]* | ?:[\\/]*) | ||
5023 | ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path. | ||
5024 | ;; | ||
5025 | *) | ||
5026 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5027 | for as_dir in /usr/sbin${PATH_SEPARATOR}/etc | ||
5028 | do | ||
5029 | IFS=$as_save_IFS | ||
5030 | test -z "$as_dir" && as_dir=. | ||
5031 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5032 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5033 | ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext" | ||
5034 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5035 | break 2 | ||
5036 | fi | ||
5037 | done | ||
5038 | done | ||
5039 | IFS=$as_save_IFS | ||
5040 | |||
5041 | test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd" | ||
5042 | ;; | ||
5043 | esac | ||
5044 | fi | ||
5045 | PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG | ||
5046 | if test -n "$PATH_USERADD_PROG"; then | ||
5047 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5 | ||
5048 | $as_echo "$PATH_USERADD_PROG" >&6; } | ||
5049 | else | ||
5050 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5051 | $as_echo "no" >&6; } | ||
5052 | fi | ||
5053 | |||
5054 | |||
5055 | # Extract the first word of "pkgmk", so it can be a program name with args. | ||
5056 | set dummy pkgmk; ac_word=$2 | ||
5057 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5058 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5059 | if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then : | ||
5060 | $as_echo_n "(cached) " >&6 | ||
5061 | else | ||
5062 | if test -n "$MAKE_PACKAGE_SUPPORTED"; then | ||
5063 | ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test. | ||
5064 | else | ||
5065 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5066 | for as_dir in $PATH | ||
5067 | do | ||
5068 | IFS=$as_save_IFS | ||
5069 | test -z "$as_dir" && as_dir=. | ||
5070 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5071 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5072 | ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes" | ||
5073 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5074 | break 2 | ||
5075 | fi | ||
5076 | done | ||
5077 | done | ||
5078 | IFS=$as_save_IFS | ||
5079 | |||
5080 | test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no" | ||
5081 | fi | ||
5082 | fi | ||
5083 | MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED | ||
5084 | if test -n "$MAKE_PACKAGE_SUPPORTED"; then | ||
5085 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5 | ||
5086 | $as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; } | ||
5087 | else | ||
5088 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5089 | $as_echo "no" >&6; } | ||
5090 | fi | ||
5091 | |||
5092 | |||
5093 | if test -x /sbin/sh; then | ||
5094 | STARTUP_SCRIPT_SHELL=/sbin/sh | ||
5095 | |||
5096 | else | ||
5097 | STARTUP_SCRIPT_SHELL=/bin/sh | ||
5098 | |||
5099 | fi | ||
5100 | |||
5101 | # System features | ||
5102 | # Check whether --enable-largefile was given. | ||
5103 | if test "${enable_largefile+set}" = set; then : | ||
5104 | enableval=$enable_largefile; | ||
5105 | fi | ||
5106 | |||
5107 | if test "$enable_largefile" != no; then | ||
5108 | |||
5109 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 | ||
5110 | $as_echo_n "checking for special C compiler options needed for large files... " >&6; } | ||
5111 | if ${ac_cv_sys_largefile_CC+:} false; then : | ||
5112 | $as_echo_n "(cached) " >&6 | ||
5113 | else | ||
5114 | ac_cv_sys_largefile_CC=no | ||
5115 | if test "$GCC" != yes; then | ||
5116 | ac_save_CC=$CC | ||
5117 | while :; do | ||
5118 | # IRIX 6.2 and later do not support large files by default, | ||
5119 | # so use the C compiler's -n32 option if that helps. | ||
5120 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5121 | /* end confdefs.h. */ | ||
5122 | #include <sys/types.h> | ||
5123 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5124 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5125 | since some C++ compilers masquerading as C compilers | ||
5126 | incorrectly reject 9223372036854775807. */ | ||
5127 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5128 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5129 | && LARGE_OFF_T % 2147483647 == 1) | ||
5130 | ? 1 : -1]; | ||
5131 | int | ||
5132 | main () | ||
5133 | { | ||
5134 | |||
5135 | ; | ||
5136 | return 0; | ||
5137 | } | ||
5138 | _ACEOF | ||
5139 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5140 | break | ||
5141 | fi | ||
5142 | rm -f core conftest.err conftest.$ac_objext | ||
5143 | CC="$CC -n32" | ||
5144 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5145 | ac_cv_sys_largefile_CC=' -n32'; break | ||
5146 | fi | ||
5147 | rm -f core conftest.err conftest.$ac_objext | ||
5148 | break | ||
5149 | done | ||
5150 | CC=$ac_save_CC | ||
5151 | rm -f conftest.$ac_ext | ||
5152 | fi | ||
5153 | fi | ||
5154 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 | ||
5155 | $as_echo "$ac_cv_sys_largefile_CC" >&6; } | ||
5156 | if test "$ac_cv_sys_largefile_CC" != no; then | ||
5157 | CC=$CC$ac_cv_sys_largefile_CC | ||
5158 | fi | ||
5159 | |||
5160 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 | ||
5161 | $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } | ||
5162 | if ${ac_cv_sys_file_offset_bits+:} false; then : | ||
5163 | $as_echo_n "(cached) " >&6 | ||
5164 | else | ||
5165 | while :; do | ||
5166 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5167 | /* end confdefs.h. */ | ||
5168 | #include <sys/types.h> | ||
5169 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5170 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5171 | since some C++ compilers masquerading as C compilers | ||
5172 | incorrectly reject 9223372036854775807. */ | ||
5173 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5174 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5175 | && LARGE_OFF_T % 2147483647 == 1) | ||
5176 | ? 1 : -1]; | ||
5177 | int | ||
5178 | main () | ||
5179 | { | ||
5180 | |||
5181 | ; | ||
5182 | return 0; | ||
5183 | } | ||
5184 | _ACEOF | ||
5185 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5186 | ac_cv_sys_file_offset_bits=no; break | ||
5187 | fi | ||
5188 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5189 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5190 | /* end confdefs.h. */ | ||
5191 | #define _FILE_OFFSET_BITS 64 | ||
5192 | #include <sys/types.h> | ||
5193 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5194 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5195 | since some C++ compilers masquerading as C compilers | ||
5196 | incorrectly reject 9223372036854775807. */ | ||
5197 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5198 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5199 | && LARGE_OFF_T % 2147483647 == 1) | ||
5200 | ? 1 : -1]; | ||
5201 | int | ||
5202 | main () | ||
5203 | { | ||
5204 | |||
5205 | ; | ||
5206 | return 0; | ||
5207 | } | ||
5208 | _ACEOF | ||
5209 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5210 | ac_cv_sys_file_offset_bits=64; break | ||
5211 | fi | ||
5212 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5213 | ac_cv_sys_file_offset_bits=unknown | ||
5214 | break | ||
5215 | done | ||
5216 | fi | ||
5217 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 | ||
5218 | $as_echo "$ac_cv_sys_file_offset_bits" >&6; } | ||
5219 | case $ac_cv_sys_file_offset_bits in #( | ||
5220 | no | unknown) ;; | ||
5221 | *) | ||
5222 | cat >>confdefs.h <<_ACEOF | ||
5223 | #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits | ||
5224 | _ACEOF | ||
5225 | ;; | ||
5226 | esac | ||
5227 | rm -rf conftest* | ||
5228 | if test $ac_cv_sys_file_offset_bits = unknown; then | ||
5229 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 | ||
5230 | $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } | ||
5231 | if ${ac_cv_sys_large_files+:} false; then : | ||
5232 | $as_echo_n "(cached) " >&6 | ||
5233 | else | ||
5234 | while :; do | ||
5235 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5236 | /* end confdefs.h. */ | ||
5237 | #include <sys/types.h> | ||
5238 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5239 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5240 | since some C++ compilers masquerading as C compilers | ||
5241 | incorrectly reject 9223372036854775807. */ | ||
5242 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5243 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5244 | && LARGE_OFF_T % 2147483647 == 1) | ||
5245 | ? 1 : -1]; | ||
5246 | int | ||
5247 | main () | ||
5248 | { | ||
5249 | |||
5250 | ; | ||
5251 | return 0; | ||
5252 | } | ||
5253 | _ACEOF | ||
5254 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5255 | ac_cv_sys_large_files=no; break | ||
5256 | fi | ||
5257 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5258 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5259 | /* end confdefs.h. */ | ||
5260 | #define _LARGE_FILES 1 | ||
5261 | #include <sys/types.h> | ||
5262 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5263 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5264 | since some C++ compilers masquerading as C compilers | ||
5265 | incorrectly reject 9223372036854775807. */ | ||
5266 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5267 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5268 | && LARGE_OFF_T % 2147483647 == 1) | ||
5269 | ? 1 : -1]; | ||
5270 | int | ||
5271 | main () | ||
5272 | { | ||
5273 | |||
5274 | ; | ||
5275 | return 0; | ||
5276 | } | ||
5277 | _ACEOF | ||
5278 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5279 | ac_cv_sys_large_files=1; break | ||
5280 | fi | ||
5281 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5282 | ac_cv_sys_large_files=unknown | ||
5283 | break | ||
5284 | done | ||
5285 | fi | ||
5286 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 | ||
5287 | $as_echo "$ac_cv_sys_large_files" >&6; } | ||
5288 | case $ac_cv_sys_large_files in #( | ||
5289 | no | unknown) ;; | ||
5290 | *) | ||
5291 | cat >>confdefs.h <<_ACEOF | ||
5292 | #define _LARGE_FILES $ac_cv_sys_large_files | ||
5293 | _ACEOF | ||
5294 | ;; | ||
5295 | esac | ||
5296 | rm -rf conftest* | ||
5297 | fi | ||
5298 | |||
5299 | |||
5300 | fi | ||
5301 | |||
5302 | |||
5303 | if test -z "$AR" ; then | ||
5304 | as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5 | ||
5305 | fi | ||
5306 | |||
5307 | # Extract the first word of "passwd", so it can be a program name with args. | ||
5308 | set dummy passwd; ac_word=$2 | ||
5309 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5310 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5311 | if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then : | ||
5312 | $as_echo_n "(cached) " >&6 | ||
5313 | else | ||
5314 | case $PATH_PASSWD_PROG in | ||
5315 | [\\/]* | ?:[\\/]*) | ||
5316 | ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path. | ||
5317 | ;; | ||
5318 | *) | ||
5319 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5320 | for as_dir in $PATH | ||
5321 | do | ||
5322 | IFS=$as_save_IFS | ||
5323 | test -z "$as_dir" && as_dir=. | ||
5324 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5325 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5326 | ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext" | ||
5327 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5328 | break 2 | ||
5329 | fi | ||
5330 | done | ||
5331 | done | ||
5332 | IFS=$as_save_IFS | ||
5333 | |||
5334 | ;; | ||
5335 | esac | ||
5336 | fi | ||
5337 | PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG | ||
5338 | if test -n "$PATH_PASSWD_PROG"; then | ||
5339 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5 | ||
5340 | $as_echo "$PATH_PASSWD_PROG" >&6; } | ||
5341 | else | ||
5342 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5343 | $as_echo "no" >&6; } | ||
5344 | fi | ||
5345 | |||
5346 | |||
5347 | if test ! -z "$PATH_PASSWD_PROG" ; then | ||
5348 | |||
5349 | cat >>confdefs.h <<_ACEOF | ||
5350 | #define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG" | ||
5351 | _ACEOF | ||
5352 | |||
5353 | fi | ||
5354 | |||
5355 | LD="$CC" | ||
5356 | |||
5357 | |||
5358 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 | ||
5359 | $as_echo_n "checking for inline... " >&6; } | ||
5360 | if ${ac_cv_c_inline+:} false; then : | ||
5361 | $as_echo_n "(cached) " >&6 | ||
5362 | else | ||
5363 | ac_cv_c_inline=no | ||
5364 | for ac_kw in inline __inline__ __inline; do | ||
5365 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5366 | /* end confdefs.h. */ | ||
5367 | #ifndef __cplusplus | ||
5368 | typedef int foo_t; | ||
5369 | static $ac_kw foo_t static_foo () {return 0; } | ||
5370 | $ac_kw foo_t foo () {return 0; } | ||
5371 | #endif | ||
5372 | |||
5373 | _ACEOF | ||
5374 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5375 | ac_cv_c_inline=$ac_kw | ||
5376 | fi | ||
5377 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5378 | test "$ac_cv_c_inline" != no && break | ||
5379 | done | ||
5380 | |||
5381 | fi | ||
5382 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 | ||
5383 | $as_echo "$ac_cv_c_inline" >&6; } | ||
5384 | |||
5385 | case $ac_cv_c_inline in | ||
5386 | inline | yes) ;; | ||
5387 | *) | ||
5388 | case $ac_cv_c_inline in | ||
5389 | no) ac_val=;; | ||
5390 | *) ac_val=$ac_cv_c_inline;; | ||
5391 | esac | ||
5392 | cat >>confdefs.h <<_ACEOF | ||
5393 | #ifndef __cplusplus | ||
5394 | #define inline $ac_val | ||
5395 | #endif | ||
5396 | _ACEOF | ||
5397 | ;; | ||
5398 | esac | ||
5399 | |||
5400 | |||
5401 | ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h> | ||
5402 | " | ||
5403 | if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : | ||
5404 | have_llong_max=1 | ||
5405 | fi | ||
5406 | |||
5407 | ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" " | ||
5408 | #include <sys/types.h> | ||
5409 | #include <sys/param.h> | ||
5410 | #include <dev/systrace.h> | ||
5411 | |||
5412 | " | ||
5413 | if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then : | ||
5414 | have_systr_policy_kill=1 | ||
5415 | fi | ||
5416 | |||
5417 | ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" " | ||
5418 | #include <sys/types.h> | ||
5419 | #include <sys/resource.h> | ||
5420 | |||
5421 | " | ||
5422 | if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then : | ||
5423 | |||
5424 | $as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h | ||
5425 | |||
5426 | fi | ||
5427 | |||
5428 | ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" " | ||
5429 | #include <sys/types.h> | ||
5430 | #include <linux/prctl.h> | ||
5431 | |||
5432 | " | ||
5433 | if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then : | ||
5434 | have_linux_no_new_privs=1 | ||
5435 | fi | ||
5436 | |||
5437 | |||
5438 | openssl=yes | ||
5439 | |||
5440 | # Check whether --with-openssl was given. | ||
5441 | if test "${with_openssl+set}" = set; then : | ||
5442 | withval=$with_openssl; if test "x$withval" = "xno" ; then | ||
5443 | openssl=no | ||
5444 | fi | ||
5445 | |||
5446 | |||
5447 | fi | ||
5448 | |||
5449 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL will be used for cryptography" >&5 | ||
5450 | $as_echo_n "checking whether OpenSSL will be used for cryptography... " >&6; } | ||
5451 | if test "x$openssl" = "xyes" ; then | ||
5452 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5453 | $as_echo "yes" >&6; } | ||
5454 | |||
5455 | cat >>confdefs.h <<_ACEOF | ||
5456 | #define WITH_OPENSSL 1 | ||
5457 | _ACEOF | ||
5458 | |||
5459 | else | ||
5460 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5461 | $as_echo "no" >&6; } | ||
5462 | fi | ||
5463 | |||
5464 | use_stack_protector=1 | ||
5465 | use_toolchain_hardening=1 | ||
5466 | |||
5467 | # Check whether --with-stackprotect was given. | ||
5468 | if test "${with_stackprotect+set}" = set; then : | ||
5469 | withval=$with_stackprotect; | ||
5470 | if test "x$withval" = "xno"; then | ||
5471 | use_stack_protector=0 | ||
5472 | fi | ||
5473 | fi | ||
5474 | |||
5475 | |||
5476 | # Check whether --with-hardening was given. | ||
5477 | if test "${with_hardening+set}" = set; then : | ||
5478 | withval=$with_hardening; | ||
5479 | if test "x$withval" = "xno"; then | ||
5480 | use_toolchain_hardening=0 | ||
5481 | fi | ||
5482 | fi | ||
5483 | |||
5484 | |||
5485 | # We use -Werror for the tests only so that we catch warnings like "this is | ||
5486 | # on by default" for things like -fPIE. | ||
5487 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5 | ||
5488 | $as_echo_n "checking if $CC supports -Werror... " >&6; } | ||
5489 | saved_CFLAGS="$CFLAGS" | ||
5490 | CFLAGS="$CFLAGS -Werror" | ||
5491 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5492 | /* end confdefs.h. */ | ||
5493 | int main(void) { return 0; } | ||
5494 | _ACEOF | ||
5495 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5496 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5497 | $as_echo "yes" >&6; } | ||
5498 | WERROR="-Werror" | ||
5499 | else | ||
5500 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5501 | $as_echo "no" >&6; } | ||
5502 | WERROR="" | ||
5503 | |||
5504 | fi | ||
5505 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5506 | CFLAGS="$saved_CFLAGS" | ||
5507 | |||
5508 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | ||
5509 | { | ||
5510 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -pipe" >&5 | ||
5511 | $as_echo_n "checking if $CC supports compile flag -pipe... " >&6; } | ||
5512 | saved_CFLAGS="$CFLAGS" | ||
5513 | CFLAGS="$CFLAGS $WERROR -pipe" | ||
5514 | _define_flag="" | ||
5515 | test "x$_define_flag" = "x" && _define_flag="-pipe" | ||
5516 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5517 | /* end confdefs.h. */ | ||
5518 | |||
5519 | #include <stdlib.h> | ||
5520 | #include <stdio.h> | ||
5521 | int main(int argc, char **argv) { | ||
5522 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5523 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5524 | float l = i * 2.1; | ||
5525 | double m = l / 0.5; | ||
5526 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5527 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5528 | exit(0); | ||
5529 | } | ||
5530 | |||
5531 | _ACEOF | ||
5532 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5533 | |||
5534 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5535 | then | ||
5536 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5537 | $as_echo "no" >&6; } | ||
5538 | CFLAGS="$saved_CFLAGS" | ||
5539 | else | ||
5540 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5541 | $as_echo "yes" >&6; } | ||
5542 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5543 | fi | ||
5544 | else | ||
5545 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5546 | $as_echo "no" >&6; } | ||
5547 | CFLAGS="$saved_CFLAGS" | ||
5548 | |||
5549 | fi | ||
5550 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5551 | } | ||
5552 | { | ||
5553 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5 | ||
5554 | $as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; } | ||
5555 | saved_CFLAGS="$CFLAGS" | ||
5556 | CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option" | ||
5557 | _define_flag="" | ||
5558 | test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option" | ||
5559 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5560 | /* end confdefs.h. */ | ||
5561 | |||
5562 | #include <stdlib.h> | ||
5563 | #include <stdio.h> | ||
5564 | int main(int argc, char **argv) { | ||
5565 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5566 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5567 | float l = i * 2.1; | ||
5568 | double m = l / 0.5; | ||
5569 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5570 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5571 | exit(0); | ||
5572 | } | ||
5573 | |||
5574 | _ACEOF | ||
5575 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5576 | |||
5577 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5578 | then | ||
5579 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5580 | $as_echo "no" >&6; } | ||
5581 | CFLAGS="$saved_CFLAGS" | ||
5582 | else | ||
5583 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5584 | $as_echo "yes" >&6; } | ||
5585 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5586 | fi | ||
5587 | else | ||
5588 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5589 | $as_echo "no" >&6; } | ||
5590 | CFLAGS="$saved_CFLAGS" | ||
5591 | |||
5592 | fi | ||
5593 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5594 | } | ||
5595 | { | ||
5596 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-error=format-truncation" >&5 | ||
5597 | $as_echo_n "checking if $CC supports compile flag -Wno-error=format-truncation... " >&6; } | ||
5598 | saved_CFLAGS="$CFLAGS" | ||
5599 | CFLAGS="$CFLAGS $WERROR -Wno-error=format-truncation" | ||
5600 | _define_flag="" | ||
5601 | test "x$_define_flag" = "x" && _define_flag="-Wno-error=format-truncation" | ||
5602 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5603 | /* end confdefs.h. */ | ||
5604 | |||
5605 | #include <stdlib.h> | ||
5606 | #include <stdio.h> | ||
5607 | int main(int argc, char **argv) { | ||
5608 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5609 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5610 | float l = i * 2.1; | ||
5611 | double m = l / 0.5; | ||
5612 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5613 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5614 | exit(0); | ||
5615 | } | ||
5616 | |||
5617 | _ACEOF | ||
5618 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5619 | |||
5620 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5621 | then | ||
5622 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5623 | $as_echo "no" >&6; } | ||
5624 | CFLAGS="$saved_CFLAGS" | ||
5625 | else | ||
5626 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5627 | $as_echo "yes" >&6; } | ||
5628 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5629 | fi | ||
5630 | else | ||
5631 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5632 | $as_echo "no" >&6; } | ||
5633 | CFLAGS="$saved_CFLAGS" | ||
5634 | |||
5635 | fi | ||
5636 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5637 | } | ||
5638 | { | ||
5639 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5 | ||
5640 | $as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; } | ||
5641 | saved_CFLAGS="$CFLAGS" | ||
5642 | CFLAGS="$CFLAGS $WERROR -Qunused-arguments" | ||
5643 | _define_flag="" | ||
5644 | test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments" | ||
5645 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5646 | /* end confdefs.h. */ | ||
5647 | |||
5648 | #include <stdlib.h> | ||
5649 | #include <stdio.h> | ||
5650 | int main(int argc, char **argv) { | ||
5651 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5652 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5653 | float l = i * 2.1; | ||
5654 | double m = l / 0.5; | ||
5655 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5656 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5657 | exit(0); | ||
5658 | } | ||
5659 | |||
5660 | _ACEOF | ||
5661 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5662 | |||
5663 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5664 | then | ||
5665 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5666 | $as_echo "no" >&6; } | ||
5667 | CFLAGS="$saved_CFLAGS" | ||
5668 | else | ||
5669 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5670 | $as_echo "yes" >&6; } | ||
5671 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5672 | fi | ||
5673 | else | ||
5674 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5675 | $as_echo "no" >&6; } | ||
5676 | CFLAGS="$saved_CFLAGS" | ||
5677 | |||
5678 | fi | ||
5679 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5680 | } | ||
5681 | { | ||
5682 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5 | ||
5683 | $as_echo_n "checking if $CC supports compile flag -Wall... " >&6; } | ||
5684 | saved_CFLAGS="$CFLAGS" | ||
5685 | CFLAGS="$CFLAGS $WERROR -Wall" | ||
5686 | _define_flag="" | ||
5687 | test "x$_define_flag" = "x" && _define_flag="-Wall" | ||
5688 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5689 | /* end confdefs.h. */ | ||
5690 | |||
5691 | #include <stdlib.h> | ||
5692 | #include <stdio.h> | ||
5693 | int main(int argc, char **argv) { | ||
5694 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5695 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5696 | float l = i * 2.1; | ||
5697 | double m = l / 0.5; | ||
5698 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5699 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5700 | exit(0); | ||
5701 | } | ||
5702 | |||
5703 | _ACEOF | ||
5704 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5705 | |||
5706 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5707 | then | ||
5708 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5709 | $as_echo "no" >&6; } | ||
5710 | CFLAGS="$saved_CFLAGS" | ||
5711 | else | ||
5712 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5713 | $as_echo "yes" >&6; } | ||
5714 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5715 | fi | ||
5716 | else | ||
5717 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5718 | $as_echo "no" >&6; } | ||
5719 | CFLAGS="$saved_CFLAGS" | ||
5720 | |||
5721 | fi | ||
5722 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5723 | } | ||
5724 | { | ||
5725 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wextra" >&5 | ||
5726 | $as_echo_n "checking if $CC supports compile flag -Wextra... " >&6; } | ||
5727 | saved_CFLAGS="$CFLAGS" | ||
5728 | CFLAGS="$CFLAGS $WERROR -Wextra" | ||
5729 | _define_flag="" | ||
5730 | test "x$_define_flag" = "x" && _define_flag="-Wextra" | ||
5731 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5732 | /* end confdefs.h. */ | ||
5733 | |||
5734 | #include <stdlib.h> | ||
5735 | #include <stdio.h> | ||
5736 | int main(int argc, char **argv) { | ||
5737 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5738 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5739 | float l = i * 2.1; | ||
5740 | double m = l / 0.5; | ||
5741 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5742 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5743 | exit(0); | ||
5744 | } | ||
5745 | |||
5746 | _ACEOF | ||
5747 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5748 | |||
5749 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5750 | then | ||
5751 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5752 | $as_echo "no" >&6; } | ||
5753 | CFLAGS="$saved_CFLAGS" | ||
5754 | else | ||
5755 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5756 | $as_echo "yes" >&6; } | ||
5757 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5758 | fi | ||
5759 | else | ||
5760 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5761 | $as_echo "no" >&6; } | ||
5762 | CFLAGS="$saved_CFLAGS" | ||
5763 | |||
5764 | fi | ||
5765 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5766 | } | ||
5767 | { | ||
5768 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5 | ||
5769 | $as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; } | ||
5770 | saved_CFLAGS="$CFLAGS" | ||
5771 | CFLAGS="$CFLAGS $WERROR -Wpointer-arith" | ||
5772 | _define_flag="" | ||
5773 | test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith" | ||
5774 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5775 | /* end confdefs.h. */ | ||
5776 | |||
5777 | #include <stdlib.h> | ||
5778 | #include <stdio.h> | ||
5779 | int main(int argc, char **argv) { | ||
5780 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5781 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5782 | float l = i * 2.1; | ||
5783 | double m = l / 0.5; | ||
5784 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5785 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5786 | exit(0); | ||
5787 | } | ||
5788 | |||
5789 | _ACEOF | ||
5790 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5791 | |||
5792 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5793 | then | ||
5794 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5795 | $as_echo "no" >&6; } | ||
5796 | CFLAGS="$saved_CFLAGS" | ||
5797 | else | ||
5798 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5799 | $as_echo "yes" >&6; } | ||
5800 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5801 | fi | ||
5802 | else | ||
5803 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5804 | $as_echo "no" >&6; } | ||
5805 | CFLAGS="$saved_CFLAGS" | ||
5806 | |||
5807 | fi | ||
5808 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5809 | } | ||
5810 | { | ||
5811 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5 | ||
5812 | $as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; } | ||
5813 | saved_CFLAGS="$CFLAGS" | ||
5814 | CFLAGS="$CFLAGS $WERROR -Wuninitialized" | ||
5815 | _define_flag="" | ||
5816 | test "x$_define_flag" = "x" && _define_flag="-Wuninitialized" | ||
5817 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5818 | /* end confdefs.h. */ | ||
5819 | |||
5820 | #include <stdlib.h> | ||
5821 | #include <stdio.h> | ||
5822 | int main(int argc, char **argv) { | ||
5823 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5824 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5825 | float l = i * 2.1; | ||
5826 | double m = l / 0.5; | ||
5827 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5828 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5829 | exit(0); | ||
5830 | } | ||
5831 | |||
5832 | _ACEOF | ||
5833 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5834 | |||
5835 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5836 | then | ||
5837 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5838 | $as_echo "no" >&6; } | ||
5839 | CFLAGS="$saved_CFLAGS" | ||
5840 | else | ||
5841 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5842 | $as_echo "yes" >&6; } | ||
5843 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5844 | fi | ||
5845 | else | ||
5846 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5847 | $as_echo "no" >&6; } | ||
5848 | CFLAGS="$saved_CFLAGS" | ||
5849 | |||
5850 | fi | ||
5851 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5852 | } | ||
5853 | { | ||
5854 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5 | ||
5855 | $as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; } | ||
5856 | saved_CFLAGS="$CFLAGS" | ||
5857 | CFLAGS="$CFLAGS $WERROR -Wsign-compare" | ||
5858 | _define_flag="" | ||
5859 | test "x$_define_flag" = "x" && _define_flag="-Wsign-compare" | ||
5860 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5861 | /* end confdefs.h. */ | ||
5862 | |||
5863 | #include <stdlib.h> | ||
5864 | #include <stdio.h> | ||
5865 | int main(int argc, char **argv) { | ||
5866 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5867 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5868 | float l = i * 2.1; | ||
5869 | double m = l / 0.5; | ||
5870 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5871 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5872 | exit(0); | ||
5873 | } | ||
5874 | |||
5875 | _ACEOF | ||
5876 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5877 | |||
5878 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5879 | then | ||
5880 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5881 | $as_echo "no" >&6; } | ||
5882 | CFLAGS="$saved_CFLAGS" | ||
5883 | else | ||
5884 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5885 | $as_echo "yes" >&6; } | ||
5886 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5887 | fi | ||
5888 | else | ||
5889 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5890 | $as_echo "no" >&6; } | ||
5891 | CFLAGS="$saved_CFLAGS" | ||
5892 | |||
5893 | fi | ||
5894 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5895 | } | ||
5896 | { | ||
5897 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5 | ||
5898 | $as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; } | ||
5899 | saved_CFLAGS="$CFLAGS" | ||
5900 | CFLAGS="$CFLAGS $WERROR -Wformat-security" | ||
5901 | _define_flag="" | ||
5902 | test "x$_define_flag" = "x" && _define_flag="-Wformat-security" | ||
5903 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5904 | /* end confdefs.h. */ | ||
5905 | |||
5906 | #include <stdlib.h> | ||
5907 | #include <stdio.h> | ||
5908 | int main(int argc, char **argv) { | ||
5909 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5910 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5911 | float l = i * 2.1; | ||
5912 | double m = l / 0.5; | ||
5913 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5914 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5915 | exit(0); | ||
5916 | } | ||
5917 | |||
5918 | _ACEOF | ||
5919 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5920 | |||
5921 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5922 | then | ||
5923 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5924 | $as_echo "no" >&6; } | ||
5925 | CFLAGS="$saved_CFLAGS" | ||
5926 | else | ||
5927 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5928 | $as_echo "yes" >&6; } | ||
5929 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5930 | fi | ||
5931 | else | ||
5932 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5933 | $as_echo "no" >&6; } | ||
5934 | CFLAGS="$saved_CFLAGS" | ||
5935 | |||
5936 | fi | ||
5937 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5938 | } | ||
5939 | { | ||
5940 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5 | ||
5941 | $as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; } | ||
5942 | saved_CFLAGS="$CFLAGS" | ||
5943 | CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess" | ||
5944 | _define_flag="" | ||
5945 | test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" | ||
5946 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5947 | /* end confdefs.h. */ | ||
5948 | |||
5949 | #include <stdlib.h> | ||
5950 | #include <stdio.h> | ||
5951 | int main(int argc, char **argv) { | ||
5952 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5953 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5954 | float l = i * 2.1; | ||
5955 | double m = l / 0.5; | ||
5956 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5957 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5958 | exit(0); | ||
5959 | } | ||
5960 | |||
5961 | _ACEOF | ||
5962 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5963 | |||
5964 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
5965 | then | ||
5966 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5967 | $as_echo "no" >&6; } | ||
5968 | CFLAGS="$saved_CFLAGS" | ||
5969 | else | ||
5970 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5971 | $as_echo "yes" >&6; } | ||
5972 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5973 | fi | ||
5974 | else | ||
5975 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5976 | $as_echo "no" >&6; } | ||
5977 | CFLAGS="$saved_CFLAGS" | ||
5978 | |||
5979 | fi | ||
5980 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5981 | } | ||
5982 | { | ||
5983 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5 | ||
5984 | $as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; } | ||
5985 | saved_CFLAGS="$CFLAGS" | ||
5986 | CFLAGS="$CFLAGS $WERROR -Wpointer-sign" | ||
5987 | _define_flag="-Wno-pointer-sign" | ||
5988 | test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign" | ||
5989 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5990 | /* end confdefs.h. */ | ||
5991 | |||
5992 | #include <stdlib.h> | ||
5993 | #include <stdio.h> | ||
5994 | int main(int argc, char **argv) { | ||
5995 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5996 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5997 | float l = i * 2.1; | ||
5998 | double m = l / 0.5; | ||
5999 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6000 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6001 | exit(0); | ||
6002 | } | ||
6003 | |||
6004 | _ACEOF | ||
6005 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6006 | |||
6007 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6008 | then | ||
6009 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6010 | $as_echo "no" >&6; } | ||
6011 | CFLAGS="$saved_CFLAGS" | ||
6012 | else | ||
6013 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6014 | $as_echo "yes" >&6; } | ||
6015 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6016 | fi | ||
6017 | else | ||
6018 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6019 | $as_echo "no" >&6; } | ||
6020 | CFLAGS="$saved_CFLAGS" | ||
6021 | |||
6022 | fi | ||
6023 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6024 | } | ||
6025 | { | ||
6026 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5 | ||
6027 | $as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; } | ||
6028 | saved_CFLAGS="$CFLAGS" | ||
6029 | CFLAGS="$CFLAGS $WERROR -Wunused-result" | ||
6030 | _define_flag="-Wno-unused-result" | ||
6031 | test "x$_define_flag" = "x" && _define_flag="-Wunused-result" | ||
6032 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6033 | /* end confdefs.h. */ | ||
6034 | |||
6035 | #include <stdlib.h> | ||
6036 | #include <stdio.h> | ||
6037 | int main(int argc, char **argv) { | ||
6038 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6039 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6040 | float l = i * 2.1; | ||
6041 | double m = l / 0.5; | ||
6042 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6043 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6044 | exit(0); | ||
6045 | } | ||
6046 | |||
6047 | _ACEOF | ||
6048 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6049 | |||
6050 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6051 | then | ||
6052 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6053 | $as_echo "no" >&6; } | ||
6054 | CFLAGS="$saved_CFLAGS" | ||
6055 | else | ||
6056 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6057 | $as_echo "yes" >&6; } | ||
6058 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6059 | fi | ||
6060 | else | ||
6061 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6062 | $as_echo "no" >&6; } | ||
6063 | CFLAGS="$saved_CFLAGS" | ||
6064 | |||
6065 | fi | ||
6066 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6067 | } | ||
6068 | { | ||
6069 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5 | ||
6070 | $as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; } | ||
6071 | saved_CFLAGS="$CFLAGS" | ||
6072 | CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing" | ||
6073 | _define_flag="" | ||
6074 | test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing" | ||
6075 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6076 | /* end confdefs.h. */ | ||
6077 | |||
6078 | #include <stdlib.h> | ||
6079 | #include <stdio.h> | ||
6080 | int main(int argc, char **argv) { | ||
6081 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6082 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6083 | float l = i * 2.1; | ||
6084 | double m = l / 0.5; | ||
6085 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6086 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6087 | exit(0); | ||
6088 | } | ||
6089 | |||
6090 | _ACEOF | ||
6091 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6092 | |||
6093 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6094 | then | ||
6095 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6096 | $as_echo "no" >&6; } | ||
6097 | CFLAGS="$saved_CFLAGS" | ||
6098 | else | ||
6099 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6100 | $as_echo "yes" >&6; } | ||
6101 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6102 | fi | ||
6103 | else | ||
6104 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6105 | $as_echo "no" >&6; } | ||
6106 | CFLAGS="$saved_CFLAGS" | ||
6107 | |||
6108 | fi | ||
6109 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6110 | } | ||
6111 | if test "x$use_toolchain_hardening" = "x1"; then | ||
6112 | { | ||
6113 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mretpoline" >&5 | ||
6114 | $as_echo_n "checking if $CC supports compile flag -mretpoline... " >&6; } | ||
6115 | saved_CFLAGS="$CFLAGS" | ||
6116 | CFLAGS="$CFLAGS $WERROR -mretpoline" | ||
6117 | _define_flag="" | ||
6118 | test "x$_define_flag" = "x" && _define_flag="-mretpoline" | ||
6119 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6120 | /* end confdefs.h. */ | ||
6121 | |||
6122 | #include <stdlib.h> | ||
6123 | #include <stdio.h> | ||
6124 | int main(int argc, char **argv) { | ||
6125 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6126 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6127 | float l = i * 2.1; | ||
6128 | double m = l / 0.5; | ||
6129 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6130 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6131 | exit(0); | ||
6132 | } | ||
6133 | |||
6134 | _ACEOF | ||
6135 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6136 | |||
6137 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6138 | then | ||
6139 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6140 | $as_echo "no" >&6; } | ||
6141 | CFLAGS="$saved_CFLAGS" | ||
6142 | else | ||
6143 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6144 | $as_echo "yes" >&6; } | ||
6145 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6146 | fi | ||
6147 | else | ||
6148 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6149 | $as_echo "no" >&6; } | ||
6150 | CFLAGS="$saved_CFLAGS" | ||
6151 | |||
6152 | fi | ||
6153 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6154 | } # clang | ||
6155 | { | ||
6156 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,retpolineplt" >&5 | ||
6157 | $as_echo_n "checking if $LD supports link flag -Wl,-z,retpolineplt... " >&6; } | ||
6158 | saved_LDFLAGS="$LDFLAGS" | ||
6159 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,retpolineplt" | ||
6160 | _define_flag="" | ||
6161 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,retpolineplt" | ||
6162 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6163 | /* end confdefs.h. */ | ||
6164 | |||
6165 | #include <stdlib.h> | ||
6166 | #include <stdio.h> | ||
6167 | int main(int argc, char **argv) { | ||
6168 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6169 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6170 | float l = i * 2.1; | ||
6171 | double m = l / 0.5; | ||
6172 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6173 | long long p = n * o; | ||
6174 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6175 | exit(0); | ||
6176 | } | ||
6177 | |||
6178 | _ACEOF | ||
6179 | if ac_fn_c_try_link "$LINENO"; then : | ||
6180 | |||
6181 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6182 | then | ||
6183 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6184 | $as_echo "no" >&6; } | ||
6185 | LDFLAGS="$saved_LDFLAGS" | ||
6186 | else | ||
6187 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6188 | $as_echo "yes" >&6; } | ||
6189 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6190 | fi | ||
6191 | else | ||
6192 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6193 | $as_echo "no" >&6; } | ||
6194 | LDFLAGS="$saved_LDFLAGS" | ||
6195 | |||
6196 | fi | ||
6197 | rm -f core conftest.err conftest.$ac_objext \ | ||
6198 | conftest$ac_exeext conftest.$ac_ext | ||
6199 | } | ||
6200 | { | ||
6201 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 | ||
6202 | $as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } | ||
6203 | saved_CFLAGS="$CFLAGS" | ||
6204 | CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" | ||
6205 | _define_flag="" | ||
6206 | test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" | ||
6207 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6208 | /* end confdefs.h. */ | ||
6209 | |||
6210 | #include <stdlib.h> | ||
6211 | #include <stdio.h> | ||
6212 | int main(int argc, char **argv) { | ||
6213 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6214 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6215 | float l = i * 2.1; | ||
6216 | double m = l / 0.5; | ||
6217 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6218 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6219 | exit(0); | ||
6220 | } | ||
6221 | |||
6222 | _ACEOF | ||
6223 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6224 | |||
6225 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6226 | then | ||
6227 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6228 | $as_echo "no" >&6; } | ||
6229 | CFLAGS="$saved_CFLAGS" | ||
6230 | else | ||
6231 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6232 | $as_echo "yes" >&6; } | ||
6233 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6234 | fi | ||
6235 | else | ||
6236 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6237 | $as_echo "no" >&6; } | ||
6238 | CFLAGS="$saved_CFLAGS" | ||
6239 | |||
6240 | fi | ||
6241 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6242 | } | ||
6243 | { | ||
6244 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5 | ||
6245 | $as_echo_n "checking if $LD supports link flag -Wl,-z,relro... " >&6; } | ||
6246 | saved_LDFLAGS="$LDFLAGS" | ||
6247 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" | ||
6248 | _define_flag="" | ||
6249 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" | ||
6250 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6251 | /* end confdefs.h. */ | ||
6252 | |||
6253 | #include <stdlib.h> | ||
6254 | #include <stdio.h> | ||
6255 | int main(int argc, char **argv) { | ||
6256 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6257 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6258 | float l = i * 2.1; | ||
6259 | double m = l / 0.5; | ||
6260 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6261 | long long p = n * o; | ||
6262 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6263 | exit(0); | ||
6264 | } | ||
6265 | |||
6266 | _ACEOF | ||
6267 | if ac_fn_c_try_link "$LINENO"; then : | ||
6268 | |||
6269 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6270 | then | ||
6271 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6272 | $as_echo "no" >&6; } | ||
6273 | LDFLAGS="$saved_LDFLAGS" | ||
6274 | else | ||
6275 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6276 | $as_echo "yes" >&6; } | ||
6277 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6278 | fi | ||
6279 | else | ||
6280 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6281 | $as_echo "no" >&6; } | ||
6282 | LDFLAGS="$saved_LDFLAGS" | ||
6283 | |||
6284 | fi | ||
6285 | rm -f core conftest.err conftest.$ac_objext \ | ||
6286 | conftest$ac_exeext conftest.$ac_ext | ||
6287 | } | ||
6288 | { | ||
6289 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5 | ||
6290 | $as_echo_n "checking if $LD supports link flag -Wl,-z,now... " >&6; } | ||
6291 | saved_LDFLAGS="$LDFLAGS" | ||
6292 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" | ||
6293 | _define_flag="" | ||
6294 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" | ||
6295 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6296 | /* end confdefs.h. */ | ||
6297 | |||
6298 | #include <stdlib.h> | ||
6299 | #include <stdio.h> | ||
6300 | int main(int argc, char **argv) { | ||
6301 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6302 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6303 | float l = i * 2.1; | ||
6304 | double m = l / 0.5; | ||
6305 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6306 | long long p = n * o; | ||
6307 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6308 | exit(0); | ||
6309 | } | ||
6310 | |||
6311 | _ACEOF | ||
6312 | if ac_fn_c_try_link "$LINENO"; then : | ||
6313 | |||
6314 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6315 | then | ||
6316 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6317 | $as_echo "no" >&6; } | ||
6318 | LDFLAGS="$saved_LDFLAGS" | ||
6319 | else | ||
6320 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6321 | $as_echo "yes" >&6; } | ||
6322 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6323 | fi | ||
6324 | else | ||
6325 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6326 | $as_echo "no" >&6; } | ||
6327 | LDFLAGS="$saved_LDFLAGS" | ||
6328 | |||
6329 | fi | ||
6330 | rm -f core conftest.err conftest.$ac_objext \ | ||
6331 | conftest$ac_exeext conftest.$ac_ext | ||
6332 | } | ||
6333 | { | ||
6334 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 | ||
6335 | $as_echo_n "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; } | ||
6336 | saved_LDFLAGS="$LDFLAGS" | ||
6337 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" | ||
6338 | _define_flag="" | ||
6339 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" | ||
6340 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6341 | /* end confdefs.h. */ | ||
6342 | |||
6343 | #include <stdlib.h> | ||
6344 | #include <stdio.h> | ||
6345 | int main(int argc, char **argv) { | ||
6346 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6347 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6348 | float l = i * 2.1; | ||
6349 | double m = l / 0.5; | ||
6350 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6351 | long long p = n * o; | ||
6352 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6353 | exit(0); | ||
6354 | } | ||
6355 | |||
6356 | _ACEOF | ||
6357 | if ac_fn_c_try_link "$LINENO"; then : | ||
6358 | |||
6359 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6360 | then | ||
6361 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6362 | $as_echo "no" >&6; } | ||
6363 | LDFLAGS="$saved_LDFLAGS" | ||
6364 | else | ||
6365 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6366 | $as_echo "yes" >&6; } | ||
6367 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6368 | fi | ||
6369 | else | ||
6370 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6371 | $as_echo "no" >&6; } | ||
6372 | LDFLAGS="$saved_LDFLAGS" | ||
6373 | |||
6374 | fi | ||
6375 | rm -f core conftest.err conftest.$ac_objext \ | ||
6376 | conftest$ac_exeext conftest.$ac_ext | ||
6377 | } | ||
6378 | # NB. -ftrapv expects certain support functions to be present in | ||
6379 | # the compiler library (libgcc or similar) to detect integer operations | ||
6380 | # that can overflow. We must check that the result of enabling it | ||
6381 | # actually links. The test program compiled/linked includes a number | ||
6382 | # of integer operations that should exercise this. | ||
6383 | { | ||
6384 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 | ||
6385 | $as_echo_n "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; } | ||
6386 | saved_CFLAGS="$CFLAGS" | ||
6387 | CFLAGS="$CFLAGS $WERROR -ftrapv" | ||
6388 | _define_flag="" | ||
6389 | test "x$_define_flag" = "x" && _define_flag="-ftrapv" | ||
6390 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6391 | /* end confdefs.h. */ | ||
6392 | |||
6393 | #include <stdlib.h> | ||
6394 | #include <stdio.h> | ||
6395 | int main(int argc, char **argv) { | ||
6396 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6397 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6398 | float l = i * 2.1; | ||
6399 | double m = l / 0.5; | ||
6400 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6401 | long long int p = n * o; | ||
6402 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6403 | exit(0); | ||
6404 | } | ||
6405 | |||
6406 | _ACEOF | ||
6407 | if ac_fn_c_try_link "$LINENO"; then : | ||
6408 | |||
6409 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
6410 | then | ||
6411 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6412 | $as_echo "no" >&6; } | ||
6413 | CFLAGS="$saved_CFLAGS" | ||
6414 | else | ||
6415 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6416 | $as_echo "yes" >&6; } | ||
6417 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6418 | fi | ||
6419 | else | ||
6420 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6421 | $as_echo "no" >&6; } | ||
6422 | CFLAGS="$saved_CFLAGS" | ||
6423 | |||
6424 | fi | ||
6425 | rm -f core conftest.err conftest.$ac_objext \ | ||
6426 | conftest$ac_exeext conftest.$ac_ext | ||
6427 | } | ||
6428 | fi | ||
6429 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 | ||
6430 | $as_echo_n "checking gcc version... " >&6; } | ||
6431 | GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` | ||
6432 | case $GCC_VER in | ||
6433 | 1.*) no_attrib_nonnull=1 ;; | ||
6434 | 2.8* | 2.9*) | ||
6435 | no_attrib_nonnull=1 | ||
6436 | ;; | ||
6437 | 2.*) no_attrib_nonnull=1 ;; | ||
6438 | *) ;; | ||
6439 | esac | ||
6440 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 | ||
6441 | $as_echo "$GCC_VER" >&6; } | ||
6442 | |||
6443 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5 | ||
6444 | $as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; } | ||
6445 | saved_CFLAGS="$CFLAGS" | ||
6446 | CFLAGS="$CFLAGS -fno-builtin-memset" | ||
6447 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6448 | /* end confdefs.h. */ | ||
6449 | #include <string.h> | ||
6450 | int | ||
6451 | main () | ||
6452 | { | ||
6453 | char b[10]; memset(b, 0, sizeof(b)); | ||
6454 | ; | ||
6455 | return 0; | ||
6456 | } | ||
6457 | _ACEOF | ||
6458 | if ac_fn_c_try_link "$LINENO"; then : | ||
6459 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6460 | $as_echo "yes" >&6; } | ||
6461 | else | ||
6462 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6463 | $as_echo "no" >&6; } | ||
6464 | CFLAGS="$saved_CFLAGS" | ||
6465 | |||
6466 | fi | ||
6467 | rm -f core conftest.err conftest.$ac_objext \ | ||
6468 | conftest$ac_exeext conftest.$ac_ext | ||
6469 | |||
6470 | # -fstack-protector-all doesn't always work for some GCC versions | ||
6471 | # and/or platforms, so we test if we can. If it's not supported | ||
6472 | # on a given platform gcc will emit a warning so we use -Werror. | ||
6473 | if test "x$use_stack_protector" = "x1"; then | ||
6474 | for t in -fstack-protector-strong -fstack-protector-all \ | ||
6475 | -fstack-protector; do | ||
6476 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5 | ||
6477 | $as_echo_n "checking if $CC supports $t... " >&6; } | ||
6478 | saved_CFLAGS="$CFLAGS" | ||
6479 | saved_LDFLAGS="$LDFLAGS" | ||
6480 | CFLAGS="$CFLAGS $t -Werror" | ||
6481 | LDFLAGS="$LDFLAGS $t -Werror" | ||
6482 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6483 | /* end confdefs.h. */ | ||
6484 | #include <stdio.h> | ||
6485 | int | ||
6486 | main () | ||
6487 | { | ||
6488 | |||
6489 | char x[256]; | ||
6490 | snprintf(x, sizeof(x), "XXX"); | ||
6491 | |||
6492 | ; | ||
6493 | return 0; | ||
6494 | } | ||
6495 | _ACEOF | ||
6496 | if ac_fn_c_try_link "$LINENO"; then : | ||
6497 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6498 | $as_echo "yes" >&6; } | ||
6499 | CFLAGS="$saved_CFLAGS $t" | ||
6500 | LDFLAGS="$saved_LDFLAGS $t" | ||
6501 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5 | ||
6502 | $as_echo_n "checking if $t works... " >&6; } | ||
6503 | if test "$cross_compiling" = yes; then : | ||
6504 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5 | ||
6505 | $as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;} | ||
6506 | break | ||
6507 | |||
6508 | else | ||
6509 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6510 | /* end confdefs.h. */ | ||
6511 | #include <stdio.h> | ||
6512 | int | ||
6513 | main () | ||
6514 | { | ||
6515 | |||
6516 | char x[256]; | ||
6517 | snprintf(x, sizeof(x), "XXX"); | ||
6518 | |||
6519 | ; | ||
6520 | return 0; | ||
6521 | } | ||
6522 | _ACEOF | ||
6523 | if ac_fn_c_try_run "$LINENO"; then : | ||
6524 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6525 | $as_echo "yes" >&6; } | ||
6526 | break | ||
6527 | else | ||
6528 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6529 | $as_echo "no" >&6; } | ||
6530 | fi | ||
6531 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
6532 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
6533 | fi | ||
6534 | |||
6535 | |||
6536 | else | ||
6537 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6538 | $as_echo "no" >&6; } | ||
6539 | |||
6540 | fi | ||
6541 | rm -f core conftest.err conftest.$ac_objext \ | ||
6542 | conftest$ac_exeext conftest.$ac_ext | ||
6543 | CFLAGS="$saved_CFLAGS" | ||
6544 | LDFLAGS="$saved_LDFLAGS" | ||
6545 | done | ||
6546 | fi | ||
6547 | |||
6548 | if test -z "$have_llong_max"; then | ||
6549 | # retry LLONG_MAX with -std=gnu99, needed on some Linuxes | ||
6550 | unset ac_cv_have_decl_LLONG_MAX | ||
6551 | saved_CFLAGS="$CFLAGS" | ||
6552 | CFLAGS="$CFLAGS -std=gnu99" | ||
6553 | ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h> | ||
6554 | |||
6555 | " | ||
6556 | if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : | ||
6557 | have_llong_max=1 | ||
6558 | else | ||
6559 | CFLAGS="$saved_CFLAGS" | ||
6560 | fi | ||
6561 | |||
6562 | fi | ||
6563 | fi | ||
6564 | |||
6565 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5 | ||
6566 | $as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; } | ||
6567 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6568 | /* end confdefs.h. */ | ||
6569 | |||
6570 | #include <stdlib.h> | ||
6571 | __attribute__((__unused__)) static void foo(void){return;} | ||
6572 | int | ||
6573 | main () | ||
6574 | { | ||
6575 | exit(0); | ||
6576 | ; | ||
6577 | return 0; | ||
6578 | } | ||
6579 | _ACEOF | ||
6580 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6581 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6582 | $as_echo "yes" >&6; } | ||
6583 | else | ||
6584 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6585 | $as_echo "no" >&6; } | ||
6586 | |||
6587 | $as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h | ||
6588 | |||
6589 | |||
6590 | fi | ||
6591 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6592 | |||
6593 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ prototype args" >&5 | ||
6594 | $as_echo_n "checking if compiler allows __attribute__ prototype args... " >&6; } | ||
6595 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6596 | /* end confdefs.h. */ | ||
6597 | |||
6598 | #include <stdlib.h> | ||
6599 | typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2))); | ||
6600 | int | ||
6601 | main () | ||
6602 | { | ||
6603 | exit(0); | ||
6604 | ; | ||
6605 | return 0; | ||
6606 | } | ||
6607 | _ACEOF | ||
6608 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6609 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6610 | $as_echo "yes" >&6; } | ||
6611 | else | ||
6612 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6613 | $as_echo "no" >&6; } | ||
6614 | |||
6615 | $as_echo "#define NO_ATTRIBUTE_ON_PROTOTYPE_ARGS 1" >>confdefs.h | ||
6616 | |||
6617 | |||
6618 | fi | ||
6619 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6620 | |||
6621 | if test "x$no_attrib_nonnull" != "x1" ; then | ||
6622 | |||
6623 | $as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h | ||
6624 | |||
6625 | fi | ||
6626 | |||
6627 | |||
6628 | # Check whether --with-rpath was given. | ||
6629 | if test "${with_rpath+set}" = set; then : | ||
6630 | withval=$with_rpath; | ||
6631 | if test "x$withval" = "xno" ; then | ||
6632 | rpath_opt="" | ||
6633 | elif test "x$withval" = "xyes" ; then | ||
6634 | rpath_opt="-R" | ||
6635 | else | ||
6636 | rpath_opt="$withval" | ||
6637 | fi | ||
6638 | |||
6639 | |||
6640 | fi | ||
6641 | |||
6642 | |||
6643 | # Allow user to specify flags | ||
6644 | |||
6645 | # Check whether --with-cflags was given. | ||
6646 | if test "${with_cflags+set}" = set; then : | ||
6647 | withval=$with_cflags; | ||
6648 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6649 | test "x${withval}" != "xyes"; then | ||
6650 | CFLAGS="$CFLAGS $withval" | ||
6651 | fi | ||
6652 | |||
6653 | |||
6654 | fi | ||
6655 | |||
6656 | |||
6657 | |||
6658 | # Check whether --with-cflags-after was given. | ||
6659 | if test "${with_cflags_after+set}" = set; then : | ||
6660 | withval=$with_cflags_after; | ||
6661 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6662 | test "x${withval}" != "xyes"; then | ||
6663 | CFLAGS_AFTER="$withval" | ||
6664 | fi | ||
6665 | |||
6666 | |||
6667 | fi | ||
6668 | |||
6669 | |||
6670 | # Check whether --with-cppflags was given. | ||
6671 | if test "${with_cppflags+set}" = set; then : | ||
6672 | withval=$with_cppflags; | ||
6673 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6674 | test "x${withval}" != "xyes"; then | ||
6675 | CPPFLAGS="$CPPFLAGS $withval" | ||
6676 | fi | ||
6677 | |||
6678 | |||
6679 | fi | ||
6680 | |||
6681 | |||
6682 | # Check whether --with-ldflags was given. | ||
6683 | if test "${with_ldflags+set}" = set; then : | ||
6684 | withval=$with_ldflags; | ||
6685 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6686 | test "x${withval}" != "xyes"; then | ||
6687 | LDFLAGS="$LDFLAGS $withval" | ||
6688 | fi | ||
6689 | |||
6690 | |||
6691 | fi | ||
6692 | |||
6693 | |||
6694 | # Check whether --with-ldflags-after was given. | ||
6695 | if test "${with_ldflags_after+set}" = set; then : | ||
6696 | withval=$with_ldflags_after; | ||
6697 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6698 | test "x${withval}" != "xyes"; then | ||
6699 | LDFLAGS_AFTER="$withval" | ||
6700 | fi | ||
6701 | |||
6702 | |||
6703 | fi | ||
6704 | |||
6705 | |||
6706 | # Check whether --with-libs was given. | ||
6707 | if test "${with_libs+set}" = set; then : | ||
6708 | withval=$with_libs; | ||
6709 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6710 | test "x${withval}" != "xyes"; then | ||
6711 | LIBS="$LIBS $withval" | ||
6712 | fi | ||
6713 | |||
6714 | |||
6715 | fi | ||
6716 | |||
6717 | |||
6718 | # Check whether --with-Werror was given. | ||
6719 | if test "${with_Werror+set}" = set; then : | ||
6720 | withval=$with_Werror; | ||
6721 | if test -n "$withval" && test "x$withval" != "xno"; then | ||
6722 | werror_flags="-Werror" | ||
6723 | if test "x${withval}" != "xyes"; then | ||
6724 | werror_flags="$withval" | ||
6725 | fi | ||
6726 | fi | ||
6727 | |||
6728 | |||
6729 | fi | ||
6730 | |||
6731 | |||
6732 | for ac_header in \ | ||
6733 | blf.h \ | ||
6734 | bstring.h \ | ||
6735 | crypt.h \ | ||
6736 | crypto/sha2.h \ | ||
6737 | dirent.h \ | ||
6738 | endian.h \ | ||
6739 | elf.h \ | ||
6740 | err.h \ | ||
6741 | features.h \ | ||
6742 | fcntl.h \ | ||
6743 | floatingpoint.h \ | ||
6744 | getopt.h \ | ||
6745 | glob.h \ | ||
6746 | ia.h \ | ||
6747 | iaf.h \ | ||
6748 | ifaddrs.h \ | ||
6749 | inttypes.h \ | ||
6750 | langinfo.h \ | ||
6751 | limits.h \ | ||
6752 | locale.h \ | ||
6753 | login.h \ | ||
6754 | maillock.h \ | ||
6755 | ndir.h \ | ||
6756 | net/if_tun.h \ | ||
6757 | netdb.h \ | ||
6758 | netgroup.h \ | ||
6759 | pam/pam_appl.h \ | ||
6760 | paths.h \ | ||
6761 | poll.h \ | ||
6762 | pty.h \ | ||
6763 | readpassphrase.h \ | ||
6764 | rpc/types.h \ | ||
6765 | security/pam_appl.h \ | ||
6766 | sha2.h \ | ||
6767 | shadow.h \ | ||
6768 | stddef.h \ | ||
6769 | stdint.h \ | ||
6770 | string.h \ | ||
6771 | strings.h \ | ||
6772 | sys/bitypes.h \ | ||
6773 | sys/bsdtty.h \ | ||
6774 | sys/cdefs.h \ | ||
6775 | sys/dir.h \ | ||
6776 | sys/file.h \ | ||
6777 | sys/mman.h \ | ||
6778 | sys/label.h \ | ||
6779 | sys/ndir.h \ | ||
6780 | sys/poll.h \ | ||
6781 | sys/prctl.h \ | ||
6782 | sys/pstat.h \ | ||
6783 | sys/ptrace.h \ | ||
6784 | sys/random.h \ | ||
6785 | sys/select.h \ | ||
6786 | sys/stat.h \ | ||
6787 | sys/stream.h \ | ||
6788 | sys/stropts.h \ | ||
6789 | sys/strtio.h \ | ||
6790 | sys/statvfs.h \ | ||
6791 | sys/sysmacros.h \ | ||
6792 | sys/time.h \ | ||
6793 | sys/timers.h \ | ||
6794 | sys/vfs.h \ | ||
6795 | time.h \ | ||
6796 | tmpdir.h \ | ||
6797 | ttyent.h \ | ||
6798 | ucred.h \ | ||
6799 | unistd.h \ | ||
6800 | usersec.h \ | ||
6801 | util.h \ | ||
6802 | utime.h \ | ||
6803 | utmp.h \ | ||
6804 | utmpx.h \ | ||
6805 | vis.h \ | ||
6806 | wchar.h \ | ||
6807 | |||
6808 | do : | ||
6809 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
6810 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
6811 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
6812 | cat >>confdefs.h <<_ACEOF | ||
6813 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
6814 | _ACEOF | ||
6815 | |||
6816 | fi | ||
6817 | |||
6818 | done | ||
6819 | |||
6820 | |||
6821 | # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] | ||
6822 | # to be included first. | ||
6823 | for ac_header in sys/audit.h | ||
6824 | do : | ||
6825 | ac_fn_c_check_header_compile "$LINENO" "sys/audit.h" "ac_cv_header_sys_audit_h" " | ||
6826 | #ifdef HAVE_SYS_TIME_H | ||
6827 | # include <sys/time.h> | ||
6828 | #endif | ||
6829 | #ifdef HAVE_SYS_TYPES_H | ||
6830 | # include <sys/types.h> | ||
6831 | #endif | ||
6832 | #ifdef HAVE_SYS_LABEL_H | ||
6833 | # include <sys/label.h> | ||
6834 | #endif | ||
6835 | |||
6836 | " | ||
6837 | if test "x$ac_cv_header_sys_audit_h" = xyes; then : | ||
6838 | cat >>confdefs.h <<_ACEOF | ||
6839 | #define HAVE_SYS_AUDIT_H 1 | ||
6840 | _ACEOF | ||
6841 | |||
6842 | fi | ||
6843 | |||
6844 | done | ||
6845 | |||
6846 | |||
6847 | # sys/capsicum.h requires sys/types.h | ||
6848 | for ac_header in sys/capsicum.h | ||
6849 | do : | ||
6850 | ac_fn_c_check_header_compile "$LINENO" "sys/capsicum.h" "ac_cv_header_sys_capsicum_h" " | ||
6851 | #ifdef HAVE_SYS_TYPES_H | ||
6852 | # include <sys/types.h> | ||
6853 | #endif | ||
6854 | |||
6855 | " | ||
6856 | if test "x$ac_cv_header_sys_capsicum_h" = xyes; then : | ||
6857 | cat >>confdefs.h <<_ACEOF | ||
6858 | #define HAVE_SYS_CAPSICUM_H 1 | ||
6859 | _ACEOF | ||
6860 | |||
6861 | fi | ||
6862 | |||
6863 | done | ||
6864 | |||
6865 | |||
6866 | # net/route.h requires sys/socket.h and sys/types.h. | ||
6867 | # sys/sysctl.h also requires sys/param.h | ||
6868 | for ac_header in net/route.h sys/sysctl.h | ||
6869 | do : | ||
6870 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
6871 | ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " | ||
6872 | #ifdef HAVE_SYS_TYPES_H | ||
6873 | # include <sys/types.h> | ||
6874 | #endif | ||
6875 | #include <sys/param.h> | ||
6876 | #include <sys/socket.h> | ||
6877 | |||
6878 | " | ||
6879 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
6880 | cat >>confdefs.h <<_ACEOF | ||
6881 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
6882 | _ACEOF | ||
6883 | |||
6884 | fi | ||
6885 | |||
6886 | done | ||
6887 | |||
6888 | |||
6889 | # lastlog.h requires sys/time.h to be included first on Solaris | ||
6890 | for ac_header in lastlog.h | ||
6891 | do : | ||
6892 | ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" " | ||
6893 | #ifdef HAVE_SYS_TIME_H | ||
6894 | # include <sys/time.h> | ||
6895 | #endif | ||
6896 | |||
6897 | " | ||
6898 | if test "x$ac_cv_header_lastlog_h" = xyes; then : | ||
6899 | cat >>confdefs.h <<_ACEOF | ||
6900 | #define HAVE_LASTLOG_H 1 | ||
6901 | _ACEOF | ||
6902 | |||
6903 | fi | ||
6904 | |||
6905 | done | ||
6906 | |||
6907 | |||
6908 | # sys/ptms.h requires sys/stream.h to be included first on Solaris | ||
6909 | for ac_header in sys/ptms.h | ||
6910 | do : | ||
6911 | ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" " | ||
6912 | #ifdef HAVE_SYS_STREAM_H | ||
6913 | # include <sys/stream.h> | ||
6914 | #endif | ||
6915 | |||
6916 | " | ||
6917 | if test "x$ac_cv_header_sys_ptms_h" = xyes; then : | ||
6918 | cat >>confdefs.h <<_ACEOF | ||
6919 | #define HAVE_SYS_PTMS_H 1 | ||
6920 | _ACEOF | ||
6921 | |||
6922 | fi | ||
6923 | |||
6924 | done | ||
6925 | |||
6926 | |||
6927 | # login_cap.h requires sys/types.h on NetBSD | ||
6928 | for ac_header in login_cap.h | ||
6929 | do : | ||
6930 | ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" " | ||
6931 | #include <sys/types.h> | ||
6932 | |||
6933 | " | ||
6934 | if test "x$ac_cv_header_login_cap_h" = xyes; then : | ||
6935 | cat >>confdefs.h <<_ACEOF | ||
6936 | #define HAVE_LOGIN_CAP_H 1 | ||
6937 | _ACEOF | ||
6938 | |||
6939 | fi | ||
6940 | |||
6941 | done | ||
6942 | |||
6943 | |||
6944 | # older BSDs need sys/param.h before sys/mount.h | ||
6945 | for ac_header in sys/mount.h | ||
6946 | do : | ||
6947 | ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" " | ||
6948 | #include <sys/param.h> | ||
6949 | |||
6950 | " | ||
6951 | if test "x$ac_cv_header_sys_mount_h" = xyes; then : | ||
6952 | cat >>confdefs.h <<_ACEOF | ||
6953 | #define HAVE_SYS_MOUNT_H 1 | ||
6954 | _ACEOF | ||
6955 | |||
6956 | fi | ||
6957 | |||
6958 | done | ||
6959 | |||
6960 | |||
6961 | # Android requires sys/socket.h to be included before sys/un.h | ||
6962 | for ac_header in sys/un.h | ||
6963 | do : | ||
6964 | ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" " | ||
6965 | #include <sys/types.h> | ||
6966 | #include <sys/socket.h> | ||
6967 | |||
6968 | " | ||
6969 | if test "x$ac_cv_header_sys_un_h" = xyes; then : | ||
6970 | cat >>confdefs.h <<_ACEOF | ||
6971 | #define HAVE_SYS_UN_H 1 | ||
6972 | _ACEOF | ||
6973 | |||
6974 | fi | ||
6975 | |||
6976 | done | ||
6977 | |||
6978 | |||
6979 | # Messages for features tested for in target-specific section | ||
6980 | SIA_MSG="no" | ||
6981 | SPC_MSG="no" | ||
6982 | SP_MSG="no" | ||
6983 | SPP_MSG="no" | ||
6984 | |||
6985 | # Support for Solaris/Illumos privileges (this test is used by both | ||
6986 | # the --with-solaris-privs option and --with-sandbox=solaris). | ||
6987 | SOLARIS_PRIVS="no" | ||
6988 | |||
6989 | # Check for some target-specific stuff | ||
6990 | case "$host" in | ||
6991 | *-*-aix*) | ||
6992 | # Some versions of VAC won't allow macro redefinitions at | ||
6993 | # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that | ||
6994 | # particularly with older versions of vac or xlc. | ||
6995 | # It also throws errors about null macro arguments, but these are | ||
6996 | # not fatal. | ||
6997 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5 | ||
6998 | $as_echo_n "checking if compiler allows macro redefinitions... " >&6; } | ||
6999 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7000 | /* end confdefs.h. */ | ||
7001 | |||
7002 | #define testmacro foo | ||
7003 | #define testmacro bar | ||
7004 | int | ||
7005 | main () | ||
7006 | { | ||
7007 | exit(0); | ||
7008 | ; | ||
7009 | return 0; | ||
7010 | } | ||
7011 | _ACEOF | ||
7012 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7013 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
7014 | $as_echo "yes" >&6; } | ||
7015 | else | ||
7016 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7017 | $as_echo "no" >&6; } | ||
7018 | CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" | ||
7019 | CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" | ||
7020 | CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" | ||
7021 | |||
7022 | |||
7023 | fi | ||
7024 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7025 | |||
7026 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5 | ||
7027 | $as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; } | ||
7028 | if (test -z "$blibpath"); then | ||
7029 | blibpath="/usr/lib:/lib" | ||
7030 | fi | ||
7031 | saved_LDFLAGS="$LDFLAGS" | ||
7032 | if test "$GCC" = "yes"; then | ||
7033 | flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" | ||
7034 | else | ||
7035 | flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," | ||
7036 | fi | ||
7037 | for tryflags in $flags ;do | ||
7038 | if (test -z "$blibflags"); then | ||
7039 | LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" | ||
7040 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7041 | /* end confdefs.h. */ | ||
7042 | |||
7043 | int | ||
7044 | main () | ||
7045 | { | ||
7046 | |||
7047 | ; | ||
7048 | return 0; | ||
7049 | } | ||
7050 | _ACEOF | ||
7051 | if ac_fn_c_try_link "$LINENO"; then : | ||
7052 | blibflags=$tryflags | ||
7053 | fi | ||
7054 | rm -f core conftest.err conftest.$ac_objext \ | ||
7055 | conftest$ac_exeext conftest.$ac_ext | ||
7056 | fi | ||
7057 | done | ||
7058 | if (test -z "$blibflags"); then | ||
7059 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
7060 | $as_echo "not found" >&6; } | ||
7061 | as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5 | ||
7062 | else | ||
7063 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5 | ||
7064 | $as_echo "$blibflags" >&6; } | ||
7065 | fi | ||
7066 | LDFLAGS="$saved_LDFLAGS" | ||
7067 | ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" | ||
7068 | if test "x$ac_cv_func_authenticate" = xyes; then : | ||
7069 | |||
7070 | $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h | ||
7071 | |||
7072 | else | ||
7073 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5 | ||
7074 | $as_echo_n "checking for authenticate in -ls... " >&6; } | ||
7075 | if ${ac_cv_lib_s_authenticate+:} false; then : | ||
7076 | $as_echo_n "(cached) " >&6 | ||
7077 | else | ||
7078 | ac_check_lib_save_LIBS=$LIBS | ||
7079 | LIBS="-ls $LIBS" | ||
7080 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7081 | /* end confdefs.h. */ | ||
7082 | |||
7083 | /* Override any GCC internal prototype to avoid an error. | ||
7084 | Use char because int might match the return type of a GCC | ||
7085 | builtin and then its argument prototype would still apply. */ | ||
7086 | #ifdef __cplusplus | ||
7087 | extern "C" | ||
7088 | #endif | ||
7089 | char authenticate (); | ||
7090 | int | ||
7091 | main () | ||
7092 | { | ||
7093 | return authenticate (); | ||
7094 | ; | ||
7095 | return 0; | ||
7096 | } | ||
7097 | _ACEOF | ||
7098 | if ac_fn_c_try_link "$LINENO"; then : | ||
7099 | ac_cv_lib_s_authenticate=yes | ||
7100 | else | ||
7101 | ac_cv_lib_s_authenticate=no | ||
7102 | fi | ||
7103 | rm -f core conftest.err conftest.$ac_objext \ | ||
7104 | conftest$ac_exeext conftest.$ac_ext | ||
7105 | LIBS=$ac_check_lib_save_LIBS | ||
7106 | fi | ||
7107 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5 | ||
7108 | $as_echo "$ac_cv_lib_s_authenticate" >&6; } | ||
7109 | if test "x$ac_cv_lib_s_authenticate" = xyes; then : | ||
7110 | $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h | ||
7111 | |||
7112 | LIBS="$LIBS -ls" | ||
7113 | |||
7114 | fi | ||
7115 | |||
7116 | |||
7117 | fi | ||
7118 | |||
7119 | ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h> | ||
7120 | " | ||
7121 | if test "x$ac_cv_have_decl_authenticate" = xyes; then : | ||
7122 | ac_have_decl=1 | ||
7123 | else | ||
7124 | ac_have_decl=0 | ||
7125 | fi | ||
7126 | |||
7127 | cat >>confdefs.h <<_ACEOF | ||
7128 | #define HAVE_DECL_AUTHENTICATE $ac_have_decl | ||
7129 | _ACEOF | ||
7130 | ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h> | ||
7131 | " | ||
7132 | if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then : | ||
7133 | ac_have_decl=1 | ||
7134 | else | ||
7135 | ac_have_decl=0 | ||
7136 | fi | ||
7137 | |||
7138 | cat >>confdefs.h <<_ACEOF | ||
7139 | #define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl | ||
7140 | _ACEOF | ||
7141 | ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h> | ||
7142 | " | ||
7143 | if test "x$ac_cv_have_decl_loginsuccess" = xyes; then : | ||
7144 | ac_have_decl=1 | ||
7145 | else | ||
7146 | ac_have_decl=0 | ||
7147 | fi | ||
7148 | |||
7149 | cat >>confdefs.h <<_ACEOF | ||
7150 | #define HAVE_DECL_LOGINSUCCESS $ac_have_decl | ||
7151 | _ACEOF | ||
7152 | ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h> | ||
7153 | " | ||
7154 | if test "x$ac_cv_have_decl_passwdexpired" = xyes; then : | ||
7155 | ac_have_decl=1 | ||
7156 | else | ||
7157 | ac_have_decl=0 | ||
7158 | fi | ||
7159 | |||
7160 | cat >>confdefs.h <<_ACEOF | ||
7161 | #define HAVE_DECL_PASSWDEXPIRED $ac_have_decl | ||
7162 | _ACEOF | ||
7163 | ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h> | ||
7164 | " | ||
7165 | if test "x$ac_cv_have_decl_setauthdb" = xyes; then : | ||
7166 | ac_have_decl=1 | ||
7167 | else | ||
7168 | ac_have_decl=0 | ||
7169 | fi | ||
7170 | |||
7171 | cat >>confdefs.h <<_ACEOF | ||
7172 | #define HAVE_DECL_SETAUTHDB $ac_have_decl | ||
7173 | _ACEOF | ||
7174 | |||
7175 | ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h> | ||
7176 | |||
7177 | " | ||
7178 | if test "x$ac_cv_have_decl_loginfailed" = xyes; then : | ||
7179 | ac_have_decl=1 | ||
7180 | else | ||
7181 | ac_have_decl=0 | ||
7182 | fi | ||
7183 | |||
7184 | cat >>confdefs.h <<_ACEOF | ||
7185 | #define HAVE_DECL_LOGINFAILED $ac_have_decl | ||
7186 | _ACEOF | ||
7187 | if test $ac_have_decl = 1; then : | ||
7188 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5 | ||
7189 | $as_echo_n "checking if loginfailed takes 4 arguments... " >&6; } | ||
7190 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7191 | /* end confdefs.h. */ | ||
7192 | #include <usersec.h> | ||
7193 | int | ||
7194 | main () | ||
7195 | { | ||
7196 | (void)loginfailed("user","host","tty",0); | ||
7197 | ; | ||
7198 | return 0; | ||
7199 | } | ||
7200 | _ACEOF | ||
7201 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7202 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
7203 | $as_echo "yes" >&6; } | ||
7204 | |||
7205 | $as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h | ||
7206 | |||
7207 | else | ||
7208 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7209 | $as_echo "no" >&6; } | ||
7210 | |||
7211 | fi | ||
7212 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7213 | fi | ||
7214 | |||
7215 | for ac_func in getgrset setauthdb | ||
7216 | do : | ||
7217 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
7218 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
7219 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
7220 | cat >>confdefs.h <<_ACEOF | ||
7221 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
7222 | _ACEOF | ||
7223 | |||
7224 | fi | ||
7225 | done | ||
7226 | |||
7227 | ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h> | ||
7228 | #include <fcntl.h> | ||
7229 | |||
7230 | " | ||
7231 | if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then : | ||
7232 | |||
7233 | $as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h | ||
7234 | |||
7235 | fi | ||
7236 | |||
7237 | check_for_aix_broken_getaddrinfo=1 | ||
7238 | |||
7239 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7240 | |||
7241 | |||
7242 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7243 | |||
7244 | |||
7245 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7246 | |||
7247 | |||
7248 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
7249 | |||
7250 | |||
7251 | $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h | ||
7252 | |||
7253 | |||
7254 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7255 | |||
7256 | |||
7257 | $as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h | ||
7258 | |||
7259 | |||
7260 | $as_echo "#define PTY_ZEROREAD 1" >>confdefs.h | ||
7261 | |||
7262 | |||
7263 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h | ||
7264 | |||
7265 | |||
7266 | $as_echo "#define BROKEN_STRNDUP 1" >>confdefs.h | ||
7267 | |||
7268 | |||
7269 | $as_echo "#define BROKEN_STRNLEN 1" >>confdefs.h | ||
7270 | |||
7271 | ;; | ||
7272 | *-*-android*) | ||
7273 | |||
7274 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
7275 | |||
7276 | |||
7277 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
7278 | |||
7279 | ;; | ||
7280 | *-*-cygwin*) | ||
7281 | check_for_libcrypt_later=1 | ||
7282 | LIBS="$LIBS /usr/lib/textreadmode.o" | ||
7283 | |||
7284 | $as_echo "#define HAVE_CYGWIN 1" >>confdefs.h | ||
7285 | |||
7286 | |||
7287 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
7288 | |||
7289 | |||
7290 | $as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h | ||
7291 | |||
7292 | |||
7293 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
7294 | |||
7295 | |||
7296 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h | ||
7297 | |||
7298 | |||
7299 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
7300 | |||
7301 | |||
7302 | $as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h | ||
7303 | |||
7304 | |||
7305 | $as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h | ||
7306 | |||
7307 | # Cygwin defines optargs, optargs as declspec(dllimport) for historical | ||
7308 | # reasons which cause compile warnings, so we disable those warnings. | ||
7309 | { | ||
7310 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5 | ||
7311 | $as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; } | ||
7312 | saved_CFLAGS="$CFLAGS" | ||
7313 | CFLAGS="$CFLAGS $WERROR -Wno-attributes" | ||
7314 | _define_flag="" | ||
7315 | test "x$_define_flag" = "x" && _define_flag="-Wno-attributes" | ||
7316 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7317 | /* end confdefs.h. */ | ||
7318 | |||
7319 | #include <stdlib.h> | ||
7320 | #include <stdio.h> | ||
7321 | int main(int argc, char **argv) { | ||
7322 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
7323 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
7324 | float l = i * 2.1; | ||
7325 | double m = l / 0.5; | ||
7326 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
7327 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
7328 | exit(0); | ||
7329 | } | ||
7330 | |||
7331 | _ACEOF | ||
7332 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7333 | |||
7334 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
7335 | then | ||
7336 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7337 | $as_echo "no" >&6; } | ||
7338 | CFLAGS="$saved_CFLAGS" | ||
7339 | else | ||
7340 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
7341 | $as_echo "yes" >&6; } | ||
7342 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
7343 | fi | ||
7344 | else | ||
7345 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7346 | $as_echo "no" >&6; } | ||
7347 | CFLAGS="$saved_CFLAGS" | ||
7348 | |||
7349 | fi | ||
7350 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7351 | } | ||
7352 | ;; | ||
7353 | *-*-dgux*) | ||
7354 | |||
7355 | $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h | ||
7356 | |||
7357 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7358 | |||
7359 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7360 | |||
7361 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7362 | |||
7363 | ;; | ||
7364 | *-*-darwin*) | ||
7365 | use_pie=auto | ||
7366 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5 | ||
7367 | $as_echo_n "checking if we have working getaddrinfo... " >&6; } | ||
7368 | if test "$cross_compiling" = yes; then : | ||
7369 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5 | ||
7370 | $as_echo "assume it is working" >&6; } | ||
7371 | else | ||
7372 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7373 | /* end confdefs.h. */ | ||
7374 | #include <mach-o/dyld.h> | ||
7375 | main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
7376 | exit(0); | ||
7377 | else | ||
7378 | exit(1); | ||
7379 | } | ||
7380 | |||
7381 | _ACEOF | ||
7382 | if ac_fn_c_try_run "$LINENO"; then : | ||
7383 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5 | ||
7384 | $as_echo "working" >&6; } | ||
7385 | else | ||
7386 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5 | ||
7387 | $as_echo "buggy" >&6; } | ||
7388 | |||
7389 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
7390 | |||
7391 | |||
7392 | fi | ||
7393 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
7394 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
7395 | fi | ||
7396 | |||
7397 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7398 | |||
7399 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7400 | |||
7401 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7402 | |||
7403 | |||
7404 | $as_echo "#define BROKEN_GLOB 1" >>confdefs.h | ||
7405 | |||
7406 | |||
7407 | cat >>confdefs.h <<_ACEOF | ||
7408 | #define BIND_8_COMPAT 1 | ||
7409 | _ACEOF | ||
7410 | |||
7411 | |||
7412 | $as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h | ||
7413 | |||
7414 | |||
7415 | $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h | ||
7416 | |||
7417 | |||
7418 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | ||
7419 | |||
7420 | |||
7421 | ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" | ||
7422 | if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then : | ||
7423 | |||
7424 | else | ||
7425 | |||
7426 | $as_echo "#define AU_IPv4 0" >>confdefs.h | ||
7427 | |||
7428 | #include <bsm/audit.h> | ||
7429 | |||
7430 | $as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h | ||
7431 | |||
7432 | |||
7433 | fi | ||
7434 | |||
7435 | |||
7436 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7437 | |||
7438 | for ac_func in sandbox_init | ||
7439 | do : | ||
7440 | ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init" | ||
7441 | if test "x$ac_cv_func_sandbox_init" = xyes; then : | ||
7442 | cat >>confdefs.h <<_ACEOF | ||
7443 | #define HAVE_SANDBOX_INIT 1 | ||
7444 | _ACEOF | ||
7445 | |||
7446 | fi | ||
7447 | done | ||
7448 | |||
7449 | for ac_header in sandbox.h | ||
7450 | do : | ||
7451 | ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default" | ||
7452 | if test "x$ac_cv_header_sandbox_h" = xyes; then : | ||
7453 | cat >>confdefs.h <<_ACEOF | ||
7454 | #define HAVE_SANDBOX_H 1 | ||
7455 | _ACEOF | ||
7456 | |||
7457 | fi | ||
7458 | |||
7459 | done | ||
7460 | |||
7461 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sandbox_apply in -lsandbox" >&5 | ||
7462 | $as_echo_n "checking for sandbox_apply in -lsandbox... " >&6; } | ||
7463 | if ${ac_cv_lib_sandbox_sandbox_apply+:} false; then : | ||
7464 | $as_echo_n "(cached) " >&6 | ||
7465 | else | ||
7466 | ac_check_lib_save_LIBS=$LIBS | ||
7467 | LIBS="-lsandbox $LIBS" | ||
7468 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7469 | /* end confdefs.h. */ | ||
7470 | |||
7471 | /* Override any GCC internal prototype to avoid an error. | ||
7472 | Use char because int might match the return type of a GCC | ||
7473 | builtin and then its argument prototype would still apply. */ | ||
7474 | #ifdef __cplusplus | ||
7475 | extern "C" | ||
7476 | #endif | ||
7477 | char sandbox_apply (); | ||
7478 | int | ||
7479 | main () | ||
7480 | { | ||
7481 | return sandbox_apply (); | ||
7482 | ; | ||
7483 | return 0; | ||
7484 | } | ||
7485 | _ACEOF | ||
7486 | if ac_fn_c_try_link "$LINENO"; then : | ||
7487 | ac_cv_lib_sandbox_sandbox_apply=yes | ||
7488 | else | ||
7489 | ac_cv_lib_sandbox_sandbox_apply=no | ||
7490 | fi | ||
7491 | rm -f core conftest.err conftest.$ac_objext \ | ||
7492 | conftest$ac_exeext conftest.$ac_ext | ||
7493 | LIBS=$ac_check_lib_save_LIBS | ||
7494 | fi | ||
7495 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sandbox_sandbox_apply" >&5 | ||
7496 | $as_echo "$ac_cv_lib_sandbox_sandbox_apply" >&6; } | ||
7497 | if test "x$ac_cv_lib_sandbox_sandbox_apply" = xyes; then : | ||
7498 | |||
7499 | SSHDLIBS="$SSHDLIBS -lsandbox" | ||
7500 | |||
7501 | fi | ||
7502 | |||
7503 | # proc_pidinfo()-based closefrom() replacement. | ||
7504 | for ac_header in libproc.h | ||
7505 | do : | ||
7506 | ac_fn_c_check_header_mongrel "$LINENO" "libproc.h" "ac_cv_header_libproc_h" "$ac_includes_default" | ||
7507 | if test "x$ac_cv_header_libproc_h" = xyes; then : | ||
7508 | cat >>confdefs.h <<_ACEOF | ||
7509 | #define HAVE_LIBPROC_H 1 | ||
7510 | _ACEOF | ||
7511 | |||
7512 | fi | ||
7513 | |||
7514 | done | ||
7515 | |||
7516 | for ac_func in proc_pidinfo | ||
7517 | do : | ||
7518 | ac_fn_c_check_func "$LINENO" "proc_pidinfo" "ac_cv_func_proc_pidinfo" | ||
7519 | if test "x$ac_cv_func_proc_pidinfo" = xyes; then : | ||
7520 | cat >>confdefs.h <<_ACEOF | ||
7521 | #define HAVE_PROC_PIDINFO 1 | ||
7522 | _ACEOF | ||
7523 | |||
7524 | fi | ||
7525 | done | ||
7526 | |||
7527 | ;; | ||
7528 | *-*-dragonfly*) | ||
7529 | SSHDLIBS="$SSHDLIBS -lcrypt" | ||
7530 | TEST_MALLOC_OPTIONS="AFGJPRX" | ||
7531 | ;; | ||
7532 | *-*-haiku*) | ||
7533 | LIBS="$LIBS -lbsd " | ||
7534 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5 | ||
7535 | $as_echo_n "checking for socket in -lnetwork... " >&6; } | ||
7536 | if ${ac_cv_lib_network_socket+:} false; then : | ||
7537 | $as_echo_n "(cached) " >&6 | ||
7538 | else | ||
7539 | ac_check_lib_save_LIBS=$LIBS | ||
7540 | LIBS="-lnetwork $LIBS" | ||
7541 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7542 | /* end confdefs.h. */ | ||
7543 | |||
7544 | /* Override any GCC internal prototype to avoid an error. | ||
7545 | Use char because int might match the return type of a GCC | ||
7546 | builtin and then its argument prototype would still apply. */ | ||
7547 | #ifdef __cplusplus | ||
7548 | extern "C" | ||
7549 | #endif | ||
7550 | char socket (); | ||
7551 | int | ||
7552 | main () | ||
7553 | { | ||
7554 | return socket (); | ||
7555 | ; | ||
7556 | return 0; | ||
7557 | } | ||
7558 | _ACEOF | ||
7559 | if ac_fn_c_try_link "$LINENO"; then : | ||
7560 | ac_cv_lib_network_socket=yes | ||
7561 | else | ||
7562 | ac_cv_lib_network_socket=no | ||
7563 | fi | ||
7564 | rm -f core conftest.err conftest.$ac_objext \ | ||
7565 | conftest$ac_exeext conftest.$ac_ext | ||
7566 | LIBS=$ac_check_lib_save_LIBS | ||
7567 | fi | ||
7568 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5 | ||
7569 | $as_echo "$ac_cv_lib_network_socket" >&6; } | ||
7570 | if test "x$ac_cv_lib_network_socket" = xyes; then : | ||
7571 | cat >>confdefs.h <<_ACEOF | ||
7572 | #define HAVE_LIBNETWORK 1 | ||
7573 | _ACEOF | ||
7574 | |||
7575 | LIBS="-lnetwork $LIBS" | ||
7576 | |||
7577 | fi | ||
7578 | |||
7579 | $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h | ||
7580 | |||
7581 | MANTYPE=man | ||
7582 | ;; | ||
7583 | *-*-hpux*) | ||
7584 | # first we define all of the options common to all HP-UX releases | ||
7585 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | ||
7586 | IPADDR_IN_DISPLAY=yes | ||
7587 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
7588 | |||
7589 | $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h | ||
7590 | |||
7591 | |||
7592 | $as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h | ||
7593 | |||
7594 | $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h | ||
7595 | |||
7596 | |||
7597 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h | ||
7598 | |||
7599 | maildir="/var/mail" | ||
7600 | LIBS="$LIBS -lsec" | ||
7601 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5 | ||
7602 | $as_echo_n "checking for t_error in -lxnet... " >&6; } | ||
7603 | if ${ac_cv_lib_xnet_t_error+:} false; then : | ||
7604 | $as_echo_n "(cached) " >&6 | ||
7605 | else | ||
7606 | ac_check_lib_save_LIBS=$LIBS | ||
7607 | LIBS="-lxnet $LIBS" | ||
7608 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7609 | /* end confdefs.h. */ | ||
7610 | |||
7611 | /* Override any GCC internal prototype to avoid an error. | ||
7612 | Use char because int might match the return type of a GCC | ||
7613 | builtin and then its argument prototype would still apply. */ | ||
7614 | #ifdef __cplusplus | ||
7615 | extern "C" | ||
7616 | #endif | ||
7617 | char t_error (); | ||
7618 | int | ||
7619 | main () | ||
7620 | { | ||
7621 | return t_error (); | ||
7622 | ; | ||
7623 | return 0; | ||
7624 | } | ||
7625 | _ACEOF | ||
7626 | if ac_fn_c_try_link "$LINENO"; then : | ||
7627 | ac_cv_lib_xnet_t_error=yes | ||
7628 | else | ||
7629 | ac_cv_lib_xnet_t_error=no | ||
7630 | fi | ||
7631 | rm -f core conftest.err conftest.$ac_objext \ | ||
7632 | conftest$ac_exeext conftest.$ac_ext | ||
7633 | LIBS=$ac_check_lib_save_LIBS | ||
7634 | fi | ||
7635 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5 | ||
7636 | $as_echo "$ac_cv_lib_xnet_t_error" >&6; } | ||
7637 | if test "x$ac_cv_lib_xnet_t_error" = xyes; then : | ||
7638 | cat >>confdefs.h <<_ACEOF | ||
7639 | #define HAVE_LIBXNET 1 | ||
7640 | _ACEOF | ||
7641 | |||
7642 | LIBS="-lxnet $LIBS" | ||
7643 | |||
7644 | else | ||
7645 | as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5 | ||
7646 | fi | ||
7647 | |||
7648 | |||
7649 | # next, we define all of the options specific to major releases | ||
7650 | case "$host" in | ||
7651 | *-*-hpux10*) | ||
7652 | if test -z "$GCC"; then | ||
7653 | CFLAGS="$CFLAGS -Ae" | ||
7654 | fi | ||
7655 | ;; | ||
7656 | *-*-hpux11*) | ||
7657 | |||
7658 | $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h | ||
7659 | |||
7660 | |||
7661 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
7662 | |||
7663 | |||
7664 | $as_echo "#define USE_BTMP 1" >>confdefs.h | ||
7665 | |||
7666 | check_for_hpux_broken_getaddrinfo=1 | ||
7667 | check_for_conflicting_getspnam=1 | ||
7668 | ;; | ||
7669 | esac | ||
7670 | |||
7671 | # lastly, we define options specific to minor releases | ||
7672 | case "$host" in | ||
7673 | *-*-hpux10.26) | ||
7674 | |||
7675 | $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h | ||
7676 | |||
7677 | disable_ptmx_check=yes | ||
7678 | LIBS="$LIBS -lsecpw" | ||
7679 | ;; | ||
7680 | esac | ||
7681 | ;; | ||
7682 | *-*-irix5*) | ||
7683 | PATH="$PATH:/usr/etc" | ||
7684 | |||
7685 | $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h | ||
7686 | |||
7687 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7688 | |||
7689 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7690 | |||
7691 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7692 | |||
7693 | |||
7694 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
7695 | |||
7696 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
7697 | |||
7698 | ;; | ||
7699 | *-*-irix6*) | ||
7700 | PATH="$PATH:/usr/etc" | ||
7701 | |||
7702 | $as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h | ||
7703 | |||
7704 | |||
7705 | $as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h | ||
7706 | |||
7707 | |||
7708 | $as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h | ||
7709 | |||
7710 | ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob" | ||
7711 | if test "x$ac_cv_func_jlimit_startjob" = xyes; then : | ||
7712 | |||
7713 | $as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h | ||
7714 | |||
7715 | fi | ||
7716 | |||
7717 | $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h | ||
7718 | |||
7719 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7720 | |||
7721 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7722 | |||
7723 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7724 | |||
7725 | |||
7726 | $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h | ||
7727 | |||
7728 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
7729 | |||
7730 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
7731 | |||
7732 | ;; | ||
7733 | *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) | ||
7734 | check_for_libcrypt_later=1 | ||
7735 | $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h | ||
7736 | |||
7737 | $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h | ||
7738 | |||
7739 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7740 | |||
7741 | |||
7742 | $as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h | ||
7743 | |||
7744 | |||
7745 | $as_echo "#define USE_BTMP 1" >>confdefs.h | ||
7746 | |||
7747 | ;; | ||
7748 | *-*-linux*) | ||
7749 | no_dev_ptmx=1 | ||
7750 | use_pie=auto | ||
7751 | check_for_libcrypt_later=1 | ||
7752 | check_for_openpty_ctty_bug=1 | ||
7753 | CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" | ||
7754 | |||
7755 | $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h | ||
7756 | |||
7757 | |||
7758 | $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h | ||
7759 | |||
7760 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7761 | |||
7762 | |||
7763 | $as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h | ||
7764 | |||
7765 | |||
7766 | $as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h | ||
7767 | |||
7768 | $as_echo "#define USE_BTMP 1" >>confdefs.h | ||
7769 | |||
7770 | |||
7771 | $as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h | ||
7772 | |||
7773 | inet6_default_4in6=yes | ||
7774 | case `uname -r` in | ||
7775 | 1.*|2.0.*) | ||
7776 | |||
7777 | $as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h | ||
7778 | |||
7779 | ;; | ||
7780 | esac | ||
7781 | # tun(4) forwarding compat code | ||
7782 | for ac_header in linux/if_tun.h | ||
7783 | do : | ||
7784 | ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default" | ||
7785 | if test "x$ac_cv_header_linux_if_tun_h" = xyes; then : | ||
7786 | cat >>confdefs.h <<_ACEOF | ||
7787 | #define HAVE_LINUX_IF_TUN_H 1 | ||
7788 | _ACEOF | ||
7789 | |||
7790 | fi | ||
7791 | |||
7792 | done | ||
7793 | |||
7794 | if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then | ||
7795 | |||
7796 | $as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h | ||
7797 | |||
7798 | |||
7799 | $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h | ||
7800 | |||
7801 | |||
7802 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | ||
7803 | |||
7804 | fi | ||
7805 | ac_fn_c_check_header_compile "$LINENO" "linux/if.h" "ac_cv_header_linux_if_h" " | ||
7806 | #ifdef HAVE_SYS_TYPES_H | ||
7807 | # include <sys/types.h> | ||
7808 | #endif | ||
7809 | |||
7810 | " | ||
7811 | if test "x$ac_cv_header_linux_if_h" = xyes; then : | ||
7812 | |||
7813 | $as_echo "#define SYS_RDOMAIN_LINUX 1" >>confdefs.h | ||
7814 | |||
7815 | fi | ||
7816 | |||
7817 | |||
7818 | for ac_header in linux/seccomp.h linux/filter.h linux/audit.h | ||
7819 | do : | ||
7820 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
7821 | ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h> | ||
7822 | " | ||
7823 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
7824 | cat >>confdefs.h <<_ACEOF | ||
7825 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
7826 | _ACEOF | ||
7827 | |||
7828 | fi | ||
7829 | |||
7830 | done | ||
7831 | |||
7832 | # Obtain MIPS ABI | ||
7833 | case "$host" in | ||
7834 | mips*) | ||
7835 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7836 | /* end confdefs.h. */ | ||
7837 | |||
7838 | #if _MIPS_SIM != _ABIO32 | ||
7839 | #error | ||
7840 | #endif | ||
7841 | |||
7842 | int | ||
7843 | main () | ||
7844 | { | ||
7845 | |||
7846 | ; | ||
7847 | return 0; | ||
7848 | } | ||
7849 | _ACEOF | ||
7850 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7851 | mips_abi="o32" | ||
7852 | else | ||
7853 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7854 | /* end confdefs.h. */ | ||
7855 | |||
7856 | #if _MIPS_SIM != _ABIN32 | ||
7857 | #error | ||
7858 | #endif | ||
7859 | |||
7860 | int | ||
7861 | main () | ||
7862 | { | ||
7863 | |||
7864 | ; | ||
7865 | return 0; | ||
7866 | } | ||
7867 | _ACEOF | ||
7868 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7869 | mips_abi="n32" | ||
7870 | else | ||
7871 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7872 | /* end confdefs.h. */ | ||
7873 | |||
7874 | #if _MIPS_SIM != _ABI64 | ||
7875 | #error | ||
7876 | #endif | ||
7877 | |||
7878 | int | ||
7879 | main () | ||
7880 | { | ||
7881 | |||
7882 | ; | ||
7883 | return 0; | ||
7884 | } | ||
7885 | _ACEOF | ||
7886 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7887 | mips_abi="n64" | ||
7888 | else | ||
7889 | as_fn_error $? "unknown MIPS ABI" "$LINENO" 5 | ||
7890 | |||
7891 | fi | ||
7892 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7893 | |||
7894 | fi | ||
7895 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7896 | |||
7897 | fi | ||
7898 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7899 | ;; | ||
7900 | esac | ||
7901 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5 | ||
7902 | $as_echo_n "checking for seccomp architecture... " >&6; } | ||
7903 | seccomp_audit_arch= | ||
7904 | case "$host" in | ||
7905 | x86_64-*) | ||
7906 | seccomp_audit_arch=AUDIT_ARCH_X86_64 | ||
7907 | ;; | ||
7908 | i*86-*) | ||
7909 | seccomp_audit_arch=AUDIT_ARCH_I386 | ||
7910 | ;; | ||
7911 | arm*-*) | ||
7912 | seccomp_audit_arch=AUDIT_ARCH_ARM | ||
7913 | ;; | ||
7914 | aarch64*-*) | ||
7915 | seccomp_audit_arch=AUDIT_ARCH_AARCH64 | ||
7916 | ;; | ||
7917 | s390x-*) | ||
7918 | seccomp_audit_arch=AUDIT_ARCH_S390X | ||
7919 | ;; | ||
7920 | s390-*) | ||
7921 | seccomp_audit_arch=AUDIT_ARCH_S390 | ||
7922 | ;; | ||
7923 | powerpc64-*) | ||
7924 | seccomp_audit_arch=AUDIT_ARCH_PPC64 | ||
7925 | ;; | ||
7926 | powerpc64le-*) | ||
7927 | seccomp_audit_arch=AUDIT_ARCH_PPC64LE | ||
7928 | ;; | ||
7929 | mips-*) | ||
7930 | seccomp_audit_arch=AUDIT_ARCH_MIPS | ||
7931 | ;; | ||
7932 | mipsel-*) | ||
7933 | seccomp_audit_arch=AUDIT_ARCH_MIPSEL | ||
7934 | ;; | ||
7935 | mips64-*) | ||
7936 | case "$mips_abi" in | ||
7937 | "n32") | ||
7938 | seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 | ||
7939 | ;; | ||
7940 | "n64") | ||
7941 | seccomp_audit_arch=AUDIT_ARCH_MIPS64 | ||
7942 | ;; | ||
7943 | esac | ||
7944 | ;; | ||
7945 | mips64el-*) | ||
7946 | case "$mips_abi" in | ||
7947 | "n32") | ||
7948 | seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 | ||
7949 | ;; | ||
7950 | "n64") | ||
7951 | seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 | ||
7952 | ;; | ||
7953 | esac | ||
7954 | ;; | ||
7955 | esac | ||
7956 | if test "x$seccomp_audit_arch" != "x" ; then | ||
7957 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5 | ||
7958 | $as_echo "\"$seccomp_audit_arch\"" >&6; } | ||
7959 | |||
7960 | cat >>confdefs.h <<_ACEOF | ||
7961 | #define SECCOMP_AUDIT_ARCH $seccomp_audit_arch | ||
7962 | _ACEOF | ||
7963 | |||
7964 | else | ||
7965 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5 | ||
7966 | $as_echo "architecture not supported" >&6; } | ||
7967 | fi | ||
7968 | ;; | ||
7969 | mips-sony-bsd|mips-sony-newsos4) | ||
7970 | |||
7971 | $as_echo "#define NEED_SETPGRP 1" >>confdefs.h | ||
7972 | |||
7973 | SONY=1 | ||
7974 | ;; | ||
7975 | *-*-netbsd*) | ||
7976 | check_for_libcrypt_before=1 | ||
7977 | if test "x$withval" != "xno" ; then | ||
7978 | rpath_opt="-R" | ||
7979 | fi | ||
7980 | CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" | ||
7981 | |||
7982 | $as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h | ||
7983 | |||
7984 | ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" | ||
7985 | if test "x$ac_cv_header_net_if_tap_h" = xyes; then : | ||
7986 | |||
7987 | else | ||
7988 | |||
7989 | $as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h | ||
7990 | |||
7991 | fi | ||
7992 | |||
7993 | |||
7994 | |||
7995 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | ||
7996 | |||
7997 | TEST_MALLOC_OPTIONS="AJRX" | ||
7998 | |||
7999 | $as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h | ||
8000 | |||
8001 | ;; | ||
8002 | *-*-freebsd*) | ||
8003 | check_for_libcrypt_later=1 | ||
8004 | |||
8005 | $as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h | ||
8006 | |||
8007 | |||
8008 | $as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h | ||
8009 | |||
8010 | ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" | ||
8011 | if test "x$ac_cv_header_net_if_tap_h" = xyes; then : | ||
8012 | |||
8013 | else | ||
8014 | |||
8015 | $as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h | ||
8016 | |||
8017 | fi | ||
8018 | |||
8019 | |||
8020 | |||
8021 | $as_echo "#define BROKEN_GLOB 1" >>confdefs.h | ||
8022 | |||
8023 | TEST_MALLOC_OPTIONS="AJRX" | ||
8024 | # Preauth crypto occasionally uses file descriptors for crypto offload | ||
8025 | # and will crash if they cannot be opened. | ||
8026 | |||
8027 | $as_echo "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h | ||
8028 | |||
8029 | ;; | ||
8030 | *-*-bsdi*) | ||
8031 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8032 | |||
8033 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8034 | |||
8035 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8036 | |||
8037 | ;; | ||
8038 | *-next-*) | ||
8039 | conf_lastlog_location="/usr/adm/lastlog" | ||
8040 | conf_utmp_location=/etc/utmp | ||
8041 | conf_wtmp_location=/usr/adm/wtmp | ||
8042 | maildir=/usr/spool/mail | ||
8043 | |||
8044 | $as_echo "#define HAVE_NEXT 1" >>confdefs.h | ||
8045 | |||
8046 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8047 | |||
8048 | |||
8049 | $as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h | ||
8050 | |||
8051 | ;; | ||
8052 | *-*-openbsd*) | ||
8053 | use_pie=auto | ||
8054 | |||
8055 | $as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h | ||
8056 | |||
8057 | |||
8058 | $as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h | ||
8059 | |||
8060 | |||
8061 | $as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h | ||
8062 | |||
8063 | |||
8064 | $as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h | ||
8065 | |||
8066 | TEST_MALLOC_OPTIONS="AFGJPRX" | ||
8067 | ;; | ||
8068 | *-*-solaris*) | ||
8069 | if test "x$withval" != "xno" ; then | ||
8070 | rpath_opt="-R" | ||
8071 | fi | ||
8072 | $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h | ||
8073 | |||
8074 | $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h | ||
8075 | |||
8076 | $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h | ||
8077 | |||
8078 | |||
8079 | $as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h | ||
8080 | |||
8081 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
8082 | |||
8083 | # Pushing STREAMS modules will cause sshd to acquire a controlling tty. | ||
8084 | |||
8085 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8086 | |||
8087 | |||
8088 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8089 | |||
8090 | |||
8091 | $as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h | ||
8092 | |||
8093 | external_path_file=/etc/default/login | ||
8094 | # hardwire lastlog location (can't detect it on some versions) | ||
8095 | conf_lastlog_location="/var/adm/lastlog" | ||
8096 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5 | ||
8097 | $as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; } | ||
8098 | sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` | ||
8099 | if test "$sol2ver" -ge 8; then | ||
8100 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
8101 | $as_echo "yes" >&6; } | ||
8102 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
8103 | |||
8104 | |||
8105 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
8106 | |||
8107 | else | ||
8108 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
8109 | $as_echo "no" >&6; } | ||
8110 | fi | ||
8111 | for ac_func in setpflags | ||
8112 | do : | ||
8113 | ac_fn_c_check_func "$LINENO" "setpflags" "ac_cv_func_setpflags" | ||
8114 | if test "x$ac_cv_func_setpflags" = xyes; then : | ||
8115 | cat >>confdefs.h <<_ACEOF | ||
8116 | #define HAVE_SETPFLAGS 1 | ||
8117 | _ACEOF | ||
8118 | |||
8119 | fi | ||
8120 | done | ||
8121 | |||
8122 | for ac_func in setppriv | ||
8123 | do : | ||
8124 | ac_fn_c_check_func "$LINENO" "setppriv" "ac_cv_func_setppriv" | ||
8125 | if test "x$ac_cv_func_setppriv" = xyes; then : | ||
8126 | cat >>confdefs.h <<_ACEOF | ||
8127 | #define HAVE_SETPPRIV 1 | ||
8128 | _ACEOF | ||
8129 | |||
8130 | fi | ||
8131 | done | ||
8132 | |||
8133 | for ac_func in priv_basicset | ||
8134 | do : | ||
8135 | ac_fn_c_check_func "$LINENO" "priv_basicset" "ac_cv_func_priv_basicset" | ||
8136 | if test "x$ac_cv_func_priv_basicset" = xyes; then : | ||
8137 | cat >>confdefs.h <<_ACEOF | ||
8138 | #define HAVE_PRIV_BASICSET 1 | ||
8139 | _ACEOF | ||
8140 | |||
8141 | fi | ||
8142 | done | ||
8143 | |||
8144 | for ac_header in priv.h | ||
8145 | do : | ||
8146 | ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default" | ||
8147 | if test "x$ac_cv_header_priv_h" = xyes; then : | ||
8148 | cat >>confdefs.h <<_ACEOF | ||
8149 | #define HAVE_PRIV_H 1 | ||
8150 | _ACEOF | ||
8151 | |||
8152 | fi | ||
8153 | |||
8154 | done | ||
8155 | |||
8156 | |||
8157 | # Check whether --with-solaris-contracts was given. | ||
8158 | if test "${with_solaris_contracts+set}" = set; then : | ||
8159 | withval=$with_solaris_contracts; | ||
8160 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5 | ||
8161 | $as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; } | ||
8162 | if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then : | ||
8163 | $as_echo_n "(cached) " >&6 | ||
8164 | else | ||
8165 | ac_check_lib_save_LIBS=$LIBS | ||
8166 | LIBS="-lcontract $LIBS" | ||
8167 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8168 | /* end confdefs.h. */ | ||
8169 | |||
8170 | /* Override any GCC internal prototype to avoid an error. | ||
8171 | Use char because int might match the return type of a GCC | ||
8172 | builtin and then its argument prototype would still apply. */ | ||
8173 | #ifdef __cplusplus | ||
8174 | extern "C" | ||
8175 | #endif | ||
8176 | char ct_tmpl_activate (); | ||
8177 | int | ||
8178 | main () | ||
8179 | { | ||
8180 | return ct_tmpl_activate (); | ||
8181 | ; | ||
8182 | return 0; | ||
8183 | } | ||
8184 | _ACEOF | ||
8185 | if ac_fn_c_try_link "$LINENO"; then : | ||
8186 | ac_cv_lib_contract_ct_tmpl_activate=yes | ||
8187 | else | ||
8188 | ac_cv_lib_contract_ct_tmpl_activate=no | ||
8189 | fi | ||
8190 | rm -f core conftest.err conftest.$ac_objext \ | ||
8191 | conftest$ac_exeext conftest.$ac_ext | ||
8192 | LIBS=$ac_check_lib_save_LIBS | ||
8193 | fi | ||
8194 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5 | ||
8195 | $as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; } | ||
8196 | if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then : | ||
8197 | |||
8198 | $as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h | ||
8199 | |||
8200 | LIBS="$LIBS -lcontract" | ||
8201 | SPC_MSG="yes" | ||
8202 | fi | ||
8203 | |||
8204 | |||
8205 | fi | ||
8206 | |||
8207 | |||
8208 | # Check whether --with-solaris-projects was given. | ||
8209 | if test "${with_solaris_projects+set}" = set; then : | ||
8210 | withval=$with_solaris_projects; | ||
8211 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 | ||
8212 | $as_echo_n "checking for setproject in -lproject... " >&6; } | ||
8213 | if ${ac_cv_lib_project_setproject+:} false; then : | ||
8214 | $as_echo_n "(cached) " >&6 | ||
8215 | else | ||
8216 | ac_check_lib_save_LIBS=$LIBS | ||
8217 | LIBS="-lproject $LIBS" | ||
8218 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8219 | /* end confdefs.h. */ | ||
8220 | |||
8221 | /* Override any GCC internal prototype to avoid an error. | ||
8222 | Use char because int might match the return type of a GCC | ||
8223 | builtin and then its argument prototype would still apply. */ | ||
8224 | #ifdef __cplusplus | ||
8225 | extern "C" | ||
8226 | #endif | ||
8227 | char setproject (); | ||
8228 | int | ||
8229 | main () | ||
8230 | { | ||
8231 | return setproject (); | ||
8232 | ; | ||
8233 | return 0; | ||
8234 | } | ||
8235 | _ACEOF | ||
8236 | if ac_fn_c_try_link "$LINENO"; then : | ||
8237 | ac_cv_lib_project_setproject=yes | ||
8238 | else | ||
8239 | ac_cv_lib_project_setproject=no | ||
8240 | fi | ||
8241 | rm -f core conftest.err conftest.$ac_objext \ | ||
8242 | conftest$ac_exeext conftest.$ac_ext | ||
8243 | LIBS=$ac_check_lib_save_LIBS | ||
8244 | fi | ||
8245 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 | ||
8246 | $as_echo "$ac_cv_lib_project_setproject" >&6; } | ||
8247 | if test "x$ac_cv_lib_project_setproject" = xyes; then : | ||
8248 | |||
8249 | $as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h | ||
8250 | |||
8251 | LIBS="$LIBS -lproject" | ||
8252 | SP_MSG="yes" | ||
8253 | fi | ||
8254 | |||
8255 | |||
8256 | fi | ||
8257 | |||
8258 | |||
8259 | # Check whether --with-solaris-privs was given. | ||
8260 | if test "${with_solaris_privs+set}" = set; then : | ||
8261 | withval=$with_solaris_privs; | ||
8262 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Solaris/Illumos privilege support" >&5 | ||
8263 | $as_echo_n "checking for Solaris/Illumos privilege support... " >&6; } | ||
8264 | if test "x$ac_cv_func_setppriv" = "xyes" -a \ | ||
8265 | "x$ac_cv_header_priv_h" = "xyes" ; then | ||
8266 | SOLARIS_PRIVS=yes | ||
8267 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 | ||
8268 | $as_echo "found" >&6; } | ||
8269 | |||
8270 | $as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h | ||
8271 | |||
8272 | |||
8273 | $as_echo "#define USE_SOLARIS_PRIVS 1" >>confdefs.h | ||
8274 | |||
8275 | SPP_MSG="yes" | ||
8276 | else | ||
8277 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
8278 | $as_echo "not found" >&6; } | ||
8279 | as_fn_error $? "*** must have support for Solaris privileges to use --with-solaris-privs" "$LINENO" 5 | ||
8280 | fi | ||
8281 | |||
8282 | fi | ||
8283 | |||
8284 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8285 | ;; | ||
8286 | *-*-sunos4*) | ||
8287 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | ||
8288 | for ac_func in getpwanam | ||
8289 | do : | ||
8290 | ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam" | ||
8291 | if test "x$ac_cv_func_getpwanam" = xyes; then : | ||
8292 | cat >>confdefs.h <<_ACEOF | ||
8293 | #define HAVE_GETPWANAM 1 | ||
8294 | _ACEOF | ||
8295 | |||
8296 | fi | ||
8297 | done | ||
8298 | |||
8299 | $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h | ||
8300 | |||
8301 | conf_utmp_location=/etc/utmp | ||
8302 | conf_wtmp_location=/var/adm/wtmp | ||
8303 | conf_lastlog_location=/var/adm/lastlog | ||
8304 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8305 | |||
8306 | |||
8307 | $as_echo "#define DISABLE_UTMPX 1" >>confdefs.h | ||
8308 | |||
8309 | ;; | ||
8310 | *-ncr-sysv*) | ||
8311 | LIBS="$LIBS -lc89" | ||
8312 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8313 | |||
8314 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8315 | |||
8316 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8317 | |||
8318 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8319 | |||
8320 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8321 | |||
8322 | ;; | ||
8323 | *-sni-sysv*) | ||
8324 | # /usr/ucblib MUST NOT be searched on ReliantUNIX | ||
8325 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5 | ||
8326 | $as_echo_n "checking for dlsym in -ldl... " >&6; } | ||
8327 | if ${ac_cv_lib_dl_dlsym+:} false; then : | ||
8328 | $as_echo_n "(cached) " >&6 | ||
8329 | else | ||
8330 | ac_check_lib_save_LIBS=$LIBS | ||
8331 | LIBS="-ldl $LIBS" | ||
8332 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8333 | /* end confdefs.h. */ | ||
8334 | |||
8335 | /* Override any GCC internal prototype to avoid an error. | ||
8336 | Use char because int might match the return type of a GCC | ||
8337 | builtin and then its argument prototype would still apply. */ | ||
8338 | #ifdef __cplusplus | ||
8339 | extern "C" | ||
8340 | #endif | ||
8341 | char dlsym (); | ||
8342 | int | ||
8343 | main () | ||
8344 | { | ||
8345 | return dlsym (); | ||
8346 | ; | ||
8347 | return 0; | ||
8348 | } | ||
8349 | _ACEOF | ||
8350 | if ac_fn_c_try_link "$LINENO"; then : | ||
8351 | ac_cv_lib_dl_dlsym=yes | ||
8352 | else | ||
8353 | ac_cv_lib_dl_dlsym=no | ||
8354 | fi | ||
8355 | rm -f core conftest.err conftest.$ac_objext \ | ||
8356 | conftest$ac_exeext conftest.$ac_ext | ||
8357 | LIBS=$ac_check_lib_save_LIBS | ||
8358 | fi | ||
8359 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5 | ||
8360 | $as_echo "$ac_cv_lib_dl_dlsym" >&6; } | ||
8361 | if test "x$ac_cv_lib_dl_dlsym" = xyes; then : | ||
8362 | cat >>confdefs.h <<_ACEOF | ||
8363 | #define HAVE_LIBDL 1 | ||
8364 | _ACEOF | ||
8365 | |||
8366 | LIBS="-ldl $LIBS" | ||
8367 | |||
8368 | fi | ||
8369 | |||
8370 | # -lresolv needs to be at the end of LIBS or DNS lookups break | ||
8371 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 | ||
8372 | $as_echo_n "checking for res_query in -lresolv... " >&6; } | ||
8373 | if ${ac_cv_lib_resolv_res_query+:} false; then : | ||
8374 | $as_echo_n "(cached) " >&6 | ||
8375 | else | ||
8376 | ac_check_lib_save_LIBS=$LIBS | ||
8377 | LIBS="-lresolv $LIBS" | ||
8378 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8379 | /* end confdefs.h. */ | ||
8380 | |||
8381 | /* Override any GCC internal prototype to avoid an error. | ||
8382 | Use char because int might match the return type of a GCC | ||
8383 | builtin and then its argument prototype would still apply. */ | ||
8384 | #ifdef __cplusplus | ||
8385 | extern "C" | ||
8386 | #endif | ||
8387 | char res_query (); | ||
8388 | int | ||
8389 | main () | ||
8390 | { | ||
8391 | return res_query (); | ||
8392 | ; | ||
8393 | return 0; | ||
8394 | } | ||
8395 | _ACEOF | ||
8396 | if ac_fn_c_try_link "$LINENO"; then : | ||
8397 | ac_cv_lib_resolv_res_query=yes | ||
8398 | else | ||
8399 | ac_cv_lib_resolv_res_query=no | ||
8400 | fi | ||
8401 | rm -f core conftest.err conftest.$ac_objext \ | ||
8402 | conftest$ac_exeext conftest.$ac_ext | ||
8403 | LIBS=$ac_check_lib_save_LIBS | ||
8404 | fi | ||
8405 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5 | ||
8406 | $as_echo "$ac_cv_lib_resolv_res_query" >&6; } | ||
8407 | if test "x$ac_cv_lib_resolv_res_query" = xyes; then : | ||
8408 | LIBS="$LIBS -lresolv" | ||
8409 | fi | ||
8410 | |||
8411 | IPADDR_IN_DISPLAY=yes | ||
8412 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8413 | |||
8414 | $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h | ||
8415 | |||
8416 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8417 | |||
8418 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8419 | |||
8420 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8421 | |||
8422 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8423 | |||
8424 | external_path_file=/etc/default/login | ||
8425 | # /usr/ucblib/libucb.a no longer needed on ReliantUNIX | ||
8426 | # Attention: always take care to bind libsocket and libnsl before libc, | ||
8427 | # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog | ||
8428 | ;; | ||
8429 | # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. | ||
8430 | *-*-sysv4.2*) | ||
8431 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8432 | |||
8433 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8434 | |||
8435 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8436 | |||
8437 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8438 | |||
8439 | |||
8440 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8441 | |||
8442 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
8443 | |||
8444 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8445 | ;; | ||
8446 | # UnixWare 7.x, OpenUNIX 8 | ||
8447 | *-*-sysv5*) | ||
8448 | CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" | ||
8449 | |||
8450 | $as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h | ||
8451 | |||
8452 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8453 | |||
8454 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8455 | |||
8456 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
8457 | |||
8458 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8459 | |||
8460 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8461 | |||
8462 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8463 | |||
8464 | $as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h | ||
8465 | |||
8466 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8467 | check_for_libcrypt_later=1 | ||
8468 | case "$host" in | ||
8469 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x | ||
8470 | maildir=/var/spool/mail | ||
8471 | $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h | ||
8472 | |||
8473 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5 | ||
8474 | $as_echo_n "checking for getluid in -lprot... " >&6; } | ||
8475 | if ${ac_cv_lib_prot_getluid+:} false; then : | ||
8476 | $as_echo_n "(cached) " >&6 | ||
8477 | else | ||
8478 | ac_check_lib_save_LIBS=$LIBS | ||
8479 | LIBS="-lprot $LIBS" | ||
8480 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8481 | /* end confdefs.h. */ | ||
8482 | |||
8483 | /* Override any GCC internal prototype to avoid an error. | ||
8484 | Use char because int might match the return type of a GCC | ||
8485 | builtin and then its argument prototype would still apply. */ | ||
8486 | #ifdef __cplusplus | ||
8487 | extern "C" | ||
8488 | #endif | ||
8489 | char getluid (); | ||
8490 | int | ||
8491 | main () | ||
8492 | { | ||
8493 | return getluid (); | ||
8494 | ; | ||
8495 | return 0; | ||
8496 | } | ||
8497 | _ACEOF | ||
8498 | if ac_fn_c_try_link "$LINENO"; then : | ||
8499 | ac_cv_lib_prot_getluid=yes | ||
8500 | else | ||
8501 | ac_cv_lib_prot_getluid=no | ||
8502 | fi | ||
8503 | rm -f core conftest.err conftest.$ac_objext \ | ||
8504 | conftest$ac_exeext conftest.$ac_ext | ||
8505 | LIBS=$ac_check_lib_save_LIBS | ||
8506 | fi | ||
8507 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5 | ||
8508 | $as_echo "$ac_cv_lib_prot_getluid" >&6; } | ||
8509 | if test "x$ac_cv_lib_prot_getluid" = xyes; then : | ||
8510 | LIBS="$LIBS -lprot" | ||
8511 | for ac_func in getluid setluid | ||
8512 | do : | ||
8513 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
8514 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
8515 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
8516 | cat >>confdefs.h <<_ACEOF | ||
8517 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
8518 | _ACEOF | ||
8519 | |||
8520 | fi | ||
8521 | done | ||
8522 | |||
8523 | |||
8524 | fi | ||
8525 | |||
8526 | ;; | ||
8527 | *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
8528 | |||
8529 | ;; | ||
8530 | esac | ||
8531 | ;; | ||
8532 | *-*-sysv*) | ||
8533 | ;; | ||
8534 | # SCO UNIX and OEM versions of SCO UNIX | ||
8535 | *-*-sco3.2v4*) | ||
8536 | as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5 | ||
8537 | ;; | ||
8538 | # SCO OpenServer 5.x | ||
8539 | *-*-sco3.2v5*) | ||
8540 | if test -z "$GCC"; then | ||
8541 | CFLAGS="$CFLAGS -belf" | ||
8542 | fi | ||
8543 | LIBS="$LIBS -lprot -lx -ltinfo -lm" | ||
8544 | no_dev_ptmx=1 | ||
8545 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8546 | |||
8547 | $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h | ||
8548 | |||
8549 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
8550 | |||
8551 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8552 | |||
8553 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8554 | |||
8555 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
8556 | |||
8557 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8558 | |||
8559 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8560 | |||
8561 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
8562 | |||
8563 | $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h | ||
8564 | |||
8565 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8566 | |||
8567 | for ac_func in getluid setluid | ||
8568 | do : | ||
8569 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
8570 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
8571 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
8572 | cat >>confdefs.h <<_ACEOF | ||
8573 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
8574 | _ACEOF | ||
8575 | |||
8576 | fi | ||
8577 | done | ||
8578 | |||
8579 | MANTYPE=man | ||
8580 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8581 | SKIP_DISABLE_LASTLOG_DEFINE=yes | ||
8582 | ;; | ||
8583 | *-dec-osf*) | ||
8584 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5 | ||
8585 | $as_echo_n "checking for Digital Unix SIA... " >&6; } | ||
8586 | no_osfsia="" | ||
8587 | |||
8588 | # Check whether --with-osfsia was given. | ||
8589 | if test "${with_osfsia+set}" = set; then : | ||
8590 | withval=$with_osfsia; | ||
8591 | if test "x$withval" = "xno" ; then | ||
8592 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 | ||
8593 | $as_echo "disabled" >&6; } | ||
8594 | no_osfsia=1 | ||
8595 | fi | ||
8596 | |||
8597 | fi | ||
8598 | |||
8599 | if test -z "$no_osfsia" ; then | ||
8600 | if test -f /etc/sia/matrix.conf; then | ||
8601 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
8602 | $as_echo "yes" >&6; } | ||
8603 | |||
8604 | $as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h | ||
8605 | |||
8606 | |||
8607 | $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h | ||
8608 | |||
8609 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8610 | |||
8611 | LIBS="$LIBS -lsecurity -ldb -lm -laud" | ||
8612 | SIA_MSG="yes" | ||
8613 | else | ||
8614 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
8615 | $as_echo "no" >&6; } | ||
8616 | |||
8617 | $as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h | ||
8618 | |||
8619 | fi | ||
8620 | fi | ||
8621 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
8622 | |||
8623 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8624 | |||
8625 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8626 | |||
8627 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8628 | |||
8629 | |||
8630 | $as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h | ||
8631 | |||
8632 | ;; | ||
8633 | |||
8634 | *-*-nto-qnx*) | ||
8635 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8636 | |||
8637 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h | ||
8638 | |||
8639 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
8640 | |||
8641 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8642 | |||
8643 | |||
8644 | $as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h | ||
8645 | |||
8646 | enable_etc_default_login=no # has incompatible /etc/default/login | ||
8647 | case "$host" in | ||
8648 | *-*-nto-qnx6*) | ||
8649 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8650 | |||
8651 | ;; | ||
8652 | esac | ||
8653 | ;; | ||
8654 | |||
8655 | *-*-ultrix*) | ||
8656 | |||
8657 | $as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h | ||
8658 | |||
8659 | $as_echo "#define NEED_SETPGRP 1" >>confdefs.h | ||
8660 | |||
8661 | |||
8662 | $as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h | ||
8663 | |||
8664 | ;; | ||
8665 | |||
8666 | *-*-lynxos) | ||
8667 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | ||
8668 | |||
8669 | $as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h | ||
8670 | |||
8671 | ;; | ||
8672 | esac | ||
8673 | |||
8674 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5 | ||
8675 | $as_echo_n "checking compiler and flags for sanity... " >&6; } | ||
8676 | if test "$cross_compiling" = yes; then : | ||
8677 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5 | ||
8678 | $as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;} | ||
8679 | |||
8680 | else | ||
8681 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8682 | /* end confdefs.h. */ | ||
8683 | #include <stdio.h> | ||
8684 | int | ||
8685 | main () | ||
8686 | { | ||
8687 | exit(0); | ||
8688 | ; | ||
8689 | return 0; | ||
8690 | } | ||
8691 | _ACEOF | ||
8692 | if ac_fn_c_try_run "$LINENO"; then : | ||
8693 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
8694 | $as_echo "yes" >&6; } | ||
8695 | else | ||
8696 | |||
8697 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
8698 | $as_echo "no" >&6; } | ||
8699 | as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5 | ||
8700 | |||
8701 | fi | ||
8702 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
8703 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
8704 | fi | ||
8705 | |||
8706 | |||
8707 | # Checks for libraries. | ||
8708 | ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" | ||
8709 | if test "x$ac_cv_func_setsockopt" = xyes; then : | ||
8710 | |||
8711 | else | ||
8712 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5 | ||
8713 | $as_echo_n "checking for setsockopt in -lsocket... " >&6; } | ||
8714 | if ${ac_cv_lib_socket_setsockopt+:} false; then : | ||
8715 | $as_echo_n "(cached) " >&6 | ||
8716 | else | ||
8717 | ac_check_lib_save_LIBS=$LIBS | ||
8718 | LIBS="-lsocket $LIBS" | ||
8719 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8720 | /* end confdefs.h. */ | ||
8721 | |||
8722 | /* Override any GCC internal prototype to avoid an error. | ||
8723 | Use char because int might match the return type of a GCC | ||
8724 | builtin and then its argument prototype would still apply. */ | ||
8725 | #ifdef __cplusplus | ||
8726 | extern "C" | ||
8727 | #endif | ||
8728 | char setsockopt (); | ||
8729 | int | ||
8730 | main () | ||
8731 | { | ||
8732 | return setsockopt (); | ||
8733 | ; | ||
8734 | return 0; | ||
8735 | } | ||
8736 | _ACEOF | ||
8737 | if ac_fn_c_try_link "$LINENO"; then : | ||
8738 | ac_cv_lib_socket_setsockopt=yes | ||
8739 | else | ||
8740 | ac_cv_lib_socket_setsockopt=no | ||
8741 | fi | ||
8742 | rm -f core conftest.err conftest.$ac_objext \ | ||
8743 | conftest$ac_exeext conftest.$ac_ext | ||
8744 | LIBS=$ac_check_lib_save_LIBS | ||
8745 | fi | ||
8746 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5 | ||
8747 | $as_echo "$ac_cv_lib_socket_setsockopt" >&6; } | ||
8748 | if test "x$ac_cv_lib_socket_setsockopt" = xyes; then : | ||
8749 | cat >>confdefs.h <<_ACEOF | ||
8750 | #define HAVE_LIBSOCKET 1 | ||
8751 | _ACEOF | ||
8752 | |||
8753 | LIBS="-lsocket $LIBS" | ||
8754 | |||
8755 | fi | ||
8756 | |||
8757 | fi | ||
8758 | |||
8759 | |||
8760 | for ac_func in dirname | ||
8761 | do : | ||
8762 | ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname" | ||
8763 | if test "x$ac_cv_func_dirname" = xyes; then : | ||
8764 | cat >>confdefs.h <<_ACEOF | ||
8765 | #define HAVE_DIRNAME 1 | ||
8766 | _ACEOF | ||
8767 | for ac_header in libgen.h | ||
8768 | do : | ||
8769 | ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" | ||
8770 | if test "x$ac_cv_header_libgen_h" = xyes; then : | ||
8771 | cat >>confdefs.h <<_ACEOF | ||
8772 | #define HAVE_LIBGEN_H 1 | ||
8773 | _ACEOF | ||
8774 | |||
8775 | fi | ||
8776 | |||
8777 | done | ||
8778 | |||
8779 | else | ||
8780 | |||
8781 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5 | ||
8782 | $as_echo_n "checking for dirname in -lgen... " >&6; } | ||
8783 | if ${ac_cv_lib_gen_dirname+:} false; then : | ||
8784 | $as_echo_n "(cached) " >&6 | ||
8785 | else | ||
8786 | ac_check_lib_save_LIBS=$LIBS | ||
8787 | LIBS="-lgen $LIBS" | ||
8788 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8789 | /* end confdefs.h. */ | ||
8790 | |||
8791 | /* Override any GCC internal prototype to avoid an error. | ||
8792 | Use char because int might match the return type of a GCC | ||
8793 | builtin and then its argument prototype would still apply. */ | ||
8794 | #ifdef __cplusplus | ||
8795 | extern "C" | ||
8796 | #endif | ||
8797 | char dirname (); | ||
8798 | int | ||
8799 | main () | ||
8800 | { | ||
8801 | return dirname (); | ||
8802 | ; | ||
8803 | return 0; | ||
8804 | } | ||
8805 | _ACEOF | ||
8806 | if ac_fn_c_try_link "$LINENO"; then : | ||
8807 | ac_cv_lib_gen_dirname=yes | ||
8808 | else | ||
8809 | ac_cv_lib_gen_dirname=no | ||
8810 | fi | ||
8811 | rm -f core conftest.err conftest.$ac_objext \ | ||
8812 | conftest$ac_exeext conftest.$ac_ext | ||
8813 | LIBS=$ac_check_lib_save_LIBS | ||
8814 | fi | ||
8815 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5 | ||
8816 | $as_echo "$ac_cv_lib_gen_dirname" >&6; } | ||
8817 | if test "x$ac_cv_lib_gen_dirname" = xyes; then : | ||
8818 | |||
8819 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5 | ||
8820 | $as_echo_n "checking for broken dirname... " >&6; } | ||
8821 | if ${ac_cv_have_broken_dirname+:} false; then : | ||
8822 | $as_echo_n "(cached) " >&6 | ||
8823 | else | ||
8824 | |||
8825 | save_LIBS="$LIBS" | ||
8826 | LIBS="$LIBS -lgen" | ||
8827 | if test "$cross_compiling" = yes; then : | ||
8828 | ac_cv_have_broken_dirname="no" | ||
8829 | else | ||
8830 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8831 | /* end confdefs.h. */ | ||
8832 | |||
8833 | #include <libgen.h> | ||
8834 | #include <string.h> | ||
8835 | |||
8836 | int main(int argc, char **argv) { | ||
8837 | char *s, buf[32]; | ||
8838 | |||
8839 | strncpy(buf,"/etc", 32); | ||
8840 | s = dirname(buf); | ||
8841 | if (!s || strncmp(s, "/", 32) != 0) { | ||
8842 | exit(1); | ||
8843 | } else { | ||
8844 | exit(0); | ||
8845 | } | ||
8846 | } | ||
8847 | |||
8848 | _ACEOF | ||
8849 | if ac_fn_c_try_run "$LINENO"; then : | ||
8850 | ac_cv_have_broken_dirname="no" | ||
8851 | else | ||
8852 | ac_cv_have_broken_dirname="yes" | ||
8853 | fi | ||
8854 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
8855 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
8856 | fi | ||
8857 | |||
8858 | LIBS="$save_LIBS" | ||
8859 | |||
8860 | fi | ||
8861 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5 | ||
8862 | $as_echo "$ac_cv_have_broken_dirname" >&6; } | ||
8863 | if test "x$ac_cv_have_broken_dirname" = "xno" ; then | ||
8864 | LIBS="$LIBS -lgen" | ||
8865 | $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h | ||
8866 | |||
8867 | for ac_header in libgen.h | ||
8868 | do : | ||
8869 | ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" | ||
8870 | if test "x$ac_cv_header_libgen_h" = xyes; then : | ||
8871 | cat >>confdefs.h <<_ACEOF | ||
8872 | #define HAVE_LIBGEN_H 1 | ||
8873 | _ACEOF | ||
8874 | |||
8875 | fi | ||
8876 | |||
8877 | done | ||
8878 | |||
8879 | fi | ||
8880 | |||
8881 | fi | ||
8882 | |||
8883 | |||
8884 | fi | ||
8885 | done | ||
8886 | |||
8887 | |||
8888 | ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam" | ||
8889 | if test "x$ac_cv_func_getspnam" = xyes; then : | ||
8890 | |||
8891 | else | ||
8892 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5 | ||
8893 | $as_echo_n "checking for getspnam in -lgen... " >&6; } | ||
8894 | if ${ac_cv_lib_gen_getspnam+:} false; then : | ||
8895 | $as_echo_n "(cached) " >&6 | ||
8896 | else | ||
8897 | ac_check_lib_save_LIBS=$LIBS | ||
8898 | LIBS="-lgen $LIBS" | ||
8899 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8900 | /* end confdefs.h. */ | ||
8901 | |||
8902 | /* Override any GCC internal prototype to avoid an error. | ||
8903 | Use char because int might match the return type of a GCC | ||
8904 | builtin and then its argument prototype would still apply. */ | ||
8905 | #ifdef __cplusplus | ||
8906 | extern "C" | ||
8907 | #endif | ||
8908 | char getspnam (); | ||
8909 | int | ||
8910 | main () | ||
8911 | { | ||
8912 | return getspnam (); | ||
8913 | ; | ||
8914 | return 0; | ||
8915 | } | ||
8916 | _ACEOF | ||
8917 | if ac_fn_c_try_link "$LINENO"; then : | ||
8918 | ac_cv_lib_gen_getspnam=yes | ||
8919 | else | ||
8920 | ac_cv_lib_gen_getspnam=no | ||
8921 | fi | ||
8922 | rm -f core conftest.err conftest.$ac_objext \ | ||
8923 | conftest$ac_exeext conftest.$ac_ext | ||
8924 | LIBS=$ac_check_lib_save_LIBS | ||
8925 | fi | ||
8926 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5 | ||
8927 | $as_echo "$ac_cv_lib_gen_getspnam" >&6; } | ||
8928 | if test "x$ac_cv_lib_gen_getspnam" = xyes; then : | ||
8929 | LIBS="$LIBS -lgen" | ||
8930 | fi | ||
8931 | |||
8932 | fi | ||
8933 | |||
8934 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5 | ||
8935 | $as_echo_n "checking for library containing basename... " >&6; } | ||
8936 | if ${ac_cv_search_basename+:} false; then : | ||
8937 | $as_echo_n "(cached) " >&6 | ||
8938 | else | ||
8939 | ac_func_search_save_LIBS=$LIBS | ||
8940 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8941 | /* end confdefs.h. */ | ||
8942 | |||
8943 | /* Override any GCC internal prototype to avoid an error. | ||
8944 | Use char because int might match the return type of a GCC | ||
8945 | builtin and then its argument prototype would still apply. */ | ||
8946 | #ifdef __cplusplus | ||
8947 | extern "C" | ||
8948 | #endif | ||
8949 | char basename (); | ||
8950 | int | ||
8951 | main () | ||
8952 | { | ||
8953 | return basename (); | ||
8954 | ; | ||
8955 | return 0; | ||
8956 | } | ||
8957 | _ACEOF | ||
8958 | for ac_lib in '' gen; do | ||
8959 | if test -z "$ac_lib"; then | ||
8960 | ac_res="none required" | ||
8961 | else | ||
8962 | ac_res=-l$ac_lib | ||
8963 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
8964 | fi | ||
8965 | if ac_fn_c_try_link "$LINENO"; then : | ||
8966 | ac_cv_search_basename=$ac_res | ||
8967 | fi | ||
8968 | rm -f core conftest.err conftest.$ac_objext \ | ||
8969 | conftest$ac_exeext | ||
8970 | if ${ac_cv_search_basename+:} false; then : | ||
8971 | break | ||
8972 | fi | ||
8973 | done | ||
8974 | if ${ac_cv_search_basename+:} false; then : | ||
8975 | |||
8976 | else | ||
8977 | ac_cv_search_basename=no | ||
8978 | fi | ||
8979 | rm conftest.$ac_ext | ||
8980 | LIBS=$ac_func_search_save_LIBS | ||
8981 | fi | ||
8982 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5 | ||
8983 | $as_echo "$ac_cv_search_basename" >&6; } | ||
8984 | ac_res=$ac_cv_search_basename | ||
8985 | if test "$ac_res" != no; then : | ||
8986 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
8987 | |||
8988 | $as_echo "#define HAVE_BASENAME 1" >>confdefs.h | ||
8989 | |||
8990 | fi | ||
8991 | |||
8992 | |||
8993 | |||
8994 | # Check whether --with-zlib was given. | ||
8995 | if test "${with_zlib+set}" = set; then : | ||
8996 | withval=$with_zlib; if test "x$withval" = "xno" ; then | ||
8997 | as_fn_error $? "*** zlib is required ***" "$LINENO" 5 | ||
8998 | elif test "x$withval" != "xyes"; then | ||
8999 | if test -d "$withval/lib"; then | ||
9000 | if test -n "${rpath_opt}"; then | ||
9001 | LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" | ||
9002 | else | ||
9003 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | ||
9004 | fi | ||
9005 | else | ||
9006 | if test -n "${rpath_opt}"; then | ||
9007 | LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" | ||
9008 | else | ||
9009 | LDFLAGS="-L${withval} ${LDFLAGS}" | ||
9010 | fi | ||
9011 | fi | ||
9012 | if test -d "$withval/include"; then | ||
9013 | CPPFLAGS="-I${withval}/include ${CPPFLAGS}" | ||
9014 | else | ||
9015 | CPPFLAGS="-I${withval} ${CPPFLAGS}" | ||
9016 | fi | ||
9017 | fi | ||
9018 | |||
9019 | fi | ||
9020 | |||
9021 | |||
9022 | ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" | ||
9023 | if test "x$ac_cv_header_zlib_h" = xyes; then : | ||
9024 | |||
9025 | else | ||
9026 | as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5 | ||
9027 | fi | ||
9028 | |||
9029 | |||
9030 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5 | ||
9031 | $as_echo_n "checking for deflate in -lz... " >&6; } | ||
9032 | if ${ac_cv_lib_z_deflate+:} false; then : | ||
9033 | $as_echo_n "(cached) " >&6 | ||
9034 | else | ||
9035 | ac_check_lib_save_LIBS=$LIBS | ||
9036 | LIBS="-lz $LIBS" | ||
9037 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9038 | /* end confdefs.h. */ | ||
9039 | |||
9040 | /* Override any GCC internal prototype to avoid an error. | ||
9041 | Use char because int might match the return type of a GCC | ||
9042 | builtin and then its argument prototype would still apply. */ | ||
9043 | #ifdef __cplusplus | ||
9044 | extern "C" | ||
9045 | #endif | ||
9046 | char deflate (); | ||
9047 | int | ||
9048 | main () | ||
9049 | { | ||
9050 | return deflate (); | ||
9051 | ; | ||
9052 | return 0; | ||
9053 | } | ||
9054 | _ACEOF | ||
9055 | if ac_fn_c_try_link "$LINENO"; then : | ||
9056 | ac_cv_lib_z_deflate=yes | ||
9057 | else | ||
9058 | ac_cv_lib_z_deflate=no | ||
9059 | fi | ||
9060 | rm -f core conftest.err conftest.$ac_objext \ | ||
9061 | conftest$ac_exeext conftest.$ac_ext | ||
9062 | LIBS=$ac_check_lib_save_LIBS | ||
9063 | fi | ||
9064 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5 | ||
9065 | $as_echo "$ac_cv_lib_z_deflate" >&6; } | ||
9066 | if test "x$ac_cv_lib_z_deflate" = xyes; then : | ||
9067 | cat >>confdefs.h <<_ACEOF | ||
9068 | #define HAVE_LIBZ 1 | ||
9069 | _ACEOF | ||
9070 | |||
9071 | LIBS="-lz $LIBS" | ||
9072 | |||
9073 | else | ||
9074 | |||
9075 | saved_CPPFLAGS="$CPPFLAGS" | ||
9076 | saved_LDFLAGS="$LDFLAGS" | ||
9077 | save_LIBS="$LIBS" | ||
9078 | if test -n "${rpath_opt}"; then | ||
9079 | LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" | ||
9080 | else | ||
9081 | LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" | ||
9082 | fi | ||
9083 | CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" | ||
9084 | LIBS="$LIBS -lz" | ||
9085 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9086 | /* end confdefs.h. */ | ||
9087 | |||
9088 | /* Override any GCC internal prototype to avoid an error. | ||
9089 | Use char because int might match the return type of a GCC | ||
9090 | builtin and then its argument prototype would still apply. */ | ||
9091 | #ifdef __cplusplus | ||
9092 | extern "C" | ||
9093 | #endif | ||
9094 | char deflate (); | ||
9095 | int | ||
9096 | main () | ||
9097 | { | ||
9098 | return deflate (); | ||
9099 | ; | ||
9100 | return 0; | ||
9101 | } | ||
9102 | _ACEOF | ||
9103 | if ac_fn_c_try_link "$LINENO"; then : | ||
9104 | $as_echo "#define HAVE_LIBZ 1" >>confdefs.h | ||
9105 | |||
9106 | else | ||
9107 | |||
9108 | as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5 | ||
9109 | |||
9110 | |||
9111 | fi | ||
9112 | rm -f core conftest.err conftest.$ac_objext \ | ||
9113 | conftest$ac_exeext conftest.$ac_ext | ||
9114 | |||
9115 | |||
9116 | fi | ||
9117 | |||
9118 | |||
9119 | |||
9120 | # Check whether --with-zlib-version-check was given. | ||
9121 | if test "${with_zlib_version_check+set}" = set; then : | ||
9122 | withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then | ||
9123 | zlib_check_nonfatal=1 | ||
9124 | fi | ||
9125 | |||
9126 | |||
9127 | fi | ||
9128 | |||
9129 | |||
9130 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5 | ||
9131 | $as_echo_n "checking for possibly buggy zlib... " >&6; } | ||
9132 | if test "$cross_compiling" = yes; then : | ||
9133 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5 | ||
9134 | $as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} | ||
9135 | |||
9136 | else | ||
9137 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9138 | /* end confdefs.h. */ | ||
9139 | |||
9140 | #include <stdio.h> | ||
9141 | #include <stdlib.h> | ||
9142 | #include <zlib.h> | ||
9143 | |||
9144 | int | ||
9145 | main () | ||
9146 | { | ||
9147 | |||
9148 | int a=0, b=0, c=0, d=0, n, v; | ||
9149 | n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); | ||
9150 | if (n != 3 && n != 4) | ||
9151 | exit(1); | ||
9152 | v = a*1000000 + b*10000 + c*100 + d; | ||
9153 | fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); | ||
9154 | |||
9155 | /* 1.1.4 is OK */ | ||
9156 | if (a == 1 && b == 1 && c >= 4) | ||
9157 | exit(0); | ||
9158 | |||
9159 | /* 1.2.3 and up are OK */ | ||
9160 | if (v >= 1020300) | ||
9161 | exit(0); | ||
9162 | |||
9163 | exit(2); | ||
9164 | |||
9165 | ; | ||
9166 | return 0; | ||
9167 | } | ||
9168 | _ACEOF | ||
9169 | if ac_fn_c_try_run "$LINENO"; then : | ||
9170 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9171 | $as_echo "no" >&6; } | ||
9172 | else | ||
9173 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9174 | $as_echo "yes" >&6; } | ||
9175 | if test -z "$zlib_check_nonfatal" ; then | ||
9176 | as_fn_error $? "*** zlib too old - check config.log *** | ||
9177 | Your reported zlib version has known security problems. It's possible your | ||
9178 | vendor has fixed these problems without changing the version number. If you | ||
9179 | are sure this is the case, you can disable the check by running | ||
9180 | \"./configure --without-zlib-version-check\". | ||
9181 | If you are in doubt, upgrade zlib to version 1.2.3 or greater. | ||
9182 | See http://www.gzip.org/zlib/ for details." "$LINENO" 5 | ||
9183 | else | ||
9184 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5 | ||
9185 | $as_echo "$as_me: WARNING: zlib version may have security problems" >&2;} | ||
9186 | fi | ||
9187 | |||
9188 | fi | ||
9189 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
9190 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
9191 | fi | ||
9192 | |||
9193 | |||
9194 | ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" | ||
9195 | if test "x$ac_cv_func_strcasecmp" = xyes; then : | ||
9196 | |||
9197 | else | ||
9198 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5 | ||
9199 | $as_echo_n "checking for strcasecmp in -lresolv... " >&6; } | ||
9200 | if ${ac_cv_lib_resolv_strcasecmp+:} false; then : | ||
9201 | $as_echo_n "(cached) " >&6 | ||
9202 | else | ||
9203 | ac_check_lib_save_LIBS=$LIBS | ||
9204 | LIBS="-lresolv $LIBS" | ||
9205 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9206 | /* end confdefs.h. */ | ||
9207 | |||
9208 | /* Override any GCC internal prototype to avoid an error. | ||
9209 | Use char because int might match the return type of a GCC | ||
9210 | builtin and then its argument prototype would still apply. */ | ||
9211 | #ifdef __cplusplus | ||
9212 | extern "C" | ||
9213 | #endif | ||
9214 | char strcasecmp (); | ||
9215 | int | ||
9216 | main () | ||
9217 | { | ||
9218 | return strcasecmp (); | ||
9219 | ; | ||
9220 | return 0; | ||
9221 | } | ||
9222 | _ACEOF | ||
9223 | if ac_fn_c_try_link "$LINENO"; then : | ||
9224 | ac_cv_lib_resolv_strcasecmp=yes | ||
9225 | else | ||
9226 | ac_cv_lib_resolv_strcasecmp=no | ||
9227 | fi | ||
9228 | rm -f core conftest.err conftest.$ac_objext \ | ||
9229 | conftest$ac_exeext conftest.$ac_ext | ||
9230 | LIBS=$ac_check_lib_save_LIBS | ||
9231 | fi | ||
9232 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5 | ||
9233 | $as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; } | ||
9234 | if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then : | ||
9235 | LIBS="$LIBS -lresolv" | ||
9236 | fi | ||
9237 | |||
9238 | |||
9239 | fi | ||
9240 | |||
9241 | for ac_func in utimes | ||
9242 | do : | ||
9243 | ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" | ||
9244 | if test "x$ac_cv_func_utimes" = xyes; then : | ||
9245 | cat >>confdefs.h <<_ACEOF | ||
9246 | #define HAVE_UTIMES 1 | ||
9247 | _ACEOF | ||
9248 | |||
9249 | else | ||
9250 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5 | ||
9251 | $as_echo_n "checking for utimes in -lc89... " >&6; } | ||
9252 | if ${ac_cv_lib_c89_utimes+:} false; then : | ||
9253 | $as_echo_n "(cached) " >&6 | ||
9254 | else | ||
9255 | ac_check_lib_save_LIBS=$LIBS | ||
9256 | LIBS="-lc89 $LIBS" | ||
9257 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9258 | /* end confdefs.h. */ | ||
9259 | |||
9260 | /* Override any GCC internal prototype to avoid an error. | ||
9261 | Use char because int might match the return type of a GCC | ||
9262 | builtin and then its argument prototype would still apply. */ | ||
9263 | #ifdef __cplusplus | ||
9264 | extern "C" | ||
9265 | #endif | ||
9266 | char utimes (); | ||
9267 | int | ||
9268 | main () | ||
9269 | { | ||
9270 | return utimes (); | ||
9271 | ; | ||
9272 | return 0; | ||
9273 | } | ||
9274 | _ACEOF | ||
9275 | if ac_fn_c_try_link "$LINENO"; then : | ||
9276 | ac_cv_lib_c89_utimes=yes | ||
9277 | else | ||
9278 | ac_cv_lib_c89_utimes=no | ||
9279 | fi | ||
9280 | rm -f core conftest.err conftest.$ac_objext \ | ||
9281 | conftest$ac_exeext conftest.$ac_ext | ||
9282 | LIBS=$ac_check_lib_save_LIBS | ||
9283 | fi | ||
9284 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5 | ||
9285 | $as_echo "$ac_cv_lib_c89_utimes" >&6; } | ||
9286 | if test "x$ac_cv_lib_c89_utimes" = xyes; then : | ||
9287 | $as_echo "#define HAVE_UTIMES 1" >>confdefs.h | ||
9288 | |||
9289 | LIBS="$LIBS -lc89" | ||
9290 | fi | ||
9291 | |||
9292 | |||
9293 | fi | ||
9294 | done | ||
9295 | |||
9296 | |||
9297 | for ac_header in bsd/libutil.h libutil.h | ||
9298 | do : | ||
9299 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
9300 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
9301 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
9302 | cat >>confdefs.h <<_ACEOF | ||
9303 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
9304 | _ACEOF | ||
9305 | |||
9306 | fi | ||
9307 | |||
9308 | done | ||
9309 | |||
9310 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5 | ||
9311 | $as_echo_n "checking for library containing fmt_scaled... " >&6; } | ||
9312 | if ${ac_cv_search_fmt_scaled+:} false; then : | ||
9313 | $as_echo_n "(cached) " >&6 | ||
9314 | else | ||
9315 | ac_func_search_save_LIBS=$LIBS | ||
9316 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9317 | /* end confdefs.h. */ | ||
9318 | |||
9319 | /* Override any GCC internal prototype to avoid an error. | ||
9320 | Use char because int might match the return type of a GCC | ||
9321 | builtin and then its argument prototype would still apply. */ | ||
9322 | #ifdef __cplusplus | ||
9323 | extern "C" | ||
9324 | #endif | ||
9325 | char fmt_scaled (); | ||
9326 | int | ||
9327 | main () | ||
9328 | { | ||
9329 | return fmt_scaled (); | ||
9330 | ; | ||
9331 | return 0; | ||
9332 | } | ||
9333 | _ACEOF | ||
9334 | for ac_lib in '' util bsd; do | ||
9335 | if test -z "$ac_lib"; then | ||
9336 | ac_res="none required" | ||
9337 | else | ||
9338 | ac_res=-l$ac_lib | ||
9339 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9340 | fi | ||
9341 | if ac_fn_c_try_link "$LINENO"; then : | ||
9342 | ac_cv_search_fmt_scaled=$ac_res | ||
9343 | fi | ||
9344 | rm -f core conftest.err conftest.$ac_objext \ | ||
9345 | conftest$ac_exeext | ||
9346 | if ${ac_cv_search_fmt_scaled+:} false; then : | ||
9347 | break | ||
9348 | fi | ||
9349 | done | ||
9350 | if ${ac_cv_search_fmt_scaled+:} false; then : | ||
9351 | |||
9352 | else | ||
9353 | ac_cv_search_fmt_scaled=no | ||
9354 | fi | ||
9355 | rm conftest.$ac_ext | ||
9356 | LIBS=$ac_func_search_save_LIBS | ||
9357 | fi | ||
9358 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5 | ||
9359 | $as_echo "$ac_cv_search_fmt_scaled" >&6; } | ||
9360 | ac_res=$ac_cv_search_fmt_scaled | ||
9361 | if test "$ac_res" != no; then : | ||
9362 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9363 | |||
9364 | fi | ||
9365 | |||
9366 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5 | ||
9367 | $as_echo_n "checking for library containing scan_scaled... " >&6; } | ||
9368 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
9369 | $as_echo_n "(cached) " >&6 | ||
9370 | else | ||
9371 | ac_func_search_save_LIBS=$LIBS | ||
9372 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9373 | /* end confdefs.h. */ | ||
9374 | |||
9375 | /* Override any GCC internal prototype to avoid an error. | ||
9376 | Use char because int might match the return type of a GCC | ||
9377 | builtin and then its argument prototype would still apply. */ | ||
9378 | #ifdef __cplusplus | ||
9379 | extern "C" | ||
9380 | #endif | ||
9381 | char scan_scaled (); | ||
9382 | int | ||
9383 | main () | ||
9384 | { | ||
9385 | return scan_scaled (); | ||
9386 | ; | ||
9387 | return 0; | ||
9388 | } | ||
9389 | _ACEOF | ||
9390 | for ac_lib in '' util bsd; do | ||
9391 | if test -z "$ac_lib"; then | ||
9392 | ac_res="none required" | ||
9393 | else | ||
9394 | ac_res=-l$ac_lib | ||
9395 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9396 | fi | ||
9397 | if ac_fn_c_try_link "$LINENO"; then : | ||
9398 | ac_cv_search_scan_scaled=$ac_res | ||
9399 | fi | ||
9400 | rm -f core conftest.err conftest.$ac_objext \ | ||
9401 | conftest$ac_exeext | ||
9402 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
9403 | break | ||
9404 | fi | ||
9405 | done | ||
9406 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
9407 | |||
9408 | else | ||
9409 | ac_cv_search_scan_scaled=no | ||
9410 | fi | ||
9411 | rm conftest.$ac_ext | ||
9412 | LIBS=$ac_func_search_save_LIBS | ||
9413 | fi | ||
9414 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5 | ||
9415 | $as_echo "$ac_cv_search_scan_scaled" >&6; } | ||
9416 | ac_res=$ac_cv_search_scan_scaled | ||
9417 | if test "$ac_res" != no; then : | ||
9418 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9419 | |||
9420 | fi | ||
9421 | |||
9422 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 | ||
9423 | $as_echo_n "checking for library containing login... " >&6; } | ||
9424 | if ${ac_cv_search_login+:} false; then : | ||
9425 | $as_echo_n "(cached) " >&6 | ||
9426 | else | ||
9427 | ac_func_search_save_LIBS=$LIBS | ||
9428 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9429 | /* end confdefs.h. */ | ||
9430 | |||
9431 | /* Override any GCC internal prototype to avoid an error. | ||
9432 | Use char because int might match the return type of a GCC | ||
9433 | builtin and then its argument prototype would still apply. */ | ||
9434 | #ifdef __cplusplus | ||
9435 | extern "C" | ||
9436 | #endif | ||
9437 | char login (); | ||
9438 | int | ||
9439 | main () | ||
9440 | { | ||
9441 | return login (); | ||
9442 | ; | ||
9443 | return 0; | ||
9444 | } | ||
9445 | _ACEOF | ||
9446 | for ac_lib in '' util bsd; do | ||
9447 | if test -z "$ac_lib"; then | ||
9448 | ac_res="none required" | ||
9449 | else | ||
9450 | ac_res=-l$ac_lib | ||
9451 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9452 | fi | ||
9453 | if ac_fn_c_try_link "$LINENO"; then : | ||
9454 | ac_cv_search_login=$ac_res | ||
9455 | fi | ||
9456 | rm -f core conftest.err conftest.$ac_objext \ | ||
9457 | conftest$ac_exeext | ||
9458 | if ${ac_cv_search_login+:} false; then : | ||
9459 | break | ||
9460 | fi | ||
9461 | done | ||
9462 | if ${ac_cv_search_login+:} false; then : | ||
9463 | |||
9464 | else | ||
9465 | ac_cv_search_login=no | ||
9466 | fi | ||
9467 | rm conftest.$ac_ext | ||
9468 | LIBS=$ac_func_search_save_LIBS | ||
9469 | fi | ||
9470 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5 | ||
9471 | $as_echo "$ac_cv_search_login" >&6; } | ||
9472 | ac_res=$ac_cv_search_login | ||
9473 | if test "$ac_res" != no; then : | ||
9474 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9475 | |||
9476 | fi | ||
9477 | |||
9478 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5 | ||
9479 | $as_echo_n "checking for library containing logout... " >&6; } | ||
9480 | if ${ac_cv_search_logout+:} false; then : | ||
9481 | $as_echo_n "(cached) " >&6 | ||
9482 | else | ||
9483 | ac_func_search_save_LIBS=$LIBS | ||
9484 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9485 | /* end confdefs.h. */ | ||
9486 | |||
9487 | /* Override any GCC internal prototype to avoid an error. | ||
9488 | Use char because int might match the return type of a GCC | ||
9489 | builtin and then its argument prototype would still apply. */ | ||
9490 | #ifdef __cplusplus | ||
9491 | extern "C" | ||
9492 | #endif | ||
9493 | char logout (); | ||
9494 | int | ||
9495 | main () | ||
9496 | { | ||
9497 | return logout (); | ||
9498 | ; | ||
9499 | return 0; | ||
9500 | } | ||
9501 | _ACEOF | ||
9502 | for ac_lib in '' util bsd; do | ||
9503 | if test -z "$ac_lib"; then | ||
9504 | ac_res="none required" | ||
9505 | else | ||
9506 | ac_res=-l$ac_lib | ||
9507 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9508 | fi | ||
9509 | if ac_fn_c_try_link "$LINENO"; then : | ||
9510 | ac_cv_search_logout=$ac_res | ||
9511 | fi | ||
9512 | rm -f core conftest.err conftest.$ac_objext \ | ||
9513 | conftest$ac_exeext | ||
9514 | if ${ac_cv_search_logout+:} false; then : | ||
9515 | break | ||
9516 | fi | ||
9517 | done | ||
9518 | if ${ac_cv_search_logout+:} false; then : | ||
9519 | |||
9520 | else | ||
9521 | ac_cv_search_logout=no | ||
9522 | fi | ||
9523 | rm conftest.$ac_ext | ||
9524 | LIBS=$ac_func_search_save_LIBS | ||
9525 | fi | ||
9526 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5 | ||
9527 | $as_echo "$ac_cv_search_logout" >&6; } | ||
9528 | ac_res=$ac_cv_search_logout | ||
9529 | if test "$ac_res" != no; then : | ||
9530 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9531 | |||
9532 | fi | ||
9533 | |||
9534 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5 | ||
9535 | $as_echo_n "checking for library containing logwtmp... " >&6; } | ||
9536 | if ${ac_cv_search_logwtmp+:} false; then : | ||
9537 | $as_echo_n "(cached) " >&6 | ||
9538 | else | ||
9539 | ac_func_search_save_LIBS=$LIBS | ||
9540 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9541 | /* end confdefs.h. */ | ||
9542 | |||
9543 | /* Override any GCC internal prototype to avoid an error. | ||
9544 | Use char because int might match the return type of a GCC | ||
9545 | builtin and then its argument prototype would still apply. */ | ||
9546 | #ifdef __cplusplus | ||
9547 | extern "C" | ||
9548 | #endif | ||
9549 | char logwtmp (); | ||
9550 | int | ||
9551 | main () | ||
9552 | { | ||
9553 | return logwtmp (); | ||
9554 | ; | ||
9555 | return 0; | ||
9556 | } | ||
9557 | _ACEOF | ||
9558 | for ac_lib in '' util bsd; do | ||
9559 | if test -z "$ac_lib"; then | ||
9560 | ac_res="none required" | ||
9561 | else | ||
9562 | ac_res=-l$ac_lib | ||
9563 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9564 | fi | ||
9565 | if ac_fn_c_try_link "$LINENO"; then : | ||
9566 | ac_cv_search_logwtmp=$ac_res | ||
9567 | fi | ||
9568 | rm -f core conftest.err conftest.$ac_objext \ | ||
9569 | conftest$ac_exeext | ||
9570 | if ${ac_cv_search_logwtmp+:} false; then : | ||
9571 | break | ||
9572 | fi | ||
9573 | done | ||
9574 | if ${ac_cv_search_logwtmp+:} false; then : | ||
9575 | |||
9576 | else | ||
9577 | ac_cv_search_logwtmp=no | ||
9578 | fi | ||
9579 | rm conftest.$ac_ext | ||
9580 | LIBS=$ac_func_search_save_LIBS | ||
9581 | fi | ||
9582 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5 | ||
9583 | $as_echo "$ac_cv_search_logwtmp" >&6; } | ||
9584 | ac_res=$ac_cv_search_logwtmp | ||
9585 | if test "$ac_res" != no; then : | ||
9586 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9587 | |||
9588 | fi | ||
9589 | |||
9590 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 | ||
9591 | $as_echo_n "checking for library containing openpty... " >&6; } | ||
9592 | if ${ac_cv_search_openpty+:} false; then : | ||
9593 | $as_echo_n "(cached) " >&6 | ||
9594 | else | ||
9595 | ac_func_search_save_LIBS=$LIBS | ||
9596 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9597 | /* end confdefs.h. */ | ||
9598 | |||
9599 | /* Override any GCC internal prototype to avoid an error. | ||
9600 | Use char because int might match the return type of a GCC | ||
9601 | builtin and then its argument prototype would still apply. */ | ||
9602 | #ifdef __cplusplus | ||
9603 | extern "C" | ||
9604 | #endif | ||
9605 | char openpty (); | ||
9606 | int | ||
9607 | main () | ||
9608 | { | ||
9609 | return openpty (); | ||
9610 | ; | ||
9611 | return 0; | ||
9612 | } | ||
9613 | _ACEOF | ||
9614 | for ac_lib in '' util bsd; do | ||
9615 | if test -z "$ac_lib"; then | ||
9616 | ac_res="none required" | ||
9617 | else | ||
9618 | ac_res=-l$ac_lib | ||
9619 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9620 | fi | ||
9621 | if ac_fn_c_try_link "$LINENO"; then : | ||
9622 | ac_cv_search_openpty=$ac_res | ||
9623 | fi | ||
9624 | rm -f core conftest.err conftest.$ac_objext \ | ||
9625 | conftest$ac_exeext | ||
9626 | if ${ac_cv_search_openpty+:} false; then : | ||
9627 | break | ||
9628 | fi | ||
9629 | done | ||
9630 | if ${ac_cv_search_openpty+:} false; then : | ||
9631 | |||
9632 | else | ||
9633 | ac_cv_search_openpty=no | ||
9634 | fi | ||
9635 | rm conftest.$ac_ext | ||
9636 | LIBS=$ac_func_search_save_LIBS | ||
9637 | fi | ||
9638 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 | ||
9639 | $as_echo "$ac_cv_search_openpty" >&6; } | ||
9640 | ac_res=$ac_cv_search_openpty | ||
9641 | if test "$ac_res" != no; then : | ||
9642 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9643 | |||
9644 | fi | ||
9645 | |||
9646 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5 | ||
9647 | $as_echo_n "checking for library containing updwtmp... " >&6; } | ||
9648 | if ${ac_cv_search_updwtmp+:} false; then : | ||
9649 | $as_echo_n "(cached) " >&6 | ||
9650 | else | ||
9651 | ac_func_search_save_LIBS=$LIBS | ||
9652 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9653 | /* end confdefs.h. */ | ||
9654 | |||
9655 | /* Override any GCC internal prototype to avoid an error. | ||
9656 | Use char because int might match the return type of a GCC | ||
9657 | builtin and then its argument prototype would still apply. */ | ||
9658 | #ifdef __cplusplus | ||
9659 | extern "C" | ||
9660 | #endif | ||
9661 | char updwtmp (); | ||
9662 | int | ||
9663 | main () | ||
9664 | { | ||
9665 | return updwtmp (); | ||
9666 | ; | ||
9667 | return 0; | ||
9668 | } | ||
9669 | _ACEOF | ||
9670 | for ac_lib in '' util bsd; do | ||
9671 | if test -z "$ac_lib"; then | ||
9672 | ac_res="none required" | ||
9673 | else | ||
9674 | ac_res=-l$ac_lib | ||
9675 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9676 | fi | ||
9677 | if ac_fn_c_try_link "$LINENO"; then : | ||
9678 | ac_cv_search_updwtmp=$ac_res | ||
9679 | fi | ||
9680 | rm -f core conftest.err conftest.$ac_objext \ | ||
9681 | conftest$ac_exeext | ||
9682 | if ${ac_cv_search_updwtmp+:} false; then : | ||
9683 | break | ||
9684 | fi | ||
9685 | done | ||
9686 | if ${ac_cv_search_updwtmp+:} false; then : | ||
9687 | |||
9688 | else | ||
9689 | ac_cv_search_updwtmp=no | ||
9690 | fi | ||
9691 | rm conftest.$ac_ext | ||
9692 | LIBS=$ac_func_search_save_LIBS | ||
9693 | fi | ||
9694 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5 | ||
9695 | $as_echo "$ac_cv_search_updwtmp" >&6; } | ||
9696 | ac_res=$ac_cv_search_updwtmp | ||
9697 | if test "$ac_res" != no; then : | ||
9698 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9699 | |||
9700 | fi | ||
9701 | |||
9702 | for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp | ||
9703 | do : | ||
9704 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
9705 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
9706 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
9707 | cat >>confdefs.h <<_ACEOF | ||
9708 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
9709 | _ACEOF | ||
9710 | |||
9711 | fi | ||
9712 | done | ||
9713 | |||
9714 | |||
9715 | # On some platforms, inet_ntop and gethostbyname may be found in libresolv | ||
9716 | # or libnsl. | ||
9717 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 | ||
9718 | $as_echo_n "checking for library containing inet_ntop... " >&6; } | ||
9719 | if ${ac_cv_search_inet_ntop+:} false; then : | ||
9720 | $as_echo_n "(cached) " >&6 | ||
9721 | else | ||
9722 | ac_func_search_save_LIBS=$LIBS | ||
9723 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9724 | /* end confdefs.h. */ | ||
9725 | |||
9726 | /* Override any GCC internal prototype to avoid an error. | ||
9727 | Use char because int might match the return type of a GCC | ||
9728 | builtin and then its argument prototype would still apply. */ | ||
9729 | #ifdef __cplusplus | ||
9730 | extern "C" | ||
9731 | #endif | ||
9732 | char inet_ntop (); | ||
9733 | int | ||
9734 | main () | ||
9735 | { | ||
9736 | return inet_ntop (); | ||
9737 | ; | ||
9738 | return 0; | ||
9739 | } | ||
9740 | _ACEOF | ||
9741 | for ac_lib in '' resolv nsl; do | ||
9742 | if test -z "$ac_lib"; then | ||
9743 | ac_res="none required" | ||
9744 | else | ||
9745 | ac_res=-l$ac_lib | ||
9746 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9747 | fi | ||
9748 | if ac_fn_c_try_link "$LINENO"; then : | ||
9749 | ac_cv_search_inet_ntop=$ac_res | ||
9750 | fi | ||
9751 | rm -f core conftest.err conftest.$ac_objext \ | ||
9752 | conftest$ac_exeext | ||
9753 | if ${ac_cv_search_inet_ntop+:} false; then : | ||
9754 | break | ||
9755 | fi | ||
9756 | done | ||
9757 | if ${ac_cv_search_inet_ntop+:} false; then : | ||
9758 | |||
9759 | else | ||
9760 | ac_cv_search_inet_ntop=no | ||
9761 | fi | ||
9762 | rm conftest.$ac_ext | ||
9763 | LIBS=$ac_func_search_save_LIBS | ||
9764 | fi | ||
9765 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 | ||
9766 | $as_echo "$ac_cv_search_inet_ntop" >&6; } | ||
9767 | ac_res=$ac_cv_search_inet_ntop | ||
9768 | if test "$ac_res" != no; then : | ||
9769 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9770 | |||
9771 | fi | ||
9772 | |||
9773 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 | ||
9774 | $as_echo_n "checking for library containing gethostbyname... " >&6; } | ||
9775 | if ${ac_cv_search_gethostbyname+:} false; then : | ||
9776 | $as_echo_n "(cached) " >&6 | ||
9777 | else | ||
9778 | ac_func_search_save_LIBS=$LIBS | ||
9779 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9780 | /* end confdefs.h. */ | ||
9781 | |||
9782 | /* Override any GCC internal prototype to avoid an error. | ||
9783 | Use char because int might match the return type of a GCC | ||
9784 | builtin and then its argument prototype would still apply. */ | ||
9785 | #ifdef __cplusplus | ||
9786 | extern "C" | ||
9787 | #endif | ||
9788 | char gethostbyname (); | ||
9789 | int | ||
9790 | main () | ||
9791 | { | ||
9792 | return gethostbyname (); | ||
9793 | ; | ||
9794 | return 0; | ||
9795 | } | ||
9796 | _ACEOF | ||
9797 | for ac_lib in '' resolv nsl; do | ||
9798 | if test -z "$ac_lib"; then | ||
9799 | ac_res="none required" | ||
9800 | else | ||
9801 | ac_res=-l$ac_lib | ||
9802 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9803 | fi | ||
9804 | if ac_fn_c_try_link "$LINENO"; then : | ||
9805 | ac_cv_search_gethostbyname=$ac_res | ||
9806 | fi | ||
9807 | rm -f core conftest.err conftest.$ac_objext \ | ||
9808 | conftest$ac_exeext | ||
9809 | if ${ac_cv_search_gethostbyname+:} false; then : | ||
9810 | break | ||
9811 | fi | ||
9812 | done | ||
9813 | if ${ac_cv_search_gethostbyname+:} false; then : | ||
9814 | |||
9815 | else | ||
9816 | ac_cv_search_gethostbyname=no | ||
9817 | fi | ||
9818 | rm conftest.$ac_ext | ||
9819 | LIBS=$ac_func_search_save_LIBS | ||
9820 | fi | ||
9821 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 | ||
9822 | $as_echo "$ac_cv_search_gethostbyname" >&6; } | ||
9823 | ac_res=$ac_cv_search_gethostbyname | ||
9824 | if test "$ac_res" != no; then : | ||
9825 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9826 | |||
9827 | fi | ||
9828 | |||
9829 | |||
9830 | # "Particular Function Checks" | ||
9831 | # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html | ||
9832 | for ac_func in strftime | ||
9833 | do : | ||
9834 | ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" | ||
9835 | if test "x$ac_cv_func_strftime" = xyes; then : | ||
9836 | cat >>confdefs.h <<_ACEOF | ||
9837 | #define HAVE_STRFTIME 1 | ||
9838 | _ACEOF | ||
9839 | |||
9840 | else | ||
9841 | # strftime is in -lintl on SCO UNIX. | ||
9842 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 | ||
9843 | $as_echo_n "checking for strftime in -lintl... " >&6; } | ||
9844 | if ${ac_cv_lib_intl_strftime+:} false; then : | ||
9845 | $as_echo_n "(cached) " >&6 | ||
9846 | else | ||
9847 | ac_check_lib_save_LIBS=$LIBS | ||
9848 | LIBS="-lintl $LIBS" | ||
9849 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9850 | /* end confdefs.h. */ | ||
9851 | |||
9852 | /* Override any GCC internal prototype to avoid an error. | ||
9853 | Use char because int might match the return type of a GCC | ||
9854 | builtin and then its argument prototype would still apply. */ | ||
9855 | #ifdef __cplusplus | ||
9856 | extern "C" | ||
9857 | #endif | ||
9858 | char strftime (); | ||
9859 | int | ||
9860 | main () | ||
9861 | { | ||
9862 | return strftime (); | ||
9863 | ; | ||
9864 | return 0; | ||
9865 | } | ||
9866 | _ACEOF | ||
9867 | if ac_fn_c_try_link "$LINENO"; then : | ||
9868 | ac_cv_lib_intl_strftime=yes | ||
9869 | else | ||
9870 | ac_cv_lib_intl_strftime=no | ||
9871 | fi | ||
9872 | rm -f core conftest.err conftest.$ac_objext \ | ||
9873 | conftest$ac_exeext conftest.$ac_ext | ||
9874 | LIBS=$ac_check_lib_save_LIBS | ||
9875 | fi | ||
9876 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 | ||
9877 | $as_echo "$ac_cv_lib_intl_strftime" >&6; } | ||
9878 | if test "x$ac_cv_lib_intl_strftime" = xyes; then : | ||
9879 | $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h | ||
9880 | |||
9881 | LIBS="-lintl $LIBS" | ||
9882 | fi | ||
9883 | |||
9884 | fi | ||
9885 | done | ||
9886 | |||
9887 | for ac_header in stdlib.h | ||
9888 | do : | ||
9889 | ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" | ||
9890 | if test "x$ac_cv_header_stdlib_h" = xyes; then : | ||
9891 | cat >>confdefs.h <<_ACEOF | ||
9892 | #define HAVE_STDLIB_H 1 | ||
9893 | _ACEOF | ||
9894 | |||
9895 | fi | ||
9896 | |||
9897 | done | ||
9898 | |||
9899 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 | ||
9900 | $as_echo_n "checking for GNU libc compatible malloc... " >&6; } | ||
9901 | if ${ac_cv_func_malloc_0_nonnull+:} false; then : | ||
9902 | $as_echo_n "(cached) " >&6 | ||
9903 | else | ||
9904 | if test "$cross_compiling" = yes; then : | ||
9905 | ac_cv_func_malloc_0_nonnull=no | ||
9906 | else | ||
9907 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9908 | /* end confdefs.h. */ | ||
9909 | #if defined STDC_HEADERS || defined HAVE_STDLIB_H | ||
9910 | # include <stdlib.h> | ||
9911 | #else | ||
9912 | char *malloc (); | ||
9913 | #endif | ||
9914 | |||
9915 | int | ||
9916 | main () | ||
9917 | { | ||
9918 | return ! malloc (0); | ||
9919 | ; | ||
9920 | return 0; | ||
9921 | } | ||
9922 | _ACEOF | ||
9923 | if ac_fn_c_try_run "$LINENO"; then : | ||
9924 | ac_cv_func_malloc_0_nonnull=yes | ||
9925 | else | ||
9926 | ac_cv_func_malloc_0_nonnull=no | ||
9927 | fi | ||
9928 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
9929 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
9930 | fi | ||
9931 | |||
9932 | fi | ||
9933 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 | ||
9934 | $as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } | ||
9935 | if test $ac_cv_func_malloc_0_nonnull = yes; then : | ||
9936 | |||
9937 | $as_echo "#define HAVE_MALLOC 1" >>confdefs.h | ||
9938 | |||
9939 | else | ||
9940 | $as_echo "#define HAVE_MALLOC 0" >>confdefs.h | ||
9941 | |||
9942 | case " $LIBOBJS " in | ||
9943 | *" malloc.$ac_objext "* ) ;; | ||
9944 | *) LIBOBJS="$LIBOBJS malloc.$ac_objext" | ||
9945 | ;; | ||
9946 | esac | ||
9947 | |||
9948 | |||
9949 | $as_echo "#define malloc rpl_malloc" >>confdefs.h | ||
9950 | |||
9951 | fi | ||
9952 | |||
9953 | |||
9954 | for ac_header in stdlib.h | ||
9955 | do : | ||
9956 | ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" | ||
9957 | if test "x$ac_cv_header_stdlib_h" = xyes; then : | ||
9958 | cat >>confdefs.h <<_ACEOF | ||
9959 | #define HAVE_STDLIB_H 1 | ||
9960 | _ACEOF | ||
9961 | |||
9962 | fi | ||
9963 | |||
9964 | done | ||
9965 | |||
9966 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 | ||
9967 | $as_echo_n "checking for GNU libc compatible realloc... " >&6; } | ||
9968 | if ${ac_cv_func_realloc_0_nonnull+:} false; then : | ||
9969 | $as_echo_n "(cached) " >&6 | ||
9970 | else | ||
9971 | if test "$cross_compiling" = yes; then : | ||
9972 | ac_cv_func_realloc_0_nonnull=no | ||
9973 | else | ||
9974 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9975 | /* end confdefs.h. */ | ||
9976 | #if defined STDC_HEADERS || defined HAVE_STDLIB_H | ||
9977 | # include <stdlib.h> | ||
9978 | #else | ||
9979 | char *realloc (); | ||
9980 | #endif | ||
9981 | |||
9982 | int | ||
9983 | main () | ||
9984 | { | ||
9985 | return ! realloc (0, 0); | ||
9986 | ; | ||
9987 | return 0; | ||
9988 | } | ||
9989 | _ACEOF | ||
9990 | if ac_fn_c_try_run "$LINENO"; then : | ||
9991 | ac_cv_func_realloc_0_nonnull=yes | ||
9992 | else | ||
9993 | ac_cv_func_realloc_0_nonnull=no | ||
9994 | fi | ||
9995 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
9996 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
9997 | fi | ||
9998 | |||
9999 | fi | ||
10000 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 | ||
10001 | $as_echo "$ac_cv_func_realloc_0_nonnull" >&6; } | ||
10002 | if test $ac_cv_func_realloc_0_nonnull = yes; then : | ||
10003 | |||
10004 | $as_echo "#define HAVE_REALLOC 1" >>confdefs.h | ||
10005 | |||
10006 | else | ||
10007 | $as_echo "#define HAVE_REALLOC 0" >>confdefs.h | ||
10008 | |||
10009 | case " $LIBOBJS " in | ||
10010 | *" realloc.$ac_objext "* ) ;; | ||
10011 | *) LIBOBJS="$LIBOBJS realloc.$ac_objext" | ||
10012 | ;; | ||
10013 | esac | ||
10014 | |||
10015 | |||
10016 | $as_echo "#define realloc rpl_realloc" >>confdefs.h | ||
10017 | |||
10018 | fi | ||
10019 | |||
10020 | |||
10021 | # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; | ||
10022 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if calloc(0, N) returns non-null" >&5 | ||
10023 | $as_echo_n "checking if calloc(0, N) returns non-null... " >&6; } | ||
10024 | if test "$cross_compiling" = yes; then : | ||
10025 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming same as malloc" >&5 | ||
10026 | $as_echo "$as_me: WARNING: cross compiling: assuming same as malloc" >&2;} | ||
10027 | func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull" | ||
10028 | |||
10029 | else | ||
10030 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10031 | /* end confdefs.h. */ | ||
10032 | #include <stdlib.h> | ||
10033 | int | ||
10034 | main () | ||
10035 | { | ||
10036 | void *p = calloc(0, 1); exit(p == NULL); | ||
10037 | |||
10038 | ; | ||
10039 | return 0; | ||
10040 | } | ||
10041 | _ACEOF | ||
10042 | if ac_fn_c_try_run "$LINENO"; then : | ||
10043 | func_calloc_0_nonnull=yes | ||
10044 | else | ||
10045 | func_calloc_0_nonnull=no | ||
10046 | fi | ||
10047 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
10048 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
10049 | fi | ||
10050 | |||
10051 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $func_calloc_0_nonnull" >&5 | ||
10052 | $as_echo "$func_calloc_0_nonnull" >&6; } | ||
10053 | |||
10054 | if test "x$func_calloc_0_nonnull" = "xyes"; then | ||
10055 | |||
10056 | $as_echo "#define HAVE_CALLOC 1" >>confdefs.h | ||
10057 | |||
10058 | else | ||
10059 | |||
10060 | $as_echo "#define HAVE_CALLOC 0" >>confdefs.h | ||
10061 | |||
10062 | |||
10063 | $as_echo "#define calloc rpl_calloc" >>confdefs.h | ||
10064 | |||
10065 | fi | ||
10066 | |||
10067 | # Check for ALTDIRFUNC glob() extension | ||
10068 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5 | ||
10069 | $as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; } | ||
10070 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10071 | /* end confdefs.h. */ | ||
10072 | |||
10073 | #include <glob.h> | ||
10074 | #ifdef GLOB_ALTDIRFUNC | ||
10075 | FOUNDIT | ||
10076 | #endif | ||
10077 | |||
10078 | _ACEOF | ||
10079 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
10080 | $EGREP "FOUNDIT" >/dev/null 2>&1; then : | ||
10081 | |||
10082 | |||
10083 | $as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h | ||
10084 | |||
10085 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10086 | $as_echo "yes" >&6; } | ||
10087 | |||
10088 | else | ||
10089 | |||
10090 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10091 | $as_echo "no" >&6; } | ||
10092 | |||
10093 | |||
10094 | fi | ||
10095 | rm -f conftest* | ||
10096 | |||
10097 | |||
10098 | # Check for g.gl_matchc glob() extension | ||
10099 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5 | ||
10100 | $as_echo_n "checking for gl_matchc field in glob_t... " >&6; } | ||
10101 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10102 | /* end confdefs.h. */ | ||
10103 | #include <glob.h> | ||
10104 | int | ||
10105 | main () | ||
10106 | { | ||
10107 | glob_t g; g.gl_matchc = 1; | ||
10108 | ; | ||
10109 | return 0; | ||
10110 | } | ||
10111 | _ACEOF | ||
10112 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10113 | |||
10114 | |||
10115 | $as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h | ||
10116 | |||
10117 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10118 | $as_echo "yes" >&6; } | ||
10119 | |||
10120 | else | ||
10121 | |||
10122 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10123 | $as_echo "no" >&6; } | ||
10124 | |||
10125 | fi | ||
10126 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10127 | |||
10128 | # Check for g.gl_statv glob() extension | ||
10129 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5 | ||
10130 | $as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; } | ||
10131 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10132 | /* end confdefs.h. */ | ||
10133 | #include <glob.h> | ||
10134 | int | ||
10135 | main () | ||
10136 | { | ||
10137 | |||
10138 | #ifndef GLOB_KEEPSTAT | ||
10139 | #error "glob does not support GLOB_KEEPSTAT extension" | ||
10140 | #endif | ||
10141 | glob_t g; | ||
10142 | g.gl_statv = NULL; | ||
10143 | |||
10144 | ; | ||
10145 | return 0; | ||
10146 | } | ||
10147 | _ACEOF | ||
10148 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10149 | |||
10150 | |||
10151 | $as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h | ||
10152 | |||
10153 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10154 | $as_echo "yes" >&6; } | ||
10155 | |||
10156 | else | ||
10157 | |||
10158 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10159 | $as_echo "no" >&6; } | ||
10160 | |||
10161 | |||
10162 | fi | ||
10163 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10164 | |||
10165 | ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h> | ||
10166 | " | ||
10167 | if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then : | ||
10168 | ac_have_decl=1 | ||
10169 | else | ||
10170 | ac_have_decl=0 | ||
10171 | fi | ||
10172 | |||
10173 | cat >>confdefs.h <<_ACEOF | ||
10174 | #define HAVE_DECL_GLOB_NOMATCH $ac_have_decl | ||
10175 | _ACEOF | ||
10176 | |||
10177 | |||
10178 | ac_fn_c_check_decl "$LINENO" "VIS_ALL" "ac_cv_have_decl_VIS_ALL" "#include <vis.h> | ||
10179 | " | ||
10180 | if test "x$ac_cv_have_decl_VIS_ALL" = xyes; then : | ||
10181 | |||
10182 | else | ||
10183 | |||
10184 | $as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h | ||
10185 | |||
10186 | fi | ||
10187 | |||
10188 | |||
10189 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5 | ||
10190 | $as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; } | ||
10191 | if test "$cross_compiling" = yes; then : | ||
10192 | |||
10193 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5 | ||
10194 | $as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;} | ||
10195 | $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h | ||
10196 | |||
10197 | |||
10198 | |||
10199 | else | ||
10200 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10201 | /* end confdefs.h. */ | ||
10202 | |||
10203 | #include <sys/types.h> | ||
10204 | #include <dirent.h> | ||
10205 | int | ||
10206 | main () | ||
10207 | { | ||
10208 | |||
10209 | struct dirent d; | ||
10210 | exit(sizeof(d.d_name)<=sizeof(char)); | ||
10211 | |||
10212 | ; | ||
10213 | return 0; | ||
10214 | } | ||
10215 | _ACEOF | ||
10216 | if ac_fn_c_try_run "$LINENO"; then : | ||
10217 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10218 | $as_echo "yes" >&6; } | ||
10219 | else | ||
10220 | |||
10221 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10222 | $as_echo "no" >&6; } | ||
10223 | |||
10224 | $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h | ||
10225 | |||
10226 | |||
10227 | fi | ||
10228 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
10229 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
10230 | fi | ||
10231 | |||
10232 | |||
10233 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5 | ||
10234 | $as_echo_n "checking for /proc/pid/fd directory... " >&6; } | ||
10235 | if test -d "/proc/$$/fd" ; then | ||
10236 | |||
10237 | $as_echo "#define HAVE_PROC_PID 1" >>confdefs.h | ||
10238 | |||
10239 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10240 | $as_echo "yes" >&6; } | ||
10241 | else | ||
10242 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10243 | $as_echo "no" >&6; } | ||
10244 | fi | ||
10245 | |||
10246 | # Check whether user wants to use ldns | ||
10247 | LDNS_MSG="no" | ||
10248 | |||
10249 | # Check whether --with-ldns was given. | ||
10250 | if test "${with_ldns+set}" = set; then : | ||
10251 | withval=$with_ldns; | ||
10252 | ldns="" | ||
10253 | if test "x$withval" = "xyes" ; then | ||
10254 | if test -n "$ac_tool_prefix"; then | ||
10255 | # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args. | ||
10256 | set dummy ${ac_tool_prefix}ldns-config; ac_word=$2 | ||
10257 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10258 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10259 | if ${ac_cv_path_LDNSCONFIG+:} false; then : | ||
10260 | $as_echo_n "(cached) " >&6 | ||
10261 | else | ||
10262 | case $LDNSCONFIG in | ||
10263 | [\\/]* | ?:[\\/]*) | ||
10264 | ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path. | ||
10265 | ;; | ||
10266 | *) | ||
10267 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10268 | for as_dir in $PATH | ||
10269 | do | ||
10270 | IFS=$as_save_IFS | ||
10271 | test -z "$as_dir" && as_dir=. | ||
10272 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10273 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10274 | ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10275 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10276 | break 2 | ||
10277 | fi | ||
10278 | done | ||
10279 | done | ||
10280 | IFS=$as_save_IFS | ||
10281 | |||
10282 | ;; | ||
10283 | esac | ||
10284 | fi | ||
10285 | LDNSCONFIG=$ac_cv_path_LDNSCONFIG | ||
10286 | if test -n "$LDNSCONFIG"; then | ||
10287 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5 | ||
10288 | $as_echo "$LDNSCONFIG" >&6; } | ||
10289 | else | ||
10290 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10291 | $as_echo "no" >&6; } | ||
10292 | fi | ||
10293 | |||
10294 | |||
10295 | fi | ||
10296 | if test -z "$ac_cv_path_LDNSCONFIG"; then | ||
10297 | ac_pt_LDNSCONFIG=$LDNSCONFIG | ||
10298 | # Extract the first word of "ldns-config", so it can be a program name with args. | ||
10299 | set dummy ldns-config; ac_word=$2 | ||
10300 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10301 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10302 | if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then : | ||
10303 | $as_echo_n "(cached) " >&6 | ||
10304 | else | ||
10305 | case $ac_pt_LDNSCONFIG in | ||
10306 | [\\/]* | ?:[\\/]*) | ||
10307 | ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path. | ||
10308 | ;; | ||
10309 | *) | ||
10310 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10311 | for as_dir in $PATH | ||
10312 | do | ||
10313 | IFS=$as_save_IFS | ||
10314 | test -z "$as_dir" && as_dir=. | ||
10315 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10316 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10317 | ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10318 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10319 | break 2 | ||
10320 | fi | ||
10321 | done | ||
10322 | done | ||
10323 | IFS=$as_save_IFS | ||
10324 | |||
10325 | ;; | ||
10326 | esac | ||
10327 | fi | ||
10328 | ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG | ||
10329 | if test -n "$ac_pt_LDNSCONFIG"; then | ||
10330 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5 | ||
10331 | $as_echo "$ac_pt_LDNSCONFIG" >&6; } | ||
10332 | else | ||
10333 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10334 | $as_echo "no" >&6; } | ||
10335 | fi | ||
10336 | |||
10337 | if test "x$ac_pt_LDNSCONFIG" = x; then | ||
10338 | LDNSCONFIG="no" | ||
10339 | else | ||
10340 | case $cross_compiling:$ac_tool_warned in | ||
10341 | yes:) | ||
10342 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
10343 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
10344 | ac_tool_warned=yes ;; | ||
10345 | esac | ||
10346 | LDNSCONFIG=$ac_pt_LDNSCONFIG | ||
10347 | fi | ||
10348 | else | ||
10349 | LDNSCONFIG="$ac_cv_path_LDNSCONFIG" | ||
10350 | fi | ||
10351 | |||
10352 | if test "x$LDNSCONFIG" = "xno"; then | ||
10353 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
10354 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
10355 | LIBS="-lldns $LIBS" | ||
10356 | ldns=yes | ||
10357 | else | ||
10358 | LIBS="$LIBS `$LDNSCONFIG --libs`" | ||
10359 | CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" | ||
10360 | ldns=yes | ||
10361 | fi | ||
10362 | elif test "x$withval" != "xno" ; then | ||
10363 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
10364 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
10365 | LIBS="-lldns $LIBS" | ||
10366 | ldns=yes | ||
10367 | fi | ||
10368 | |||
10369 | # Verify that it works. | ||
10370 | if test "x$ldns" = "xyes" ; then | ||
10371 | |||
10372 | $as_echo "#define HAVE_LDNS 1" >>confdefs.h | ||
10373 | |||
10374 | LDNS_MSG="yes" | ||
10375 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 | ||
10376 | $as_echo_n "checking for ldns support... " >&6; } | ||
10377 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10378 | /* end confdefs.h. */ | ||
10379 | |||
10380 | #include <stdio.h> | ||
10381 | #include <stdlib.h> | ||
10382 | #include <stdint.h> | ||
10383 | #include <ldns/ldns.h> | ||
10384 | int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } | ||
10385 | |||
10386 | |||
10387 | _ACEOF | ||
10388 | if ac_fn_c_try_link "$LINENO"; then : | ||
10389 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10390 | $as_echo "yes" >&6; } | ||
10391 | else | ||
10392 | |||
10393 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10394 | $as_echo "no" >&6; } | ||
10395 | as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5 | ||
10396 | |||
10397 | fi | ||
10398 | rm -f core conftest.err conftest.$ac_objext \ | ||
10399 | conftest$ac_exeext conftest.$ac_ext | ||
10400 | fi | ||
10401 | |||
10402 | fi | ||
10403 | |||
10404 | |||
10405 | # Check whether user wants libedit support | ||
10406 | LIBEDIT_MSG="no" | ||
10407 | |||
10408 | # Check whether --with-libedit was given. | ||
10409 | if test "${with_libedit+set}" = set; then : | ||
10410 | withval=$with_libedit; if test "x$withval" != "xno" ; then | ||
10411 | if test "x$withval" = "xyes" ; then | ||
10412 | if test -n "$ac_tool_prefix"; then | ||
10413 | # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. | ||
10414 | set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 | ||
10415 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10416 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10417 | if ${ac_cv_path_PKGCONFIG+:} false; then : | ||
10418 | $as_echo_n "(cached) " >&6 | ||
10419 | else | ||
10420 | case $PKGCONFIG in | ||
10421 | [\\/]* | ?:[\\/]*) | ||
10422 | ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. | ||
10423 | ;; | ||
10424 | *) | ||
10425 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10426 | for as_dir in $PATH | ||
10427 | do | ||
10428 | IFS=$as_save_IFS | ||
10429 | test -z "$as_dir" && as_dir=. | ||
10430 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10431 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10432 | ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10433 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10434 | break 2 | ||
10435 | fi | ||
10436 | done | ||
10437 | done | ||
10438 | IFS=$as_save_IFS | ||
10439 | |||
10440 | ;; | ||
10441 | esac | ||
10442 | fi | ||
10443 | PKGCONFIG=$ac_cv_path_PKGCONFIG | ||
10444 | if test -n "$PKGCONFIG"; then | ||
10445 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 | ||
10446 | $as_echo "$PKGCONFIG" >&6; } | ||
10447 | else | ||
10448 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10449 | $as_echo "no" >&6; } | ||
10450 | fi | ||
10451 | |||
10452 | |||
10453 | fi | ||
10454 | if test -z "$ac_cv_path_PKGCONFIG"; then | ||
10455 | ac_pt_PKGCONFIG=$PKGCONFIG | ||
10456 | # Extract the first word of "pkg-config", so it can be a program name with args. | ||
10457 | set dummy pkg-config; ac_word=$2 | ||
10458 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10459 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10460 | if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : | ||
10461 | $as_echo_n "(cached) " >&6 | ||
10462 | else | ||
10463 | case $ac_pt_PKGCONFIG in | ||
10464 | [\\/]* | ?:[\\/]*) | ||
10465 | ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. | ||
10466 | ;; | ||
10467 | *) | ||
10468 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10469 | for as_dir in $PATH | ||
10470 | do | ||
10471 | IFS=$as_save_IFS | ||
10472 | test -z "$as_dir" && as_dir=. | ||
10473 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10474 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10475 | ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10476 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10477 | break 2 | ||
10478 | fi | ||
10479 | done | ||
10480 | done | ||
10481 | IFS=$as_save_IFS | ||
10482 | |||
10483 | ;; | ||
10484 | esac | ||
10485 | fi | ||
10486 | ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG | ||
10487 | if test -n "$ac_pt_PKGCONFIG"; then | ||
10488 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 | ||
10489 | $as_echo "$ac_pt_PKGCONFIG" >&6; } | ||
10490 | else | ||
10491 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10492 | $as_echo "no" >&6; } | ||
10493 | fi | ||
10494 | |||
10495 | if test "x$ac_pt_PKGCONFIG" = x; then | ||
10496 | PKGCONFIG="no" | ||
10497 | else | ||
10498 | case $cross_compiling:$ac_tool_warned in | ||
10499 | yes:) | ||
10500 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
10501 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
10502 | ac_tool_warned=yes ;; | ||
10503 | esac | ||
10504 | PKGCONFIG=$ac_pt_PKGCONFIG | ||
10505 | fi | ||
10506 | else | ||
10507 | PKGCONFIG="$ac_cv_path_PKGCONFIG" | ||
10508 | fi | ||
10509 | |||
10510 | if test "x$PKGCONFIG" != "xno"; then | ||
10511 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 | ||
10512 | $as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; } | ||
10513 | if "$PKGCONFIG" libedit; then | ||
10514 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10515 | $as_echo "yes" >&6; } | ||
10516 | use_pkgconfig_for_libedit=yes | ||
10517 | else | ||
10518 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10519 | $as_echo "no" >&6; } | ||
10520 | fi | ||
10521 | fi | ||
10522 | else | ||
10523 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
10524 | if test -n "${rpath_opt}"; then | ||
10525 | LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" | ||
10526 | else | ||
10527 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | ||
10528 | fi | ||
10529 | fi | ||
10530 | if test "x$use_pkgconfig_for_libedit" = "xyes"; then | ||
10531 | LIBEDIT=`$PKGCONFIG --libs libedit` | ||
10532 | CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" | ||
10533 | else | ||
10534 | LIBEDIT="-ledit -lcurses" | ||
10535 | fi | ||
10536 | OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` | ||
10537 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5 | ||
10538 | $as_echo_n "checking for el_init in -ledit... " >&6; } | ||
10539 | if ${ac_cv_lib_edit_el_init+:} false; then : | ||
10540 | $as_echo_n "(cached) " >&6 | ||
10541 | else | ||
10542 | ac_check_lib_save_LIBS=$LIBS | ||
10543 | LIBS="-ledit $OTHERLIBS | ||
10544 | $LIBS" | ||
10545 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10546 | /* end confdefs.h. */ | ||
10547 | |||
10548 | /* Override any GCC internal prototype to avoid an error. | ||
10549 | Use char because int might match the return type of a GCC | ||
10550 | builtin and then its argument prototype would still apply. */ | ||
10551 | #ifdef __cplusplus | ||
10552 | extern "C" | ||
10553 | #endif | ||
10554 | char el_init (); | ||
10555 | int | ||
10556 | main () | ||
10557 | { | ||
10558 | return el_init (); | ||
10559 | ; | ||
10560 | return 0; | ||
10561 | } | ||
10562 | _ACEOF | ||
10563 | if ac_fn_c_try_link "$LINENO"; then : | ||
10564 | ac_cv_lib_edit_el_init=yes | ||
10565 | else | ||
10566 | ac_cv_lib_edit_el_init=no | ||
10567 | fi | ||
10568 | rm -f core conftest.err conftest.$ac_objext \ | ||
10569 | conftest$ac_exeext conftest.$ac_ext | ||
10570 | LIBS=$ac_check_lib_save_LIBS | ||
10571 | fi | ||
10572 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5 | ||
10573 | $as_echo "$ac_cv_lib_edit_el_init" >&6; } | ||
10574 | if test "x$ac_cv_lib_edit_el_init" = xyes; then : | ||
10575 | |||
10576 | $as_echo "#define USE_LIBEDIT 1" >>confdefs.h | ||
10577 | |||
10578 | LIBEDIT_MSG="yes" | ||
10579 | |||
10580 | |||
10581 | else | ||
10582 | as_fn_error $? "libedit not found" "$LINENO" 5 | ||
10583 | fi | ||
10584 | |||
10585 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5 | ||
10586 | $as_echo_n "checking if libedit version is compatible... " >&6; } | ||
10587 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10588 | /* end confdefs.h. */ | ||
10589 | #include <histedit.h> | ||
10590 | int | ||
10591 | main () | ||
10592 | { | ||
10593 | |||
10594 | int i = H_SETSIZE; | ||
10595 | el_init("", NULL, NULL, NULL); | ||
10596 | exit(0); | ||
10597 | |||
10598 | ; | ||
10599 | return 0; | ||
10600 | } | ||
10601 | _ACEOF | ||
10602 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10603 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10604 | $as_echo "yes" >&6; } | ||
10605 | else | ||
10606 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10607 | $as_echo "no" >&6; } | ||
10608 | as_fn_error $? "libedit version is not compatible" "$LINENO" 5 | ||
10609 | |||
10610 | fi | ||
10611 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10612 | fi | ||
10613 | |||
10614 | fi | ||
10615 | |||
10616 | |||
10617 | AUDIT_MODULE=none | ||
10618 | |||
10619 | # Check whether --with-audit was given. | ||
10620 | if test "${with_audit+set}" = set; then : | ||
10621 | withval=$with_audit; | ||
10622 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5 | ||
10623 | $as_echo_n "checking for supported audit module... " >&6; } | ||
10624 | case "$withval" in | ||
10625 | bsm) | ||
10626 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5 | ||
10627 | $as_echo "bsm" >&6; } | ||
10628 | AUDIT_MODULE=bsm | ||
10629 | for ac_header in bsm/audit.h | ||
10630 | do : | ||
10631 | ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" " | ||
10632 | #ifdef HAVE_TIME_H | ||
10633 | # include <time.h> | ||
10634 | #endif | ||
10635 | |||
10636 | |||
10637 | " | ||
10638 | if test "x$ac_cv_header_bsm_audit_h" = xyes; then : | ||
10639 | cat >>confdefs.h <<_ACEOF | ||
10640 | #define HAVE_BSM_AUDIT_H 1 | ||
10641 | _ACEOF | ||
10642 | |||
10643 | else | ||
10644 | as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5 | ||
10645 | fi | ||
10646 | |||
10647 | done | ||
10648 | |||
10649 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5 | ||
10650 | $as_echo_n "checking for getaudit in -lbsm... " >&6; } | ||
10651 | if ${ac_cv_lib_bsm_getaudit+:} false; then : | ||
10652 | $as_echo_n "(cached) " >&6 | ||
10653 | else | ||
10654 | ac_check_lib_save_LIBS=$LIBS | ||
10655 | LIBS="-lbsm $LIBS" | ||
10656 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10657 | /* end confdefs.h. */ | ||
10658 | |||
10659 | /* Override any GCC internal prototype to avoid an error. | ||
10660 | Use char because int might match the return type of a GCC | ||
10661 | builtin and then its argument prototype would still apply. */ | ||
10662 | #ifdef __cplusplus | ||
10663 | extern "C" | ||
10664 | #endif | ||
10665 | char getaudit (); | ||
10666 | int | ||
10667 | main () | ||
10668 | { | ||
10669 | return getaudit (); | ||
10670 | ; | ||
10671 | return 0; | ||
10672 | } | ||
10673 | _ACEOF | ||
10674 | if ac_fn_c_try_link "$LINENO"; then : | ||
10675 | ac_cv_lib_bsm_getaudit=yes | ||
10676 | else | ||
10677 | ac_cv_lib_bsm_getaudit=no | ||
10678 | fi | ||
10679 | rm -f core conftest.err conftest.$ac_objext \ | ||
10680 | conftest$ac_exeext conftest.$ac_ext | ||
10681 | LIBS=$ac_check_lib_save_LIBS | ||
10682 | fi | ||
10683 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5 | ||
10684 | $as_echo "$ac_cv_lib_bsm_getaudit" >&6; } | ||
10685 | if test "x$ac_cv_lib_bsm_getaudit" = xyes; then : | ||
10686 | cat >>confdefs.h <<_ACEOF | ||
10687 | #define HAVE_LIBBSM 1 | ||
10688 | _ACEOF | ||
10689 | |||
10690 | LIBS="-lbsm $LIBS" | ||
10691 | |||
10692 | else | ||
10693 | as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5 | ||
10694 | fi | ||
10695 | |||
10696 | for ac_func in getaudit | ||
10697 | do : | ||
10698 | ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit" | ||
10699 | if test "x$ac_cv_func_getaudit" = xyes; then : | ||
10700 | cat >>confdefs.h <<_ACEOF | ||
10701 | #define HAVE_GETAUDIT 1 | ||
10702 | _ACEOF | ||
10703 | |||
10704 | else | ||
10705 | as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5 | ||
10706 | fi | ||
10707 | done | ||
10708 | |||
10709 | # These are optional | ||
10710 | for ac_func in getaudit_addr aug_get_machine | ||
10711 | do : | ||
10712 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
10713 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
10714 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
10715 | cat >>confdefs.h <<_ACEOF | ||
10716 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
10717 | _ACEOF | ||
10718 | |||
10719 | fi | ||
10720 | done | ||
10721 | |||
10722 | |||
10723 | $as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h | ||
10724 | |||
10725 | if test "$sol2ver" -ge 11; then | ||
10726 | SSHDLIBS="$SSHDLIBS -lscf" | ||
10727 | |||
10728 | $as_echo "#define BROKEN_BSM_API 1" >>confdefs.h | ||
10729 | |||
10730 | fi | ||
10731 | ;; | ||
10732 | linux) | ||
10733 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5 | ||
10734 | $as_echo "linux" >&6; } | ||
10735 | AUDIT_MODULE=linux | ||
10736 | for ac_header in libaudit.h | ||
10737 | do : | ||
10738 | ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default" | ||
10739 | if test "x$ac_cv_header_libaudit_h" = xyes; then : | ||
10740 | cat >>confdefs.h <<_ACEOF | ||
10741 | #define HAVE_LIBAUDIT_H 1 | ||
10742 | _ACEOF | ||
10743 | |||
10744 | fi | ||
10745 | |||
10746 | done | ||
10747 | |||
10748 | SSHDLIBS="$SSHDLIBS -laudit" | ||
10749 | |||
10750 | $as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h | ||
10751 | |||
10752 | ;; | ||
10753 | debug) | ||
10754 | AUDIT_MODULE=debug | ||
10755 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5 | ||
10756 | $as_echo "debug" >&6; } | ||
10757 | |||
10758 | $as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h | ||
10759 | |||
10760 | ;; | ||
10761 | no) | ||
10762 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10763 | $as_echo "no" >&6; } | ||
10764 | ;; | ||
10765 | *) | ||
10766 | as_fn_error $? "Unknown audit module $withval" "$LINENO" 5 | ||
10767 | ;; | ||
10768 | esac | ||
10769 | |||
10770 | fi | ||
10771 | |||
10772 | |||
10773 | |||
10774 | # Check whether --with-pie was given. | ||
10775 | if test "${with_pie+set}" = set; then : | ||
10776 | withval=$with_pie; | ||
10777 | if test "x$withval" = "xno"; then | ||
10778 | use_pie=no | ||
10779 | fi | ||
10780 | if test "x$withval" = "xyes"; then | ||
10781 | use_pie=yes | ||
10782 | fi | ||
10783 | |||
10784 | |||
10785 | fi | ||
10786 | |||
10787 | if test "x$use_pie" = "x"; then | ||
10788 | use_pie=no | ||
10789 | fi | ||
10790 | if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then | ||
10791 | # Turn off automatic PIE when toolchain hardening is off. | ||
10792 | use_pie=no | ||
10793 | fi | ||
10794 | if test "x$use_pie" = "xauto"; then | ||
10795 | # Automatic PIE requires gcc >= 4.x | ||
10796 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5 | ||
10797 | $as_echo_n "checking for gcc >= 4.x... " >&6; } | ||
10798 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10799 | /* end confdefs.h. */ | ||
10800 | |||
10801 | #if !defined(__GNUC__) || __GNUC__ < 4 | ||
10802 | #error gcc is too old | ||
10803 | #endif | ||
10804 | |||
10805 | _ACEOF | ||
10806 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10807 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10808 | $as_echo "yes" >&6; } | ||
10809 | else | ||
10810 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10811 | $as_echo "no" >&6; } | ||
10812 | use_pie=no | ||
10813 | |||
10814 | fi | ||
10815 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10816 | fi | ||
10817 | if test "x$use_pie" != "xno"; then | ||
10818 | SAVED_CFLAGS="$CFLAGS" | ||
10819 | SAVED_LDFLAGS="$LDFLAGS" | ||
10820 | { | ||
10821 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5 | ||
10822 | $as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; } | ||
10823 | saved_CFLAGS="$CFLAGS" | ||
10824 | CFLAGS="$CFLAGS $WERROR -fPIE" | ||
10825 | _define_flag="" | ||
10826 | test "x$_define_flag" = "x" && _define_flag="-fPIE" | ||
10827 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10828 | /* end confdefs.h. */ | ||
10829 | |||
10830 | #include <stdlib.h> | ||
10831 | #include <stdio.h> | ||
10832 | int main(int argc, char **argv) { | ||
10833 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
10834 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
10835 | float l = i * 2.1; | ||
10836 | double m = l / 0.5; | ||
10837 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
10838 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
10839 | exit(0); | ||
10840 | } | ||
10841 | |||
10842 | _ACEOF | ||
10843 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10844 | |||
10845 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
10846 | then | ||
10847 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10848 | $as_echo "no" >&6; } | ||
10849 | CFLAGS="$saved_CFLAGS" | ||
10850 | else | ||
10851 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10852 | $as_echo "yes" >&6; } | ||
10853 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
10854 | fi | ||
10855 | else | ||
10856 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10857 | $as_echo "no" >&6; } | ||
10858 | CFLAGS="$saved_CFLAGS" | ||
10859 | |||
10860 | fi | ||
10861 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10862 | } | ||
10863 | { | ||
10864 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5 | ||
10865 | $as_echo_n "checking if $LD supports link flag -pie... " >&6; } | ||
10866 | saved_LDFLAGS="$LDFLAGS" | ||
10867 | LDFLAGS="$LDFLAGS $WERROR -pie" | ||
10868 | _define_flag="" | ||
10869 | test "x$_define_flag" = "x" && _define_flag="-pie" | ||
10870 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10871 | /* end confdefs.h. */ | ||
10872 | |||
10873 | #include <stdlib.h> | ||
10874 | #include <stdio.h> | ||
10875 | int main(int argc, char **argv) { | ||
10876 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
10877 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
10878 | float l = i * 2.1; | ||
10879 | double m = l / 0.5; | ||
10880 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
10881 | long long p = n * o; | ||
10882 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
10883 | exit(0); | ||
10884 | } | ||
10885 | |||
10886 | _ACEOF | ||
10887 | if ac_fn_c_try_link "$LINENO"; then : | ||
10888 | |||
10889 | if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null | ||
10890 | then | ||
10891 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10892 | $as_echo "no" >&6; } | ||
10893 | LDFLAGS="$saved_LDFLAGS" | ||
10894 | else | ||
10895 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10896 | $as_echo "yes" >&6; } | ||
10897 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
10898 | fi | ||
10899 | else | ||
10900 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10901 | $as_echo "no" >&6; } | ||
10902 | LDFLAGS="$saved_LDFLAGS" | ||
10903 | |||
10904 | fi | ||
10905 | rm -f core conftest.err conftest.$ac_objext \ | ||
10906 | conftest$ac_exeext conftest.$ac_ext | ||
10907 | } | ||
10908 | # We use both -fPIE and -pie or neither. | ||
10909 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5 | ||
10910 | $as_echo_n "checking whether both -fPIE and -pie are supported... " >&6; } | ||
10911 | if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ | ||
10912 | echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then | ||
10913 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10914 | $as_echo "yes" >&6; } | ||
10915 | else | ||
10916 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10917 | $as_echo "no" >&6; } | ||
10918 | CFLAGS="$SAVED_CFLAGS" | ||
10919 | LDFLAGS="$SAVED_LDFLAGS" | ||
10920 | fi | ||
10921 | fi | ||
10922 | |||
10923 | for ac_func in \ | ||
10924 | Blowfish_initstate \ | ||
10925 | Blowfish_expandstate \ | ||
10926 | Blowfish_expand0state \ | ||
10927 | Blowfish_stream2word \ | ||
10928 | SHA256Update \ | ||
10929 | SHA384Update \ | ||
10930 | SHA512Update \ | ||
10931 | asprintf \ | ||
10932 | b64_ntop \ | ||
10933 | __b64_ntop \ | ||
10934 | b64_pton \ | ||
10935 | __b64_pton \ | ||
10936 | bcopy \ | ||
10937 | bcrypt_pbkdf \ | ||
10938 | bindresvport_sa \ | ||
10939 | blf_enc \ | ||
10940 | bzero \ | ||
10941 | cap_rights_limit \ | ||
10942 | clock \ | ||
10943 | closefrom \ | ||
10944 | dirfd \ | ||
10945 | endgrent \ | ||
10946 | err \ | ||
10947 | errx \ | ||
10948 | explicit_bzero \ | ||
10949 | fchmod \ | ||
10950 | fchmodat \ | ||
10951 | fchown \ | ||
10952 | fchownat \ | ||
10953 | flock \ | ||
10954 | freeaddrinfo \ | ||
10955 | freezero \ | ||
10956 | fstatfs \ | ||
10957 | fstatvfs \ | ||
10958 | futimes \ | ||
10959 | getaddrinfo \ | ||
10960 | getcwd \ | ||
10961 | getgrouplist \ | ||
10962 | getline \ | ||
10963 | getnameinfo \ | ||
10964 | getopt \ | ||
10965 | getpagesize \ | ||
10966 | getpeereid \ | ||
10967 | getpeerucred \ | ||
10968 | getpgid \ | ||
10969 | _getpty \ | ||
10970 | getrlimit \ | ||
10971 | getrandom \ | ||
10972 | getsid \ | ||
10973 | getttyent \ | ||
10974 | glob \ | ||
10975 | group_from_gid \ | ||
10976 | inet_aton \ | ||
10977 | inet_ntoa \ | ||
10978 | inet_ntop \ | ||
10979 | innetgr \ | ||
10980 | llabs \ | ||
10981 | login_getcapbool \ | ||
10982 | md5_crypt \ | ||
10983 | memmem \ | ||
10984 | memmove \ | ||
10985 | memset_s \ | ||
10986 | mkdtemp \ | ||
10987 | ngetaddrinfo \ | ||
10988 | nsleep \ | ||
10989 | ogetaddrinfo \ | ||
10990 | openlog_r \ | ||
10991 | pledge \ | ||
10992 | poll \ | ||
10993 | prctl \ | ||
10994 | pstat \ | ||
10995 | raise \ | ||
10996 | readpassphrase \ | ||
10997 | reallocarray \ | ||
10998 | recvmsg \ | ||
10999 | recallocarray \ | ||
11000 | rresvport_af \ | ||
11001 | sendmsg \ | ||
11002 | setdtablesize \ | ||
11003 | setegid \ | ||
11004 | setenv \ | ||
11005 | seteuid \ | ||
11006 | setgroupent \ | ||
11007 | setgroups \ | ||
11008 | setlinebuf \ | ||
11009 | setlogin \ | ||
11010 | setpassent\ | ||
11011 | setpcred \ | ||
11012 | setproctitle \ | ||
11013 | setregid \ | ||
11014 | setreuid \ | ||
11015 | setrlimit \ | ||
11016 | setsid \ | ||
11017 | setvbuf \ | ||
11018 | sigaction \ | ||
11019 | sigvec \ | ||
11020 | snprintf \ | ||
11021 | socketpair \ | ||
11022 | statfs \ | ||
11023 | statvfs \ | ||
11024 | strcasestr \ | ||
11025 | strdup \ | ||
11026 | strerror \ | ||
11027 | strlcat \ | ||
11028 | strlcpy \ | ||
11029 | strmode \ | ||
11030 | strndup \ | ||
11031 | strnlen \ | ||
11032 | strnvis \ | ||
11033 | strptime \ | ||
11034 | strsignal \ | ||
11035 | strtonum \ | ||
11036 | strtoll \ | ||
11037 | strtoul \ | ||
11038 | strtoull \ | ||
11039 | swap32 \ | ||
11040 | sysconf \ | ||
11041 | tcgetpgrp \ | ||
11042 | timingsafe_bcmp \ | ||
11043 | truncate \ | ||
11044 | unsetenv \ | ||
11045 | updwtmpx \ | ||
11046 | utimensat \ | ||
11047 | user_from_uid \ | ||
11048 | usleep \ | ||
11049 | vasprintf \ | ||
11050 | vsnprintf \ | ||
11051 | waitpid \ | ||
11052 | warn \ | ||
11053 | |||
11054 | do : | ||
11055 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11056 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11057 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11058 | cat >>confdefs.h <<_ACEOF | ||
11059 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11060 | _ACEOF | ||
11061 | |||
11062 | fi | ||
11063 | done | ||
11064 | |||
11065 | |||
11066 | ac_fn_c_check_decl "$LINENO" "bzero" "ac_cv_have_decl_bzero" "$ac_includes_default" | ||
11067 | if test "x$ac_cv_have_decl_bzero" = xyes; then : | ||
11068 | ac_have_decl=1 | ||
11069 | else | ||
11070 | ac_have_decl=0 | ||
11071 | fi | ||
11072 | |||
11073 | cat >>confdefs.h <<_ACEOF | ||
11074 | #define HAVE_DECL_BZERO $ac_have_decl | ||
11075 | _ACEOF | ||
11076 | |||
11077 | |||
11078 | for ac_func in mblen mbtowc nl_langinfo wcwidth | ||
11079 | do : | ||
11080 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11081 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11082 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11083 | cat >>confdefs.h <<_ACEOF | ||
11084 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11085 | _ACEOF | ||
11086 | |||
11087 | fi | ||
11088 | done | ||
11089 | |||
11090 | |||
11091 | TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} | ||
11092 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5 | ||
11093 | $as_echo_n "checking for utf8 locale support... " >&6; } | ||
11094 | if test "$cross_compiling" = yes; then : | ||
11095 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
11096 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
11097 | |||
11098 | else | ||
11099 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11100 | /* end confdefs.h. */ | ||
11101 | |||
11102 | #include <locale.h> | ||
11103 | #include <stdlib.h> | ||
11104 | |||
11105 | int | ||
11106 | main () | ||
11107 | { | ||
11108 | |||
11109 | char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); | ||
11110 | if (loc != NULL) | ||
11111 | exit(0); | ||
11112 | exit(1); | ||
11113 | |||
11114 | ; | ||
11115 | return 0; | ||
11116 | } | ||
11117 | _ACEOF | ||
11118 | if ac_fn_c_try_run "$LINENO"; then : | ||
11119 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11120 | $as_echo "yes" >&6; } | ||
11121 | else | ||
11122 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11123 | $as_echo "no" >&6; } | ||
11124 | TEST_SSH_UTF8=no | ||
11125 | fi | ||
11126 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11127 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11128 | fi | ||
11129 | |||
11130 | |||
11131 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11132 | /* end confdefs.h. */ | ||
11133 | #include <ctype.h> | ||
11134 | int | ||
11135 | main () | ||
11136 | { | ||
11137 | return (isblank('a')); | ||
11138 | ; | ||
11139 | return 0; | ||
11140 | } | ||
11141 | _ACEOF | ||
11142 | if ac_fn_c_try_link "$LINENO"; then : | ||
11143 | |||
11144 | $as_echo "#define HAVE_ISBLANK 1" >>confdefs.h | ||
11145 | |||
11146 | |||
11147 | fi | ||
11148 | rm -f core conftest.err conftest.$ac_objext \ | ||
11149 | conftest$ac_exeext conftest.$ac_ext | ||
11150 | |||
11151 | disable_pkcs11= | ||
11152 | # Check whether --enable-pkcs11 was given. | ||
11153 | if test "${enable_pkcs11+set}" = set; then : | ||
11154 | enableval=$enable_pkcs11; | ||
11155 | if test "x$enableval" = "xno" ; then | ||
11156 | disable_pkcs11=1 | ||
11157 | fi | ||
11158 | |||
11159 | |||
11160 | fi | ||
11161 | |||
11162 | |||
11163 | # PKCS11 depends on OpenSSL. | ||
11164 | if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then | ||
11165 | # PKCS#11 support requires dlopen() and co | ||
11166 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 | ||
11167 | $as_echo_n "checking for library containing dlopen... " >&6; } | ||
11168 | if ${ac_cv_search_dlopen+:} false; then : | ||
11169 | $as_echo_n "(cached) " >&6 | ||
11170 | else | ||
11171 | ac_func_search_save_LIBS=$LIBS | ||
11172 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11173 | /* end confdefs.h. */ | ||
11174 | |||
11175 | /* Override any GCC internal prototype to avoid an error. | ||
11176 | Use char because int might match the return type of a GCC | ||
11177 | builtin and then its argument prototype would still apply. */ | ||
11178 | #ifdef __cplusplus | ||
11179 | extern "C" | ||
11180 | #endif | ||
11181 | char dlopen (); | ||
11182 | int | ||
11183 | main () | ||
11184 | { | ||
11185 | return dlopen (); | ||
11186 | ; | ||
11187 | return 0; | ||
11188 | } | ||
11189 | _ACEOF | ||
11190 | for ac_lib in '' dl; do | ||
11191 | if test -z "$ac_lib"; then | ||
11192 | ac_res="none required" | ||
11193 | else | ||
11194 | ac_res=-l$ac_lib | ||
11195 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
11196 | fi | ||
11197 | if ac_fn_c_try_link "$LINENO"; then : | ||
11198 | ac_cv_search_dlopen=$ac_res | ||
11199 | fi | ||
11200 | rm -f core conftest.err conftest.$ac_objext \ | ||
11201 | conftest$ac_exeext | ||
11202 | if ${ac_cv_search_dlopen+:} false; then : | ||
11203 | break | ||
11204 | fi | ||
11205 | done | ||
11206 | if ${ac_cv_search_dlopen+:} false; then : | ||
11207 | |||
11208 | else | ||
11209 | ac_cv_search_dlopen=no | ||
11210 | fi | ||
11211 | rm conftest.$ac_ext | ||
11212 | LIBS=$ac_func_search_save_LIBS | ||
11213 | fi | ||
11214 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 | ||
11215 | $as_echo "$ac_cv_search_dlopen" >&6; } | ||
11216 | ac_res=$ac_cv_search_dlopen | ||
11217 | if test "$ac_res" != no; then : | ||
11218 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
11219 | ac_fn_c_check_decl "$LINENO" "RTLD_NOW" "ac_cv_have_decl_RTLD_NOW" "#include <dlfcn.h> | ||
11220 | |||
11221 | " | ||
11222 | if test "x$ac_cv_have_decl_RTLD_NOW" = xyes; then : | ||
11223 | |||
11224 | $as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h | ||
11225 | |||
11226 | fi | ||
11227 | |||
11228 | |||
11229 | fi | ||
11230 | |||
11231 | fi | ||
11232 | |||
11233 | # IRIX has a const char return value for gai_strerror() | ||
11234 | for ac_func in gai_strerror | ||
11235 | do : | ||
11236 | ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror" | ||
11237 | if test "x$ac_cv_func_gai_strerror" = xyes; then : | ||
11238 | cat >>confdefs.h <<_ACEOF | ||
11239 | #define HAVE_GAI_STRERROR 1 | ||
11240 | _ACEOF | ||
11241 | |||
11242 | $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h | ||
11243 | |||
11244 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11245 | /* end confdefs.h. */ | ||
11246 | |||
11247 | #include <sys/types.h> | ||
11248 | #include <sys/socket.h> | ||
11249 | #include <netdb.h> | ||
11250 | |||
11251 | const char *gai_strerror(int); | ||
11252 | |||
11253 | int | ||
11254 | main () | ||
11255 | { | ||
11256 | |||
11257 | char *str; | ||
11258 | str = gai_strerror(0); | ||
11259 | |||
11260 | ; | ||
11261 | return 0; | ||
11262 | } | ||
11263 | _ACEOF | ||
11264 | if ac_fn_c_try_compile "$LINENO"; then : | ||
11265 | |||
11266 | |||
11267 | $as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h | ||
11268 | |||
11269 | fi | ||
11270 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
11271 | fi | ||
11272 | done | ||
11273 | |||
11274 | |||
11275 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 | ||
11276 | $as_echo_n "checking for library containing nanosleep... " >&6; } | ||
11277 | if ${ac_cv_search_nanosleep+:} false; then : | ||
11278 | $as_echo_n "(cached) " >&6 | ||
11279 | else | ||
11280 | ac_func_search_save_LIBS=$LIBS | ||
11281 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11282 | /* end confdefs.h. */ | ||
11283 | |||
11284 | /* Override any GCC internal prototype to avoid an error. | ||
11285 | Use char because int might match the return type of a GCC | ||
11286 | builtin and then its argument prototype would still apply. */ | ||
11287 | #ifdef __cplusplus | ||
11288 | extern "C" | ||
11289 | #endif | ||
11290 | char nanosleep (); | ||
11291 | int | ||
11292 | main () | ||
11293 | { | ||
11294 | return nanosleep (); | ||
11295 | ; | ||
11296 | return 0; | ||
11297 | } | ||
11298 | _ACEOF | ||
11299 | for ac_lib in '' rt posix4; do | ||
11300 | if test -z "$ac_lib"; then | ||
11301 | ac_res="none required" | ||
11302 | else | ||
11303 | ac_res=-l$ac_lib | ||
11304 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
11305 | fi | ||
11306 | if ac_fn_c_try_link "$LINENO"; then : | ||
11307 | ac_cv_search_nanosleep=$ac_res | ||
11308 | fi | ||
11309 | rm -f core conftest.err conftest.$ac_objext \ | ||
11310 | conftest$ac_exeext | ||
11311 | if ${ac_cv_search_nanosleep+:} false; then : | ||
11312 | break | ||
11313 | fi | ||
11314 | done | ||
11315 | if ${ac_cv_search_nanosleep+:} false; then : | ||
11316 | |||
11317 | else | ||
11318 | ac_cv_search_nanosleep=no | ||
11319 | fi | ||
11320 | rm conftest.$ac_ext | ||
11321 | LIBS=$ac_func_search_save_LIBS | ||
11322 | fi | ||
11323 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 | ||
11324 | $as_echo "$ac_cv_search_nanosleep" >&6; } | ||
11325 | ac_res=$ac_cv_search_nanosleep | ||
11326 | if test "$ac_res" != no; then : | ||
11327 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
11328 | |||
11329 | $as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h | ||
11330 | |||
11331 | fi | ||
11332 | |||
11333 | |||
11334 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 | ||
11335 | $as_echo_n "checking for library containing clock_gettime... " >&6; } | ||
11336 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
11337 | $as_echo_n "(cached) " >&6 | ||
11338 | else | ||
11339 | ac_func_search_save_LIBS=$LIBS | ||
11340 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11341 | /* end confdefs.h. */ | ||
11342 | |||
11343 | /* Override any GCC internal prototype to avoid an error. | ||
11344 | Use char because int might match the return type of a GCC | ||
11345 | builtin and then its argument prototype would still apply. */ | ||
11346 | #ifdef __cplusplus | ||
11347 | extern "C" | ||
11348 | #endif | ||
11349 | char clock_gettime (); | ||
11350 | int | ||
11351 | main () | ||
11352 | { | ||
11353 | return clock_gettime (); | ||
11354 | ; | ||
11355 | return 0; | ||
11356 | } | ||
11357 | _ACEOF | ||
11358 | for ac_lib in '' rt; do | ||
11359 | if test -z "$ac_lib"; then | ||
11360 | ac_res="none required" | ||
11361 | else | ||
11362 | ac_res=-l$ac_lib | ||
11363 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
11364 | fi | ||
11365 | if ac_fn_c_try_link "$LINENO"; then : | ||
11366 | ac_cv_search_clock_gettime=$ac_res | ||
11367 | fi | ||
11368 | rm -f core conftest.err conftest.$ac_objext \ | ||
11369 | conftest$ac_exeext | ||
11370 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
11371 | break | ||
11372 | fi | ||
11373 | done | ||
11374 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
11375 | |||
11376 | else | ||
11377 | ac_cv_search_clock_gettime=no | ||
11378 | fi | ||
11379 | rm conftest.$ac_ext | ||
11380 | LIBS=$ac_func_search_save_LIBS | ||
11381 | fi | ||
11382 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 | ||
11383 | $as_echo "$ac_cv_search_clock_gettime" >&6; } | ||
11384 | ac_res=$ac_cv_search_clock_gettime | ||
11385 | if test "$ac_res" != no; then : | ||
11386 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
11387 | |||
11388 | $as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h | ||
11389 | |||
11390 | fi | ||
11391 | |||
11392 | |||
11393 | ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" " | ||
11394 | #ifdef HAVE_STRING_H | ||
11395 | # include <string.h> | ||
11396 | #endif | ||
11397 | |||
11398 | " | ||
11399 | if test "x$ac_cv_have_decl_strsep" = xyes; then : | ||
11400 | for ac_func in strsep | ||
11401 | do : | ||
11402 | ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" | ||
11403 | if test "x$ac_cv_func_strsep" = xyes; then : | ||
11404 | cat >>confdefs.h <<_ACEOF | ||
11405 | #define HAVE_STRSEP 1 | ||
11406 | _ACEOF | ||
11407 | |||
11408 | fi | ||
11409 | done | ||
11410 | |||
11411 | fi | ||
11412 | |||
11413 | |||
11414 | ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h> | ||
11415 | |||
11416 | " | ||
11417 | if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then : | ||
11418 | $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h | ||
11419 | |||
11420 | else | ||
11421 | for ac_func in tcsendbreak | ||
11422 | do : | ||
11423 | ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak" | ||
11424 | if test "x$ac_cv_func_tcsendbreak" = xyes; then : | ||
11425 | cat >>confdefs.h <<_ACEOF | ||
11426 | #define HAVE_TCSENDBREAK 1 | ||
11427 | _ACEOF | ||
11428 | |||
11429 | fi | ||
11430 | done | ||
11431 | |||
11432 | fi | ||
11433 | |||
11434 | |||
11435 | ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h> | ||
11436 | " | ||
11437 | if test "x$ac_cv_have_decl_h_errno" = xyes; then : | ||
11438 | ac_have_decl=1 | ||
11439 | else | ||
11440 | ac_have_decl=0 | ||
11441 | fi | ||
11442 | |||
11443 | cat >>confdefs.h <<_ACEOF | ||
11444 | #define HAVE_DECL_H_ERRNO $ac_have_decl | ||
11445 | _ACEOF | ||
11446 | |||
11447 | |||
11448 | ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" " | ||
11449 | #include <sys/types.h> | ||
11450 | #include <sys/socket.h> | ||
11451 | |||
11452 | " | ||
11453 | if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then : | ||
11454 | ac_have_decl=1 | ||
11455 | else | ||
11456 | ac_have_decl=0 | ||
11457 | fi | ||
11458 | |||
11459 | cat >>confdefs.h <<_ACEOF | ||
11460 | #define HAVE_DECL_SHUT_RD $ac_have_decl | ||
11461 | _ACEOF | ||
11462 | |||
11463 | |||
11464 | ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" " | ||
11465 | #include <sys/types.h> | ||
11466 | #ifdef HAVE_SYS_STAT_H | ||
11467 | # include <sys/stat.h> | ||
11468 | #endif | ||
11469 | #ifdef HAVE_FCNTL_H | ||
11470 | # include <fcntl.h> | ||
11471 | #endif | ||
11472 | |||
11473 | " | ||
11474 | if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then : | ||
11475 | ac_have_decl=1 | ||
11476 | else | ||
11477 | ac_have_decl=0 | ||
11478 | fi | ||
11479 | |||
11480 | cat >>confdefs.h <<_ACEOF | ||
11481 | #define HAVE_DECL_O_NONBLOCK $ac_have_decl | ||
11482 | _ACEOF | ||
11483 | |||
11484 | |||
11485 | ac_fn_c_check_decl "$LINENO" "readv" "ac_cv_have_decl_readv" " | ||
11486 | #include <sys/types.h> | ||
11487 | #include <sys/uio.h> | ||
11488 | #include <unistd.h> | ||
11489 | |||
11490 | " | ||
11491 | if test "x$ac_cv_have_decl_readv" = xyes; then : | ||
11492 | ac_have_decl=1 | ||
11493 | else | ||
11494 | ac_have_decl=0 | ||
11495 | fi | ||
11496 | |||
11497 | cat >>confdefs.h <<_ACEOF | ||
11498 | #define HAVE_DECL_READV $ac_have_decl | ||
11499 | _ACEOF | ||
11500 | ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" " | ||
11501 | #include <sys/types.h> | ||
11502 | #include <sys/uio.h> | ||
11503 | #include <unistd.h> | ||
11504 | |||
11505 | " | ||
11506 | if test "x$ac_cv_have_decl_writev" = xyes; then : | ||
11507 | ac_have_decl=1 | ||
11508 | else | ||
11509 | ac_have_decl=0 | ||
11510 | fi | ||
11511 | |||
11512 | cat >>confdefs.h <<_ACEOF | ||
11513 | #define HAVE_DECL_WRITEV $ac_have_decl | ||
11514 | _ACEOF | ||
11515 | |||
11516 | |||
11517 | ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" " | ||
11518 | #include <sys/param.h> | ||
11519 | |||
11520 | " | ||
11521 | if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then : | ||
11522 | ac_have_decl=1 | ||
11523 | else | ||
11524 | ac_have_decl=0 | ||
11525 | fi | ||
11526 | |||
11527 | cat >>confdefs.h <<_ACEOF | ||
11528 | #define HAVE_DECL_MAXSYMLINKS $ac_have_decl | ||
11529 | _ACEOF | ||
11530 | |||
11531 | |||
11532 | ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" " | ||
11533 | #include <stddef.h> | ||
11534 | |||
11535 | " | ||
11536 | if test "x$ac_cv_have_decl_offsetof" = xyes; then : | ||
11537 | ac_have_decl=1 | ||
11538 | else | ||
11539 | ac_have_decl=0 | ||
11540 | fi | ||
11541 | |||
11542 | cat >>confdefs.h <<_ACEOF | ||
11543 | #define HAVE_DECL_OFFSETOF $ac_have_decl | ||
11544 | _ACEOF | ||
11545 | |||
11546 | |||
11547 | # extra bits for select(2) | ||
11548 | ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" " | ||
11549 | #include <sys/param.h> | ||
11550 | #include <sys/types.h> | ||
11551 | #ifdef HAVE_SYS_SYSMACROS_H | ||
11552 | #include <sys/sysmacros.h> | ||
11553 | #endif | ||
11554 | #ifdef HAVE_SYS_SELECT_H | ||
11555 | #include <sys/select.h> | ||
11556 | #endif | ||
11557 | #ifdef HAVE_SYS_TIME_H | ||
11558 | #include <sys/time.h> | ||
11559 | #endif | ||
11560 | #ifdef HAVE_UNISTD_H | ||
11561 | #include <unistd.h> | ||
11562 | #endif | ||
11563 | |||
11564 | " | ||
11565 | if test "x$ac_cv_have_decl_howmany" = xyes; then : | ||
11566 | ac_have_decl=1 | ||
11567 | else | ||
11568 | ac_have_decl=0 | ||
11569 | fi | ||
11570 | |||
11571 | cat >>confdefs.h <<_ACEOF | ||
11572 | #define HAVE_DECL_HOWMANY $ac_have_decl | ||
11573 | _ACEOF | ||
11574 | ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" " | ||
11575 | #include <sys/param.h> | ||
11576 | #include <sys/types.h> | ||
11577 | #ifdef HAVE_SYS_SYSMACROS_H | ||
11578 | #include <sys/sysmacros.h> | ||
11579 | #endif | ||
11580 | #ifdef HAVE_SYS_SELECT_H | ||
11581 | #include <sys/select.h> | ||
11582 | #endif | ||
11583 | #ifdef HAVE_SYS_TIME_H | ||
11584 | #include <sys/time.h> | ||
11585 | #endif | ||
11586 | #ifdef HAVE_UNISTD_H | ||
11587 | #include <unistd.h> | ||
11588 | #endif | ||
11589 | |||
11590 | " | ||
11591 | if test "x$ac_cv_have_decl_NFDBITS" = xyes; then : | ||
11592 | ac_have_decl=1 | ||
11593 | else | ||
11594 | ac_have_decl=0 | ||
11595 | fi | ||
11596 | |||
11597 | cat >>confdefs.h <<_ACEOF | ||
11598 | #define HAVE_DECL_NFDBITS $ac_have_decl | ||
11599 | _ACEOF | ||
11600 | |||
11601 | ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" " | ||
11602 | #include <sys/param.h> | ||
11603 | #include <sys/types.h> | ||
11604 | #ifdef HAVE_SYS_SELECT_H | ||
11605 | #include <sys/select.h> | ||
11606 | #endif | ||
11607 | #ifdef HAVE_SYS_TIME_H | ||
11608 | #include <sys/time.h> | ||
11609 | #endif | ||
11610 | #ifdef HAVE_UNISTD_H | ||
11611 | #include <unistd.h> | ||
11612 | #endif | ||
11613 | |||
11614 | " | ||
11615 | if test "x$ac_cv_type_fd_mask" = xyes; then : | ||
11616 | |||
11617 | cat >>confdefs.h <<_ACEOF | ||
11618 | #define HAVE_FD_MASK 1 | ||
11619 | _ACEOF | ||
11620 | |||
11621 | |||
11622 | fi | ||
11623 | |||
11624 | |||
11625 | for ac_func in setresuid | ||
11626 | do : | ||
11627 | ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" | ||
11628 | if test "x$ac_cv_func_setresuid" = xyes; then : | ||
11629 | cat >>confdefs.h <<_ACEOF | ||
11630 | #define HAVE_SETRESUID 1 | ||
11631 | _ACEOF | ||
11632 | |||
11633 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5 | ||
11634 | $as_echo_n "checking if setresuid seems to work... " >&6; } | ||
11635 | if test "$cross_compiling" = yes; then : | ||
11636 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 | ||
11637 | $as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} | ||
11638 | |||
11639 | else | ||
11640 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11641 | /* end confdefs.h. */ | ||
11642 | |||
11643 | #include <stdlib.h> | ||
11644 | #include <errno.h> | ||
11645 | |||
11646 | int | ||
11647 | main () | ||
11648 | { | ||
11649 | |||
11650 | errno=0; | ||
11651 | setresuid(0,0,0); | ||
11652 | if (errno==ENOSYS) | ||
11653 | exit(1); | ||
11654 | else | ||
11655 | exit(0); | ||
11656 | |||
11657 | ; | ||
11658 | return 0; | ||
11659 | } | ||
11660 | _ACEOF | ||
11661 | if ac_fn_c_try_run "$LINENO"; then : | ||
11662 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11663 | $as_echo "yes" >&6; } | ||
11664 | else | ||
11665 | |||
11666 | $as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h | ||
11667 | |||
11668 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 | ||
11669 | $as_echo "not implemented" >&6; } | ||
11670 | fi | ||
11671 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11672 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11673 | fi | ||
11674 | |||
11675 | |||
11676 | fi | ||
11677 | done | ||
11678 | |||
11679 | |||
11680 | for ac_func in setresgid | ||
11681 | do : | ||
11682 | ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" | ||
11683 | if test "x$ac_cv_func_setresgid" = xyes; then : | ||
11684 | cat >>confdefs.h <<_ACEOF | ||
11685 | #define HAVE_SETRESGID 1 | ||
11686 | _ACEOF | ||
11687 | |||
11688 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5 | ||
11689 | $as_echo_n "checking if setresgid seems to work... " >&6; } | ||
11690 | if test "$cross_compiling" = yes; then : | ||
11691 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 | ||
11692 | $as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} | ||
11693 | |||
11694 | else | ||
11695 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11696 | /* end confdefs.h. */ | ||
11697 | |||
11698 | #include <stdlib.h> | ||
11699 | #include <errno.h> | ||
11700 | |||
11701 | int | ||
11702 | main () | ||
11703 | { | ||
11704 | |||
11705 | errno=0; | ||
11706 | setresgid(0,0,0); | ||
11707 | if (errno==ENOSYS) | ||
11708 | exit(1); | ||
11709 | else | ||
11710 | exit(0); | ||
11711 | |||
11712 | ; | ||
11713 | return 0; | ||
11714 | } | ||
11715 | _ACEOF | ||
11716 | if ac_fn_c_try_run "$LINENO"; then : | ||
11717 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11718 | $as_echo "yes" >&6; } | ||
11719 | else | ||
11720 | |||
11721 | $as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h | ||
11722 | |||
11723 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 | ||
11724 | $as_echo "not implemented" >&6; } | ||
11725 | fi | ||
11726 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11727 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11728 | fi | ||
11729 | |||
11730 | |||
11731 | fi | ||
11732 | done | ||
11733 | |||
11734 | |||
11735 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fflush(NULL)" >&5 | ||
11736 | $as_echo_n "checking for working fflush(NULL)... " >&6; } | ||
11737 | if test "$cross_compiling" = yes; then : | ||
11738 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5 | ||
11739 | $as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;} | ||
11740 | |||
11741 | else | ||
11742 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11743 | /* end confdefs.h. */ | ||
11744 | #include <stdio.h> | ||
11745 | int | ||
11746 | main () | ||
11747 | { | ||
11748 | fflush(NULL); exit(0); | ||
11749 | ; | ||
11750 | return 0; | ||
11751 | } | ||
11752 | _ACEOF | ||
11753 | if ac_fn_c_try_run "$LINENO"; then : | ||
11754 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11755 | $as_echo "yes" >&6; } | ||
11756 | else | ||
11757 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11758 | $as_echo "no" >&6; } | ||
11759 | |||
11760 | $as_echo "#define FFLUSH_NULL_BUG 1" >>confdefs.h | ||
11761 | |||
11762 | fi | ||
11763 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11764 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11765 | fi | ||
11766 | |||
11767 | |||
11768 | for ac_func in gettimeofday time | ||
11769 | do : | ||
11770 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11771 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11772 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11773 | cat >>confdefs.h <<_ACEOF | ||
11774 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11775 | _ACEOF | ||
11776 | |||
11777 | fi | ||
11778 | done | ||
11779 | |||
11780 | for ac_func in endutent getutent getutid getutline pututline setutent | ||
11781 | do : | ||
11782 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11783 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11784 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11785 | cat >>confdefs.h <<_ACEOF | ||
11786 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11787 | _ACEOF | ||
11788 | |||
11789 | fi | ||
11790 | done | ||
11791 | |||
11792 | for ac_func in utmpname | ||
11793 | do : | ||
11794 | ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname" | ||
11795 | if test "x$ac_cv_func_utmpname" = xyes; then : | ||
11796 | cat >>confdefs.h <<_ACEOF | ||
11797 | #define HAVE_UTMPNAME 1 | ||
11798 | _ACEOF | ||
11799 | |||
11800 | fi | ||
11801 | done | ||
11802 | |||
11803 | for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline | ||
11804 | do : | ||
11805 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11806 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11807 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11808 | cat >>confdefs.h <<_ACEOF | ||
11809 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11810 | _ACEOF | ||
11811 | |||
11812 | fi | ||
11813 | done | ||
11814 | |||
11815 | for ac_func in setutxdb setutxent utmpxname | ||
11816 | do : | ||
11817 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11818 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11819 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11820 | cat >>confdefs.h <<_ACEOF | ||
11821 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11822 | _ACEOF | ||
11823 | |||
11824 | fi | ||
11825 | done | ||
11826 | |||
11827 | for ac_func in getlastlogxbyname | ||
11828 | do : | ||
11829 | ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname" | ||
11830 | if test "x$ac_cv_func_getlastlogxbyname" = xyes; then : | ||
11831 | cat >>confdefs.h <<_ACEOF | ||
11832 | #define HAVE_GETLASTLOGXBYNAME 1 | ||
11833 | _ACEOF | ||
11834 | |||
11835 | fi | ||
11836 | done | ||
11837 | |||
11838 | |||
11839 | ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" | ||
11840 | if test "x$ac_cv_func_daemon" = xyes; then : | ||
11841 | |||
11842 | $as_echo "#define HAVE_DAEMON 1" >>confdefs.h | ||
11843 | |||
11844 | else | ||
11845 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5 | ||
11846 | $as_echo_n "checking for daemon in -lbsd... " >&6; } | ||
11847 | if ${ac_cv_lib_bsd_daemon+:} false; then : | ||
11848 | $as_echo_n "(cached) " >&6 | ||
11849 | else | ||
11850 | ac_check_lib_save_LIBS=$LIBS | ||
11851 | LIBS="-lbsd $LIBS" | ||
11852 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11853 | /* end confdefs.h. */ | ||
11854 | |||
11855 | /* Override any GCC internal prototype to avoid an error. | ||
11856 | Use char because int might match the return type of a GCC | ||
11857 | builtin and then its argument prototype would still apply. */ | ||
11858 | #ifdef __cplusplus | ||
11859 | extern "C" | ||
11860 | #endif | ||
11861 | char daemon (); | ||
11862 | int | ||
11863 | main () | ||
11864 | { | ||
11865 | return daemon (); | ||
11866 | ; | ||
11867 | return 0; | ||
11868 | } | ||
11869 | _ACEOF | ||
11870 | if ac_fn_c_try_link "$LINENO"; then : | ||
11871 | ac_cv_lib_bsd_daemon=yes | ||
11872 | else | ||
11873 | ac_cv_lib_bsd_daemon=no | ||
11874 | fi | ||
11875 | rm -f core conftest.err conftest.$ac_objext \ | ||
11876 | conftest$ac_exeext conftest.$ac_ext | ||
11877 | LIBS=$ac_check_lib_save_LIBS | ||
11878 | fi | ||
11879 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5 | ||
11880 | $as_echo "$ac_cv_lib_bsd_daemon" >&6; } | ||
11881 | if test "x$ac_cv_lib_bsd_daemon" = xyes; then : | ||
11882 | LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h | ||
11883 | |||
11884 | fi | ||
11885 | |||
11886 | |||
11887 | fi | ||
11888 | |||
11889 | |||
11890 | ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" | ||
11891 | if test "x$ac_cv_func_getpagesize" = xyes; then : | ||
11892 | |||
11893 | $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h | ||
11894 | |||
11895 | else | ||
11896 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5 | ||
11897 | $as_echo_n "checking for getpagesize in -lucb... " >&6; } | ||
11898 | if ${ac_cv_lib_ucb_getpagesize+:} false; then : | ||
11899 | $as_echo_n "(cached) " >&6 | ||
11900 | else | ||
11901 | ac_check_lib_save_LIBS=$LIBS | ||
11902 | LIBS="-lucb $LIBS" | ||
11903 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11904 | /* end confdefs.h. */ | ||
11905 | |||
11906 | /* Override any GCC internal prototype to avoid an error. | ||
11907 | Use char because int might match the return type of a GCC | ||
11908 | builtin and then its argument prototype would still apply. */ | ||
11909 | #ifdef __cplusplus | ||
11910 | extern "C" | ||
11911 | #endif | ||
11912 | char getpagesize (); | ||
11913 | int | ||
11914 | main () | ||
11915 | { | ||
11916 | return getpagesize (); | ||
11917 | ; | ||
11918 | return 0; | ||
11919 | } | ||
11920 | _ACEOF | ||
11921 | if ac_fn_c_try_link "$LINENO"; then : | ||
11922 | ac_cv_lib_ucb_getpagesize=yes | ||
11923 | else | ||
11924 | ac_cv_lib_ucb_getpagesize=no | ||
11925 | fi | ||
11926 | rm -f core conftest.err conftest.$ac_objext \ | ||
11927 | conftest$ac_exeext conftest.$ac_ext | ||
11928 | LIBS=$ac_check_lib_save_LIBS | ||
11929 | fi | ||
11930 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5 | ||
11931 | $as_echo "$ac_cv_lib_ucb_getpagesize" >&6; } | ||
11932 | if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then : | ||
11933 | LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h | ||
11934 | |||
11935 | fi | ||
11936 | |||
11937 | |||
11938 | fi | ||
11939 | |||
11940 | |||
11941 | # Check for broken snprintf | ||
11942 | if test "x$ac_cv_func_snprintf" = "xyes" ; then | ||
11943 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5 | ||
11944 | $as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; } | ||
11945 | if test "$cross_compiling" = yes; then : | ||
11946 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 | ||
11947 | $as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} | ||
11948 | |||
11949 | else | ||
11950 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11951 | /* end confdefs.h. */ | ||
11952 | #include <stdio.h> | ||
11953 | int | ||
11954 | main () | ||
11955 | { | ||
11956 | |||
11957 | char b[5]; | ||
11958 | snprintf(b,5,"123456789"); | ||
11959 | exit(b[4]!='\0'); | ||
11960 | |||
11961 | ; | ||
11962 | return 0; | ||
11963 | } | ||
11964 | _ACEOF | ||
11965 | if ac_fn_c_try_run "$LINENO"; then : | ||
11966 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11967 | $as_echo "yes" >&6; } | ||
11968 | else | ||
11969 | |||
11970 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11971 | $as_echo "no" >&6; } | ||
11972 | |||
11973 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
11974 | |||
11975 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 | ||
11976 | $as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} | ||
11977 | |||
11978 | fi | ||
11979 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11980 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11981 | fi | ||
11982 | |||
11983 | fi | ||
11984 | |||
11985 | if test "x$ac_cv_func_snprintf" = "xyes" ; then | ||
11986 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf understands %zu" >&5 | ||
11987 | $as_echo_n "checking whether snprintf understands %zu... " >&6; } | ||
11988 | if test "$cross_compiling" = yes; then : | ||
11989 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 | ||
11990 | $as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} | ||
11991 | |||
11992 | else | ||
11993 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11994 | /* end confdefs.h. */ | ||
11995 | |||
11996 | #include <sys/types.h> | ||
11997 | #include <stdio.h> | ||
11998 | |||
11999 | int | ||
12000 | main () | ||
12001 | { | ||
12002 | |||
12003 | size_t a = 1, b = 2; | ||
12004 | char z[128]; | ||
12005 | snprintf(z, sizeof z, "%zu%zu", a, b); | ||
12006 | exit(strcmp(z, "12")); | ||
12007 | |||
12008 | ; | ||
12009 | return 0; | ||
12010 | } | ||
12011 | _ACEOF | ||
12012 | if ac_fn_c_try_run "$LINENO"; then : | ||
12013 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12014 | $as_echo "yes" >&6; } | ||
12015 | else | ||
12016 | |||
12017 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12018 | $as_echo "no" >&6; } | ||
12019 | |||
12020 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
12021 | |||
12022 | |||
12023 | fi | ||
12024 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12025 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12026 | fi | ||
12027 | |||
12028 | fi | ||
12029 | |||
12030 | # We depend on vsnprintf returning the right thing on overflow: the | ||
12031 | # number of characters it tried to create (as per SUSv3) | ||
12032 | if test "x$ac_cv_func_vsnprintf" = "xyes" ; then | ||
12033 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5 | ||
12034 | $as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; } | ||
12035 | if test "$cross_compiling" = yes; then : | ||
12036 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5 | ||
12037 | $as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;} | ||
12038 | |||
12039 | else | ||
12040 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12041 | /* end confdefs.h. */ | ||
12042 | |||
12043 | #include <sys/types.h> | ||
12044 | #include <stdio.h> | ||
12045 | #include <stdarg.h> | ||
12046 | |||
12047 | int x_snprintf(char *str, size_t count, const char *fmt, ...) | ||
12048 | { | ||
12049 | size_t ret; | ||
12050 | va_list ap; | ||
12051 | |||
12052 | va_start(ap, fmt); | ||
12053 | ret = vsnprintf(str, count, fmt, ap); | ||
12054 | va_end(ap); | ||
12055 | return ret; | ||
12056 | } | ||
12057 | |||
12058 | int | ||
12059 | main () | ||
12060 | { | ||
12061 | |||
12062 | char x[1]; | ||
12063 | if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) | ||
12064 | return 1; | ||
12065 | if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) | ||
12066 | return 1; | ||
12067 | return 0; | ||
12068 | |||
12069 | ; | ||
12070 | return 0; | ||
12071 | } | ||
12072 | _ACEOF | ||
12073 | if ac_fn_c_try_run "$LINENO"; then : | ||
12074 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12075 | $as_echo "yes" >&6; } | ||
12076 | else | ||
12077 | |||
12078 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12079 | $as_echo "no" >&6; } | ||
12080 | |||
12081 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
12082 | |||
12083 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5 | ||
12084 | $as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;} | ||
12085 | |||
12086 | fi | ||
12087 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12088 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12089 | fi | ||
12090 | |||
12091 | fi | ||
12092 | |||
12093 | # On systems where [v]snprintf is broken, but is declared in stdio, | ||
12094 | # check that the fmt argument is const char * or just char *. | ||
12095 | # This is only useful for when BROKEN_SNPRINTF | ||
12096 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5 | ||
12097 | $as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; } | ||
12098 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12099 | /* end confdefs.h. */ | ||
12100 | |||
12101 | #include <stdio.h> | ||
12102 | int snprintf(char *a, size_t b, const char *c, ...) { return 0; } | ||
12103 | |||
12104 | int | ||
12105 | main () | ||
12106 | { | ||
12107 | |||
12108 | snprintf(0, 0, 0); | ||
12109 | |||
12110 | ; | ||
12111 | return 0; | ||
12112 | } | ||
12113 | _ACEOF | ||
12114 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12115 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12116 | $as_echo "yes" >&6; } | ||
12117 | |||
12118 | $as_echo "#define SNPRINTF_CONST const" >>confdefs.h | ||
12119 | |||
12120 | else | ||
12121 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12122 | $as_echo "no" >&6; } | ||
12123 | $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h | ||
12124 | |||
12125 | fi | ||
12126 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12127 | |||
12128 | # Check for missing getpeereid (or equiv) support | ||
12129 | NO_PEERCHECK="" | ||
12130 | if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then | ||
12131 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5 | ||
12132 | $as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; } | ||
12133 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12134 | /* end confdefs.h. */ | ||
12135 | |||
12136 | #include <sys/types.h> | ||
12137 | #include <sys/socket.h> | ||
12138 | int | ||
12139 | main () | ||
12140 | { | ||
12141 | int i = SO_PEERCRED; | ||
12142 | ; | ||
12143 | return 0; | ||
12144 | } | ||
12145 | _ACEOF | ||
12146 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12147 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12148 | $as_echo "yes" >&6; } | ||
12149 | |||
12150 | $as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h | ||
12151 | |||
12152 | |||
12153 | else | ||
12154 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12155 | $as_echo "no" >&6; } | ||
12156 | NO_PEERCHECK=1 | ||
12157 | |||
12158 | fi | ||
12159 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12160 | fi | ||
12161 | |||
12162 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then | ||
12163 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5 | ||
12164 | $as_echo_n "checking for (overly) strict mkstemp... " >&6; } | ||
12165 | if test "$cross_compiling" = yes; then : | ||
12166 | |||
12167 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12168 | $as_echo "yes" >&6; } | ||
12169 | $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h | ||
12170 | |||
12171 | |||
12172 | |||
12173 | else | ||
12174 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12175 | /* end confdefs.h. */ | ||
12176 | |||
12177 | #include <stdlib.h> | ||
12178 | |||
12179 | int | ||
12180 | main () | ||
12181 | { | ||
12182 | |||
12183 | char template[]="conftest.mkstemp-test"; | ||
12184 | if (mkstemp(template) == -1) | ||
12185 | exit(1); | ||
12186 | unlink(template); | ||
12187 | exit(0); | ||
12188 | |||
12189 | ; | ||
12190 | return 0; | ||
12191 | } | ||
12192 | _ACEOF | ||
12193 | if ac_fn_c_try_run "$LINENO"; then : | ||
12194 | |||
12195 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12196 | $as_echo "no" >&6; } | ||
12197 | |||
12198 | else | ||
12199 | |||
12200 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12201 | $as_echo "yes" >&6; } | ||
12202 | |||
12203 | $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h | ||
12204 | |||
12205 | |||
12206 | fi | ||
12207 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12208 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12209 | fi | ||
12210 | |||
12211 | fi | ||
12212 | |||
12213 | if test ! -z "$check_for_openpty_ctty_bug"; then | ||
12214 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5 | ||
12215 | $as_echo_n "checking if openpty correctly handles controlling tty... " >&6; } | ||
12216 | if test "$cross_compiling" = yes; then : | ||
12217 | |||
12218 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 | ||
12219 | $as_echo "cross-compiling, assuming yes" >&6; } | ||
12220 | |||
12221 | |||
12222 | else | ||
12223 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12224 | /* end confdefs.h. */ | ||
12225 | |||
12226 | #include <stdio.h> | ||
12227 | #include <sys/fcntl.h> | ||
12228 | #include <sys/types.h> | ||
12229 | #include <sys/wait.h> | ||
12230 | |||
12231 | int | ||
12232 | main () | ||
12233 | { | ||
12234 | |||
12235 | pid_t pid; | ||
12236 | int fd, ptyfd, ttyfd, status; | ||
12237 | |||
12238 | pid = fork(); | ||
12239 | if (pid < 0) { /* failed */ | ||
12240 | exit(1); | ||
12241 | } else if (pid > 0) { /* parent */ | ||
12242 | waitpid(pid, &status, 0); | ||
12243 | if (WIFEXITED(status)) | ||
12244 | exit(WEXITSTATUS(status)); | ||
12245 | else | ||
12246 | exit(2); | ||
12247 | } else { /* child */ | ||
12248 | close(0); close(1); close(2); | ||
12249 | setsid(); | ||
12250 | openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); | ||
12251 | fd = open("/dev/tty", O_RDWR | O_NOCTTY); | ||
12252 | if (fd >= 0) | ||
12253 | exit(3); /* Acquired ctty: broken */ | ||
12254 | else | ||
12255 | exit(0); /* Did not acquire ctty: OK */ | ||
12256 | } | ||
12257 | |||
12258 | ; | ||
12259 | return 0; | ||
12260 | } | ||
12261 | _ACEOF | ||
12262 | if ac_fn_c_try_run "$LINENO"; then : | ||
12263 | |||
12264 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12265 | $as_echo "yes" >&6; } | ||
12266 | |||
12267 | else | ||
12268 | |||
12269 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12270 | $as_echo "no" >&6; } | ||
12271 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
12272 | |||
12273 | |||
12274 | fi | ||
12275 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12276 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12277 | fi | ||
12278 | |||
12279 | fi | ||
12280 | |||
12281 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ | ||
12282 | test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then | ||
12283 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 | ||
12284 | $as_echo_n "checking if getaddrinfo seems to work... " >&6; } | ||
12285 | if test "$cross_compiling" = yes; then : | ||
12286 | |||
12287 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 | ||
12288 | $as_echo "cross-compiling, assuming yes" >&6; } | ||
12289 | |||
12290 | |||
12291 | else | ||
12292 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12293 | /* end confdefs.h. */ | ||
12294 | |||
12295 | #include <stdio.h> | ||
12296 | #include <sys/socket.h> | ||
12297 | #include <netdb.h> | ||
12298 | #include <errno.h> | ||
12299 | #include <netinet/in.h> | ||
12300 | |||
12301 | #define TEST_PORT "2222" | ||
12302 | |||
12303 | int | ||
12304 | main () | ||
12305 | { | ||
12306 | |||
12307 | int err, sock; | ||
12308 | struct addrinfo *gai_ai, *ai, hints; | ||
12309 | char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; | ||
12310 | |||
12311 | memset(&hints, 0, sizeof(hints)); | ||
12312 | hints.ai_family = PF_UNSPEC; | ||
12313 | hints.ai_socktype = SOCK_STREAM; | ||
12314 | hints.ai_flags = AI_PASSIVE; | ||
12315 | |||
12316 | err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); | ||
12317 | if (err != 0) { | ||
12318 | fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); | ||
12319 | exit(1); | ||
12320 | } | ||
12321 | |||
12322 | for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { | ||
12323 | if (ai->ai_family != AF_INET6) | ||
12324 | continue; | ||
12325 | |||
12326 | err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, | ||
12327 | sizeof(ntop), strport, sizeof(strport), | ||
12328 | NI_NUMERICHOST|NI_NUMERICSERV); | ||
12329 | |||
12330 | if (err != 0) { | ||
12331 | if (err == EAI_SYSTEM) | ||
12332 | perror("getnameinfo EAI_SYSTEM"); | ||
12333 | else | ||
12334 | fprintf(stderr, "getnameinfo failed: %s\n", | ||
12335 | gai_strerror(err)); | ||
12336 | exit(2); | ||
12337 | } | ||
12338 | |||
12339 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | ||
12340 | if (sock < 0) | ||
12341 | perror("socket"); | ||
12342 | if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { | ||
12343 | if (errno == EBADF) | ||
12344 | exit(3); | ||
12345 | } | ||
12346 | } | ||
12347 | exit(0); | ||
12348 | |||
12349 | ; | ||
12350 | return 0; | ||
12351 | } | ||
12352 | _ACEOF | ||
12353 | if ac_fn_c_try_run "$LINENO"; then : | ||
12354 | |||
12355 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12356 | $as_echo "yes" >&6; } | ||
12357 | |||
12358 | else | ||
12359 | |||
12360 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12361 | $as_echo "no" >&6; } | ||
12362 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
12363 | |||
12364 | |||
12365 | fi | ||
12366 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12367 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12368 | fi | ||
12369 | |||
12370 | fi | ||
12371 | |||
12372 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ | ||
12373 | test "x$check_for_aix_broken_getaddrinfo" = "x1"; then | ||
12374 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 | ||
12375 | $as_echo_n "checking if getaddrinfo seems to work... " >&6; } | ||
12376 | if test "$cross_compiling" = yes; then : | ||
12377 | |||
12378 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5 | ||
12379 | $as_echo "cross-compiling, assuming no" >&6; } | ||
12380 | |||
12381 | |||
12382 | else | ||
12383 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12384 | /* end confdefs.h. */ | ||
12385 | |||
12386 | #include <stdio.h> | ||
12387 | #include <sys/socket.h> | ||
12388 | #include <netdb.h> | ||
12389 | #include <errno.h> | ||
12390 | #include <netinet/in.h> | ||
12391 | |||
12392 | #define TEST_PORT "2222" | ||
12393 | |||
12394 | int | ||
12395 | main () | ||
12396 | { | ||
12397 | |||
12398 | int err, sock; | ||
12399 | struct addrinfo *gai_ai, *ai, hints; | ||
12400 | char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; | ||
12401 | |||
12402 | memset(&hints, 0, sizeof(hints)); | ||
12403 | hints.ai_family = PF_UNSPEC; | ||
12404 | hints.ai_socktype = SOCK_STREAM; | ||
12405 | hints.ai_flags = AI_PASSIVE; | ||
12406 | |||
12407 | err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); | ||
12408 | if (err != 0) { | ||
12409 | fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); | ||
12410 | exit(1); | ||
12411 | } | ||
12412 | |||
12413 | for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { | ||
12414 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) | ||
12415 | continue; | ||
12416 | |||
12417 | err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, | ||
12418 | sizeof(ntop), strport, sizeof(strport), | ||
12419 | NI_NUMERICHOST|NI_NUMERICSERV); | ||
12420 | |||
12421 | if (ai->ai_family == AF_INET && err != 0) { | ||
12422 | perror("getnameinfo"); | ||
12423 | exit(2); | ||
12424 | } | ||
12425 | } | ||
12426 | exit(0); | ||
12427 | |||
12428 | ; | ||
12429 | return 0; | ||
12430 | } | ||
12431 | _ACEOF | ||
12432 | if ac_fn_c_try_run "$LINENO"; then : | ||
12433 | |||
12434 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12435 | $as_echo "yes" >&6; } | ||
12436 | |||
12437 | $as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h | ||
12438 | |||
12439 | |||
12440 | else | ||
12441 | |||
12442 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12443 | $as_echo "no" >&6; } | ||
12444 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
12445 | |||
12446 | |||
12447 | fi | ||
12448 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12449 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12450 | fi | ||
12451 | |||
12452 | fi | ||
12453 | |||
12454 | if test "x$ac_cv_func_getaddrinfo" = "xyes"; then | ||
12455 | ac_fn_c_check_decl "$LINENO" "AI_NUMERICSERV" "ac_cv_have_decl_AI_NUMERICSERV" "#include <sys/types.h> | ||
12456 | #include <sys/socket.h> | ||
12457 | #include <netdb.h> | ||
12458 | " | ||
12459 | if test "x$ac_cv_have_decl_AI_NUMERICSERV" = xyes; then : | ||
12460 | ac_have_decl=1 | ||
12461 | else | ||
12462 | ac_have_decl=0 | ||
12463 | fi | ||
12464 | |||
12465 | cat >>confdefs.h <<_ACEOF | ||
12466 | #define HAVE_DECL_AI_NUMERICSERV $ac_have_decl | ||
12467 | _ACEOF | ||
12468 | |||
12469 | fi | ||
12470 | |||
12471 | if test "x$check_for_conflicting_getspnam" = "x1"; then | ||
12472 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5 | ||
12473 | $as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; } | ||
12474 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12475 | /* end confdefs.h. */ | ||
12476 | #include <shadow.h> | ||
12477 | int | ||
12478 | main () | ||
12479 | { | ||
12480 | exit(0); | ||
12481 | ; | ||
12482 | return 0; | ||
12483 | } | ||
12484 | _ACEOF | ||
12485 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12486 | |||
12487 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12488 | $as_echo "no" >&6; } | ||
12489 | |||
12490 | else | ||
12491 | |||
12492 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12493 | $as_echo "yes" >&6; } | ||
12494 | |||
12495 | $as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h | ||
12496 | |||
12497 | |||
12498 | |||
12499 | fi | ||
12500 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12501 | fi | ||
12502 | |||
12503 | if test "x$ac_cv_func_strnvis" = "xyes"; then | ||
12504 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strnvis" >&5 | ||
12505 | $as_echo_n "checking for working strnvis... " >&6; } | ||
12506 | if test "$cross_compiling" = yes; then : | ||
12507 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming broken" >&5 | ||
12508 | $as_echo "$as_me: WARNING: cross compiling: assuming broken" >&2;} | ||
12509 | |||
12510 | $as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h | ||
12511 | |||
12512 | |||
12513 | else | ||
12514 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12515 | /* end confdefs.h. */ | ||
12516 | |||
12517 | #include <signal.h> | ||
12518 | #include <stdlib.h> | ||
12519 | #include <string.h> | ||
12520 | #include <vis.h> | ||
12521 | static void sighandler(int sig) { _exit(1); } | ||
12522 | |||
12523 | int | ||
12524 | main () | ||
12525 | { | ||
12526 | |||
12527 | char dst[16]; | ||
12528 | |||
12529 | signal(SIGSEGV, sighandler); | ||
12530 | if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) | ||
12531 | exit(0); | ||
12532 | exit(1) | ||
12533 | |||
12534 | ; | ||
12535 | return 0; | ||
12536 | } | ||
12537 | _ACEOF | ||
12538 | if ac_fn_c_try_run "$LINENO"; then : | ||
12539 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12540 | $as_echo "yes" >&6; } | ||
12541 | else | ||
12542 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12543 | $as_echo "no" >&6; } | ||
12544 | |||
12545 | $as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h | ||
12546 | |||
12547 | fi | ||
12548 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12549 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12550 | fi | ||
12551 | |||
12552 | fi | ||
12553 | |||
12554 | for ac_func in getpgrp | ||
12555 | do : | ||
12556 | ac_fn_c_check_func "$LINENO" "getpgrp" "ac_cv_func_getpgrp" | ||
12557 | if test "x$ac_cv_func_getpgrp" = xyes; then : | ||
12558 | cat >>confdefs.h <<_ACEOF | ||
12559 | #define HAVE_GETPGRP 1 | ||
12560 | _ACEOF | ||
12561 | |||
12562 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getpgrp accepts zero args" >&5 | ||
12563 | $as_echo_n "checking if getpgrp accepts zero args... " >&6; } | ||
12564 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12565 | /* end confdefs.h. */ | ||
12566 | $ac_includes_default | ||
12567 | int | ||
12568 | main () | ||
12569 | { | ||
12570 | getpgrp(); | ||
12571 | ; | ||
12572 | return 0; | ||
12573 | } | ||
12574 | _ACEOF | ||
12575 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12576 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12577 | $as_echo "yes" >&6; } | ||
12578 | |||
12579 | $as_echo "#define GETPGRP_VOID 1" >>confdefs.h | ||
12580 | |||
12581 | else | ||
12582 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12583 | $as_echo "no" >&6; } | ||
12584 | |||
12585 | $as_echo "#define GETPGRP_VOID 0" >>confdefs.h | ||
12586 | |||
12587 | |||
12588 | fi | ||
12589 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12590 | |||
12591 | fi | ||
12592 | done | ||
12593 | |||
12594 | |||
12595 | # Search for OpenSSL | ||
12596 | saved_CPPFLAGS="$CPPFLAGS" | ||
12597 | saved_LDFLAGS="$LDFLAGS" | ||
12598 | |||
12599 | # Check whether --with-ssl-dir was given. | ||
12600 | if test "${with_ssl_dir+set}" = set; then : | ||
12601 | withval=$with_ssl_dir; | ||
12602 | if test "x$openssl" = "xno" ; then | ||
12603 | as_fn_error $? "cannot use --with-ssl-dir when OpenSSL disabled" "$LINENO" 5 | ||
12604 | fi | ||
12605 | if test "x$withval" != "xno" ; then | ||
12606 | case "$withval" in | ||
12607 | # Relative paths | ||
12608 | ./*|../*) withval="`pwd`/$withval" | ||
12609 | esac | ||
12610 | if test -d "$withval/lib"; then | ||
12611 | if test -n "${rpath_opt}"; then | ||
12612 | LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" | ||
12613 | else | ||
12614 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | ||
12615 | fi | ||
12616 | elif test -d "$withval/lib64"; then | ||
12617 | if test -n "${rpath_opt}"; then | ||
12618 | LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" | ||
12619 | else | ||
12620 | LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" | ||
12621 | fi | ||
12622 | else | ||
12623 | if test -n "${rpath_opt}"; then | ||
12624 | LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" | ||
12625 | else | ||
12626 | LDFLAGS="-L${withval} ${LDFLAGS}" | ||
12627 | fi | ||
12628 | fi | ||
12629 | if test -d "$withval/include"; then | ||
12630 | CPPFLAGS="-I${withval}/include ${CPPFLAGS}" | ||
12631 | else | ||
12632 | CPPFLAGS="-I${withval} ${CPPFLAGS}" | ||
12633 | fi | ||
12634 | fi | ||
12635 | |||
12636 | |||
12637 | fi | ||
12638 | |||
12639 | |||
12640 | |||
12641 | # Check whether --with-openssl-header-check was given. | ||
12642 | if test "${with_openssl_header_check+set}" = set; then : | ||
12643 | withval=$with_openssl_header_check; | ||
12644 | if test "x$withval" = "xno" ; then | ||
12645 | openssl_check_nonfatal=1 | ||
12646 | fi | ||
12647 | |||
12648 | |||
12649 | fi | ||
12650 | |||
12651 | |||
12652 | openssl_engine=no | ||
12653 | |||
12654 | # Check whether --with-ssl-engine was given. | ||
12655 | if test "${with_ssl_engine+set}" = set; then : | ||
12656 | withval=$with_ssl_engine; | ||
12657 | if test "x$withval" != "xno" ; then | ||
12658 | if test "x$openssl" = "xno" ; then | ||
12659 | as_fn_error $? "cannot use --with-ssl-engine when OpenSSL disabled" "$LINENO" 5 | ||
12660 | fi | ||
12661 | openssl_engine=yes | ||
12662 | fi | ||
12663 | |||
12664 | |||
12665 | fi | ||
12666 | |||
12667 | |||
12668 | if test "x$openssl" = "xyes" ; then | ||
12669 | LIBS="-lcrypto $LIBS" | ||
12670 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12671 | /* end confdefs.h. */ | ||
12672 | |||
12673 | /* Override any GCC internal prototype to avoid an error. | ||
12674 | Use char because int might match the return type of a GCC | ||
12675 | builtin and then its argument prototype would still apply. */ | ||
12676 | #ifdef __cplusplus | ||
12677 | extern "C" | ||
12678 | #endif | ||
12679 | char RAND_add (); | ||
12680 | int | ||
12681 | main () | ||
12682 | { | ||
12683 | return RAND_add (); | ||
12684 | ; | ||
12685 | return 0; | ||
12686 | } | ||
12687 | _ACEOF | ||
12688 | if ac_fn_c_try_link "$LINENO"; then : | ||
12689 | |||
12690 | else | ||
12691 | as_fn_error $? "*** working libcrypto not found, check config.log" "$LINENO" 5 | ||
12692 | fi | ||
12693 | rm -f core conftest.err conftest.$ac_objext \ | ||
12694 | conftest$ac_exeext conftest.$ac_ext | ||
12695 | ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default" | ||
12696 | if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then : | ||
12697 | |||
12698 | else | ||
12699 | as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5 | ||
12700 | fi | ||
12701 | |||
12702 | |||
12703 | |||
12704 | # Determine OpenSSL header version | ||
12705 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5 | ||
12706 | $as_echo_n "checking OpenSSL header version... " >&6; } | ||
12707 | if test "$cross_compiling" = yes; then : | ||
12708 | |||
12709 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
12710 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
12711 | |||
12712 | |||
12713 | else | ||
12714 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12715 | /* end confdefs.h. */ | ||
12716 | |||
12717 | #include <stdlib.h> | ||
12718 | #include <stdio.h> | ||
12719 | #include <string.h> | ||
12720 | #include <openssl/opensslv.h> | ||
12721 | #define DATA "conftest.sslincver" | ||
12722 | |||
12723 | int | ||
12724 | main () | ||
12725 | { | ||
12726 | |||
12727 | FILE *fd; | ||
12728 | int rc; | ||
12729 | |||
12730 | fd = fopen(DATA,"w"); | ||
12731 | if(fd == NULL) | ||
12732 | exit(1); | ||
12733 | |||
12734 | if ((rc = fprintf(fd, "%08lx (%s)\n", | ||
12735 | (unsigned long)OPENSSL_VERSION_NUMBER, | ||
12736 | OPENSSL_VERSION_TEXT)) < 0) | ||
12737 | exit(1); | ||
12738 | |||
12739 | exit(0); | ||
12740 | |||
12741 | ; | ||
12742 | return 0; | ||
12743 | } | ||
12744 | _ACEOF | ||
12745 | if ac_fn_c_try_run "$LINENO"; then : | ||
12746 | |||
12747 | ssl_header_ver=`cat conftest.sslincver` | ||
12748 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5 | ||
12749 | $as_echo "$ssl_header_ver" >&6; } | ||
12750 | |||
12751 | else | ||
12752 | |||
12753 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
12754 | $as_echo "not found" >&6; } | ||
12755 | as_fn_error $? "OpenSSL version header not found." "$LINENO" 5 | ||
12756 | |||
12757 | fi | ||
12758 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12759 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12760 | fi | ||
12761 | |||
12762 | |||
12763 | # Determining OpenSSL library version is version dependent. | ||
12764 | for ac_func in OpenSSL_version OpenSSL_version_num | ||
12765 | do : | ||
12766 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
12767 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
12768 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
12769 | cat >>confdefs.h <<_ACEOF | ||
12770 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
12771 | _ACEOF | ||
12772 | |||
12773 | fi | ||
12774 | done | ||
12775 | |||
12776 | |||
12777 | # Determine OpenSSL library version | ||
12778 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5 | ||
12779 | $as_echo_n "checking OpenSSL library version... " >&6; } | ||
12780 | if test "$cross_compiling" = yes; then : | ||
12781 | |||
12782 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
12783 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
12784 | |||
12785 | |||
12786 | else | ||
12787 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12788 | /* end confdefs.h. */ | ||
12789 | |||
12790 | #include <stdio.h> | ||
12791 | #include <string.h> | ||
12792 | #include <openssl/opensslv.h> | ||
12793 | #include <openssl/crypto.h> | ||
12794 | #define DATA "conftest.ssllibver" | ||
12795 | |||
12796 | int | ||
12797 | main () | ||
12798 | { | ||
12799 | |||
12800 | FILE *fd; | ||
12801 | int rc; | ||
12802 | |||
12803 | fd = fopen(DATA,"w"); | ||
12804 | if(fd == NULL) | ||
12805 | exit(1); | ||
12806 | #ifndef OPENSSL_VERSION | ||
12807 | # define OPENSSL_VERSION SSLEAY_VERSION | ||
12808 | #endif | ||
12809 | #ifndef HAVE_OPENSSL_VERSION | ||
12810 | # define OpenSSL_version SSLeay_version | ||
12811 | #endif | ||
12812 | #ifndef HAVE_OPENSSL_VERSION_NUM | ||
12813 | # define OpenSSL_version_num SSLeay | ||
12814 | #endif | ||
12815 | if ((rc = fprintf(fd, "%08lx (%s)\n", | ||
12816 | (unsigned long)OpenSSL_version_num(), | ||
12817 | OpenSSL_version(OPENSSL_VERSION))) < 0) | ||
12818 | exit(1); | ||
12819 | |||
12820 | exit(0); | ||
12821 | |||
12822 | ; | ||
12823 | return 0; | ||
12824 | } | ||
12825 | _ACEOF | ||
12826 | if ac_fn_c_try_run "$LINENO"; then : | ||
12827 | |||
12828 | ssl_library_ver=`cat conftest.ssllibver` | ||
12829 | # Check version is supported. | ||
12830 | case "$ssl_library_ver" in | ||
12831 | 10000*|0*) | ||
12832 | as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5 | ||
12833 | ;; | ||
12834 | 100*) ;; # 1.0.x | ||
12835 | 101000[0123456]*) | ||
12836 | # https://github.com/openssl/openssl/pull/4613 | ||
12837 | as_fn_error $? "OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have \"$ssl_library_ver\")" "$LINENO" 5 | ||
12838 | ;; | ||
12839 | 101*) ;; # 1.1.x | ||
12840 | 200*) ;; # LibreSSL | ||
12841 | 300*) ;; # OpenSSL development branch. | ||
12842 | *) | ||
12843 | as_fn_error $? "Unknown/unsupported OpenSSL version (\"$ssl_library_ver\")" "$LINENO" 5 | ||
12844 | ;; | ||
12845 | esac | ||
12846 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 | ||
12847 | $as_echo "$ssl_library_ver" >&6; } | ||
12848 | |||
12849 | else | ||
12850 | |||
12851 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
12852 | $as_echo "not found" >&6; } | ||
12853 | as_fn_error $? "OpenSSL library not found." "$LINENO" 5 | ||
12854 | |||
12855 | fi | ||
12856 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12857 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12858 | fi | ||
12859 | |||
12860 | |||
12861 | # Sanity check OpenSSL headers | ||
12862 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5 | ||
12863 | $as_echo_n "checking whether OpenSSL's headers match the library... " >&6; } | ||
12864 | if test "$cross_compiling" = yes; then : | ||
12865 | |||
12866 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
12867 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
12868 | |||
12869 | |||
12870 | else | ||
12871 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12872 | /* end confdefs.h. */ | ||
12873 | |||
12874 | #include <string.h> | ||
12875 | #include <openssl/opensslv.h> | ||
12876 | #include <openssl/crypto.h> | ||
12877 | |||
12878 | int | ||
12879 | main () | ||
12880 | { | ||
12881 | |||
12882 | #ifndef HAVE_OPENSSL_VERSION_NUM | ||
12883 | # define OpenSSL_version_num SSLeay | ||
12884 | #endif | ||
12885 | exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); | ||
12886 | |||
12887 | ; | ||
12888 | return 0; | ||
12889 | } | ||
12890 | _ACEOF | ||
12891 | if ac_fn_c_try_run "$LINENO"; then : | ||
12892 | |||
12893 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12894 | $as_echo "yes" >&6; } | ||
12895 | |||
12896 | else | ||
12897 | |||
12898 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12899 | $as_echo "no" >&6; } | ||
12900 | if test "x$openssl_check_nonfatal" = "x"; then | ||
12901 | as_fn_error $? "Your OpenSSL headers do not match your | ||
12902 | library. Check config.log for details. | ||
12903 | If you are sure your installation is consistent, you can disable the check | ||
12904 | by running \"./configure --without-openssl-header-check\". | ||
12905 | Also see contrib/findssl.sh for help identifying header/library mismatches. | ||
12906 | " "$LINENO" 5 | ||
12907 | else | ||
12908 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your | ||
12909 | library. Check config.log for details. | ||
12910 | Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 | ||
12911 | $as_echo "$as_me: WARNING: Your OpenSSL headers do not match your | ||
12912 | library. Check config.log for details. | ||
12913 | Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;} | ||
12914 | fi | ||
12915 | |||
12916 | fi | ||
12917 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12918 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12919 | fi | ||
12920 | |||
12921 | |||
12922 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5 | ||
12923 | $as_echo_n "checking if programs using OpenSSL functions will link... " >&6; } | ||
12924 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12925 | /* end confdefs.h. */ | ||
12926 | #include <openssl/err.h> | ||
12927 | int | ||
12928 | main () | ||
12929 | { | ||
12930 | ERR_load_crypto_strings(); | ||
12931 | ; | ||
12932 | return 0; | ||
12933 | } | ||
12934 | _ACEOF | ||
12935 | if ac_fn_c_try_link "$LINENO"; then : | ||
12936 | |||
12937 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12938 | $as_echo "yes" >&6; } | ||
12939 | |||
12940 | else | ||
12941 | |||
12942 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12943 | $as_echo "no" >&6; } | ||
12944 | saved_LIBS="$LIBS" | ||
12945 | LIBS="$LIBS -ldl" | ||
12946 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5 | ||
12947 | $as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; } | ||
12948 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12949 | /* end confdefs.h. */ | ||
12950 | #include <openssl/err.h> | ||
12951 | int | ||
12952 | main () | ||
12953 | { | ||
12954 | ERR_load_crypto_strings(); | ||
12955 | ; | ||
12956 | return 0; | ||
12957 | } | ||
12958 | _ACEOF | ||
12959 | if ac_fn_c_try_link "$LINENO"; then : | ||
12960 | |||
12961 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12962 | $as_echo "yes" >&6; } | ||
12963 | |||
12964 | else | ||
12965 | |||
12966 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12967 | $as_echo "no" >&6; } | ||
12968 | LIBS="$saved_LIBS" | ||
12969 | |||
12970 | |||
12971 | fi | ||
12972 | rm -f core conftest.err conftest.$ac_objext \ | ||
12973 | conftest$ac_exeext conftest.$ac_ext | ||
12974 | |||
12975 | |||
12976 | fi | ||
12977 | rm -f core conftest.err conftest.$ac_objext \ | ||
12978 | conftest$ac_exeext conftest.$ac_ext | ||
12979 | |||
12980 | for ac_func in \ | ||
12981 | BN_is_prime_ex \ | ||
12982 | DSA_generate_parameters_ex \ | ||
12983 | EVP_CIPHER_CTX_ctrl \ | ||
12984 | EVP_DigestFinal_ex \ | ||
12985 | EVP_DigestInit_ex \ | ||
12986 | EVP_MD_CTX_cleanup \ | ||
12987 | EVP_MD_CTX_copy_ex \ | ||
12988 | EVP_MD_CTX_init \ | ||
12989 | HMAC_CTX_init \ | ||
12990 | RSA_generate_key_ex \ | ||
12991 | RSA_get_default_method \ | ||
12992 | |||
12993 | do : | ||
12994 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
12995 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
12996 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
12997 | cat >>confdefs.h <<_ACEOF | ||
12998 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
12999 | _ACEOF | ||
13000 | |||
13001 | fi | ||
13002 | done | ||
13003 | |||
13004 | |||
13005 | # OpenSSL_add_all_algorithms may be a macro. | ||
13006 | ac_fn_c_check_func "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_func_OpenSSL_add_all_algorithms" | ||
13007 | if test "x$ac_cv_func_OpenSSL_add_all_algorithms" = xyes; then : | ||
13008 | |||
13009 | $as_echo "#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1" >>confdefs.h | ||
13010 | |||
13011 | else | ||
13012 | ac_fn_c_check_decl "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_have_decl_OpenSSL_add_all_algorithms" "#include <openssl/evp.h> | ||
13013 | |||
13014 | " | ||
13015 | if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then : | ||
13016 | |||
13017 | $as_echo "#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1" >>confdefs.h | ||
13018 | |||
13019 | fi | ||
13020 | |||
13021 | |||
13022 | fi | ||
13023 | |||
13024 | |||
13025 | # LibreSSL/OpenSSL 1.1x API | ||
13026 | for ac_func in \ | ||
13027 | OPENSSL_init_crypto \ | ||
13028 | DH_get0_key \ | ||
13029 | DH_get0_pqg \ | ||
13030 | DH_set0_key \ | ||
13031 | DH_set_length \ | ||
13032 | DH_set0_pqg \ | ||
13033 | DSA_get0_key \ | ||
13034 | DSA_get0_pqg \ | ||
13035 | DSA_set0_key \ | ||
13036 | DSA_set0_pqg \ | ||
13037 | DSA_SIG_get0 \ | ||
13038 | DSA_SIG_set0 \ | ||
13039 | ECDSA_SIG_get0 \ | ||
13040 | ECDSA_SIG_set0 \ | ||
13041 | EVP_CIPHER_CTX_iv \ | ||
13042 | EVP_CIPHER_CTX_iv_noconst \ | ||
13043 | EVP_CIPHER_CTX_get_iv \ | ||
13044 | EVP_CIPHER_CTX_set_iv \ | ||
13045 | RSA_get0_crt_params \ | ||
13046 | RSA_get0_factors \ | ||
13047 | RSA_get0_key \ | ||
13048 | RSA_set0_crt_params \ | ||
13049 | RSA_set0_factors \ | ||
13050 | RSA_set0_key \ | ||
13051 | RSA_meth_free \ | ||
13052 | RSA_meth_dup \ | ||
13053 | RSA_meth_set1_name \ | ||
13054 | RSA_meth_get_finish \ | ||
13055 | RSA_meth_set_priv_enc \ | ||
13056 | RSA_meth_set_priv_dec \ | ||
13057 | RSA_meth_set_finish \ | ||
13058 | EVP_PKEY_get0_RSA \ | ||
13059 | EVP_MD_CTX_new \ | ||
13060 | EVP_MD_CTX_free \ | ||
13061 | |||
13062 | do : | ||
13063 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
13064 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
13065 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
13066 | cat >>confdefs.h <<_ACEOF | ||
13067 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
13068 | _ACEOF | ||
13069 | |||
13070 | fi | ||
13071 | done | ||
13072 | |||
13073 | |||
13074 | if test "x$openssl_engine" = "xyes" ; then | ||
13075 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5 | ||
13076 | $as_echo_n "checking for OpenSSL ENGINE support... " >&6; } | ||
13077 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13078 | /* end confdefs.h. */ | ||
13079 | |||
13080 | #include <openssl/engine.h> | ||
13081 | |||
13082 | int | ||
13083 | main () | ||
13084 | { | ||
13085 | |||
13086 | ENGINE_load_builtin_engines(); | ||
13087 | ENGINE_register_all_complete(); | ||
13088 | |||
13089 | ; | ||
13090 | return 0; | ||
13091 | } | ||
13092 | _ACEOF | ||
13093 | if ac_fn_c_try_compile "$LINENO"; then : | ||
13094 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13095 | $as_echo "yes" >&6; } | ||
13096 | |||
13097 | $as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h | ||
13098 | |||
13099 | |||
13100 | else | ||
13101 | as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5 | ||
13102 | |||
13103 | fi | ||
13104 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
13105 | fi | ||
13106 | |||
13107 | # Check for OpenSSL without EVP_aes_{192,256}_cbc | ||
13108 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5 | ||
13109 | $as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; } | ||
13110 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13111 | /* end confdefs.h. */ | ||
13112 | |||
13113 | #include <string.h> | ||
13114 | #include <openssl/evp.h> | ||
13115 | |||
13116 | int | ||
13117 | main () | ||
13118 | { | ||
13119 | |||
13120 | exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); | ||
13121 | |||
13122 | ; | ||
13123 | return 0; | ||
13124 | } | ||
13125 | _ACEOF | ||
13126 | if ac_fn_c_try_link "$LINENO"; then : | ||
13127 | |||
13128 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13129 | $as_echo "no" >&6; } | ||
13130 | |||
13131 | else | ||
13132 | |||
13133 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13134 | $as_echo "yes" >&6; } | ||
13135 | |||
13136 | $as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h | ||
13137 | |||
13138 | |||
13139 | |||
13140 | fi | ||
13141 | rm -f core conftest.err conftest.$ac_objext \ | ||
13142 | conftest$ac_exeext conftest.$ac_ext | ||
13143 | |||
13144 | # Check for OpenSSL with EVP_aes_*ctr | ||
13145 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5 | ||
13146 | $as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; } | ||
13147 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13148 | /* end confdefs.h. */ | ||
13149 | |||
13150 | #include <string.h> | ||
13151 | #include <openssl/evp.h> | ||
13152 | |||
13153 | int | ||
13154 | main () | ||
13155 | { | ||
13156 | |||
13157 | exit(EVP_aes_128_ctr() == NULL || | ||
13158 | EVP_aes_192_cbc() == NULL || | ||
13159 | EVP_aes_256_cbc() == NULL); | ||
13160 | |||
13161 | ; | ||
13162 | return 0; | ||
13163 | } | ||
13164 | _ACEOF | ||
13165 | if ac_fn_c_try_link "$LINENO"; then : | ||
13166 | |||
13167 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13168 | $as_echo "yes" >&6; } | ||
13169 | |||
13170 | $as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h | ||
13171 | |||
13172 | |||
13173 | else | ||
13174 | |||
13175 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13176 | $as_echo "no" >&6; } | ||
13177 | |||
13178 | |||
13179 | fi | ||
13180 | rm -f core conftest.err conftest.$ac_objext \ | ||
13181 | conftest$ac_exeext conftest.$ac_ext | ||
13182 | |||
13183 | # Check for OpenSSL with EVP_aes_*gcm | ||
13184 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5 | ||
13185 | $as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; } | ||
13186 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13187 | /* end confdefs.h. */ | ||
13188 | |||
13189 | #include <string.h> | ||
13190 | #include <openssl/evp.h> | ||
13191 | |||
13192 | int | ||
13193 | main () | ||
13194 | { | ||
13195 | |||
13196 | exit(EVP_aes_128_gcm() == NULL || | ||
13197 | EVP_aes_256_gcm() == NULL || | ||
13198 | EVP_CTRL_GCM_SET_IV_FIXED == 0 || | ||
13199 | EVP_CTRL_GCM_IV_GEN == 0 || | ||
13200 | EVP_CTRL_GCM_SET_TAG == 0 || | ||
13201 | EVP_CTRL_GCM_GET_TAG == 0 || | ||
13202 | EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); | ||
13203 | |||
13204 | ; | ||
13205 | return 0; | ||
13206 | } | ||
13207 | _ACEOF | ||
13208 | if ac_fn_c_try_link "$LINENO"; then : | ||
13209 | |||
13210 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13211 | $as_echo "yes" >&6; } | ||
13212 | |||
13213 | $as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h | ||
13214 | |||
13215 | |||
13216 | else | ||
13217 | |||
13218 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13219 | $as_echo "no" >&6; } | ||
13220 | unsupported_algorithms="$unsupported_cipers \ | ||
13221 | aes128-gcm@openssh.com \ | ||
13222 | aes256-gcm@openssh.com" | ||
13223 | |||
13224 | |||
13225 | fi | ||
13226 | rm -f core conftest.err conftest.$ac_objext \ | ||
13227 | conftest$ac_exeext conftest.$ac_ext | ||
13228 | |||
13229 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5 | ||
13230 | $as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; } | ||
13231 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13232 | /* end confdefs.h. */ | ||
13233 | |||
13234 | #include <string.h> | ||
13235 | #include <openssl/evp.h> | ||
13236 | |||
13237 | int | ||
13238 | main () | ||
13239 | { | ||
13240 | |||
13241 | if(EVP_DigestUpdate(NULL, NULL,0)) | ||
13242 | exit(0); | ||
13243 | |||
13244 | ; | ||
13245 | return 0; | ||
13246 | } | ||
13247 | _ACEOF | ||
13248 | if ac_fn_c_try_link "$LINENO"; then : | ||
13249 | |||
13250 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13251 | $as_echo "yes" >&6; } | ||
13252 | |||
13253 | else | ||
13254 | |||
13255 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13256 | $as_echo "no" >&6; } | ||
13257 | |||
13258 | $as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h | ||
13259 | |||
13260 | |||
13261 | |||
13262 | fi | ||
13263 | rm -f core conftest.err conftest.$ac_objext \ | ||
13264 | conftest$ac_exeext conftest.$ac_ext | ||
13265 | |||
13266 | # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, | ||
13267 | # because the system crypt() is more featureful. | ||
13268 | if test "x$check_for_libcrypt_before" = "x1"; then | ||
13269 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 | ||
13270 | $as_echo_n "checking for crypt in -lcrypt... " >&6; } | ||
13271 | if ${ac_cv_lib_crypt_crypt+:} false; then : | ||
13272 | $as_echo_n "(cached) " >&6 | ||
13273 | else | ||
13274 | ac_check_lib_save_LIBS=$LIBS | ||
13275 | LIBS="-lcrypt $LIBS" | ||
13276 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13277 | /* end confdefs.h. */ | ||
13278 | |||
13279 | /* Override any GCC internal prototype to avoid an error. | ||
13280 | Use char because int might match the return type of a GCC | ||
13281 | builtin and then its argument prototype would still apply. */ | ||
13282 | #ifdef __cplusplus | ||
13283 | extern "C" | ||
13284 | #endif | ||
13285 | char crypt (); | ||
13286 | int | ||
13287 | main () | ||
13288 | { | ||
13289 | return crypt (); | ||
13290 | ; | ||
13291 | return 0; | ||
13292 | } | ||
13293 | _ACEOF | ||
13294 | if ac_fn_c_try_link "$LINENO"; then : | ||
13295 | ac_cv_lib_crypt_crypt=yes | ||
13296 | else | ||
13297 | ac_cv_lib_crypt_crypt=no | ||
13298 | fi | ||
13299 | rm -f core conftest.err conftest.$ac_objext \ | ||
13300 | conftest$ac_exeext conftest.$ac_ext | ||
13301 | LIBS=$ac_check_lib_save_LIBS | ||
13302 | fi | ||
13303 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 | ||
13304 | $as_echo "$ac_cv_lib_crypt_crypt" >&6; } | ||
13305 | if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | ||
13306 | cat >>confdefs.h <<_ACEOF | ||
13307 | #define HAVE_LIBCRYPT 1 | ||
13308 | _ACEOF | ||
13309 | |||
13310 | LIBS="-lcrypt $LIBS" | ||
13311 | |||
13312 | fi | ||
13313 | |||
13314 | fi | ||
13315 | |||
13316 | # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the | ||
13317 | # version in OpenSSL. | ||
13318 | if test "x$check_for_libcrypt_later" = "x1"; then | ||
13319 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 | ||
13320 | $as_echo_n "checking for crypt in -lcrypt... " >&6; } | ||
13321 | if ${ac_cv_lib_crypt_crypt+:} false; then : | ||
13322 | $as_echo_n "(cached) " >&6 | ||
13323 | else | ||
13324 | ac_check_lib_save_LIBS=$LIBS | ||
13325 | LIBS="-lcrypt $LIBS" | ||
13326 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13327 | /* end confdefs.h. */ | ||
13328 | |||
13329 | /* Override any GCC internal prototype to avoid an error. | ||
13330 | Use char because int might match the return type of a GCC | ||
13331 | builtin and then its argument prototype would still apply. */ | ||
13332 | #ifdef __cplusplus | ||
13333 | extern "C" | ||
13334 | #endif | ||
13335 | char crypt (); | ||
13336 | int | ||
13337 | main () | ||
13338 | { | ||
13339 | return crypt (); | ||
13340 | ; | ||
13341 | return 0; | ||
13342 | } | ||
13343 | _ACEOF | ||
13344 | if ac_fn_c_try_link "$LINENO"; then : | ||
13345 | ac_cv_lib_crypt_crypt=yes | ||
13346 | else | ||
13347 | ac_cv_lib_crypt_crypt=no | ||
13348 | fi | ||
13349 | rm -f core conftest.err conftest.$ac_objext \ | ||
13350 | conftest$ac_exeext conftest.$ac_ext | ||
13351 | LIBS=$ac_check_lib_save_LIBS | ||
13352 | fi | ||
13353 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 | ||
13354 | $as_echo "$ac_cv_lib_crypt_crypt" >&6; } | ||
13355 | if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | ||
13356 | LIBS="$LIBS -lcrypt" | ||
13357 | fi | ||
13358 | |||
13359 | fi | ||
13360 | for ac_func in crypt DES_crypt | ||
13361 | do : | ||
13362 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
13363 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
13364 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
13365 | cat >>confdefs.h <<_ACEOF | ||
13366 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
13367 | _ACEOF | ||
13368 | |||
13369 | fi | ||
13370 | done | ||
13371 | |||
13372 | |||
13373 | # Check for SHA256, SHA384 and SHA512 support in OpenSSL | ||
13374 | for ac_func in EVP_sha256 EVP_sha384 EVP_sha512 | ||
13375 | do : | ||
13376 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
13377 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
13378 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
13379 | cat >>confdefs.h <<_ACEOF | ||
13380 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
13381 | _ACEOF | ||
13382 | |||
13383 | fi | ||
13384 | done | ||
13385 | |||
13386 | |||
13387 | # Search for RIPE-MD support in OpenSSL | ||
13388 | for ac_func in EVP_ripemd160 | ||
13389 | do : | ||
13390 | ac_fn_c_check_func "$LINENO" "EVP_ripemd160" "ac_cv_func_EVP_ripemd160" | ||
13391 | if test "x$ac_cv_func_EVP_ripemd160" = xyes; then : | ||
13392 | cat >>confdefs.h <<_ACEOF | ||
13393 | #define HAVE_EVP_RIPEMD160 1 | ||
13394 | _ACEOF | ||
13395 | |||
13396 | else | ||
13397 | unsupported_algorithms="$unsupported_algorithms \ | ||
13398 | hmac-ripemd160 \ | ||
13399 | hmac-ripemd160@openssh.com \ | ||
13400 | hmac-ripemd160-etm@openssh.com" | ||
13401 | |||
13402 | |||
13403 | fi | ||
13404 | done | ||
13405 | |||
13406 | |||
13407 | # Check complete ECC support in OpenSSL | ||
13408 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5 | ||
13409 | $as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; } | ||
13410 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13411 | /* end confdefs.h. */ | ||
13412 | |||
13413 | #include <openssl/ec.h> | ||
13414 | #include <openssl/ecdh.h> | ||
13415 | #include <openssl/ecdsa.h> | ||
13416 | #include <openssl/evp.h> | ||
13417 | #include <openssl/objects.h> | ||
13418 | #include <openssl/opensslv.h> | ||
13419 | |||
13420 | int | ||
13421 | main () | ||
13422 | { | ||
13423 | |||
13424 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | ||
13425 | const EVP_MD *m = EVP_sha256(); /* We need this too */ | ||
13426 | |||
13427 | ; | ||
13428 | return 0; | ||
13429 | } | ||
13430 | _ACEOF | ||
13431 | if ac_fn_c_try_link "$LINENO"; then : | ||
13432 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13433 | $as_echo "yes" >&6; } | ||
13434 | enable_nistp256=1 | ||
13435 | else | ||
13436 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13437 | $as_echo "no" >&6; } | ||
13438 | |||
13439 | fi | ||
13440 | rm -f core conftest.err conftest.$ac_objext \ | ||
13441 | conftest$ac_exeext conftest.$ac_ext | ||
13442 | |||
13443 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5 | ||
13444 | $as_echo_n "checking whether OpenSSL has NID_secp384r1... " >&6; } | ||
13445 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13446 | /* end confdefs.h. */ | ||
13447 | |||
13448 | #include <openssl/ec.h> | ||
13449 | #include <openssl/ecdh.h> | ||
13450 | #include <openssl/ecdsa.h> | ||
13451 | #include <openssl/evp.h> | ||
13452 | #include <openssl/objects.h> | ||
13453 | #include <openssl/opensslv.h> | ||
13454 | |||
13455 | int | ||
13456 | main () | ||
13457 | { | ||
13458 | |||
13459 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); | ||
13460 | const EVP_MD *m = EVP_sha384(); /* We need this too */ | ||
13461 | |||
13462 | ; | ||
13463 | return 0; | ||
13464 | } | ||
13465 | _ACEOF | ||
13466 | if ac_fn_c_try_link "$LINENO"; then : | ||
13467 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13468 | $as_echo "yes" >&6; } | ||
13469 | enable_nistp384=1 | ||
13470 | else | ||
13471 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13472 | $as_echo "no" >&6; } | ||
13473 | |||
13474 | fi | ||
13475 | rm -f core conftest.err conftest.$ac_objext \ | ||
13476 | conftest$ac_exeext conftest.$ac_ext | ||
13477 | |||
13478 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5 | ||
13479 | $as_echo_n "checking whether OpenSSL has NID_secp521r1... " >&6; } | ||
13480 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13481 | /* end confdefs.h. */ | ||
13482 | |||
13483 | #include <openssl/ec.h> | ||
13484 | #include <openssl/ecdh.h> | ||
13485 | #include <openssl/ecdsa.h> | ||
13486 | #include <openssl/evp.h> | ||
13487 | #include <openssl/objects.h> | ||
13488 | #include <openssl/opensslv.h> | ||
13489 | |||
13490 | int | ||
13491 | main () | ||
13492 | { | ||
13493 | |||
13494 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); | ||
13495 | const EVP_MD *m = EVP_sha512(); /* We need this too */ | ||
13496 | |||
13497 | ; | ||
13498 | return 0; | ||
13499 | } | ||
13500 | _ACEOF | ||
13501 | if ac_fn_c_try_link "$LINENO"; then : | ||
13502 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13503 | $as_echo "yes" >&6; } | ||
13504 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5 | ||
13505 | $as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; } | ||
13506 | if test "$cross_compiling" = yes; then : | ||
13507 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5 | ||
13508 | $as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;} | ||
13509 | enable_nistp521=1 | ||
13510 | |||
13511 | else | ||
13512 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13513 | /* end confdefs.h. */ | ||
13514 | |||
13515 | #include <openssl/ec.h> | ||
13516 | #include <openssl/ecdh.h> | ||
13517 | #include <openssl/ecdsa.h> | ||
13518 | #include <openssl/evp.h> | ||
13519 | #include <openssl/objects.h> | ||
13520 | #include <openssl/opensslv.h> | ||
13521 | |||
13522 | int | ||
13523 | main () | ||
13524 | { | ||
13525 | |||
13526 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); | ||
13527 | const EVP_MD *m = EVP_sha512(); /* We need this too */ | ||
13528 | exit(e == NULL || m == NULL); | ||
13529 | |||
13530 | ; | ||
13531 | return 0; | ||
13532 | } | ||
13533 | _ACEOF | ||
13534 | if ac_fn_c_try_run "$LINENO"; then : | ||
13535 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13536 | $as_echo "yes" >&6; } | ||
13537 | enable_nistp521=1 | ||
13538 | else | ||
13539 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13540 | $as_echo "no" >&6; } | ||
13541 | fi | ||
13542 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
13543 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
13544 | fi | ||
13545 | |||
13546 | else | ||
13547 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13548 | $as_echo "no" >&6; } | ||
13549 | |||
13550 | fi | ||
13551 | rm -f core conftest.err conftest.$ac_objext \ | ||
13552 | conftest$ac_exeext conftest.$ac_ext | ||
13553 | |||
13554 | COMMENT_OUT_ECC="#no ecc#" | ||
13555 | TEST_SSH_ECC=no | ||
13556 | |||
13557 | if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ | ||
13558 | test x$enable_nistp521 = x1; then | ||
13559 | |||
13560 | $as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h | ||
13561 | |||
13562 | for ac_func in EC_KEY_METHOD_new | ||
13563 | do : | ||
13564 | ac_fn_c_check_func "$LINENO" "EC_KEY_METHOD_new" "ac_cv_func_EC_KEY_METHOD_new" | ||
13565 | if test "x$ac_cv_func_EC_KEY_METHOD_new" = xyes; then : | ||
13566 | cat >>confdefs.h <<_ACEOF | ||
13567 | #define HAVE_EC_KEY_METHOD_NEW 1 | ||
13568 | _ACEOF | ||
13569 | |||
13570 | fi | ||
13571 | done | ||
13572 | |||
13573 | fi | ||
13574 | if test x$enable_nistp256 = x1; then | ||
13575 | |||
13576 | $as_echo "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h | ||
13577 | |||
13578 | TEST_SSH_ECC=yes | ||
13579 | COMMENT_OUT_ECC="" | ||
13580 | else | ||
13581 | unsupported_algorithms="$unsupported_algorithms \ | ||
13582 | ecdsa-sha2-nistp256 \ | ||
13583 | ecdh-sha2-nistp256 \ | ||
13584 | ecdsa-sha2-nistp256-cert-v01@openssh.com" | ||
13585 | fi | ||
13586 | if test x$enable_nistp384 = x1; then | ||
13587 | |||
13588 | $as_echo "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h | ||
13589 | |||
13590 | TEST_SSH_ECC=yes | ||
13591 | COMMENT_OUT_ECC="" | ||
13592 | else | ||
13593 | unsupported_algorithms="$unsupported_algorithms \ | ||
13594 | ecdsa-sha2-nistp384 \ | ||
13595 | ecdh-sha2-nistp384 \ | ||
13596 | ecdsa-sha2-nistp384-cert-v01@openssh.com" | ||
13597 | fi | ||
13598 | if test x$enable_nistp521 = x1; then | ||
13599 | |||
13600 | $as_echo "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h | ||
13601 | |||
13602 | TEST_SSH_ECC=yes | ||
13603 | COMMENT_OUT_ECC="" | ||
13604 | else | ||
13605 | unsupported_algorithms="$unsupported_algorithms \ | ||
13606 | ecdh-sha2-nistp521 \ | ||
13607 | ecdsa-sha2-nistp521 \ | ||
13608 | ecdsa-sha2-nistp521-cert-v01@openssh.com" | ||
13609 | fi | ||
13610 | |||
13611 | |||
13612 | |||
13613 | else | ||
13614 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 | ||
13615 | $as_echo_n "checking for crypt in -lcrypt... " >&6; } | ||
13616 | if ${ac_cv_lib_crypt_crypt+:} false; then : | ||
13617 | $as_echo_n "(cached) " >&6 | ||
13618 | else | ||
13619 | ac_check_lib_save_LIBS=$LIBS | ||
13620 | LIBS="-lcrypt $LIBS" | ||
13621 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13622 | /* end confdefs.h. */ | ||
13623 | |||
13624 | /* Override any GCC internal prototype to avoid an error. | ||
13625 | Use char because int might match the return type of a GCC | ||
13626 | builtin and then its argument prototype would still apply. */ | ||
13627 | #ifdef __cplusplus | ||
13628 | extern "C" | ||
13629 | #endif | ||
13630 | char crypt (); | ||
13631 | int | ||
13632 | main () | ||
13633 | { | ||
13634 | return crypt (); | ||
13635 | ; | ||
13636 | return 0; | ||
13637 | } | ||
13638 | _ACEOF | ||
13639 | if ac_fn_c_try_link "$LINENO"; then : | ||
13640 | ac_cv_lib_crypt_crypt=yes | ||
13641 | else | ||
13642 | ac_cv_lib_crypt_crypt=no | ||
13643 | fi | ||
13644 | rm -f core conftest.err conftest.$ac_objext \ | ||
13645 | conftest$ac_exeext conftest.$ac_ext | ||
13646 | LIBS=$ac_check_lib_save_LIBS | ||
13647 | fi | ||
13648 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 | ||
13649 | $as_echo "$ac_cv_lib_crypt_crypt" >&6; } | ||
13650 | if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | ||
13651 | LIBS="$LIBS -lcrypt" | ||
13652 | fi | ||
13653 | |||
13654 | for ac_func in crypt | ||
13655 | do : | ||
13656 | ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt" | ||
13657 | if test "x$ac_cv_func_crypt" = xyes; then : | ||
13658 | cat >>confdefs.h <<_ACEOF | ||
13659 | #define HAVE_CRYPT 1 | ||
13660 | _ACEOF | ||
13661 | |||
13662 | fi | ||
13663 | done | ||
13664 | |||
13665 | fi | ||
13666 | |||
13667 | for ac_func in \ | ||
13668 | arc4random \ | ||
13669 | arc4random_buf \ | ||
13670 | arc4random_stir \ | ||
13671 | arc4random_uniform \ | ||
13672 | |||
13673 | do : | ||
13674 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
13675 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
13676 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
13677 | cat >>confdefs.h <<_ACEOF | ||
13678 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
13679 | _ACEOF | ||
13680 | |||
13681 | fi | ||
13682 | done | ||
13683 | |||
13684 | |||
13685 | saved_LIBS="$LIBS" | ||
13686 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5 | ||
13687 | $as_echo_n "checking for ia_openinfo in -liaf... " >&6; } | ||
13688 | if ${ac_cv_lib_iaf_ia_openinfo+:} false; then : | ||
13689 | $as_echo_n "(cached) " >&6 | ||
13690 | else | ||
13691 | ac_check_lib_save_LIBS=$LIBS | ||
13692 | LIBS="-liaf $LIBS" | ||
13693 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13694 | /* end confdefs.h. */ | ||
13695 | |||
13696 | /* Override any GCC internal prototype to avoid an error. | ||
13697 | Use char because int might match the return type of a GCC | ||
13698 | builtin and then its argument prototype would still apply. */ | ||
13699 | #ifdef __cplusplus | ||
13700 | extern "C" | ||
13701 | #endif | ||
13702 | char ia_openinfo (); | ||
13703 | int | ||
13704 | main () | ||
13705 | { | ||
13706 | return ia_openinfo (); | ||
13707 | ; | ||
13708 | return 0; | ||
13709 | } | ||
13710 | _ACEOF | ||
13711 | if ac_fn_c_try_link "$LINENO"; then : | ||
13712 | ac_cv_lib_iaf_ia_openinfo=yes | ||
13713 | else | ||
13714 | ac_cv_lib_iaf_ia_openinfo=no | ||
13715 | fi | ||
13716 | rm -f core conftest.err conftest.$ac_objext \ | ||
13717 | conftest$ac_exeext conftest.$ac_ext | ||
13718 | LIBS=$ac_check_lib_save_LIBS | ||
13719 | fi | ||
13720 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5 | ||
13721 | $as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; } | ||
13722 | if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then : | ||
13723 | |||
13724 | LIBS="$LIBS -liaf" | ||
13725 | for ac_func in set_id | ||
13726 | do : | ||
13727 | ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id" | ||
13728 | if test "x$ac_cv_func_set_id" = xyes; then : | ||
13729 | cat >>confdefs.h <<_ACEOF | ||
13730 | #define HAVE_SET_ID 1 | ||
13731 | _ACEOF | ||
13732 | SSHDLIBS="$SSHDLIBS -liaf" | ||
13733 | |||
13734 | $as_echo "#define HAVE_LIBIAF 1" >>confdefs.h | ||
13735 | |||
13736 | |||
13737 | fi | ||
13738 | done | ||
13739 | |||
13740 | |||
13741 | fi | ||
13742 | |||
13743 | LIBS="$saved_LIBS" | ||
13744 | |||
13745 | ### Configure cryptographic random number support | ||
13746 | |||
13747 | # Check whether OpenSSL seeds itself | ||
13748 | if test "x$openssl" = "xyes" ; then | ||
13749 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5 | ||
13750 | $as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; } | ||
13751 | if test "$cross_compiling" = yes; then : | ||
13752 | |||
13753 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
13754 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
13755 | # This is safe, since we will fatal() at runtime if | ||
13756 | # OpenSSL is not seeded correctly. | ||
13757 | OPENSSL_SEEDS_ITSELF=yes | ||
13758 | |||
13759 | |||
13760 | else | ||
13761 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13762 | /* end confdefs.h. */ | ||
13763 | |||
13764 | #include <string.h> | ||
13765 | #include <openssl/rand.h> | ||
13766 | |||
13767 | int | ||
13768 | main () | ||
13769 | { | ||
13770 | |||
13771 | exit(RAND_status() == 1 ? 0 : 1); | ||
13772 | |||
13773 | ; | ||
13774 | return 0; | ||
13775 | } | ||
13776 | _ACEOF | ||
13777 | if ac_fn_c_try_run "$LINENO"; then : | ||
13778 | |||
13779 | OPENSSL_SEEDS_ITSELF=yes | ||
13780 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13781 | $as_echo "yes" >&6; } | ||
13782 | |||
13783 | else | ||
13784 | |||
13785 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13786 | $as_echo "no" >&6; } | ||
13787 | |||
13788 | fi | ||
13789 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
13790 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
13791 | fi | ||
13792 | |||
13793 | fi | ||
13794 | |||
13795 | # PRNGD TCP socket | ||
13796 | |||
13797 | # Check whether --with-prngd-port was given. | ||
13798 | if test "${with_prngd_port+set}" = set; then : | ||
13799 | withval=$with_prngd_port; | ||
13800 | case "$withval" in | ||
13801 | no) | ||
13802 | withval="" | ||
13803 | ;; | ||
13804 | [0-9]*) | ||
13805 | ;; | ||
13806 | *) | ||
13807 | as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5 | ||
13808 | ;; | ||
13809 | esac | ||
13810 | if test ! -z "$withval" ; then | ||
13811 | PRNGD_PORT="$withval" | ||
13812 | |||
13813 | cat >>confdefs.h <<_ACEOF | ||
13814 | #define PRNGD_PORT $PRNGD_PORT | ||
13815 | _ACEOF | ||
13816 | |||
13817 | fi | ||
13818 | |||
13819 | |||
13820 | fi | ||
13821 | |||
13822 | |||
13823 | # PRNGD Unix domain socket | ||
13824 | |||
13825 | # Check whether --with-prngd-socket was given. | ||
13826 | if test "${with_prngd_socket+set}" = set; then : | ||
13827 | withval=$with_prngd_socket; | ||
13828 | case "$withval" in | ||
13829 | yes) | ||
13830 | withval="/var/run/egd-pool" | ||
13831 | ;; | ||
13832 | no) | ||
13833 | withval="" | ||
13834 | ;; | ||
13835 | /*) | ||
13836 | ;; | ||
13837 | *) | ||
13838 | as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5 | ||
13839 | ;; | ||
13840 | esac | ||
13841 | |||
13842 | if test ! -z "$withval" ; then | ||
13843 | if test ! -z "$PRNGD_PORT" ; then | ||
13844 | as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5 | ||
13845 | fi | ||
13846 | if test ! -r "$withval" ; then | ||
13847 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5 | ||
13848 | $as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;} | ||
13849 | fi | ||
13850 | PRNGD_SOCKET="$withval" | ||
13851 | |||
13852 | cat >>confdefs.h <<_ACEOF | ||
13853 | #define PRNGD_SOCKET "$PRNGD_SOCKET" | ||
13854 | _ACEOF | ||
13855 | |||
13856 | fi | ||
13857 | |||
13858 | else | ||
13859 | |||
13860 | # Check for existing socket only if we don't have a random device already | ||
13861 | if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then | ||
13862 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5 | ||
13863 | $as_echo_n "checking for PRNGD/EGD socket... " >&6; } | ||
13864 | # Insert other locations here | ||
13865 | for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do | ||
13866 | if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then | ||
13867 | PRNGD_SOCKET="$sock" | ||
13868 | cat >>confdefs.h <<_ACEOF | ||
13869 | #define PRNGD_SOCKET "$PRNGD_SOCKET" | ||
13870 | _ACEOF | ||
13871 | |||
13872 | break; | ||
13873 | fi | ||
13874 | done | ||
13875 | if test ! -z "$PRNGD_SOCKET" ; then | ||
13876 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5 | ||
13877 | $as_echo "$PRNGD_SOCKET" >&6; } | ||
13878 | else | ||
13879 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
13880 | $as_echo "not found" >&6; } | ||
13881 | fi | ||
13882 | fi | ||
13883 | |||
13884 | |||
13885 | fi | ||
13886 | |||
13887 | |||
13888 | # Which randomness source do we use? | ||
13889 | if test ! -z "$PRNGD_PORT" ; then | ||
13890 | RAND_MSG="PRNGd port $PRNGD_PORT" | ||
13891 | elif test ! -z "$PRNGD_SOCKET" ; then | ||
13892 | RAND_MSG="PRNGd socket $PRNGD_SOCKET" | ||
13893 | elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then | ||
13894 | |||
13895 | $as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h | ||
13896 | |||
13897 | RAND_MSG="OpenSSL internal ONLY" | ||
13898 | elif test "x$openssl" = "xno" ; then | ||
13899 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5 | ||
13900 | $as_echo "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;} | ||
13901 | else | ||
13902 | as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5 | ||
13903 | fi | ||
13904 | |||
13905 | # Check for PAM libs | ||
13906 | PAM_MSG="no" | ||
13907 | |||
13908 | # Check whether --with-pam was given. | ||
13909 | if test "${with_pam+set}" = set; then : | ||
13910 | withval=$with_pam; | ||
13911 | if test "x$withval" != "xno" ; then | ||
13912 | if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ | ||
13913 | test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then | ||
13914 | as_fn_error $? "PAM headers not found" "$LINENO" 5 | ||
13915 | fi | ||
13916 | |||
13917 | saved_LIBS="$LIBS" | ||
13918 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 | ||
13919 | $as_echo_n "checking for dlopen in -ldl... " >&6; } | ||
13920 | if ${ac_cv_lib_dl_dlopen+:} false; then : | ||
13921 | $as_echo_n "(cached) " >&6 | ||
13922 | else | ||
13923 | ac_check_lib_save_LIBS=$LIBS | ||
13924 | LIBS="-ldl $LIBS" | ||
13925 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13926 | /* end confdefs.h. */ | ||
13927 | |||
13928 | /* Override any GCC internal prototype to avoid an error. | ||
13929 | Use char because int might match the return type of a GCC | ||
13930 | builtin and then its argument prototype would still apply. */ | ||
13931 | #ifdef __cplusplus | ||
13932 | extern "C" | ||
13933 | #endif | ||
13934 | char dlopen (); | ||
13935 | int | ||
13936 | main () | ||
13937 | { | ||
13938 | return dlopen (); | ||
13939 | ; | ||
13940 | return 0; | ||
13941 | } | ||
13942 | _ACEOF | ||
13943 | if ac_fn_c_try_link "$LINENO"; then : | ||
13944 | ac_cv_lib_dl_dlopen=yes | ||
13945 | else | ||
13946 | ac_cv_lib_dl_dlopen=no | ||
13947 | fi | ||
13948 | rm -f core conftest.err conftest.$ac_objext \ | ||
13949 | conftest$ac_exeext conftest.$ac_ext | ||
13950 | LIBS=$ac_check_lib_save_LIBS | ||
13951 | fi | ||
13952 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 | ||
13953 | $as_echo "$ac_cv_lib_dl_dlopen" >&6; } | ||
13954 | if test "x$ac_cv_lib_dl_dlopen" = xyes; then : | ||
13955 | cat >>confdefs.h <<_ACEOF | ||
13956 | #define HAVE_LIBDL 1 | ||
13957 | _ACEOF | ||
13958 | |||
13959 | LIBS="-ldl $LIBS" | ||
13960 | |||
13961 | fi | ||
13962 | |||
13963 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5 | ||
13964 | $as_echo_n "checking for pam_set_item in -lpam... " >&6; } | ||
13965 | if ${ac_cv_lib_pam_pam_set_item+:} false; then : | ||
13966 | $as_echo_n "(cached) " >&6 | ||
13967 | else | ||
13968 | ac_check_lib_save_LIBS=$LIBS | ||
13969 | LIBS="-lpam $LIBS" | ||
13970 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13971 | /* end confdefs.h. */ | ||
13972 | |||
13973 | /* Override any GCC internal prototype to avoid an error. | ||
13974 | Use char because int might match the return type of a GCC | ||
13975 | builtin and then its argument prototype would still apply. */ | ||
13976 | #ifdef __cplusplus | ||
13977 | extern "C" | ||
13978 | #endif | ||
13979 | char pam_set_item (); | ||
13980 | int | ||
13981 | main () | ||
13982 | { | ||
13983 | return pam_set_item (); | ||
13984 | ; | ||
13985 | return 0; | ||
13986 | } | ||
13987 | _ACEOF | ||
13988 | if ac_fn_c_try_link "$LINENO"; then : | ||
13989 | ac_cv_lib_pam_pam_set_item=yes | ||
13990 | else | ||
13991 | ac_cv_lib_pam_pam_set_item=no | ||
13992 | fi | ||
13993 | rm -f core conftest.err conftest.$ac_objext \ | ||
13994 | conftest$ac_exeext conftest.$ac_ext | ||
13995 | LIBS=$ac_check_lib_save_LIBS | ||
13996 | fi | ||
13997 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5 | ||
13998 | $as_echo "$ac_cv_lib_pam_pam_set_item" >&6; } | ||
13999 | if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then : | ||
14000 | cat >>confdefs.h <<_ACEOF | ||
14001 | #define HAVE_LIBPAM 1 | ||
14002 | _ACEOF | ||
14003 | |||
14004 | LIBS="-lpam $LIBS" | ||
14005 | |||
14006 | else | ||
14007 | as_fn_error $? "*** libpam missing" "$LINENO" 5 | ||
14008 | fi | ||
14009 | |||
14010 | for ac_func in pam_getenvlist | ||
14011 | do : | ||
14012 | ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" | ||
14013 | if test "x$ac_cv_func_pam_getenvlist" = xyes; then : | ||
14014 | cat >>confdefs.h <<_ACEOF | ||
14015 | #define HAVE_PAM_GETENVLIST 1 | ||
14016 | _ACEOF | ||
14017 | |||
14018 | fi | ||
14019 | done | ||
14020 | |||
14021 | for ac_func in pam_putenv | ||
14022 | do : | ||
14023 | ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv" | ||
14024 | if test "x$ac_cv_func_pam_putenv" = xyes; then : | ||
14025 | cat >>confdefs.h <<_ACEOF | ||
14026 | #define HAVE_PAM_PUTENV 1 | ||
14027 | _ACEOF | ||
14028 | |||
14029 | fi | ||
14030 | done | ||
14031 | |||
14032 | LIBS="$saved_LIBS" | ||
14033 | |||
14034 | PAM_MSG="yes" | ||
14035 | |||
14036 | SSHDLIBS="$SSHDLIBS -lpam" | ||
14037 | |||
14038 | $as_echo "#define USE_PAM 1" >>confdefs.h | ||
14039 | |||
14040 | |||
14041 | if test $ac_cv_lib_dl_dlopen = yes; then | ||
14042 | case "$LIBS" in | ||
14043 | *-ldl*) | ||
14044 | # libdl already in LIBS | ||
14045 | ;; | ||
14046 | *) | ||
14047 | SSHDLIBS="$SSHDLIBS -ldl" | ||
14048 | ;; | ||
14049 | esac | ||
14050 | fi | ||
14051 | fi | ||
14052 | |||
14053 | |||
14054 | fi | ||
14055 | |||
14056 | |||
14057 | |||
14058 | # Check whether --with-pam-service was given. | ||
14059 | if test "${with_pam_service+set}" = set; then : | ||
14060 | withval=$with_pam_service; | ||
14061 | if test "x$withval" != "xno" && \ | ||
14062 | test "x$withval" != "xyes" ; then | ||
14063 | |||
14064 | cat >>confdefs.h <<_ACEOF | ||
14065 | #define SSHD_PAM_SERVICE "$withval" | ||
14066 | _ACEOF | ||
14067 | |||
14068 | fi | ||
14069 | |||
14070 | |||
14071 | fi | ||
14072 | |||
14073 | |||
14074 | # Check for older PAM | ||
14075 | if test "x$PAM_MSG" = "xyes" ; then | ||
14076 | # Check PAM strerror arguments (old PAM) | ||
14077 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5 | ||
14078 | $as_echo_n "checking whether pam_strerror takes only one argument... " >&6; } | ||
14079 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14080 | /* end confdefs.h. */ | ||
14081 | |||
14082 | #include <stdlib.h> | ||
14083 | #if defined(HAVE_SECURITY_PAM_APPL_H) | ||
14084 | #include <security/pam_appl.h> | ||
14085 | #elif defined (HAVE_PAM_PAM_APPL_H) | ||
14086 | #include <pam/pam_appl.h> | ||
14087 | #endif | ||
14088 | |||
14089 | int | ||
14090 | main () | ||
14091 | { | ||
14092 | |||
14093 | (void)pam_strerror((pam_handle_t *)NULL, -1); | ||
14094 | |||
14095 | ; | ||
14096 | return 0; | ||
14097 | } | ||
14098 | _ACEOF | ||
14099 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14100 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14101 | $as_echo "no" >&6; } | ||
14102 | else | ||
14103 | |||
14104 | |||
14105 | $as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h | ||
14106 | |||
14107 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14108 | $as_echo "yes" >&6; } | ||
14109 | PAM_MSG="yes (old library)" | ||
14110 | |||
14111 | |||
14112 | fi | ||
14113 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14114 | fi | ||
14115 | |||
14116 | case "$host" in | ||
14117 | *-*-cygwin*) | ||
14118 | SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER | ||
14119 | ;; | ||
14120 | *) | ||
14121 | SSH_PRIVSEP_USER=sshd | ||
14122 | ;; | ||
14123 | esac | ||
14124 | |||
14125 | # Check whether --with-privsep-user was given. | ||
14126 | if test "${with_privsep_user+set}" = set; then : | ||
14127 | withval=$with_privsep_user; | ||
14128 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
14129 | test "x${withval}" != "xyes"; then | ||
14130 | SSH_PRIVSEP_USER=$withval | ||
14131 | fi | ||
14132 | |||
14133 | |||
14134 | fi | ||
14135 | |||
14136 | if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then | ||
14137 | |||
14138 | cat >>confdefs.h <<_ACEOF | ||
14139 | #define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER | ||
14140 | _ACEOF | ||
14141 | |||
14142 | else | ||
14143 | |||
14144 | cat >>confdefs.h <<_ACEOF | ||
14145 | #define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER" | ||
14146 | _ACEOF | ||
14147 | |||
14148 | fi | ||
14149 | |||
14150 | |||
14151 | if test "x$have_linux_no_new_privs" = "x1" ; then | ||
14152 | ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" " | ||
14153 | #include <sys/types.h> | ||
14154 | #include <linux/seccomp.h> | ||
14155 | |||
14156 | " | ||
14157 | if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then : | ||
14158 | have_seccomp_filter=1 | ||
14159 | fi | ||
14160 | |||
14161 | fi | ||
14162 | if test "x$have_seccomp_filter" = "x1" ; then | ||
14163 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5 | ||
14164 | $as_echo_n "checking kernel for seccomp_filter support... " >&6; } | ||
14165 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14166 | /* end confdefs.h. */ | ||
14167 | |||
14168 | #include <errno.h> | ||
14169 | #include <elf.h> | ||
14170 | #include <linux/audit.h> | ||
14171 | #include <linux/seccomp.h> | ||
14172 | #include <stdlib.h> | ||
14173 | #include <sys/prctl.h> | ||
14174 | |||
14175 | int | ||
14176 | main () | ||
14177 | { | ||
14178 | int i = $seccomp_audit_arch; | ||
14179 | errno = 0; | ||
14180 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); | ||
14181 | exit(errno == EFAULT ? 0 : 1); | ||
14182 | ; | ||
14183 | return 0; | ||
14184 | } | ||
14185 | _ACEOF | ||
14186 | if ac_fn_c_try_link "$LINENO"; then : | ||
14187 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14188 | $as_echo "yes" >&6; } | ||
14189 | else | ||
14190 | |||
14191 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14192 | $as_echo "no" >&6; } | ||
14193 | # Disable seccomp filter as a target | ||
14194 | have_seccomp_filter=0 | ||
14195 | |||
14196 | |||
14197 | fi | ||
14198 | rm -f core conftest.err conftest.$ac_objext \ | ||
14199 | conftest$ac_exeext conftest.$ac_ext | ||
14200 | fi | ||
14201 | |||
14202 | # Decide which sandbox style to use | ||
14203 | sandbox_arg="" | ||
14204 | |||
14205 | # Check whether --with-sandbox was given. | ||
14206 | if test "${with_sandbox+set}" = set; then : | ||
14207 | withval=$with_sandbox; | ||
14208 | if test "x$withval" = "xyes" ; then | ||
14209 | sandbox_arg="" | ||
14210 | else | ||
14211 | sandbox_arg="$withval" | ||
14212 | fi | ||
14213 | |||
14214 | |||
14215 | fi | ||
14216 | |||
14217 | |||
14218 | # Some platforms (seems to be the ones that have a kernel poll(2)-type | ||
14219 | # function with which they implement select(2)) use an extra file descriptor | ||
14220 | # when calling select(2), which means we can't use the rlimit sandbox. | ||
14221 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5 | ||
14222 | $as_echo_n "checking if select works with descriptor rlimit... " >&6; } | ||
14223 | if test "$cross_compiling" = yes; then : | ||
14224 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
14225 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
14226 | select_works_with_rlimit=yes | ||
14227 | |||
14228 | else | ||
14229 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14230 | /* end confdefs.h. */ | ||
14231 | |||
14232 | #include <sys/types.h> | ||
14233 | #ifdef HAVE_SYS_TIME_H | ||
14234 | # include <sys/time.h> | ||
14235 | #endif | ||
14236 | #include <sys/resource.h> | ||
14237 | #ifdef HAVE_SYS_SELECT_H | ||
14238 | # include <sys/select.h> | ||
14239 | #endif | ||
14240 | #include <errno.h> | ||
14241 | #include <fcntl.h> | ||
14242 | #include <stdlib.h> | ||
14243 | |||
14244 | int | ||
14245 | main () | ||
14246 | { | ||
14247 | |||
14248 | struct rlimit rl_zero; | ||
14249 | int fd, r; | ||
14250 | fd_set fds; | ||
14251 | struct timeval tv; | ||
14252 | |||
14253 | fd = open("/dev/null", O_RDONLY); | ||
14254 | FD_ZERO(&fds); | ||
14255 | FD_SET(fd, &fds); | ||
14256 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
14257 | setrlimit(RLIMIT_FSIZE, &rl_zero); | ||
14258 | setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
14259 | tv.tv_sec = 1; | ||
14260 | tv.tv_usec = 0; | ||
14261 | r = select(fd+1, &fds, NULL, NULL, &tv); | ||
14262 | exit (r == -1 ? 1 : 0); | ||
14263 | |||
14264 | ; | ||
14265 | return 0; | ||
14266 | } | ||
14267 | _ACEOF | ||
14268 | if ac_fn_c_try_run "$LINENO"; then : | ||
14269 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14270 | $as_echo "yes" >&6; } | ||
14271 | select_works_with_rlimit=yes | ||
14272 | else | ||
14273 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14274 | $as_echo "no" >&6; } | ||
14275 | select_works_with_rlimit=no | ||
14276 | fi | ||
14277 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
14278 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
14279 | fi | ||
14280 | |||
14281 | |||
14282 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5 | ||
14283 | $as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; } | ||
14284 | if test "$cross_compiling" = yes; then : | ||
14285 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
14286 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
14287 | rlimit_nofile_zero_works=yes | ||
14288 | |||
14289 | else | ||
14290 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14291 | /* end confdefs.h. */ | ||
14292 | |||
14293 | #include <sys/types.h> | ||
14294 | #ifdef HAVE_SYS_TIME_H | ||
14295 | # include <sys/time.h> | ||
14296 | #endif | ||
14297 | #include <sys/resource.h> | ||
14298 | #include <errno.h> | ||
14299 | #include <stdlib.h> | ||
14300 | |||
14301 | int | ||
14302 | main () | ||
14303 | { | ||
14304 | |||
14305 | struct rlimit rl_zero; | ||
14306 | int r; | ||
14307 | |||
14308 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
14309 | r = setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
14310 | exit (r == -1 ? 1 : 0); | ||
14311 | |||
14312 | ; | ||
14313 | return 0; | ||
14314 | } | ||
14315 | _ACEOF | ||
14316 | if ac_fn_c_try_run "$LINENO"; then : | ||
14317 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14318 | $as_echo "yes" >&6; } | ||
14319 | rlimit_nofile_zero_works=yes | ||
14320 | else | ||
14321 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14322 | $as_echo "no" >&6; } | ||
14323 | rlimit_nofile_zero_works=no | ||
14324 | fi | ||
14325 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
14326 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
14327 | fi | ||
14328 | |||
14329 | |||
14330 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5 | ||
14331 | $as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; } | ||
14332 | if test "$cross_compiling" = yes; then : | ||
14333 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
14334 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
14335 | |||
14336 | else | ||
14337 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14338 | /* end confdefs.h. */ | ||
14339 | |||
14340 | #include <sys/types.h> | ||
14341 | #include <sys/resource.h> | ||
14342 | #include <stdlib.h> | ||
14343 | |||
14344 | int | ||
14345 | main () | ||
14346 | { | ||
14347 | |||
14348 | struct rlimit rl_zero; | ||
14349 | |||
14350 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
14351 | exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); | ||
14352 | |||
14353 | ; | ||
14354 | return 0; | ||
14355 | } | ||
14356 | _ACEOF | ||
14357 | if ac_fn_c_try_run "$LINENO"; then : | ||
14358 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14359 | $as_echo "yes" >&6; } | ||
14360 | else | ||
14361 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14362 | $as_echo "no" >&6; } | ||
14363 | |||
14364 | $as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h | ||
14365 | |||
14366 | fi | ||
14367 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
14368 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
14369 | fi | ||
14370 | |||
14371 | |||
14372 | if test "x$sandbox_arg" = "xpledge" || \ | ||
14373 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then | ||
14374 | test "x$ac_cv_func_pledge" != "xyes" && \ | ||
14375 | as_fn_error $? "pledge sandbox requires pledge(2) support" "$LINENO" 5 | ||
14376 | SANDBOX_STYLE="pledge" | ||
14377 | |||
14378 | $as_echo "#define SANDBOX_PLEDGE 1" >>confdefs.h | ||
14379 | |||
14380 | elif test "x$sandbox_arg" = "xsystrace" || \ | ||
14381 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | ||
14382 | test "x$have_systr_policy_kill" != "x1" && \ | ||
14383 | as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5 | ||
14384 | SANDBOX_STYLE="systrace" | ||
14385 | |||
14386 | $as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h | ||
14387 | |||
14388 | elif test "x$sandbox_arg" = "xdarwin" || \ | ||
14389 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ | ||
14390 | test "x$ac_cv_header_sandbox_h" = "xyes") ; then | ||
14391 | test "x$ac_cv_func_sandbox_init" != "xyes" -o \ | ||
14392 | "x$ac_cv_header_sandbox_h" != "xyes" && \ | ||
14393 | as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5 | ||
14394 | SANDBOX_STYLE="darwin" | ||
14395 | |||
14396 | $as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h | ||
14397 | |||
14398 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | ||
14399 | ( test -z "$sandbox_arg" && \ | ||
14400 | test "x$have_seccomp_filter" = "x1" && \ | ||
14401 | test "x$ac_cv_header_elf_h" = "xyes" && \ | ||
14402 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | ||
14403 | test "x$ac_cv_header_linux_filter_h" = "xyes" && \ | ||
14404 | test "x$seccomp_audit_arch" != "x" && \ | ||
14405 | test "x$have_linux_no_new_privs" = "x1" && \ | ||
14406 | test "x$ac_cv_func_prctl" = "xyes" ) ; then | ||
14407 | test "x$seccomp_audit_arch" = "x" && \ | ||
14408 | as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5 | ||
14409 | test "x$have_linux_no_new_privs" != "x1" && \ | ||
14410 | as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5 | ||
14411 | test "x$have_seccomp_filter" != "x1" && \ | ||
14412 | as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5 | ||
14413 | test "x$ac_cv_func_prctl" != "xyes" && \ | ||
14414 | as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5 | ||
14415 | SANDBOX_STYLE="seccomp_filter" | ||
14416 | |||
14417 | $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h | ||
14418 | |||
14419 | elif test "x$sandbox_arg" = "xcapsicum" || \ | ||
14420 | ( test -z "$sandbox_arg" && \ | ||
14421 | test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ | ||
14422 | test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then | ||
14423 | test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ | ||
14424 | as_fn_error $? "capsicum sandbox requires sys/capsicum.h header" "$LINENO" 5 | ||
14425 | test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ | ||
14426 | as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5 | ||
14427 | SANDBOX_STYLE="capsicum" | ||
14428 | |||
14429 | $as_echo "#define SANDBOX_CAPSICUM 1" >>confdefs.h | ||
14430 | |||
14431 | elif test "x$sandbox_arg" = "xrlimit" || \ | ||
14432 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ | ||
14433 | test "x$select_works_with_rlimit" = "xyes" && \ | ||
14434 | test "x$rlimit_nofile_zero_works" = "xyes" ) ; then | ||
14435 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | ||
14436 | as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 | ||
14437 | test "x$select_works_with_rlimit" != "xyes" && \ | ||
14438 | as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5 | ||
14439 | SANDBOX_STYLE="rlimit" | ||
14440 | |||
14441 | $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h | ||
14442 | |||
14443 | elif test "x$sandbox_arg" = "xsolaris" || \ | ||
14444 | ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then | ||
14445 | SANDBOX_STYLE="solaris" | ||
14446 | |||
14447 | $as_echo "#define SANDBOX_SOLARIS 1" >>confdefs.h | ||
14448 | |||
14449 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | ||
14450 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then | ||
14451 | SANDBOX_STYLE="none" | ||
14452 | |||
14453 | $as_echo "#define SANDBOX_NULL 1" >>confdefs.h | ||
14454 | |||
14455 | else | ||
14456 | as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5 | ||
14457 | fi | ||
14458 | |||
14459 | # Cheap hack to ensure NEWS-OS libraries are arranged right. | ||
14460 | if test ! -z "$SONY" ; then | ||
14461 | LIBS="$LIBS -liberty"; | ||
14462 | fi | ||
14463 | |||
14464 | # Check for long long datatypes | ||
14465 | ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" | ||
14466 | if test "x$ac_cv_type_long_long" = xyes; then : | ||
14467 | |||
14468 | cat >>confdefs.h <<_ACEOF | ||
14469 | #define HAVE_LONG_LONG 1 | ||
14470 | _ACEOF | ||
14471 | |||
14472 | |||
14473 | fi | ||
14474 | ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default" | ||
14475 | if test "x$ac_cv_type_unsigned_long_long" = xyes; then : | ||
14476 | |||
14477 | cat >>confdefs.h <<_ACEOF | ||
14478 | #define HAVE_UNSIGNED_LONG_LONG 1 | ||
14479 | _ACEOF | ||
14480 | |||
14481 | |||
14482 | fi | ||
14483 | ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default" | ||
14484 | if test "x$ac_cv_type_long_double" = xyes; then : | ||
14485 | |||
14486 | cat >>confdefs.h <<_ACEOF | ||
14487 | #define HAVE_LONG_DOUBLE 1 | ||
14488 | _ACEOF | ||
14489 | |||
14490 | |||
14491 | fi | ||
14492 | |||
14493 | |||
14494 | # Check datatype sizes | ||
14495 | # The cast to long int works around a bug in the HP C Compiler | ||
14496 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14497 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14498 | # This bug is HP SR number 8606223364. | ||
14499 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5 | ||
14500 | $as_echo_n "checking size of short int... " >&6; } | ||
14501 | if ${ac_cv_sizeof_short_int+:} false; then : | ||
14502 | $as_echo_n "(cached) " >&6 | ||
14503 | else | ||
14504 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then : | ||
14505 | |||
14506 | else | ||
14507 | if test "$ac_cv_type_short_int" = yes; then | ||
14508 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14509 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14510 | as_fn_error 77 "cannot compute sizeof (short int) | ||
14511 | See \`config.log' for more details" "$LINENO" 5; } | ||
14512 | else | ||
14513 | ac_cv_sizeof_short_int=0 | ||
14514 | fi | ||
14515 | fi | ||
14516 | |||
14517 | fi | ||
14518 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5 | ||
14519 | $as_echo "$ac_cv_sizeof_short_int" >&6; } | ||
14520 | |||
14521 | |||
14522 | |||
14523 | cat >>confdefs.h <<_ACEOF | ||
14524 | #define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int | ||
14525 | _ACEOF | ||
14526 | |||
14527 | |||
14528 | # The cast to long int works around a bug in the HP C Compiler | ||
14529 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14530 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14531 | # This bug is HP SR number 8606223364. | ||
14532 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 | ||
14533 | $as_echo_n "checking size of int... " >&6; } | ||
14534 | if ${ac_cv_sizeof_int+:} false; then : | ||
14535 | $as_echo_n "(cached) " >&6 | ||
14536 | else | ||
14537 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : | ||
14538 | |||
14539 | else | ||
14540 | if test "$ac_cv_type_int" = yes; then | ||
14541 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14542 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14543 | as_fn_error 77 "cannot compute sizeof (int) | ||
14544 | See \`config.log' for more details" "$LINENO" 5; } | ||
14545 | else | ||
14546 | ac_cv_sizeof_int=0 | ||
14547 | fi | ||
14548 | fi | ||
14549 | |||
14550 | fi | ||
14551 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 | ||
14552 | $as_echo "$ac_cv_sizeof_int" >&6; } | ||
14553 | |||
14554 | |||
14555 | |||
14556 | cat >>confdefs.h <<_ACEOF | ||
14557 | #define SIZEOF_INT $ac_cv_sizeof_int | ||
14558 | _ACEOF | ||
14559 | |||
14560 | |||
14561 | # The cast to long int works around a bug in the HP C Compiler | ||
14562 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14563 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14564 | # This bug is HP SR number 8606223364. | ||
14565 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 | ||
14566 | $as_echo_n "checking size of long int... " >&6; } | ||
14567 | if ${ac_cv_sizeof_long_int+:} false; then : | ||
14568 | $as_echo_n "(cached) " >&6 | ||
14569 | else | ||
14570 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then : | ||
14571 | |||
14572 | else | ||
14573 | if test "$ac_cv_type_long_int" = yes; then | ||
14574 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14575 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14576 | as_fn_error 77 "cannot compute sizeof (long int) | ||
14577 | See \`config.log' for more details" "$LINENO" 5; } | ||
14578 | else | ||
14579 | ac_cv_sizeof_long_int=0 | ||
14580 | fi | ||
14581 | fi | ||
14582 | |||
14583 | fi | ||
14584 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 | ||
14585 | $as_echo "$ac_cv_sizeof_long_int" >&6; } | ||
14586 | |||
14587 | |||
14588 | |||
14589 | cat >>confdefs.h <<_ACEOF | ||
14590 | #define SIZEOF_LONG_INT $ac_cv_sizeof_long_int | ||
14591 | _ACEOF | ||
14592 | |||
14593 | |||
14594 | # The cast to long int works around a bug in the HP C Compiler | ||
14595 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14596 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14597 | # This bug is HP SR number 8606223364. | ||
14598 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5 | ||
14599 | $as_echo_n "checking size of long long int... " >&6; } | ||
14600 | if ${ac_cv_sizeof_long_long_int+:} false; then : | ||
14601 | $as_echo_n "(cached) " >&6 | ||
14602 | else | ||
14603 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then : | ||
14604 | |||
14605 | else | ||
14606 | if test "$ac_cv_type_long_long_int" = yes; then | ||
14607 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14608 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14609 | as_fn_error 77 "cannot compute sizeof (long long int) | ||
14610 | See \`config.log' for more details" "$LINENO" 5; } | ||
14611 | else | ||
14612 | ac_cv_sizeof_long_long_int=0 | ||
14613 | fi | ||
14614 | fi | ||
14615 | |||
14616 | fi | ||
14617 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5 | ||
14618 | $as_echo "$ac_cv_sizeof_long_long_int" >&6; } | ||
14619 | |||
14620 | |||
14621 | |||
14622 | cat >>confdefs.h <<_ACEOF | ||
14623 | #define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int | ||
14624 | _ACEOF | ||
14625 | |||
14626 | |||
14627 | |||
14628 | # Sanity check long long for some platforms (AIX) | ||
14629 | if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then | ||
14630 | ac_cv_sizeof_long_long_int=0 | ||
14631 | fi | ||
14632 | |||
14633 | # compute LLONG_MIN and LLONG_MAX if we don't know them. | ||
14634 | if test -z "$have_llong_max"; then | ||
14635 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5 | ||
14636 | $as_echo_n "checking for max value of long long... " >&6; } | ||
14637 | if test "$cross_compiling" = yes; then : | ||
14638 | |||
14639 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
14640 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
14641 | |||
14642 | |||
14643 | else | ||
14644 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14645 | /* end confdefs.h. */ | ||
14646 | |||
14647 | #include <stdio.h> | ||
14648 | /* Why is this so damn hard? */ | ||
14649 | #ifdef __GNUC__ | ||
14650 | # undef __GNUC__ | ||
14651 | #endif | ||
14652 | #define __USE_ISOC99 | ||
14653 | #include <limits.h> | ||
14654 | #define DATA "conftest.llminmax" | ||
14655 | #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) | ||
14656 | |||
14657 | /* | ||
14658 | * printf in libc on some platforms (eg old Tru64) does not understand %lld so | ||
14659 | * we do this the hard way. | ||
14660 | */ | ||
14661 | static int | ||
14662 | fprint_ll(FILE *f, long long n) | ||
14663 | { | ||
14664 | unsigned int i; | ||
14665 | int l[sizeof(long long) * 8]; | ||
14666 | |||
14667 | if (n < 0) | ||
14668 | if (fprintf(f, "-") < 0) | ||
14669 | return -1; | ||
14670 | for (i = 0; n != 0; i++) { | ||
14671 | l[i] = my_abs(n % 10); | ||
14672 | n /= 10; | ||
14673 | } | ||
14674 | do { | ||
14675 | if (fprintf(f, "%d", l[--i]) < 0) | ||
14676 | return -1; | ||
14677 | } while (i != 0); | ||
14678 | if (fprintf(f, " ") < 0) | ||
14679 | return -1; | ||
14680 | return 0; | ||
14681 | } | ||
14682 | |||
14683 | int | ||
14684 | main () | ||
14685 | { | ||
14686 | |||
14687 | FILE *f; | ||
14688 | long long i, llmin, llmax = 0; | ||
14689 | |||
14690 | if((f = fopen(DATA,"w")) == NULL) | ||
14691 | exit(1); | ||
14692 | |||
14693 | #if defined(LLONG_MIN) && defined(LLONG_MAX) | ||
14694 | fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); | ||
14695 | llmin = LLONG_MIN; | ||
14696 | llmax = LLONG_MAX; | ||
14697 | #else | ||
14698 | fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); | ||
14699 | /* This will work on one's complement and two's complement */ | ||
14700 | for (i = 1; i > llmax; i <<= 1, i++) | ||
14701 | llmax = i; | ||
14702 | llmin = llmax + 1LL; /* wrap */ | ||
14703 | #endif | ||
14704 | |||
14705 | /* Sanity check */ | ||
14706 | if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax | ||
14707 | || llmax - 1 > llmax || llmin == llmax || llmin == 0 | ||
14708 | || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { | ||
14709 | fprintf(f, "unknown unknown\n"); | ||
14710 | exit(2); | ||
14711 | } | ||
14712 | |||
14713 | if (fprint_ll(f, llmin) < 0) | ||
14714 | exit(3); | ||
14715 | if (fprint_ll(f, llmax) < 0) | ||
14716 | exit(4); | ||
14717 | if (fclose(f) < 0) | ||
14718 | exit(5); | ||
14719 | exit(0); | ||
14720 | |||
14721 | ; | ||
14722 | return 0; | ||
14723 | } | ||
14724 | _ACEOF | ||
14725 | if ac_fn_c_try_run "$LINENO"; then : | ||
14726 | |||
14727 | llong_min=`$AWK '{print $1}' conftest.llminmax` | ||
14728 | llong_max=`$AWK '{print $2}' conftest.llminmax` | ||
14729 | |||
14730 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5 | ||
14731 | $as_echo "$llong_max" >&6; } | ||
14732 | |||
14733 | cat >>confdefs.h <<_ACEOF | ||
14734 | #define LLONG_MAX ${llong_max}LL | ||
14735 | _ACEOF | ||
14736 | |||
14737 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5 | ||
14738 | $as_echo_n "checking for min value of long long... " >&6; } | ||
14739 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5 | ||
14740 | $as_echo "$llong_min" >&6; } | ||
14741 | |||
14742 | cat >>confdefs.h <<_ACEOF | ||
14743 | #define LLONG_MIN ${llong_min}LL | ||
14744 | _ACEOF | ||
14745 | |||
14746 | |||
14747 | else | ||
14748 | |||
14749 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
14750 | $as_echo "not found" >&6; } | ||
14751 | |||
14752 | fi | ||
14753 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
14754 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
14755 | fi | ||
14756 | |||
14757 | fi | ||
14758 | |||
14759 | |||
14760 | # More checks for data types | ||
14761 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5 | ||
14762 | $as_echo_n "checking for u_int type... " >&6; } | ||
14763 | if ${ac_cv_have_u_int+:} false; then : | ||
14764 | $as_echo_n "(cached) " >&6 | ||
14765 | else | ||
14766 | |||
14767 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14768 | /* end confdefs.h. */ | ||
14769 | #include <sys/types.h> | ||
14770 | int | ||
14771 | main () | ||
14772 | { | ||
14773 | u_int a; a = 1; | ||
14774 | ; | ||
14775 | return 0; | ||
14776 | } | ||
14777 | _ACEOF | ||
14778 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14779 | ac_cv_have_u_int="yes" | ||
14780 | else | ||
14781 | ac_cv_have_u_int="no" | ||
14782 | |||
14783 | fi | ||
14784 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14785 | |||
14786 | fi | ||
14787 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5 | ||
14788 | $as_echo "$ac_cv_have_u_int" >&6; } | ||
14789 | if test "x$ac_cv_have_u_int" = "xyes" ; then | ||
14790 | |||
14791 | $as_echo "#define HAVE_U_INT 1" >>confdefs.h | ||
14792 | |||
14793 | have_u_int=1 | ||
14794 | fi | ||
14795 | |||
14796 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5 | ||
14797 | $as_echo_n "checking for intXX_t types... " >&6; } | ||
14798 | if ${ac_cv_have_intxx_t+:} false; then : | ||
14799 | $as_echo_n "(cached) " >&6 | ||
14800 | else | ||
14801 | |||
14802 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14803 | /* end confdefs.h. */ | ||
14804 | #include <sys/types.h> | ||
14805 | int | ||
14806 | main () | ||
14807 | { | ||
14808 | int8_t a; int16_t b; int32_t c; a = b = c = 1; | ||
14809 | ; | ||
14810 | return 0; | ||
14811 | } | ||
14812 | _ACEOF | ||
14813 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14814 | ac_cv_have_intxx_t="yes" | ||
14815 | else | ||
14816 | ac_cv_have_intxx_t="no" | ||
14817 | |||
14818 | fi | ||
14819 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14820 | |||
14821 | fi | ||
14822 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5 | ||
14823 | $as_echo "$ac_cv_have_intxx_t" >&6; } | ||
14824 | if test "x$ac_cv_have_intxx_t" = "xyes" ; then | ||
14825 | |||
14826 | $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h | ||
14827 | |||
14828 | have_intxx_t=1 | ||
14829 | fi | ||
14830 | |||
14831 | if (test -z "$have_intxx_t" && \ | ||
14832 | test "x$ac_cv_header_stdint_h" = "xyes") | ||
14833 | then | ||
14834 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5 | ||
14835 | $as_echo_n "checking for intXX_t types in stdint.h... " >&6; } | ||
14836 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14837 | /* end confdefs.h. */ | ||
14838 | #include <stdint.h> | ||
14839 | int | ||
14840 | main () | ||
14841 | { | ||
14842 | int8_t a; int16_t b; int32_t c; a = b = c = 1; | ||
14843 | ; | ||
14844 | return 0; | ||
14845 | } | ||
14846 | _ACEOF | ||
14847 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14848 | |||
14849 | $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h | ||
14850 | |||
14851 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14852 | $as_echo "yes" >&6; } | ||
14853 | |||
14854 | else | ||
14855 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14856 | $as_echo "no" >&6; } | ||
14857 | |||
14858 | fi | ||
14859 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14860 | fi | ||
14861 | |||
14862 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5 | ||
14863 | $as_echo_n "checking for int64_t type... " >&6; } | ||
14864 | if ${ac_cv_have_int64_t+:} false; then : | ||
14865 | $as_echo_n "(cached) " >&6 | ||
14866 | else | ||
14867 | |||
14868 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14869 | /* end confdefs.h. */ | ||
14870 | |||
14871 | #include <sys/types.h> | ||
14872 | #ifdef HAVE_STDINT_H | ||
14873 | # include <stdint.h> | ||
14874 | #endif | ||
14875 | #include <sys/socket.h> | ||
14876 | #ifdef HAVE_SYS_BITYPES_H | ||
14877 | # include <sys/bitypes.h> | ||
14878 | #endif | ||
14879 | |||
14880 | int | ||
14881 | main () | ||
14882 | { | ||
14883 | |||
14884 | int64_t a; a = 1; | ||
14885 | |||
14886 | ; | ||
14887 | return 0; | ||
14888 | } | ||
14889 | _ACEOF | ||
14890 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14891 | ac_cv_have_int64_t="yes" | ||
14892 | else | ||
14893 | ac_cv_have_int64_t="no" | ||
14894 | |||
14895 | fi | ||
14896 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14897 | |||
14898 | fi | ||
14899 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5 | ||
14900 | $as_echo "$ac_cv_have_int64_t" >&6; } | ||
14901 | if test "x$ac_cv_have_int64_t" = "xyes" ; then | ||
14902 | |||
14903 | $as_echo "#define HAVE_INT64_T 1" >>confdefs.h | ||
14904 | |||
14905 | fi | ||
14906 | |||
14907 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5 | ||
14908 | $as_echo_n "checking for u_intXX_t types... " >&6; } | ||
14909 | if ${ac_cv_have_u_intxx_t+:} false; then : | ||
14910 | $as_echo_n "(cached) " >&6 | ||
14911 | else | ||
14912 | |||
14913 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14914 | /* end confdefs.h. */ | ||
14915 | #include <sys/types.h> | ||
14916 | int | ||
14917 | main () | ||
14918 | { | ||
14919 | u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; | ||
14920 | ; | ||
14921 | return 0; | ||
14922 | } | ||
14923 | _ACEOF | ||
14924 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14925 | ac_cv_have_u_intxx_t="yes" | ||
14926 | else | ||
14927 | ac_cv_have_u_intxx_t="no" | ||
14928 | |||
14929 | fi | ||
14930 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14931 | |||
14932 | fi | ||
14933 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5 | ||
14934 | $as_echo "$ac_cv_have_u_intxx_t" >&6; } | ||
14935 | if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then | ||
14936 | |||
14937 | $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h | ||
14938 | |||
14939 | have_u_intxx_t=1 | ||
14940 | fi | ||
14941 | |||
14942 | if test -z "$have_u_intxx_t" ; then | ||
14943 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5 | ||
14944 | $as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; } | ||
14945 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14946 | /* end confdefs.h. */ | ||
14947 | #include <sys/socket.h> | ||
14948 | int | ||
14949 | main () | ||
14950 | { | ||
14951 | u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; | ||
14952 | ; | ||
14953 | return 0; | ||
14954 | } | ||
14955 | _ACEOF | ||
14956 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14957 | |||
14958 | $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h | ||
14959 | |||
14960 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14961 | $as_echo "yes" >&6; } | ||
14962 | |||
14963 | else | ||
14964 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14965 | $as_echo "no" >&6; } | ||
14966 | |||
14967 | fi | ||
14968 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14969 | fi | ||
14970 | |||
14971 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5 | ||
14972 | $as_echo_n "checking for u_int64_t types... " >&6; } | ||
14973 | if ${ac_cv_have_u_int64_t+:} false; then : | ||
14974 | $as_echo_n "(cached) " >&6 | ||
14975 | else | ||
14976 | |||
14977 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14978 | /* end confdefs.h. */ | ||
14979 | #include <sys/types.h> | ||
14980 | int | ||
14981 | main () | ||
14982 | { | ||
14983 | u_int64_t a; a = 1; | ||
14984 | ; | ||
14985 | return 0; | ||
14986 | } | ||
14987 | _ACEOF | ||
14988 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14989 | ac_cv_have_u_int64_t="yes" | ||
14990 | else | ||
14991 | ac_cv_have_u_int64_t="no" | ||
14992 | |||
14993 | fi | ||
14994 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14995 | |||
14996 | fi | ||
14997 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5 | ||
14998 | $as_echo "$ac_cv_have_u_int64_t" >&6; } | ||
14999 | if test "x$ac_cv_have_u_int64_t" = "xyes" ; then | ||
15000 | |||
15001 | $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h | ||
15002 | |||
15003 | have_u_int64_t=1 | ||
15004 | fi | ||
15005 | |||
15006 | if (test -z "$have_u_int64_t" && \ | ||
15007 | test "x$ac_cv_header_sys_bitypes_h" = "xyes") | ||
15008 | then | ||
15009 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5 | ||
15010 | $as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; } | ||
15011 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15012 | /* end confdefs.h. */ | ||
15013 | #include <sys/bitypes.h> | ||
15014 | int | ||
15015 | main () | ||
15016 | { | ||
15017 | u_int64_t a; a = 1 | ||
15018 | ; | ||
15019 | return 0; | ||
15020 | } | ||
15021 | _ACEOF | ||
15022 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15023 | |||
15024 | $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h | ||
15025 | |||
15026 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
15027 | $as_echo "yes" >&6; } | ||
15028 | |||
15029 | else | ||
15030 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15031 | $as_echo "no" >&6; } | ||
15032 | |||
15033 | fi | ||
15034 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15035 | fi | ||
15036 | |||
15037 | if test -z "$have_u_intxx_t" ; then | ||
15038 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5 | ||
15039 | $as_echo_n "checking for uintXX_t types... " >&6; } | ||
15040 | if ${ac_cv_have_uintxx_t+:} false; then : | ||
15041 | $as_echo_n "(cached) " >&6 | ||
15042 | else | ||
15043 | |||
15044 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15045 | /* end confdefs.h. */ | ||
15046 | |||
15047 | #include <sys/types.h> | ||
15048 | |||
15049 | int | ||
15050 | main () | ||
15051 | { | ||
15052 | |||
15053 | uint8_t a; | ||
15054 | uint16_t b; | ||
15055 | uint32_t c; | ||
15056 | a = b = c = 1; | ||
15057 | |||
15058 | ; | ||
15059 | return 0; | ||
15060 | } | ||
15061 | _ACEOF | ||
15062 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15063 | ac_cv_have_uintxx_t="yes" | ||
15064 | else | ||
15065 | ac_cv_have_uintxx_t="no" | ||
15066 | |||
15067 | fi | ||
15068 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15069 | |||
15070 | fi | ||
15071 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5 | ||
15072 | $as_echo "$ac_cv_have_uintxx_t" >&6; } | ||
15073 | if test "x$ac_cv_have_uintxx_t" = "xyes" ; then | ||
15074 | |||
15075 | $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h | ||
15076 | |||
15077 | fi | ||
15078 | fi | ||
15079 | |||
15080 | if (test -z "$have_uintxx_t" && \ | ||
15081 | test "x$ac_cv_header_stdint_h" = "xyes") | ||
15082 | then | ||
15083 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5 | ||
15084 | $as_echo_n "checking for uintXX_t types in stdint.h... " >&6; } | ||
15085 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15086 | /* end confdefs.h. */ | ||
15087 | #include <stdint.h> | ||
15088 | int | ||
15089 | main () | ||
15090 | { | ||
15091 | uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; | ||
15092 | ; | ||
15093 | return 0; | ||
15094 | } | ||
15095 | _ACEOF | ||
15096 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15097 | |||
15098 | $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h | ||
15099 | |||
15100 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
15101 | $as_echo "yes" >&6; } | ||
15102 | |||
15103 | else | ||
15104 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15105 | $as_echo "no" >&6; } | ||
15106 | |||
15107 | fi | ||
15108 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15109 | fi | ||
15110 | |||
15111 | if (test -z "$have_uintxx_t" && \ | ||
15112 | test "x$ac_cv_header_inttypes_h" = "xyes") | ||
15113 | then | ||
15114 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5 | ||
15115 | $as_echo_n "checking for uintXX_t types in inttypes.h... " >&6; } | ||
15116 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15117 | /* end confdefs.h. */ | ||
15118 | #include <inttypes.h> | ||
15119 | int | ||
15120 | main () | ||
15121 | { | ||
15122 | uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; | ||
15123 | ; | ||
15124 | return 0; | ||
15125 | } | ||
15126 | _ACEOF | ||
15127 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15128 | |||
15129 | $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h | ||
15130 | |||
15131 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
15132 | $as_echo "yes" >&6; } | ||
15133 | |||
15134 | else | ||
15135 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15136 | $as_echo "no" >&6; } | ||
15137 | |||
15138 | fi | ||
15139 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15140 | fi | ||
15141 | |||
15142 | if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ | ||
15143 | test "x$ac_cv_header_sys_bitypes_h" = "xyes") | ||
15144 | then | ||
15145 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 | ||
15146 | $as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; } | ||
15147 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15148 | /* end confdefs.h. */ | ||
15149 | |||
15150 | #include <sys/bitypes.h> | ||
15151 | |||
15152 | int | ||
15153 | main () | ||
15154 | { | ||
15155 | |||
15156 | int8_t a; int16_t b; int32_t c; | ||
15157 | u_int8_t e; u_int16_t f; u_int32_t g; | ||
15158 | a = b = c = e = f = g = 1; | ||
15159 | |||
15160 | ; | ||
15161 | return 0; | ||
15162 | } | ||
15163 | _ACEOF | ||
15164 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15165 | |||
15166 | $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h | ||
15167 | |||
15168 | $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h | ||
15169 | |||
15170 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
15171 | $as_echo "yes" >&6; } | ||
15172 | |||
15173 | else | ||
15174 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15175 | $as_echo "no" >&6; } | ||
15176 | |||
15177 | fi | ||
15178 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15179 | fi | ||
15180 | |||
15181 | |||
15182 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5 | ||
15183 | $as_echo_n "checking for u_char... " >&6; } | ||
15184 | if ${ac_cv_have_u_char+:} false; then : | ||
15185 | $as_echo_n "(cached) " >&6 | ||
15186 | else | ||
15187 | |||
15188 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15189 | /* end confdefs.h. */ | ||
15190 | #include <sys/types.h> | ||
15191 | int | ||
15192 | main () | ||
15193 | { | ||
15194 | u_char foo; foo = 125; | ||
15195 | ; | ||
15196 | return 0; | ||
15197 | } | ||
15198 | _ACEOF | ||
15199 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15200 | ac_cv_have_u_char="yes" | ||
15201 | else | ||
15202 | ac_cv_have_u_char="no" | ||
15203 | |||
15204 | fi | ||
15205 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15206 | |||
15207 | fi | ||
15208 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5 | ||
15209 | $as_echo "$ac_cv_have_u_char" >&6; } | ||
15210 | if test "x$ac_cv_have_u_char" = "xyes" ; then | ||
15211 | |||
15212 | $as_echo "#define HAVE_U_CHAR 1" >>confdefs.h | ||
15213 | |||
15214 | fi | ||
15215 | |||
15216 | ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" " | ||
15217 | #include <sys/types.h> | ||
15218 | #include <stdint.h> | ||
15219 | |||
15220 | " | ||
15221 | if test "x$ac_cv_type_intmax_t" = xyes; then : | ||
15222 | |||
15223 | cat >>confdefs.h <<_ACEOF | ||
15224 | #define HAVE_INTMAX_T 1 | ||
15225 | _ACEOF | ||
15226 | |||
15227 | |||
15228 | fi | ||
15229 | ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" " | ||
15230 | #include <sys/types.h> | ||
15231 | #include <stdint.h> | ||
15232 | |||
15233 | " | ||
15234 | if test "x$ac_cv_type_uintmax_t" = xyes; then : | ||
15235 | |||
15236 | cat >>confdefs.h <<_ACEOF | ||
15237 | #define HAVE_UINTMAX_T 1 | ||
15238 | _ACEOF | ||
15239 | |||
15240 | |||
15241 | fi | ||
15242 | |||
15243 | |||
15244 | |||
15245 | ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h> | ||
15246 | #include <sys/socket.h> | ||
15247 | " | ||
15248 | if test "x$ac_cv_type_socklen_t" = xyes; then : | ||
15249 | |||
15250 | else | ||
15251 | |||
15252 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 | ||
15253 | $as_echo_n "checking for socklen_t equivalent... " >&6; } | ||
15254 | if ${curl_cv_socklen_t_equiv+:} false; then : | ||
15255 | $as_echo_n "(cached) " >&6 | ||
15256 | else | ||
15257 | |||
15258 | # Systems have either "struct sockaddr *" or | ||
15259 | # "void *" as the second argument to getpeername | ||
15260 | curl_cv_socklen_t_equiv= | ||
15261 | for arg2 in "struct sockaddr" void; do | ||
15262 | for t in int size_t unsigned long "unsigned long"; do | ||
15263 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15264 | /* end confdefs.h. */ | ||
15265 | |||
15266 | #include <sys/types.h> | ||
15267 | #include <sys/socket.h> | ||
15268 | |||
15269 | int getpeername (int, $arg2 *, $t *); | ||
15270 | |||
15271 | int | ||
15272 | main () | ||
15273 | { | ||
15274 | |||
15275 | $t len; | ||
15276 | getpeername(0,0,&len); | ||
15277 | |||
15278 | ; | ||
15279 | return 0; | ||
15280 | } | ||
15281 | _ACEOF | ||
15282 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15283 | |||
15284 | curl_cv_socklen_t_equiv="$t" | ||
15285 | break | ||
15286 | |||
15287 | fi | ||
15288 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15289 | done | ||
15290 | done | ||
15291 | |||
15292 | if test "x$curl_cv_socklen_t_equiv" = x; then | ||
15293 | as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 | ||
15294 | fi | ||
15295 | |||
15296 | fi | ||
15297 | |||
15298 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5 | ||
15299 | $as_echo "$curl_cv_socklen_t_equiv" >&6; } | ||
15300 | |||
15301 | cat >>confdefs.h <<_ACEOF | ||
15302 | #define socklen_t $curl_cv_socklen_t_equiv | ||
15303 | _ACEOF | ||
15304 | |||
15305 | fi | ||
15306 | |||
15307 | |||
15308 | |||
15309 | ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h> | ||
15310 | " | ||
15311 | if test "x$ac_cv_type_sig_atomic_t" = xyes; then : | ||
15312 | |||
15313 | cat >>confdefs.h <<_ACEOF | ||
15314 | #define HAVE_SIG_ATOMIC_T 1 | ||
15315 | _ACEOF | ||
15316 | |||
15317 | |||
15318 | fi | ||
15319 | |||
15320 | ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" " | ||
15321 | #include <sys/types.h> | ||
15322 | #ifdef HAVE_SYS_BITYPES_H | ||
15323 | #include <sys/bitypes.h> | ||
15324 | #endif | ||
15325 | #ifdef HAVE_SYS_STATFS_H | ||
15326 | #include <sys/statfs.h> | ||
15327 | #endif | ||
15328 | #ifdef HAVE_SYS_STATVFS_H | ||
15329 | #include <sys/statvfs.h> | ||
15330 | #endif | ||
15331 | |||
15332 | " | ||
15333 | if test "x$ac_cv_type_fsblkcnt_t" = xyes; then : | ||
15334 | |||
15335 | cat >>confdefs.h <<_ACEOF | ||
15336 | #define HAVE_FSBLKCNT_T 1 | ||
15337 | _ACEOF | ||
15338 | |||
15339 | |||
15340 | fi | ||
15341 | ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" " | ||
15342 | #include <sys/types.h> | ||
15343 | #ifdef HAVE_SYS_BITYPES_H | ||
15344 | #include <sys/bitypes.h> | ||
15345 | #endif | ||
15346 | #ifdef HAVE_SYS_STATFS_H | ||
15347 | #include <sys/statfs.h> | ||
15348 | #endif | ||
15349 | #ifdef HAVE_SYS_STATVFS_H | ||
15350 | #include <sys/statvfs.h> | ||
15351 | #endif | ||
15352 | |||
15353 | " | ||
15354 | if test "x$ac_cv_type_fsfilcnt_t" = xyes; then : | ||
15355 | |||
15356 | cat >>confdefs.h <<_ACEOF | ||
15357 | #define HAVE_FSFILCNT_T 1 | ||
15358 | _ACEOF | ||
15359 | |||
15360 | |||
15361 | fi | ||
15362 | |||
15363 | |||
15364 | ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" " | ||
15365 | #include <sys/types.h> | ||
15366 | #ifdef HAVE_SYS_BITYPES_H | ||
15367 | #include <sys/bitypes.h> | ||
15368 | #endif | ||
15369 | #ifdef HAVE_SYS_STATFS_H | ||
15370 | #include <sys/statfs.h> | ||
15371 | #endif | ||
15372 | #ifdef HAVE_SYS_STATVFS_H | ||
15373 | #include <sys/statvfs.h> | ||
15374 | #endif | ||
15375 | #ifdef HAVE_SYS_VFS_H | ||
15376 | #include <sys/vfs.h> | ||
15377 | #endif | ||
15378 | |||
15379 | " | ||
15380 | if test "x$ac_cv_member_struct_statfs_f_flags" = xyes; then : | ||
15381 | |||
15382 | cat >>confdefs.h <<_ACEOF | ||
15383 | #define HAVE_STRUCT_STATFS_F_FLAGS 1 | ||
15384 | _ACEOF | ||
15385 | |||
15386 | |||
15387 | fi | ||
15388 | |||
15389 | |||
15390 | |||
15391 | ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h> | ||
15392 | #include <netinet/in.h> | ||
15393 | " | ||
15394 | if test "x$ac_cv_type_in_addr_t" = xyes; then : | ||
15395 | |||
15396 | cat >>confdefs.h <<_ACEOF | ||
15397 | #define HAVE_IN_ADDR_T 1 | ||
15398 | _ACEOF | ||
15399 | |||
15400 | |||
15401 | fi | ||
15402 | ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h> | ||
15403 | #include <netinet/in.h> | ||
15404 | " | ||
15405 | if test "x$ac_cv_type_in_port_t" = xyes; then : | ||
15406 | |||
15407 | cat >>confdefs.h <<_ACEOF | ||
15408 | #define HAVE_IN_PORT_T 1 | ||
15409 | _ACEOF | ||
15410 | |||
15411 | |||
15412 | fi | ||
15413 | |||
15414 | |||
15415 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5 | ||
15416 | $as_echo_n "checking for size_t... " >&6; } | ||
15417 | if ${ac_cv_have_size_t+:} false; then : | ||
15418 | $as_echo_n "(cached) " >&6 | ||
15419 | else | ||
15420 | |||
15421 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15422 | /* end confdefs.h. */ | ||
15423 | #include <sys/types.h> | ||
15424 | int | ||
15425 | main () | ||
15426 | { | ||
15427 | size_t foo; foo = 1235; | ||
15428 | ; | ||
15429 | return 0; | ||
15430 | } | ||
15431 | _ACEOF | ||
15432 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15433 | ac_cv_have_size_t="yes" | ||
15434 | else | ||
15435 | ac_cv_have_size_t="no" | ||
15436 | |||
15437 | fi | ||
15438 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15439 | |||
15440 | fi | ||
15441 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5 | ||
15442 | $as_echo "$ac_cv_have_size_t" >&6; } | ||
15443 | if test "x$ac_cv_have_size_t" = "xyes" ; then | ||
15444 | |||
15445 | $as_echo "#define HAVE_SIZE_T 1" >>confdefs.h | ||
15446 | |||
15447 | fi | ||
15448 | |||
15449 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 | ||
15450 | $as_echo_n "checking for ssize_t... " >&6; } | ||
15451 | if ${ac_cv_have_ssize_t+:} false; then : | ||
15452 | $as_echo_n "(cached) " >&6 | ||
15453 | else | ||
15454 | |||
15455 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15456 | /* end confdefs.h. */ | ||
15457 | #include <sys/types.h> | ||
15458 | int | ||
15459 | main () | ||
15460 | { | ||
15461 | ssize_t foo; foo = 1235; | ||
15462 | ; | ||
15463 | return 0; | ||
15464 | } | ||
15465 | _ACEOF | ||
15466 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15467 | ac_cv_have_ssize_t="yes" | ||
15468 | else | ||
15469 | ac_cv_have_ssize_t="no" | ||
15470 | |||
15471 | fi | ||
15472 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15473 | |||
15474 | fi | ||
15475 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5 | ||
15476 | $as_echo "$ac_cv_have_ssize_t" >&6; } | ||
15477 | if test "x$ac_cv_have_ssize_t" = "xyes" ; then | ||
15478 | |||
15479 | $as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h | ||
15480 | |||
15481 | fi | ||
15482 | |||
15483 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5 | ||
15484 | $as_echo_n "checking for clock_t... " >&6; } | ||
15485 | if ${ac_cv_have_clock_t+:} false; then : | ||
15486 | $as_echo_n "(cached) " >&6 | ||
15487 | else | ||
15488 | |||
15489 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15490 | /* end confdefs.h. */ | ||
15491 | #include <time.h> | ||
15492 | int | ||
15493 | main () | ||
15494 | { | ||
15495 | clock_t foo; foo = 1235; | ||
15496 | ; | ||
15497 | return 0; | ||
15498 | } | ||
15499 | _ACEOF | ||
15500 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15501 | ac_cv_have_clock_t="yes" | ||
15502 | else | ||
15503 | ac_cv_have_clock_t="no" | ||
15504 | |||
15505 | fi | ||
15506 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15507 | |||
15508 | fi | ||
15509 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5 | ||
15510 | $as_echo "$ac_cv_have_clock_t" >&6; } | ||
15511 | if test "x$ac_cv_have_clock_t" = "xyes" ; then | ||
15512 | |||
15513 | $as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h | ||
15514 | |||
15515 | fi | ||
15516 | |||
15517 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5 | ||
15518 | $as_echo_n "checking for sa_family_t... " >&6; } | ||
15519 | if ${ac_cv_have_sa_family_t+:} false; then : | ||
15520 | $as_echo_n "(cached) " >&6 | ||
15521 | else | ||
15522 | |||
15523 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15524 | /* end confdefs.h. */ | ||
15525 | |||
15526 | #include <sys/types.h> | ||
15527 | #include <sys/socket.h> | ||
15528 | |||
15529 | int | ||
15530 | main () | ||
15531 | { | ||
15532 | sa_family_t foo; foo = 1235; | ||
15533 | ; | ||
15534 | return 0; | ||
15535 | } | ||
15536 | _ACEOF | ||
15537 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15538 | ac_cv_have_sa_family_t="yes" | ||
15539 | else | ||
15540 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15541 | /* end confdefs.h. */ | ||
15542 | |||
15543 | #include <sys/types.h> | ||
15544 | #include <sys/socket.h> | ||
15545 | #include <netinet/in.h> | ||
15546 | |||
15547 | int | ||
15548 | main () | ||
15549 | { | ||
15550 | sa_family_t foo; foo = 1235; | ||
15551 | ; | ||
15552 | return 0; | ||
15553 | } | ||
15554 | _ACEOF | ||
15555 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15556 | ac_cv_have_sa_family_t="yes" | ||
15557 | else | ||
15558 | ac_cv_have_sa_family_t="no" | ||
15559 | |||
15560 | fi | ||
15561 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15562 | |||
15563 | fi | ||
15564 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15565 | |||
15566 | fi | ||
15567 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5 | ||
15568 | $as_echo "$ac_cv_have_sa_family_t" >&6; } | ||
15569 | if test "x$ac_cv_have_sa_family_t" = "xyes" ; then | ||
15570 | |||
15571 | $as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h | ||
15572 | |||
15573 | fi | ||
15574 | |||
15575 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5 | ||
15576 | $as_echo_n "checking for pid_t... " >&6; } | ||
15577 | if ${ac_cv_have_pid_t+:} false; then : | ||
15578 | $as_echo_n "(cached) " >&6 | ||
15579 | else | ||
15580 | |||
15581 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15582 | /* end confdefs.h. */ | ||
15583 | #include <sys/types.h> | ||
15584 | int | ||
15585 | main () | ||
15586 | { | ||
15587 | pid_t foo; foo = 1235; | ||
15588 | ; | ||
15589 | return 0; | ||
15590 | } | ||
15591 | _ACEOF | ||
15592 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15593 | ac_cv_have_pid_t="yes" | ||
15594 | else | ||
15595 | ac_cv_have_pid_t="no" | ||
15596 | |||
15597 | fi | ||
15598 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15599 | |||
15600 | fi | ||
15601 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5 | ||
15602 | $as_echo "$ac_cv_have_pid_t" >&6; } | ||
15603 | if test "x$ac_cv_have_pid_t" = "xyes" ; then | ||
15604 | |||
15605 | $as_echo "#define HAVE_PID_T 1" >>confdefs.h | ||
15606 | |||
15607 | fi | ||
15608 | |||
15609 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5 | ||
15610 | $as_echo_n "checking for mode_t... " >&6; } | ||
15611 | if ${ac_cv_have_mode_t+:} false; then : | ||
15612 | $as_echo_n "(cached) " >&6 | ||
15613 | else | ||
15614 | |||
15615 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15616 | /* end confdefs.h. */ | ||
15617 | #include <sys/types.h> | ||
15618 | int | ||
15619 | main () | ||
15620 | { | ||
15621 | mode_t foo; foo = 1235; | ||
15622 | ; | ||
15623 | return 0; | ||
15624 | } | ||
15625 | _ACEOF | ||
15626 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15627 | ac_cv_have_mode_t="yes" | ||
15628 | else | ||
15629 | ac_cv_have_mode_t="no" | ||
15630 | |||
15631 | fi | ||
15632 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15633 | |||
15634 | fi | ||
15635 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5 | ||
15636 | $as_echo "$ac_cv_have_mode_t" >&6; } | ||
15637 | if test "x$ac_cv_have_mode_t" = "xyes" ; then | ||
15638 | |||
15639 | $as_echo "#define HAVE_MODE_T 1" >>confdefs.h | ||
15640 | |||
15641 | fi | ||
15642 | |||
15643 | |||
15644 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 | ||
15645 | $as_echo_n "checking for struct sockaddr_storage... " >&6; } | ||
15646 | if ${ac_cv_have_struct_sockaddr_storage+:} false; then : | ||
15647 | $as_echo_n "(cached) " >&6 | ||
15648 | else | ||
15649 | |||
15650 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15651 | /* end confdefs.h. */ | ||
15652 | |||
15653 | #include <sys/types.h> | ||
15654 | #include <sys/socket.h> | ||
15655 | |||
15656 | int | ||
15657 | main () | ||
15658 | { | ||
15659 | struct sockaddr_storage s; | ||
15660 | ; | ||
15661 | return 0; | ||
15662 | } | ||
15663 | _ACEOF | ||
15664 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15665 | ac_cv_have_struct_sockaddr_storage="yes" | ||
15666 | else | ||
15667 | ac_cv_have_struct_sockaddr_storage="no" | ||
15668 | |||
15669 | fi | ||
15670 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15671 | |||
15672 | fi | ||
15673 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5 | ||
15674 | $as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; } | ||
15675 | if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then | ||
15676 | |||
15677 | $as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h | ||
15678 | |||
15679 | fi | ||
15680 | |||
15681 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5 | ||
15682 | $as_echo_n "checking for struct sockaddr_in6... " >&6; } | ||
15683 | if ${ac_cv_have_struct_sockaddr_in6+:} false; then : | ||
15684 | $as_echo_n "(cached) " >&6 | ||
15685 | else | ||
15686 | |||
15687 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15688 | /* end confdefs.h. */ | ||
15689 | |||
15690 | #include <sys/types.h> | ||
15691 | #include <netinet/in.h> | ||
15692 | |||
15693 | int | ||
15694 | main () | ||
15695 | { | ||
15696 | struct sockaddr_in6 s; s.sin6_family = 0; | ||
15697 | ; | ||
15698 | return 0; | ||
15699 | } | ||
15700 | _ACEOF | ||
15701 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15702 | ac_cv_have_struct_sockaddr_in6="yes" | ||
15703 | else | ||
15704 | ac_cv_have_struct_sockaddr_in6="no" | ||
15705 | |||
15706 | fi | ||
15707 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15708 | |||
15709 | fi | ||
15710 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5 | ||
15711 | $as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; } | ||
15712 | if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then | ||
15713 | |||
15714 | $as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h | ||
15715 | |||
15716 | fi | ||
15717 | |||
15718 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5 | ||
15719 | $as_echo_n "checking for struct in6_addr... " >&6; } | ||
15720 | if ${ac_cv_have_struct_in6_addr+:} false; then : | ||
15721 | $as_echo_n "(cached) " >&6 | ||
15722 | else | ||
15723 | |||
15724 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15725 | /* end confdefs.h. */ | ||
15726 | |||
15727 | #include <sys/types.h> | ||
15728 | #include <netinet/in.h> | ||
15729 | |||
15730 | int | ||
15731 | main () | ||
15732 | { | ||
15733 | struct in6_addr s; s.s6_addr[0] = 0; | ||
15734 | ; | ||
15735 | return 0; | ||
15736 | } | ||
15737 | _ACEOF | ||
15738 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15739 | ac_cv_have_struct_in6_addr="yes" | ||
15740 | else | ||
15741 | ac_cv_have_struct_in6_addr="no" | ||
15742 | |||
15743 | fi | ||
15744 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15745 | |||
15746 | fi | ||
15747 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5 | ||
15748 | $as_echo "$ac_cv_have_struct_in6_addr" >&6; } | ||
15749 | if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then | ||
15750 | |||
15751 | $as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h | ||
15752 | |||
15753 | |||
15754 | ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" " | ||
15755 | #ifdef HAVE_SYS_TYPES_H | ||
15756 | #include <sys/types.h> | ||
15757 | #endif | ||
15758 | #include <netinet/in.h> | ||
15759 | |||
15760 | " | ||
15761 | if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then : | ||
15762 | |||
15763 | cat >>confdefs.h <<_ACEOF | ||
15764 | #define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 | ||
15765 | _ACEOF | ||
15766 | |||
15767 | |||
15768 | fi | ||
15769 | |||
15770 | fi | ||
15771 | |||
15772 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5 | ||
15773 | $as_echo_n "checking for struct addrinfo... " >&6; } | ||
15774 | if ${ac_cv_have_struct_addrinfo+:} false; then : | ||
15775 | $as_echo_n "(cached) " >&6 | ||
15776 | else | ||
15777 | |||
15778 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15779 | /* end confdefs.h. */ | ||
15780 | |||
15781 | #include <sys/types.h> | ||
15782 | #include <sys/socket.h> | ||
15783 | #include <netdb.h> | ||
15784 | |||
15785 | int | ||
15786 | main () | ||
15787 | { | ||
15788 | struct addrinfo s; s.ai_flags = AI_PASSIVE; | ||
15789 | ; | ||
15790 | return 0; | ||
15791 | } | ||
15792 | _ACEOF | ||
15793 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15794 | ac_cv_have_struct_addrinfo="yes" | ||
15795 | else | ||
15796 | ac_cv_have_struct_addrinfo="no" | ||
15797 | |||
15798 | fi | ||
15799 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15800 | |||
15801 | fi | ||
15802 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5 | ||
15803 | $as_echo "$ac_cv_have_struct_addrinfo" >&6; } | ||
15804 | if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then | ||
15805 | |||
15806 | $as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h | ||
15807 | |||
15808 | fi | ||
15809 | |||
15810 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 | ||
15811 | $as_echo_n "checking for struct timeval... " >&6; } | ||
15812 | if ${ac_cv_have_struct_timeval+:} false; then : | ||
15813 | $as_echo_n "(cached) " >&6 | ||
15814 | else | ||
15815 | |||
15816 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15817 | /* end confdefs.h. */ | ||
15818 | #include <sys/time.h> | ||
15819 | int | ||
15820 | main () | ||
15821 | { | ||
15822 | struct timeval tv; tv.tv_sec = 1; | ||
15823 | ; | ||
15824 | return 0; | ||
15825 | } | ||
15826 | _ACEOF | ||
15827 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15828 | ac_cv_have_struct_timeval="yes" | ||
15829 | else | ||
15830 | ac_cv_have_struct_timeval="no" | ||
15831 | |||
15832 | fi | ||
15833 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15834 | |||
15835 | fi | ||
15836 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5 | ||
15837 | $as_echo "$ac_cv_have_struct_timeval" >&6; } | ||
15838 | if test "x$ac_cv_have_struct_timeval" = "xyes" ; then | ||
15839 | |||
15840 | $as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h | ||
15841 | |||
15842 | have_struct_timeval=1 | ||
15843 | fi | ||
15844 | |||
15845 | ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default" | ||
15846 | if test "x$ac_cv_type_struct_timespec" = xyes; then : | ||
15847 | |||
15848 | cat >>confdefs.h <<_ACEOF | ||
15849 | #define HAVE_STRUCT_TIMESPEC 1 | ||
15850 | _ACEOF | ||
15851 | |||
15852 | |||
15853 | fi | ||
15854 | |||
15855 | |||
15856 | # We need int64_t or else certain parts of the compile will fail. | ||
15857 | if test "x$ac_cv_have_int64_t" = "xno" && \ | ||
15858 | test "x$ac_cv_sizeof_long_int" != "x8" && \ | ||
15859 | test "x$ac_cv_sizeof_long_long_int" = "x0" ; then | ||
15860 | echo "OpenSSH requires int64_t support. Contact your vendor or install" | ||
15861 | echo "an alternative compiler (I.E., GCC) before continuing." | ||
15862 | echo "" | ||
15863 | exit 1; | ||
15864 | else | ||
15865 | if test "$cross_compiling" = yes; then : | ||
15866 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 | ||
15867 | $as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} | ||
15868 | |||
15869 | else | ||
15870 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15871 | /* end confdefs.h. */ | ||
15872 | |||
15873 | #include <stdio.h> | ||
15874 | #include <string.h> | ||
15875 | #ifdef HAVE_SNPRINTF | ||
15876 | main() | ||
15877 | { | ||
15878 | char buf[50]; | ||
15879 | char expected_out[50]; | ||
15880 | int mazsize = 50 ; | ||
15881 | #if (SIZEOF_LONG_INT == 8) | ||
15882 | long int num = 0x7fffffffffffffff; | ||
15883 | #else | ||
15884 | long long num = 0x7fffffffffffffffll; | ||
15885 | #endif | ||
15886 | strcpy(expected_out, "9223372036854775807"); | ||
15887 | snprintf(buf, mazsize, "%lld", num); | ||
15888 | if(strcmp(buf, expected_out) != 0) | ||
15889 | exit(1); | ||
15890 | exit(0); | ||
15891 | } | ||
15892 | #else | ||
15893 | main() { exit(0); } | ||
15894 | #endif | ||
15895 | |||
15896 | _ACEOF | ||
15897 | if ac_fn_c_try_run "$LINENO"; then : | ||
15898 | true | ||
15899 | else | ||
15900 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
15901 | |||
15902 | fi | ||
15903 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
15904 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
15905 | fi | ||
15906 | |||
15907 | fi | ||
15908 | |||
15909 | |||
15910 | # look for field 'ut_host' in header 'utmp.h' | ||
15911 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15912 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host | ||
15913 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5 | ||
15914 | $as_echo_n "checking for ut_host field in utmp.h... " >&6; } | ||
15915 | if eval \${$ossh_varname+:} false; then : | ||
15916 | $as_echo_n "(cached) " >&6 | ||
15917 | else | ||
15918 | |||
15919 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15920 | /* end confdefs.h. */ | ||
15921 | #include <utmp.h> | ||
15922 | |||
15923 | _ACEOF | ||
15924 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15925 | $EGREP "ut_host" >/dev/null 2>&1; then : | ||
15926 | eval "$ossh_varname=yes" | ||
15927 | else | ||
15928 | eval "$ossh_varname=no" | ||
15929 | fi | ||
15930 | rm -f conftest* | ||
15931 | |||
15932 | fi | ||
15933 | |||
15934 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15935 | if test -n "`echo $ossh_varname`"; then | ||
15936 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15937 | $as_echo "$ossh_result" >&6; } | ||
15938 | if test "x$ossh_result" = "xyes"; then | ||
15939 | |||
15940 | $as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h | ||
15941 | |||
15942 | fi | ||
15943 | else | ||
15944 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15945 | $as_echo "no" >&6; } | ||
15946 | fi | ||
15947 | |||
15948 | |||
15949 | # look for field 'ut_host' in header 'utmpx.h' | ||
15950 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15951 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host | ||
15952 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5 | ||
15953 | $as_echo_n "checking for ut_host field in utmpx.h... " >&6; } | ||
15954 | if eval \${$ossh_varname+:} false; then : | ||
15955 | $as_echo_n "(cached) " >&6 | ||
15956 | else | ||
15957 | |||
15958 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15959 | /* end confdefs.h. */ | ||
15960 | #include <utmpx.h> | ||
15961 | |||
15962 | _ACEOF | ||
15963 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15964 | $EGREP "ut_host" >/dev/null 2>&1; then : | ||
15965 | eval "$ossh_varname=yes" | ||
15966 | else | ||
15967 | eval "$ossh_varname=no" | ||
15968 | fi | ||
15969 | rm -f conftest* | ||
15970 | |||
15971 | fi | ||
15972 | |||
15973 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15974 | if test -n "`echo $ossh_varname`"; then | ||
15975 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15976 | $as_echo "$ossh_result" >&6; } | ||
15977 | if test "x$ossh_result" = "xyes"; then | ||
15978 | |||
15979 | $as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h | ||
15980 | |||
15981 | fi | ||
15982 | else | ||
15983 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15984 | $as_echo "no" >&6; } | ||
15985 | fi | ||
15986 | |||
15987 | |||
15988 | # look for field 'syslen' in header 'utmpx.h' | ||
15989 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15990 | ossh_varname="ossh_cv_$ossh_safe""_has_"syslen | ||
15991 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5 | ||
15992 | $as_echo_n "checking for syslen field in utmpx.h... " >&6; } | ||
15993 | if eval \${$ossh_varname+:} false; then : | ||
15994 | $as_echo_n "(cached) " >&6 | ||
15995 | else | ||
15996 | |||
15997 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15998 | /* end confdefs.h. */ | ||
15999 | #include <utmpx.h> | ||
16000 | |||
16001 | _ACEOF | ||
16002 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16003 | $EGREP "syslen" >/dev/null 2>&1; then : | ||
16004 | eval "$ossh_varname=yes" | ||
16005 | else | ||
16006 | eval "$ossh_varname=no" | ||
16007 | fi | ||
16008 | rm -f conftest* | ||
16009 | |||
16010 | fi | ||
16011 | |||
16012 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16013 | if test -n "`echo $ossh_varname`"; then | ||
16014 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16015 | $as_echo "$ossh_result" >&6; } | ||
16016 | if test "x$ossh_result" = "xyes"; then | ||
16017 | |||
16018 | $as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h | ||
16019 | |||
16020 | fi | ||
16021 | else | ||
16022 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16023 | $as_echo "no" >&6; } | ||
16024 | fi | ||
16025 | |||
16026 | |||
16027 | # look for field 'ut_pid' in header 'utmp.h' | ||
16028 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16029 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid | ||
16030 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5 | ||
16031 | $as_echo_n "checking for ut_pid field in utmp.h... " >&6; } | ||
16032 | if eval \${$ossh_varname+:} false; then : | ||
16033 | $as_echo_n "(cached) " >&6 | ||
16034 | else | ||
16035 | |||
16036 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16037 | /* end confdefs.h. */ | ||
16038 | #include <utmp.h> | ||
16039 | |||
16040 | _ACEOF | ||
16041 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16042 | $EGREP "ut_pid" >/dev/null 2>&1; then : | ||
16043 | eval "$ossh_varname=yes" | ||
16044 | else | ||
16045 | eval "$ossh_varname=no" | ||
16046 | fi | ||
16047 | rm -f conftest* | ||
16048 | |||
16049 | fi | ||
16050 | |||
16051 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16052 | if test -n "`echo $ossh_varname`"; then | ||
16053 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16054 | $as_echo "$ossh_result" >&6; } | ||
16055 | if test "x$ossh_result" = "xyes"; then | ||
16056 | |||
16057 | $as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h | ||
16058 | |||
16059 | fi | ||
16060 | else | ||
16061 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16062 | $as_echo "no" >&6; } | ||
16063 | fi | ||
16064 | |||
16065 | |||
16066 | # look for field 'ut_type' in header 'utmp.h' | ||
16067 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16068 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type | ||
16069 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5 | ||
16070 | $as_echo_n "checking for ut_type field in utmp.h... " >&6; } | ||
16071 | if eval \${$ossh_varname+:} false; then : | ||
16072 | $as_echo_n "(cached) " >&6 | ||
16073 | else | ||
16074 | |||
16075 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16076 | /* end confdefs.h. */ | ||
16077 | #include <utmp.h> | ||
16078 | |||
16079 | _ACEOF | ||
16080 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16081 | $EGREP "ut_type" >/dev/null 2>&1; then : | ||
16082 | eval "$ossh_varname=yes" | ||
16083 | else | ||
16084 | eval "$ossh_varname=no" | ||
16085 | fi | ||
16086 | rm -f conftest* | ||
16087 | |||
16088 | fi | ||
16089 | |||
16090 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16091 | if test -n "`echo $ossh_varname`"; then | ||
16092 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16093 | $as_echo "$ossh_result" >&6; } | ||
16094 | if test "x$ossh_result" = "xyes"; then | ||
16095 | |||
16096 | $as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h | ||
16097 | |||
16098 | fi | ||
16099 | else | ||
16100 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16101 | $as_echo "no" >&6; } | ||
16102 | fi | ||
16103 | |||
16104 | |||
16105 | # look for field 'ut_type' in header 'utmpx.h' | ||
16106 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16107 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type | ||
16108 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5 | ||
16109 | $as_echo_n "checking for ut_type field in utmpx.h... " >&6; } | ||
16110 | if eval \${$ossh_varname+:} false; then : | ||
16111 | $as_echo_n "(cached) " >&6 | ||
16112 | else | ||
16113 | |||
16114 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16115 | /* end confdefs.h. */ | ||
16116 | #include <utmpx.h> | ||
16117 | |||
16118 | _ACEOF | ||
16119 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16120 | $EGREP "ut_type" >/dev/null 2>&1; then : | ||
16121 | eval "$ossh_varname=yes" | ||
16122 | else | ||
16123 | eval "$ossh_varname=no" | ||
16124 | fi | ||
16125 | rm -f conftest* | ||
16126 | |||
16127 | fi | ||
16128 | |||
16129 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16130 | if test -n "`echo $ossh_varname`"; then | ||
16131 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16132 | $as_echo "$ossh_result" >&6; } | ||
16133 | if test "x$ossh_result" = "xyes"; then | ||
16134 | |||
16135 | $as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h | ||
16136 | |||
16137 | fi | ||
16138 | else | ||
16139 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16140 | $as_echo "no" >&6; } | ||
16141 | fi | ||
16142 | |||
16143 | |||
16144 | # look for field 'ut_tv' in header 'utmp.h' | ||
16145 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16146 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv | ||
16147 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5 | ||
16148 | $as_echo_n "checking for ut_tv field in utmp.h... " >&6; } | ||
16149 | if eval \${$ossh_varname+:} false; then : | ||
16150 | $as_echo_n "(cached) " >&6 | ||
16151 | else | ||
16152 | |||
16153 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16154 | /* end confdefs.h. */ | ||
16155 | #include <utmp.h> | ||
16156 | |||
16157 | _ACEOF | ||
16158 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16159 | $EGREP "ut_tv" >/dev/null 2>&1; then : | ||
16160 | eval "$ossh_varname=yes" | ||
16161 | else | ||
16162 | eval "$ossh_varname=no" | ||
16163 | fi | ||
16164 | rm -f conftest* | ||
16165 | |||
16166 | fi | ||
16167 | |||
16168 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16169 | if test -n "`echo $ossh_varname`"; then | ||
16170 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16171 | $as_echo "$ossh_result" >&6; } | ||
16172 | if test "x$ossh_result" = "xyes"; then | ||
16173 | |||
16174 | $as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h | ||
16175 | |||
16176 | fi | ||
16177 | else | ||
16178 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16179 | $as_echo "no" >&6; } | ||
16180 | fi | ||
16181 | |||
16182 | |||
16183 | # look for field 'ut_id' in header 'utmp.h' | ||
16184 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16185 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id | ||
16186 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5 | ||
16187 | $as_echo_n "checking for ut_id field in utmp.h... " >&6; } | ||
16188 | if eval \${$ossh_varname+:} false; then : | ||
16189 | $as_echo_n "(cached) " >&6 | ||
16190 | else | ||
16191 | |||
16192 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16193 | /* end confdefs.h. */ | ||
16194 | #include <utmp.h> | ||
16195 | |||
16196 | _ACEOF | ||
16197 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16198 | $EGREP "ut_id" >/dev/null 2>&1; then : | ||
16199 | eval "$ossh_varname=yes" | ||
16200 | else | ||
16201 | eval "$ossh_varname=no" | ||
16202 | fi | ||
16203 | rm -f conftest* | ||
16204 | |||
16205 | fi | ||
16206 | |||
16207 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16208 | if test -n "`echo $ossh_varname`"; then | ||
16209 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16210 | $as_echo "$ossh_result" >&6; } | ||
16211 | if test "x$ossh_result" = "xyes"; then | ||
16212 | |||
16213 | $as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h | ||
16214 | |||
16215 | fi | ||
16216 | else | ||
16217 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16218 | $as_echo "no" >&6; } | ||
16219 | fi | ||
16220 | |||
16221 | |||
16222 | # look for field 'ut_id' in header 'utmpx.h' | ||
16223 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16224 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id | ||
16225 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5 | ||
16226 | $as_echo_n "checking for ut_id field in utmpx.h... " >&6; } | ||
16227 | if eval \${$ossh_varname+:} false; then : | ||
16228 | $as_echo_n "(cached) " >&6 | ||
16229 | else | ||
16230 | |||
16231 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16232 | /* end confdefs.h. */ | ||
16233 | #include <utmpx.h> | ||
16234 | |||
16235 | _ACEOF | ||
16236 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16237 | $EGREP "ut_id" >/dev/null 2>&1; then : | ||
16238 | eval "$ossh_varname=yes" | ||
16239 | else | ||
16240 | eval "$ossh_varname=no" | ||
16241 | fi | ||
16242 | rm -f conftest* | ||
16243 | |||
16244 | fi | ||
16245 | |||
16246 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16247 | if test -n "`echo $ossh_varname`"; then | ||
16248 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16249 | $as_echo "$ossh_result" >&6; } | ||
16250 | if test "x$ossh_result" = "xyes"; then | ||
16251 | |||
16252 | $as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h | ||
16253 | |||
16254 | fi | ||
16255 | else | ||
16256 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16257 | $as_echo "no" >&6; } | ||
16258 | fi | ||
16259 | |||
16260 | |||
16261 | # look for field 'ut_addr' in header 'utmp.h' | ||
16262 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16263 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr | ||
16264 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5 | ||
16265 | $as_echo_n "checking for ut_addr field in utmp.h... " >&6; } | ||
16266 | if eval \${$ossh_varname+:} false; then : | ||
16267 | $as_echo_n "(cached) " >&6 | ||
16268 | else | ||
16269 | |||
16270 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16271 | /* end confdefs.h. */ | ||
16272 | #include <utmp.h> | ||
16273 | |||
16274 | _ACEOF | ||
16275 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16276 | $EGREP "ut_addr" >/dev/null 2>&1; then : | ||
16277 | eval "$ossh_varname=yes" | ||
16278 | else | ||
16279 | eval "$ossh_varname=no" | ||
16280 | fi | ||
16281 | rm -f conftest* | ||
16282 | |||
16283 | fi | ||
16284 | |||
16285 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16286 | if test -n "`echo $ossh_varname`"; then | ||
16287 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16288 | $as_echo "$ossh_result" >&6; } | ||
16289 | if test "x$ossh_result" = "xyes"; then | ||
16290 | |||
16291 | $as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h | ||
16292 | |||
16293 | fi | ||
16294 | else | ||
16295 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16296 | $as_echo "no" >&6; } | ||
16297 | fi | ||
16298 | |||
16299 | |||
16300 | # look for field 'ut_addr' in header 'utmpx.h' | ||
16301 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16302 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr | ||
16303 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5 | ||
16304 | $as_echo_n "checking for ut_addr field in utmpx.h... " >&6; } | ||
16305 | if eval \${$ossh_varname+:} false; then : | ||
16306 | $as_echo_n "(cached) " >&6 | ||
16307 | else | ||
16308 | |||
16309 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16310 | /* end confdefs.h. */ | ||
16311 | #include <utmpx.h> | ||
16312 | |||
16313 | _ACEOF | ||
16314 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16315 | $EGREP "ut_addr" >/dev/null 2>&1; then : | ||
16316 | eval "$ossh_varname=yes" | ||
16317 | else | ||
16318 | eval "$ossh_varname=no" | ||
16319 | fi | ||
16320 | rm -f conftest* | ||
16321 | |||
16322 | fi | ||
16323 | |||
16324 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16325 | if test -n "`echo $ossh_varname`"; then | ||
16326 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16327 | $as_echo "$ossh_result" >&6; } | ||
16328 | if test "x$ossh_result" = "xyes"; then | ||
16329 | |||
16330 | $as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h | ||
16331 | |||
16332 | fi | ||
16333 | else | ||
16334 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16335 | $as_echo "no" >&6; } | ||
16336 | fi | ||
16337 | |||
16338 | |||
16339 | # look for field 'ut_addr_v6' in header 'utmp.h' | ||
16340 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16341 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 | ||
16342 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5 | ||
16343 | $as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; } | ||
16344 | if eval \${$ossh_varname+:} false; then : | ||
16345 | $as_echo_n "(cached) " >&6 | ||
16346 | else | ||
16347 | |||
16348 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16349 | /* end confdefs.h. */ | ||
16350 | #include <utmp.h> | ||
16351 | |||
16352 | _ACEOF | ||
16353 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16354 | $EGREP "ut_addr_v6" >/dev/null 2>&1; then : | ||
16355 | eval "$ossh_varname=yes" | ||
16356 | else | ||
16357 | eval "$ossh_varname=no" | ||
16358 | fi | ||
16359 | rm -f conftest* | ||
16360 | |||
16361 | fi | ||
16362 | |||
16363 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16364 | if test -n "`echo $ossh_varname`"; then | ||
16365 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16366 | $as_echo "$ossh_result" >&6; } | ||
16367 | if test "x$ossh_result" = "xyes"; then | ||
16368 | |||
16369 | $as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h | ||
16370 | |||
16371 | fi | ||
16372 | else | ||
16373 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16374 | $as_echo "no" >&6; } | ||
16375 | fi | ||
16376 | |||
16377 | |||
16378 | # look for field 'ut_addr_v6' in header 'utmpx.h' | ||
16379 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16380 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 | ||
16381 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5 | ||
16382 | $as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; } | ||
16383 | if eval \${$ossh_varname+:} false; then : | ||
16384 | $as_echo_n "(cached) " >&6 | ||
16385 | else | ||
16386 | |||
16387 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16388 | /* end confdefs.h. */ | ||
16389 | #include <utmpx.h> | ||
16390 | |||
16391 | _ACEOF | ||
16392 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16393 | $EGREP "ut_addr_v6" >/dev/null 2>&1; then : | ||
16394 | eval "$ossh_varname=yes" | ||
16395 | else | ||
16396 | eval "$ossh_varname=no" | ||
16397 | fi | ||
16398 | rm -f conftest* | ||
16399 | |||
16400 | fi | ||
16401 | |||
16402 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16403 | if test -n "`echo $ossh_varname`"; then | ||
16404 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16405 | $as_echo "$ossh_result" >&6; } | ||
16406 | if test "x$ossh_result" = "xyes"; then | ||
16407 | |||
16408 | $as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h | ||
16409 | |||
16410 | fi | ||
16411 | else | ||
16412 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16413 | $as_echo "no" >&6; } | ||
16414 | fi | ||
16415 | |||
16416 | |||
16417 | # look for field 'ut_exit' in header 'utmp.h' | ||
16418 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16419 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit | ||
16420 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5 | ||
16421 | $as_echo_n "checking for ut_exit field in utmp.h... " >&6; } | ||
16422 | if eval \${$ossh_varname+:} false; then : | ||
16423 | $as_echo_n "(cached) " >&6 | ||
16424 | else | ||
16425 | |||
16426 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16427 | /* end confdefs.h. */ | ||
16428 | #include <utmp.h> | ||
16429 | |||
16430 | _ACEOF | ||
16431 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16432 | $EGREP "ut_exit" >/dev/null 2>&1; then : | ||
16433 | eval "$ossh_varname=yes" | ||
16434 | else | ||
16435 | eval "$ossh_varname=no" | ||
16436 | fi | ||
16437 | rm -f conftest* | ||
16438 | |||
16439 | fi | ||
16440 | |||
16441 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16442 | if test -n "`echo $ossh_varname`"; then | ||
16443 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16444 | $as_echo "$ossh_result" >&6; } | ||
16445 | if test "x$ossh_result" = "xyes"; then | ||
16446 | |||
16447 | $as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h | ||
16448 | |||
16449 | fi | ||
16450 | else | ||
16451 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16452 | $as_echo "no" >&6; } | ||
16453 | fi | ||
16454 | |||
16455 | |||
16456 | # look for field 'ut_time' in header 'utmp.h' | ||
16457 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16458 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time | ||
16459 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5 | ||
16460 | $as_echo_n "checking for ut_time field in utmp.h... " >&6; } | ||
16461 | if eval \${$ossh_varname+:} false; then : | ||
16462 | $as_echo_n "(cached) " >&6 | ||
16463 | else | ||
16464 | |||
16465 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16466 | /* end confdefs.h. */ | ||
16467 | #include <utmp.h> | ||
16468 | |||
16469 | _ACEOF | ||
16470 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16471 | $EGREP "ut_time" >/dev/null 2>&1; then : | ||
16472 | eval "$ossh_varname=yes" | ||
16473 | else | ||
16474 | eval "$ossh_varname=no" | ||
16475 | fi | ||
16476 | rm -f conftest* | ||
16477 | |||
16478 | fi | ||
16479 | |||
16480 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16481 | if test -n "`echo $ossh_varname`"; then | ||
16482 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16483 | $as_echo "$ossh_result" >&6; } | ||
16484 | if test "x$ossh_result" = "xyes"; then | ||
16485 | |||
16486 | $as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h | ||
16487 | |||
16488 | fi | ||
16489 | else | ||
16490 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16491 | $as_echo "no" >&6; } | ||
16492 | fi | ||
16493 | |||
16494 | |||
16495 | # look for field 'ut_time' in header 'utmpx.h' | ||
16496 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16497 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time | ||
16498 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5 | ||
16499 | $as_echo_n "checking for ut_time field in utmpx.h... " >&6; } | ||
16500 | if eval \${$ossh_varname+:} false; then : | ||
16501 | $as_echo_n "(cached) " >&6 | ||
16502 | else | ||
16503 | |||
16504 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16505 | /* end confdefs.h. */ | ||
16506 | #include <utmpx.h> | ||
16507 | |||
16508 | _ACEOF | ||
16509 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16510 | $EGREP "ut_time" >/dev/null 2>&1; then : | ||
16511 | eval "$ossh_varname=yes" | ||
16512 | else | ||
16513 | eval "$ossh_varname=no" | ||
16514 | fi | ||
16515 | rm -f conftest* | ||
16516 | |||
16517 | fi | ||
16518 | |||
16519 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16520 | if test -n "`echo $ossh_varname`"; then | ||
16521 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16522 | $as_echo "$ossh_result" >&6; } | ||
16523 | if test "x$ossh_result" = "xyes"; then | ||
16524 | |||
16525 | $as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h | ||
16526 | |||
16527 | fi | ||
16528 | else | ||
16529 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16530 | $as_echo "no" >&6; } | ||
16531 | fi | ||
16532 | |||
16533 | |||
16534 | # look for field 'ut_tv' in header 'utmpx.h' | ||
16535 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16536 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv | ||
16537 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5 | ||
16538 | $as_echo_n "checking for ut_tv field in utmpx.h... " >&6; } | ||
16539 | if eval \${$ossh_varname+:} false; then : | ||
16540 | $as_echo_n "(cached) " >&6 | ||
16541 | else | ||
16542 | |||
16543 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16544 | /* end confdefs.h. */ | ||
16545 | #include <utmpx.h> | ||
16546 | |||
16547 | _ACEOF | ||
16548 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16549 | $EGREP "ut_tv" >/dev/null 2>&1; then : | ||
16550 | eval "$ossh_varname=yes" | ||
16551 | else | ||
16552 | eval "$ossh_varname=no" | ||
16553 | fi | ||
16554 | rm -f conftest* | ||
16555 | |||
16556 | fi | ||
16557 | |||
16558 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16559 | if test -n "`echo $ossh_varname`"; then | ||
16560 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16561 | $as_echo "$ossh_result" >&6; } | ||
16562 | if test "x$ossh_result" = "xyes"; then | ||
16563 | |||
16564 | $as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h | ||
16565 | |||
16566 | fi | ||
16567 | else | ||
16568 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16569 | $as_echo "no" >&6; } | ||
16570 | fi | ||
16571 | |||
16572 | |||
16573 | ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default" | ||
16574 | if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then : | ||
16575 | |||
16576 | cat >>confdefs.h <<_ACEOF | ||
16577 | #define HAVE_STRUCT_STAT_ST_BLKSIZE 1 | ||
16578 | _ACEOF | ||
16579 | |||
16580 | |||
16581 | fi | ||
16582 | |||
16583 | ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default" | ||
16584 | if test "x$ac_cv_member_struct_stat_st_mtim" = xyes; then : | ||
16585 | |||
16586 | cat >>confdefs.h <<_ACEOF | ||
16587 | #define HAVE_STRUCT_STAT_ST_MTIM 1 | ||
16588 | _ACEOF | ||
16589 | |||
16590 | |||
16591 | fi | ||
16592 | |||
16593 | ac_fn_c_check_member "$LINENO" "struct stat" "st_mtime" "ac_cv_member_struct_stat_st_mtime" "$ac_includes_default" | ||
16594 | if test "x$ac_cv_member_struct_stat_st_mtime" = xyes; then : | ||
16595 | |||
16596 | cat >>confdefs.h <<_ACEOF | ||
16597 | #define HAVE_STRUCT_STAT_ST_MTIME 1 | ||
16598 | _ACEOF | ||
16599 | |||
16600 | |||
16601 | fi | ||
16602 | |||
16603 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" " | ||
16604 | #include <sys/types.h> | ||
16605 | #include <pwd.h> | ||
16606 | |||
16607 | " | ||
16608 | if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then : | ||
16609 | |||
16610 | cat >>confdefs.h <<_ACEOF | ||
16611 | #define HAVE_STRUCT_PASSWD_PW_GECOS 1 | ||
16612 | _ACEOF | ||
16613 | |||
16614 | |||
16615 | fi | ||
16616 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " | ||
16617 | #include <sys/types.h> | ||
16618 | #include <pwd.h> | ||
16619 | |||
16620 | " | ||
16621 | if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then : | ||
16622 | |||
16623 | cat >>confdefs.h <<_ACEOF | ||
16624 | #define HAVE_STRUCT_PASSWD_PW_CLASS 1 | ||
16625 | _ACEOF | ||
16626 | |||
16627 | |||
16628 | fi | ||
16629 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" " | ||
16630 | #include <sys/types.h> | ||
16631 | #include <pwd.h> | ||
16632 | |||
16633 | " | ||
16634 | if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then : | ||
16635 | |||
16636 | cat >>confdefs.h <<_ACEOF | ||
16637 | #define HAVE_STRUCT_PASSWD_PW_CHANGE 1 | ||
16638 | _ACEOF | ||
16639 | |||
16640 | |||
16641 | fi | ||
16642 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" " | ||
16643 | #include <sys/types.h> | ||
16644 | #include <pwd.h> | ||
16645 | |||
16646 | " | ||
16647 | if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then : | ||
16648 | |||
16649 | cat >>confdefs.h <<_ACEOF | ||
16650 | #define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 | ||
16651 | _ACEOF | ||
16652 | |||
16653 | |||
16654 | fi | ||
16655 | |||
16656 | |||
16657 | ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " | ||
16658 | #include <stdio.h> | ||
16659 | #if HAVE_SYS_TYPES_H | ||
16660 | # include <sys/types.h> | ||
16661 | #endif | ||
16662 | #include <netinet/in.h> | ||
16663 | #include <arpa/nameser.h> | ||
16664 | #include <resolv.h> | ||
16665 | |||
16666 | " | ||
16667 | if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then : | ||
16668 | |||
16669 | else | ||
16670 | |||
16671 | $as_echo "#define __res_state state" >>confdefs.h | ||
16672 | |||
16673 | fi | ||
16674 | |||
16675 | |||
16676 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5 | ||
16677 | $as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; } | ||
16678 | if ${ac_cv_have_ss_family_in_struct_ss+:} false; then : | ||
16679 | $as_echo_n "(cached) " >&6 | ||
16680 | else | ||
16681 | |||
16682 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16683 | /* end confdefs.h. */ | ||
16684 | |||
16685 | #include <sys/types.h> | ||
16686 | #include <sys/socket.h> | ||
16687 | |||
16688 | int | ||
16689 | main () | ||
16690 | { | ||
16691 | struct sockaddr_storage s; s.ss_family = 1; | ||
16692 | ; | ||
16693 | return 0; | ||
16694 | } | ||
16695 | _ACEOF | ||
16696 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16697 | ac_cv_have_ss_family_in_struct_ss="yes" | ||
16698 | else | ||
16699 | ac_cv_have_ss_family_in_struct_ss="no" | ||
16700 | fi | ||
16701 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16702 | |||
16703 | fi | ||
16704 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5 | ||
16705 | $as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; } | ||
16706 | if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then | ||
16707 | |||
16708 | $as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h | ||
16709 | |||
16710 | fi | ||
16711 | |||
16712 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5 | ||
16713 | $as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; } | ||
16714 | if ${ac_cv_have___ss_family_in_struct_ss+:} false; then : | ||
16715 | $as_echo_n "(cached) " >&6 | ||
16716 | else | ||
16717 | |||
16718 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16719 | /* end confdefs.h. */ | ||
16720 | |||
16721 | #include <sys/types.h> | ||
16722 | #include <sys/socket.h> | ||
16723 | |||
16724 | int | ||
16725 | main () | ||
16726 | { | ||
16727 | struct sockaddr_storage s; s.__ss_family = 1; | ||
16728 | ; | ||
16729 | return 0; | ||
16730 | } | ||
16731 | _ACEOF | ||
16732 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16733 | ac_cv_have___ss_family_in_struct_ss="yes" | ||
16734 | else | ||
16735 | ac_cv_have___ss_family_in_struct_ss="no" | ||
16736 | |||
16737 | fi | ||
16738 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16739 | |||
16740 | fi | ||
16741 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5 | ||
16742 | $as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; } | ||
16743 | if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then | ||
16744 | |||
16745 | $as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h | ||
16746 | |||
16747 | fi | ||
16748 | |||
16749 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 | ||
16750 | $as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } | ||
16751 | if ${ac_cv_have_accrights_in_msghdr+:} false; then : | ||
16752 | $as_echo_n "(cached) " >&6 | ||
16753 | else | ||
16754 | |||
16755 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16756 | /* end confdefs.h. */ | ||
16757 | |||
16758 | #include <sys/types.h> | ||
16759 | #include <sys/socket.h> | ||
16760 | #include <sys/uio.h> | ||
16761 | |||
16762 | int | ||
16763 | main () | ||
16764 | { | ||
16765 | |||
16766 | #ifdef msg_accrights | ||
16767 | #error "msg_accrights is a macro" | ||
16768 | exit(1); | ||
16769 | #endif | ||
16770 | struct msghdr m; | ||
16771 | m.msg_accrights = 0; | ||
16772 | exit(0); | ||
16773 | |||
16774 | ; | ||
16775 | return 0; | ||
16776 | } | ||
16777 | _ACEOF | ||
16778 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16779 | ac_cv_have_accrights_in_msghdr="yes" | ||
16780 | else | ||
16781 | ac_cv_have_accrights_in_msghdr="no" | ||
16782 | |||
16783 | fi | ||
16784 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16785 | |||
16786 | fi | ||
16787 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5 | ||
16788 | $as_echo "$ac_cv_have_accrights_in_msghdr" >&6; } | ||
16789 | if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then | ||
16790 | |||
16791 | $as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h | ||
16792 | |||
16793 | fi | ||
16794 | |||
16795 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5 | ||
16796 | $as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; } | ||
16797 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16798 | /* end confdefs.h. */ | ||
16799 | |||
16800 | #include <sys/param.h> | ||
16801 | #include <sys/stat.h> | ||
16802 | #ifdef HAVE_SYS_TIME_H | ||
16803 | # include <sys/time.h> | ||
16804 | #endif | ||
16805 | #ifdef HAVE_SYS_MOUNT_H | ||
16806 | #include <sys/mount.h> | ||
16807 | #endif | ||
16808 | #ifdef HAVE_SYS_STATVFS_H | ||
16809 | #include <sys/statvfs.h> | ||
16810 | #endif | ||
16811 | |||
16812 | int | ||
16813 | main () | ||
16814 | { | ||
16815 | struct statvfs s; s.f_fsid = 0; | ||
16816 | ; | ||
16817 | return 0; | ||
16818 | } | ||
16819 | _ACEOF | ||
16820 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16821 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
16822 | $as_echo "yes" >&6; } | ||
16823 | else | ||
16824 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16825 | $as_echo "no" >&6; } | ||
16826 | |||
16827 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5 | ||
16828 | $as_echo_n "checking if fsid_t has member val... " >&6; } | ||
16829 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16830 | /* end confdefs.h. */ | ||
16831 | |||
16832 | #include <sys/types.h> | ||
16833 | #include <sys/statvfs.h> | ||
16834 | |||
16835 | int | ||
16836 | main () | ||
16837 | { | ||
16838 | fsid_t t; t.val[0] = 0; | ||
16839 | ; | ||
16840 | return 0; | ||
16841 | } | ||
16842 | _ACEOF | ||
16843 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16844 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
16845 | $as_echo "yes" >&6; } | ||
16846 | |||
16847 | $as_echo "#define FSID_HAS_VAL 1" >>confdefs.h | ||
16848 | |||
16849 | else | ||
16850 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16851 | $as_echo "no" >&6; } | ||
16852 | fi | ||
16853 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16854 | |||
16855 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5 | ||
16856 | $as_echo_n "checking if f_fsid has member __val... " >&6; } | ||
16857 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16858 | /* end confdefs.h. */ | ||
16859 | |||
16860 | #include <sys/types.h> | ||
16861 | #include <sys/statvfs.h> | ||
16862 | |||
16863 | int | ||
16864 | main () | ||
16865 | { | ||
16866 | fsid_t t; t.__val[0] = 0; | ||
16867 | ; | ||
16868 | return 0; | ||
16869 | } | ||
16870 | _ACEOF | ||
16871 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16872 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
16873 | $as_echo "yes" >&6; } | ||
16874 | |||
16875 | $as_echo "#define FSID_HAS___VAL 1" >>confdefs.h | ||
16876 | |||
16877 | else | ||
16878 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16879 | $as_echo "no" >&6; } | ||
16880 | fi | ||
16881 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16882 | |||
16883 | fi | ||
16884 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16885 | |||
16886 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5 | ||
16887 | $as_echo_n "checking for msg_control field in struct msghdr... " >&6; } | ||
16888 | if ${ac_cv_have_control_in_msghdr+:} false; then : | ||
16889 | $as_echo_n "(cached) " >&6 | ||
16890 | else | ||
16891 | |||
16892 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16893 | /* end confdefs.h. */ | ||
16894 | |||
16895 | #include <sys/types.h> | ||
16896 | #include <sys/socket.h> | ||
16897 | #include <sys/uio.h> | ||
16898 | |||
16899 | int | ||
16900 | main () | ||
16901 | { | ||
16902 | |||
16903 | #ifdef msg_control | ||
16904 | #error "msg_control is a macro" | ||
16905 | exit(1); | ||
16906 | #endif | ||
16907 | struct msghdr m; | ||
16908 | m.msg_control = 0; | ||
16909 | exit(0); | ||
16910 | |||
16911 | ; | ||
16912 | return 0; | ||
16913 | } | ||
16914 | _ACEOF | ||
16915 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16916 | ac_cv_have_control_in_msghdr="yes" | ||
16917 | else | ||
16918 | ac_cv_have_control_in_msghdr="no" | ||
16919 | |||
16920 | fi | ||
16921 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16922 | |||
16923 | fi | ||
16924 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5 | ||
16925 | $as_echo "$ac_cv_have_control_in_msghdr" >&6; } | ||
16926 | if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then | ||
16927 | |||
16928 | $as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h | ||
16929 | |||
16930 | fi | ||
16931 | |||
16932 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5 | ||
16933 | $as_echo_n "checking if libc defines __progname... " >&6; } | ||
16934 | if ${ac_cv_libc_defines___progname+:} false; then : | ||
16935 | $as_echo_n "(cached) " >&6 | ||
16936 | else | ||
16937 | |||
16938 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16939 | /* end confdefs.h. */ | ||
16940 | |||
16941 | int | ||
16942 | main () | ||
16943 | { | ||
16944 | extern char *__progname; printf("%s", __progname); | ||
16945 | ; | ||
16946 | return 0; | ||
16947 | } | ||
16948 | _ACEOF | ||
16949 | if ac_fn_c_try_link "$LINENO"; then : | ||
16950 | ac_cv_libc_defines___progname="yes" | ||
16951 | else | ||
16952 | ac_cv_libc_defines___progname="no" | ||
16953 | |||
16954 | fi | ||
16955 | rm -f core conftest.err conftest.$ac_objext \ | ||
16956 | conftest$ac_exeext conftest.$ac_ext | ||
16957 | |||
16958 | fi | ||
16959 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5 | ||
16960 | $as_echo "$ac_cv_libc_defines___progname" >&6; } | ||
16961 | if test "x$ac_cv_libc_defines___progname" = "xyes" ; then | ||
16962 | |||
16963 | $as_echo "#define HAVE___PROGNAME 1" >>confdefs.h | ||
16964 | |||
16965 | fi | ||
16966 | |||
16967 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5 | ||
16968 | $as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; } | ||
16969 | if ${ac_cv_cc_implements___FUNCTION__+:} false; then : | ||
16970 | $as_echo_n "(cached) " >&6 | ||
16971 | else | ||
16972 | |||
16973 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16974 | /* end confdefs.h. */ | ||
16975 | #include <stdio.h> | ||
16976 | int | ||
16977 | main () | ||
16978 | { | ||
16979 | printf("%s", __FUNCTION__); | ||
16980 | ; | ||
16981 | return 0; | ||
16982 | } | ||
16983 | _ACEOF | ||
16984 | if ac_fn_c_try_link "$LINENO"; then : | ||
16985 | ac_cv_cc_implements___FUNCTION__="yes" | ||
16986 | else | ||
16987 | ac_cv_cc_implements___FUNCTION__="no" | ||
16988 | |||
16989 | fi | ||
16990 | rm -f core conftest.err conftest.$ac_objext \ | ||
16991 | conftest$ac_exeext conftest.$ac_ext | ||
16992 | |||
16993 | fi | ||
16994 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5 | ||
16995 | $as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; } | ||
16996 | if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then | ||
16997 | |||
16998 | $as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h | ||
16999 | |||
17000 | fi | ||
17001 | |||
17002 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5 | ||
17003 | $as_echo_n "checking whether $CC implements __func__... " >&6; } | ||
17004 | if ${ac_cv_cc_implements___func__+:} false; then : | ||
17005 | $as_echo_n "(cached) " >&6 | ||
17006 | else | ||
17007 | |||
17008 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17009 | /* end confdefs.h. */ | ||
17010 | #include <stdio.h> | ||
17011 | int | ||
17012 | main () | ||
17013 | { | ||
17014 | printf("%s", __func__); | ||
17015 | ; | ||
17016 | return 0; | ||
17017 | } | ||
17018 | _ACEOF | ||
17019 | if ac_fn_c_try_link "$LINENO"; then : | ||
17020 | ac_cv_cc_implements___func__="yes" | ||
17021 | else | ||
17022 | ac_cv_cc_implements___func__="no" | ||
17023 | |||
17024 | fi | ||
17025 | rm -f core conftest.err conftest.$ac_objext \ | ||
17026 | conftest$ac_exeext conftest.$ac_ext | ||
17027 | |||
17028 | fi | ||
17029 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5 | ||
17030 | $as_echo "$ac_cv_cc_implements___func__" >&6; } | ||
17031 | if test "x$ac_cv_cc_implements___func__" = "xyes" ; then | ||
17032 | |||
17033 | $as_echo "#define HAVE___func__ 1" >>confdefs.h | ||
17034 | |||
17035 | fi | ||
17036 | |||
17037 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5 | ||
17038 | $as_echo_n "checking whether va_copy exists... " >&6; } | ||
17039 | if ${ac_cv_have_va_copy+:} false; then : | ||
17040 | $as_echo_n "(cached) " >&6 | ||
17041 | else | ||
17042 | |||
17043 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17044 | /* end confdefs.h. */ | ||
17045 | |||
17046 | #include <stdarg.h> | ||
17047 | va_list x,y; | ||
17048 | |||
17049 | int | ||
17050 | main () | ||
17051 | { | ||
17052 | va_copy(x,y); | ||
17053 | ; | ||
17054 | return 0; | ||
17055 | } | ||
17056 | _ACEOF | ||
17057 | if ac_fn_c_try_link "$LINENO"; then : | ||
17058 | ac_cv_have_va_copy="yes" | ||
17059 | else | ||
17060 | ac_cv_have_va_copy="no" | ||
17061 | |||
17062 | fi | ||
17063 | rm -f core conftest.err conftest.$ac_objext \ | ||
17064 | conftest$ac_exeext conftest.$ac_ext | ||
17065 | |||
17066 | fi | ||
17067 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5 | ||
17068 | $as_echo "$ac_cv_have_va_copy" >&6; } | ||
17069 | if test "x$ac_cv_have_va_copy" = "xyes" ; then | ||
17070 | |||
17071 | $as_echo "#define HAVE_VA_COPY 1" >>confdefs.h | ||
17072 | |||
17073 | fi | ||
17074 | |||
17075 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5 | ||
17076 | $as_echo_n "checking whether __va_copy exists... " >&6; } | ||
17077 | if ${ac_cv_have___va_copy+:} false; then : | ||
17078 | $as_echo_n "(cached) " >&6 | ||
17079 | else | ||
17080 | |||
17081 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17082 | /* end confdefs.h. */ | ||
17083 | |||
17084 | #include <stdarg.h> | ||
17085 | va_list x,y; | ||
17086 | |||
17087 | int | ||
17088 | main () | ||
17089 | { | ||
17090 | __va_copy(x,y); | ||
17091 | ; | ||
17092 | return 0; | ||
17093 | } | ||
17094 | _ACEOF | ||
17095 | if ac_fn_c_try_link "$LINENO"; then : | ||
17096 | ac_cv_have___va_copy="yes" | ||
17097 | else | ||
17098 | ac_cv_have___va_copy="no" | ||
17099 | |||
17100 | fi | ||
17101 | rm -f core conftest.err conftest.$ac_objext \ | ||
17102 | conftest$ac_exeext conftest.$ac_ext | ||
17103 | |||
17104 | fi | ||
17105 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5 | ||
17106 | $as_echo "$ac_cv_have___va_copy" >&6; } | ||
17107 | if test "x$ac_cv_have___va_copy" = "xyes" ; then | ||
17108 | |||
17109 | $as_echo "#define HAVE___VA_COPY 1" >>confdefs.h | ||
17110 | |||
17111 | fi | ||
17112 | |||
17113 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5 | ||
17114 | $as_echo_n "checking whether getopt has optreset support... " >&6; } | ||
17115 | if ${ac_cv_have_getopt_optreset+:} false; then : | ||
17116 | $as_echo_n "(cached) " >&6 | ||
17117 | else | ||
17118 | |||
17119 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17120 | /* end confdefs.h. */ | ||
17121 | #include <getopt.h> | ||
17122 | int | ||
17123 | main () | ||
17124 | { | ||
17125 | extern int optreset; optreset = 0; | ||
17126 | ; | ||
17127 | return 0; | ||
17128 | } | ||
17129 | _ACEOF | ||
17130 | if ac_fn_c_try_link "$LINENO"; then : | ||
17131 | ac_cv_have_getopt_optreset="yes" | ||
17132 | else | ||
17133 | ac_cv_have_getopt_optreset="no" | ||
17134 | |||
17135 | fi | ||
17136 | rm -f core conftest.err conftest.$ac_objext \ | ||
17137 | conftest$ac_exeext conftest.$ac_ext | ||
17138 | |||
17139 | fi | ||
17140 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5 | ||
17141 | $as_echo "$ac_cv_have_getopt_optreset" >&6; } | ||
17142 | if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then | ||
17143 | |||
17144 | $as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h | ||
17145 | |||
17146 | fi | ||
17147 | |||
17148 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5 | ||
17149 | $as_echo_n "checking if libc defines sys_errlist... " >&6; } | ||
17150 | if ${ac_cv_libc_defines_sys_errlist+:} false; then : | ||
17151 | $as_echo_n "(cached) " >&6 | ||
17152 | else | ||
17153 | |||
17154 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17155 | /* end confdefs.h. */ | ||
17156 | |||
17157 | int | ||
17158 | main () | ||
17159 | { | ||
17160 | extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]); | ||
17161 | ; | ||
17162 | return 0; | ||
17163 | } | ||
17164 | _ACEOF | ||
17165 | if ac_fn_c_try_link "$LINENO"; then : | ||
17166 | ac_cv_libc_defines_sys_errlist="yes" | ||
17167 | else | ||
17168 | ac_cv_libc_defines_sys_errlist="no" | ||
17169 | |||
17170 | fi | ||
17171 | rm -f core conftest.err conftest.$ac_objext \ | ||
17172 | conftest$ac_exeext conftest.$ac_ext | ||
17173 | |||
17174 | fi | ||
17175 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5 | ||
17176 | $as_echo "$ac_cv_libc_defines_sys_errlist" >&6; } | ||
17177 | if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then | ||
17178 | |||
17179 | $as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h | ||
17180 | |||
17181 | fi | ||
17182 | |||
17183 | |||
17184 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5 | ||
17185 | $as_echo_n "checking if libc defines sys_nerr... " >&6; } | ||
17186 | if ${ac_cv_libc_defines_sys_nerr+:} false; then : | ||
17187 | $as_echo_n "(cached) " >&6 | ||
17188 | else | ||
17189 | |||
17190 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17191 | /* end confdefs.h. */ | ||
17192 | |||
17193 | int | ||
17194 | main () | ||
17195 | { | ||
17196 | extern int sys_nerr; printf("%i", sys_nerr); | ||
17197 | ; | ||
17198 | return 0; | ||
17199 | } | ||
17200 | _ACEOF | ||
17201 | if ac_fn_c_try_link "$LINENO"; then : | ||
17202 | ac_cv_libc_defines_sys_nerr="yes" | ||
17203 | else | ||
17204 | ac_cv_libc_defines_sys_nerr="no" | ||
17205 | |||
17206 | fi | ||
17207 | rm -f core conftest.err conftest.$ac_objext \ | ||
17208 | conftest$ac_exeext conftest.$ac_ext | ||
17209 | |||
17210 | fi | ||
17211 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5 | ||
17212 | $as_echo "$ac_cv_libc_defines_sys_nerr" >&6; } | ||
17213 | if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then | ||
17214 | |||
17215 | $as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h | ||
17216 | |||
17217 | fi | ||
17218 | |||
17219 | # Check libraries needed by DNS fingerprint support | ||
17220 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5 | ||
17221 | $as_echo_n "checking for library containing getrrsetbyname... " >&6; } | ||
17222 | if ${ac_cv_search_getrrsetbyname+:} false; then : | ||
17223 | $as_echo_n "(cached) " >&6 | ||
17224 | else | ||
17225 | ac_func_search_save_LIBS=$LIBS | ||
17226 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17227 | /* end confdefs.h. */ | ||
17228 | |||
17229 | /* Override any GCC internal prototype to avoid an error. | ||
17230 | Use char because int might match the return type of a GCC | ||
17231 | builtin and then its argument prototype would still apply. */ | ||
17232 | #ifdef __cplusplus | ||
17233 | extern "C" | ||
17234 | #endif | ||
17235 | char getrrsetbyname (); | ||
17236 | int | ||
17237 | main () | ||
17238 | { | ||
17239 | return getrrsetbyname (); | ||
17240 | ; | ||
17241 | return 0; | ||
17242 | } | ||
17243 | _ACEOF | ||
17244 | for ac_lib in '' resolv; do | ||
17245 | if test -z "$ac_lib"; then | ||
17246 | ac_res="none required" | ||
17247 | else | ||
17248 | ac_res=-l$ac_lib | ||
17249 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
17250 | fi | ||
17251 | if ac_fn_c_try_link "$LINENO"; then : | ||
17252 | ac_cv_search_getrrsetbyname=$ac_res | ||
17253 | fi | ||
17254 | rm -f core conftest.err conftest.$ac_objext \ | ||
17255 | conftest$ac_exeext | ||
17256 | if ${ac_cv_search_getrrsetbyname+:} false; then : | ||
17257 | break | ||
17258 | fi | ||
17259 | done | ||
17260 | if ${ac_cv_search_getrrsetbyname+:} false; then : | ||
17261 | |||
17262 | else | ||
17263 | ac_cv_search_getrrsetbyname=no | ||
17264 | fi | ||
17265 | rm conftest.$ac_ext | ||
17266 | LIBS=$ac_func_search_save_LIBS | ||
17267 | fi | ||
17268 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5 | ||
17269 | $as_echo "$ac_cv_search_getrrsetbyname" >&6; } | ||
17270 | ac_res=$ac_cv_search_getrrsetbyname | ||
17271 | if test "$ac_res" != no; then : | ||
17272 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
17273 | |||
17274 | $as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h | ||
17275 | |||
17276 | else | ||
17277 | |||
17278 | # Needed by our getrrsetbyname() | ||
17279 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5 | ||
17280 | $as_echo_n "checking for library containing res_query... " >&6; } | ||
17281 | if ${ac_cv_search_res_query+:} false; then : | ||
17282 | $as_echo_n "(cached) " >&6 | ||
17283 | else | ||
17284 | ac_func_search_save_LIBS=$LIBS | ||
17285 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17286 | /* end confdefs.h. */ | ||
17287 | |||
17288 | /* Override any GCC internal prototype to avoid an error. | ||
17289 | Use char because int might match the return type of a GCC | ||
17290 | builtin and then its argument prototype would still apply. */ | ||
17291 | #ifdef __cplusplus | ||
17292 | extern "C" | ||
17293 | #endif | ||
17294 | char res_query (); | ||
17295 | int | ||
17296 | main () | ||
17297 | { | ||
17298 | return res_query (); | ||
17299 | ; | ||
17300 | return 0; | ||
17301 | } | ||
17302 | _ACEOF | ||
17303 | for ac_lib in '' resolv; do | ||
17304 | if test -z "$ac_lib"; then | ||
17305 | ac_res="none required" | ||
17306 | else | ||
17307 | ac_res=-l$ac_lib | ||
17308 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
17309 | fi | ||
17310 | if ac_fn_c_try_link "$LINENO"; then : | ||
17311 | ac_cv_search_res_query=$ac_res | ||
17312 | fi | ||
17313 | rm -f core conftest.err conftest.$ac_objext \ | ||
17314 | conftest$ac_exeext | ||
17315 | if ${ac_cv_search_res_query+:} false; then : | ||
17316 | break | ||
17317 | fi | ||
17318 | done | ||
17319 | if ${ac_cv_search_res_query+:} false; then : | ||
17320 | |||
17321 | else | ||
17322 | ac_cv_search_res_query=no | ||
17323 | fi | ||
17324 | rm conftest.$ac_ext | ||
17325 | LIBS=$ac_func_search_save_LIBS | ||
17326 | fi | ||
17327 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5 | ||
17328 | $as_echo "$ac_cv_search_res_query" >&6; } | ||
17329 | ac_res=$ac_cv_search_res_query | ||
17330 | if test "$ac_res" != no; then : | ||
17331 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
17332 | |||
17333 | fi | ||
17334 | |||
17335 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 | ||
17336 | $as_echo_n "checking for library containing dn_expand... " >&6; } | ||
17337 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17338 | $as_echo_n "(cached) " >&6 | ||
17339 | else | ||
17340 | ac_func_search_save_LIBS=$LIBS | ||
17341 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17342 | /* end confdefs.h. */ | ||
17343 | |||
17344 | /* Override any GCC internal prototype to avoid an error. | ||
17345 | Use char because int might match the return type of a GCC | ||
17346 | builtin and then its argument prototype would still apply. */ | ||
17347 | #ifdef __cplusplus | ||
17348 | extern "C" | ||
17349 | #endif | ||
17350 | char dn_expand (); | ||
17351 | int | ||
17352 | main () | ||
17353 | { | ||
17354 | return dn_expand (); | ||
17355 | ; | ||
17356 | return 0; | ||
17357 | } | ||
17358 | _ACEOF | ||
17359 | for ac_lib in '' resolv; do | ||
17360 | if test -z "$ac_lib"; then | ||
17361 | ac_res="none required" | ||
17362 | else | ||
17363 | ac_res=-l$ac_lib | ||
17364 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
17365 | fi | ||
17366 | if ac_fn_c_try_link "$LINENO"; then : | ||
17367 | ac_cv_search_dn_expand=$ac_res | ||
17368 | fi | ||
17369 | rm -f core conftest.err conftest.$ac_objext \ | ||
17370 | conftest$ac_exeext | ||
17371 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17372 | break | ||
17373 | fi | ||
17374 | done | ||
17375 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17376 | |||
17377 | else | ||
17378 | ac_cv_search_dn_expand=no | ||
17379 | fi | ||
17380 | rm conftest.$ac_ext | ||
17381 | LIBS=$ac_func_search_save_LIBS | ||
17382 | fi | ||
17383 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 | ||
17384 | $as_echo "$ac_cv_search_dn_expand" >&6; } | ||
17385 | ac_res=$ac_cv_search_dn_expand | ||
17386 | if test "$ac_res" != no; then : | ||
17387 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
17388 | |||
17389 | fi | ||
17390 | |||
17391 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5 | ||
17392 | $as_echo_n "checking if res_query will link... " >&6; } | ||
17393 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17394 | /* end confdefs.h. */ | ||
17395 | |||
17396 | #include <sys/types.h> | ||
17397 | #include <netinet/in.h> | ||
17398 | #include <arpa/nameser.h> | ||
17399 | #include <netdb.h> | ||
17400 | #include <resolv.h> | ||
17401 | |||
17402 | int | ||
17403 | main () | ||
17404 | { | ||
17405 | |||
17406 | res_query (0, 0, 0, 0, 0); | ||
17407 | |||
17408 | ; | ||
17409 | return 0; | ||
17410 | } | ||
17411 | _ACEOF | ||
17412 | if ac_fn_c_try_link "$LINENO"; then : | ||
17413 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17414 | $as_echo "yes" >&6; } | ||
17415 | else | ||
17416 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17417 | $as_echo "no" >&6; } | ||
17418 | saved_LIBS="$LIBS" | ||
17419 | LIBS="$LIBS -lresolv" | ||
17420 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 | ||
17421 | $as_echo_n "checking for res_query in -lresolv... " >&6; } | ||
17422 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17423 | /* end confdefs.h. */ | ||
17424 | |||
17425 | #include <sys/types.h> | ||
17426 | #include <netinet/in.h> | ||
17427 | #include <arpa/nameser.h> | ||
17428 | #include <netdb.h> | ||
17429 | #include <resolv.h> | ||
17430 | |||
17431 | int | ||
17432 | main () | ||
17433 | { | ||
17434 | |||
17435 | res_query (0, 0, 0, 0, 0); | ||
17436 | |||
17437 | ; | ||
17438 | return 0; | ||
17439 | } | ||
17440 | _ACEOF | ||
17441 | if ac_fn_c_try_link "$LINENO"; then : | ||
17442 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17443 | $as_echo "yes" >&6; } | ||
17444 | else | ||
17445 | LIBS="$saved_LIBS" | ||
17446 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17447 | $as_echo "no" >&6; } | ||
17448 | fi | ||
17449 | rm -f core conftest.err conftest.$ac_objext \ | ||
17450 | conftest$ac_exeext conftest.$ac_ext | ||
17451 | |||
17452 | fi | ||
17453 | rm -f core conftest.err conftest.$ac_objext \ | ||
17454 | conftest$ac_exeext conftest.$ac_ext | ||
17455 | for ac_func in _getshort _getlong | ||
17456 | do : | ||
17457 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
17458 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
17459 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
17460 | cat >>confdefs.h <<_ACEOF | ||
17461 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
17462 | _ACEOF | ||
17463 | |||
17464 | fi | ||
17465 | done | ||
17466 | |||
17467 | ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h> | ||
17468 | #include <arpa/nameser.h> | ||
17469 | " | ||
17470 | if test "x$ac_cv_have_decl__getshort" = xyes; then : | ||
17471 | ac_have_decl=1 | ||
17472 | else | ||
17473 | ac_have_decl=0 | ||
17474 | fi | ||
17475 | |||
17476 | cat >>confdefs.h <<_ACEOF | ||
17477 | #define HAVE_DECL__GETSHORT $ac_have_decl | ||
17478 | _ACEOF | ||
17479 | ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h> | ||
17480 | #include <arpa/nameser.h> | ||
17481 | " | ||
17482 | if test "x$ac_cv_have_decl__getlong" = xyes; then : | ||
17483 | ac_have_decl=1 | ||
17484 | else | ||
17485 | ac_have_decl=0 | ||
17486 | fi | ||
17487 | |||
17488 | cat >>confdefs.h <<_ACEOF | ||
17489 | #define HAVE_DECL__GETLONG $ac_have_decl | ||
17490 | _ACEOF | ||
17491 | |||
17492 | ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h> | ||
17493 | " | ||
17494 | if test "x$ac_cv_member_HEADER_ad" = xyes; then : | ||
17495 | |||
17496 | $as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h | ||
17497 | |||
17498 | fi | ||
17499 | |||
17500 | |||
17501 | fi | ||
17502 | |||
17503 | |||
17504 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5 | ||
17505 | $as_echo_n "checking if struct __res_state _res is an extern... " >&6; } | ||
17506 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17507 | /* end confdefs.h. */ | ||
17508 | |||
17509 | #include <stdio.h> | ||
17510 | #if HAVE_SYS_TYPES_H | ||
17511 | # include <sys/types.h> | ||
17512 | #endif | ||
17513 | #include <netinet/in.h> | ||
17514 | #include <arpa/nameser.h> | ||
17515 | #include <resolv.h> | ||
17516 | extern struct __res_state _res; | ||
17517 | |||
17518 | int | ||
17519 | main () | ||
17520 | { | ||
17521 | |||
17522 | struct __res_state *volatile p = &_res; /* force resolution of _res */ | ||
17523 | return 0; | ||
17524 | |||
17525 | ; | ||
17526 | return 0; | ||
17527 | } | ||
17528 | _ACEOF | ||
17529 | if ac_fn_c_try_link "$LINENO"; then : | ||
17530 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17531 | $as_echo "yes" >&6; } | ||
17532 | |||
17533 | $as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h | ||
17534 | |||
17535 | |||
17536 | else | ||
17537 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17538 | $as_echo "no" >&6; } | ||
17539 | |||
17540 | fi | ||
17541 | rm -f core conftest.err conftest.$ac_objext \ | ||
17542 | conftest$ac_exeext conftest.$ac_ext | ||
17543 | |||
17544 | # Check whether user wants SELinux support | ||
17545 | SELINUX_MSG="no" | ||
17546 | LIBSELINUX="" | ||
17547 | |||
17548 | # Check whether --with-selinux was given. | ||
17549 | if test "${with_selinux+set}" = set; then : | ||
17550 | withval=$with_selinux; if test "x$withval" != "xno" ; then | ||
17551 | save_LIBS="$LIBS" | ||
17552 | |||
17553 | $as_echo "#define WITH_SELINUX 1" >>confdefs.h | ||
17554 | |||
17555 | SELINUX_MSG="yes" | ||
17556 | ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" | ||
17557 | if test "x$ac_cv_header_selinux_selinux_h" = xyes; then : | ||
17558 | |||
17559 | else | ||
17560 | as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5 | ||
17561 | fi | ||
17562 | |||
17563 | |||
17564 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5 | ||
17565 | $as_echo_n "checking for setexeccon in -lselinux... " >&6; } | ||
17566 | if ${ac_cv_lib_selinux_setexeccon+:} false; then : | ||
17567 | $as_echo_n "(cached) " >&6 | ||
17568 | else | ||
17569 | ac_check_lib_save_LIBS=$LIBS | ||
17570 | LIBS="-lselinux $LIBS" | ||
17571 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17572 | /* end confdefs.h. */ | ||
17573 | |||
17574 | /* Override any GCC internal prototype to avoid an error. | ||
17575 | Use char because int might match the return type of a GCC | ||
17576 | builtin and then its argument prototype would still apply. */ | ||
17577 | #ifdef __cplusplus | ||
17578 | extern "C" | ||
17579 | #endif | ||
17580 | char setexeccon (); | ||
17581 | int | ||
17582 | main () | ||
17583 | { | ||
17584 | return setexeccon (); | ||
17585 | ; | ||
17586 | return 0; | ||
17587 | } | ||
17588 | _ACEOF | ||
17589 | if ac_fn_c_try_link "$LINENO"; then : | ||
17590 | ac_cv_lib_selinux_setexeccon=yes | ||
17591 | else | ||
17592 | ac_cv_lib_selinux_setexeccon=no | ||
17593 | fi | ||
17594 | rm -f core conftest.err conftest.$ac_objext \ | ||
17595 | conftest$ac_exeext conftest.$ac_ext | ||
17596 | LIBS=$ac_check_lib_save_LIBS | ||
17597 | fi | ||
17598 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5 | ||
17599 | $as_echo "$ac_cv_lib_selinux_setexeccon" >&6; } | ||
17600 | if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then : | ||
17601 | LIBSELINUX="-lselinux" | ||
17602 | LIBS="$LIBS -lselinux" | ||
17603 | |||
17604 | else | ||
17605 | as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5 | ||
17606 | fi | ||
17607 | |||
17608 | SSHLIBS="$SSHLIBS $LIBSELINUX" | ||
17609 | SSHDLIBS="$SSHDLIBS $LIBSELINUX" | ||
17610 | for ac_func in getseuserbyname get_default_context_with_level | ||
17611 | do : | ||
17612 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
17613 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
17614 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
17615 | cat >>confdefs.h <<_ACEOF | ||
17616 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
17617 | _ACEOF | ||
17618 | |||
17619 | fi | ||
17620 | done | ||
17621 | |||
17622 | LIBS="$save_LIBS" | ||
17623 | fi | ||
17624 | |||
17625 | fi | ||
17626 | |||
17627 | |||
17628 | |||
17629 | |||
17630 | # Check whether user wants Kerberos 5 support | ||
17631 | KRB5_MSG="no" | ||
17632 | |||
17633 | # Check whether --with-kerberos5 was given. | ||
17634 | if test "${with_kerberos5+set}" = set; then : | ||
17635 | withval=$with_kerberos5; if test "x$withval" != "xno" ; then | ||
17636 | if test "x$withval" = "xyes" ; then | ||
17637 | KRB5ROOT="/usr/local" | ||
17638 | else | ||
17639 | KRB5ROOT=${withval} | ||
17640 | fi | ||
17641 | |||
17642 | |||
17643 | $as_echo "#define KRB5 1" >>confdefs.h | ||
17644 | |||
17645 | KRB5_MSG="yes" | ||
17646 | |||
17647 | if test -n "$ac_tool_prefix"; then | ||
17648 | # Extract the first word of "${ac_tool_prefix}krb5-config", so it can be a program name with args. | ||
17649 | set dummy ${ac_tool_prefix}krb5-config; ac_word=$2 | ||
17650 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
17651 | $as_echo_n "checking for $ac_word... " >&6; } | ||
17652 | if ${ac_cv_path_KRB5CONF+:} false; then : | ||
17653 | $as_echo_n "(cached) " >&6 | ||
17654 | else | ||
17655 | case $KRB5CONF in | ||
17656 | [\\/]* | ?:[\\/]*) | ||
17657 | ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path. | ||
17658 | ;; | ||
17659 | *) | ||
17660 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
17661 | as_dummy="$KRB5ROOT/bin:$PATH" | ||
17662 | for as_dir in $as_dummy | ||
17663 | do | ||
17664 | IFS=$as_save_IFS | ||
17665 | test -z "$as_dir" && as_dir=. | ||
17666 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
17667 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
17668 | ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" | ||
17669 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
17670 | break 2 | ||
17671 | fi | ||
17672 | done | ||
17673 | done | ||
17674 | IFS=$as_save_IFS | ||
17675 | |||
17676 | ;; | ||
17677 | esac | ||
17678 | fi | ||
17679 | KRB5CONF=$ac_cv_path_KRB5CONF | ||
17680 | if test -n "$KRB5CONF"; then | ||
17681 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5 | ||
17682 | $as_echo "$KRB5CONF" >&6; } | ||
17683 | else | ||
17684 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17685 | $as_echo "no" >&6; } | ||
17686 | fi | ||
17687 | |||
17688 | |||
17689 | fi | ||
17690 | if test -z "$ac_cv_path_KRB5CONF"; then | ||
17691 | ac_pt_KRB5CONF=$KRB5CONF | ||
17692 | # Extract the first word of "krb5-config", so it can be a program name with args. | ||
17693 | set dummy krb5-config; ac_word=$2 | ||
17694 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
17695 | $as_echo_n "checking for $ac_word... " >&6; } | ||
17696 | if ${ac_cv_path_ac_pt_KRB5CONF+:} false; then : | ||
17697 | $as_echo_n "(cached) " >&6 | ||
17698 | else | ||
17699 | case $ac_pt_KRB5CONF in | ||
17700 | [\\/]* | ?:[\\/]*) | ||
17701 | ac_cv_path_ac_pt_KRB5CONF="$ac_pt_KRB5CONF" # Let the user override the test with a path. | ||
17702 | ;; | ||
17703 | *) | ||
17704 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
17705 | as_dummy="$KRB5ROOT/bin:$PATH" | ||
17706 | for as_dir in $as_dummy | ||
17707 | do | ||
17708 | IFS=$as_save_IFS | ||
17709 | test -z "$as_dir" && as_dir=. | ||
17710 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
17711 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
17712 | ac_cv_path_ac_pt_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" | ||
17713 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
17714 | break 2 | ||
17715 | fi | ||
17716 | done | ||
17717 | done | ||
17718 | IFS=$as_save_IFS | ||
17719 | |||
17720 | ;; | ||
17721 | esac | ||
17722 | fi | ||
17723 | ac_pt_KRB5CONF=$ac_cv_path_ac_pt_KRB5CONF | ||
17724 | if test -n "$ac_pt_KRB5CONF"; then | ||
17725 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_KRB5CONF" >&5 | ||
17726 | $as_echo "$ac_pt_KRB5CONF" >&6; } | ||
17727 | else | ||
17728 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17729 | $as_echo "no" >&6; } | ||
17730 | fi | ||
17731 | |||
17732 | if test "x$ac_pt_KRB5CONF" = x; then | ||
17733 | KRB5CONF="$KRB5ROOT/bin/krb5-config" | ||
17734 | else | ||
17735 | case $cross_compiling:$ac_tool_warned in | ||
17736 | yes:) | ||
17737 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
17738 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
17739 | ac_tool_warned=yes ;; | ||
17740 | esac | ||
17741 | KRB5CONF=$ac_pt_KRB5CONF | ||
17742 | fi | ||
17743 | else | ||
17744 | KRB5CONF="$ac_cv_path_KRB5CONF" | ||
17745 | fi | ||
17746 | |||
17747 | if test -x $KRB5CONF ; then | ||
17748 | K5CFLAGS="`$KRB5CONF --cflags`" | ||
17749 | K5LIBS="`$KRB5CONF --libs`" | ||
17750 | CPPFLAGS="$CPPFLAGS $K5CFLAGS" | ||
17751 | |||
17752 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5 | ||
17753 | $as_echo_n "checking for gssapi support... " >&6; } | ||
17754 | if $KRB5CONF | grep gssapi >/dev/null ; then | ||
17755 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17756 | $as_echo "yes" >&6; } | ||
17757 | |||
17758 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
17759 | |||
17760 | GSSCFLAGS="`$KRB5CONF --cflags gssapi`" | ||
17761 | GSSLIBS="`$KRB5CONF --libs gssapi`" | ||
17762 | CPPFLAGS="$CPPFLAGS $GSSCFLAGS" | ||
17763 | else | ||
17764 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17765 | $as_echo "no" >&6; } | ||
17766 | fi | ||
17767 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 | ||
17768 | $as_echo_n "checking whether we are using Heimdal... " >&6; } | ||
17769 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17770 | /* end confdefs.h. */ | ||
17771 | #include <krb5.h> | ||
17772 | |||
17773 | int | ||
17774 | main () | ||
17775 | { | ||
17776 | char *tmp = heimdal_version; | ||
17777 | ; | ||
17778 | return 0; | ||
17779 | } | ||
17780 | _ACEOF | ||
17781 | if ac_fn_c_try_compile "$LINENO"; then : | ||
17782 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17783 | $as_echo "yes" >&6; } | ||
17784 | |||
17785 | $as_echo "#define HEIMDAL 1" >>confdefs.h | ||
17786 | |||
17787 | else | ||
17788 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17789 | $as_echo "no" >&6; } | ||
17790 | |||
17791 | fi | ||
17792 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
17793 | else | ||
17794 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" | ||
17795 | LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" | ||
17796 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 | ||
17797 | $as_echo_n "checking whether we are using Heimdal... " >&6; } | ||
17798 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17799 | /* end confdefs.h. */ | ||
17800 | #include <krb5.h> | ||
17801 | |||
17802 | int | ||
17803 | main () | ||
17804 | { | ||
17805 | char *tmp = heimdal_version; | ||
17806 | ; | ||
17807 | return 0; | ||
17808 | } | ||
17809 | _ACEOF | ||
17810 | if ac_fn_c_try_compile "$LINENO"; then : | ||
17811 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17812 | $as_echo "yes" >&6; } | ||
17813 | $as_echo "#define HEIMDAL 1" >>confdefs.h | ||
17814 | |||
17815 | K5LIBS="-lkrb5" | ||
17816 | K5LIBS="$K5LIBS -lcom_err -lasn1" | ||
17817 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5 | ||
17818 | $as_echo_n "checking for net_write in -lroken... " >&6; } | ||
17819 | if ${ac_cv_lib_roken_net_write+:} false; then : | ||
17820 | $as_echo_n "(cached) " >&6 | ||
17821 | else | ||
17822 | ac_check_lib_save_LIBS=$LIBS | ||
17823 | LIBS="-lroken $LIBS" | ||
17824 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17825 | /* end confdefs.h. */ | ||
17826 | |||
17827 | /* Override any GCC internal prototype to avoid an error. | ||
17828 | Use char because int might match the return type of a GCC | ||
17829 | builtin and then its argument prototype would still apply. */ | ||
17830 | #ifdef __cplusplus | ||
17831 | extern "C" | ||
17832 | #endif | ||
17833 | char net_write (); | ||
17834 | int | ||
17835 | main () | ||
17836 | { | ||
17837 | return net_write (); | ||
17838 | ; | ||
17839 | return 0; | ||
17840 | } | ||
17841 | _ACEOF | ||
17842 | if ac_fn_c_try_link "$LINENO"; then : | ||
17843 | ac_cv_lib_roken_net_write=yes | ||
17844 | else | ||
17845 | ac_cv_lib_roken_net_write=no | ||
17846 | fi | ||
17847 | rm -f core conftest.err conftest.$ac_objext \ | ||
17848 | conftest$ac_exeext conftest.$ac_ext | ||
17849 | LIBS=$ac_check_lib_save_LIBS | ||
17850 | fi | ||
17851 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5 | ||
17852 | $as_echo "$ac_cv_lib_roken_net_write" >&6; } | ||
17853 | if test "x$ac_cv_lib_roken_net_write" = xyes; then : | ||
17854 | K5LIBS="$K5LIBS -lroken" | ||
17855 | fi | ||
17856 | |||
17857 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5 | ||
17858 | $as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; } | ||
17859 | if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then : | ||
17860 | $as_echo_n "(cached) " >&6 | ||
17861 | else | ||
17862 | ac_check_lib_save_LIBS=$LIBS | ||
17863 | LIBS="-ldes $LIBS" | ||
17864 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17865 | /* end confdefs.h. */ | ||
17866 | |||
17867 | /* Override any GCC internal prototype to avoid an error. | ||
17868 | Use char because int might match the return type of a GCC | ||
17869 | builtin and then its argument prototype would still apply. */ | ||
17870 | #ifdef __cplusplus | ||
17871 | extern "C" | ||
17872 | #endif | ||
17873 | char des_cbc_encrypt (); | ||
17874 | int | ||
17875 | main () | ||
17876 | { | ||
17877 | return des_cbc_encrypt (); | ||
17878 | ; | ||
17879 | return 0; | ||
17880 | } | ||
17881 | _ACEOF | ||
17882 | if ac_fn_c_try_link "$LINENO"; then : | ||
17883 | ac_cv_lib_des_des_cbc_encrypt=yes | ||
17884 | else | ||
17885 | ac_cv_lib_des_des_cbc_encrypt=no | ||
17886 | fi | ||
17887 | rm -f core conftest.err conftest.$ac_objext \ | ||
17888 | conftest$ac_exeext conftest.$ac_ext | ||
17889 | LIBS=$ac_check_lib_save_LIBS | ||
17890 | fi | ||
17891 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 | ||
17892 | $as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; } | ||
17893 | if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then : | ||
17894 | K5LIBS="$K5LIBS -ldes" | ||
17895 | fi | ||
17896 | |||
17897 | |||
17898 | else | ||
17899 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17900 | $as_echo "no" >&6; } | ||
17901 | K5LIBS="-lkrb5 -lk5crypto -lcom_err" | ||
17902 | |||
17903 | fi | ||
17904 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
17905 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 | ||
17906 | $as_echo_n "checking for library containing dn_expand... " >&6; } | ||
17907 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17908 | $as_echo_n "(cached) " >&6 | ||
17909 | else | ||
17910 | ac_func_search_save_LIBS=$LIBS | ||
17911 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17912 | /* end confdefs.h. */ | ||
17913 | |||
17914 | /* Override any GCC internal prototype to avoid an error. | ||
17915 | Use char because int might match the return type of a GCC | ||
17916 | builtin and then its argument prototype would still apply. */ | ||
17917 | #ifdef __cplusplus | ||
17918 | extern "C" | ||
17919 | #endif | ||
17920 | char dn_expand (); | ||
17921 | int | ||
17922 | main () | ||
17923 | { | ||
17924 | return dn_expand (); | ||
17925 | ; | ||
17926 | return 0; | ||
17927 | } | ||
17928 | _ACEOF | ||
17929 | for ac_lib in '' resolv; do | ||
17930 | if test -z "$ac_lib"; then | ||
17931 | ac_res="none required" | ||
17932 | else | ||
17933 | ac_res=-l$ac_lib | ||
17934 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
17935 | fi | ||
17936 | if ac_fn_c_try_link "$LINENO"; then : | ||
17937 | ac_cv_search_dn_expand=$ac_res | ||
17938 | fi | ||
17939 | rm -f core conftest.err conftest.$ac_objext \ | ||
17940 | conftest$ac_exeext | ||
17941 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17942 | break | ||
17943 | fi | ||
17944 | done | ||
17945 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17946 | |||
17947 | else | ||
17948 | ac_cv_search_dn_expand=no | ||
17949 | fi | ||
17950 | rm conftest.$ac_ext | ||
17951 | LIBS=$ac_func_search_save_LIBS | ||
17952 | fi | ||
17953 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 | ||
17954 | $as_echo "$ac_cv_search_dn_expand" >&6; } | ||
17955 | ac_res=$ac_cv_search_dn_expand | ||
17956 | if test "$ac_res" != no; then : | ||
17957 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
17958 | |||
17959 | fi | ||
17960 | |||
17961 | |||
17962 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5 | ||
17963 | $as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; } | ||
17964 | if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then : | ||
17965 | $as_echo_n "(cached) " >&6 | ||
17966 | else | ||
17967 | ac_check_lib_save_LIBS=$LIBS | ||
17968 | LIBS="-lgssapi_krb5 $LIBS" | ||
17969 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17970 | /* end confdefs.h. */ | ||
17971 | |||
17972 | /* Override any GCC internal prototype to avoid an error. | ||
17973 | Use char because int might match the return type of a GCC | ||
17974 | builtin and then its argument prototype would still apply. */ | ||
17975 | #ifdef __cplusplus | ||
17976 | extern "C" | ||
17977 | #endif | ||
17978 | char gss_init_sec_context (); | ||
17979 | int | ||
17980 | main () | ||
17981 | { | ||
17982 | return gss_init_sec_context (); | ||
17983 | ; | ||
17984 | return 0; | ||
17985 | } | ||
17986 | _ACEOF | ||
17987 | if ac_fn_c_try_link "$LINENO"; then : | ||
17988 | ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes | ||
17989 | else | ||
17990 | ac_cv_lib_gssapi_krb5_gss_init_sec_context=no | ||
17991 | fi | ||
17992 | rm -f core conftest.err conftest.$ac_objext \ | ||
17993 | conftest$ac_exeext conftest.$ac_ext | ||
17994 | LIBS=$ac_check_lib_save_LIBS | ||
17995 | fi | ||
17996 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 | ||
17997 | $as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; } | ||
17998 | if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then : | ||
17999 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
18000 | |||
18001 | GSSLIBS="-lgssapi_krb5" | ||
18002 | else | ||
18003 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5 | ||
18004 | $as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; } | ||
18005 | if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then : | ||
18006 | $as_echo_n "(cached) " >&6 | ||
18007 | else | ||
18008 | ac_check_lib_save_LIBS=$LIBS | ||
18009 | LIBS="-lgssapi $LIBS" | ||
18010 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18011 | /* end confdefs.h. */ | ||
18012 | |||
18013 | /* Override any GCC internal prototype to avoid an error. | ||
18014 | Use char because int might match the return type of a GCC | ||
18015 | builtin and then its argument prototype would still apply. */ | ||
18016 | #ifdef __cplusplus | ||
18017 | extern "C" | ||
18018 | #endif | ||
18019 | char gss_init_sec_context (); | ||
18020 | int | ||
18021 | main () | ||
18022 | { | ||
18023 | return gss_init_sec_context (); | ||
18024 | ; | ||
18025 | return 0; | ||
18026 | } | ||
18027 | _ACEOF | ||
18028 | if ac_fn_c_try_link "$LINENO"; then : | ||
18029 | ac_cv_lib_gssapi_gss_init_sec_context=yes | ||
18030 | else | ||
18031 | ac_cv_lib_gssapi_gss_init_sec_context=no | ||
18032 | fi | ||
18033 | rm -f core conftest.err conftest.$ac_objext \ | ||
18034 | conftest$ac_exeext conftest.$ac_ext | ||
18035 | LIBS=$ac_check_lib_save_LIBS | ||
18036 | fi | ||
18037 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 | ||
18038 | $as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; } | ||
18039 | if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then : | ||
18040 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
18041 | |||
18042 | GSSLIBS="-lgssapi" | ||
18043 | else | ||
18044 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5 | ||
18045 | $as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; } | ||
18046 | if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then : | ||
18047 | $as_echo_n "(cached) " >&6 | ||
18048 | else | ||
18049 | ac_check_lib_save_LIBS=$LIBS | ||
18050 | LIBS="-lgss $LIBS" | ||
18051 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18052 | /* end confdefs.h. */ | ||
18053 | |||
18054 | /* Override any GCC internal prototype to avoid an error. | ||
18055 | Use char because int might match the return type of a GCC | ||
18056 | builtin and then its argument prototype would still apply. */ | ||
18057 | #ifdef __cplusplus | ||
18058 | extern "C" | ||
18059 | #endif | ||
18060 | char gss_init_sec_context (); | ||
18061 | int | ||
18062 | main () | ||
18063 | { | ||
18064 | return gss_init_sec_context (); | ||
18065 | ; | ||
18066 | return 0; | ||
18067 | } | ||
18068 | _ACEOF | ||
18069 | if ac_fn_c_try_link "$LINENO"; then : | ||
18070 | ac_cv_lib_gss_gss_init_sec_context=yes | ||
18071 | else | ||
18072 | ac_cv_lib_gss_gss_init_sec_context=no | ||
18073 | fi | ||
18074 | rm -f core conftest.err conftest.$ac_objext \ | ||
18075 | conftest$ac_exeext conftest.$ac_ext | ||
18076 | LIBS=$ac_check_lib_save_LIBS | ||
18077 | fi | ||
18078 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5 | ||
18079 | $as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; } | ||
18080 | if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then : | ||
18081 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
18082 | |||
18083 | GSSLIBS="-lgss" | ||
18084 | else | ||
18085 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 | ||
18086 | $as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} | ||
18087 | fi | ||
18088 | |||
18089 | |||
18090 | fi | ||
18091 | |||
18092 | |||
18093 | fi | ||
18094 | |||
18095 | |||
18096 | ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" | ||
18097 | if test "x$ac_cv_header_gssapi_h" = xyes; then : | ||
18098 | |||
18099 | else | ||
18100 | unset ac_cv_header_gssapi_h | ||
18101 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | ||
18102 | for ac_header in gssapi.h | ||
18103 | do : | ||
18104 | ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" | ||
18105 | if test "x$ac_cv_header_gssapi_h" = xyes; then : | ||
18106 | cat >>confdefs.h <<_ACEOF | ||
18107 | #define HAVE_GSSAPI_H 1 | ||
18108 | _ACEOF | ||
18109 | |||
18110 | else | ||
18111 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 | ||
18112 | $as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} | ||
18113 | |||
18114 | fi | ||
18115 | |||
18116 | done | ||
18117 | |||
18118 | |||
18119 | |||
18120 | fi | ||
18121 | |||
18122 | |||
18123 | |||
18124 | oldCPP="$CPPFLAGS" | ||
18125 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | ||
18126 | ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default" | ||
18127 | if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then : | ||
18128 | |||
18129 | else | ||
18130 | CPPFLAGS="$oldCPP" | ||
18131 | fi | ||
18132 | |||
18133 | |||
18134 | |||
18135 | fi | ||
18136 | if test -n "${rpath_opt}" ; then | ||
18137 | LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" | ||
18138 | fi | ||
18139 | if test ! -z "$blibpath" ; then | ||
18140 | blibpath="$blibpath:${KRB5ROOT}/lib" | ||
18141 | fi | ||
18142 | |||
18143 | for ac_header in gssapi.h gssapi/gssapi.h | ||
18144 | do : | ||
18145 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
18146 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
18147 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
18148 | cat >>confdefs.h <<_ACEOF | ||
18149 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
18150 | _ACEOF | ||
18151 | |||
18152 | fi | ||
18153 | |||
18154 | done | ||
18155 | |||
18156 | for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h | ||
18157 | do : | ||
18158 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
18159 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
18160 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
18161 | cat >>confdefs.h <<_ACEOF | ||
18162 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
18163 | _ACEOF | ||
18164 | |||
18165 | fi | ||
18166 | |||
18167 | done | ||
18168 | |||
18169 | for ac_header in gssapi_generic.h gssapi/gssapi_generic.h | ||
18170 | do : | ||
18171 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
18172 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
18173 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
18174 | cat >>confdefs.h <<_ACEOF | ||
18175 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
18176 | _ACEOF | ||
18177 | |||
18178 | fi | ||
18179 | |||
18180 | done | ||
18181 | |||
18182 | |||
18183 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5 | ||
18184 | $as_echo_n "checking for library containing k_hasafs... " >&6; } | ||
18185 | if ${ac_cv_search_k_hasafs+:} false; then : | ||
18186 | $as_echo_n "(cached) " >&6 | ||
18187 | else | ||
18188 | ac_func_search_save_LIBS=$LIBS | ||
18189 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18190 | /* end confdefs.h. */ | ||
18191 | |||
18192 | /* Override any GCC internal prototype to avoid an error. | ||
18193 | Use char because int might match the return type of a GCC | ||
18194 | builtin and then its argument prototype would still apply. */ | ||
18195 | #ifdef __cplusplus | ||
18196 | extern "C" | ||
18197 | #endif | ||
18198 | char k_hasafs (); | ||
18199 | int | ||
18200 | main () | ||
18201 | { | ||
18202 | return k_hasafs (); | ||
18203 | ; | ||
18204 | return 0; | ||
18205 | } | ||
18206 | _ACEOF | ||
18207 | for ac_lib in '' kafs; do | ||
18208 | if test -z "$ac_lib"; then | ||
18209 | ac_res="none required" | ||
18210 | else | ||
18211 | ac_res=-l$ac_lib | ||
18212 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
18213 | fi | ||
18214 | if ac_fn_c_try_link "$LINENO"; then : | ||
18215 | ac_cv_search_k_hasafs=$ac_res | ||
18216 | fi | ||
18217 | rm -f core conftest.err conftest.$ac_objext \ | ||
18218 | conftest$ac_exeext | ||
18219 | if ${ac_cv_search_k_hasafs+:} false; then : | ||
18220 | break | ||
18221 | fi | ||
18222 | done | ||
18223 | if ${ac_cv_search_k_hasafs+:} false; then : | ||
18224 | |||
18225 | else | ||
18226 | ac_cv_search_k_hasafs=no | ||
18227 | fi | ||
18228 | rm conftest.$ac_ext | ||
18229 | LIBS=$ac_func_search_save_LIBS | ||
18230 | fi | ||
18231 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5 | ||
18232 | $as_echo "$ac_cv_search_k_hasafs" >&6; } | ||
18233 | ac_res=$ac_cv_search_k_hasafs | ||
18234 | if test "$ac_res" != no; then : | ||
18235 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
18236 | |||
18237 | $as_echo "#define USE_AFS 1" >>confdefs.h | ||
18238 | |||
18239 | fi | ||
18240 | |||
18241 | |||
18242 | ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" " | ||
18243 | #ifdef HAVE_GSSAPI_H | ||
18244 | # include <gssapi.h> | ||
18245 | #elif defined(HAVE_GSSAPI_GSSAPI_H) | ||
18246 | # include <gssapi/gssapi.h> | ||
18247 | #endif | ||
18248 | |||
18249 | #ifdef HAVE_GSSAPI_GENERIC_H | ||
18250 | # include <gssapi_generic.h> | ||
18251 | #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) | ||
18252 | # include <gssapi/gssapi_generic.h> | ||
18253 | #endif | ||
18254 | |||
18255 | " | ||
18256 | if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then : | ||
18257 | ac_have_decl=1 | ||
18258 | else | ||
18259 | ac_have_decl=0 | ||
18260 | fi | ||
18261 | |||
18262 | cat >>confdefs.h <<_ACEOF | ||
18263 | #define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl | ||
18264 | _ACEOF | ||
18265 | |||
18266 | saved_LIBS="$LIBS" | ||
18267 | LIBS="$LIBS $K5LIBS" | ||
18268 | for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message | ||
18269 | do : | ||
18270 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
18271 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
18272 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
18273 | cat >>confdefs.h <<_ACEOF | ||
18274 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
18275 | _ACEOF | ||
18276 | |||
18277 | fi | ||
18278 | done | ||
18279 | |||
18280 | LIBS="$saved_LIBS" | ||
18281 | |||
18282 | fi | ||
18283 | |||
18284 | |||
18285 | fi | ||
18286 | |||
18287 | |||
18288 | |||
18289 | |||
18290 | # Looking for programs, paths and files | ||
18291 | |||
18292 | PRIVSEP_PATH=/var/empty | ||
18293 | |||
18294 | # Check whether --with-privsep-path was given. | ||
18295 | if test "${with_privsep_path+set}" = set; then : | ||
18296 | withval=$with_privsep_path; | ||
18297 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
18298 | test "x${withval}" != "xyes"; then | ||
18299 | PRIVSEP_PATH=$withval | ||
18300 | fi | ||
18301 | |||
18302 | |||
18303 | fi | ||
18304 | |||
18305 | |||
18306 | |||
18307 | |||
18308 | # Check whether --with-xauth was given. | ||
18309 | if test "${with_xauth+set}" = set; then : | ||
18310 | withval=$with_xauth; | ||
18311 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
18312 | test "x${withval}" != "xyes"; then | ||
18313 | xauth_path=$withval | ||
18314 | fi | ||
18315 | |||
18316 | else | ||
18317 | |||
18318 | TestPath="$PATH" | ||
18319 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" | ||
18320 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" | ||
18321 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" | ||
18322 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" | ||
18323 | # Extract the first word of "xauth", so it can be a program name with args. | ||
18324 | set dummy xauth; ac_word=$2 | ||
18325 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
18326 | $as_echo_n "checking for $ac_word... " >&6; } | ||
18327 | if ${ac_cv_path_xauth_path+:} false; then : | ||
18328 | $as_echo_n "(cached) " >&6 | ||
18329 | else | ||
18330 | case $xauth_path in | ||
18331 | [\\/]* | ?:[\\/]*) | ||
18332 | ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path. | ||
18333 | ;; | ||
18334 | *) | ||
18335 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
18336 | for as_dir in $TestPath | ||
18337 | do | ||
18338 | IFS=$as_save_IFS | ||
18339 | test -z "$as_dir" && as_dir=. | ||
18340 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
18341 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
18342 | ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext" | ||
18343 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
18344 | break 2 | ||
18345 | fi | ||
18346 | done | ||
18347 | done | ||
18348 | IFS=$as_save_IFS | ||
18349 | |||
18350 | ;; | ||
18351 | esac | ||
18352 | fi | ||
18353 | xauth_path=$ac_cv_path_xauth_path | ||
18354 | if test -n "$xauth_path"; then | ||
18355 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5 | ||
18356 | $as_echo "$xauth_path" >&6; } | ||
18357 | else | ||
18358 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18359 | $as_echo "no" >&6; } | ||
18360 | fi | ||
18361 | |||
18362 | |||
18363 | if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then | ||
18364 | xauth_path="/usr/openwin/bin/xauth" | ||
18365 | fi | ||
18366 | |||
18367 | |||
18368 | fi | ||
18369 | |||
18370 | |||
18371 | STRIP_OPT=-s | ||
18372 | # Check whether --enable-strip was given. | ||
18373 | if test "${enable_strip+set}" = set; then : | ||
18374 | enableval=$enable_strip; | ||
18375 | if test "x$enableval" = "xno" ; then | ||
18376 | STRIP_OPT= | ||
18377 | fi | ||
18378 | |||
18379 | |||
18380 | fi | ||
18381 | |||
18382 | |||
18383 | |||
18384 | if test -z "$xauth_path" ; then | ||
18385 | XAUTH_PATH="undefined" | ||
18386 | |||
18387 | else | ||
18388 | |||
18389 | cat >>confdefs.h <<_ACEOF | ||
18390 | #define XAUTH_PATH "$xauth_path" | ||
18391 | _ACEOF | ||
18392 | |||
18393 | XAUTH_PATH=$xauth_path | ||
18394 | |||
18395 | fi | ||
18396 | |||
18397 | # Check for mail directory | ||
18398 | |||
18399 | # Check whether --with-maildir was given. | ||
18400 | if test "${with_maildir+set}" = set; then : | ||
18401 | withval=$with_maildir; | ||
18402 | if test "X$withval" != X && test "x$withval" != xno && \ | ||
18403 | test "x${withval}" != xyes; then | ||
18404 | |||
18405 | cat >>confdefs.h <<_ACEOF | ||
18406 | #define MAIL_DIRECTORY "$withval" | ||
18407 | _ACEOF | ||
18408 | |||
18409 | fi | ||
18410 | |||
18411 | else | ||
18412 | |||
18413 | if test "X$maildir" != "X"; then | ||
18414 | cat >>confdefs.h <<_ACEOF | ||
18415 | #define MAIL_DIRECTORY "$maildir" | ||
18416 | _ACEOF | ||
18417 | |||
18418 | else | ||
18419 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5 | ||
18420 | $as_echo_n "checking Discovering system mail directory... " >&6; } | ||
18421 | if test "$cross_compiling" = yes; then : | ||
18422 | |||
18423 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5 | ||
18424 | $as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;} | ||
18425 | |||
18426 | |||
18427 | else | ||
18428 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18429 | /* end confdefs.h. */ | ||
18430 | |||
18431 | #include <stdio.h> | ||
18432 | #include <string.h> | ||
18433 | #ifdef HAVE_PATHS_H | ||
18434 | #include <paths.h> | ||
18435 | #endif | ||
18436 | #ifdef HAVE_MAILLOCK_H | ||
18437 | #include <maillock.h> | ||
18438 | #endif | ||
18439 | #define DATA "conftest.maildir" | ||
18440 | |||
18441 | int | ||
18442 | main () | ||
18443 | { | ||
18444 | |||
18445 | FILE *fd; | ||
18446 | int rc; | ||
18447 | |||
18448 | fd = fopen(DATA,"w"); | ||
18449 | if(fd == NULL) | ||
18450 | exit(1); | ||
18451 | |||
18452 | #if defined (_PATH_MAILDIR) | ||
18453 | if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) | ||
18454 | exit(1); | ||
18455 | #elif defined (MAILDIR) | ||
18456 | if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) | ||
18457 | exit(1); | ||
18458 | #elif defined (_PATH_MAIL) | ||
18459 | if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) | ||
18460 | exit(1); | ||
18461 | #else | ||
18462 | exit (2); | ||
18463 | #endif | ||
18464 | |||
18465 | exit(0); | ||
18466 | |||
18467 | ; | ||
18468 | return 0; | ||
18469 | } | ||
18470 | _ACEOF | ||
18471 | if ac_fn_c_try_run "$LINENO"; then : | ||
18472 | |||
18473 | maildir_what=`awk -F: '{print $1}' conftest.maildir` | ||
18474 | maildir=`awk -F: '{print $2}' conftest.maildir \ | ||
18475 | | sed 's|/$||'` | ||
18476 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5 | ||
18477 | $as_echo "Using: $maildir from $maildir_what" >&6; } | ||
18478 | if test "x$maildir_what" != "x_PATH_MAILDIR"; then | ||
18479 | cat >>confdefs.h <<_ACEOF | ||
18480 | #define MAIL_DIRECTORY "$maildir" | ||
18481 | _ACEOF | ||
18482 | |||
18483 | fi | ||
18484 | |||
18485 | else | ||
18486 | |||
18487 | if test "X$ac_status" = "X2";then | ||
18488 | # our test program didn't find it. Default to /var/spool/mail | ||
18489 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5 | ||
18490 | $as_echo "Using: default value of /var/spool/mail" >&6; } | ||
18491 | cat >>confdefs.h <<_ACEOF | ||
18492 | #define MAIL_DIRECTORY "/var/spool/mail" | ||
18493 | _ACEOF | ||
18494 | |||
18495 | else | ||
18496 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5 | ||
18497 | $as_echo "*** not found ***" >&6; } | ||
18498 | fi | ||
18499 | |||
18500 | fi | ||
18501 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
18502 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
18503 | fi | ||
18504 | |||
18505 | fi | ||
18506 | |||
18507 | |||
18508 | fi | ||
18509 | # maildir | ||
18510 | |||
18511 | if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then | ||
18512 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5 | ||
18513 | $as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;} | ||
18514 | disable_ptmx_check=yes | ||
18515 | fi | ||
18516 | if test -z "$no_dev_ptmx" ; then | ||
18517 | if test "x$disable_ptmx_check" != "xyes" ; then | ||
18518 | as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` | ||
18519 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 | ||
18520 | $as_echo_n "checking for \"/dev/ptmx\"... " >&6; } | ||
18521 | if eval \${$as_ac_File+:} false; then : | ||
18522 | $as_echo_n "(cached) " >&6 | ||
18523 | else | ||
18524 | test "$cross_compiling" = yes && | ||
18525 | as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 | ||
18526 | if test -r ""/dev/ptmx""; then | ||
18527 | eval "$as_ac_File=yes" | ||
18528 | else | ||
18529 | eval "$as_ac_File=no" | ||
18530 | fi | ||
18531 | fi | ||
18532 | eval ac_res=\$$as_ac_File | ||
18533 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
18534 | $as_echo "$ac_res" >&6; } | ||
18535 | if eval test \"x\$"$as_ac_File"\" = x"yes"; then : | ||
18536 | |||
18537 | |||
18538 | cat >>confdefs.h <<_ACEOF | ||
18539 | #define HAVE_DEV_PTMX 1 | ||
18540 | _ACEOF | ||
18541 | |||
18542 | have_dev_ptmx=1 | ||
18543 | |||
18544 | |||
18545 | fi | ||
18546 | |||
18547 | fi | ||
18548 | fi | ||
18549 | |||
18550 | if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then | ||
18551 | as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh` | ||
18552 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 | ||
18553 | $as_echo_n "checking for \"/dev/ptc\"... " >&6; } | ||
18554 | if eval \${$as_ac_File+:} false; then : | ||
18555 | $as_echo_n "(cached) " >&6 | ||
18556 | else | ||
18557 | test "$cross_compiling" = yes && | ||
18558 | as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 | ||
18559 | if test -r ""/dev/ptc""; then | ||
18560 | eval "$as_ac_File=yes" | ||
18561 | else | ||
18562 | eval "$as_ac_File=no" | ||
18563 | fi | ||
18564 | fi | ||
18565 | eval ac_res=\$$as_ac_File | ||
18566 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
18567 | $as_echo "$ac_res" >&6; } | ||
18568 | if eval test \"x\$"$as_ac_File"\" = x"yes"; then : | ||
18569 | |||
18570 | |||
18571 | cat >>confdefs.h <<_ACEOF | ||
18572 | #define HAVE_DEV_PTS_AND_PTC 1 | ||
18573 | _ACEOF | ||
18574 | |||
18575 | have_dev_ptc=1 | ||
18576 | |||
18577 | |||
18578 | fi | ||
18579 | |||
18580 | else | ||
18581 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5 | ||
18582 | $as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;} | ||
18583 | fi | ||
18584 | |||
18585 | # Options from here on. Some of these are preset by platform above | ||
18586 | |||
18587 | # Check whether --with-mantype was given. | ||
18588 | if test "${with_mantype+set}" = set; then : | ||
18589 | withval=$with_mantype; | ||
18590 | case "$withval" in | ||
18591 | man|cat|doc) | ||
18592 | MANTYPE=$withval | ||
18593 | ;; | ||
18594 | *) | ||
18595 | as_fn_error $? "invalid man type: $withval" "$LINENO" 5 | ||
18596 | ;; | ||
18597 | esac | ||
18598 | |||
18599 | |||
18600 | fi | ||
18601 | |||
18602 | if test -z "$MANTYPE"; then | ||
18603 | if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then | ||
18604 | MANTYPE=doc | ||
18605 | elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then | ||
18606 | MANTYPE=doc | ||
18607 | elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then | ||
18608 | MANTYPE=man | ||
18609 | else | ||
18610 | MANTYPE=cat | ||
18611 | fi | ||
18612 | fi | ||
18613 | |||
18614 | if test "$MANTYPE" = "doc"; then | ||
18615 | mansubdir=man; | ||
18616 | else | ||
18617 | mansubdir=$MANTYPE; | ||
18618 | fi | ||
18619 | |||
18620 | |||
18621 | # Check whether to enable MD5 passwords | ||
18622 | MD5_MSG="no" | ||
18623 | |||
18624 | # Check whether --with-md5-passwords was given. | ||
18625 | if test "${with_md5_passwords+set}" = set; then : | ||
18626 | withval=$with_md5_passwords; | ||
18627 | if test "x$withval" != "xno" ; then | ||
18628 | |||
18629 | $as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h | ||
18630 | |||
18631 | MD5_MSG="yes" | ||
18632 | fi | ||
18633 | |||
18634 | |||
18635 | fi | ||
18636 | |||
18637 | |||
18638 | # Whether to disable shadow password support | ||
18639 | |||
18640 | # Check whether --with-shadow was given. | ||
18641 | if test "${with_shadow+set}" = set; then : | ||
18642 | withval=$with_shadow; | ||
18643 | if test "x$withval" = "xno" ; then | ||
18644 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
18645 | |||
18646 | disable_shadow=yes | ||
18647 | fi | ||
18648 | |||
18649 | |||
18650 | fi | ||
18651 | |||
18652 | |||
18653 | if test -z "$disable_shadow" ; then | ||
18654 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5 | ||
18655 | $as_echo_n "checking if the systems has expire shadow information... " >&6; } | ||
18656 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18657 | /* end confdefs.h. */ | ||
18658 | |||
18659 | #include <sys/types.h> | ||
18660 | #include <shadow.h> | ||
18661 | struct spwd sp; | ||
18662 | |||
18663 | int | ||
18664 | main () | ||
18665 | { | ||
18666 | sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; | ||
18667 | ; | ||
18668 | return 0; | ||
18669 | } | ||
18670 | _ACEOF | ||
18671 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18672 | sp_expire_available=yes | ||
18673 | fi | ||
18674 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18675 | |||
18676 | if test "x$sp_expire_available" = "xyes" ; then | ||
18677 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18678 | $as_echo "yes" >&6; } | ||
18679 | |||
18680 | $as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h | ||
18681 | |||
18682 | else | ||
18683 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18684 | $as_echo "no" >&6; } | ||
18685 | fi | ||
18686 | fi | ||
18687 | |||
18688 | # Use ip address instead of hostname in $DISPLAY | ||
18689 | if test ! -z "$IPADDR_IN_DISPLAY" ; then | ||
18690 | DISPLAY_HACK_MSG="yes" | ||
18691 | |||
18692 | $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h | ||
18693 | |||
18694 | else | ||
18695 | DISPLAY_HACK_MSG="no" | ||
18696 | |||
18697 | # Check whether --with-ipaddr-display was given. | ||
18698 | if test "${with_ipaddr_display+set}" = set; then : | ||
18699 | withval=$with_ipaddr_display; | ||
18700 | if test "x$withval" != "xno" ; then | ||
18701 | $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h | ||
18702 | |||
18703 | DISPLAY_HACK_MSG="yes" | ||
18704 | fi | ||
18705 | |||
18706 | |||
18707 | fi | ||
18708 | |||
18709 | fi | ||
18710 | |||
18711 | # check for /etc/default/login and use it if present. | ||
18712 | # Check whether --enable-etc-default-login was given. | ||
18713 | if test "${enable_etc_default_login+set}" = set; then : | ||
18714 | enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then | ||
18715 | { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5 | ||
18716 | $as_echo "$as_me: /etc/default/login handling disabled" >&6;} | ||
18717 | etc_default_login=no | ||
18718 | else | ||
18719 | etc_default_login=yes | ||
18720 | fi | ||
18721 | else | ||
18722 | if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; | ||
18723 | then | ||
18724 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5 | ||
18725 | $as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;} | ||
18726 | etc_default_login=no | ||
18727 | else | ||
18728 | etc_default_login=yes | ||
18729 | fi | ||
18730 | |||
18731 | fi | ||
18732 | |||
18733 | |||
18734 | if test "x$etc_default_login" != "xno"; then | ||
18735 | as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh` | ||
18736 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5 | ||
18737 | $as_echo_n "checking for \"/etc/default/login\"... " >&6; } | ||
18738 | if eval \${$as_ac_File+:} false; then : | ||
18739 | $as_echo_n "(cached) " >&6 | ||
18740 | else | ||
18741 | test "$cross_compiling" = yes && | ||
18742 | as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 | ||
18743 | if test -r ""/etc/default/login""; then | ||
18744 | eval "$as_ac_File=yes" | ||
18745 | else | ||
18746 | eval "$as_ac_File=no" | ||
18747 | fi | ||
18748 | fi | ||
18749 | eval ac_res=\$$as_ac_File | ||
18750 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
18751 | $as_echo "$ac_res" >&6; } | ||
18752 | if eval test \"x\$"$as_ac_File"\" = x"yes"; then : | ||
18753 | external_path_file=/etc/default/login | ||
18754 | fi | ||
18755 | |||
18756 | if test "x$external_path_file" = "x/etc/default/login"; then | ||
18757 | |||
18758 | $as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h | ||
18759 | |||
18760 | fi | ||
18761 | fi | ||
18762 | |||
18763 | if test $ac_cv_func_login_getcapbool = "yes" && \ | ||
18764 | test $ac_cv_header_login_cap_h = "yes" ; then | ||
18765 | external_path_file=/etc/login.conf | ||
18766 | fi | ||
18767 | |||
18768 | # Whether to mess with the default path | ||
18769 | SERVER_PATH_MSG="(default)" | ||
18770 | |||
18771 | # Check whether --with-default-path was given. | ||
18772 | if test "${with_default_path+set}" = set; then : | ||
18773 | withval=$with_default_path; | ||
18774 | if test "x$external_path_file" = "x/etc/login.conf" ; then | ||
18775 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: | ||
18776 | --with-default-path=PATH has no effect on this system. | ||
18777 | Edit /etc/login.conf instead." >&5 | ||
18778 | $as_echo "$as_me: WARNING: | ||
18779 | --with-default-path=PATH has no effect on this system. | ||
18780 | Edit /etc/login.conf instead." >&2;} | ||
18781 | elif test "x$withval" != "xno" ; then | ||
18782 | if test ! -z "$external_path_file" ; then | ||
18783 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: | ||
18784 | --with-default-path=PATH will only be used if PATH is not defined in | ||
18785 | $external_path_file ." >&5 | ||
18786 | $as_echo "$as_me: WARNING: | ||
18787 | --with-default-path=PATH will only be used if PATH is not defined in | ||
18788 | $external_path_file ." >&2;} | ||
18789 | fi | ||
18790 | user_path="$withval" | ||
18791 | SERVER_PATH_MSG="$withval" | ||
18792 | fi | ||
18793 | |||
18794 | else | ||
18795 | if test "x$external_path_file" = "x/etc/login.conf" ; then | ||
18796 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 | ||
18797 | $as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} | ||
18798 | else | ||
18799 | if test ! -z "$external_path_file" ; then | ||
18800 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: | ||
18801 | If PATH is defined in $external_path_file, ensure the path to scp is included, | ||
18802 | otherwise scp will not work." >&5 | ||
18803 | $as_echo "$as_me: WARNING: | ||
18804 | If PATH is defined in $external_path_file, ensure the path to scp is included, | ||
18805 | otherwise scp will not work." >&2;} | ||
18806 | fi | ||
18807 | if test "$cross_compiling" = yes; then : | ||
18808 | user_path="/usr/bin:/bin:/usr/sbin:/sbin" | ||
18809 | |||
18810 | else | ||
18811 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18812 | /* end confdefs.h. */ | ||
18813 | |||
18814 | /* find out what STDPATH is */ | ||
18815 | #include <stdio.h> | ||
18816 | #ifdef HAVE_PATHS_H | ||
18817 | # include <paths.h> | ||
18818 | #endif | ||
18819 | #ifndef _PATH_STDPATH | ||
18820 | # ifdef _PATH_USERPATH /* Irix */ | ||
18821 | # define _PATH_STDPATH _PATH_USERPATH | ||
18822 | # else | ||
18823 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | ||
18824 | # endif | ||
18825 | #endif | ||
18826 | #include <sys/types.h> | ||
18827 | #include <sys/stat.h> | ||
18828 | #include <fcntl.h> | ||
18829 | #define DATA "conftest.stdpath" | ||
18830 | |||
18831 | int | ||
18832 | main () | ||
18833 | { | ||
18834 | |||
18835 | FILE *fd; | ||
18836 | int rc; | ||
18837 | |||
18838 | fd = fopen(DATA,"w"); | ||
18839 | if(fd == NULL) | ||
18840 | exit(1); | ||
18841 | |||
18842 | if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) | ||
18843 | exit(1); | ||
18844 | |||
18845 | exit(0); | ||
18846 | |||
18847 | ; | ||
18848 | return 0; | ||
18849 | } | ||
18850 | _ACEOF | ||
18851 | if ac_fn_c_try_run "$LINENO"; then : | ||
18852 | user_path=`cat conftest.stdpath` | ||
18853 | else | ||
18854 | user_path="/usr/bin:/bin:/usr/sbin:/sbin" | ||
18855 | fi | ||
18856 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
18857 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
18858 | fi | ||
18859 | |||
18860 | # make sure $bindir is in USER_PATH so scp will work | ||
18861 | t_bindir="${bindir}" | ||
18862 | while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do | ||
18863 | t_bindir=`eval echo ${t_bindir}` | ||
18864 | case $t_bindir in | ||
18865 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; | ||
18866 | esac | ||
18867 | case $t_bindir in | ||
18868 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
18869 | esac | ||
18870 | done | ||
18871 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 | ||
18872 | if test $? -ne 0 ; then | ||
18873 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 | ||
18874 | if test $? -ne 0 ; then | ||
18875 | user_path=$user_path:$t_bindir | ||
18876 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5 | ||
18877 | $as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; } | ||
18878 | fi | ||
18879 | fi | ||
18880 | fi | ||
18881 | |||
18882 | fi | ||
18883 | |||
18884 | if test "x$external_path_file" != "x/etc/login.conf" ; then | ||
18885 | |||
18886 | cat >>confdefs.h <<_ACEOF | ||
18887 | #define USER_PATH "$user_path" | ||
18888 | _ACEOF | ||
18889 | |||
18890 | |||
18891 | fi | ||
18892 | |||
18893 | # Set superuser path separately to user path | ||
18894 | |||
18895 | # Check whether --with-superuser-path was given. | ||
18896 | if test "${with_superuser_path+set}" = set; then : | ||
18897 | withval=$with_superuser_path; | ||
18898 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
18899 | test "x${withval}" != "xyes"; then | ||
18900 | |||
18901 | cat >>confdefs.h <<_ACEOF | ||
18902 | #define SUPERUSER_PATH "$withval" | ||
18903 | _ACEOF | ||
18904 | |||
18905 | superuser_path=$withval | ||
18906 | fi | ||
18907 | |||
18908 | |||
18909 | fi | ||
18910 | |||
18911 | |||
18912 | |||
18913 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 | ||
18914 | $as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; } | ||
18915 | IPV4_IN6_HACK_MSG="no" | ||
18916 | |||
18917 | # Check whether --with-4in6 was given. | ||
18918 | if test "${with_4in6+set}" = set; then : | ||
18919 | withval=$with_4in6; | ||
18920 | if test "x$withval" != "xno" ; then | ||
18921 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18922 | $as_echo "yes" >&6; } | ||
18923 | |||
18924 | $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h | ||
18925 | |||
18926 | IPV4_IN6_HACK_MSG="yes" | ||
18927 | else | ||
18928 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18929 | $as_echo "no" >&6; } | ||
18930 | fi | ||
18931 | |||
18932 | else | ||
18933 | |||
18934 | if test "x$inet6_default_4in6" = "xyes"; then | ||
18935 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 | ||
18936 | $as_echo "yes (default)" >&6; } | ||
18937 | $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h | ||
18938 | |||
18939 | IPV4_IN6_HACK_MSG="yes" | ||
18940 | else | ||
18941 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5 | ||
18942 | $as_echo "no (default)" >&6; } | ||
18943 | fi | ||
18944 | |||
18945 | |||
18946 | fi | ||
18947 | |||
18948 | |||
18949 | # Whether to enable BSD auth support | ||
18950 | BSD_AUTH_MSG=no | ||
18951 | |||
18952 | # Check whether --with-bsd-auth was given. | ||
18953 | if test "${with_bsd_auth+set}" = set; then : | ||
18954 | withval=$with_bsd_auth; | ||
18955 | if test "x$withval" != "xno" ; then | ||
18956 | |||
18957 | $as_echo "#define BSD_AUTH 1" >>confdefs.h | ||
18958 | |||
18959 | BSD_AUTH_MSG=yes | ||
18960 | fi | ||
18961 | |||
18962 | |||
18963 | fi | ||
18964 | |||
18965 | |||
18966 | # Where to place sshd.pid | ||
18967 | piddir=/var/run | ||
18968 | # make sure the directory exists | ||
18969 | if test ! -d $piddir ; then | ||
18970 | piddir=`eval echo ${sysconfdir}` | ||
18971 | case $piddir in | ||
18972 | NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
18973 | esac | ||
18974 | fi | ||
18975 | |||
18976 | |||
18977 | # Check whether --with-pid-dir was given. | ||
18978 | if test "${with_pid_dir+set}" = set; then : | ||
18979 | withval=$with_pid_dir; | ||
18980 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
18981 | test "x${withval}" != "xyes"; then | ||
18982 | piddir=$withval | ||
18983 | if test ! -d $piddir ; then | ||
18984 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5 | ||
18985 | $as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} | ||
18986 | fi | ||
18987 | fi | ||
18988 | |||
18989 | |||
18990 | fi | ||
18991 | |||
18992 | |||
18993 | |||
18994 | cat >>confdefs.h <<_ACEOF | ||
18995 | #define _PATH_SSH_PIDDIR "$piddir" | ||
18996 | _ACEOF | ||
18997 | |||
18998 | |||
18999 | |||
19000 | # Check whether --enable-lastlog was given. | ||
19001 | if test "${enable_lastlog+set}" = set; then : | ||
19002 | enableval=$enable_lastlog; | ||
19003 | if test "x$enableval" = "xno" ; then | ||
19004 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
19005 | |||
19006 | fi | ||
19007 | |||
19008 | |||
19009 | fi | ||
19010 | |||
19011 | # Check whether --enable-utmp was given. | ||
19012 | if test "${enable_utmp+set}" = set; then : | ||
19013 | enableval=$enable_utmp; | ||
19014 | if test "x$enableval" = "xno" ; then | ||
19015 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
19016 | |||
19017 | fi | ||
19018 | |||
19019 | |||
19020 | fi | ||
19021 | |||
19022 | # Check whether --enable-utmpx was given. | ||
19023 | if test "${enable_utmpx+set}" = set; then : | ||
19024 | enableval=$enable_utmpx; | ||
19025 | if test "x$enableval" = "xno" ; then | ||
19026 | |||
19027 | $as_echo "#define DISABLE_UTMPX 1" >>confdefs.h | ||
19028 | |||
19029 | fi | ||
19030 | |||
19031 | |||
19032 | fi | ||
19033 | |||
19034 | # Check whether --enable-wtmp was given. | ||
19035 | if test "${enable_wtmp+set}" = set; then : | ||
19036 | enableval=$enable_wtmp; | ||
19037 | if test "x$enableval" = "xno" ; then | ||
19038 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
19039 | |||
19040 | fi | ||
19041 | |||
19042 | |||
19043 | fi | ||
19044 | |||
19045 | # Check whether --enable-wtmpx was given. | ||
19046 | if test "${enable_wtmpx+set}" = set; then : | ||
19047 | enableval=$enable_wtmpx; | ||
19048 | if test "x$enableval" = "xno" ; then | ||
19049 | |||
19050 | $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | ||
19051 | |||
19052 | fi | ||
19053 | |||
19054 | |||
19055 | fi | ||
19056 | |||
19057 | # Check whether --enable-libutil was given. | ||
19058 | if test "${enable_libutil+set}" = set; then : | ||
19059 | enableval=$enable_libutil; | ||
19060 | if test "x$enableval" = "xno" ; then | ||
19061 | $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h | ||
19062 | |||
19063 | fi | ||
19064 | |||
19065 | |||
19066 | fi | ||
19067 | |||
19068 | # Check whether --enable-pututline was given. | ||
19069 | if test "${enable_pututline+set}" = set; then : | ||
19070 | enableval=$enable_pututline; | ||
19071 | if test "x$enableval" = "xno" ; then | ||
19072 | |||
19073 | $as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h | ||
19074 | |||
19075 | fi | ||
19076 | |||
19077 | |||
19078 | fi | ||
19079 | |||
19080 | # Check whether --enable-pututxline was given. | ||
19081 | if test "${enable_pututxline+set}" = set; then : | ||
19082 | enableval=$enable_pututxline; | ||
19083 | if test "x$enableval" = "xno" ; then | ||
19084 | |||
19085 | $as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h | ||
19086 | |||
19087 | fi | ||
19088 | |||
19089 | |||
19090 | fi | ||
19091 | |||
19092 | |||
19093 | # Check whether --with-lastlog was given. | ||
19094 | if test "${with_lastlog+set}" = set; then : | ||
19095 | withval=$with_lastlog; | ||
19096 | if test "x$withval" = "xno" ; then | ||
19097 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
19098 | |||
19099 | elif test -n "$withval" && test "x${withval}" != "xyes"; then | ||
19100 | conf_lastlog_location=$withval | ||
19101 | fi | ||
19102 | |||
19103 | |||
19104 | fi | ||
19105 | |||
19106 | |||
19107 | |||
19108 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5 | ||
19109 | $as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; } | ||
19110 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
19111 | /* end confdefs.h. */ | ||
19112 | |||
19113 | #include <sys/types.h> | ||
19114 | #include <utmp.h> | ||
19115 | #ifdef HAVE_LASTLOG_H | ||
19116 | # include <lastlog.h> | ||
19117 | #endif | ||
19118 | #ifdef HAVE_PATHS_H | ||
19119 | # include <paths.h> | ||
19120 | #endif | ||
19121 | #ifdef HAVE_LOGIN_H | ||
19122 | # include <login.h> | ||
19123 | #endif | ||
19124 | |||
19125 | int | ||
19126 | main () | ||
19127 | { | ||
19128 | char *lastlog = LASTLOG_FILE; | ||
19129 | ; | ||
19130 | return 0; | ||
19131 | } | ||
19132 | _ACEOF | ||
19133 | if ac_fn_c_try_compile "$LINENO"; then : | ||
19134 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
19135 | $as_echo "yes" >&6; } | ||
19136 | else | ||
19137 | |||
19138 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
19139 | $as_echo "no" >&6; } | ||
19140 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5 | ||
19141 | $as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; } | ||
19142 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
19143 | /* end confdefs.h. */ | ||
19144 | |||
19145 | #include <sys/types.h> | ||
19146 | #include <utmp.h> | ||
19147 | #ifdef HAVE_LASTLOG_H | ||
19148 | # include <lastlog.h> | ||
19149 | #endif | ||
19150 | #ifdef HAVE_PATHS_H | ||
19151 | # include <paths.h> | ||
19152 | #endif | ||
19153 | |||
19154 | int | ||
19155 | main () | ||
19156 | { | ||
19157 | char *lastlog = _PATH_LASTLOG; | ||
19158 | ; | ||
19159 | return 0; | ||
19160 | } | ||
19161 | _ACEOF | ||
19162 | if ac_fn_c_try_compile "$LINENO"; then : | ||
19163 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
19164 | $as_echo "yes" >&6; } | ||
19165 | else | ||
19166 | |||
19167 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
19168 | $as_echo "no" >&6; } | ||
19169 | system_lastlog_path=no | ||
19170 | |||
19171 | fi | ||
19172 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
19173 | |||
19174 | fi | ||
19175 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
19176 | |||
19177 | if test -z "$conf_lastlog_location"; then | ||
19178 | if test x"$system_lastlog_path" = x"no" ; then | ||
19179 | for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do | ||
19180 | if (test -d "$f" || test -f "$f") ; then | ||
19181 | conf_lastlog_location=$f | ||
19182 | fi | ||
19183 | done | ||
19184 | if test -z "$conf_lastlog_location"; then | ||
19185 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5 | ||
19186 | $as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} | ||
19187 | fi | ||
19188 | fi | ||
19189 | fi | ||
19190 | |||
19191 | if test -n "$conf_lastlog_location"; then | ||
19192 | |||
19193 | cat >>confdefs.h <<_ACEOF | ||
19194 | #define CONF_LASTLOG_FILE "$conf_lastlog_location" | ||
19195 | _ACEOF | ||
19196 | |||
19197 | fi | ||
19198 | |||
19199 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5 | ||
19200 | $as_echo_n "checking if your system defines UTMP_FILE... " >&6; } | ||
19201 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
19202 | /* end confdefs.h. */ | ||
19203 | |||
19204 | #include <sys/types.h> | ||
19205 | #include <utmp.h> | ||
19206 | #ifdef HAVE_PATHS_H | ||
19207 | # include <paths.h> | ||
19208 | #endif | ||
19209 | |||
19210 | int | ||
19211 | main () | ||
19212 | { | ||
19213 | char *utmp = UTMP_FILE; | ||
19214 | ; | ||
19215 | return 0; | ||
19216 | } | ||
19217 | _ACEOF | ||
19218 | if ac_fn_c_try_compile "$LINENO"; then : | ||
19219 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
19220 | $as_echo "yes" >&6; } | ||
19221 | else | ||
19222 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
19223 | $as_echo "no" >&6; } | ||
19224 | system_utmp_path=no | ||
19225 | |||
19226 | fi | ||
19227 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
19228 | if test -z "$conf_utmp_location"; then | ||
19229 | if test x"$system_utmp_path" = x"no" ; then | ||
19230 | for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do | ||
19231 | if test -f $f ; then | ||
19232 | conf_utmp_location=$f | ||
19233 | fi | ||
19234 | done | ||
19235 | if test -z "$conf_utmp_location"; then | ||
19236 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
19237 | |||
19238 | fi | ||
19239 | fi | ||
19240 | fi | ||
19241 | if test -n "$conf_utmp_location"; then | ||
19242 | |||
19243 | cat >>confdefs.h <<_ACEOF | ||
19244 | #define CONF_UTMP_FILE "$conf_utmp_location" | ||
19245 | _ACEOF | ||
19246 | |||
19247 | fi | ||
19248 | |||
19249 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5 | ||
19250 | $as_echo_n "checking if your system defines WTMP_FILE... " >&6; } | ||
19251 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
19252 | /* end confdefs.h. */ | ||
19253 | |||
19254 | #include <sys/types.h> | ||
19255 | #include <utmp.h> | ||
19256 | #ifdef HAVE_PATHS_H | ||
19257 | # include <paths.h> | ||
19258 | #endif | ||
19259 | |||
19260 | int | ||
19261 | main () | ||
19262 | { | ||
19263 | char *wtmp = WTMP_FILE; | ||
19264 | ; | ||
19265 | return 0; | ||
19266 | } | ||
19267 | _ACEOF | ||
19268 | if ac_fn_c_try_compile "$LINENO"; then : | ||
19269 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
19270 | $as_echo "yes" >&6; } | ||
19271 | else | ||
19272 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
19273 | $as_echo "no" >&6; } | ||
19274 | system_wtmp_path=no | ||
19275 | |||
19276 | fi | ||
19277 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
19278 | if test -z "$conf_wtmp_location"; then | ||
19279 | if test x"$system_wtmp_path" = x"no" ; then | ||
19280 | for f in /usr/adm/wtmp /var/log/wtmp; do | ||
19281 | if test -f $f ; then | ||
19282 | conf_wtmp_location=$f | ||
19283 | fi | ||
19284 | done | ||
19285 | if test -z "$conf_wtmp_location"; then | ||
19286 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
19287 | |||
19288 | fi | ||
19289 | fi | ||
19290 | fi | ||
19291 | if test -n "$conf_wtmp_location"; then | ||
19292 | |||
19293 | cat >>confdefs.h <<_ACEOF | ||
19294 | #define CONF_WTMP_FILE "$conf_wtmp_location" | ||
19295 | _ACEOF | ||
19296 | |||
19297 | fi | ||
19298 | |||
19299 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5 | ||
19300 | $as_echo_n "checking if your system defines WTMPX_FILE... " >&6; } | ||
19301 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
19302 | /* end confdefs.h. */ | ||
19303 | |||
19304 | #include <sys/types.h> | ||
19305 | #include <utmp.h> | ||
19306 | #ifdef HAVE_UTMPX_H | ||
19307 | #include <utmpx.h> | ||
19308 | #endif | ||
19309 | #ifdef HAVE_PATHS_H | ||
19310 | # include <paths.h> | ||
19311 | #endif | ||
19312 | |||
19313 | int | ||
19314 | main () | ||
19315 | { | ||
19316 | char *wtmpx = WTMPX_FILE; | ||
19317 | ; | ||
19318 | return 0; | ||
19319 | } | ||
19320 | _ACEOF | ||
19321 | if ac_fn_c_try_compile "$LINENO"; then : | ||
19322 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
19323 | $as_echo "yes" >&6; } | ||
19324 | else | ||
19325 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
19326 | $as_echo "no" >&6; } | ||
19327 | system_wtmpx_path=no | ||
19328 | |||
19329 | fi | ||
19330 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
19331 | if test -z "$conf_wtmpx_location"; then | ||
19332 | if test x"$system_wtmpx_path" = x"no" ; then | ||
19333 | $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | ||
19334 | |||
19335 | fi | ||
19336 | else | ||
19337 | |||
19338 | cat >>confdefs.h <<_ACEOF | ||
19339 | #define CONF_WTMPX_FILE "$conf_wtmpx_location" | ||
19340 | _ACEOF | ||
19341 | |||
19342 | fi | ||
19343 | |||
19344 | |||
19345 | if test ! -z "$blibpath" ; then | ||
19346 | LDFLAGS="$LDFLAGS $blibflags$blibpath" | ||
19347 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 | ||
19348 | $as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} | ||
19349 | fi | ||
19350 | |||
19351 | ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" " | ||
19352 | #ifdef HAVE_SYS_TYPES_H | ||
19353 | #include <sys/types.h> | ||
19354 | #endif | ||
19355 | #ifdef HAVE_UTMP_H | ||
19356 | #include <utmp.h> | ||
19357 | #endif | ||
19358 | #ifdef HAVE_UTMPX_H | ||
19359 | #include <utmpx.h> | ||
19360 | #endif | ||
19361 | #ifdef HAVE_LASTLOG_H | ||
19362 | #include <lastlog.h> | ||
19363 | #endif | ||
19364 | |||
19365 | " | ||
19366 | if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then : | ||
19367 | |||
19368 | else | ||
19369 | |||
19370 | if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then | ||
19371 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
19372 | |||
19373 | fi | ||
19374 | |||
19375 | fi | ||
19376 | |||
19377 | |||
19378 | ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" " | ||
19379 | #ifdef HAVE_SYS_TYPES_H | ||
19380 | #include <sys/types.h> | ||
19381 | #endif | ||
19382 | #ifdef HAVE_UTMP_H | ||
19383 | #include <utmp.h> | ||
19384 | #endif | ||
19385 | #ifdef HAVE_UTMPX_H | ||
19386 | #include <utmpx.h> | ||
19387 | #endif | ||
19388 | #ifdef HAVE_LASTLOG_H | ||
19389 | #include <lastlog.h> | ||
19390 | #endif | ||
19391 | |||
19392 | " | ||
19393 | if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then : | ||
19394 | |||
19395 | else | ||
19396 | |||
19397 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
19398 | |||
19399 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
19400 | |||
19401 | |||
19402 | fi | ||
19403 | |||
19404 | |||
19405 | CFLAGS="$CFLAGS $werror_flags" | ||
19406 | |||
19407 | if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then | ||
19408 | TEST_SSH_IPV6=no | ||
19409 | else | ||
19410 | TEST_SSH_IPV6=yes | ||
19411 | fi | ||
19412 | ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default" | ||
19413 | if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then : | ||
19414 | TEST_SSH_IPV6=no | ||
19415 | fi | ||
19416 | |||
19417 | TEST_SSH_IPV6=$TEST_SSH_IPV6 | ||
19418 | |||
19419 | TEST_SSH_UTF8=$TEST_SSH_UTF8 | ||
19420 | |||
19421 | TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS | ||
19422 | |||
19423 | UNSUPPORTED_ALGORITHMS=$unsupported_algorithms | ||
19424 | |||
19425 | DEPEND=$(cat $srcdir/.depend) | ||
19426 | |||
19427 | |||
19428 | CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" | ||
19429 | LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" | ||
19430 | |||
19431 | |||
19432 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" | ||
19433 | |||
19434 | cat >confcache <<\_ACEOF | ||
19435 | # This file is a shell script that caches the results of configure | ||
19436 | # tests run on this system so they can be shared between configure | ||
19437 | # scripts and configure runs, see configure's option --config-cache. | ||
19438 | # It is not useful on other systems. If it contains results you don't | ||
19439 | # want to keep, you may remove or edit it. | ||
19440 | # | ||
19441 | # config.status only pays attention to the cache file if you give it | ||
19442 | # the --recheck option to rerun configure. | ||
19443 | # | ||
19444 | # `ac_cv_env_foo' variables (set or unset) will be overridden when | ||
19445 | # loading this file, other *unset* `ac_cv_foo' will be assigned the | ||
19446 | # following values. | ||
19447 | |||
19448 | _ACEOF | ||
19449 | |||
19450 | # The following way of writing the cache mishandles newlines in values, | ||
19451 | # but we know of no workaround that is simple, portable, and efficient. | ||
19452 | # So, we kill variables containing newlines. | ||
19453 | # Ultrix sh set writes to stderr and can't be redirected directly, | ||
19454 | # and sets the high bit in the cache file unless we assign to the vars. | ||
19455 | ( | ||
19456 | for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do | ||
19457 | eval ac_val=\$$ac_var | ||
19458 | case $ac_val in #( | ||
19459 | *${as_nl}*) | ||
19460 | case $ac_var in #( | ||
19461 | *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 | ||
19462 | $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; | ||
19463 | esac | ||
19464 | case $ac_var in #( | ||
19465 | _ | IFS | as_nl) ;; #( | ||
19466 | BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( | ||
19467 | *) { eval $ac_var=; unset $ac_var;} ;; | ||
19468 | esac ;; | ||
19469 | esac | ||
19470 | done | ||
19471 | |||
19472 | (set) 2>&1 | | ||
19473 | case $as_nl`(ac_space=' '; set) 2>&1` in #( | ||
19474 | *${as_nl}ac_space=\ *) | ||
19475 | # `set' does not quote correctly, so add quotes: double-quote | ||
19476 | # substitution turns \\\\ into \\, and sed turns \\ into \. | ||
19477 | sed -n \ | ||
19478 | "s/'/'\\\\''/g; | ||
19479 | s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" | ||
19480 | ;; #( | ||
19481 | *) | ||
19482 | # `set' quotes correctly as required by POSIX, so do not add quotes. | ||
19483 | sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" | ||
19484 | ;; | ||
19485 | esac | | ||
19486 | sort | ||
19487 | ) | | ||
19488 | sed ' | ||
19489 | /^ac_cv_env_/b end | ||
19490 | t clear | ||
19491 | :clear | ||
19492 | s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ | ||
19493 | t end | ||
19494 | s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ | ||
19495 | :end' >>confcache | ||
19496 | if diff "$cache_file" confcache >/dev/null 2>&1; then :; else | ||
19497 | if test -w "$cache_file"; then | ||
19498 | if test "x$cache_file" != "x/dev/null"; then | ||
19499 | { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 | ||
19500 | $as_echo "$as_me: updating cache $cache_file" >&6;} | ||
19501 | if test ! -f "$cache_file" || test -h "$cache_file"; then | ||
19502 | cat confcache >"$cache_file" | ||
19503 | else | ||
19504 | case $cache_file in #( | ||
19505 | */* | ?:*) | ||
19506 | mv -f confcache "$cache_file"$$ && | ||
19507 | mv -f "$cache_file"$$ "$cache_file" ;; #( | ||
19508 | *) | ||
19509 | mv -f confcache "$cache_file" ;; | ||
19510 | esac | ||
19511 | fi | ||
19512 | fi | ||
19513 | else | ||
19514 | { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 | ||
19515 | $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} | ||
19516 | fi | ||
19517 | fi | ||
19518 | rm -f confcache | ||
19519 | |||
19520 | test "x$prefix" = xNONE && prefix=$ac_default_prefix | ||
19521 | # Let make expand exec_prefix. | ||
19522 | test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' | ||
19523 | |||
19524 | DEFS=-DHAVE_CONFIG_H | ||
19525 | |||
19526 | ac_libobjs= | ||
19527 | ac_ltlibobjs= | ||
19528 | U= | ||
19529 | for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue | ||
19530 | # 1. Remove the extension, and $U if already installed. | ||
19531 | ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' | ||
19532 | ac_i=`$as_echo "$ac_i" | sed "$ac_script"` | ||
19533 | # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR | ||
19534 | # will be set to the directory where LIBOBJS objects are built. | ||
19535 | as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" | ||
19536 | as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' | ||
19537 | done | ||
19538 | LIBOBJS=$ac_libobjs | ||
19539 | |||
19540 | LTLIBOBJS=$ac_ltlibobjs | ||
19541 | |||
19542 | |||
19543 | |||
19544 | |||
19545 | : "${CONFIG_STATUS=./config.status}" | ||
19546 | ac_write_fail=0 | ||
19547 | ac_clean_files_save=$ac_clean_files | ||
19548 | ac_clean_files="$ac_clean_files $CONFIG_STATUS" | ||
19549 | { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 | ||
19550 | $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} | ||
19551 | as_write_fail=0 | ||
19552 | cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 | ||
19553 | #! $SHELL | ||
19554 | # Generated by $as_me. | ||
19555 | # Run this file to recreate the current configuration. | ||
19556 | # Compiler output produced by configure, useful for debugging | ||
19557 | # configure, is in config.log if it exists. | ||
19558 | |||
19559 | debug=false | ||
19560 | ac_cs_recheck=false | ||
19561 | ac_cs_silent=false | ||
19562 | |||
19563 | SHELL=\${CONFIG_SHELL-$SHELL} | ||
19564 | export SHELL | ||
19565 | _ASEOF | ||
19566 | cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 | ||
19567 | ## -------------------- ## | ||
19568 | ## M4sh Initialization. ## | ||
19569 | ## -------------------- ## | ||
19570 | |||
19571 | # Be more Bourne compatible | ||
19572 | DUALCASE=1; export DUALCASE # for MKS sh | ||
19573 | if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : | ||
19574 | emulate sh | ||
19575 | NULLCMD=: | ||
19576 | # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which | ||
19577 | # is contrary to our usage. Disable this feature. | ||
19578 | alias -g '${1+"$@"}'='"$@"' | ||
19579 | setopt NO_GLOB_SUBST | ||
19580 | else | ||
19581 | case `(set -o) 2>/dev/null` in #( | ||
19582 | *posix*) : | ||
19583 | set -o posix ;; #( | ||
19584 | *) : | ||
19585 | ;; | ||
19586 | esac | ||
19587 | fi | ||
19588 | |||
19589 | |||
19590 | as_nl=' | ||
19591 | ' | ||
19592 | export as_nl | ||
19593 | # Printing a long string crashes Solaris 7 /usr/bin/printf. | ||
19594 | as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' | ||
19595 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo | ||
19596 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo | ||
19597 | # Prefer a ksh shell builtin over an external printf program on Solaris, | ||
19598 | # but without wasting forks for bash or zsh. | ||
19599 | if test -z "$BASH_VERSION$ZSH_VERSION" \ | ||
19600 | && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
19601 | as_echo='print -r --' | ||
19602 | as_echo_n='print -rn --' | ||
19603 | elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
19604 | as_echo='printf %s\n' | ||
19605 | as_echo_n='printf %s' | ||
19606 | else | ||
19607 | if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then | ||
19608 | as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' | ||
19609 | as_echo_n='/usr/ucb/echo -n' | ||
19610 | else | ||
19611 | as_echo_body='eval expr "X$1" : "X\\(.*\\)"' | ||
19612 | as_echo_n_body='eval | ||
19613 | arg=$1; | ||
19614 | case $arg in #( | ||
19615 | *"$as_nl"*) | ||
19616 | expr "X$arg" : "X\\(.*\\)$as_nl"; | ||
19617 | arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; | ||
19618 | esac; | ||
19619 | expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" | ||
19620 | ' | ||
19621 | export as_echo_n_body | ||
19622 | as_echo_n='sh -c $as_echo_n_body as_echo' | ||
19623 | fi | ||
19624 | export as_echo_body | ||
19625 | as_echo='sh -c $as_echo_body as_echo' | ||
19626 | fi | ||
19627 | |||
19628 | # The user is always right. | ||
19629 | if test "${PATH_SEPARATOR+set}" != set; then | ||
19630 | PATH_SEPARATOR=: | ||
19631 | (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { | ||
19632 | (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || | ||
19633 | PATH_SEPARATOR=';' | ||
19634 | } | ||
19635 | fi | ||
19636 | |||
19637 | |||
19638 | # IFS | ||
19639 | # We need space, tab and new line, in precisely that order. Quoting is | ||
19640 | # there to prevent editors from complaining about space-tab. | ||
19641 | # (If _AS_PATH_WALK were called with IFS unset, it would disable word | ||
19642 | # splitting by setting IFS to empty value.) | ||
19643 | IFS=" "" $as_nl" | ||
19644 | |||
19645 | # Find who we are. Look in the path if we contain no directory separator. | ||
19646 | as_myself= | ||
19647 | case $0 in #(( | ||
19648 | *[\\/]* ) as_myself=$0 ;; | ||
19649 | *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
19650 | for as_dir in $PATH | ||
19651 | do | ||
19652 | IFS=$as_save_IFS | ||
19653 | test -z "$as_dir" && as_dir=. | ||
19654 | test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break | ||
19655 | done | ||
19656 | IFS=$as_save_IFS | ||
19657 | |||
19658 | ;; | ||
19659 | esac | ||
19660 | # We did not find ourselves, most probably we were run as `sh COMMAND' | ||
19661 | # in which case we are not to be found in the path. | ||
19662 | if test "x$as_myself" = x; then | ||
19663 | as_myself=$0 | ||
19664 | fi | ||
19665 | if test ! -f "$as_myself"; then | ||
19666 | $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 | ||
19667 | exit 1 | ||
19668 | fi | ||
19669 | |||
19670 | # Unset variables that we do not need and which cause bugs (e.g. in | ||
19671 | # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" | ||
19672 | # suppresses any "Segmentation fault" message there. '((' could | ||
19673 | # trigger a bug in pdksh 5.2.14. | ||
19674 | for as_var in BASH_ENV ENV MAIL MAILPATH | ||
19675 | do eval test x\${$as_var+set} = xset \ | ||
19676 | && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : | ||
19677 | done | ||
19678 | PS1='$ ' | ||
19679 | PS2='> ' | ||
19680 | PS4='+ ' | ||
19681 | |||
19682 | # NLS nuisances. | ||
19683 | LC_ALL=C | ||
19684 | export LC_ALL | ||
19685 | LANGUAGE=C | ||
19686 | export LANGUAGE | ||
19687 | |||
19688 | # CDPATH. | ||
19689 | (unset CDPATH) >/dev/null 2>&1 && unset CDPATH | ||
19690 | |||
19691 | |||
19692 | # as_fn_error STATUS ERROR [LINENO LOG_FD] | ||
19693 | # ---------------------------------------- | ||
19694 | # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are | ||
19695 | # provided, also output the error to LOG_FD, referencing LINENO. Then exit the | ||
19696 | # script with STATUS, using 1 if that was 0. | ||
19697 | as_fn_error () | ||
19698 | { | ||
19699 | as_status=$1; test $as_status -eq 0 && as_status=1 | ||
19700 | if test "$4"; then | ||
19701 | as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
19702 | $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 | ||
19703 | fi | ||
19704 | $as_echo "$as_me: error: $2" >&2 | ||
19705 | as_fn_exit $as_status | ||
19706 | } # as_fn_error | ||
19707 | |||
19708 | |||
19709 | # as_fn_set_status STATUS | ||
19710 | # ----------------------- | ||
19711 | # Set $? to STATUS, without forking. | ||
19712 | as_fn_set_status () | ||
19713 | { | ||
19714 | return $1 | ||
19715 | } # as_fn_set_status | ||
19716 | |||
19717 | # as_fn_exit STATUS | ||
19718 | # ----------------- | ||
19719 | # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. | ||
19720 | as_fn_exit () | ||
19721 | { | ||
19722 | set +e | ||
19723 | as_fn_set_status $1 | ||
19724 | exit $1 | ||
19725 | } # as_fn_exit | ||
19726 | |||
19727 | # as_fn_unset VAR | ||
19728 | # --------------- | ||
19729 | # Portably unset VAR. | ||
19730 | as_fn_unset () | ||
19731 | { | ||
19732 | { eval $1=; unset $1;} | ||
19733 | } | ||
19734 | as_unset=as_fn_unset | ||
19735 | # as_fn_append VAR VALUE | ||
19736 | # ---------------------- | ||
19737 | # Append the text in VALUE to the end of the definition contained in VAR. Take | ||
19738 | # advantage of any shell optimizations that allow amortized linear growth over | ||
19739 | # repeated appends, instead of the typical quadratic growth present in naive | ||
19740 | # implementations. | ||
19741 | if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : | ||
19742 | eval 'as_fn_append () | ||
19743 | { | ||
19744 | eval $1+=\$2 | ||
19745 | }' | ||
19746 | else | ||
19747 | as_fn_append () | ||
19748 | { | ||
19749 | eval $1=\$$1\$2 | ||
19750 | } | ||
19751 | fi # as_fn_append | ||
19752 | |||
19753 | # as_fn_arith ARG... | ||
19754 | # ------------------ | ||
19755 | # Perform arithmetic evaluation on the ARGs, and store the result in the | ||
19756 | # global $as_val. Take advantage of shells that can avoid forks. The arguments | ||
19757 | # must be portable across $(()) and expr. | ||
19758 | if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : | ||
19759 | eval 'as_fn_arith () | ||
19760 | { | ||
19761 | as_val=$(( $* )) | ||
19762 | }' | ||
19763 | else | ||
19764 | as_fn_arith () | ||
19765 | { | ||
19766 | as_val=`expr "$@" || test $? -eq 1` | ||
19767 | } | ||
19768 | fi # as_fn_arith | ||
19769 | |||
19770 | |||
19771 | if expr a : '\(a\)' >/dev/null 2>&1 && | ||
19772 | test "X`expr 00001 : '.*\(...\)'`" = X001; then | ||
19773 | as_expr=expr | ||
19774 | else | ||
19775 | as_expr=false | ||
19776 | fi | ||
19777 | |||
19778 | if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then | ||
19779 | as_basename=basename | ||
19780 | else | ||
19781 | as_basename=false | ||
19782 | fi | ||
19783 | |||
19784 | if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then | ||
19785 | as_dirname=dirname | ||
19786 | else | ||
19787 | as_dirname=false | ||
19788 | fi | ||
19789 | |||
19790 | as_me=`$as_basename -- "$0" || | ||
19791 | $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ | ||
19792 | X"$0" : 'X\(//\)$' \| \ | ||
19793 | X"$0" : 'X\(/\)' \| . 2>/dev/null || | ||
19794 | $as_echo X/"$0" | | ||
19795 | sed '/^.*\/\([^/][^/]*\)\/*$/{ | ||
19796 | s//\1/ | ||
19797 | q | ||
19798 | } | ||
19799 | /^X\/\(\/\/\)$/{ | ||
19800 | s//\1/ | ||
19801 | q | ||
19802 | } | ||
19803 | /^X\/\(\/\).*/{ | ||
19804 | s//\1/ | ||
19805 | q | ||
19806 | } | ||
19807 | s/.*/./; q'` | ||
19808 | |||
19809 | # Avoid depending upon Character Ranges. | ||
19810 | as_cr_letters='abcdefghijklmnopqrstuvwxyz' | ||
19811 | as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' | ||
19812 | as_cr_Letters=$as_cr_letters$as_cr_LETTERS | ||
19813 | as_cr_digits='0123456789' | ||
19814 | as_cr_alnum=$as_cr_Letters$as_cr_digits | ||
19815 | |||
19816 | ECHO_C= ECHO_N= ECHO_T= | ||
19817 | case `echo -n x` in #((((( | ||
19818 | -n*) | ||
19819 | case `echo 'xy\c'` in | ||
19820 | *c*) ECHO_T=' ';; # ECHO_T is single tab character. | ||
19821 | xy) ECHO_C='\c';; | ||
19822 | *) echo `echo ksh88 bug on AIX 6.1` > /dev/null | ||
19823 | ECHO_T=' ';; | ||
19824 | esac;; | ||
19825 | *) | ||
19826 | ECHO_N='-n';; | ||
19827 | esac | ||
19828 | |||
19829 | rm -f conf$$ conf$$.exe conf$$.file | ||
19830 | if test -d conf$$.dir; then | ||
19831 | rm -f conf$$.dir/conf$$.file | ||
19832 | else | ||
19833 | rm -f conf$$.dir | ||
19834 | mkdir conf$$.dir 2>/dev/null | ||
19835 | fi | ||
19836 | if (echo >conf$$.file) 2>/dev/null; then | ||
19837 | if ln -s conf$$.file conf$$ 2>/dev/null; then | ||
19838 | as_ln_s='ln -s' | ||
19839 | # ... but there are two gotchas: | ||
19840 | # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. | ||
19841 | # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. | ||
19842 | # In both cases, we have to default to `cp -pR'. | ||
19843 | ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || | ||
19844 | as_ln_s='cp -pR' | ||
19845 | elif ln conf$$.file conf$$ 2>/dev/null; then | ||
19846 | as_ln_s=ln | ||
19847 | else | ||
19848 | as_ln_s='cp -pR' | ||
19849 | fi | ||
19850 | else | ||
19851 | as_ln_s='cp -pR' | ||
19852 | fi | ||
19853 | rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file | ||
19854 | rmdir conf$$.dir 2>/dev/null | ||
19855 | |||
19856 | |||
19857 | # as_fn_mkdir_p | ||
19858 | # ------------- | ||
19859 | # Create "$as_dir" as a directory, including parents if necessary. | ||
19860 | as_fn_mkdir_p () | ||
19861 | { | ||
19862 | |||
19863 | case $as_dir in #( | ||
19864 | -*) as_dir=./$as_dir;; | ||
19865 | esac | ||
19866 | test -d "$as_dir" || eval $as_mkdir_p || { | ||
19867 | as_dirs= | ||
19868 | while :; do | ||
19869 | case $as_dir in #( | ||
19870 | *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( | ||
19871 | *) as_qdir=$as_dir;; | ||
19872 | esac | ||
19873 | as_dirs="'$as_qdir' $as_dirs" | ||
19874 | as_dir=`$as_dirname -- "$as_dir" || | ||
19875 | $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
19876 | X"$as_dir" : 'X\(//\)[^/]' \| \ | ||
19877 | X"$as_dir" : 'X\(//\)$' \| \ | ||
19878 | X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || | ||
19879 | $as_echo X"$as_dir" | | ||
19880 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
19881 | s//\1/ | ||
19882 | q | ||
19883 | } | ||
19884 | /^X\(\/\/\)[^/].*/{ | ||
19885 | s//\1/ | ||
19886 | q | ||
19887 | } | ||
19888 | /^X\(\/\/\)$/{ | ||
19889 | s//\1/ | ||
19890 | q | ||
19891 | } | ||
19892 | /^X\(\/\).*/{ | ||
19893 | s//\1/ | ||
19894 | q | ||
19895 | } | ||
19896 | s/.*/./; q'` | ||
19897 | test -d "$as_dir" && break | ||
19898 | done | ||
19899 | test -z "$as_dirs" || eval "mkdir $as_dirs" | ||
19900 | } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" | ||
19901 | |||
19902 | |||
19903 | } # as_fn_mkdir_p | ||
19904 | if mkdir -p . 2>/dev/null; then | ||
19905 | as_mkdir_p='mkdir -p "$as_dir"' | ||
19906 | else | ||
19907 | test -d ./-p && rmdir ./-p | ||
19908 | as_mkdir_p=false | ||
19909 | fi | ||
19910 | |||
19911 | |||
19912 | # as_fn_executable_p FILE | ||
19913 | # ----------------------- | ||
19914 | # Test if FILE is an executable regular file. | ||
19915 | as_fn_executable_p () | ||
19916 | { | ||
19917 | test -f "$1" && test -x "$1" | ||
19918 | } # as_fn_executable_p | ||
19919 | as_test_x='test -x' | ||
19920 | as_executable_p=as_fn_executable_p | ||
19921 | |||
19922 | # Sed expression to map a string onto a valid CPP name. | ||
19923 | as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" | ||
19924 | |||
19925 | # Sed expression to map a string onto a valid variable name. | ||
19926 | as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" | ||
19927 | |||
19928 | |||
19929 | exec 6>&1 | ||
19930 | ## ----------------------------------- ## | ||
19931 | ## Main body of $CONFIG_STATUS script. ## | ||
19932 | ## ----------------------------------- ## | ||
19933 | _ASEOF | ||
19934 | test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 | ||
19935 | |||
19936 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19937 | # Save the log message, to keep $0 and so on meaningful, and to | ||
19938 | # report actual input values of CONFIG_FILES etc. instead of their | ||
19939 | # values after options handling. | ||
19940 | ac_log=" | ||
19941 | This file was extended by OpenSSH $as_me Portable, which was | ||
19942 | generated by GNU Autoconf 2.69. Invocation command line was | ||
19943 | |||
19944 | CONFIG_FILES = $CONFIG_FILES | ||
19945 | CONFIG_HEADERS = $CONFIG_HEADERS | ||
19946 | CONFIG_LINKS = $CONFIG_LINKS | ||
19947 | CONFIG_COMMANDS = $CONFIG_COMMANDS | ||
19948 | $ $0 $@ | ||
19949 | |||
19950 | on `(hostname || uname -n) 2>/dev/null | sed 1q` | ||
19951 | " | ||
19952 | |||
19953 | _ACEOF | ||
19954 | |||
19955 | case $ac_config_files in *" | ||
19956 | "*) set x $ac_config_files; shift; ac_config_files=$*;; | ||
19957 | esac | ||
19958 | |||
19959 | case $ac_config_headers in *" | ||
19960 | "*) set x $ac_config_headers; shift; ac_config_headers=$*;; | ||
19961 | esac | ||
19962 | |||
19963 | |||
19964 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19965 | # Files that config.status was made for. | ||
19966 | config_files="$ac_config_files" | ||
19967 | config_headers="$ac_config_headers" | ||
19968 | |||
19969 | _ACEOF | ||
19970 | |||
19971 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19972 | ac_cs_usage="\ | ||
19973 | \`$as_me' instantiates files and other configuration actions | ||
19974 | from templates according to the current configuration. Unless the files | ||
19975 | and actions are specified as TAGs, all are instantiated by default. | ||
19976 | |||
19977 | Usage: $0 [OPTION]... [TAG]... | ||
19978 | |||
19979 | -h, --help print this help, then exit | ||
19980 | -V, --version print version number and configuration settings, then exit | ||
19981 | --config print configuration, then exit | ||
19982 | -q, --quiet, --silent | ||
19983 | do not print progress messages | ||
19984 | -d, --debug don't remove temporary files | ||
19985 | --recheck update $as_me by reconfiguring in the same conditions | ||
19986 | --file=FILE[:TEMPLATE] | ||
19987 | instantiate the configuration file FILE | ||
19988 | --header=FILE[:TEMPLATE] | ||
19989 | instantiate the configuration header FILE | ||
19990 | |||
19991 | Configuration files: | ||
19992 | $config_files | ||
19993 | |||
19994 | Configuration headers: | ||
19995 | $config_headers | ||
19996 | |||
19997 | Report bugs to <openssh-unix-dev@mindrot.org>." | ||
19998 | |||
19999 | _ACEOF | ||
20000 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20001 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | ||
20002 | ac_cs_version="\\ | ||
20003 | OpenSSH config.status Portable | ||
20004 | configured by $0, generated by GNU Autoconf 2.69, | ||
20005 | with options \\"\$ac_cs_config\\" | ||
20006 | |||
20007 | Copyright (C) 2012 Free Software Foundation, Inc. | ||
20008 | This config.status script is free software; the Free Software Foundation | ||
20009 | gives unlimited permission to copy, distribute and modify it." | ||
20010 | |||
20011 | ac_pwd='$ac_pwd' | ||
20012 | srcdir='$srcdir' | ||
20013 | INSTALL='$INSTALL' | ||
20014 | MKDIR_P='$MKDIR_P' | ||
20015 | AWK='$AWK' | ||
20016 | test -n "\$AWK" || AWK=awk | ||
20017 | _ACEOF | ||
20018 | |||
20019 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20020 | # The default lists apply if the user does not specify any file. | ||
20021 | ac_need_defaults=: | ||
20022 | while test $# != 0 | ||
20023 | do | ||
20024 | case $1 in | ||
20025 | --*=?*) | ||
20026 | ac_option=`expr "X$1" : 'X\([^=]*\)='` | ||
20027 | ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` | ||
20028 | ac_shift=: | ||
20029 | ;; | ||
20030 | --*=) | ||
20031 | ac_option=`expr "X$1" : 'X\([^=]*\)='` | ||
20032 | ac_optarg= | ||
20033 | ac_shift=: | ||
20034 | ;; | ||
20035 | *) | ||
20036 | ac_option=$1 | ||
20037 | ac_optarg=$2 | ||
20038 | ac_shift=shift | ||
20039 | ;; | ||
20040 | esac | ||
20041 | |||
20042 | case $ac_option in | ||
20043 | # Handling of the options. | ||
20044 | -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) | ||
20045 | ac_cs_recheck=: ;; | ||
20046 | --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) | ||
20047 | $as_echo "$ac_cs_version"; exit ;; | ||
20048 | --config | --confi | --conf | --con | --co | --c ) | ||
20049 | $as_echo "$ac_cs_config"; exit ;; | ||
20050 | --debug | --debu | --deb | --de | --d | -d ) | ||
20051 | debug=: ;; | ||
20052 | --file | --fil | --fi | --f ) | ||
20053 | $ac_shift | ||
20054 | case $ac_optarg in | ||
20055 | *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
20056 | '') as_fn_error $? "missing file argument" ;; | ||
20057 | esac | ||
20058 | as_fn_append CONFIG_FILES " '$ac_optarg'" | ||
20059 | ac_need_defaults=false;; | ||
20060 | --header | --heade | --head | --hea ) | ||
20061 | $ac_shift | ||
20062 | case $ac_optarg in | ||
20063 | *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
20064 | esac | ||
20065 | as_fn_append CONFIG_HEADERS " '$ac_optarg'" | ||
20066 | ac_need_defaults=false;; | ||
20067 | --he | --h) | ||
20068 | # Conflict between --help and --header | ||
20069 | as_fn_error $? "ambiguous option: \`$1' | ||
20070 | Try \`$0 --help' for more information.";; | ||
20071 | --help | --hel | -h ) | ||
20072 | $as_echo "$ac_cs_usage"; exit ;; | ||
20073 | -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | ||
20074 | | -silent | --silent | --silen | --sile | --sil | --si | --s) | ||
20075 | ac_cs_silent=: ;; | ||
20076 | |||
20077 | # This is an error. | ||
20078 | -*) as_fn_error $? "unrecognized option: \`$1' | ||
20079 | Try \`$0 --help' for more information." ;; | ||
20080 | |||
20081 | *) as_fn_append ac_config_targets " $1" | ||
20082 | ac_need_defaults=false ;; | ||
20083 | |||
20084 | esac | ||
20085 | shift | ||
20086 | done | ||
20087 | |||
20088 | ac_configure_extra_args= | ||
20089 | |||
20090 | if $ac_cs_silent; then | ||
20091 | exec 6>/dev/null | ||
20092 | ac_configure_extra_args="$ac_configure_extra_args --silent" | ||
20093 | fi | ||
20094 | |||
20095 | _ACEOF | ||
20096 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20097 | if \$ac_cs_recheck; then | ||
20098 | set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion | ||
20099 | shift | ||
20100 | \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 | ||
20101 | CONFIG_SHELL='$SHELL' | ||
20102 | export CONFIG_SHELL | ||
20103 | exec "\$@" | ||
20104 | fi | ||
20105 | |||
20106 | _ACEOF | ||
20107 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20108 | exec 5>>config.log | ||
20109 | { | ||
20110 | echo | ||
20111 | sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX | ||
20112 | ## Running $as_me. ## | ||
20113 | _ASBOX | ||
20114 | $as_echo "$ac_log" | ||
20115 | } >&5 | ||
20116 | |||
20117 | _ACEOF | ||
20118 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20119 | _ACEOF | ||
20120 | |||
20121 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20122 | |||
20123 | # Handling of arguments. | ||
20124 | for ac_config_target in $ac_config_targets | ||
20125 | do | ||
20126 | case $ac_config_target in | ||
20127 | "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; | ||
20128 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; | ||
20129 | "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;; | ||
20130 | "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;; | ||
20131 | "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;; | ||
20132 | "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;; | ||
20133 | "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;; | ||
20134 | "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;; | ||
20135 | |||
20136 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; | ||
20137 | esac | ||
20138 | done | ||
20139 | |||
20140 | |||
20141 | # If the user did not use the arguments to specify the items to instantiate, | ||
20142 | # then the envvar interface is used. Set only those that are not. | ||
20143 | # We use the long form for the default assignment because of an extremely | ||
20144 | # bizarre bug on SunOS 4.1.3. | ||
20145 | if $ac_need_defaults; then | ||
20146 | test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files | ||
20147 | test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers | ||
20148 | fi | ||
20149 | |||
20150 | # Have a temporary directory for convenience. Make it in the build tree | ||
20151 | # simply because there is no reason against having it here, and in addition, | ||
20152 | # creating and moving files from /tmp can sometimes cause problems. | ||
20153 | # Hook for its removal unless debugging. | ||
20154 | # Note that there is a small window in which the directory will not be cleaned: | ||
20155 | # after its creation but before its name has been assigned to `$tmp'. | ||
20156 | $debug || | ||
20157 | { | ||
20158 | tmp= ac_tmp= | ||
20159 | trap 'exit_status=$? | ||
20160 | : "${ac_tmp:=$tmp}" | ||
20161 | { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status | ||
20162 | ' 0 | ||
20163 | trap 'as_fn_exit 1' 1 2 13 15 | ||
20164 | } | ||
20165 | # Create a (secure) tmp directory for tmp files. | ||
20166 | |||
20167 | { | ||
20168 | tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && | ||
20169 | test -d "$tmp" | ||
20170 | } || | ||
20171 | { | ||
20172 | tmp=./conf$$-$RANDOM | ||
20173 | (umask 077 && mkdir "$tmp") | ||
20174 | } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 | ||
20175 | ac_tmp=$tmp | ||
20176 | |||
20177 | # Set up the scripts for CONFIG_FILES section. | ||
20178 | # No need to generate them if there are no CONFIG_FILES. | ||
20179 | # This happens for instance with `./config.status config.h'. | ||
20180 | if test -n "$CONFIG_FILES"; then | ||
20181 | |||
20182 | |||
20183 | ac_cr=`echo X | tr X '\015'` | ||
20184 | # On cygwin, bash can eat \r inside `` if the user requested igncr. | ||
20185 | # But we know of no other shell where ac_cr would be empty at this | ||
20186 | # point, so we can use a bashism as a fallback. | ||
20187 | if test "x$ac_cr" = x; then | ||
20188 | eval ac_cr=\$\'\\r\' | ||
20189 | fi | ||
20190 | ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null` | ||
20191 | if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then | ||
20192 | ac_cs_awk_cr='\\r' | ||
20193 | else | ||
20194 | ac_cs_awk_cr=$ac_cr | ||
20195 | fi | ||
20196 | |||
20197 | echo 'BEGIN {' >"$ac_tmp/subs1.awk" && | ||
20198 | _ACEOF | ||
20199 | |||
20200 | |||
20201 | { | ||
20202 | echo "cat >conf$$subs.awk <<_ACEOF" && | ||
20203 | echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && | ||
20204 | echo "_ACEOF" | ||
20205 | } >conf$$subs.sh || | ||
20206 | as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 | ||
20207 | ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` | ||
20208 | ac_delim='%!_!# ' | ||
20209 | for ac_last_try in false false false false false :; do | ||
20210 | . ./conf$$subs.sh || | ||
20211 | as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 | ||
20212 | |||
20213 | ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` | ||
20214 | if test $ac_delim_n = $ac_delim_num; then | ||
20215 | break | ||
20216 | elif $ac_last_try; then | ||
20217 | as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 | ||
20218 | else | ||
20219 | ac_delim="$ac_delim!$ac_delim _$ac_delim!! " | ||
20220 | fi | ||
20221 | done | ||
20222 | rm -f conf$$subs.sh | ||
20223 | |||
20224 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20225 | cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && | ||
20226 | _ACEOF | ||
20227 | sed -n ' | ||
20228 | h | ||
20229 | s/^/S["/; s/!.*/"]=/ | ||
20230 | p | ||
20231 | g | ||
20232 | s/^[^!]*!// | ||
20233 | :repl | ||
20234 | t repl | ||
20235 | s/'"$ac_delim"'$// | ||
20236 | t delim | ||
20237 | :nl | ||
20238 | h | ||
20239 | s/\(.\{148\}\)..*/\1/ | ||
20240 | t more1 | ||
20241 | s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ | ||
20242 | p | ||
20243 | n | ||
20244 | b repl | ||
20245 | :more1 | ||
20246 | s/["\\]/\\&/g; s/^/"/; s/$/"\\/ | ||
20247 | p | ||
20248 | g | ||
20249 | s/.\{148\}// | ||
20250 | t nl | ||
20251 | :delim | ||
20252 | h | ||
20253 | s/\(.\{148\}\)..*/\1/ | ||
20254 | t more2 | ||
20255 | s/["\\]/\\&/g; s/^/"/; s/$/"/ | ||
20256 | p | ||
20257 | b | ||
20258 | :more2 | ||
20259 | s/["\\]/\\&/g; s/^/"/; s/$/"\\/ | ||
20260 | p | ||
20261 | g | ||
20262 | s/.\{148\}// | ||
20263 | t delim | ||
20264 | ' <conf$$subs.awk | sed ' | ||
20265 | /^[^""]/{ | ||
20266 | N | ||
20267 | s/\n// | ||
20268 | } | ||
20269 | ' >>$CONFIG_STATUS || ac_write_fail=1 | ||
20270 | rm -f conf$$subs.awk | ||
20271 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20272 | _ACAWK | ||
20273 | cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && | ||
20274 | for (key in S) S_is_set[key] = 1 | ||
20275 | FS = "" | ||
20276 | |||
20277 | } | ||
20278 | { | ||
20279 | line = $ 0 | ||
20280 | nfields = split(line, field, "@") | ||
20281 | substed = 0 | ||
20282 | len = length(field[1]) | ||
20283 | for (i = 2; i < nfields; i++) { | ||
20284 | key = field[i] | ||
20285 | keylen = length(key) | ||
20286 | if (S_is_set[key]) { | ||
20287 | value = S[key] | ||
20288 | line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) | ||
20289 | len += length(value) + length(field[++i]) | ||
20290 | substed = 1 | ||
20291 | } else | ||
20292 | len += 1 + keylen | ||
20293 | } | ||
20294 | |||
20295 | print line | ||
20296 | } | ||
20297 | |||
20298 | _ACAWK | ||
20299 | _ACEOF | ||
20300 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20301 | if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then | ||
20302 | sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" | ||
20303 | else | ||
20304 | cat | ||
20305 | fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ | ||
20306 | || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 | ||
20307 | _ACEOF | ||
20308 | |||
20309 | # VPATH may cause trouble with some makes, so we remove sole $(srcdir), | ||
20310 | # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and | ||
20311 | # trailing colons and then remove the whole line if VPATH becomes empty | ||
20312 | # (actually we leave an empty line to preserve line numbers). | ||
20313 | if test "x$srcdir" = x.; then | ||
20314 | ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ | ||
20315 | h | ||
20316 | s/// | ||
20317 | s/^/:/ | ||
20318 | s/[ ]*$/:/ | ||
20319 | s/:\$(srcdir):/:/g | ||
20320 | s/:\${srcdir}:/:/g | ||
20321 | s/:@srcdir@:/:/g | ||
20322 | s/^:*// | ||
20323 | s/:*$// | ||
20324 | x | ||
20325 | s/\(=[ ]*\).*/\1/ | ||
20326 | G | ||
20327 | s/\n// | ||
20328 | s/^[^=]*=[ ]*$// | ||
20329 | }' | ||
20330 | fi | ||
20331 | |||
20332 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20333 | fi # test -n "$CONFIG_FILES" | ||
20334 | |||
20335 | # Set up the scripts for CONFIG_HEADERS section. | ||
20336 | # No need to generate them if there are no CONFIG_HEADERS. | ||
20337 | # This happens for instance with `./config.status Makefile'. | ||
20338 | if test -n "$CONFIG_HEADERS"; then | ||
20339 | cat >"$ac_tmp/defines.awk" <<\_ACAWK || | ||
20340 | BEGIN { | ||
20341 | _ACEOF | ||
20342 | |||
20343 | # Transform confdefs.h into an awk script `defines.awk', embedded as | ||
20344 | # here-document in config.status, that substitutes the proper values into | ||
20345 | # config.h.in to produce config.h. | ||
20346 | |||
20347 | # Create a delimiter string that does not exist in confdefs.h, to ease | ||
20348 | # handling of long lines. | ||
20349 | ac_delim='%!_!# ' | ||
20350 | for ac_last_try in false false :; do | ||
20351 | ac_tt=`sed -n "/$ac_delim/p" confdefs.h` | ||
20352 | if test -z "$ac_tt"; then | ||
20353 | break | ||
20354 | elif $ac_last_try; then | ||
20355 | as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 | ||
20356 | else | ||
20357 | ac_delim="$ac_delim!$ac_delim _$ac_delim!! " | ||
20358 | fi | ||
20359 | done | ||
20360 | |||
20361 | # For the awk script, D is an array of macro values keyed by name, | ||
20362 | # likewise P contains macro parameters if any. Preserve backslash | ||
20363 | # newline sequences. | ||
20364 | |||
20365 | ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* | ||
20366 | sed -n ' | ||
20367 | s/.\{148\}/&'"$ac_delim"'/g | ||
20368 | t rset | ||
20369 | :rset | ||
20370 | s/^[ ]*#[ ]*define[ ][ ]*/ / | ||
20371 | t def | ||
20372 | d | ||
20373 | :def | ||
20374 | s/\\$// | ||
20375 | t bsnl | ||
20376 | s/["\\]/\\&/g | ||
20377 | s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ | ||
20378 | D["\1"]=" \3"/p | ||
20379 | s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p | ||
20380 | d | ||
20381 | :bsnl | ||
20382 | s/["\\]/\\&/g | ||
20383 | s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ | ||
20384 | D["\1"]=" \3\\\\\\n"\\/p | ||
20385 | t cont | ||
20386 | s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p | ||
20387 | t cont | ||
20388 | d | ||
20389 | :cont | ||
20390 | n | ||
20391 | s/.\{148\}/&'"$ac_delim"'/g | ||
20392 | t clear | ||
20393 | :clear | ||
20394 | s/\\$// | ||
20395 | t bsnlc | ||
20396 | s/["\\]/\\&/g; s/^/"/; s/$/"/p | ||
20397 | d | ||
20398 | :bsnlc | ||
20399 | s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p | ||
20400 | b cont | ||
20401 | ' <confdefs.h | sed ' | ||
20402 | s/'"$ac_delim"'/"\\\ | ||
20403 | "/g' >>$CONFIG_STATUS || ac_write_fail=1 | ||
20404 | |||
20405 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20406 | for (key in D) D_is_set[key] = 1 | ||
20407 | FS = "" | ||
20408 | } | ||
20409 | /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { | ||
20410 | line = \$ 0 | ||
20411 | split(line, arg, " ") | ||
20412 | if (arg[1] == "#") { | ||
20413 | defundef = arg[2] | ||
20414 | mac1 = arg[3] | ||
20415 | } else { | ||
20416 | defundef = substr(arg[1], 2) | ||
20417 | mac1 = arg[2] | ||
20418 | } | ||
20419 | split(mac1, mac2, "(") #) | ||
20420 | macro = mac2[1] | ||
20421 | prefix = substr(line, 1, index(line, defundef) - 1) | ||
20422 | if (D_is_set[macro]) { | ||
20423 | # Preserve the white space surrounding the "#". | ||
20424 | print prefix "define", macro P[macro] D[macro] | ||
20425 | next | ||
20426 | } else { | ||
20427 | # Replace #undef with comments. This is necessary, for example, | ||
20428 | # in the case of _POSIX_SOURCE, which is predefined and required | ||
20429 | # on some systems where configure will not decide to define it. | ||
20430 | if (defundef == "undef") { | ||
20431 | print "/*", prefix defundef, macro, "*/" | ||
20432 | next | ||
20433 | } | ||
20434 | } | ||
20435 | } | ||
20436 | { print } | ||
20437 | _ACAWK | ||
20438 | _ACEOF | ||
20439 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20440 | as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 | ||
20441 | fi # test -n "$CONFIG_HEADERS" | ||
20442 | |||
20443 | |||
20444 | eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " | ||
20445 | shift | ||
20446 | for ac_tag | ||
20447 | do | ||
20448 | case $ac_tag in | ||
20449 | :[FHLC]) ac_mode=$ac_tag; continue;; | ||
20450 | esac | ||
20451 | case $ac_mode$ac_tag in | ||
20452 | :[FHL]*:*);; | ||
20453 | :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; | ||
20454 | :[FH]-) ac_tag=-:-;; | ||
20455 | :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; | ||
20456 | esac | ||
20457 | ac_save_IFS=$IFS | ||
20458 | IFS=: | ||
20459 | set x $ac_tag | ||
20460 | IFS=$ac_save_IFS | ||
20461 | shift | ||
20462 | ac_file=$1 | ||
20463 | shift | ||
20464 | |||
20465 | case $ac_mode in | ||
20466 | :L) ac_source=$1;; | ||
20467 | :[FH]) | ||
20468 | ac_file_inputs= | ||
20469 | for ac_f | ||
20470 | do | ||
20471 | case $ac_f in | ||
20472 | -) ac_f="$ac_tmp/stdin";; | ||
20473 | *) # Look for the file first in the build tree, then in the source tree | ||
20474 | # (if the path is not absolute). The absolute path cannot be DOS-style, | ||
20475 | # because $ac_f cannot contain `:'. | ||
20476 | test -f "$ac_f" || | ||
20477 | case $ac_f in | ||
20478 | [\\/$]*) false;; | ||
20479 | *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; | ||
20480 | esac || | ||
20481 | as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; | ||
20482 | esac | ||
20483 | case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac | ||
20484 | as_fn_append ac_file_inputs " '$ac_f'" | ||
20485 | done | ||
20486 | |||
20487 | # Let's still pretend it is `configure' which instantiates (i.e., don't | ||
20488 | # use $as_me), people would be surprised to read: | ||
20489 | # /* config.h. Generated by config.status. */ | ||
20490 | configure_input='Generated from '` | ||
20491 | $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' | ||
20492 | `' by configure.' | ||
20493 | if test x"$ac_file" != x-; then | ||
20494 | configure_input="$ac_file. $configure_input" | ||
20495 | { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 | ||
20496 | $as_echo "$as_me: creating $ac_file" >&6;} | ||
20497 | fi | ||
20498 | # Neutralize special characters interpreted by sed in replacement strings. | ||
20499 | case $configure_input in #( | ||
20500 | *\&* | *\|* | *\\* ) | ||
20501 | ac_sed_conf_input=`$as_echo "$configure_input" | | ||
20502 | sed 's/[\\\\&|]/\\\\&/g'`;; #( | ||
20503 | *) ac_sed_conf_input=$configure_input;; | ||
20504 | esac | ||
20505 | |||
20506 | case $ac_tag in | ||
20507 | *:-:* | *:-) cat >"$ac_tmp/stdin" \ | ||
20508 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; | ||
20509 | esac | ||
20510 | ;; | ||
20511 | esac | ||
20512 | |||
20513 | ac_dir=`$as_dirname -- "$ac_file" || | ||
20514 | $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
20515 | X"$ac_file" : 'X\(//\)[^/]' \| \ | ||
20516 | X"$ac_file" : 'X\(//\)$' \| \ | ||
20517 | X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || | ||
20518 | $as_echo X"$ac_file" | | ||
20519 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
20520 | s//\1/ | ||
20521 | q | ||
20522 | } | ||
20523 | /^X\(\/\/\)[^/].*/{ | ||
20524 | s//\1/ | ||
20525 | q | ||
20526 | } | ||
20527 | /^X\(\/\/\)$/{ | ||
20528 | s//\1/ | ||
20529 | q | ||
20530 | } | ||
20531 | /^X\(\/\).*/{ | ||
20532 | s//\1/ | ||
20533 | q | ||
20534 | } | ||
20535 | s/.*/./; q'` | ||
20536 | as_dir="$ac_dir"; as_fn_mkdir_p | ||
20537 | ac_builddir=. | ||
20538 | |||
20539 | case "$ac_dir" in | ||
20540 | .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
20541 | *) | ||
20542 | ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` | ||
20543 | # A ".." for each directory in $ac_dir_suffix. | ||
20544 | ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` | ||
20545 | case $ac_top_builddir_sub in | ||
20546 | "") ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
20547 | *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; | ||
20548 | esac ;; | ||
20549 | esac | ||
20550 | ac_abs_top_builddir=$ac_pwd | ||
20551 | ac_abs_builddir=$ac_pwd$ac_dir_suffix | ||
20552 | # for backward compatibility: | ||
20553 | ac_top_builddir=$ac_top_build_prefix | ||
20554 | |||
20555 | case $srcdir in | ||
20556 | .) # We are building in place. | ||
20557 | ac_srcdir=. | ||
20558 | ac_top_srcdir=$ac_top_builddir_sub | ||
20559 | ac_abs_top_srcdir=$ac_pwd ;; | ||
20560 | [\\/]* | ?:[\\/]* ) # Absolute name. | ||
20561 | ac_srcdir=$srcdir$ac_dir_suffix; | ||
20562 | ac_top_srcdir=$srcdir | ||
20563 | ac_abs_top_srcdir=$srcdir ;; | ||
20564 | *) # Relative name. | ||
20565 | ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix | ||
20566 | ac_top_srcdir=$ac_top_build_prefix$srcdir | ||
20567 | ac_abs_top_srcdir=$ac_pwd/$srcdir ;; | ||
20568 | esac | ||
20569 | ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix | ||
20570 | |||
20571 | |||
20572 | case $ac_mode in | ||
20573 | :F) | ||
20574 | # | ||
20575 | # CONFIG_FILE | ||
20576 | # | ||
20577 | |||
20578 | case $INSTALL in | ||
20579 | [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; | ||
20580 | *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; | ||
20581 | esac | ||
20582 | ac_MKDIR_P=$MKDIR_P | ||
20583 | case $MKDIR_P in | ||
20584 | [\\/$]* | ?:[\\/]* ) ;; | ||
20585 | */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; | ||
20586 | esac | ||
20587 | _ACEOF | ||
20588 | |||
20589 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20590 | # If the template does not know about datarootdir, expand it. | ||
20591 | # FIXME: This hack should be removed a few years after 2.60. | ||
20592 | ac_datarootdir_hack=; ac_datarootdir_seen= | ||
20593 | ac_sed_dataroot=' | ||
20594 | /datarootdir/ { | ||
20595 | p | ||
20596 | q | ||
20597 | } | ||
20598 | /@datadir@/p | ||
20599 | /@docdir@/p | ||
20600 | /@infodir@/p | ||
20601 | /@localedir@/p | ||
20602 | /@mandir@/p' | ||
20603 | case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in | ||
20604 | *datarootdir*) ac_datarootdir_seen=yes;; | ||
20605 | *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) | ||
20606 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 | ||
20607 | $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} | ||
20608 | _ACEOF | ||
20609 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20610 | ac_datarootdir_hack=' | ||
20611 | s&@datadir@&$datadir&g | ||
20612 | s&@docdir@&$docdir&g | ||
20613 | s&@infodir@&$infodir&g | ||
20614 | s&@localedir@&$localedir&g | ||
20615 | s&@mandir@&$mandir&g | ||
20616 | s&\\\${datarootdir}&$datarootdir&g' ;; | ||
20617 | esac | ||
20618 | _ACEOF | ||
20619 | |||
20620 | # Neutralize VPATH when `$srcdir' = `.'. | ||
20621 | # Shell code in configure.ac might set extrasub. | ||
20622 | # FIXME: do we really want to maintain this feature? | ||
20623 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20624 | ac_sed_extra="$ac_vpsub | ||
20625 | $extrasub | ||
20626 | _ACEOF | ||
20627 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20628 | :t | ||
20629 | /@[a-zA-Z_][a-zA-Z_0-9]*@/!b | ||
20630 | s|@configure_input@|$ac_sed_conf_input|;t t | ||
20631 | s&@top_builddir@&$ac_top_builddir_sub&;t t | ||
20632 | s&@top_build_prefix@&$ac_top_build_prefix&;t t | ||
20633 | s&@srcdir@&$ac_srcdir&;t t | ||
20634 | s&@abs_srcdir@&$ac_abs_srcdir&;t t | ||
20635 | s&@top_srcdir@&$ac_top_srcdir&;t t | ||
20636 | s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t | ||
20637 | s&@builddir@&$ac_builddir&;t t | ||
20638 | s&@abs_builddir@&$ac_abs_builddir&;t t | ||
20639 | s&@abs_top_builddir@&$ac_abs_top_builddir&;t t | ||
20640 | s&@INSTALL@&$ac_INSTALL&;t t | ||
20641 | s&@MKDIR_P@&$ac_MKDIR_P&;t t | ||
20642 | $ac_datarootdir_hack | ||
20643 | " | ||
20644 | eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ | ||
20645 | >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20646 | |||
20647 | test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && | ||
20648 | { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && | ||
20649 | { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ | ||
20650 | "$ac_tmp/out"`; test -z "$ac_out"; } && | ||
20651 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' | ||
20652 | which seems to be undefined. Please make sure it is defined" >&5 | ||
20653 | $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' | ||
20654 | which seems to be undefined. Please make sure it is defined" >&2;} | ||
20655 | |||
20656 | rm -f "$ac_tmp/stdin" | ||
20657 | case $ac_file in | ||
20658 | -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; | ||
20659 | *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; | ||
20660 | esac \ | ||
20661 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20662 | ;; | ||
20663 | :H) | ||
20664 | # | ||
20665 | # CONFIG_HEADER | ||
20666 | # | ||
20667 | if test x"$ac_file" != x-; then | ||
20668 | { | ||
20669 | $as_echo "/* $configure_input */" \ | ||
20670 | && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" | ||
20671 | } >"$ac_tmp/config.h" \ | ||
20672 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20673 | if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then | ||
20674 | { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 | ||
20675 | $as_echo "$as_me: $ac_file is unchanged" >&6;} | ||
20676 | else | ||
20677 | rm -f "$ac_file" | ||
20678 | mv "$ac_tmp/config.h" "$ac_file" \ | ||
20679 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20680 | fi | ||
20681 | else | ||
20682 | $as_echo "/* $configure_input */" \ | ||
20683 | && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ | ||
20684 | || as_fn_error $? "could not create -" "$LINENO" 5 | ||
20685 | fi | ||
20686 | ;; | ||
20687 | |||
20688 | |||
20689 | esac | ||
20690 | |||
20691 | done # for ac_tag | ||
20692 | |||
20693 | |||
20694 | as_fn_exit 0 | ||
20695 | _ACEOF | ||
20696 | ac_clean_files=$ac_clean_files_save | ||
20697 | |||
20698 | test $ac_write_fail = 0 || | ||
20699 | as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 | ||
20700 | |||
20701 | |||
20702 | # configure is writing to config.log, and then calls config.status. | ||
20703 | # config.status does its own redirection, appending to config.log. | ||
20704 | # Unfortunately, on DOS this fails, as config.log is still kept open | ||
20705 | # by configure, so config.status won't be able to write to it; its | ||
20706 | # output is simply discarded. So we exec the FD to /dev/null, | ||
20707 | # effectively closing config.log, so it can be properly (re)opened and | ||
20708 | # appended to by config.status. When coming back to configure, we | ||
20709 | # need to make the FD available again. | ||
20710 | if test "$no_create" != yes; then | ||
20711 | ac_cs_success=: | ||
20712 | ac_config_status_args= | ||
20713 | test "$silent" = yes && | ||
20714 | ac_config_status_args="$ac_config_status_args --quiet" | ||
20715 | exec 5>/dev/null | ||
20716 | $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false | ||
20717 | exec 5>>config.log | ||
20718 | # Use ||, not &&, to avoid exiting from the if with $? = 1, which | ||
20719 | # would make configure fail if this is the last instruction. | ||
20720 | $ac_cs_success || as_fn_exit 1 | ||
20721 | fi | ||
20722 | if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then | ||
20723 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 | ||
20724 | $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} | ||
20725 | fi | ||
20726 | |||
20727 | |||
20728 | # Print summary of options | ||
20729 | |||
20730 | # Someone please show me a better way :) | ||
20731 | A=`eval echo ${prefix}` ; A=`eval echo ${A}` | ||
20732 | B=`eval echo ${bindir}` ; B=`eval echo ${B}` | ||
20733 | C=`eval echo ${sbindir}` ; C=`eval echo ${C}` | ||
20734 | D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` | ||
20735 | E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` | ||
20736 | F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` | ||
20737 | G=`eval echo ${piddir}` ; G=`eval echo ${G}` | ||
20738 | H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` | ||
20739 | I=`eval echo ${user_path}` ; I=`eval echo ${I}` | ||
20740 | J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` | ||
20741 | |||
20742 | echo "" | ||
20743 | echo "OpenSSH has been configured with the following options:" | ||
20744 | echo " User binaries: $B" | ||
20745 | echo " System binaries: $C" | ||
20746 | echo " Configuration files: $D" | ||
20747 | echo " Askpass program: $E" | ||
20748 | echo " Manual pages: $F" | ||
20749 | echo " PID file: $G" | ||
20750 | echo " Privilege separation chroot path: $H" | ||
20751 | if test "x$external_path_file" = "x/etc/login.conf" ; then | ||
20752 | echo " At runtime, sshd will use the path defined in $external_path_file" | ||
20753 | echo " Make sure the path to scp is present, otherwise scp will not work" | ||
20754 | else | ||
20755 | echo " sshd default user PATH: $I" | ||
20756 | if test ! -z "$external_path_file"; then | ||
20757 | echo " (If PATH is set in $external_path_file it will be used instead. If" | ||
20758 | echo " used, ensure the path to scp is present, otherwise scp will not work.)" | ||
20759 | fi | ||
20760 | fi | ||
20761 | if test ! -z "$superuser_path" ; then | ||
20762 | echo " sshd superuser user PATH: $J" | ||
20763 | fi | ||
20764 | echo " Manpage format: $MANTYPE" | ||
20765 | echo " PAM support: $PAM_MSG" | ||
20766 | echo " OSF SIA support: $SIA_MSG" | ||
20767 | echo " KerberosV support: $KRB5_MSG" | ||
20768 | echo " SELinux support: $SELINUX_MSG" | ||
20769 | echo " MD5 password support: $MD5_MSG" | ||
20770 | echo " libedit support: $LIBEDIT_MSG" | ||
20771 | echo " libldns support: $LDNS_MSG" | ||
20772 | echo " Solaris process contract support: $SPC_MSG" | ||
20773 | echo " Solaris project support: $SP_MSG" | ||
20774 | echo " Solaris privilege support: $SPP_MSG" | ||
20775 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
20776 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
20777 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
20778 | echo " Random number source: $RAND_MSG" | ||
20779 | echo " Privsep sandbox style: $SANDBOX_STYLE" | ||
20780 | |||
20781 | echo "" | ||
20782 | |||
20783 | echo " Host: ${host}" | ||
20784 | echo " Compiler: ${CC}" | ||
20785 | echo " Compiler flags: ${CFLAGS}" | ||
20786 | echo "Preprocessor flags: ${CPPFLAGS}" | ||
20787 | echo " Linker flags: ${LDFLAGS}" | ||
20788 | echo " Libraries: ${LIBS}" | ||
20789 | if test ! -z "${SSHDLIBS}"; then | ||
20790 | echo " +for sshd: ${SSHDLIBS}" | ||
20791 | fi | ||
20792 | if test ! -z "${SSHLIBS}"; then | ||
20793 | echo " +for ssh: ${SSHLIBS}" | ||
20794 | fi | ||
20795 | |||
20796 | echo "" | ||
20797 | |||
20798 | if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then | ||
20799 | echo "SVR4 style packages are supported with \"make package\"" | ||
20800 | echo "" | ||
20801 | fi | ||
20802 | |||
20803 | if test "x$PAM_MSG" = "xyes" ; then | ||
20804 | echo "PAM is enabled. You may need to install a PAM control file " | ||
20805 | echo "for sshd, otherwise password authentication may fail. " | ||
20806 | echo "Example PAM control files can be found in the contrib/ " | ||
20807 | echo "subdirectory" | ||
20808 | echo "" | ||
20809 | fi | ||
20810 | |||
20811 | if test ! -z "$NO_PEERCHECK" ; then | ||
20812 | echo "WARNING: the operating system that you are using does not" | ||
20813 | echo "appear to support getpeereid(), getpeerucred() or the" | ||
20814 | echo "SO_PEERCRED getsockopt() option. These facilities are used to" | ||
20815 | echo "enforce security checks to prevent unauthorised connections to" | ||
20816 | echo "ssh-agent. Their absence increases the risk that a malicious" | ||
20817 | echo "user can connect to your agent." | ||
20818 | echo "" | ||
20819 | fi | ||
20820 | |||
20821 | if test "$AUDIT_MODULE" = "bsm" ; then | ||
20822 | echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." | ||
20823 | echo "See the Solaris section in README.platform for details." | ||
20824 | fi | ||
diff --git a/moduli.0 b/moduli.0 new file mode 100644 index 000000000..6f1a50e44 --- /dev/null +++ b/moduli.0 | |||
@@ -0,0 +1,74 @@ | |||
1 | MODULI(5) File Formats Manual MODULI(5) | ||
2 | |||
3 | NAME | ||
4 | moduli M-bM-^@M-^S Diffie-Hellman moduli | ||
5 | |||
6 | DESCRIPTION | ||
7 | The /etc/moduli file contains prime numbers and generators for use by | ||
8 | sshd(8) in the Diffie-Hellman Group Exchange key exchange method. | ||
9 | |||
10 | New moduli may be generated with ssh-keygen(1) using a two-step process. | ||
11 | An initial candidate generation pass, using ssh-keygen -G, calculates | ||
12 | numbers that are likely to be useful. A second primality testing pass, | ||
13 | using ssh-keygen -T, provides a high degree of assurance that the numbers | ||
14 | are prime and are safe for use in Diffie-Hellman operations by sshd(8). | ||
15 | This moduli format is used as the output from each pass. | ||
16 | |||
17 | The file consists of newline-separated records, one per modulus, | ||
18 | containing seven space-separated fields. These fields are as follows: | ||
19 | |||
20 | timestamp The time that the modulus was last processed as | ||
21 | YYYYMMDDHHMMSS. | ||
22 | |||
23 | type Decimal number specifying the internal structure of | ||
24 | the prime modulus. Supported types are: | ||
25 | |||
26 | 0 Unknown, not tested. | ||
27 | 2 "Safe" prime; (p-1)/2 is also prime. | ||
28 | 4 Sophie Germain; 2p+1 is also prime. | ||
29 | |||
30 | Moduli candidates initially produced by ssh-keygen(1) | ||
31 | are Sophie Germain primes (type 4). Further primality | ||
32 | testing with ssh-keygen(1) produces safe prime moduli | ||
33 | (type 2) that are ready for use in sshd(8). Other | ||
34 | types are not used by OpenSSH. | ||
35 | |||
36 | tests Decimal number indicating the type of primality tests | ||
37 | that the number has been subjected to represented as a | ||
38 | bitmask of the following values: | ||
39 | |||
40 | 0x00 Not tested. | ||
41 | 0x01 Composite number M-bM-^@M-^S not prime. | ||
42 | 0x02 Sieve of Eratosthenes. | ||
43 | 0x04 Probabilistic Miller-Rabin primality tests. | ||
44 | |||
45 | The ssh-keygen(1) moduli candidate generation uses the | ||
46 | Sieve of Eratosthenes (flag 0x02). Subsequent | ||
47 | ssh-keygen(1) primality tests are Miller-Rabin tests | ||
48 | (flag 0x04). | ||
49 | |||
50 | trials Decimal number indicating the number of primality | ||
51 | trials that have been performed on the modulus. | ||
52 | |||
53 | size Decimal number indicating the size of the prime in | ||
54 | bits. | ||
55 | |||
56 | generator The recommended generator for use with this modulus | ||
57 | (hexadecimal). | ||
58 | |||
59 | modulus The modulus itself in hexadecimal. | ||
60 | |||
61 | When performing Diffie-Hellman Group Exchange, sshd(8) first estimates | ||
62 | the size of the modulus required to produce enough Diffie-Hellman output | ||
63 | to sufficiently key the selected symmetric cipher. sshd(8) then randomly | ||
64 | selects a modulus from /etc/moduli that best meets the size requirement. | ||
65 | |||
66 | SEE ALSO | ||
67 | ssh-keygen(1), sshd(8) | ||
68 | |||
69 | STANDARDS | ||
70 | M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for | ||
71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, | ||
72 | 2006. | ||
73 | |||
74 | OpenBSD 6.6 September 26, 2012 OpenBSD 6.6 | ||
@@ -0,0 +1,182 @@ | |||
1 | SCP(1) General Commands Manual SCP(1) | ||
2 | |||
3 | NAME | ||
4 | scp M-bM-^@M-^S secure copy (remote file copy program) | ||
5 | |||
6 | SYNOPSIS | ||
7 | scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file] | ||
8 | [-J destination] [-l limit] [-o ssh_option] [-P port] [-S program] | ||
9 | source ... target | ||
10 | |||
11 | DESCRIPTION | ||
12 | scp copies files between hosts on a network. It uses ssh(1) for data | ||
13 | transfer, and uses the same authentication and provides the same security | ||
14 | as ssh(1). scp will ask for passwords or passphrases if they are needed | ||
15 | for authentication. | ||
16 | |||
17 | The source and target may be specified as a local pathname, a remote host | ||
18 | with optional path in the form [user@]host:[path], or a URI in the form | ||
19 | scp://[user@]host[:port][/path]. Local file names can be made explicit | ||
20 | using absolute or relative pathnames to avoid scp treating file names | ||
21 | containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. | ||
22 | |||
23 | When copying between two remote hosts, if the URI format is used, a port | ||
24 | may only be specified on the target if the -3 option is used. | ||
25 | |||
26 | The options are as follows: | ||
27 | |||
28 | -3 Copies between two remote hosts are transferred through the local | ||
29 | host. Without this option the data is copied directly between | ||
30 | the two remote hosts. Note that this option disables the | ||
31 | progress meter. | ||
32 | |||
33 | -4 Forces scp to use IPv4 addresses only. | ||
34 | |||
35 | -6 Forces scp to use IPv6 addresses only. | ||
36 | |||
37 | -B Selects batch mode (prevents asking for passwords or | ||
38 | passphrases). | ||
39 | |||
40 | -C Compression enable. Passes the -C flag to ssh(1) to enable | ||
41 | compression. | ||
42 | |||
43 | -c cipher | ||
44 | Selects the cipher to use for encrypting the data transfer. This | ||
45 | option is directly passed to ssh(1). | ||
46 | |||
47 | -F ssh_config | ||
48 | Specifies an alternative per-user configuration file for ssh. | ||
49 | This option is directly passed to ssh(1). | ||
50 | |||
51 | -i identity_file | ||
52 | Selects the file from which the identity (private key) for public | ||
53 | key authentication is read. This option is directly passed to | ||
54 | ssh(1). | ||
55 | |||
56 | -J destination | ||
57 | Connect to the target host by first making an scp connection to | ||
58 | the jump host described by destination and then establishing a | ||
59 | TCP forwarding to the ultimate destination from there. Multiple | ||
60 | jump hops may be specified separated by comma characters. This | ||
61 | is a shortcut to specify a ProxyJump configuration directive. | ||
62 | This option is directly passed to ssh(1). | ||
63 | |||
64 | -l limit | ||
65 | Limits the used bandwidth, specified in Kbit/s. | ||
66 | |||
67 | -o ssh_option | ||
68 | Can be used to pass options to ssh in the format used in | ||
69 | ssh_config(5). This is useful for specifying options for which | ||
70 | there is no separate scp command-line flag. For full details of | ||
71 | the options listed below, and their possible values, see | ||
72 | ssh_config(5). | ||
73 | |||
74 | AddressFamily | ||
75 | BatchMode | ||
76 | BindAddress | ||
77 | BindInterface | ||
78 | CanonicalDomains | ||
79 | CanonicalizeFallbackLocal | ||
80 | CanonicalizeHostname | ||
81 | CanonicalizeMaxDots | ||
82 | CanonicalizePermittedCNAMEs | ||
83 | CASignatureAlgorithms | ||
84 | CertificateFile | ||
85 | ChallengeResponseAuthentication | ||
86 | CheckHostIP | ||
87 | Ciphers | ||
88 | Compression | ||
89 | ConnectionAttempts | ||
90 | ConnectTimeout | ||
91 | ControlMaster | ||
92 | ControlPath | ||
93 | ControlPersist | ||
94 | GlobalKnownHostsFile | ||
95 | GSSAPIAuthentication | ||
96 | GSSAPIDelegateCredentials | ||
97 | HashKnownHosts | ||
98 | Host | ||
99 | HostbasedAuthentication | ||
100 | HostbasedKeyTypes | ||
101 | HostKeyAlgorithms | ||
102 | HostKeyAlias | ||
103 | Hostname | ||
104 | IdentitiesOnly | ||
105 | IdentityAgent | ||
106 | IdentityFile | ||
107 | IPQoS | ||
108 | KbdInteractiveAuthentication | ||
109 | KbdInteractiveDevices | ||
110 | KexAlgorithms | ||
111 | LogLevel | ||
112 | MACs | ||
113 | NoHostAuthenticationForLocalhost | ||
114 | NumberOfPasswordPrompts | ||
115 | PasswordAuthentication | ||
116 | PKCS11Provider | ||
117 | Port | ||
118 | PreferredAuthentications | ||
119 | ProxyCommand | ||
120 | ProxyJump | ||
121 | PubkeyAcceptedKeyTypes | ||
122 | PubkeyAuthentication | ||
123 | RekeyLimit | ||
124 | SendEnv | ||
125 | ServerAliveInterval | ||
126 | ServerAliveCountMax | ||
127 | SetEnv | ||
128 | StrictHostKeyChecking | ||
129 | TCPKeepAlive | ||
130 | UpdateHostKeys | ||
131 | User | ||
132 | UserKnownHostsFile | ||
133 | VerifyHostKeyDNS | ||
134 | |||
135 | -P port | ||
136 | Specifies the port to connect to on the remote host. Note that | ||
137 | this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already | ||
138 | reserved for preserving the times and modes of the file. | ||
139 | |||
140 | -p Preserves modification times, access times, and modes from the | ||
141 | original file. | ||
142 | |||
143 | -q Quiet mode: disables the progress meter as well as warning and | ||
144 | diagnostic messages from ssh(1). | ||
145 | |||
146 | -r Recursively copy entire directories. Note that scp follows | ||
147 | symbolic links encountered in the tree traversal. | ||
148 | |||
149 | -S program | ||
150 | Name of program to use for the encrypted connection. The program | ||
151 | must understand ssh(1) options. | ||
152 | |||
153 | -T Disable strict filename checking. By default when copying files | ||
154 | from a remote host to a local directory scp checks that the | ||
155 | received filenames match those requested on the command-line to | ||
156 | prevent the remote end from sending unexpected or unwanted files. | ||
157 | Because of differences in how various operating systems and | ||
158 | shells interpret filename wildcards, these checks may cause | ||
159 | wanted files to be rejected. This option disables these checks | ||
160 | at the expense of fully trusting that the server will not send | ||
161 | unexpected filenames. | ||
162 | |||
163 | -v Verbose mode. Causes scp and ssh(1) to print debugging messages | ||
164 | about their progress. This is helpful in debugging connection, | ||
165 | authentication, and configuration problems. | ||
166 | |||
167 | EXIT STATUS | ||
168 | The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs. | ||
169 | |||
170 | SEE ALSO | ||
171 | sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), | ||
172 | sshd(8) | ||
173 | |||
174 | HISTORY | ||
175 | scp is based on the rcp program in BSD source code from the Regents of | ||
176 | the University of California. | ||
177 | |||
178 | AUTHORS | ||
179 | Timo Rinne <tri@iki.fi> | ||
180 | Tatu Ylonen <ylo@cs.hut.fi> | ||
181 | |||
182 | OpenBSD 6.6 June 12, 2019 OpenBSD 6.6 | ||
diff --git a/sftp-server.0 b/sftp-server.0 new file mode 100644 index 000000000..e070f6a37 --- /dev/null +++ b/sftp-server.0 | |||
@@ -0,0 +1,96 @@ | |||
1 | SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) | ||
2 | |||
3 | NAME | ||
4 | sftp-server M-bM-^@M-^S SFTP server subsystem | ||
5 | |||
6 | SYNOPSIS | ||
7 | sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] | ||
8 | [-P blacklisted_requests] [-p whitelisted_requests] | ||
9 | [-u umask] | ||
10 | sftp-server -Q protocol_feature | ||
11 | |||
12 | DESCRIPTION | ||
13 | sftp-server is a program that speaks the server side of SFTP protocol to | ||
14 | stdout and expects client requests from stdin. sftp-server is not | ||
15 | intended to be called directly, but from sshd(8) using the Subsystem | ||
16 | option. | ||
17 | |||
18 | Command-line flags to sftp-server should be specified in the Subsystem | ||
19 | declaration. See sshd_config(5) for more information. | ||
20 | |||
21 | Valid options are: | ||
22 | |||
23 | -d start_directory | ||
24 | specifies an alternate starting directory for users. The | ||
25 | pathname may contain the following tokens that are expanded at | ||
26 | runtime: %% is replaced by a literal '%', %d is replaced by the | ||
27 | home directory of the user being authenticated, and %u is | ||
28 | replaced by the username of that user. The default is to use the | ||
29 | user's home directory. This option is useful in conjunction with | ||
30 | the sshd_config(5) ChrootDirectory option. | ||
31 | |||
32 | -e Causes sftp-server to print logging information to stderr instead | ||
33 | of syslog for debugging. | ||
34 | |||
35 | -f log_facility | ||
36 | Specifies the facility code that is used when logging messages | ||
37 | from sftp-server. The possible values are: DAEMON, USER, AUTH, | ||
38 | LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | ||
39 | The default is AUTH. | ||
40 | |||
41 | -h Displays sftp-server usage information. | ||
42 | |||
43 | -l log_level | ||
44 | Specifies which messages will be logged by sftp-server. The | ||
45 | possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, | ||
46 | DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions | ||
47 | that sftp-server performs on behalf of the client. DEBUG and | ||
48 | DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher | ||
49 | levels of debugging output. The default is ERROR. | ||
50 | |||
51 | -P blacklisted_requests | ||
52 | Specify a comma-separated list of SFTP protocol requests that are | ||
53 | banned by the server. sftp-server will reply to any blacklisted | ||
54 | request with a failure. The -Q flag can be used to determine the | ||
55 | supported request types. If both a blacklist and a whitelist are | ||
56 | specified, then the blacklist is applied before the whitelist. | ||
57 | |||
58 | -p whitelisted_requests | ||
59 | Specify a comma-separated list of SFTP protocol requests that are | ||
60 | permitted by the server. All request types that are not on the | ||
61 | whitelist will be logged and replied to with a failure message. | ||
62 | |||
63 | Care must be taken when using this feature to ensure that | ||
64 | requests made implicitly by SFTP clients are permitted. | ||
65 | |||
66 | -Q protocol_feature | ||
67 | Query protocol features supported by sftp-server. At present the | ||
68 | only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used | ||
69 | for black or whitelisting (flags -P and -p respectively). | ||
70 | |||
71 | -R Places this instance of sftp-server into a read-only mode. | ||
72 | Attempts to open files for writing, as well as other operations | ||
73 | that change the state of the filesystem, will be denied. | ||
74 | |||
75 | -u umask | ||
76 | Sets an explicit umask(2) to be applied to newly-created files | ||
77 | and directories, instead of the user's default mask. | ||
78 | |||
79 | On some systems, sftp-server must be able to access /dev/log for logging | ||
80 | to work, and use of sftp-server in a chroot configuration therefore | ||
81 | requires that syslogd(8) establish a logging socket inside the chroot | ||
82 | directory. | ||
83 | |||
84 | SEE ALSO | ||
85 | sftp(1), ssh(1), sshd_config(5), sshd(8) | ||
86 | |||
87 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | ||
88 | filexfer-02.txt, October 2001, work in progress material. | ||
89 | |||
90 | HISTORY | ||
91 | sftp-server first appeared in OpenBSD 2.8. | ||
92 | |||
93 | AUTHORS | ||
94 | Markus Friedl <markus@openbsd.org> | ||
95 | |||
96 | OpenBSD 6.6 December 11, 2014 OpenBSD 6.6 | ||
@@ -0,0 +1,396 @@ | |||
1 | SFTP(1) General Commands Manual SFTP(1) | ||
2 | |||
3 | NAME | ||
4 | sftp M-bM-^@M-^S secure file transfer program | ||
5 | |||
6 | SYNOPSIS | ||
7 | sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher] | ||
8 | [-D sftp_server_path] [-F ssh_config] [-i identity_file] | ||
9 | [-J destination] [-l limit] [-o ssh_option] [-P port] | ||
10 | [-R num_requests] [-S program] [-s subsystem | sftp_server] | ||
11 | destination | ||
12 | |||
13 | DESCRIPTION | ||
14 | sftp is a file transfer program, similar to ftp(1), which performs all | ||
15 | operations over an encrypted ssh(1) transport. It may also use many | ||
16 | features of ssh, such as public key authentication and compression. | ||
17 | |||
18 | The destination may be specified either as [user@]host[:path] or as a URI | ||
19 | in the form sftp://[user@]host[:port][/path]. | ||
20 | |||
21 | If the destination includes a path and it is not a directory, sftp will | ||
22 | retrieve files automatically if a non-interactive authentication method | ||
23 | is used; otherwise it will do so after successful interactive | ||
24 | authentication. | ||
25 | |||
26 | If no path is specified, or if the path is a directory, sftp will log in | ||
27 | to the specified host and enter interactive command mode, changing to the | ||
28 | remote directory if one was specified. An optional trailing slash can be | ||
29 | used to force the path to be interpreted as a directory. | ||
30 | |||
31 | Since the destination formats use colon characters to delimit host names | ||
32 | from path names or port numbers, IPv6 addresses must be enclosed in | ||
33 | square brackets to avoid ambiguity. | ||
34 | |||
35 | The options are as follows: | ||
36 | |||
37 | -4 Forces sftp to use IPv4 addresses only. | ||
38 | |||
39 | -6 Forces sftp to use IPv6 addresses only. | ||
40 | |||
41 | -a Attempt to continue interrupted transfers rather than overwriting | ||
42 | existing partial or complete copies of files. If the partial | ||
43 | contents differ from those being transferred, then the resultant | ||
44 | file is likely to be corrupt. | ||
45 | |||
46 | -B buffer_size | ||
47 | Specify the size of the buffer that sftp uses when transferring | ||
48 | files. Larger buffers require fewer round trips at the cost of | ||
49 | higher memory consumption. The default is 32768 bytes. | ||
50 | |||
51 | -b batchfile | ||
52 | Batch mode reads a series of commands from an input batchfile | ||
53 | instead of stdin. Since it lacks user interaction it should be | ||
54 | used in conjunction with non-interactive authentication to | ||
55 | obviate the need to enter a password at connection time (see | ||
56 | sshd(8) and ssh-keygen(1) for details). | ||
57 | |||
58 | A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp | ||
59 | will abort if any of the following commands fail: get, put, | ||
60 | reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, | ||
61 | chown, chgrp, lpwd, df, symlink, and lmkdir. | ||
62 | |||
63 | Termination on error can be suppressed on a command by command | ||
64 | basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, | ||
65 | -rm /tmp/blah*). Echo of the command may be suppressed by | ||
66 | prefixing the command with a M-bM-^@M-^X@M-bM-^@M-^Y character. These two prefixes | ||
67 | may be combined in any order, for example -@ls /bsd. | ||
68 | |||
69 | -C Enables compression (via ssh's -C flag). | ||
70 | |||
71 | -c cipher | ||
72 | Selects the cipher to use for encrypting the data transfers. | ||
73 | This option is directly passed to ssh(1). | ||
74 | |||
75 | -D sftp_server_path | ||
76 | Connect directly to a local sftp server (rather than via ssh(1)). | ||
77 | This option may be useful in debugging the client and server. | ||
78 | |||
79 | -F ssh_config | ||
80 | Specifies an alternative per-user configuration file for ssh(1). | ||
81 | This option is directly passed to ssh(1). | ||
82 | |||
83 | -f Requests that files be flushed to disk immediately after | ||
84 | transfer. When uploading files, this feature is only enabled if | ||
85 | the server implements the "fsync@openssh.com" extension. | ||
86 | |||
87 | -i identity_file | ||
88 | Selects the file from which the identity (private key) for public | ||
89 | key authentication is read. This option is directly passed to | ||
90 | ssh(1). | ||
91 | |||
92 | -J destination | ||
93 | Connect to the target host by first making an sftp connection to | ||
94 | the jump host described by destination and then establishing a | ||
95 | TCP forwarding to the ultimate destination from there. Multiple | ||
96 | jump hops may be specified separated by comma characters. This | ||
97 | is a shortcut to specify a ProxyJump configuration directive. | ||
98 | This option is directly passed to ssh(1). | ||
99 | |||
100 | -l limit | ||
101 | Limits the used bandwidth, specified in Kbit/s. | ||
102 | |||
103 | -o ssh_option | ||
104 | Can be used to pass options to ssh in the format used in | ||
105 | ssh_config(5). This is useful for specifying options for which | ||
106 | there is no separate sftp command-line flag. For example, to | ||
107 | specify an alternate port use: sftp -oPort=24. For full details | ||
108 | of the options listed below, and their possible values, see | ||
109 | ssh_config(5). | ||
110 | |||
111 | AddressFamily | ||
112 | BatchMode | ||
113 | BindAddress | ||
114 | BindInterface | ||
115 | CanonicalDomains | ||
116 | CanonicalizeFallbackLocal | ||
117 | CanonicalizeHostname | ||
118 | CanonicalizeMaxDots | ||
119 | CanonicalizePermittedCNAMEs | ||
120 | CASignatureAlgorithms | ||
121 | CertificateFile | ||
122 | ChallengeResponseAuthentication | ||
123 | CheckHostIP | ||
124 | Ciphers | ||
125 | Compression | ||
126 | ConnectionAttempts | ||
127 | ConnectTimeout | ||
128 | ControlMaster | ||
129 | ControlPath | ||
130 | ControlPersist | ||
131 | GlobalKnownHostsFile | ||
132 | GSSAPIAuthentication | ||
133 | GSSAPIDelegateCredentials | ||
134 | HashKnownHosts | ||
135 | Host | ||
136 | HostbasedAuthentication | ||
137 | HostbasedKeyTypes | ||
138 | HostKeyAlgorithms | ||
139 | HostKeyAlias | ||
140 | Hostname | ||
141 | IdentitiesOnly | ||
142 | IdentityAgent | ||
143 | IdentityFile | ||
144 | IPQoS | ||
145 | KbdInteractiveAuthentication | ||
146 | KbdInteractiveDevices | ||
147 | KexAlgorithms | ||
148 | LogLevel | ||
149 | MACs | ||
150 | NoHostAuthenticationForLocalhost | ||
151 | NumberOfPasswordPrompts | ||
152 | PasswordAuthentication | ||
153 | PKCS11Provider | ||
154 | Port | ||
155 | PreferredAuthentications | ||
156 | ProxyCommand | ||
157 | ProxyJump | ||
158 | PubkeyAcceptedKeyTypes | ||
159 | PubkeyAuthentication | ||
160 | RekeyLimit | ||
161 | SendEnv | ||
162 | ServerAliveInterval | ||
163 | ServerAliveCountMax | ||
164 | SetEnv | ||
165 | StrictHostKeyChecking | ||
166 | TCPKeepAlive | ||
167 | UpdateHostKeys | ||
168 | User | ||
169 | UserKnownHostsFile | ||
170 | VerifyHostKeyDNS | ||
171 | |||
172 | -P port | ||
173 | Specifies the port to connect to on the remote host. | ||
174 | |||
175 | -p Preserves modification times, access times, and modes from the | ||
176 | original files transferred. | ||
177 | |||
178 | -q Quiet mode: disables the progress meter as well as warning and | ||
179 | diagnostic messages from ssh(1). | ||
180 | |||
181 | -R num_requests | ||
182 | Specify how many requests may be outstanding at any one time. | ||
183 | Increasing this may slightly improve file transfer speed but will | ||
184 | increase memory usage. The default is 64 outstanding requests. | ||
185 | |||
186 | -r Recursively copy entire directories when uploading and | ||
187 | downloading. Note that sftp does not follow symbolic links | ||
188 | encountered in the tree traversal. | ||
189 | |||
190 | -S program | ||
191 | Name of the program to use for the encrypted connection. The | ||
192 | program must understand ssh(1) options. | ||
193 | |||
194 | -s subsystem | sftp_server | ||
195 | Specifies the SSH2 subsystem or the path for an sftp server on | ||
196 | the remote host. A path is useful when the remote sshd(8) does | ||
197 | not have an sftp subsystem configured. | ||
198 | |||
199 | -v Raise logging level. This option is also passed to ssh. | ||
200 | |||
201 | INTERACTIVE COMMANDS | ||
202 | Once in interactive mode, sftp understands a set of commands similar to | ||
203 | those of ftp(1). Commands are case insensitive. Pathnames that contain | ||
204 | spaces must be enclosed in quotes. Any special characters contained | ||
205 | within pathnames that are recognized by glob(3) must be escaped with | ||
206 | backslashes (M-bM-^@M-^X\M-bM-^@M-^Y). | ||
207 | |||
208 | bye Quit sftp. | ||
209 | |||
210 | cd [path] | ||
211 | Change remote directory to path. If path is not specified, then | ||
212 | change directory to the one the session started in. | ||
213 | |||
214 | chgrp [-h] grp path | ||
215 | Change group of file path to grp. If the -h flag is specified, | ||
216 | then symlinks will not be followed. path may contain glob(7) | ||
217 | characters and may match multiple files. grp must be a numeric | ||
218 | GID. | ||
219 | |||
220 | chmod [-h] mode path | ||
221 | Change permissions of file path to mode. If the -h flag is | ||
222 | specified, then symlinks will not be followed. path may contain | ||
223 | glob(7) characters and may match multiple files. | ||
224 | |||
225 | chown [-h] own path | ||
226 | Change owner of file path to own. If the -h flag is specified, | ||
227 | then symlinks will not be followed. path may contain glob(7) | ||
228 | characters and may match multiple files. own must be a numeric | ||
229 | UID. | ||
230 | |||
231 | df [-hi] [path] | ||
232 | Display usage information for the filesystem holding the current | ||
233 | directory (or path if specified). If the -h flag is specified, | ||
234 | the capacity information will be displayed using "human-readable" | ||
235 | suffixes. The -i flag requests display of inode information in | ||
236 | addition to capacity information. This command is only supported | ||
237 | on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension. | ||
238 | |||
239 | exit Quit sftp. | ||
240 | |||
241 | get [-afpR] remote-path [local-path] | ||
242 | Retrieve the remote-path and store it on the local machine. If | ||
243 | the local path name is not specified, it is given the same name | ||
244 | it has on the remote machine. remote-path may contain glob(7) | ||
245 | characters and may match multiple files. If it does and | ||
246 | local-path is specified, then local-path must specify a | ||
247 | directory. | ||
248 | |||
249 | If the -a flag is specified, then attempt to resume partial | ||
250 | transfers of existing files. Note that resumption assumes that | ||
251 | any partial copy of the local file matches the remote copy. If | ||
252 | the remote file contents differ from the partial local copy then | ||
253 | the resultant file is likely to be corrupt. | ||
254 | |||
255 | If the -f flag is specified, then fsync(2) will be called after | ||
256 | the file transfer has completed to flush the file to disk. | ||
257 | |||
258 | If the -p flag is specified, then full file permissions and | ||
259 | access times are copied too. | ||
260 | |||
261 | If the -R flag is specified then directories will be copied | ||
262 | recursively. Note that sftp does not follow symbolic links when | ||
263 | performing recursive transfers. | ||
264 | |||
265 | help Display help text. | ||
266 | |||
267 | lcd [path] | ||
268 | Change local directory to path. If path is not specified, then | ||
269 | change directory to the local user's home directory. | ||
270 | |||
271 | lls [ls-options [path]] | ||
272 | Display local directory listing of either path or current | ||
273 | directory if path is not specified. ls-options may contain any | ||
274 | flags supported by the local system's ls(1) command. path may | ||
275 | contain glob(7) characters and may match multiple files. | ||
276 | |||
277 | lmkdir path | ||
278 | Create local directory specified by path. | ||
279 | |||
280 | ln [-s] oldpath newpath | ||
281 | Create a link from oldpath to newpath. If the -s flag is | ||
282 | specified the created link is a symbolic link, otherwise it is a | ||
283 | hard link. | ||
284 | |||
285 | lpwd Print local working directory. | ||
286 | |||
287 | ls [-1afhlnrSt] [path] | ||
288 | Display a remote directory listing of either path or the current | ||
289 | directory if path is not specified. path may contain glob(7) | ||
290 | characters and may match multiple files. | ||
291 | |||
292 | The following flags are recognized and alter the behaviour of ls | ||
293 | accordingly: | ||
294 | |||
295 | -1 Produce single columnar output. | ||
296 | |||
297 | -a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y). | ||
298 | |||
299 | -f Do not sort the listing. The default sort order is | ||
300 | lexicographical. | ||
301 | |||
302 | -h When used with a long format option, use unit suffixes: | ||
303 | Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, | ||
304 | and Exabyte in order to reduce the number of digits to | ||
305 | four or fewer using powers of 2 for sizes (K=1024, | ||
306 | M=1048576, etc.). | ||
307 | |||
308 | -l Display additional details including permissions and | ||
309 | ownership information. | ||
310 | |||
311 | -n Produce a long listing with user and group information | ||
312 | presented numerically. | ||
313 | |||
314 | -r Reverse the sort order of the listing. | ||
315 | |||
316 | -S Sort the listing by file size. | ||
317 | |||
318 | -t Sort the listing by last modification time. | ||
319 | |||
320 | lumask umask | ||
321 | Set local umask to umask. | ||
322 | |||
323 | mkdir path | ||
324 | Create remote directory specified by path. | ||
325 | |||
326 | progress | ||
327 | Toggle display of progress meter. | ||
328 | |||
329 | put [-afpR] local-path [remote-path] | ||
330 | Upload local-path and store it on the remote machine. If the | ||
331 | remote path name is not specified, it is given the same name it | ||
332 | has on the local machine. local-path may contain glob(7) | ||
333 | characters and may match multiple files. If it does and | ||
334 | remote-path is specified, then remote-path must specify a | ||
335 | directory. | ||
336 | |||
337 | If the -a flag is specified, then attempt to resume partial | ||
338 | transfers of existing files. Note that resumption assumes that | ||
339 | any partial copy of the remote file matches the local copy. If | ||
340 | the local file contents differ from the remote local copy then | ||
341 | the resultant file is likely to be corrupt. | ||
342 | |||
343 | If the -f flag is specified, then a request will be sent to the | ||
344 | server to call fsync(2) after the file has been transferred. | ||
345 | Note that this is only supported by servers that implement the | ||
346 | "fsync@openssh.com" extension. | ||
347 | |||
348 | If the -p flag is specified, then full file permissions and | ||
349 | access times are copied too. | ||
350 | |||
351 | If the -R flag is specified then directories will be copied | ||
352 | recursively. Note that sftp does not follow symbolic links when | ||
353 | performing recursive transfers. | ||
354 | |||
355 | pwd Display remote working directory. | ||
356 | |||
357 | quit Quit sftp. | ||
358 | |||
359 | reget [-fpR] remote-path [local-path] | ||
360 | Resume download of remote-path. Equivalent to get with the -a | ||
361 | flag set. | ||
362 | |||
363 | reput [-fpR] local-path [remote-path] | ||
364 | Resume upload of local-path. Equivalent to put with the -a flag | ||
365 | set. | ||
366 | |||
367 | rename oldpath newpath | ||
368 | Rename remote file from oldpath to newpath. | ||
369 | |||
370 | rm path | ||
371 | Delete remote file specified by path. | ||
372 | |||
373 | rmdir path | ||
374 | Remove remote directory specified by path. | ||
375 | |||
376 | symlink oldpath newpath | ||
377 | Create a symbolic link from oldpath to newpath. | ||
378 | |||
379 | version | ||
380 | Display the sftp protocol version. | ||
381 | |||
382 | !command | ||
383 | Execute command in local shell. | ||
384 | |||
385 | ! Escape to local shell. | ||
386 | |||
387 | ? Synonym for help. | ||
388 | |||
389 | SEE ALSO | ||
390 | ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), | ||
391 | glob(7), sftp-server(8), sshd(8) | ||
392 | |||
393 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | ||
394 | filexfer-00.txt, January 2001, work in progress material. | ||
395 | |||
396 | OpenBSD 6.6 June 19, 2019 OpenBSD 6.6 | ||
diff --git a/ssh-add.0 b/ssh-add.0 new file mode 100644 index 000000000..0c4358253 --- /dev/null +++ b/ssh-add.0 | |||
@@ -0,0 +1,133 @@ | |||
1 | SSH-ADD(1) General Commands Manual SSH-ADD(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-add M-bM-^@M-^S adds private key identities to the authentication agent | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-add [-cDdkLlqvXx] [-E fingerprint_hash] [-t life] [file ...] | ||
8 | ssh-add -s pkcs11 | ||
9 | ssh-add -e pkcs11 | ||
10 | ssh-add -T pubkey ... | ||
11 | |||
12 | DESCRIPTION | ||
13 | ssh-add adds private key identities to the authentication agent, | ||
14 | ssh-agent(1). When run without arguments, it adds the files | ||
15 | ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, and ~/.ssh/id_ed25519. | ||
16 | After loading a private key, ssh-add will try to load corresponding | ||
17 | certificate information from the filename obtained by appending -cert.pub | ||
18 | to the name of the private key file. Alternative file names can be given | ||
19 | on the command line. | ||
20 | |||
21 | If any file requires a passphrase, ssh-add asks for the passphrase from | ||
22 | the user. The passphrase is read from the user's tty. ssh-add retries | ||
23 | the last passphrase if multiple identity files are given. | ||
24 | |||
25 | The authentication agent must be running and the SSH_AUTH_SOCK | ||
26 | environment variable must contain the name of its socket for ssh-add to | ||
27 | work. | ||
28 | |||
29 | The options are as follows: | ||
30 | |||
31 | -c Indicates that added identities should be subject to confirmation | ||
32 | before being used for authentication. Confirmation is performed | ||
33 | by ssh-askpass(1). Successful confirmation is signaled by a zero | ||
34 | exit status from ssh-askpass(1), rather than text entered into | ||
35 | the requester. | ||
36 | |||
37 | -D Deletes all identities from the agent. | ||
38 | |||
39 | -d Instead of adding identities, removes identities from the agent. | ||
40 | If ssh-add has been run without arguments, the keys for the | ||
41 | default identities and their corresponding certificates will be | ||
42 | removed. Otherwise, the argument list will be interpreted as a | ||
43 | list of paths to public key files to specify keys and | ||
44 | certificates to be removed from the agent. If no public key is | ||
45 | found at a given path, ssh-add will append .pub and retry. | ||
46 | |||
47 | -E fingerprint_hash | ||
48 | Specifies the hash algorithm used when displaying key | ||
49 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
50 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
51 | |||
52 | -e pkcs11 | ||
53 | Remove keys provided by the PKCS#11 shared library pkcs11. | ||
54 | |||
55 | -k When loading keys into or deleting keys from the agent, process | ||
56 | plain private keys only and skip certificates. | ||
57 | |||
58 | -L Lists public key parameters of all identities currently | ||
59 | represented by the agent. | ||
60 | |||
61 | -l Lists fingerprints of all identities currently represented by the | ||
62 | agent. | ||
63 | |||
64 | -q Be quiet after a successful operation. | ||
65 | |||
66 | -s pkcs11 | ||
67 | Add keys provided by the PKCS#11 shared library pkcs11. | ||
68 | |||
69 | -T pubkey ... | ||
70 | Tests whether the private keys that correspond to the specified | ||
71 | pubkey files are usable by performing sign and verify operations | ||
72 | on each. | ||
73 | |||
74 | -t life | ||
75 | Set a maximum lifetime when adding identities to an agent. The | ||
76 | lifetime may be specified in seconds or in a time format | ||
77 | specified in sshd_config(5). | ||
78 | |||
79 | -v Verbose mode. Causes ssh-add to print debugging messages about | ||
80 | its progress. This is helpful in debugging problems. Multiple | ||
81 | -v options increase the verbosity. The maximum is 3. | ||
82 | |||
83 | -X Unlock the agent. | ||
84 | |||
85 | -x Lock the agent with a password. | ||
86 | |||
87 | ENVIRONMENT | ||
88 | DISPLAY and SSH_ASKPASS | ||
89 | If ssh-add needs a passphrase, it will read the passphrase from | ||
90 | the current terminal if it was run from a terminal. If ssh-add | ||
91 | does not have a terminal associated with it but DISPLAY and | ||
92 | SSH_ASKPASS are set, it will execute the program specified by | ||
93 | SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to | ||
94 | read the passphrase. This is particularly useful when calling | ||
95 | ssh-add from a .xsession or related script. (Note that on some | ||
96 | machines it may be necessary to redirect the input from /dev/null | ||
97 | to make this work.) | ||
98 | |||
99 | SSH_AUTH_SOCK | ||
100 | Identifies the path of a UNIX-domain socket used to communicate | ||
101 | with the agent. | ||
102 | |||
103 | FILES | ||
104 | ~/.ssh/id_dsa | ||
105 | Contains the DSA authentication identity of the user. | ||
106 | |||
107 | ~/.ssh/id_ecdsa | ||
108 | Contains the ECDSA authentication identity of the user. | ||
109 | |||
110 | ~/.ssh/id_ed25519 | ||
111 | Contains the Ed25519 authentication identity of the user. | ||
112 | |||
113 | ~/.ssh/id_rsa | ||
114 | Contains the RSA authentication identity of the user. | ||
115 | |||
116 | Identity files should not be readable by anyone but the user. Note that | ||
117 | ssh-add ignores identity files if they are accessible by others. | ||
118 | |||
119 | EXIT STATUS | ||
120 | Exit status is 0 on success, 1 if the specified command fails, and 2 if | ||
121 | ssh-add is unable to contact the authentication agent. | ||
122 | |||
123 | SEE ALSO | ||
124 | ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8) | ||
125 | |||
126 | AUTHORS | ||
127 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
128 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
129 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
130 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
131 | versions 1.5 and 2.0. | ||
132 | |||
133 | OpenBSD 6.6 January 21, 2019 OpenBSD 6.6 | ||
diff --git a/ssh-agent.0 b/ssh-agent.0 new file mode 100644 index 000000000..1ef2702f6 --- /dev/null +++ b/ssh-agent.0 | |||
@@ -0,0 +1,120 @@ | |||
1 | SSH-AGENT(1) General Commands Manual SSH-AGENT(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-agent M-bM-^@M-^S authentication agent | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash] | ||
8 | [-P pkcs11_whitelist] [-t life] [command [arg ...]] | ||
9 | ssh-agent [-c | -s] -k | ||
10 | |||
11 | DESCRIPTION | ||
12 | ssh-agent is a program to hold private keys used for public key | ||
13 | authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started | ||
14 | in the beginning of an X-session or a login session, and all other | ||
15 | windows or programs are started as clients to the ssh-agent program. | ||
16 | Through use of environment variables the agent can be located and | ||
17 | automatically used for authentication when logging in to other machines | ||
18 | using ssh(1). | ||
19 | |||
20 | The agent initially does not have any private keys. Keys are added using | ||
21 | ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1). | ||
22 | Multiple identities may be stored in ssh-agent concurrently and ssh(1) | ||
23 | will automatically use them if present. ssh-add(1) is also used to | ||
24 | remove keys from ssh-agent and to query the keys that are held in one. | ||
25 | |||
26 | The options are as follows: | ||
27 | |||
28 | -a bind_address | ||
29 | Bind the agent to the UNIX-domain socket bind_address. The | ||
30 | default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>. | ||
31 | |||
32 | -c Generate C-shell commands on stdout. This is the default if | ||
33 | SHELL looks like it's a csh style of shell. | ||
34 | |||
35 | -D Foreground mode. When this option is specified ssh-agent will | ||
36 | not fork. | ||
37 | |||
38 | -d Debug mode. When this option is specified ssh-agent will not | ||
39 | fork and will write debug information to standard error. | ||
40 | |||
41 | -E fingerprint_hash | ||
42 | Specifies the hash algorithm used when displaying key | ||
43 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
44 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
45 | |||
46 | -k Kill the current agent (given by the SSH_AGENT_PID environment | ||
47 | variable). | ||
48 | |||
49 | -P pkcs11_whitelist | ||
50 | Specify a pattern-list of acceptable paths for PKCS#11 shared | ||
51 | libraries that may be added using the -s option to ssh-add(1). | ||
52 | The default is to allow loading PKCS#11 libraries from | ||
53 | M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^]. PKCS#11 libraries that do not | ||
54 | match the whitelist will be refused. See PATTERNS in | ||
55 | ssh_config(5) for a description of pattern-list syntax. | ||
56 | |||
57 | -s Generate Bourne shell commands on stdout. This is the default if | ||
58 | SHELL does not look like it's a csh style of shell. | ||
59 | |||
60 | -t life | ||
61 | Set a default value for the maximum lifetime of identities added | ||
62 | to the agent. The lifetime may be specified in seconds or in a | ||
63 | time format specified in sshd_config(5). A lifetime specified | ||
64 | for an identity with ssh-add(1) overrides this value. Without | ||
65 | this option the default maximum lifetime is forever. | ||
66 | |||
67 | If a command line is given, this is executed as a subprocess of the | ||
68 | agent. When the command dies, so does the agent. | ||
69 | |||
70 | The idea is that the agent is run in the user's local PC, laptop, or | ||
71 | terminal. Authentication data need not be stored on any other machine, | ||
72 | and authentication passphrases never go over the network. However, the | ||
73 | connection to the agent is forwarded over SSH remote logins, and the user | ||
74 | can thus use the privileges given by the identities anywhere in the | ||
75 | network in a secure way. | ||
76 | |||
77 | There are two main ways to get an agent set up: The first is that the | ||
78 | agent starts a new subcommand into which some environment variables are | ||
79 | exported, eg ssh-agent xterm &. The second is that the agent prints the | ||
80 | needed shell commands (either sh(1) or csh(1) syntax can be generated) | ||
81 | which can be evaluated in the calling shell, eg eval `ssh-agent -s` for | ||
82 | Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for | ||
83 | csh(1) and derivatives. | ||
84 | |||
85 | Later ssh(1) looks at these variables and uses them to establish a | ||
86 | connection to the agent. | ||
87 | |||
88 | The agent will never send a private key over its request channel. | ||
89 | Instead, operations that require a private key will be performed by the | ||
90 | agent, and the result will be returned to the requester. This way, | ||
91 | private keys are not exposed to clients using the agent. | ||
92 | |||
93 | A UNIX-domain socket is created and the name of this socket is stored in | ||
94 | the SSH_AUTH_SOCK environment variable. The socket is made accessible | ||
95 | only to the current user. This method is easily abused by root or | ||
96 | another instance of the same user. | ||
97 | |||
98 | The SSH_AGENT_PID environment variable holds the agent's process ID. | ||
99 | |||
100 | The agent exits automatically when the command given on the command line | ||
101 | terminates. | ||
102 | |||
103 | FILES | ||
104 | $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> | ||
105 | UNIX-domain sockets used to contain the connection to the | ||
106 | authentication agent. These sockets should only be readable by | ||
107 | the owner. The sockets should get automatically removed when the | ||
108 | agent exits. | ||
109 | |||
110 | SEE ALSO | ||
111 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | ||
112 | |||
113 | AUTHORS | ||
114 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
115 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
116 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
117 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
118 | versions 1.5 and 2.0. | ||
119 | |||
120 | OpenBSD 6.6 November 30, 2016 OpenBSD 6.6 | ||
diff --git a/ssh-keygen.0 b/ssh-keygen.0 new file mode 100644 index 000000000..b68736c11 --- /dev/null +++ b/ssh-keygen.0 | |||
@@ -0,0 +1,694 @@ | |||
1 | SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format] | ||
8 | [-N new_passphrase] [-t dsa | ecdsa | ed25519 | rsa] | ||
9 | ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase] | ||
10 | [-P old_passphrase] | ||
11 | ssh-keygen -i [-f input_keyfile] [-m key_format] | ||
12 | ssh-keygen -e [-f input_keyfile] [-m key_format] | ||
13 | ssh-keygen -y [-f input_keyfile] | ||
14 | ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase] | ||
15 | ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] | ||
16 | ssh-keygen -B [-f input_keyfile] | ||
17 | ssh-keygen -D pkcs11 | ||
18 | ssh-keygen -F hostname [-lv] [-f known_hosts_file] | ||
19 | ssh-keygen -H [-f known_hosts_file] | ||
20 | ssh-keygen -R hostname [-f known_hosts_file] | ||
21 | ssh-keygen -r hostname [-g] [-f input_keyfile] | ||
22 | ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] | ||
23 | ssh-keygen -f input_file -T output_file [-v] [-a rounds] [-J num_lines] | ||
24 | [-j start_line] [-K checkpt] [-W generator] | ||
25 | ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider] | ||
26 | [-n principals] [-O option] [-V validity_interval] | ||
27 | [-z serial_number] file ... | ||
28 | ssh-keygen -L [-f input_keyfile] | ||
29 | ssh-keygen -A [-f prefix_path] | ||
30 | ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] | ||
31 | file ... | ||
32 | ssh-keygen -Q -f krl_file file ... | ||
33 | ssh-keygen -Y check-novalidate -n namespace -s signature_file | ||
34 | ssh-keygen -Y sign -f key_file -n namespace file ... | ||
35 | ssh-keygen -Y verify -f allowed_signers_file -I signer_identity | ||
36 | -n namespace -s signature_file [-r revocation_file] | ||
37 | |||
38 | DESCRIPTION | ||
39 | ssh-keygen generates, manages and converts authentication keys for | ||
40 | ssh(1). ssh-keygen can create keys for use by SSH protocol version 2. | ||
41 | |||
42 | The type of key to be generated is specified with the -t option. If | ||
43 | invoked without any arguments, ssh-keygen will generate an RSA key. | ||
44 | |||
45 | ssh-keygen is also used to generate groups for use in Diffie-Hellman | ||
46 | group exchange (DH-GEX). See the MODULI GENERATION section for details. | ||
47 | |||
48 | Finally, ssh-keygen can be used to generate and update Key Revocation | ||
49 | Lists, and to test whether given keys have been revoked by one. See the | ||
50 | KEY REVOCATION LISTS section for details. | ||
51 | |||
52 | Normally each user wishing to use SSH with public key authentication runs | ||
53 | this once to create the authentication key in ~/.ssh/id_dsa, | ||
54 | ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa. Additionally, the | ||
55 | system administrator may use this to generate host keys, as seen in | ||
56 | /etc/rc. | ||
57 | |||
58 | Normally this program generates the key and asks for a file in which to | ||
59 | store the private key. The public key is stored in a file with the same | ||
60 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The | ||
61 | passphrase may be empty to indicate no passphrase (host keys must have an | ||
62 | empty passphrase), or it may be a string of arbitrary length. A | ||
63 | passphrase is similar to a password, except it can be a phrase with a | ||
64 | series of words, punctuation, numbers, whitespace, or any string of | ||
65 | characters you want. Good passphrases are 10-30 characters long, are not | ||
66 | simple sentences or otherwise easily guessable (English prose has only | ||
67 | 1-2 bits of entropy per character, and provides very bad passphrases), | ||
68 | and contain a mix of upper and lowercase letters, numbers, and non- | ||
69 | alphanumeric characters. The passphrase can be changed later by using | ||
70 | the -p option. | ||
71 | |||
72 | There is no way to recover a lost passphrase. If the passphrase is lost | ||
73 | or forgotten, a new key must be generated and the corresponding public | ||
74 | key copied to other machines. | ||
75 | |||
76 | ssh-keygen will by default write keys in an OpenSSH-specific format. | ||
77 | This format is preferred as it offers better protection for keys at rest | ||
78 | as well as allowing storage of key comments within the private key file | ||
79 | itself. The key comment may be useful to help identify the key. The | ||
80 | comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be | ||
81 | changed using the -c option. | ||
82 | |||
83 | It is still possible for ssh-keygen to write the previously-used PEM | ||
84 | format private keys using the -m flag. This may be used when generating | ||
85 | new keys, and existing new-format keys may be converted using this option | ||
86 | in conjunction with the -p (change passphrase) flag. | ||
87 | |||
88 | After a key is generated, instructions below detail where the keys should | ||
89 | be placed to be activated. | ||
90 | |||
91 | The options are as follows: | ||
92 | |||
93 | -A For each of the key types (rsa, dsa, ecdsa and ed25519) for which | ||
94 | host keys do not exist, generate the host keys with the default | ||
95 | key file path, an empty passphrase, default bits for the key | ||
96 | type, and default comment. If -f has also been specified, its | ||
97 | argument is used as a prefix to the default path for the | ||
98 | resulting host key files. This is used by /etc/rc to generate | ||
99 | new host keys. | ||
100 | |||
101 | -a rounds | ||
102 | When saving a private key, this option specifies the number of | ||
103 | KDF (key derivation function) rounds used. Higher numbers result | ||
104 | in slower passphrase verification and increased resistance to | ||
105 | brute-force password cracking (should the keys be stolen). | ||
106 | |||
107 | When screening DH-GEX candidates (using the -T command), this | ||
108 | option specifies the number of primality tests to perform. | ||
109 | |||
110 | -B Show the bubblebabble digest of specified private or public key | ||
111 | file. | ||
112 | |||
113 | -b bits | ||
114 | Specifies the number of bits in the key to create. For RSA keys, | ||
115 | the minimum size is 1024 bits and the default is 3072 bits. | ||
116 | Generally, 3072 bits is considered sufficient. DSA keys must be | ||
117 | exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, | ||
118 | the -b flag determines the key length by selecting from one of | ||
119 | three elliptic curve sizes: 256, 384 or 521 bits. Attempting to | ||
120 | use bit lengths other than these three values for ECDSA keys will | ||
121 | fail. Ed25519 keys have a fixed length and the -b flag will be | ||
122 | ignored. | ||
123 | |||
124 | -C comment | ||
125 | Provides a new comment. | ||
126 | |||
127 | -c Requests changing the comment in the private and public key | ||
128 | files. The program will prompt for the file containing the | ||
129 | private keys, for the passphrase if the key has one, and for the | ||
130 | new comment. | ||
131 | |||
132 | -D pkcs11 | ||
133 | Download the public keys provided by the PKCS#11 shared library | ||
134 | pkcs11. When used in combination with -s, this option indicates | ||
135 | that a CA key resides in a PKCS#11 token (see the CERTIFICATES | ||
136 | section for details). | ||
137 | |||
138 | -E fingerprint_hash | ||
139 | Specifies the hash algorithm used when displaying key | ||
140 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
141 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
142 | |||
143 | -e This option will read a private or public OpenSSH key file and | ||
144 | print to stdout a public key in one of the formats specified by | ||
145 | the -m option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This | ||
146 | option allows exporting OpenSSH keys for use by other programs, | ||
147 | including several commercial SSH implementations. | ||
148 | |||
149 | -F hostname | [hostname]:port | ||
150 | Search for the specified hostname (with optional port number) in | ||
151 | a known_hosts file, listing any occurrences found. This option | ||
152 | is useful to find hashed host names or addresses and may also be | ||
153 | used in conjunction with the -H option to print found keys in a | ||
154 | hashed format. | ||
155 | |||
156 | -f filename | ||
157 | Specifies the filename of the key file. | ||
158 | |||
159 | -G output_file | ||
160 | Generate candidate primes for DH-GEX. These primes must be | ||
161 | screened for safety (using the -T option) before use. | ||
162 | |||
163 | -g Use generic DNS format when printing fingerprint resource records | ||
164 | using the -r command. | ||
165 | |||
166 | -H Hash a known_hosts file. This replaces all hostnames and | ||
167 | addresses with hashed representations within the specified file; | ||
168 | the original content is moved to a file with a .old suffix. | ||
169 | These hashes may be used normally by ssh and sshd, but they do | ||
170 | not reveal identifying information should the file's contents be | ||
171 | disclosed. This option will not modify existing hashed hostnames | ||
172 | and is therefore safe to use on files that mix hashed and non- | ||
173 | hashed names. | ||
174 | |||
175 | -h When signing a key, create a host certificate instead of a user | ||
176 | certificate. Please see the CERTIFICATES section for details. | ||
177 | |||
178 | -I certificate_identity | ||
179 | Specify the key identity when signing a public key. Please see | ||
180 | the CERTIFICATES section for details. | ||
181 | |||
182 | -i This option will read an unencrypted private (or public) key file | ||
183 | in the format specified by the -m option and print an OpenSSH | ||
184 | compatible private (or public) key to stdout. This option allows | ||
185 | importing keys from other software, including several commercial | ||
186 | SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. | ||
187 | |||
188 | -J num_lines | ||
189 | Exit after screening the specified number of lines while | ||
190 | performing DH candidate screening using the -T option. | ||
191 | |||
192 | -j start_line | ||
193 | Start screening at the specified line number while performing DH | ||
194 | candidate screening using the -T option. | ||
195 | |||
196 | -K checkpt | ||
197 | Write the last line processed to the file checkpt while | ||
198 | performing DH candidate screening using the -T option. This will | ||
199 | be used to skip lines in the input file that have already been | ||
200 | processed if the job is restarted. | ||
201 | |||
202 | -k Generate a KRL file. In this mode, ssh-keygen will generate a | ||
203 | KRL file at the location specified via the -f flag that revokes | ||
204 | every key or certificate presented on the command line. | ||
205 | Keys/certificates to be revoked may be specified by public key | ||
206 | file or using the format described in the KEY REVOCATION LISTS | ||
207 | section. | ||
208 | |||
209 | -L Prints the contents of one or more certificates. | ||
210 | |||
211 | -l Show fingerprint of specified public key file. For RSA and DSA | ||
212 | keys ssh-keygen tries to find the matching public key file and | ||
213 | prints its fingerprint. If combined with -v, a visual ASCII art | ||
214 | representation of the key is supplied with the fingerprint. | ||
215 | |||
216 | -M memory | ||
217 | Specify the amount of memory to use (in megabytes) when | ||
218 | generating candidate moduli for DH-GEX. | ||
219 | |||
220 | -m key_format | ||
221 | Specify a key format for key generation, the -i (import), -e | ||
222 | (export) conversion options, and the -p change passphrase | ||
223 | operation. The latter may be used to convert between OpenSSH | ||
224 | private key and PEM private key formats. The supported key | ||
225 | formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] (RFC 4716/SSH2 public or private key), | ||
226 | M-bM-^@M-^\PKCS8M-bM-^@M-^] (PKCS8 public or private key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). | ||
227 | By default OpenSSH will write newly-generated private keys in its | ||
228 | own format, but when converting public keys for export the | ||
229 | default format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. Setting a format of M-bM-^@M-^\PEMM-bM-^@M-^] when | ||
230 | generating or updating a supported private key type will cause | ||
231 | the key to be stored in the legacy PEM private key format. | ||
232 | |||
233 | -N new_passphrase | ||
234 | Provides the new passphrase. | ||
235 | |||
236 | -n principals | ||
237 | Specify one or more principals (user or host names) to be | ||
238 | included in a certificate when signing a key. Multiple | ||
239 | principals may be specified, separated by commas. Please see the | ||
240 | CERTIFICATES section for details. | ||
241 | |||
242 | -O option | ||
243 | Specify a certificate option when signing a key. This option may | ||
244 | be specified multiple times. See also the CERTIFICATES section | ||
245 | for further details. | ||
246 | |||
247 | At present, no standard options are valid for host keys. The | ||
248 | options that are valid for user certificates are: | ||
249 | |||
250 | clear Clear all enabled permissions. This is useful for | ||
251 | clearing the default set of permissions so permissions | ||
252 | may be added individually. | ||
253 | |||
254 | critical:name[=contents] | ||
255 | extension:name[=contents] | ||
256 | Includes an arbitrary certificate critical option or | ||
257 | extension. The specified name should include a domain | ||
258 | suffix, e.g. M-bM-^@M-^\name@example.comM-bM-^@M-^]. If contents is | ||
259 | specified then it is included as the contents of the | ||
260 | extension/option encoded as a string, otherwise the | ||
261 | extension/option is created with no contents (usually | ||
262 | indicating a flag). Extensions may be ignored by a | ||
263 | client or server that does not recognise them, whereas | ||
264 | unknown critical options will cause the certificate to be | ||
265 | refused. | ||
266 | |||
267 | force-command=command | ||
268 | Forces the execution of command instead of any shell or | ||
269 | command specified by the user when the certificate is | ||
270 | used for authentication. | ||
271 | |||
272 | no-agent-forwarding | ||
273 | Disable ssh-agent(1) forwarding (permitted by default). | ||
274 | |||
275 | no-port-forwarding | ||
276 | Disable port forwarding (permitted by default). | ||
277 | |||
278 | no-pty Disable PTY allocation (permitted by default). | ||
279 | |||
280 | no-user-rc | ||
281 | Disable execution of ~/.ssh/rc by sshd(8) (permitted by | ||
282 | default). | ||
283 | |||
284 | no-x11-forwarding | ||
285 | Disable X11 forwarding (permitted by default). | ||
286 | |||
287 | permit-agent-forwarding | ||
288 | Allows ssh-agent(1) forwarding. | ||
289 | |||
290 | permit-port-forwarding | ||
291 | Allows port forwarding. | ||
292 | |||
293 | permit-pty | ||
294 | Allows PTY allocation. | ||
295 | |||
296 | permit-user-rc | ||
297 | Allows execution of ~/.ssh/rc by sshd(8). | ||
298 | |||
299 | permit-X11-forwarding | ||
300 | Allows X11 forwarding. | ||
301 | |||
302 | source-address=address_list | ||
303 | Restrict the source addresses from which the certificate | ||
304 | is considered valid. The address_list is a comma- | ||
305 | separated list of one or more address/netmask pairs in | ||
306 | CIDR format. | ||
307 | |||
308 | -P passphrase | ||
309 | Provides the (old) passphrase. | ||
310 | |||
311 | -p Requests changing the passphrase of a private key file instead of | ||
312 | creating a new private key. The program will prompt for the file | ||
313 | containing the private key, for the old passphrase, and twice for | ||
314 | the new passphrase. | ||
315 | |||
316 | -Q Test whether keys have been revoked in a KRL. | ||
317 | |||
318 | -q Silence ssh-keygen. | ||
319 | |||
320 | -R hostname | [hostname]:port | ||
321 | Removes all keys belonging to the specified hostname (with | ||
322 | optional port number) from a known_hosts file. This option is | ||
323 | useful to delete hashed hosts (see the -H option above). | ||
324 | |||
325 | -r hostname | ||
326 | Print the SSHFP fingerprint resource record named hostname for | ||
327 | the specified public key file. | ||
328 | |||
329 | -S start | ||
330 | Specify start point (in hex) when generating candidate moduli for | ||
331 | DH-GEX. | ||
332 | |||
333 | -s ca_key | ||
334 | Certify (sign) a public key using the specified CA key. Please | ||
335 | see the CERTIFICATES section for details. | ||
336 | |||
337 | When generating a KRL, -s specifies a path to a CA public key | ||
338 | file used to revoke certificates directly by key ID or serial | ||
339 | number. See the KEY REVOCATION LISTS section for details. | ||
340 | |||
341 | -T output_file | ||
342 | Test DH group exchange candidate primes (generated using the -G | ||
343 | option) for safety. | ||
344 | |||
345 | -t dsa | ecdsa | ed25519 | rsa | ||
346 | Specifies the type of key to create. The possible values are | ||
347 | M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^]. | ||
348 | |||
349 | This flag may also be used to specify the desired signature type | ||
350 | when signing certificates using an RSA CA key. The available RSA | ||
351 | signature variants are M-bM-^@M-^\ssh-rsaM-bM-^@M-^] (SHA1 signatures, not | ||
352 | recommended), M-bM-^@M-^\rsa-sha2-256M-bM-^@M-^], and M-bM-^@M-^\rsa-sha2-512M-bM-^@M-^] (the default). | ||
353 | |||
354 | -U When used in combination with -s, this option indicates that a CA | ||
355 | key resides in a ssh-agent(1). See the CERTIFICATES section for | ||
356 | more information. | ||
357 | |||
358 | -u Update a KRL. When specified with -k, keys listed via the | ||
359 | command line are added to the existing KRL rather than a new KRL | ||
360 | being created. | ||
361 | |||
362 | -V validity_interval | ||
363 | Specify a validity interval when signing a certificate. A | ||
364 | validity interval may consist of a single time, indicating that | ||
365 | the certificate is valid beginning now and expiring at that time, | ||
366 | or may consist of two times separated by a colon to indicate an | ||
367 | explicit time interval. | ||
368 | |||
369 | The start time may be specified as the string M-bM-^@M-^\alwaysM-bM-^@M-^] to | ||
370 | indicate the certificate has no specified start time, a date in | ||
371 | YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format, a relative | ||
372 | time (to the current time) consisting of a minus sign followed by | ||
373 | an interval in the format described in the TIME FORMATS section | ||
374 | of sshd_config(5). | ||
375 | |||
376 | The end time may be specified as a YYYYMMDD date, a | ||
377 | YYYYMMDDHHMM[SS] time, a relative time starting with a plus | ||
378 | character or the string M-bM-^@M-^\foreverM-bM-^@M-^] to indicate that the | ||
379 | certificate has no expirty date. | ||
380 | |||
381 | For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day | ||
382 | from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks | ||
383 | from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, | ||
384 | January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] | ||
385 | (valid from yesterday to midnight, January 1st, 2011). | ||
386 | M-bM-^@M-^\-1m:foreverM-bM-^@M-^] (valid from one minute ago and never expiring). | ||
387 | |||
388 | -v Verbose mode. Causes ssh-keygen to print debugging messages | ||
389 | about its progress. This is helpful for debugging moduli | ||
390 | generation. Multiple -v options increase the verbosity. The | ||
391 | maximum is 3. | ||
392 | |||
393 | -W generator | ||
394 | Specify desired generator when testing candidate moduli for DH- | ||
395 | GEX. | ||
396 | |||
397 | -y This option will read a private OpenSSH format file and print an | ||
398 | OpenSSH public key to stdout. | ||
399 | |||
400 | -Y sign | ||
401 | Cryptographically sign a file or some data using a SSH key. When | ||
402 | signing, ssh-keygen accepts zero or more files to sign on the | ||
403 | command-line - if no files are specified then ssh-keygen will | ||
404 | sign data presented on standard input. Signatures are written to | ||
405 | the path of the input file with M-bM-^@M-^\.sigM-bM-^@M-^] appended, or to standard | ||
406 | output if the message to be signed was read from standard input. | ||
407 | |||
408 | The key used for signing is specified using the -f option and may | ||
409 | refer to either a private key, or a public key with the private | ||
410 | half available via ssh-agent(1). An additional signature | ||
411 | namespace, used to prevent signature confusion across different | ||
412 | domains of use (e.g. file signing vs email signing) must be | ||
413 | provided via the -n flag. Namespaces are arbitrary strings, and | ||
414 | may include: M-bM-^@M-^\fileM-bM-^@M-^] for file signing, M-bM-^@M-^\emailM-bM-^@M-^] for email signing. | ||
415 | For custom uses, it is recommended to use names following a | ||
416 | NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces. | ||
417 | |||
418 | -Y verify | ||
419 | Request to verify a signature generated using ssh-keygen -Y sign | ||
420 | as described above. When verifying a signature, ssh-keygen | ||
421 | accepts a message on standard input and a signature namespace | ||
422 | using -n. A file containing the corresponding signature must | ||
423 | also be supplied using the -s flag, along with the identity of | ||
424 | the signer using -I and a list of allowed signers via the -f | ||
425 | flag. The format of the allowed signers file is documented in | ||
426 | the ALLOWED SIGNERS section below. A file containing revoked | ||
427 | keys can be passed using the -r flag. The revocation file may be | ||
428 | a KRL or a one-per-line list of public keys. Successful | ||
429 | verification by an authorized signer is signalled by ssh-keygen | ||
430 | |||
431 | -Y check-novalidate | ||
432 | Checks that a signature generated using ssh-keygen -Y sign has a | ||
433 | valid structure. This does not validate if a signature comes | ||
434 | from an authorized signer. When testing a signature, ssh-keygen | ||
435 | accepts a message on standard input and a signature namespace | ||
436 | using -n. A file containing the corresponding signature must | ||
437 | also be supplied using the -s flag. Successful testing of the | ||
438 | signature is signalled by ssh-keygen returning a zero exit | ||
439 | status. | ||
440 | |||
441 | -z serial_number | ||
442 | Specifies a serial number to be embedded in the certificate to | ||
443 | distinguish this certificate from others from the same CA. If | ||
444 | the serial_number is prefixed with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the | ||
445 | serial number will be incremented for each certificate signed on | ||
446 | a single command-line. The default serial number is zero. | ||
447 | |||
448 | When generating a KRL, the -z flag is used to specify a KRL | ||
449 | version number. | ||
450 | |||
451 | MODULI GENERATION | ||
452 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group | ||
453 | Exchange (DH-GEX) protocol. Generating these groups is a two-step | ||
454 | process: first, candidate primes are generated using a fast, but memory | ||
455 | intensive process. These candidate primes are then tested for | ||
456 | suitability (a CPU-intensive process). | ||
457 | |||
458 | Generation of primes is performed using the -G option. The desired | ||
459 | length of the primes may be specified by the -b option. For example: | ||
460 | |||
461 | # ssh-keygen -G moduli-2048.candidates -b 2048 | ||
462 | |||
463 | By default, the search for primes begins at a random point in the desired | ||
464 | length range. This may be overridden using the -S option, which | ||
465 | specifies a different start point (in hex). | ||
466 | |||
467 | Once a set of candidates have been generated, they must be screened for | ||
468 | suitability. This may be performed using the -T option. In this mode | ||
469 | ssh-keygen will read candidates from standard input (or a file specified | ||
470 | using the -f option). For example: | ||
471 | |||
472 | # ssh-keygen -T moduli-2048 -f moduli-2048.candidates | ||
473 | |||
474 | By default, each candidate will be subjected to 100 primality tests. | ||
475 | This may be overridden using the -a option. The DH generator value will | ||
476 | be chosen automatically for the prime under consideration. If a specific | ||
477 | generator is desired, it may be requested using the -W option. Valid | ||
478 | generator values are 2, 3, and 5. | ||
479 | |||
480 | Screened DH groups may be installed in /etc/moduli. It is important that | ||
481 | this file contains moduli of a range of bit lengths and that both ends of | ||
482 | a connection share common moduli. | ||
483 | |||
484 | CERTIFICATES | ||
485 | ssh-keygen supports signing of keys to produce certificates that may be | ||
486 | used for user or host authentication. Certificates consist of a public | ||
487 | key, some identity information, zero or more principal (user or host) | ||
488 | names and a set of options that are signed by a Certification Authority | ||
489 | (CA) key. Clients or servers may then trust only the CA key and verify | ||
490 | its signature on a certificate rather than trusting many user/host keys. | ||
491 | Note that OpenSSH certificates are a different, and much simpler, format | ||
492 | to the X.509 certificates used in ssl(8). | ||
493 | |||
494 | ssh-keygen supports two types of certificates: user and host. User | ||
495 | certificates authenticate users to servers, whereas host certificates | ||
496 | authenticate server hosts to users. To generate a user certificate: | ||
497 | |||
498 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub | ||
499 | |||
500 | The resultant certificate will be placed in /path/to/user_key-cert.pub. | ||
501 | A host certificate requires the -h option: | ||
502 | |||
503 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub | ||
504 | |||
505 | The host certificate will be output to /path/to/host_key-cert.pub. | ||
506 | |||
507 | It is possible to sign using a CA key stored in a PKCS#11 token by | ||
508 | providing the token library using -D and identifying the CA key by | ||
509 | providing its public half as an argument to -s: | ||
510 | |||
511 | $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub | ||
512 | |||
513 | Similarly, it is possible for the CA key to be hosted in a ssh-agent(1). | ||
514 | This is indicated by the -U flag and, again, the CA key must be | ||
515 | identified by its public half. | ||
516 | |||
517 | $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub | ||
518 | |||
519 | In all cases, key_id is a "key identifier" that is logged by the server | ||
520 | when the certificate is used for authentication. | ||
521 | |||
522 | Certificates may be limited to be valid for a set of principal | ||
523 | (user/host) names. By default, generated certificates are valid for all | ||
524 | users or hosts. To generate a certificate for a specified set of | ||
525 | principals: | ||
526 | |||
527 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub | ||
528 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub | ||
529 | |||
530 | Additional limitations on the validity and use of user certificates may | ||
531 | be specified through certificate options. A certificate option may | ||
532 | disable features of the SSH session, may be valid only when presented | ||
533 | from particular source addresses or may force the use of a specific | ||
534 | command. For a list of valid certificate options, see the documentation | ||
535 | for the -O option above. | ||
536 | |||
537 | Finally, certificates may be defined with a validity lifetime. The -V | ||
538 | option allows specification of certificate start and end times. A | ||
539 | certificate that is presented at a time outside this range will not be | ||
540 | considered valid. By default, certificates are valid from UNIX Epoch to | ||
541 | the distant future. | ||
542 | |||
543 | For certificates to be used for user or host authentication, the CA | ||
544 | public key must be trusted by sshd(8) or ssh(1). Please refer to those | ||
545 | manual pages for details. | ||
546 | |||
547 | KEY REVOCATION LISTS | ||
548 | ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs). | ||
549 | These binary files specify keys or certificates to be revoked using a | ||
550 | compact format, taking as little as one bit per certificate if they are | ||
551 | being revoked by serial number. | ||
552 | |||
553 | KRLs may be generated using the -k flag. This option reads one or more | ||
554 | files from the command line and generates a new KRL. The files may | ||
555 | either contain a KRL specification (see below) or public keys, listed one | ||
556 | per line. Plain public keys are revoked by listing their hash or | ||
557 | contents in the KRL and certificates revoked by serial number or key ID | ||
558 | (if the serial is zero or not available). | ||
559 | |||
560 | Revoking keys using a KRL specification offers explicit control over the | ||
561 | types of record used to revoke keys and may be used to directly revoke | ||
562 | certificates by serial number or key ID without having the complete | ||
563 | original certificate on hand. A KRL specification consists of lines | ||
564 | containing one of the following directives followed by a colon and some | ||
565 | directive-specific information. | ||
566 | |||
567 | serial: serial_number[-serial_number] | ||
568 | Revokes a certificate with the specified serial number. Serial | ||
569 | numbers are 64-bit values, not including zero and may be | ||
570 | expressed in decimal, hex or octal. If two serial numbers are | ||
571 | specified separated by a hyphen, then the range of serial numbers | ||
572 | including and between each is revoked. The CA key must have been | ||
573 | specified on the ssh-keygen command line using the -s option. | ||
574 | |||
575 | id: key_id | ||
576 | Revokes a certificate with the specified key ID string. The CA | ||
577 | key must have been specified on the ssh-keygen command line using | ||
578 | the -s option. | ||
579 | |||
580 | key: public_key | ||
581 | Revokes the specified key. If a certificate is listed, then it | ||
582 | is revoked as a plain public key. | ||
583 | |||
584 | sha1: public_key | ||
585 | Revokes the specified key by including its SHA1 hash in the KRL. | ||
586 | |||
587 | sha256: public_key | ||
588 | Revokes the specified key by including its SHA256 hash in the | ||
589 | KRL. KRLs that revoke keys by SHA256 hash are not supported by | ||
590 | OpenSSH versions prior to 7.9. | ||
591 | |||
592 | hash: fingerprint | ||
593 | Revokes a key using a fingerprint hash, as obtained from a | ||
594 | sshd(8) authentication log message or the ssh-keygen -l flag. | ||
595 | Only SHA256 fingerprints are supported here and resultant KRLs | ||
596 | are not supported by OpenSSH versions prior to 7.9. | ||
597 | |||
598 | KRLs may be updated using the -u flag in addition to -k. When this | ||
599 | option is specified, keys listed via the command line are merged into the | ||
600 | KRL, adding to those already there. | ||
601 | |||
602 | It is also possible, given a KRL, to test whether it revokes a particular | ||
603 | key (or keys). The -Q flag will query an existing KRL, testing each key | ||
604 | specified on the command line. If any key listed on the command line has | ||
605 | been revoked (or an error encountered) then ssh-keygen will exit with a | ||
606 | non-zero exit status. A zero exit status will only be returned if no key | ||
607 | was revoked. | ||
608 | |||
609 | ALLOWED SIGNERS | ||
610 | When verifying signatures, ssh-keygen uses a simple list of identities | ||
611 | and keys to determine whether a signature comes from an authorized | ||
612 | source. This "allowed signers" file uses a format patterned after the | ||
613 | AUTHORIZED_KEYS FILE FORMAT described in sshd(8). Each line of the file | ||
614 | contains the following space-separated fields: principals, options, | ||
615 | keytype, base64-encoded key. Empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y | ||
616 | are ignored as comments. | ||
617 | |||
618 | The principals field is a pattern-list (See PATTERNS in ssh_config(5)) | ||
619 | consisting of one or more comma-separated USER@DOMAIN identity patterns | ||
620 | that are accepted for signing. When verifying, the identity presented | ||
621 | via the -I -option must match a principals pattern in order for the | ||
622 | corresponding key to be considered acceptable for verification. | ||
623 | |||
624 | The options (if present) consist of comma-separated option | ||
625 | specifications. No spaces are permitted, except within double quotes. | ||
626 | The following option specifications are supported (note that option | ||
627 | keywords are case-insensitive): | ||
628 | |||
629 | cert-authority | ||
630 | Indicates that this key is accepted as a certificate authority | ||
631 | (CA) and that certificates signed by this CA may be accepted for | ||
632 | verification. | ||
633 | |||
634 | namespaces="namespace-list" | ||
635 | Specifies a pattern-list of namespaces that are accepted for this | ||
636 | key. If this option is present, the signature namespace embedded | ||
637 | in the signature object and presented on the verification | ||
638 | command-line must match the specified list before the key will be | ||
639 | considered acceptable. | ||
640 | |||
641 | When verifying signatures made by certificates, the expected principal | ||
642 | name must match both the principals pattern in the allowed signers file | ||
643 | and the principals embedded in the certificate itself. | ||
644 | |||
645 | An example allowed signers file: | ||
646 | |||
647 | # Comments allowed at start of line | ||
648 | user1@example.com,user2@example.com ssh-rsa AAAAX1... | ||
649 | # A certificate authority, trusted for all principals in a domain. | ||
650 | *@example.com cert-authority ssh-ed25519 AAAB4... | ||
651 | # A key that is accepted only for file signing. | ||
652 | user2@example.com namespaces="file" ssh-ed25519 AAA41... | ||
653 | |||
654 | FILES | ||
655 | ~/.ssh/id_dsa | ||
656 | ~/.ssh/id_ecdsa | ||
657 | ~/.ssh/id_ed25519 | ||
658 | ~/.ssh/id_rsa | ||
659 | Contains the DSA, ECDSA, Ed25519 or RSA authentication identity | ||
660 | of the user. This file should not be readable by anyone but the | ||
661 | user. It is possible to specify a passphrase when generating the | ||
662 | key; that passphrase will be used to encrypt the private part of | ||
663 | this file using 128-bit AES. This file is not automatically | ||
664 | accessed by ssh-keygen but it is offered as the default file for | ||
665 | the private key. ssh(1) will read this file when a login attempt | ||
666 | is made. | ||
667 | |||
668 | ~/.ssh/id_dsa.pub | ||
669 | ~/.ssh/id_ecdsa.pub | ||
670 | ~/.ssh/id_ed25519.pub | ||
671 | ~/.ssh/id_rsa.pub | ||
672 | Contains the DSA, ECDSA, Ed25519 or RSA public key for | ||
673 | authentication. The contents of this file should be added to | ||
674 | ~/.ssh/authorized_keys on all machines where the user wishes to | ||
675 | log in using public key authentication. There is no need to keep | ||
676 | the contents of this file secret. | ||
677 | |||
678 | /etc/moduli | ||
679 | Contains Diffie-Hellman groups used for DH-GEX. The file format | ||
680 | is described in moduli(5). | ||
681 | |||
682 | SEE ALSO | ||
683 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) | ||
684 | |||
685 | The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. | ||
686 | |||
687 | AUTHORS | ||
688 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
689 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
690 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
691 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
692 | versions 1.5 and 2.0. | ||
693 | |||
694 | OpenBSD 6.6 October 3, 2019 OpenBSD 6.6 | ||
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 new file mode 100644 index 000000000..02475f9a3 --- /dev/null +++ b/ssh-keyscan.0 | |||
@@ -0,0 +1,96 @@ | |||
1 | SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-keyscan M-bM-^@M-^S gather SSH public keys | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keyscan [-46cDHv] [-f file] [-p port] [-T timeout] [-t type] | ||
8 | [host | addrlist namelist] | ||
9 | |||
10 | DESCRIPTION | ||
11 | ssh-keyscan is a utility for gathering the public SSH host keys of a | ||
12 | number of hosts. It was designed to aid in building and verifying | ||
13 | ssh_known_hosts files, the format of which is documented in sshd(8). | ||
14 | ssh-keyscan provides a minimal interface suitable for use by shell and | ||
15 | perl scripts. | ||
16 | |||
17 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as | ||
18 | possible in parallel, so it is very efficient. The keys from a domain of | ||
19 | 1,000 hosts can be collected in tens of seconds, even when some of those | ||
20 | hosts are down or do not run sshd(8). For scanning, one does not need | ||
21 | login access to the machines that are being scanned, nor does the | ||
22 | scanning process involve any encryption. | ||
23 | |||
24 | The options are as follows: | ||
25 | |||
26 | -4 Force ssh-keyscan to use IPv4 addresses only. | ||
27 | |||
28 | -6 Force ssh-keyscan to use IPv6 addresses only. | ||
29 | |||
30 | -c Request certificates from target hosts instead of plain keys. | ||
31 | |||
32 | -D Print keys found as SSHFP DNS records. The default is to print | ||
33 | keys in a format usable as a ssh(1) known_hosts file. | ||
34 | |||
35 | -f file | ||
36 | Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. | ||
37 | If M-bM-^@M-^X-M-bM-^@M-^Y is supplied instead of a filename, ssh-keyscan will read | ||
38 | from the standard input. Input is expected in the format: | ||
39 | |||
40 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 | ||
41 | |||
42 | -H Hash all hostnames and addresses in the output. Hashed names may | ||
43 | be used normally by ssh(1) and sshd(8), but they do not reveal | ||
44 | identifying information should the file's contents be disclosed. | ||
45 | |||
46 | -p port | ||
47 | Connect to port on the remote host. | ||
48 | |||
49 | -T timeout | ||
50 | Set the timeout for connection attempts. If timeout seconds have | ||
51 | elapsed since a connection was initiated to a host or since the | ||
52 | last time anything was read from that host, the connection is | ||
53 | closed and the host in question considered unavailable. The | ||
54 | default is 5 seconds. | ||
55 | |||
56 | -t type | ||
57 | Specify the type of the key to fetch from the scanned hosts. The | ||
58 | possible values are M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^]. | ||
59 | Multiple values may be specified by separating them with commas. | ||
60 | The default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys. | ||
61 | |||
62 | -v Verbose mode: print debugging messages about progress. | ||
63 | |||
64 | If an ssh_known_hosts file is constructed using ssh-keyscan without | ||
65 | verifying the keys, users will be vulnerable to man in the middle | ||
66 | attacks. On the other hand, if the security model allows such a risk, | ||
67 | ssh-keyscan can help in the detection of tampered keyfiles or man in the | ||
68 | middle attacks which have begun after the ssh_known_hosts file was | ||
69 | created. | ||
70 | |||
71 | FILES | ||
72 | /etc/ssh/ssh_known_hosts | ||
73 | |||
74 | EXAMPLES | ||
75 | Print the RSA host key for machine hostname: | ||
76 | |||
77 | $ ssh-keyscan -t rsa hostname | ||
78 | |||
79 | Find all hosts from the file ssh_hosts which have new or different keys | ||
80 | from those in the sorted file ssh_known_hosts: | ||
81 | |||
82 | $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \ | ||
83 | sort -u - ssh_known_hosts | diff ssh_known_hosts - | ||
84 | |||
85 | SEE ALSO | ||
86 | ssh(1), sshd(8) | ||
87 | |||
88 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC | ||
89 | 4255, 2006. | ||
90 | |||
91 | AUTHORS | ||
92 | David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne | ||
93 | Davison <wayned@users.sourceforge.net> added support for protocol version | ||
94 | 2. | ||
95 | |||
96 | OpenBSD 6.6 March 5, 2018 OpenBSD 6.6 | ||
diff --git a/ssh-keysign.0 b/ssh-keysign.0 new file mode 100644 index 000000000..87c0c30e9 --- /dev/null +++ b/ssh-keysign.0 | |||
@@ -0,0 +1,52 @@ | |||
1 | SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) | ||
2 | |||
3 | NAME | ||
4 | ssh-keysign M-bM-^@M-^S ssh helper program for host-based authentication | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keysign | ||
8 | |||
9 | DESCRIPTION | ||
10 | ssh-keysign is used by ssh(1) to access the local host keys and generate | ||
11 | the digital signature required during host-based authentication. | ||
12 | |||
13 | ssh-keysign is disabled by default and can only be enabled in the global | ||
14 | client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign | ||
15 | to M-bM-^@M-^\yesM-bM-^@M-^]. | ||
16 | |||
17 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). | ||
18 | See ssh(1) and sshd(8) for more information about host-based | ||
19 | authentication. | ||
20 | |||
21 | FILES | ||
22 | /etc/ssh/ssh_config | ||
23 | Controls whether ssh-keysign is enabled. | ||
24 | |||
25 | /etc/ssh/ssh_host_dsa_key | ||
26 | /etc/ssh/ssh_host_ecdsa_key | ||
27 | /etc/ssh/ssh_host_ed25519_key | ||
28 | /etc/ssh/ssh_host_rsa_key | ||
29 | These files contain the private parts of the host keys used to | ||
30 | generate the digital signature. They should be owned by root, | ||
31 | readable only by root, and not accessible to others. Since they | ||
32 | are readable only by root, ssh-keysign must be set-uid root if | ||
33 | host-based authentication is used. | ||
34 | |||
35 | /etc/ssh/ssh_host_dsa_key-cert.pub | ||
36 | /etc/ssh/ssh_host_ecdsa_key-cert.pub | ||
37 | /etc/ssh/ssh_host_ed25519_key-cert.pub | ||
38 | /etc/ssh/ssh_host_rsa_key-cert.pub | ||
39 | If these files exist they are assumed to contain public | ||
40 | certificate information corresponding with the private keys | ||
41 | above. | ||
42 | |||
43 | SEE ALSO | ||
44 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) | ||
45 | |||
46 | HISTORY | ||
47 | ssh-keysign first appeared in OpenBSD 3.2. | ||
48 | |||
49 | AUTHORS | ||
50 | Markus Friedl <markus@openbsd.org> | ||
51 | |||
52 | OpenBSD 6.6 February 17, 2016 OpenBSD 6.6 | ||
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 new file mode 100644 index 000000000..88afa8a91 --- /dev/null +++ b/ssh-pkcs11-helper.0 | |||
@@ -0,0 +1,35 @@ | |||
1 | SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8) | ||
2 | |||
3 | NAME | ||
4 | ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-pkcs11-helper [-v] | ||
8 | |||
9 | DESCRIPTION | ||
10 | ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a | ||
11 | PKCS#11 token. | ||
12 | |||
13 | ssh-pkcs11-helper is not intended to be invoked by the user, but from | ||
14 | ssh-agent(1). | ||
15 | |||
16 | A single option is supported: | ||
17 | |||
18 | -v Verbose mode. Causes ssh-pkcs11-helper to print debugging | ||
19 | messages about its progress. This is helpful in debugging | ||
20 | problems. Multiple -v options increase the verbosity. The | ||
21 | maximum is 3. | ||
22 | |||
23 | Note that ssh-agent(1) will automatically pass the -v flag to | ||
24 | ssh-pkcs11-helper when it has itself been placed in debug mode. | ||
25 | |||
26 | SEE ALSO | ||
27 | ssh(1), ssh-add(1), ssh-agent(1) | ||
28 | |||
29 | HISTORY | ||
30 | ssh-pkcs11-helper first appeared in OpenBSD 4.7. | ||
31 | |||
32 | AUTHORS | ||
33 | Markus Friedl <markus@openbsd.org> | ||
34 | |||
35 | OpenBSD 6.6 January 21, 2019 OpenBSD 6.6 | ||
@@ -0,0 +1,980 @@ | |||
1 | SSH(1) General Commands Manual SSH(1) | ||
2 | |||
3 | NAME | ||
4 | ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] | ||
8 | [-c cipher_spec] [-D [bind_address:]port] [-E log_file] | ||
9 | [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] | ||
10 | [-J destination] [-L address] [-l login_name] [-m mac_spec] | ||
11 | [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] | ||
12 | [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination | ||
13 | [command] | ||
14 | |||
15 | DESCRIPTION | ||
16 | ssh (SSH client) is a program for logging into a remote machine and for | ||
17 | executing commands on a remote machine. It is intended to provide secure | ||
18 | encrypted communications between two untrusted hosts over an insecure | ||
19 | network. X11 connections, arbitrary TCP ports and UNIX-domain sockets | ||
20 | can also be forwarded over the secure channel. | ||
21 | |||
22 | ssh connects and logs into the specified destination, which may be | ||
23 | specified as either [user@]hostname or a URI of the form | ||
24 | ssh://[user@]hostname[:port]. The user must prove his/her identity to | ||
25 | the remote machine using one of several methods (see below). | ||
26 | |||
27 | If a command is specified, it is executed on the remote host instead of a | ||
28 | login shell. | ||
29 | |||
30 | The options are as follows: | ||
31 | |||
32 | -4 Forces ssh to use IPv4 addresses only. | ||
33 | |||
34 | -6 Forces ssh to use IPv6 addresses only. | ||
35 | |||
36 | -A Enables forwarding of the authentication agent connection. This | ||
37 | can also be specified on a per-host basis in a configuration | ||
38 | file. | ||
39 | |||
40 | Agent forwarding should be enabled with caution. Users with the | ||
41 | ability to bypass file permissions on the remote host (for the | ||
42 | agent's UNIX-domain socket) can access the local agent through | ||
43 | the forwarded connection. An attacker cannot obtain key material | ||
44 | from the agent, however they can perform operations on the keys | ||
45 | that enable them to authenticate using the identities loaded into | ||
46 | the agent. | ||
47 | |||
48 | -a Disables forwarding of the authentication agent connection. | ||
49 | |||
50 | -B bind_interface | ||
51 | Bind to the address of bind_interface before attempting to | ||
52 | connect to the destination host. This is only useful on systems | ||
53 | with more than one address. | ||
54 | |||
55 | -b bind_address | ||
56 | Use bind_address on the local machine as the source address of | ||
57 | the connection. Only useful on systems with more than one | ||
58 | address. | ||
59 | |||
60 | -C Requests compression of all data (including stdin, stdout, | ||
61 | stderr, and data for forwarded X11, TCP and UNIX-domain | ||
62 | connections). The compression algorithm is the same used by | ||
63 | gzip(1). Compression is desirable on modem lines and other slow | ||
64 | connections, but will only slow down things on fast networks. | ||
65 | The default value can be set on a host-by-host basis in the | ||
66 | configuration files; see the Compression option. | ||
67 | |||
68 | -c cipher_spec | ||
69 | Selects the cipher specification for encrypting the session. | ||
70 | cipher_spec is a comma-separated list of ciphers listed in order | ||
71 | of preference. See the Ciphers keyword in ssh_config(5) for more | ||
72 | information. | ||
73 | |||
74 | -D [bind_address:]port | ||
75 | Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. | ||
76 | This works by allocating a socket to listen to port on the local | ||
77 | side, optionally bound to the specified bind_address. Whenever a | ||
78 | connection is made to this port, the connection is forwarded over | ||
79 | the secure channel, and the application protocol is then used to | ||
80 | determine where to connect to from the remote machine. Currently | ||
81 | the SOCKS4 and SOCKS5 protocols are supported, and ssh will act | ||
82 | as a SOCKS server. Only root can forward privileged ports. | ||
83 | Dynamic port forwardings can also be specified in the | ||
84 | configuration file. | ||
85 | |||
86 | IPv6 addresses can be specified by enclosing the address in | ||
87 | square brackets. Only the superuser can forward privileged | ||
88 | ports. By default, the local port is bound in accordance with | ||
89 | the GatewayPorts setting. However, an explicit bind_address may | ||
90 | be used to bind the connection to a specific address. The | ||
91 | bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be | ||
92 | bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates | ||
93 | that the port should be available from all interfaces. | ||
94 | |||
95 | -E log_file | ||
96 | Append debug logs to log_file instead of standard error. | ||
97 | |||
98 | -e escape_char | ||
99 | Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y). | ||
100 | The escape character is only recognized at the beginning of a | ||
101 | line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the | ||
102 | connection; followed by control-Z suspends the connection; and | ||
103 | followed by itself sends the escape character once. Setting the | ||
104 | character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session | ||
105 | fully transparent. | ||
106 | |||
107 | -F configfile | ||
108 | Specifies an alternative per-user configuration file. If a | ||
109 | configuration file is given on the command line, the system-wide | ||
110 | configuration file (/etc/ssh/ssh_config) will be ignored. The | ||
111 | default for the per-user configuration file is ~/.ssh/config. | ||
112 | |||
113 | -f Requests ssh to go to background just before command execution. | ||
114 | This is useful if ssh is going to ask for passwords or | ||
115 | passphrases, but the user wants it in the background. This | ||
116 | implies -n. The recommended way to start X11 programs at a | ||
117 | remote site is with something like ssh -f host xterm. | ||
118 | |||
119 | If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^], | ||
120 | then a client started with -f will wait for all remote port | ||
121 | forwards to be successfully established before placing itself in | ||
122 | the background. | ||
123 | |||
124 | -G Causes ssh to print its configuration after evaluating Host and | ||
125 | Match blocks and exit. | ||
126 | |||
127 | -g Allows remote hosts to connect to local forwarded ports. If used | ||
128 | on a multiplexed connection, then this option must be specified | ||
129 | on the master process. | ||
130 | |||
131 | -I pkcs11 | ||
132 | Specify the PKCS#11 shared library ssh should use to communicate | ||
133 | with a PKCS#11 token providing keys for user authentication. | ||
134 | |||
135 | -i identity_file | ||
136 | Selects a file from which the identity (private key) for public | ||
137 | key authentication is read. The default is ~/.ssh/id_dsa, | ||
138 | ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity | ||
139 | files may also be specified on a per-host basis in the | ||
140 | configuration file. It is possible to have multiple -i options | ||
141 | (and multiple identities specified in configuration files). If | ||
142 | no certificates have been explicitly specified by the | ||
143 | CertificateFile directive, ssh will also try to load certificate | ||
144 | information from the filename obtained by appending -cert.pub to | ||
145 | identity filenames. | ||
146 | |||
147 | -J destination | ||
148 | Connect to the target host by first making a ssh connection to | ||
149 | the jump host described by destination and then establishing a | ||
150 | TCP forwarding to the ultimate destination from there. Multiple | ||
151 | jump hops may be specified separated by comma characters. This | ||
152 | is a shortcut to specify a ProxyJump configuration directive. | ||
153 | Note that configuration directives supplied on the command-line | ||
154 | generally apply to the destination host and not any specified | ||
155 | jump hosts. Use ~/.ssh/config to specify configuration for jump | ||
156 | hosts. | ||
157 | |||
158 | -K Enables GSSAPI-based authentication and forwarding (delegation) | ||
159 | of GSSAPI credentials to the server. | ||
160 | |||
161 | -k Disables forwarding (delegation) of GSSAPI credentials to the | ||
162 | server. | ||
163 | |||
164 | -L [bind_address:]port:host:hostport | ||
165 | -L [bind_address:]port:remote_socket | ||
166 | -L local_socket:host:hostport | ||
167 | -L local_socket:remote_socket | ||
168 | Specifies that connections to the given TCP port or Unix socket | ||
169 | on the local (client) host are to be forwarded to the given host | ||
170 | and port, or Unix socket, on the remote side. This works by | ||
171 | allocating a socket to listen to either a TCP port on the local | ||
172 | side, optionally bound to the specified bind_address, or to a | ||
173 | Unix socket. Whenever a connection is made to the local port or | ||
174 | socket, the connection is forwarded over the secure channel, and | ||
175 | a connection is made to either host port hostport, or the Unix | ||
176 | socket remote_socket, from the remote machine. | ||
177 | |||
178 | Port forwardings can also be specified in the configuration file. | ||
179 | Only the superuser can forward privileged ports. IPv6 addresses | ||
180 | can be specified by enclosing the address in square brackets. | ||
181 | |||
182 | By default, the local port is bound in accordance with the | ||
183 | GatewayPorts setting. However, an explicit bind_address may be | ||
184 | used to bind the connection to a specific address. The | ||
185 | bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be | ||
186 | bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates | ||
187 | that the port should be available from all interfaces. | ||
188 | |||
189 | -l login_name | ||
190 | Specifies the user to log in as on the remote machine. This also | ||
191 | may be specified on a per-host basis in the configuration file. | ||
192 | |||
193 | -M Places the ssh client into M-bM-^@M-^\masterM-bM-^@M-^] mode for connection sharing. | ||
194 | Multiple -M options places ssh into M-bM-^@M-^\masterM-bM-^@M-^] mode but with | ||
195 | confirmation required using ssh-askpass(1) before each operation | ||
196 | that changes the multiplexing state (e.g. opening a new session). | ||
197 | Refer to the description of ControlMaster in ssh_config(5) for | ||
198 | details. | ||
199 | |||
200 | -m mac_spec | ||
201 | A comma-separated list of MAC (message authentication code) | ||
202 | algorithms, specified in order of preference. See the MACs | ||
203 | keyword for more information. | ||
204 | |||
205 | -N Do not execute a remote command. This is useful for just | ||
206 | forwarding ports. | ||
207 | |||
208 | -n Redirects stdin from /dev/null (actually, prevents reading from | ||
209 | stdin). This must be used when ssh is run in the background. A | ||
210 | common trick is to use this to run X11 programs on a remote | ||
211 | machine. For example, ssh -n shadows.cs.hut.fi emacs & will | ||
212 | start an emacs on shadows.cs.hut.fi, and the X11 connection will | ||
213 | be automatically forwarded over an encrypted channel. The ssh | ||
214 | program will be put in the background. (This does not work if | ||
215 | ssh needs to ask for a password or passphrase; see also the -f | ||
216 | option.) | ||
217 | |||
218 | -O ctl_cmd | ||
219 | Control an active connection multiplexing master process. When | ||
220 | the -O option is specified, the ctl_cmd argument is interpreted | ||
221 | and passed to the master process. Valid commands are: M-bM-^@M-^\checkM-bM-^@M-^] | ||
222 | (check that the master process is running), M-bM-^@M-^\forwardM-bM-^@M-^] (request | ||
223 | forwardings without command execution), M-bM-^@M-^\cancelM-bM-^@M-^] (cancel | ||
224 | forwardings), M-bM-^@M-^\exitM-bM-^@M-^] (request the master to exit), and M-bM-^@M-^\stopM-bM-^@M-^] | ||
225 | (request the master to stop accepting further multiplexing | ||
226 | requests). | ||
227 | |||
228 | -o option | ||
229 | Can be used to give options in the format used in the | ||
230 | configuration file. This is useful for specifying options for | ||
231 | which there is no separate command-line flag. For full details | ||
232 | of the options listed below, and their possible values, see | ||
233 | ssh_config(5). | ||
234 | |||
235 | AddKeysToAgent | ||
236 | AddressFamily | ||
237 | BatchMode | ||
238 | BindAddress | ||
239 | CanonicalDomains | ||
240 | CanonicalizeFallbackLocal | ||
241 | CanonicalizeHostname | ||
242 | CanonicalizeMaxDots | ||
243 | CanonicalizePermittedCNAMEs | ||
244 | CASignatureAlgorithms | ||
245 | CertificateFile | ||
246 | ChallengeResponseAuthentication | ||
247 | CheckHostIP | ||
248 | Ciphers | ||
249 | ClearAllForwardings | ||
250 | Compression | ||
251 | ConnectionAttempts | ||
252 | ConnectTimeout | ||
253 | ControlMaster | ||
254 | ControlPath | ||
255 | ControlPersist | ||
256 | DynamicForward | ||
257 | EscapeChar | ||
258 | ExitOnForwardFailure | ||
259 | FingerprintHash | ||
260 | ForwardAgent | ||
261 | ForwardX11 | ||
262 | ForwardX11Timeout | ||
263 | ForwardX11Trusted | ||
264 | GatewayPorts | ||
265 | GlobalKnownHostsFile | ||
266 | GSSAPIAuthentication | ||
267 | GSSAPIDelegateCredentials | ||
268 | HashKnownHosts | ||
269 | Host | ||
270 | HostbasedAuthentication | ||
271 | HostbasedKeyTypes | ||
272 | HostKeyAlgorithms | ||
273 | HostKeyAlias | ||
274 | Hostname | ||
275 | IdentitiesOnly | ||
276 | IdentityAgent | ||
277 | IdentityFile | ||
278 | IPQoS | ||
279 | KbdInteractiveAuthentication | ||
280 | KbdInteractiveDevices | ||
281 | KexAlgorithms | ||
282 | LocalCommand | ||
283 | LocalForward | ||
284 | LogLevel | ||
285 | MACs | ||
286 | Match | ||
287 | NoHostAuthenticationForLocalhost | ||
288 | NumberOfPasswordPrompts | ||
289 | PasswordAuthentication | ||
290 | PermitLocalCommand | ||
291 | PKCS11Provider | ||
292 | Port | ||
293 | PreferredAuthentications | ||
294 | ProxyCommand | ||
295 | ProxyJump | ||
296 | ProxyUseFdpass | ||
297 | PubkeyAcceptedKeyTypes | ||
298 | PubkeyAuthentication | ||
299 | RekeyLimit | ||
300 | RemoteCommand | ||
301 | RemoteForward | ||
302 | RequestTTY | ||
303 | SendEnv | ||
304 | ServerAliveInterval | ||
305 | ServerAliveCountMax | ||
306 | SetEnv | ||
307 | StreamLocalBindMask | ||
308 | StreamLocalBindUnlink | ||
309 | StrictHostKeyChecking | ||
310 | TCPKeepAlive | ||
311 | Tunnel | ||
312 | TunnelDevice | ||
313 | UpdateHostKeys | ||
314 | User | ||
315 | UserKnownHostsFile | ||
316 | VerifyHostKeyDNS | ||
317 | VisualHostKey | ||
318 | XAuthLocation | ||
319 | |||
320 | -p port | ||
321 | Port to connect to on the remote host. This can be specified on | ||
322 | a per-host basis in the configuration file. | ||
323 | |||
324 | -Q query_option | ||
325 | Queries ssh for the algorithms supported for the specified | ||
326 | version 2. The available features are: cipher (supported | ||
327 | symmetric ciphers), cipher-auth (supported symmetric ciphers that | ||
328 | support authenticated encryption), help (supported query terms | ||
329 | for use with the -Q flag), mac (supported message integrity | ||
330 | codes), kex (key exchange algorithms), key (key types), key-cert | ||
331 | (certificate key types), key-plain (non-certificate key types), | ||
332 | protocol-version (supported SSH protocol versions), and sig | ||
333 | (supported signature algorithms). | ||
334 | |||
335 | -q Quiet mode. Causes most warning and diagnostic messages to be | ||
336 | suppressed. | ||
337 | |||
338 | -R [bind_address:]port:host:hostport | ||
339 | -R [bind_address:]port:local_socket | ||
340 | -R remote_socket:host:hostport | ||
341 | -R remote_socket:local_socket | ||
342 | -R [bind_address:]port | ||
343 | Specifies that connections to the given TCP port or Unix socket | ||
344 | on the remote (server) host are to be forwarded to the local | ||
345 | side. | ||
346 | |||
347 | This works by allocating a socket to listen to either a TCP port | ||
348 | or to a Unix socket on the remote side. Whenever a connection is | ||
349 | made to this port or Unix socket, the connection is forwarded | ||
350 | over the secure channel, and a connection is made from the local | ||
351 | machine to either an explicit destination specified by host port | ||
352 | hostport, or local_socket, or, if no explicit destination was | ||
353 | specified, ssh will act as a SOCKS 4/5 proxy and forward | ||
354 | connections to the destinations requested by the remote SOCKS | ||
355 | client. | ||
356 | |||
357 | Port forwardings can also be specified in the configuration file. | ||
358 | Privileged ports can be forwarded only when logging in as root on | ||
359 | the remote machine. IPv6 addresses can be specified by enclosing | ||
360 | the address in square brackets. | ||
361 | |||
362 | By default, TCP listening sockets on the server will be bound to | ||
363 | the loopback interface only. This may be overridden by | ||
364 | specifying a bind_address. An empty bind_address, or the address | ||
365 | M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all | ||
366 | interfaces. Specifying a remote bind_address will only succeed | ||
367 | if the server's GatewayPorts option is enabled (see | ||
368 | sshd_config(5)). | ||
369 | |||
370 | If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically | ||
371 | allocated on the server and reported to the client at run time. | ||
372 | When used together with -O forward the allocated port will be | ||
373 | printed to the standard output. | ||
374 | |||
375 | -S ctl_path | ||
376 | Specifies the location of a control socket for connection | ||
377 | sharing, or the string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing. | ||
378 | Refer to the description of ControlPath and ControlMaster in | ||
379 | ssh_config(5) for details. | ||
380 | |||
381 | -s May be used to request invocation of a subsystem on the remote | ||
382 | system. Subsystems facilitate the use of SSH as a secure | ||
383 | transport for other applications (e.g. sftp(1)). The subsystem | ||
384 | is specified as the remote command. | ||
385 | |||
386 | -T Disable pseudo-terminal allocation. | ||
387 | |||
388 | -t Force pseudo-terminal allocation. This can be used to execute | ||
389 | arbitrary screen-based programs on a remote machine, which can be | ||
390 | very useful, e.g. when implementing menu services. Multiple -t | ||
391 | options force tty allocation, even if ssh has no local tty. | ||
392 | |||
393 | -V Display the version number and exit. | ||
394 | |||
395 | -v Verbose mode. Causes ssh to print debugging messages about its | ||
396 | progress. This is helpful in debugging connection, | ||
397 | authentication, and configuration problems. Multiple -v options | ||
398 | increase the verbosity. The maximum is 3. | ||
399 | |||
400 | -W host:port | ||
401 | Requests that standard input and output on the client be | ||
402 | forwarded to host on port over the secure channel. Implies -N, | ||
403 | -T, ExitOnForwardFailure and ClearAllForwardings, though these | ||
404 | can be overridden in the configuration file or using -o command | ||
405 | line options. | ||
406 | |||
407 | -w local_tun[:remote_tun] | ||
408 | Requests tunnel device forwarding with the specified tun(4) | ||
409 | devices between the client (local_tun) and the server | ||
410 | (remote_tun). | ||
411 | |||
412 | The devices may be specified by numerical ID or the keyword | ||
413 | M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If | ||
414 | remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the | ||
415 | Tunnel and TunnelDevice directives in ssh_config(5). | ||
416 | |||
417 | If the Tunnel directive is unset, it will be set to the default | ||
418 | tunnel mode, which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. If a different Tunnel | ||
419 | forwarding mode it desired, then it should be specified before | ||
420 | -w. | ||
421 | |||
422 | -X Enables X11 forwarding. This can also be specified on a per-host | ||
423 | basis in a configuration file. | ||
424 | |||
425 | X11 forwarding should be enabled with caution. Users with the | ||
426 | ability to bypass file permissions on the remote host (for the | ||
427 | user's X authorization database) can access the local X11 display | ||
428 | through the forwarded connection. An attacker may then be able | ||
429 | to perform activities such as keystroke monitoring. | ||
430 | |||
431 | For this reason, X11 forwarding is subjected to X11 SECURITY | ||
432 | extension restrictions by default. Please refer to the ssh -Y | ||
433 | option and the ForwardX11Trusted directive in ssh_config(5) for | ||
434 | more information. | ||
435 | |||
436 | -x Disables X11 forwarding. | ||
437 | |||
438 | -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not | ||
439 | subjected to the X11 SECURITY extension controls. | ||
440 | |||
441 | -y Send log information using the syslog(3) system module. By | ||
442 | default this information is sent to stderr. | ||
443 | |||
444 | ssh may additionally obtain configuration data from a per-user | ||
445 | configuration file and a system-wide configuration file. The file format | ||
446 | and configuration options are described in ssh_config(5). | ||
447 | |||
448 | AUTHENTICATION | ||
449 | The OpenSSH SSH client supports SSH protocol 2. | ||
450 | |||
451 | The methods available for authentication are: GSSAPI-based | ||
452 | authentication, host-based authentication, public key authentication, | ||
453 | challenge-response authentication, and password authentication. | ||
454 | Authentication methods are tried in the order specified above, though | ||
455 | PreferredAuthentications can be used to change the default order. | ||
456 | |||
457 | Host-based authentication works as follows: If the machine the user logs | ||
458 | in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote | ||
459 | machine, and the user names are the same on both sides, or if the files | ||
460 | ~/.rhosts or ~/.shosts exist in the user's home directory on the remote | ||
461 | machine and contain a line containing the name of the client machine and | ||
462 | the name of the user on that machine, the user is considered for login. | ||
463 | Additionally, the server must be able to verify the client's host key | ||
464 | (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, | ||
465 | below) for login to be permitted. This authentication method closes | ||
466 | security holes due to IP spoofing, DNS spoofing, and routing spoofing. | ||
467 | [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the | ||
468 | rlogin/rsh protocol in general, are inherently insecure and should be | ||
469 | disabled if security is desired.] | ||
470 | |||
471 | Public key authentication works as follows: The scheme is based on | ||
472 | public-key cryptography, using cryptosystems where encryption and | ||
473 | decryption are done using separate keys, and it is unfeasible to derive | ||
474 | the decryption key from the encryption key. The idea is that each user | ||
475 | creates a public/private key pair for authentication purposes. The | ||
476 | server knows the public key, and only the user knows the private key. | ||
477 | ssh implements public key authentication protocol automatically, using | ||
478 | one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of | ||
479 | ssl(8) contains a brief discussion of the DSA and RSA algorithms. | ||
480 | |||
481 | The file ~/.ssh/authorized_keys lists the public keys that are permitted | ||
482 | for logging in. When the user logs in, the ssh program tells the server | ||
483 | which key pair it would like to use for authentication. The client | ||
484 | proves that it has access to the private key and the server checks that | ||
485 | the corresponding public key is authorized to accept the account. | ||
486 | |||
487 | The server may inform the client of errors that prevented public key | ||
488 | authentication from succeeding after authentication completes using a | ||
489 | different method. These may be viewed by increasing the LogLevel to | ||
490 | DEBUG or higher (e.g. by using the -v flag). | ||
491 | |||
492 | The user creates his/her key pair by running ssh-keygen(1). This stores | ||
493 | the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), | ||
494 | ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public | ||
495 | key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), | ||
496 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | ||
497 | home directory. The user should then copy the public key to | ||
498 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | ||
499 | The authorized_keys file corresponds to the conventional ~/.rhosts file, | ||
500 | and has one key per line, though the lines can be very long. After this, | ||
501 | the user can log in without giving the password. | ||
502 | |||
503 | A variation on public key authentication is available in the form of | ||
504 | certificate authentication: instead of a set of public/private keys, | ||
505 | signed certificates are used. This has the advantage that a single | ||
506 | trusted certification authority can be used in place of many | ||
507 | public/private keys. See the CERTIFICATES section of ssh-keygen(1) for | ||
508 | more information. | ||
509 | |||
510 | The most convenient way to use public key or certificate authentication | ||
511 | may be with an authentication agent. See ssh-agent(1) and (optionally) | ||
512 | the AddKeysToAgent directive in ssh_config(5) for more information. | ||
513 | |||
514 | Challenge-response authentication works as follows: The server sends an | ||
515 | arbitrary "challenge" text, and prompts for a response. Examples of | ||
516 | challenge-response authentication include BSD Authentication (see | ||
517 | login.conf(5)) and PAM (some non-OpenBSD systems). | ||
518 | |||
519 | Finally, if other authentication methods fail, ssh prompts the user for a | ||
520 | password. The password is sent to the remote host for checking; however, | ||
521 | since all communications are encrypted, the password cannot be seen by | ||
522 | someone listening on the network. | ||
523 | |||
524 | ssh automatically maintains and checks a database containing | ||
525 | identification for all hosts it has ever been used with. Host keys are | ||
526 | stored in ~/.ssh/known_hosts in the user's home directory. Additionally, | ||
527 | the file /etc/ssh/ssh_known_hosts is automatically checked for known | ||
528 | hosts. Any new hosts are automatically added to the user's file. If a | ||
529 | host's identification ever changes, ssh warns about this and disables | ||
530 | password authentication to prevent server spoofing or man-in-the-middle | ||
531 | attacks, which could otherwise be used to circumvent the encryption. The | ||
532 | StrictHostKeyChecking option can be used to control logins to machines | ||
533 | whose host key is not known or has changed. | ||
534 | |||
535 | When the user's identity has been accepted by the server, the server | ||
536 | either executes the given command in a non-interactive session or, if no | ||
537 | command has been specified, logs into the machine and gives the user a | ||
538 | normal shell as an interactive session. All communication with the | ||
539 | remote command or shell will be automatically encrypted. | ||
540 | |||
541 | If an interactive session is requested ssh by default will only request a | ||
542 | pseudo-terminal (pty) for interactive sessions when the client has one. | ||
543 | The flags -T and -t can be used to override this behaviour. | ||
544 | |||
545 | If a pseudo-terminal has been allocated the user may use the escape | ||
546 | characters noted below. | ||
547 | |||
548 | If no pseudo-terminal has been allocated, the session is transparent and | ||
549 | can be used to reliably transfer binary data. On most systems, setting | ||
550 | the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent | ||
551 | even if a tty is used. | ||
552 | |||
553 | The session terminates when the command or shell on the remote machine | ||
554 | exits and all X11 and TCP connections have been closed. | ||
555 | |||
556 | ESCAPE CHARACTERS | ||
557 | When a pseudo-terminal has been requested, ssh supports a number of | ||
558 | functions through the use of an escape character. | ||
559 | |||
560 | A single tilde character can be sent as ~~ or by following the tilde by a | ||
561 | character other than those described below. The escape character must | ||
562 | always follow a newline to be interpreted as special. The escape | ||
563 | character can be changed in configuration files using the EscapeChar | ||
564 | configuration directive or on the command line by the -e option. | ||
565 | |||
566 | The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are: | ||
567 | |||
568 | ~. Disconnect. | ||
569 | |||
570 | ~^Z Background ssh. | ||
571 | |||
572 | ~# List forwarded connections. | ||
573 | |||
574 | ~& Background ssh at logout when waiting for forwarded connection / | ||
575 | X11 sessions to terminate. | ||
576 | |||
577 | ~? Display a list of escape characters. | ||
578 | |||
579 | ~B Send a BREAK to the remote system (only useful if the peer | ||
580 | supports it). | ||
581 | |||
582 | ~C Open command line. Currently this allows the addition of port | ||
583 | forwardings using the -L, -R and -D options (see above). It also | ||
584 | allows the cancellation of existing port-forwardings with | ||
585 | -KL[bind_address:]port for local, -KR[bind_address:]port for | ||
586 | remote and -KD[bind_address:]port for dynamic port-forwardings. | ||
587 | !command allows the user to execute a local command if the | ||
588 | PermitLocalCommand option is enabled in ssh_config(5). Basic | ||
589 | help is available, using the -h option. | ||
590 | |||
591 | ~R Request rekeying of the connection (only useful if the peer | ||
592 | supports it). | ||
593 | |||
594 | ~V Decrease the verbosity (LogLevel) when errors are being written | ||
595 | to stderr. | ||
596 | |||
597 | ~v Increase the verbosity (LogLevel) when errors are being written | ||
598 | to stderr. | ||
599 | |||
600 | TCP FORWARDING | ||
601 | Forwarding of arbitrary TCP connections over a secure channel can be | ||
602 | specified either on the command line or in a configuration file. One | ||
603 | possible application of TCP forwarding is a secure connection to a mail | ||
604 | server; another is going through firewalls. | ||
605 | |||
606 | In the example below, we look at encrypting communication for an IRC | ||
607 | client, even though the IRC server it connects to does not directly | ||
608 | support encrypted communication. This works as follows: the user | ||
609 | connects to the remote host using ssh, specifying the ports to be used to | ||
610 | forward the connection. After that it is possible to start the program | ||
611 | locally, and ssh will encrypt and forward the connection to the remote | ||
612 | server. | ||
613 | |||
614 | The following example tunnels an IRC session from the client to an IRC | ||
615 | server at M-bM-^@M-^\server.example.comM-bM-^@M-^], joining channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname | ||
616 | M-bM-^@M-^\pinkyM-bM-^@M-^], using the standard IRC port, 6667: | ||
617 | |||
618 | $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 | ||
619 | $ irc -c '#users' pinky IRC/127.0.0.1 | ||
620 | |||
621 | The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is | ||
622 | specified to allow an amount of time (10 seconds, in the example) to | ||
623 | start the program which is going to use the tunnel. If no connections | ||
624 | are made within the time specified, ssh will exit. | ||
625 | |||
626 | X11 FORWARDING | ||
627 | If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the | ||
628 | -X, -x, and -Y options above) and the user is using X11 (the DISPLAY | ||
629 | environment variable is set), the connection to the X11 display is | ||
630 | automatically forwarded to the remote side in such a way that any X11 | ||
631 | programs started from the shell (or command) will go through the | ||
632 | encrypted channel, and the connection to the real X server will be made | ||
633 | from the local machine. The user should not manually set DISPLAY. | ||
634 | Forwarding of X11 connections can be configured on the command line or in | ||
635 | configuration files. | ||
636 | |||
637 | The DISPLAY value set by ssh will point to the server machine, but with a | ||
638 | display number greater than zero. This is normal, and happens because | ||
639 | ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the | ||
640 | connections over the encrypted channel. | ||
641 | |||
642 | ssh will also automatically set up Xauthority data on the server machine. | ||
643 | For this purpose, it will generate a random authorization cookie, store | ||
644 | it in Xauthority on the server, and verify that any forwarded connections | ||
645 | carry this cookie and replace it by the real cookie when the connection | ||
646 | is opened. The real authentication cookie is never sent to the server | ||
647 | machine (and no cookies are sent in the plain). | ||
648 | |||
649 | If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of | ||
650 | the -A and -a options above) and the user is using an authentication | ||
651 | agent, the connection to the agent is automatically forwarded to the | ||
652 | remote side. | ||
653 | |||
654 | VERIFYING HOST KEYS | ||
655 | When connecting to a server for the first time, a fingerprint of the | ||
656 | server's public key is presented to the user (unless the option | ||
657 | StrictHostKeyChecking has been disabled). Fingerprints can be determined | ||
658 | using ssh-keygen(1): | ||
659 | |||
660 | $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key | ||
661 | |||
662 | If the fingerprint is already known, it can be matched and the key can be | ||
663 | accepted or rejected. If only legacy (MD5) fingerprints for the server | ||
664 | are available, the ssh-keygen(1) -E option may be used to downgrade the | ||
665 | fingerprint algorithm to match. | ||
666 | |||
667 | Because of the difficulty of comparing host keys just by looking at | ||
668 | fingerprint strings, there is also support to compare host keys visually, | ||
669 | using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small | ||
670 | ASCII graphic gets displayed on every login to a server, no matter if the | ||
671 | session itself is interactive or not. By learning the pattern a known | ||
672 | server produces, a user can easily find out that the host key has changed | ||
673 | when a completely different pattern is displayed. Because these patterns | ||
674 | are not unambiguous however, a pattern that looks similar to the pattern | ||
675 | remembered only gives a good probability that the host key is the same, | ||
676 | not guaranteed proof. | ||
677 | |||
678 | To get a listing of the fingerprints along with their random art for all | ||
679 | known hosts, the following command line can be used: | ||
680 | |||
681 | $ ssh-keygen -lv -f ~/.ssh/known_hosts | ||
682 | |||
683 | If the fingerprint is unknown, an alternative method of verification is | ||
684 | available: SSH fingerprints verified by DNS. An additional resource | ||
685 | record (RR), SSHFP, is added to a zonefile and the connecting client is | ||
686 | able to match the fingerprint with that of the key presented. | ||
687 | |||
688 | In this example, we are connecting a client to a server, | ||
689 | M-bM-^@M-^\host.example.comM-bM-^@M-^]. The SSHFP resource records should first be added to | ||
690 | the zonefile for host.example.com: | ||
691 | |||
692 | $ ssh-keygen -r host.example.com. | ||
693 | |||
694 | The output lines will have to be added to the zonefile. To check that | ||
695 | the zone is answering fingerprint queries: | ||
696 | |||
697 | $ dig -t SSHFP host.example.com | ||
698 | |||
699 | Finally the client connects: | ||
700 | |||
701 | $ ssh -o "VerifyHostKeyDNS ask" host.example.com | ||
702 | [...] | ||
703 | Matching host key fingerprint found in DNS. | ||
704 | Are you sure you want to continue connecting (yes/no)? | ||
705 | |||
706 | See the VerifyHostKeyDNS option in ssh_config(5) for more information. | ||
707 | |||
708 | SSH-BASED VIRTUAL PRIVATE NETWORKS | ||
709 | ssh contains support for Virtual Private Network (VPN) tunnelling using | ||
710 | the tun(4) network pseudo-device, allowing two networks to be joined | ||
711 | securely. The sshd_config(5) configuration option PermitTunnel controls | ||
712 | whether the server supports this, and at what level (layer 2 or 3 | ||
713 | traffic). | ||
714 | |||
715 | The following example would connect client network 10.0.50.0/24 with | ||
716 | remote network 10.0.99.0/24 using a point-to-point connection from | ||
717 | 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway | ||
718 | to the remote network, at 192.168.1.15, allows it. | ||
719 | |||
720 | On the client: | ||
721 | |||
722 | # ssh -f -w 0:1 192.168.1.15 true | ||
723 | # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 | ||
724 | # route add 10.0.99.0/24 10.1.1.2 | ||
725 | |||
726 | On the server: | ||
727 | |||
728 | # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 | ||
729 | # route add 10.0.50.0/24 10.1.1.1 | ||
730 | |||
731 | Client access may be more finely tuned via the /root/.ssh/authorized_keys | ||
732 | file (see below) and the PermitRootLogin server option. The following | ||
733 | entry would permit connections on tun(4) device 1 from user M-bM-^@M-^\janeM-bM-^@M-^] and on | ||
734 | tun device 2 from user M-bM-^@M-^\johnM-bM-^@M-^], if PermitRootLogin is set to | ||
735 | M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^]: | ||
736 | |||
737 | tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane | ||
738 | tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john | ||
739 | |||
740 | Since an SSH-based setup entails a fair amount of overhead, it may be | ||
741 | more suited to temporary setups, such as for wireless VPNs. More | ||
742 | permanent VPNs are better provided by tools such as ipsecctl(8) and | ||
743 | isakmpd(8). | ||
744 | |||
745 | ENVIRONMENT | ||
746 | ssh will normally set the following environment variables: | ||
747 | |||
748 | DISPLAY The DISPLAY variable indicates the location of the | ||
749 | X11 server. It is automatically set by ssh to | ||
750 | point to a value of the form M-bM-^@M-^\hostname:nM-bM-^@M-^], where | ||
751 | M-bM-^@M-^\hostnameM-bM-^@M-^] indicates the host where the shell runs, | ||
752 | and M-bM-^@M-^XnM-bM-^@M-^Y is an integer M-bM-^IM-% 1. ssh uses this special | ||
753 | value to forward X11 connections over the secure | ||
754 | channel. The user should normally not set DISPLAY | ||
755 | explicitly, as that will render the X11 connection | ||
756 | insecure (and will require the user to manually | ||
757 | copy any required authorization cookies). | ||
758 | |||
759 | HOME Set to the path of the user's home directory. | ||
760 | |||
761 | LOGNAME Synonym for USER; set for compatibility with | ||
762 | systems that use this variable. | ||
763 | |||
764 | MAIL Set to the path of the user's mailbox. | ||
765 | |||
766 | PATH Set to the default PATH, as specified when | ||
767 | compiling ssh. | ||
768 | |||
769 | SSH_ASKPASS If ssh needs a passphrase, it will read the | ||
770 | passphrase from the current terminal if it was run | ||
771 | from a terminal. If ssh does not have a terminal | ||
772 | associated with it but DISPLAY and SSH_ASKPASS are | ||
773 | set, it will execute the program specified by | ||
774 | SSH_ASKPASS and open an X11 window to read the | ||
775 | passphrase. This is particularly useful when | ||
776 | calling ssh from a .xsession or related script. | ||
777 | (Note that on some machines it may be necessary to | ||
778 | redirect the input from /dev/null to make this | ||
779 | work.) | ||
780 | |||
781 | SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to | ||
782 | communicate with the agent. | ||
783 | |||
784 | SSH_CONNECTION Identifies the client and server ends of the | ||
785 | connection. The variable contains four space- | ||
786 | separated values: client IP address, client port | ||
787 | number, server IP address, and server port number. | ||
788 | |||
789 | SSH_ORIGINAL_COMMAND This variable contains the original command line if | ||
790 | a forced command is executed. It can be used to | ||
791 | extract the original arguments. | ||
792 | |||
793 | SSH_TTY This is set to the name of the tty (path to the | ||
794 | device) associated with the current shell or | ||
795 | command. If the current session has no tty, this | ||
796 | variable is not set. | ||
797 | |||
798 | SSH_TUNNEL Optionally set by sshd(8) to contain the interface | ||
799 | names assigned if tunnel forwarding was requested | ||
800 | by the client. | ||
801 | |||
802 | SSH_USER_AUTH Optionally set by sshd(8), this variable may | ||
803 | contain a pathname to a file that lists the | ||
804 | authentication methods successfully used when the | ||
805 | session was established, including any public keys | ||
806 | that were used. | ||
807 | |||
808 | TZ This variable is set to indicate the present time | ||
809 | zone if it was set when the daemon was started | ||
810 | (i.e. the daemon passes the value on to new | ||
811 | connections). | ||
812 | |||
813 | USER Set to the name of the user logging in. | ||
814 | |||
815 | Additionally, ssh reads ~/.ssh/environment, and adds lines of the format | ||
816 | M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are | ||
817 | allowed to change their environment. For more information, see the | ||
818 | PermitUserEnvironment option in sshd_config(5). | ||
819 | |||
820 | FILES | ||
821 | ~/.rhosts | ||
822 | This file is used for host-based authentication (see above). On | ||
823 | some machines this file may need to be world-readable if the | ||
824 | user's home directory is on an NFS partition, because sshd(8) | ||
825 | reads it as root. Additionally, this file must be owned by the | ||
826 | user, and must not have write permissions for anyone else. The | ||
827 | recommended permission for most machines is read/write for the | ||
828 | user, and not accessible by others. | ||
829 | |||
830 | ~/.shosts | ||
831 | This file is used in exactly the same way as .rhosts, but allows | ||
832 | host-based authentication without permitting login with | ||
833 | rlogin/rsh. | ||
834 | |||
835 | ~/.ssh/ | ||
836 | This directory is the default location for all user-specific | ||
837 | configuration and authentication information. There is no | ||
838 | general requirement to keep the entire contents of this directory | ||
839 | secret, but the recommended permissions are read/write/execute | ||
840 | for the user, and not accessible by others. | ||
841 | |||
842 | ~/.ssh/authorized_keys | ||
843 | Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used | ||
844 | for logging in as this user. The format of this file is | ||
845 | described in the sshd(8) manual page. This file is not highly | ||
846 | sensitive, but the recommended permissions are read/write for the | ||
847 | user, and not accessible by others. | ||
848 | |||
849 | ~/.ssh/config | ||
850 | This is the per-user configuration file. The file format and | ||
851 | configuration options are described in ssh_config(5). Because of | ||
852 | the potential for abuse, this file must have strict permissions: | ||
853 | read/write for the user, and not writable by others. | ||
854 | |||
855 | ~/.ssh/environment | ||
856 | Contains additional definitions for environment variables; see | ||
857 | ENVIRONMENT, above. | ||
858 | |||
859 | ~/.ssh/id_dsa | ||
860 | ~/.ssh/id_ecdsa | ||
861 | ~/.ssh/id_ed25519 | ||
862 | ~/.ssh/id_rsa | ||
863 | Contains the private key for authentication. These files contain | ||
864 | sensitive data and should be readable by the user but not | ||
865 | accessible by others (read/write/execute). ssh will simply | ||
866 | ignore a private key file if it is accessible by others. It is | ||
867 | possible to specify a passphrase when generating the key which | ||
868 | will be used to encrypt the sensitive part of this file using | ||
869 | AES-128. | ||
870 | |||
871 | ~/.ssh/id_dsa.pub | ||
872 | ~/.ssh/id_ecdsa.pub | ||
873 | ~/.ssh/id_ed25519.pub | ||
874 | ~/.ssh/id_rsa.pub | ||
875 | Contains the public key for authentication. These files are not | ||
876 | sensitive and can (but need not) be readable by anyone. | ||
877 | |||
878 | ~/.ssh/known_hosts | ||
879 | Contains a list of host keys for all hosts the user has logged | ||
880 | into that are not already in the systemwide list of known host | ||
881 | keys. See sshd(8) for further details of the format of this | ||
882 | file. | ||
883 | |||
884 | ~/.ssh/rc | ||
885 | Commands in this file are executed by ssh when the user logs in, | ||
886 | just before the user's shell (or command) is started. See the | ||
887 | sshd(8) manual page for more information. | ||
888 | |||
889 | /etc/hosts.equiv | ||
890 | This file is for host-based authentication (see above). It | ||
891 | should only be writable by root. | ||
892 | |||
893 | /etc/shosts.equiv | ||
894 | This file is used in exactly the same way as hosts.equiv, but | ||
895 | allows host-based authentication without permitting login with | ||
896 | rlogin/rsh. | ||
897 | |||
898 | /etc/ssh/ssh_config | ||
899 | Systemwide configuration file. The file format and configuration | ||
900 | options are described in ssh_config(5). | ||
901 | |||
902 | /etc/ssh/ssh_host_key | ||
903 | /etc/ssh/ssh_host_dsa_key | ||
904 | /etc/ssh/ssh_host_ecdsa_key | ||
905 | /etc/ssh/ssh_host_ed25519_key | ||
906 | /etc/ssh/ssh_host_rsa_key | ||
907 | These files contain the private parts of the host keys and are | ||
908 | used for host-based authentication. | ||
909 | |||
910 | /etc/ssh/ssh_known_hosts | ||
911 | Systemwide list of known host keys. This file should be prepared | ||
912 | by the system administrator to contain the public host keys of | ||
913 | all machines in the organization. It should be world-readable. | ||
914 | See sshd(8) for further details of the format of this file. | ||
915 | |||
916 | /etc/ssh/sshrc | ||
917 | Commands in this file are executed by ssh when the user logs in, | ||
918 | just before the user's shell (or command) is started. See the | ||
919 | sshd(8) manual page for more information. | ||
920 | |||
921 | EXIT STATUS | ||
922 | ssh exits with the exit status of the remote command or with 255 if an | ||
923 | error occurred. | ||
924 | |||
925 | SEE ALSO | ||
926 | scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), | ||
927 | tun(4), ssh_config(5), ssh-keysign(8), sshd(8) | ||
928 | |||
929 | STANDARDS | ||
930 | S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned | ||
931 | Numbers, RFC 4250, January 2006. | ||
932 | |||
933 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, | ||
934 | RFC 4251, January 2006. | ||
935 | |||
936 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, | ||
937 | RFC 4252, January 2006. | ||
938 | |||
939 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer | ||
940 | Protocol, RFC 4253, January 2006. | ||
941 | |||
942 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC | ||
943 | 4254, January 2006. | ||
944 | |||
945 | J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell | ||
946 | (SSH) Key Fingerprints, RFC 4255, January 2006. | ||
947 | |||
948 | F. Cusack and M. Forssen, Generic Message Exchange Authentication for the | ||
949 | Secure Shell Protocol (SSH), RFC 4256, January 2006. | ||
950 | |||
951 | J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break | ||
952 | Extension, RFC 4335, January 2006. | ||
953 | |||
954 | M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport | ||
955 | Layer Encryption Modes, RFC 4344, January 2006. | ||
956 | |||
957 | B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport | ||
958 | Layer Protocol, RFC 4345, January 2006. | ||
959 | |||
960 | M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for | ||
961 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. | ||
962 | |||
963 | J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File | ||
964 | Format, RFC 4716, November 2006. | ||
965 | |||
966 | D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the | ||
967 | Secure Shell Transport Layer, RFC 5656, December 2009. | ||
968 | |||
969 | A. Perrig and D. Song, Hash Visualization: a New Technique to improve | ||
970 | Real-World Security, 1999, International Workshop on Cryptographic | ||
971 | Techniques and E-Commerce (CrypTEC '99). | ||
972 | |||
973 | AUTHORS | ||
974 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
975 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
976 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
977 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
978 | versions 1.5 and 2.0. | ||
979 | |||
980 | OpenBSD 6.6 June 12, 2019 OpenBSD 6.6 | ||
diff --git a/ssh_config.0 b/ssh_config.0 new file mode 100644 index 000000000..94ef73676 --- /dev/null +++ b/ssh_config.0 | |||
@@ -0,0 +1,1133 @@ | |||
1 | SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5) | ||
2 | |||
3 | NAME | ||
4 | ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files | ||
5 | |||
6 | DESCRIPTION | ||
7 | ssh(1) obtains configuration data from the following sources in the | ||
8 | following order: | ||
9 | |||
10 | 1. command-line options | ||
11 | 2. user's configuration file (~/.ssh/config) | ||
12 | 3. system-wide configuration file (/etc/ssh/ssh_config) | ||
13 | |||
14 | For each parameter, the first obtained value will be used. The | ||
15 | configuration files contain sections separated by Host specifications, | ||
16 | and that section is only applied for hosts that match one of the patterns | ||
17 | given in the specification. The matched host name is usually the one | ||
18 | given on the command line (see the CanonicalizeHostname option for | ||
19 | exceptions). | ||
20 | |||
21 | Since the first obtained value for each parameter is used, more host- | ||
22 | specific declarations should be given near the beginning of the file, and | ||
23 | general defaults at the end. | ||
24 | |||
25 | The file contains keyword-argument pairs, one per line. Lines starting | ||
26 | with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may | ||
27 | optionally be enclosed in double quotes (") in order to represent | ||
28 | arguments containing spaces. Configuration options may be separated by | ||
29 | whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format | ||
30 | is useful to avoid the need to quote whitespace when specifying | ||
31 | configuration options using the ssh, scp, and sftp -o option. | ||
32 | |||
33 | The possible keywords and their meanings are as follows (note that | ||
34 | keywords are case-insensitive and arguments are case-sensitive): | ||
35 | |||
36 | Host Restricts the following declarations (up to the next Host or | ||
37 | Match keyword) to be only for those hosts that match one of the | ||
38 | patterns given after the keyword. If more than one pattern is | ||
39 | provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y | ||
40 | as a pattern can be used to provide global defaults for all | ||
41 | hosts. The host is usually the hostname argument given on the | ||
42 | command line (see the CanonicalizeHostname keyword for | ||
43 | exceptions). | ||
44 | |||
45 | A pattern entry may be negated by prefixing it with an | ||
46 | exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the | ||
47 | Host entry is ignored, regardless of whether any other patterns | ||
48 | on the line match. Negated matches are therefore useful to | ||
49 | provide exceptions for wildcard matches. | ||
50 | |||
51 | See PATTERNS for more information on patterns. | ||
52 | |||
53 | Match Restricts the following declarations (up to the next Host or | ||
54 | Match keyword) to be used only when the conditions following the | ||
55 | Match keyword are satisfied. Match conditions are specified | ||
56 | using one or more criteria or the single token all which always | ||
57 | matches. The available criteria keywords are: canonical, final, | ||
58 | exec, host, originalhost, user, and localuser. The all criteria | ||
59 | must appear alone or immediately after canonical or final. Other | ||
60 | criteria may be combined arbitrarily. All criteria but all, | ||
61 | canonical, and final require an argument. Criteria may be | ||
62 | negated by prepending an exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). | ||
63 | |||
64 | The canonical keyword matches only when the configuration file is | ||
65 | being re-parsed after hostname canonicalization (see the | ||
66 | CanonicalizeHostname option). This may be useful to specify | ||
67 | conditions that work with canonical host names only. | ||
68 | |||
69 | The final keyword requests that the configuration be re-parsed | ||
70 | (regardless of whether CanonicalizeHostname is enabled), and | ||
71 | matches only during this final pass. If CanonicalizeHostname is | ||
72 | enabled, then canonical and final match during the same pass. | ||
73 | |||
74 | The exec keyword executes the specified command under the user's | ||
75 | shell. If the command returns a zero exit status then the | ||
76 | condition is considered true. Commands containing whitespace | ||
77 | characters must be quoted. Arguments to exec accept the tokens | ||
78 | described in the TOKENS section. | ||
79 | |||
80 | The other keywords' criteria must be single entries or comma- | ||
81 | separated lists and may use the wildcard and negation operators | ||
82 | described in the PATTERNS section. The criteria for the host | ||
83 | keyword are matched against the target hostname, after any | ||
84 | substitution by the Hostname or CanonicalizeHostname options. | ||
85 | The originalhost keyword matches against the hostname as it was | ||
86 | specified on the command-line. The user keyword matches against | ||
87 | the target username on the remote host. The localuser keyword | ||
88 | matches against the name of the local user running ssh(1) (this | ||
89 | keyword may be useful in system-wide ssh_config files). | ||
90 | |||
91 | AddKeysToAgent | ||
92 | Specifies whether keys should be automatically added to a running | ||
93 | ssh-agent(1). If this option is set to yes and a key is loaded | ||
94 | from a file, the key and its passphrase are added to the agent | ||
95 | with the default lifetime, as if by ssh-add(1). If this option | ||
96 | is set to ask, ssh(1) will require confirmation using the | ||
97 | SSH_ASKPASS program before adding a key (see ssh-add(1) for | ||
98 | details). If this option is set to confirm, each use of the key | ||
99 | must be confirmed, as if the -c option was specified to | ||
100 | ssh-add(1). If this option is set to no, no keys are added to | ||
101 | the agent. The argument must be yes, confirm, ask, or no (the | ||
102 | default). | ||
103 | |||
104 | AddressFamily | ||
105 | Specifies which address family to use when connecting. Valid | ||
106 | arguments are any (the default), inet (use IPv4 only), or inet6 | ||
107 | (use IPv6 only). | ||
108 | |||
109 | BatchMode | ||
110 | If set to yes, passphrase/password querying will be disabled. | ||
111 | This option is useful in scripts and other batch jobs where no | ||
112 | user is present to supply the password. The argument must be yes | ||
113 | or no (the default). | ||
114 | |||
115 | BindAddress | ||
116 | Use the specified address on the local machine as the source | ||
117 | address of the connection. Only useful on systems with more than | ||
118 | one address. | ||
119 | |||
120 | BindInterface | ||
121 | Use the address of the specified interface on the local machine | ||
122 | as the source address of the connection. | ||
123 | |||
124 | CanonicalDomains | ||
125 | When CanonicalizeHostname is enabled, this option specifies the | ||
126 | list of domain suffixes in which to search for the specified | ||
127 | destination host. | ||
128 | |||
129 | CanonicalizeFallbackLocal | ||
130 | Specifies whether to fail with an error when hostname | ||
131 | canonicalization fails. The default, yes, will attempt to look | ||
132 | up the unqualified hostname using the system resolver's search | ||
133 | rules. A value of no will cause ssh(1) to fail instantly if | ||
134 | CanonicalizeHostname is enabled and the target hostname cannot be | ||
135 | found in any of the domains specified by CanonicalDomains. | ||
136 | |||
137 | CanonicalizeHostname | ||
138 | Controls whether explicit hostname canonicalization is performed. | ||
139 | The default, no, is not to perform any name rewriting and let the | ||
140 | system resolver handle all hostname lookups. If set to yes then, | ||
141 | for connections that do not use a ProxyCommand or ProxyJump, | ||
142 | ssh(1) will attempt to canonicalize the hostname specified on the | ||
143 | command line using the CanonicalDomains suffixes and | ||
144 | CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is | ||
145 | set to always, then canonicalization is applied to proxied | ||
146 | connections too. | ||
147 | |||
148 | If this option is enabled, then the configuration files are | ||
149 | processed again using the new target name to pick up any new | ||
150 | configuration in matching Host and Match stanzas. | ||
151 | |||
152 | CanonicalizeMaxDots | ||
153 | Specifies the maximum number of dot characters in a hostname | ||
154 | before canonicalization is disabled. The default, 1, allows a | ||
155 | single dot (i.e. hostname.subdomain). | ||
156 | |||
157 | CanonicalizePermittedCNAMEs | ||
158 | Specifies rules to determine whether CNAMEs should be followed | ||
159 | when canonicalizing hostnames. The rules consist of one or more | ||
160 | arguments of source_domain_list:target_domain_list, where | ||
161 | source_domain_list is a pattern-list of domains that may follow | ||
162 | CNAMEs in canonicalization, and target_domain_list is a pattern- | ||
163 | list of domains that they may resolve to. | ||
164 | |||
165 | For example, "*.a.example.com:*.b.example.com,*.c.example.com" | ||
166 | will allow hostnames matching "*.a.example.com" to be | ||
167 | canonicalized to names in the "*.b.example.com" or | ||
168 | "*.c.example.com" domains. | ||
169 | |||
170 | CASignatureAlgorithms | ||
171 | Specifies which algorithms are allowed for signing of | ||
172 | certificates by certificate authorities (CAs). The default is: | ||
173 | |||
174 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
175 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
176 | |||
177 | ssh(1) will not accept host certificates signed using algorithms | ||
178 | other than those specified. | ||
179 | |||
180 | CertificateFile | ||
181 | Specifies a file from which the user's certificate is read. A | ||
182 | corresponding private key must be provided separately in order to | ||
183 | use this certificate either from an IdentityFile directive or -i | ||
184 | flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider. | ||
185 | |||
186 | Arguments to CertificateFile may use the tilde syntax to refer to | ||
187 | a user's home directory or the tokens described in the TOKENS | ||
188 | section. | ||
189 | |||
190 | It is possible to have multiple certificate files specified in | ||
191 | configuration files; these certificates will be tried in | ||
192 | sequence. Multiple CertificateFile directives will add to the | ||
193 | list of certificates used for authentication. | ||
194 | |||
195 | ChallengeResponseAuthentication | ||
196 | Specifies whether to use challenge-response authentication. The | ||
197 | argument to this keyword must be yes (the default) or no. | ||
198 | |||
199 | CheckHostIP | ||
200 | If set to yes (the default), ssh(1) will additionally check the | ||
201 | host IP address in the known_hosts file. This allows it to | ||
202 | detect if a host key changed due to DNS spoofing and will add | ||
203 | addresses of destination hosts to ~/.ssh/known_hosts in the | ||
204 | process, regardless of the setting of StrictHostKeyChecking. If | ||
205 | the option is set to no, the check will not be executed. | ||
206 | |||
207 | Ciphers | ||
208 | Specifies the ciphers allowed and their order of preference. | ||
209 | Multiple ciphers must be comma-separated. If the specified list | ||
210 | begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be | ||
211 | appended to the default set instead of replacing them. If the | ||
212 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified | ||
213 | ciphers (including wildcards) will be removed from the default | ||
214 | set instead of replacing them. If the specified list begins with | ||
215 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified ciphers will be placed at the | ||
216 | head of the default set. | ||
217 | |||
218 | The supported ciphers are: | ||
219 | |||
220 | 3des-cbc | ||
221 | aes128-cbc | ||
222 | aes192-cbc | ||
223 | aes256-cbc | ||
224 | aes128-ctr | ||
225 | aes192-ctr | ||
226 | aes256-ctr | ||
227 | aes128-gcm@openssh.com | ||
228 | aes256-gcm@openssh.com | ||
229 | chacha20-poly1305@openssh.com | ||
230 | |||
231 | The default is: | ||
232 | |||
233 | chacha20-poly1305@openssh.com, | ||
234 | aes128-ctr,aes192-ctr,aes256-ctr, | ||
235 | aes128-gcm@openssh.com,aes256-gcm@openssh.com | ||
236 | |||
237 | The list of available ciphers may also be obtained using "ssh -Q | ||
238 | cipher". | ||
239 | |||
240 | ClearAllForwardings | ||
241 | Specifies that all local, remote, and dynamic port forwardings | ||
242 | specified in the configuration files or on the command line be | ||
243 | cleared. This option is primarily useful when used from the | ||
244 | ssh(1) command line to clear port forwardings set in | ||
245 | configuration files, and is automatically set by scp(1) and | ||
246 | sftp(1). The argument must be yes or no (the default). | ||
247 | |||
248 | Compression | ||
249 | Specifies whether to use compression. The argument must be yes | ||
250 | or no (the default). | ||
251 | |||
252 | ConnectionAttempts | ||
253 | Specifies the number of tries (one per second) to make before | ||
254 | exiting. The argument must be an integer. This may be useful in | ||
255 | scripts if the connection sometimes fails. The default is 1. | ||
256 | |||
257 | ConnectTimeout | ||
258 | Specifies the timeout (in seconds) used when connecting to the | ||
259 | SSH server, instead of using the default system TCP timeout. | ||
260 | This timeout is applied both to establishing the connection and | ||
261 | to performing the initial SSH protocol handshake and key | ||
262 | exchange. | ||
263 | |||
264 | ControlMaster | ||
265 | Enables the sharing of multiple sessions over a single network | ||
266 | connection. When set to yes, ssh(1) will listen for connections | ||
267 | on a control socket specified using the ControlPath argument. | ||
268 | Additional sessions can connect to this socket using the same | ||
269 | ControlPath with ControlMaster set to no (the default). These | ||
270 | sessions will try to reuse the master instance's network | ||
271 | connection rather than initiating new ones, but will fall back to | ||
272 | connecting normally if the control socket does not exist, or is | ||
273 | not listening. | ||
274 | |||
275 | Setting this to ask will cause ssh(1) to listen for control | ||
276 | connections, but require confirmation using ssh-askpass(1). If | ||
277 | the ControlPath cannot be opened, ssh(1) will continue without | ||
278 | connecting to a master instance. | ||
279 | |||
280 | X11 and ssh-agent(1) forwarding is supported over these | ||
281 | multiplexed connections, however the display and agent forwarded | ||
282 | will be the one belonging to the master connection i.e. it is not | ||
283 | possible to forward multiple displays or agents. | ||
284 | |||
285 | Two additional options allow for opportunistic multiplexing: try | ||
286 | to use a master connection but fall back to creating a new one if | ||
287 | one does not already exist. These options are: auto and autoask. | ||
288 | The latter requires confirmation like the ask option. | ||
289 | |||
290 | ControlPath | ||
291 | Specify the path to the control socket used for connection | ||
292 | sharing as described in the ControlMaster section above or the | ||
293 | string none to disable connection sharing. Arguments to | ||
294 | ControlPath may use the tilde syntax to refer to a user's home | ||
295 | directory or the tokens described in the TOKENS section. It is | ||
296 | recommended that any ControlPath used for opportunistic | ||
297 | connection sharing include at least %h, %p, and %r (or | ||
298 | alternatively %C) and be placed in a directory that is not | ||
299 | writable by other users. This ensures that shared connections | ||
300 | are uniquely identified. | ||
301 | |||
302 | ControlPersist | ||
303 | When used in conjunction with ControlMaster, specifies that the | ||
304 | master connection should remain open in the background (waiting | ||
305 | for future client connections) after the initial client | ||
306 | connection has been closed. If set to no, then the master | ||
307 | connection will not be placed into the background, and will close | ||
308 | as soon as the initial client connection is closed. If set to | ||
309 | yes or 0, then the master connection will remain in the | ||
310 | background indefinitely (until killed or closed via a mechanism | ||
311 | such as the "ssh -O exit"). If set to a time in seconds, or a | ||
312 | time in any of the formats documented in sshd_config(5), then the | ||
313 | backgrounded master connection will automatically terminate after | ||
314 | it has remained idle (with no client connections) for the | ||
315 | specified time. | ||
316 | |||
317 | DynamicForward | ||
318 | Specifies that a TCP port on the local machine be forwarded over | ||
319 | the secure channel, and the application protocol is then used to | ||
320 | determine where to connect to from the remote machine. | ||
321 | |||
322 | The argument must be [bind_address:]port. IPv6 addresses can be | ||
323 | specified by enclosing addresses in square brackets. By default, | ||
324 | the local port is bound in accordance with the GatewayPorts | ||
325 | setting. However, an explicit bind_address may be used to bind | ||
326 | the connection to a specific address. The bind_address of | ||
327 | localhost indicates that the listening port be bound for local | ||
328 | use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port | ||
329 | should be available from all interfaces. | ||
330 | |||
331 | Currently the SOCKS4 and SOCKS5 protocols are supported, and | ||
332 | ssh(1) will act as a SOCKS server. Multiple forwardings may be | ||
333 | specified, and additional forwardings can be given on the command | ||
334 | line. Only the superuser can forward privileged ports. | ||
335 | |||
336 | EnableSSHKeysign | ||
337 | Setting this option to yes in the global client configuration | ||
338 | file /etc/ssh/ssh_config enables the use of the helper program | ||
339 | ssh-keysign(8) during HostbasedAuthentication. The argument must | ||
340 | be yes or no (the default). This option should be placed in the | ||
341 | non-hostspecific section. See ssh-keysign(8) for more | ||
342 | information. | ||
343 | |||
344 | EscapeChar | ||
345 | Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character | ||
346 | can also be set on the command line. The argument should be a | ||
347 | single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable | ||
348 | the escape character entirely (making the connection transparent | ||
349 | for binary data). | ||
350 | |||
351 | ExitOnForwardFailure | ||
352 | Specifies whether ssh(1) should terminate the connection if it | ||
353 | cannot set up all requested dynamic, tunnel, local, and remote | ||
354 | port forwardings, (e.g. if either end is unable to bind and | ||
355 | listen on a specified port). Note that ExitOnForwardFailure does | ||
356 | not apply to connections made over port forwardings and will not, | ||
357 | for example, cause ssh(1) to exit if TCP connections to the | ||
358 | ultimate forwarding destination fail. The argument must be yes | ||
359 | or no (the default). | ||
360 | |||
361 | FingerprintHash | ||
362 | Specifies the hash algorithm used when displaying key | ||
363 | fingerprints. Valid options are: md5 and sha256 (the default). | ||
364 | |||
365 | ForwardAgent | ||
366 | Specifies whether the connection to the authentication agent (if | ||
367 | any) will be forwarded to the remote machine. The argument must | ||
368 | be yes or no (the default). | ||
369 | |||
370 | Agent forwarding should be enabled with caution. Users with the | ||
371 | ability to bypass file permissions on the remote host (for the | ||
372 | agent's Unix-domain socket) can access the local agent through | ||
373 | the forwarded connection. An attacker cannot obtain key material | ||
374 | from the agent, however they can perform operations on the keys | ||
375 | that enable them to authenticate using the identities loaded into | ||
376 | the agent. | ||
377 | |||
378 | ForwardX11 | ||
379 | Specifies whether X11 connections will be automatically | ||
380 | redirected over the secure channel and DISPLAY set. The argument | ||
381 | must be yes or no (the default). | ||
382 | |||
383 | X11 forwarding should be enabled with caution. Users with the | ||
384 | ability to bypass file permissions on the remote host (for the | ||
385 | user's X11 authorization database) can access the local X11 | ||
386 | display through the forwarded connection. An attacker may then | ||
387 | be able to perform activities such as keystroke monitoring if the | ||
388 | ForwardX11Trusted option is also enabled. | ||
389 | |||
390 | ForwardX11Timeout | ||
391 | Specify a timeout for untrusted X11 forwarding using the format | ||
392 | described in the TIME FORMATS section of sshd_config(5). X11 | ||
393 | connections received by ssh(1) after this time will be refused. | ||
394 | Setting ForwardX11Timeout to zero will disable the timeout and | ||
395 | permit X11 forwarding for the life of the connection. The | ||
396 | default is to disable untrusted X11 forwarding after twenty | ||
397 | minutes has elapsed. | ||
398 | |||
399 | ForwardX11Trusted | ||
400 | If this option is set to yes, remote X11 clients will have full | ||
401 | access to the original X11 display. | ||
402 | |||
403 | If this option is set to no (the default), remote X11 clients | ||
404 | will be considered untrusted and prevented from stealing or | ||
405 | tampering with data belonging to trusted X11 clients. | ||
406 | Furthermore, the xauth(1) token used for the session will be set | ||
407 | to expire after 20 minutes. Remote clients will be refused | ||
408 | access after this time. | ||
409 | |||
410 | See the X11 SECURITY extension specification for full details on | ||
411 | the restrictions imposed on untrusted clients. | ||
412 | |||
413 | GatewayPorts | ||
414 | Specifies whether remote hosts are allowed to connect to local | ||
415 | forwarded ports. By default, ssh(1) binds local port forwardings | ||
416 | to the loopback address. This prevents other remote hosts from | ||
417 | connecting to forwarded ports. GatewayPorts can be used to | ||
418 | specify that ssh should bind local port forwardings to the | ||
419 | wildcard address, thus allowing remote hosts to connect to | ||
420 | forwarded ports. The argument must be yes or no (the default). | ||
421 | |||
422 | GlobalKnownHostsFile | ||
423 | Specifies one or more files to use for the global host key | ||
424 | database, separated by whitespace. The default is | ||
425 | /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2. | ||
426 | |||
427 | GSSAPIAuthentication | ||
428 | Specifies whether user authentication based on GSSAPI is allowed. | ||
429 | The default is no. | ||
430 | |||
431 | GSSAPIDelegateCredentials | ||
432 | Forward (delegate) credentials to the server. The default is no. | ||
433 | |||
434 | HashKnownHosts | ||
435 | Indicates that ssh(1) should hash host names and addresses when | ||
436 | they are added to ~/.ssh/known_hosts. These hashed names may be | ||
437 | used normally by ssh(1) and sshd(8), but they do not reveal | ||
438 | identifying information should the file's contents be disclosed. | ||
439 | The default is no. Note that existing names and addresses in | ||
440 | known hosts files will not be converted automatically, but may be | ||
441 | manually hashed using ssh-keygen(1). | ||
442 | |||
443 | HostbasedAuthentication | ||
444 | Specifies whether to try rhosts based authentication with public | ||
445 | key authentication. The argument must be yes or no (the | ||
446 | default). | ||
447 | |||
448 | HostbasedKeyTypes | ||
449 | Specifies the key types that will be used for hostbased | ||
450 | authentication as a comma-separated list of patterns. | ||
451 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
452 | then the specified key types will be appended to the default set | ||
453 | instead of replacing them. If the specified list begins with a | ||
454 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | ||
455 | will be removed from the default set instead of replacing them. | ||
456 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
457 | specified key types will be placed at the head of the default | ||
458 | set. The default for this option is: | ||
459 | |||
460 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
461 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
462 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
463 | ssh-ed25519-cert-v01@openssh.com, | ||
464 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | ||
465 | ssh-rsa-cert-v01@openssh.com, | ||
466 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
467 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
468 | |||
469 | The -Q option of ssh(1) may be used to list supported key types. | ||
470 | |||
471 | HostKeyAlgorithms | ||
472 | Specifies the host key algorithms that the client wants to use in | ||
473 | order of preference. Alternately if the specified list begins | ||
474 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be | ||
475 | appended to the default set instead of replacing them. If the | ||
476 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified | ||
477 | key types (including wildcards) will be removed from the default | ||
478 | set instead of replacing them. If the specified list begins with | ||
479 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be placed at | ||
480 | the head of the default set. The default for this option is: | ||
481 | |||
482 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
483 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
484 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
485 | ssh-ed25519-cert-v01@openssh.com, | ||
486 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | ||
487 | ssh-rsa-cert-v01@openssh.com, | ||
488 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
489 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
490 | |||
491 | If hostkeys are known for the destination host then this default | ||
492 | is modified to prefer their algorithms. | ||
493 | |||
494 | The list of available key types may also be obtained using "ssh | ||
495 | -Q key". | ||
496 | |||
497 | HostKeyAlias | ||
498 | Specifies an alias that should be used instead of the real host | ||
499 | name when looking up or saving the host key in the host key | ||
500 | database files and when validating host certificates. This | ||
501 | option is useful for tunneling SSH connections or for multiple | ||
502 | servers running on a single host. | ||
503 | |||
504 | Hostname | ||
505 | Specifies the real host name to log into. This can be used to | ||
506 | specify nicknames or abbreviations for hosts. Arguments to | ||
507 | Hostname accept the tokens described in the TOKENS section. | ||
508 | Numeric IP addresses are also permitted (both on the command line | ||
509 | and in Hostname specifications). The default is the name given | ||
510 | on the command line. | ||
511 | |||
512 | IdentitiesOnly | ||
513 | Specifies that ssh(1) should only use the configured | ||
514 | authentication identity and certificate files (either the default | ||
515 | files, or those explicitly configured in the ssh_config files or | ||
516 | passed on the ssh(1) command-line), even if ssh-agent(1) or a | ||
517 | PKCS11Provider offers more identities. The argument to this | ||
518 | keyword must be yes or no (the default). This option is intended | ||
519 | for situations where ssh-agent offers many different identities. | ||
520 | |||
521 | IdentityAgent | ||
522 | Specifies the UNIX-domain socket used to communicate with the | ||
523 | authentication agent. | ||
524 | |||
525 | This option overrides the SSH_AUTH_SOCK environment variable and | ||
526 | can be used to select a specific agent. Setting the socket name | ||
527 | to none disables the use of an authentication agent. If the | ||
528 | string "SSH_AUTH_SOCK" is specified, the location of the socket | ||
529 | will be read from the SSH_AUTH_SOCK environment variable. | ||
530 | Otherwise if the specified value begins with a M-bM-^@M-^X$M-bM-^@M-^Y character, | ||
531 | then it will be treated as an environment variable containing the | ||
532 | location of the socket. | ||
533 | |||
534 | Arguments to IdentityAgent may use the tilde syntax to refer to a | ||
535 | user's home directory or the tokens described in the TOKENS | ||
536 | section. | ||
537 | |||
538 | IdentityFile | ||
539 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA | ||
540 | authentication identity is read. The default is ~/.ssh/id_dsa, | ||
541 | ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. | ||
542 | Additionally, any identities represented by the authentication | ||
543 | agent will be used for authentication unless IdentitiesOnly is | ||
544 | set. If no certificates have been explicitly specified by | ||
545 | CertificateFile, ssh(1) will try to load certificate information | ||
546 | from the filename obtained by appending -cert.pub to the path of | ||
547 | a specified IdentityFile. | ||
548 | |||
549 | Arguments to IdentityFile may use the tilde syntax to refer to a | ||
550 | user's home directory or the tokens described in the TOKENS | ||
551 | section. | ||
552 | |||
553 | It is possible to have multiple identity files specified in | ||
554 | configuration files; all these identities will be tried in | ||
555 | sequence. Multiple IdentityFile directives will add to the list | ||
556 | of identities tried (this behaviour differs from that of other | ||
557 | configuration directives). | ||
558 | |||
559 | IdentityFile may be used in conjunction with IdentitiesOnly to | ||
560 | select which identities in an agent are offered during | ||
561 | authentication. IdentityFile may also be used in conjunction | ||
562 | with CertificateFile in order to provide any certificate also | ||
563 | needed for authentication with the identity. | ||
564 | |||
565 | IgnoreUnknown | ||
566 | Specifies a pattern-list of unknown options to be ignored if they | ||
567 | are encountered in configuration parsing. This may be used to | ||
568 | suppress errors if ssh_config contains options that are | ||
569 | unrecognised by ssh(1). It is recommended that IgnoreUnknown be | ||
570 | listed early in the configuration file as it will not be applied | ||
571 | to unknown options that appear before it. | ||
572 | |||
573 | Include | ||
574 | Include the specified configuration file(s). Multiple pathnames | ||
575 | may be specified and each pathname may contain glob(7) wildcards | ||
576 | and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user | ||
577 | home directories. Files without absolute paths are assumed to be | ||
578 | in ~/.ssh if included in a user configuration file or /etc/ssh if | ||
579 | included from the system configuration file. Include directive | ||
580 | may appear inside a Match or Host block to perform conditional | ||
581 | inclusion. | ||
582 | |||
583 | IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. | ||
584 | Accepted values are af11, af12, af13, af21, af22, af23, af31, | ||
585 | af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6, | ||
586 | cs7, ef, lowdelay, throughput, reliability, a numeric value, or | ||
587 | none to use the operating system default. This option may take | ||
588 | one or two arguments, separated by whitespace. If one argument | ||
589 | is specified, it is used as the packet class unconditionally. If | ||
590 | two values are specified, the first is automatically selected for | ||
591 | interactive sessions and the second for non-interactive sessions. | ||
592 | The default is af21 (Low-Latency Data) for interactive sessions | ||
593 | and cs1 (Lower Effort) for non-interactive sessions. | ||
594 | |||
595 | KbdInteractiveAuthentication | ||
596 | Specifies whether to use keyboard-interactive authentication. | ||
597 | The argument to this keyword must be yes (the default) or no. | ||
598 | |||
599 | KbdInteractiveDevices | ||
600 | Specifies the list of methods to use in keyboard-interactive | ||
601 | authentication. Multiple method names must be comma-separated. | ||
602 | The default is to use the server specified list. The methods | ||
603 | available vary depending on what the server supports. For an | ||
604 | OpenSSH server, it may be zero or more of: bsdauth and pam. | ||
605 | |||
606 | KexAlgorithms | ||
607 | Specifies the available KEX (Key Exchange) algorithms. Multiple | ||
608 | algorithms must be comma-separated. If the specified list begins | ||
609 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will be appended | ||
610 | to the default set instead of replacing them. If the specified | ||
611 | list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified methods | ||
612 | (including wildcards) will be removed from the default set | ||
613 | instead of replacing them. If the specified list begins with a | ||
614 | M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the | ||
615 | head of the default set. The default is: | ||
616 | |||
617 | curve25519-sha256,curve25519-sha256@libssh.org, | ||
618 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | ||
619 | diffie-hellman-group-exchange-sha256, | ||
620 | diffie-hellman-group16-sha512, | ||
621 | diffie-hellman-group18-sha512, | ||
622 | diffie-hellman-group14-sha256, | ||
623 | diffie-hellman-group14-sha1 | ||
624 | |||
625 | The list of available key exchange algorithms may also be | ||
626 | obtained using "ssh -Q kex". | ||
627 | |||
628 | LocalCommand | ||
629 | Specifies a command to execute on the local machine after | ||
630 | successfully connecting to the server. The command string | ||
631 | extends to the end of the line, and is executed with the user's | ||
632 | shell. Arguments to LocalCommand accept the tokens described in | ||
633 | the TOKENS section. | ||
634 | |||
635 | The command is run synchronously and does not have access to the | ||
636 | session of the ssh(1) that spawned it. It should not be used for | ||
637 | interactive commands. | ||
638 | |||
639 | This directive is ignored unless PermitLocalCommand has been | ||
640 | enabled. | ||
641 | |||
642 | LocalForward | ||
643 | Specifies that a TCP port on the local machine be forwarded over | ||
644 | the secure channel to the specified host and port from the remote | ||
645 | machine. The first argument must be [bind_address:]port and the | ||
646 | second argument must be host:hostport. IPv6 addresses can be | ||
647 | specified by enclosing addresses in square brackets. Multiple | ||
648 | forwardings may be specified, and additional forwardings can be | ||
649 | given on the command line. Only the superuser can forward | ||
650 | privileged ports. By default, the local port is bound in | ||
651 | accordance with the GatewayPorts setting. However, an explicit | ||
652 | bind_address may be used to bind the connection to a specific | ||
653 | address. The bind_address of localhost indicates that the | ||
654 | listening port be bound for local use only, while an empty | ||
655 | address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from | ||
656 | all interfaces. | ||
657 | |||
658 | LogLevel | ||
659 | Gives the verbosity level that is used when logging messages from | ||
660 | ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, | ||
661 | VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. | ||
662 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | ||
663 | higher levels of verbose output. | ||
664 | |||
665 | MACs Specifies the MAC (message authentication code) algorithms in | ||
666 | order of preference. The MAC algorithm is used for data | ||
667 | integrity protection. Multiple algorithms must be comma- | ||
668 | separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
669 | then the specified algorithms will be appended to the default set | ||
670 | instead of replacing them. If the specified list begins with a | ||
671 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including | ||
672 | wildcards) will be removed from the default set instead of | ||
673 | replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y | ||
674 | character, then the specified algorithms will be placed at the | ||
675 | head of the default set. | ||
676 | |||
677 | The algorithms that contain "-etm" calculate the MAC after | ||
678 | encryption (encrypt-then-mac). These are considered safer and | ||
679 | their use recommended. | ||
680 | |||
681 | The default is: | ||
682 | |||
683 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | ||
684 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | ||
685 | hmac-sha1-etm@openssh.com, | ||
686 | umac-64@openssh.com,umac-128@openssh.com, | ||
687 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 | ||
688 | |||
689 | The list of available MAC algorithms may also be obtained using | ||
690 | "ssh -Q mac". | ||
691 | |||
692 | NoHostAuthenticationForLocalhost | ||
693 | Disable host authentication for localhost (loopback addresses). | ||
694 | The argument to this keyword must be yes or no (the default). | ||
695 | |||
696 | NumberOfPasswordPrompts | ||
697 | Specifies the number of password prompts before giving up. The | ||
698 | argument to this keyword must be an integer. The default is 3. | ||
699 | |||
700 | PasswordAuthentication | ||
701 | Specifies whether to use password authentication. The argument | ||
702 | to this keyword must be yes (the default) or no. | ||
703 | |||
704 | PermitLocalCommand | ||
705 | Allow local command execution via the LocalCommand option or | ||
706 | using the !command escape sequence in ssh(1). The argument must | ||
707 | be yes or no (the default). | ||
708 | |||
709 | PKCS11Provider | ||
710 | Specifies which PKCS#11 provider to use or none to indicate that | ||
711 | no provider should be used (the default). The argument to this | ||
712 | keyword is a path to the PKCS#11 shared library ssh(1) should use | ||
713 | to communicate with a PKCS#11 token providing keys for user | ||
714 | authentication. | ||
715 | |||
716 | Port Specifies the port number to connect on the remote host. The | ||
717 | default is 22. | ||
718 | |||
719 | PreferredAuthentications | ||
720 | Specifies the order in which the client should try authentication | ||
721 | methods. This allows a client to prefer one method (e.g. | ||
722 | keyboard-interactive) over another method (e.g. password). The | ||
723 | default is: | ||
724 | |||
725 | gssapi-with-mic,hostbased,publickey, | ||
726 | keyboard-interactive,password | ||
727 | |||
728 | ProxyCommand | ||
729 | Specifies the command to use to connect to the server. The | ||
730 | command string extends to the end of the line, and is executed | ||
731 | using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering | ||
732 | shell process. | ||
733 | |||
734 | Arguments to ProxyCommand accept the tokens described in the | ||
735 | TOKENS section. The command can be basically anything, and | ||
736 | should read from its standard input and write to its standard | ||
737 | output. It should eventually connect an sshd(8) server running | ||
738 | on some machine, or execute sshd -i somewhere. Host key | ||
739 | management will be done using the Hostname of the host being | ||
740 | connected (defaulting to the name typed by the user). Setting | ||
741 | the command to none disables this option entirely. Note that | ||
742 | CheckHostIP is not available for connects with a proxy command. | ||
743 | |||
744 | This directive is useful in conjunction with nc(1) and its proxy | ||
745 | support. For example, the following directive would connect via | ||
746 | an HTTP proxy at 192.0.2.0: | ||
747 | |||
748 | ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p | ||
749 | |||
750 | ProxyJump | ||
751 | Specifies one or more jump proxies as either [user@]host[:port] | ||
752 | or an ssh URI. Multiple proxies may be separated by comma | ||
753 | characters and will be visited sequentially. Setting this option | ||
754 | will cause ssh(1) to connect to the target host by first making a | ||
755 | ssh(1) connection to the specified ProxyJump host and then | ||
756 | establishing a TCP forwarding to the ultimate target from there. | ||
757 | |||
758 | Note that this option will compete with the ProxyCommand option - | ||
759 | whichever is specified first will prevent later instances of the | ||
760 | other from taking effect. | ||
761 | |||
762 | Note also that the configuration for the destination host (either | ||
763 | supplied via the command-line or the configuration file) is not | ||
764 | generally applied to jump hosts. ~/.ssh/config should be used if | ||
765 | specific configuration is required for jump hosts. | ||
766 | |||
767 | ProxyUseFdpass | ||
768 | Specifies that ProxyCommand will pass a connected file descriptor | ||
769 | back to ssh(1) instead of continuing to execute and pass data. | ||
770 | The default is no. | ||
771 | |||
772 | PubkeyAcceptedKeyTypes | ||
773 | Specifies the key types that will be used for public key | ||
774 | authentication as a comma-separated list of patterns. If the | ||
775 | specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key types | ||
776 | after it will be appended to the default instead of replacing it. | ||
777 | If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the | ||
778 | specified key types (including wildcards) will be removed from | ||
779 | the default set instead of replacing them. If the specified list | ||
780 | begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be | ||
781 | placed at the head of the default set. The default for this | ||
782 | option is: | ||
783 | |||
784 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
785 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
786 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
787 | ssh-ed25519-cert-v01@openssh.com, | ||
788 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | ||
789 | ssh-rsa-cert-v01@openssh.com, | ||
790 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
791 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
792 | |||
793 | The list of available key types may also be obtained using "ssh | ||
794 | -Q key". | ||
795 | |||
796 | PubkeyAuthentication | ||
797 | Specifies whether to try public key authentication. The argument | ||
798 | to this keyword must be yes (the default) or no. | ||
799 | |||
800 | RekeyLimit | ||
801 | Specifies the maximum amount of data that may be transmitted | ||
802 | before the session key is renegotiated, optionally followed a | ||
803 | maximum amount of time that may pass before the session key is | ||
804 | renegotiated. The first argument is specified in bytes and may | ||
805 | have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, | ||
806 | Megabytes, or Gigabytes, respectively. The default is between | ||
807 | M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second | ||
808 | value is specified in seconds and may use any of the units | ||
809 | documented in the TIME FORMATS section of sshd_config(5). The | ||
810 | default value for RekeyLimit is default none, which means that | ||
811 | rekeying is performed after the cipher's default amount of data | ||
812 | has been sent or received and no time based rekeying is done. | ||
813 | |||
814 | RemoteCommand | ||
815 | Specifies a command to execute on the remote machine after | ||
816 | successfully connecting to the server. The command string | ||
817 | extends to the end of the line, and is executed with the user's | ||
818 | shell. Arguments to RemoteCommand accept the tokens described in | ||
819 | the TOKENS section. | ||
820 | |||
821 | RemoteForward | ||
822 | Specifies that a TCP port on the remote machine be forwarded over | ||
823 | the secure channel. The remote port may either be forwarded to a | ||
824 | specified host and port from the local machine, or may act as a | ||
825 | SOCKS 4/5 proxy that allows a remote client to connect to | ||
826 | arbitrary destinations from the local machine. The first | ||
827 | argument must be [bind_address:]port If forwarding to a specific | ||
828 | destination then the second argument must be host:hostport, | ||
829 | otherwise if no destination argument is specified then the remote | ||
830 | forwarding will be established as a SOCKS proxy. | ||
831 | |||
832 | IPv6 addresses can be specified by enclosing addresses in square | ||
833 | brackets. Multiple forwardings may be specified, and additional | ||
834 | forwardings can be given on the command line. Privileged ports | ||
835 | can be forwarded only when logging in as root on the remote | ||
836 | machine. | ||
837 | |||
838 | If the port argument is 0, the listen port will be dynamically | ||
839 | allocated on the server and reported to the client at run time. | ||
840 | |||
841 | If the bind_address is not specified, the default is to only bind | ||
842 | to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty | ||
843 | string, then the forwarding is requested to listen on all | ||
844 | interfaces. Specifying a remote bind_address will only succeed | ||
845 | if the server's GatewayPorts option is enabled (see | ||
846 | sshd_config(5)). | ||
847 | |||
848 | RequestTTY | ||
849 | Specifies whether to request a pseudo-tty for the session. The | ||
850 | argument may be one of: no (never request a TTY), yes (always | ||
851 | request a TTY when standard input is a TTY), force (always | ||
852 | request a TTY) or auto (request a TTY when opening a login | ||
853 | session). This option mirrors the -t and -T flags for ssh(1). | ||
854 | |||
855 | RevokedHostKeys | ||
856 | Specifies revoked host public keys. Keys listed in this file | ||
857 | will be refused for host authentication. Note that if this file | ||
858 | does not exist or is not readable, then host authentication will | ||
859 | be refused for all hosts. Keys may be specified as a text file, | ||
860 | listing one public key per line, or as an OpenSSH Key Revocation | ||
861 | List (KRL) as generated by ssh-keygen(1). For more information | ||
862 | on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). | ||
863 | |||
864 | SendEnv | ||
865 | Specifies what variables from the local environ(7) should be sent | ||
866 | to the server. The server must also support it, and the server | ||
867 | must be configured to accept these environment variables. Note | ||
868 | that the TERM environment variable is always sent whenever a | ||
869 | pseudo-terminal is requested as it is required by the protocol. | ||
870 | Refer to AcceptEnv in sshd_config(5) for how to configure the | ||
871 | server. Variables are specified by name, which may contain | ||
872 | wildcard characters. Multiple environment variables may be | ||
873 | separated by whitespace or spread across multiple SendEnv | ||
874 | directives. | ||
875 | |||
876 | See PATTERNS for more information on patterns. | ||
877 | |||
878 | It is possible to clear previously set SendEnv variable names by | ||
879 | prefixing patterns with -. The default is not to send any | ||
880 | environment variables. | ||
881 | |||
882 | ServerAliveCountMax | ||
883 | Sets the number of server alive messages (see below) which may be | ||
884 | sent without ssh(1) receiving any messages back from the server. | ||
885 | If this threshold is reached while server alive messages are | ||
886 | being sent, ssh will disconnect from the server, terminating the | ||
887 | session. It is important to note that the use of server alive | ||
888 | messages is very different from TCPKeepAlive (below). The server | ||
889 | alive messages are sent through the encrypted channel and | ||
890 | therefore will not be spoofable. The TCP keepalive option | ||
891 | enabled by TCPKeepAlive is spoofable. The server alive mechanism | ||
892 | is valuable when the client or server depend on knowing when a | ||
893 | connection has become unresponsive. | ||
894 | |||
895 | The default value is 3. If, for example, ServerAliveInterval | ||
896 | (see below) is set to 15 and ServerAliveCountMax is left at the | ||
897 | default, if the server becomes unresponsive, ssh will disconnect | ||
898 | after approximately 45 seconds. | ||
899 | |||
900 | ServerAliveInterval | ||
901 | Sets a timeout interval in seconds after which if no data has | ||
902 | been received from the server, ssh(1) will send a message through | ||
903 | the encrypted channel to request a response from the server. The | ||
904 | default is 0, indicating that these messages will not be sent to | ||
905 | the server. | ||
906 | |||
907 | SetEnv Directly specify one or more environment variables and their | ||
908 | contents to be sent to the server. Similarly to SendEnv, the | ||
909 | server must be prepared to accept the environment variable. | ||
910 | |||
911 | StreamLocalBindMask | ||
912 | Sets the octal file creation mode mask (umask) used when creating | ||
913 | a Unix-domain socket file for local or remote port forwarding. | ||
914 | This option is only used for port forwarding to a Unix-domain | ||
915 | socket file. | ||
916 | |||
917 | The default value is 0177, which creates a Unix-domain socket | ||
918 | file that is readable and writable only by the owner. Note that | ||
919 | not all operating systems honor the file mode on Unix-domain | ||
920 | socket files. | ||
921 | |||
922 | StreamLocalBindUnlink | ||
923 | Specifies whether to remove an existing Unix-domain socket file | ||
924 | for local or remote port forwarding before creating a new one. | ||
925 | If the socket file already exists and StreamLocalBindUnlink is | ||
926 | not enabled, ssh will be unable to forward the port to the Unix- | ||
927 | domain socket file. This option is only used for port forwarding | ||
928 | to a Unix-domain socket file. | ||
929 | |||
930 | The argument must be yes or no (the default). | ||
931 | |||
932 | StrictHostKeyChecking | ||
933 | If this flag is set to yes, ssh(1) will never automatically add | ||
934 | host keys to the ~/.ssh/known_hosts file, and refuses to connect | ||
935 | to hosts whose host key has changed. This provides maximum | ||
936 | protection against man-in-the-middle (MITM) attacks, though it | ||
937 | can be annoying when the /etc/ssh/ssh_known_hosts file is poorly | ||
938 | maintained or when connections to new hosts are frequently made. | ||
939 | This option forces the user to manually add all new hosts. | ||
940 | |||
941 | If this flag is set to M-bM-^@M-^\accept-newM-bM-^@M-^] then ssh will automatically | ||
942 | add new host keys to the user known hosts files, but will not | ||
943 | permit connections to hosts with changed host keys. If this flag | ||
944 | is set to M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\offM-bM-^@M-^], ssh will automatically add new host keys | ||
945 | to the user known hosts files and allow connections to hosts with | ||
946 | changed hostkeys to proceed, subject to some restrictions. If | ||
947 | this flag is set to ask (the default), new host keys will be | ||
948 | added to the user known host files only after the user has | ||
949 | confirmed that is what they really want to do, and ssh will | ||
950 | refuse to connect to hosts whose host key has changed. The host | ||
951 | keys of known hosts will be verified automatically in all cases. | ||
952 | |||
953 | SyslogFacility | ||
954 | Gives the facility code that is used when logging messages from | ||
955 | ssh(1). The possible values are: DAEMON, USER, AUTH, LOCAL0, | ||
956 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The | ||
957 | default is USER. | ||
958 | |||
959 | TCPKeepAlive | ||
960 | Specifies whether the system should send TCP keepalive messages | ||
961 | to the other side. If they are sent, death of the connection or | ||
962 | crash of one of the machines will be properly noticed. However, | ||
963 | this means that connections will die if the route is down | ||
964 | temporarily, and some people find it annoying. | ||
965 | |||
966 | The default is yes (to send TCP keepalive messages), and the | ||
967 | client will notice if the network goes down or the remote host | ||
968 | dies. This is important in scripts, and many users want it too. | ||
969 | |||
970 | To disable TCP keepalive messages, the value should be set to no. | ||
971 | See also ServerAliveInterval for protocol-level keepalives. | ||
972 | |||
973 | Tunnel Request tun(4) device forwarding between the client and the | ||
974 | server. The argument must be yes, point-to-point (layer 3), | ||
975 | ethernet (layer 2), or no (the default). Specifying yes requests | ||
976 | the default tunnel mode, which is point-to-point. | ||
977 | |||
978 | TunnelDevice | ||
979 | Specifies the tun(4) devices to open on the client (local_tun) | ||
980 | and the server (remote_tun). | ||
981 | |||
982 | The argument must be local_tun[:remote_tun]. The devices may be | ||
983 | specified by numerical ID or the keyword any, which uses the next | ||
984 | available tunnel device. If remote_tun is not specified, it | ||
985 | defaults to any. The default is any:any. | ||
986 | |||
987 | UpdateHostKeys | ||
988 | Specifies whether ssh(1) should accept notifications of | ||
989 | additional hostkeys from the server sent after authentication has | ||
990 | completed and add them to UserKnownHostsFile. The argument must | ||
991 | be yes, no (the default) or ask. Enabling this option allows | ||
992 | learning alternate hostkeys for a server and supports graceful | ||
993 | key rotation by allowing a server to send replacement public keys | ||
994 | before old ones are removed. Additional hostkeys are only | ||
995 | accepted if the key used to authenticate the host was already | ||
996 | trusted or explicitly accepted by the user. If UpdateHostKeys is | ||
997 | set to ask, then the user is asked to confirm the modifications | ||
998 | to the known_hosts file. Confirmation is currently incompatible | ||
999 | with ControlPersist, and will be disabled if it is enabled. | ||
1000 | |||
1001 | Presently, only sshd(8) from OpenSSH 6.8 and greater support the | ||
1002 | "hostkeys@openssh.com" protocol extension used to inform the | ||
1003 | client of all the server's hostkeys. | ||
1004 | |||
1005 | User Specifies the user to log in as. This can be useful when a | ||
1006 | different user name is used on different machines. This saves | ||
1007 | the trouble of having to remember to give the user name on the | ||
1008 | command line. | ||
1009 | |||
1010 | UserKnownHostsFile | ||
1011 | Specifies one or more files to use for the user host key | ||
1012 | database, separated by whitespace. The default is | ||
1013 | ~/.ssh/known_hosts, ~/.ssh/known_hosts2. | ||
1014 | |||
1015 | VerifyHostKeyDNS | ||
1016 | Specifies whether to verify the remote key using DNS and SSHFP | ||
1017 | resource records. If this option is set to yes, the client will | ||
1018 | implicitly trust keys that match a secure fingerprint from DNS. | ||
1019 | Insecure fingerprints will be handled as if this option was set | ||
1020 | to ask. If this option is set to ask, information on fingerprint | ||
1021 | match will be displayed, but the user will still need to confirm | ||
1022 | new host keys according to the StrictHostKeyChecking option. The | ||
1023 | default is no. | ||
1024 | |||
1025 | See also VERIFYING HOST KEYS in ssh(1). | ||
1026 | |||
1027 | VisualHostKey | ||
1028 | If this flag is set to yes, an ASCII art representation of the | ||
1029 | remote host key fingerprint is printed in addition to the | ||
1030 | fingerprint string at login and for unknown host keys. If this | ||
1031 | flag is set to no (the default), no fingerprint strings are | ||
1032 | printed at login and only the fingerprint string will be printed | ||
1033 | for unknown host keys. | ||
1034 | |||
1035 | XAuthLocation | ||
1036 | Specifies the full pathname of the xauth(1) program. The default | ||
1037 | is /usr/X11R6/bin/xauth. | ||
1038 | |||
1039 | PATTERNS | ||
1040 | A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a | ||
1041 | wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that | ||
1042 | matches exactly one character). For example, to specify a set of | ||
1043 | declarations for any host in the ".co.uk" set of domains, the following | ||
1044 | pattern could be used: | ||
1045 | |||
1046 | Host *.co.uk | ||
1047 | |||
1048 | The following pattern would match any host in the 192.168.0.[0-9] network | ||
1049 | range: | ||
1050 | |||
1051 | Host 192.168.0.? | ||
1052 | |||
1053 | A pattern-list is a comma-separated list of patterns. Patterns within | ||
1054 | pattern-lists may be negated by preceding them with an exclamation mark | ||
1055 | (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an | ||
1056 | organization except from the "dialup" pool, the following entry (in | ||
1057 | authorized_keys) could be used: | ||
1058 | |||
1059 | from="!*.dialup.example.com,*.example.com" | ||
1060 | |||
1061 | Note that a negated match will never produce a positive result by itself. | ||
1062 | For example, attempting to match "host3" against the following pattern- | ||
1063 | list will fail: | ||
1064 | |||
1065 | from="!host1,!host2" | ||
1066 | |||
1067 | The solution here is to include a term that will yield a positive match, | ||
1068 | such as a wildcard: | ||
1069 | |||
1070 | from="!host1,!host2,*" | ||
1071 | |||
1072 | TOKENS | ||
1073 | Arguments to some keywords can make use of tokens, which are expanded at | ||
1074 | runtime: | ||
1075 | |||
1076 | %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. | ||
1077 | %C Hash of %l%h%p%r. | ||
1078 | %d Local user's home directory. | ||
1079 | %h The remote hostname. | ||
1080 | %i The local user ID. | ||
1081 | %L The local hostname. | ||
1082 | %l The local hostname, including the domain name. | ||
1083 | %n The original remote hostname, as given on the command line. | ||
1084 | %p The remote port. | ||
1085 | %r The remote username. | ||
1086 | %T The local tun(4) or tap(4) network interface assigned if | ||
1087 | tunnel forwarding was requested, or "NONE" otherwise. | ||
1088 | %u The local username. | ||
1089 | |||
1090 | Match exec accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. | ||
1091 | |||
1092 | CertificateFile accepts the tokens %%, %d, %h, %i, %l, %r, and %u. | ||
1093 | |||
1094 | ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and | ||
1095 | %u. | ||
1096 | |||
1097 | Hostname accepts the tokens %% and %h. | ||
1098 | |||
1099 | IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r, | ||
1100 | and %u. | ||
1101 | |||
1102 | LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, | ||
1103 | and %u. | ||
1104 | |||
1105 | ProxyCommand accepts the tokens %%, %h, %n, %p, and %r. | ||
1106 | |||
1107 | RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and | ||
1108 | %u. | ||
1109 | |||
1110 | FILES | ||
1111 | ~/.ssh/config | ||
1112 | This is the per-user configuration file. The format of this file | ||
1113 | is described above. This file is used by the SSH client. | ||
1114 | Because of the potential for abuse, this file must have strict | ||
1115 | permissions: read/write for the user, and not writable by others. | ||
1116 | |||
1117 | /etc/ssh/ssh_config | ||
1118 | Systemwide configuration file. This file provides defaults for | ||
1119 | those values that are not specified in the user's configuration | ||
1120 | file, and for those users who do not have a configuration file. | ||
1121 | This file must be world-readable. | ||
1122 | |||
1123 | SEE ALSO | ||
1124 | ssh(1) | ||
1125 | |||
1126 | AUTHORS | ||
1127 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
1128 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
1129 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
1130 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
1131 | versions 1.5 and 2.0. | ||
1132 | |||
1133 | OpenBSD 6.6 September 13, 2019 OpenBSD 6.6 | ||
@@ -0,0 +1,653 @@ | |||
1 | SSHD(8) System Manager's Manual SSHD(8) | ||
2 | |||
3 | NAME | ||
4 | sshd M-bM-^@M-^S OpenSSH SSH daemon | ||
5 | |||
6 | SYNOPSIS | ||
7 | sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file] | ||
8 | [-E log_file] [-f config_file] [-g login_grace_time] | ||
9 | [-h host_key_file] [-o option] [-p port] [-u len] | ||
10 | |||
11 | DESCRIPTION | ||
12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | ||
13 | programs replace rlogin and rsh, and provide secure encrypted | ||
14 | communications between two untrusted hosts over an insecure network. | ||
15 | |||
16 | sshd listens for connections from clients. It is normally started at | ||
17 | boot from /etc/rc. It forks a new daemon for each incoming connection. | ||
18 | The forked daemons handle key exchange, encryption, authentication, | ||
19 | command execution, and data exchange. | ||
20 | |||
21 | sshd can be configured using command-line options or a configuration file | ||
22 | (by default sshd_config(5)); command-line options override values | ||
23 | specified in the configuration file. sshd rereads its configuration file | ||
24 | when it receives a hangup signal, SIGHUP, by executing itself with the | ||
25 | name and options it was started with, e.g. /usr/sbin/sshd. | ||
26 | |||
27 | The options are as follows: | ||
28 | |||
29 | -4 Forces sshd to use IPv4 addresses only. | ||
30 | |||
31 | -6 Forces sshd to use IPv6 addresses only. | ||
32 | |||
33 | -C connection_spec | ||
34 | Specify the connection parameters to use for the -T extended test | ||
35 | mode. If provided, any Match directives in the configuration | ||
36 | file that would apply are applied before the configuration is | ||
37 | written to standard output. The connection parameters are | ||
38 | supplied as keyword=value pairs and may be supplied in any order, | ||
39 | either with multiple -C options or as a comma-separated list. | ||
40 | The keywords are M-bM-^@M-^\addr,M-bM-^@M-^] M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and | ||
41 | M-bM-^@M-^\rdomainM-bM-^@M-^] and correspond to source address, user, resolved source | ||
42 | host name, local address, local port number and routing domain | ||
43 | respectively. | ||
44 | |||
45 | -c host_certificate_file | ||
46 | Specifies a path to a certificate file to identify sshd during | ||
47 | key exchange. The certificate file must match a host key file | ||
48 | specified using the -h option or the HostKey configuration | ||
49 | directive. | ||
50 | |||
51 | -D When this option is specified, sshd will not detach and does not | ||
52 | become a daemon. This allows easy monitoring of sshd. | ||
53 | |||
54 | -d Debug mode. The server sends verbose debug output to standard | ||
55 | error, and does not put itself in the background. The server | ||
56 | also will not fork and will only process one connection. This | ||
57 | option is only intended for debugging for the server. Multiple | ||
58 | -d options increase the debugging level. Maximum is 3. | ||
59 | |||
60 | -E log_file | ||
61 | Append debug logs to log_file instead of the system log. | ||
62 | |||
63 | -e Write debug logs to standard error instead of the system log. | ||
64 | |||
65 | -f config_file | ||
66 | Specifies the name of the configuration file. The default is | ||
67 | /etc/ssh/sshd_config. sshd refuses to start if there is no | ||
68 | configuration file. | ||
69 | |||
70 | -g login_grace_time | ||
71 | Gives the grace time for clients to authenticate themselves | ||
72 | (default 120 seconds). If the client fails to authenticate the | ||
73 | user within this many seconds, the server disconnects and exits. | ||
74 | A value of zero indicates no limit. | ||
75 | |||
76 | -h host_key_file | ||
77 | Specifies a file from which a host key is read. This option must | ||
78 | be given if sshd is not run as root (as the normal host key files | ||
79 | are normally not readable by anyone but root). The default is | ||
80 | /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and | ||
81 | /etc/ssh/ssh_host_rsa_key. It is possible to have multiple host | ||
82 | key files for the different host key algorithms. | ||
83 | |||
84 | -i Specifies that sshd is being run from inetd(8). | ||
85 | |||
86 | -o option | ||
87 | Can be used to give options in the format used in the | ||
88 | configuration file. This is useful for specifying options for | ||
89 | which there is no separate command-line flag. For full details | ||
90 | of the options, and their values, see sshd_config(5). | ||
91 | |||
92 | -p port | ||
93 | Specifies the port on which the server listens for connections | ||
94 | (default 22). Multiple port options are permitted. Ports | ||
95 | specified in the configuration file with the Port option are | ||
96 | ignored when a command-line port is specified. Ports specified | ||
97 | using the ListenAddress option override command-line ports. | ||
98 | |||
99 | -q Quiet mode. Nothing is sent to the system log. Normally the | ||
100 | beginning, authentication, and termination of each connection is | ||
101 | logged. | ||
102 | |||
103 | -T Extended test mode. Check the validity of the configuration | ||
104 | file, output the effective configuration to stdout and then exit. | ||
105 | Optionally, Match rules may be applied by specifying the | ||
106 | connection parameters using one or more -C options. | ||
107 | |||
108 | -t Test mode. Only check the validity of the configuration file and | ||
109 | sanity of the keys. This is useful for updating sshd reliably as | ||
110 | configuration options may change. | ||
111 | |||
112 | -u len This option is used to specify the size of the field in the utmp | ||
113 | structure that holds the remote host name. If the resolved host | ||
114 | name is longer than len, the dotted decimal value will be used | ||
115 | instead. This allows hosts with very long host names that | ||
116 | overflow this field to still be uniquely identified. Specifying | ||
117 | -u0 indicates that only dotted decimal addresses should be put | ||
118 | into the utmp file. -u0 may also be used to prevent sshd from | ||
119 | making DNS requests unless the authentication mechanism or | ||
120 | configuration requires it. Authentication mechanisms that may | ||
121 | require DNS include HostbasedAuthentication and using a | ||
122 | from="pattern-list" option in a key file. Configuration options | ||
123 | that require DNS include using a USER@HOST pattern in AllowUsers | ||
124 | or DenyUsers. | ||
125 | |||
126 | AUTHENTICATION | ||
127 | The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a | ||
128 | host-specific key, used to identify the host. Whenever a client | ||
129 | connects, the daemon responds with its public host key. The client | ||
130 | compares the host key against its own database to verify that it has not | ||
131 | changed. Forward security is provided through a Diffie-Hellman key | ||
132 | agreement. This key agreement results in a shared session key. The rest | ||
133 | of the session is encrypted using a symmetric cipher, currently 128-bit | ||
134 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | ||
135 | client selects the encryption algorithm to use from those offered by the | ||
136 | server. Additionally, session integrity is provided through a | ||
137 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, | ||
138 | umac-128, hmac-sha2-256 or hmac-sha2-512). | ||
139 | |||
140 | Finally, the server and the client enter an authentication dialog. The | ||
141 | client tries to authenticate itself using host-based authentication, | ||
142 | public key authentication, challenge-response authentication, or password | ||
143 | authentication. | ||
144 | |||
145 | Regardless of the authentication type, the account is checked to ensure | ||
146 | that it is accessible. An account is not accessible if it is locked, | ||
147 | listed in DenyUsers or its group is listed in DenyGroups . The | ||
148 | definition of a locked account is system dependent. Some platforms have | ||
149 | their own account database (eg AIX) and some modify the passwd field ( | ||
150 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on | ||
151 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most | ||
152 | Linuxes). If there is a requirement to disable password authentication | ||
153 | for the account while allowing still public-key, then the passwd field | ||
154 | should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ). | ||
155 | |||
156 | If the client successfully authenticates itself, a dialog for preparing | ||
157 | the session is entered. At this time the client may request things like | ||
158 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP | ||
159 | connections, or forwarding the authentication agent connection over the | ||
160 | secure channel. | ||
161 | |||
162 | After this, the client either requests a shell or execution of a command. | ||
163 | The sides then enter session mode. In this mode, either side may send | ||
164 | data at any time, and such data is forwarded to/from the shell or command | ||
165 | on the server side, and the user terminal in the client side. | ||
166 | |||
167 | When the user program terminates and all forwarded X11 and other | ||
168 | connections have been closed, the server sends command exit status to the | ||
169 | client, and both sides exit. | ||
170 | |||
171 | LOGIN PROCESS | ||
172 | When a user successfully logs in, sshd does the following: | ||
173 | |||
174 | 1. If the login is on a tty, and no command has been specified, | ||
175 | prints last login time and /etc/motd (unless prevented in the | ||
176 | configuration file or by ~/.hushlogin; see the FILES section). | ||
177 | |||
178 | 2. If the login is on a tty, records login time. | ||
179 | |||
180 | 3. Checks /etc/nologin; if it exists, prints contents and quits | ||
181 | (unless root). | ||
182 | |||
183 | 4. Changes to run with normal user privileges. | ||
184 | |||
185 | 5. Sets up basic environment. | ||
186 | |||
187 | 6. Reads the file ~/.ssh/environment, if it exists, and users are | ||
188 | allowed to change their environment. See the | ||
189 | PermitUserEnvironment option in sshd_config(5). | ||
190 | |||
191 | 7. Changes to user's home directory. | ||
192 | |||
193 | 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option | ||
194 | is set, runs it; else if /etc/ssh/sshrc exists, runs it; | ||
195 | otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11 | ||
196 | authentication protocol and cookie in standard input. See | ||
197 | SSHRC, below. | ||
198 | |||
199 | 9. Runs user's shell or command. All commands are run under the | ||
200 | user's login shell as specified in the system password | ||
201 | database. | ||
202 | |||
203 | SSHRC | ||
204 | If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment | ||
205 | files but before starting the user's shell or command. It must not | ||
206 | produce any output on stdout; stderr must be used instead. If X11 | ||
207 | forwarding is in use, it will receive the "proto cookie" pair in its | ||
208 | standard input (and DISPLAY in its environment). The script must call | ||
209 | xauth(1) because sshd will not run xauth automatically to add X11 | ||
210 | cookies. | ||
211 | |||
212 | The primary purpose of this file is to run any initialization routines | ||
213 | which may be needed before the user's home directory becomes accessible; | ||
214 | AFS is a particular example of such an environment. | ||
215 | |||
216 | This file will probably contain some initialization code followed by | ||
217 | something similar to: | ||
218 | |||
219 | if read proto cookie && [ -n "$DISPLAY" ]; then | ||
220 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then | ||
221 | # X11UseLocalhost=yes | ||
222 | echo add unix:`echo $DISPLAY | | ||
223 | cut -c11-` $proto $cookie | ||
224 | else | ||
225 | # X11UseLocalhost=no | ||
226 | echo add $DISPLAY $proto $cookie | ||
227 | fi | xauth -q - | ||
228 | fi | ||
229 | |||
230 | If this file does not exist, /etc/ssh/sshrc is run, and if that does not | ||
231 | exist either, xauth is used to add the cookie. | ||
232 | |||
233 | AUTHORIZED_KEYS FILE FORMAT | ||
234 | AuthorizedKeysFile specifies the files containing public keys for public | ||
235 | key authentication; if this option is not specified, the default is | ||
236 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the | ||
237 | file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are | ||
238 | ignored as comments). Public keys consist of the following space- | ||
239 | separated fields: options, keytype, base64-encoded key, comment. The | ||
240 | options field is optional. The keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], | ||
241 | M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or | ||
242 | M-bM-^@M-^\ssh-rsaM-bM-^@M-^]; the comment field is not used for anything (but may be | ||
243 | convenient for the user to identify the key). | ||
244 | |||
245 | Note that lines in this file can be several hundred bytes long (because | ||
246 | of the size of the public key encoding) up to a limit of 8 kilobytes, | ||
247 | which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. | ||
248 | You don't want to type them in; instead, copy the id_dsa.pub, | ||
249 | id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. | ||
250 | |||
251 | sshd enforces a minimum RSA key modulus size of 1024 bits. | ||
252 | |||
253 | The options (if present) consist of comma-separated option | ||
254 | specifications. No spaces are permitted, except within double quotes. | ||
255 | The following option specifications are supported (note that option | ||
256 | keywords are case-insensitive): | ||
257 | |||
258 | agent-forwarding | ||
259 | Enable authentication agent forwarding previously disabled by the | ||
260 | restrict option. | ||
261 | |||
262 | cert-authority | ||
263 | Specifies that the listed key is a certification authority (CA) | ||
264 | that is trusted to validate signed certificates for user | ||
265 | authentication. | ||
266 | |||
267 | Certificates may encode access restrictions similar to these key | ||
268 | options. If both certificate restrictions and key options are | ||
269 | present, the most restrictive union of the two is applied. | ||
270 | |||
271 | command="command" | ||
272 | Specifies that the command is executed whenever this key is used | ||
273 | for authentication. The command supplied by the user (if any) is | ||
274 | ignored. The command is run on a pty if the client requests a | ||
275 | pty; otherwise it is run without a tty. If an 8-bit clean | ||
276 | channel is required, one must not request a pty or should specify | ||
277 | no-pty. A quote may be included in the command by quoting it | ||
278 | with a backslash. | ||
279 | |||
280 | This option might be useful to restrict certain public keys to | ||
281 | perform just a specific operation. An example might be a key | ||
282 | that permits remote backups but nothing else. Note that the | ||
283 | client may specify TCP and/or X11 forwarding unless they are | ||
284 | explicitly prohibited, e.g. using the restrict key option. | ||
285 | |||
286 | The command originally supplied by the client is available in the | ||
287 | SSH_ORIGINAL_COMMAND environment variable. Note that this option | ||
288 | applies to shell, command or subsystem execution. Also note that | ||
289 | this command may be superseded by a sshd_config(5) ForceCommand | ||
290 | directive. | ||
291 | |||
292 | If a command is specified and a forced-command is embedded in a | ||
293 | certificate used for authentication, then the certificate will be | ||
294 | accepted only if the two commands are identical. | ||
295 | |||
296 | environment="NAME=value" | ||
297 | Specifies that the string is to be added to the environment when | ||
298 | logging in using this key. Environment variables set this way | ||
299 | override other default environment values. Multiple options of | ||
300 | this type are permitted. Environment processing is disabled by | ||
301 | default and is controlled via the PermitUserEnvironment option. | ||
302 | |||
303 | expiry-time="timespec" | ||
304 | Specifies a time after which the key will not be accepted. The | ||
305 | time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] | ||
306 | time in the system time-zone. | ||
307 | |||
308 | from="pattern-list" | ||
309 | Specifies that in addition to public key authentication, either | ||
310 | the canonical name of the remote host or its IP address must be | ||
311 | present in the comma-separated list of patterns. See PATTERNS in | ||
312 | ssh_config(5) for more information on patterns. | ||
313 | |||
314 | In addition to the wildcard matching that may be applied to | ||
315 | hostnames or addresses, a from stanza may match IP addresses | ||
316 | using CIDR address/masklen notation. | ||
317 | |||
318 | The purpose of this option is to optionally increase security: | ||
319 | public key authentication by itself does not trust the network or | ||
320 | name servers or anything (but the key); however, if somebody | ||
321 | somehow steals the key, the key permits an intruder to log in | ||
322 | from anywhere in the world. This additional option makes using a | ||
323 | stolen key more difficult (name servers and/or routers would have | ||
324 | to be compromised in addition to just the key). | ||
325 | |||
326 | no-agent-forwarding | ||
327 | Forbids authentication agent forwarding when this key is used for | ||
328 | authentication. | ||
329 | |||
330 | no-port-forwarding | ||
331 | Forbids TCP forwarding when this key is used for authentication. | ||
332 | Any port forward requests by the client will return an error. | ||
333 | This might be used, e.g. in connection with the command option. | ||
334 | |||
335 | no-pty Prevents tty allocation (a request to allocate a pty will fail). | ||
336 | |||
337 | no-user-rc | ||
338 | Disables execution of ~/.ssh/rc. | ||
339 | |||
340 | no-X11-forwarding | ||
341 | Forbids X11 forwarding when this key is used for authentication. | ||
342 | Any X11 forward requests by the client will return an error. | ||
343 | |||
344 | permitlisten="[host:]port" | ||
345 | Limit remote port forwarding with the ssh(1) -R option such that | ||
346 | it may only listen on the specified host (optional) and port. | ||
347 | IPv6 addresses can be specified by enclosing the address in | ||
348 | square brackets. Multiple permitlisten options may be applied | ||
349 | separated by commas. Hostnames may include wildcards as | ||
350 | described in the PATTERNS section in ssh_config(5). A port | ||
351 | specification of * matches any port. Note that the setting of | ||
352 | GatewayPorts may further restrict listen addresses. Note that | ||
353 | ssh(1) will send a hostname of M-bM-^@M-^\localhostM-bM-^@M-^] if a listen host was | ||
354 | not specified when the forwarding was requested, and that this | ||
355 | name is treated differently to the explicit localhost addresses | ||
356 | M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^]. | ||
357 | |||
358 | permitopen="host:port" | ||
359 | Limit local port forwarding with the ssh(1) -L option such that | ||
360 | it may only connect to the specified host and port. IPv6 | ||
361 | addresses can be specified by enclosing the address in square | ||
362 | brackets. Multiple permitopen options may be applied separated | ||
363 | by commas. No pattern matching is performed on the specified | ||
364 | hostnames, they must be literal domains or addresses. A port | ||
365 | specification of * matches any port. | ||
366 | |||
367 | port-forwarding | ||
368 | Enable port forwarding previously disabled by the restrict | ||
369 | option. | ||
370 | |||
371 | principals="principals" | ||
372 | On a cert-authority line, specifies allowed principals for | ||
373 | certificate authentication as a comma-separated list. At least | ||
374 | one name from the list must appear in the certificate's list of | ||
375 | principals for the certificate to be accepted. This option is | ||
376 | ignored for keys that are not marked as trusted certificate | ||
377 | signers using the cert-authority option. | ||
378 | |||
379 | pty Permits tty allocation previously disabled by the restrict | ||
380 | option. | ||
381 | |||
382 | restrict | ||
383 | Enable all restrictions, i.e. disable port, agent and X11 | ||
384 | forwarding, as well as disabling PTY allocation and execution of | ||
385 | ~/.ssh/rc. If any future restriction capabilities are added to | ||
386 | authorized_keys files they will be included in this set. | ||
387 | |||
388 | tunnel="n" | ||
389 | Force a tun(4) device on the server. Without this option, the | ||
390 | next available device will be used if the client requests a | ||
391 | tunnel. | ||
392 | |||
393 | user-rc | ||
394 | Enables execution of ~/.ssh/rc previously disabled by the | ||
395 | restrict option. | ||
396 | |||
397 | X11-forwarding | ||
398 | Permits X11 forwarding previously disabled by the restrict | ||
399 | option. | ||
400 | |||
401 | An example authorized_keys file: | ||
402 | |||
403 | # Comments allowed at start of line | ||
404 | ssh-rsa AAAAB3Nza...LiPk== user@example.net | ||
405 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa | ||
406 | AAAAB2...19Q== john@example.net | ||
407 | command="dump /home",no-pty,no-port-forwarding ssh-rsa | ||
408 | AAAAC3...51R== example.net | ||
409 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa | ||
410 | AAAAB5...21S== | ||
411 | permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa | ||
412 | AAAAB5...21S== | ||
413 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | ||
414 | jane@example.net | ||
415 | restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== | ||
416 | user@example.net | ||
417 | restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== | ||
418 | user@example.net | ||
419 | |||
420 | SSH_KNOWN_HOSTS FILE FORMAT | ||
421 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host | ||
422 | public keys for all known hosts. The global file should be prepared by | ||
423 | the administrator (optional), and the per-user file is maintained | ||
424 | automatically: whenever the user connects to an unknown host, its key is | ||
425 | added to the per-user file. | ||
426 | |||
427 | Each line in these files contains the following fields: markers | ||
428 | (optional), hostnames, keytype, base64-encoded key, comment. The fields | ||
429 | are separated by spaces. | ||
430 | |||
431 | The marker is optional, but if it is present then it must be one of | ||
432 | M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification | ||
433 | authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on | ||
434 | the line is revoked and must not ever be accepted. Only one marker | ||
435 | should be used on a key line. | ||
436 | |||
437 | Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as | ||
438 | wildcards); each pattern in turn is matched against the host name. When | ||
439 | sshd is authenticating a client, such as when using | ||
440 | HostbasedAuthentication, this will be the canonical client host name. | ||
441 | When ssh(1) is authenticating a server, this will be the host name given | ||
442 | by the user, the value of the ssh(1) HostkeyAlias if it was specified, or | ||
443 | the canonical server hostname if the ssh(1) CanonicalizeHostname option | ||
444 | was used. | ||
445 | |||
446 | A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to indicate negation: if the host | ||
447 | name matches a negated pattern, it is not accepted (by that line) even if | ||
448 | it matched another pattern on the line. A hostname or address may | ||
449 | optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y | ||
450 | and a non-standard port number. | ||
451 | |||
452 | Alternately, hostnames may be stored in a hashed form which hides host | ||
453 | names and addresses should the file's contents be disclosed. Hashed | ||
454 | hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may | ||
455 | appear on a single line and none of the above negation or wildcard | ||
456 | operators may be applied. | ||
457 | |||
458 | The keytype and base64-encoded key are taken directly from the host key; | ||
459 | they can be obtained, for example, from /etc/ssh/ssh_host_rsa_key.pub. | ||
460 | The optional comment field continues to the end of the line, and is not | ||
461 | used. | ||
462 | |||
463 | Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments. | ||
464 | |||
465 | When performing host authentication, authentication is accepted if any | ||
466 | matching line has the proper key; either one that matches exactly or, if | ||
467 | the server has presented a certificate for authentication, the key of the | ||
468 | certification authority that signed the certificate. For a key to be | ||
469 | trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^] | ||
470 | marker described above. | ||
471 | |||
472 | The known hosts file also provides a facility to mark keys as revoked, | ||
473 | for example when it is known that the associated private key has been | ||
474 | stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at | ||
475 | the beginning of the key line, and are never accepted for authentication | ||
476 | or as certification authorities, but instead will produce a warning from | ||
477 | ssh(1) when they are encountered. | ||
478 | |||
479 | It is permissible (but not recommended) to have several lines or | ||
480 | different host keys for the same names. This will inevitably happen when | ||
481 | short forms of host names from different domains are put in the file. It | ||
482 | is possible that the files contain conflicting information; | ||
483 | authentication is accepted if valid information can be found from either | ||
484 | file. | ||
485 | |||
486 | Note that the lines in these files are typically hundreds of characters | ||
487 | long, and you definitely don't want to type in the host keys by hand. | ||
488 | Rather, generate them by a script, ssh-keyscan(1) or by taking, for | ||
489 | example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the | ||
490 | front. ssh-keygen(1) also offers some basic automated editing for | ||
491 | ~/.ssh/known_hosts including removing hosts matching a host name and | ||
492 | converting all host names to their hashed representations. | ||
493 | |||
494 | An example ssh_known_hosts file: | ||
495 | |||
496 | # Comments allowed at start of line | ||
497 | closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net | ||
498 | cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= | ||
499 | # A hashed hostname | ||
500 | |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa | ||
501 | AAAA1234.....= | ||
502 | # A revoked key | ||
503 | @revoked * ssh-rsa AAAAB5W... | ||
504 | # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org | ||
505 | @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... | ||
506 | |||
507 | FILES | ||
508 | ~/.hushlogin | ||
509 | This file is used to suppress printing the last login time and | ||
510 | /etc/motd, if PrintLastLog and PrintMotd, respectively, are | ||
511 | enabled. It does not suppress printing of the banner specified | ||
512 | by Banner. | ||
513 | |||
514 | ~/.rhosts | ||
515 | This file is used for host-based authentication (see ssh(1) for | ||
516 | more information). On some machines this file may need to be | ||
517 | world-readable if the user's home directory is on an NFS | ||
518 | partition, because sshd reads it as root. Additionally, this | ||
519 | file must be owned by the user, and must not have write | ||
520 | permissions for anyone else. The recommended permission for most | ||
521 | machines is read/write for the user, and not accessible by | ||
522 | others. | ||
523 | |||
524 | ~/.shosts | ||
525 | This file is used in exactly the same way as .rhosts, but allows | ||
526 | host-based authentication without permitting login with | ||
527 | rlogin/rsh. | ||
528 | |||
529 | ~/.ssh/ | ||
530 | This directory is the default location for all user-specific | ||
531 | configuration and authentication information. There is no | ||
532 | general requirement to keep the entire contents of this directory | ||
533 | secret, but the recommended permissions are read/write/execute | ||
534 | for the user, and not accessible by others. | ||
535 | |||
536 | ~/.ssh/authorized_keys | ||
537 | Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used | ||
538 | for logging in as this user. The format of this file is | ||
539 | described above. The content of the file is not highly | ||
540 | sensitive, but the recommended permissions are read/write for the | ||
541 | user, and not accessible by others. | ||
542 | |||
543 | If this file, the ~/.ssh directory, or the user's home directory | ||
544 | are writable by other users, then the file could be modified or | ||
545 | replaced by unauthorized users. In this case, sshd will not | ||
546 | allow it to be used unless the StrictModes option has been set to | ||
547 | M-bM-^@M-^\noM-bM-^@M-^]. | ||
548 | |||
549 | ~/.ssh/environment | ||
550 | This file is read into the environment at login (if it exists). | ||
551 | It can only contain empty lines, comment lines (that start with | ||
552 | M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file | ||
553 | should be writable only by the user; it need not be readable by | ||
554 | anyone else. Environment processing is disabled by default and | ||
555 | is controlled via the PermitUserEnvironment option. | ||
556 | |||
557 | ~/.ssh/known_hosts | ||
558 | Contains a list of host keys for all hosts the user has logged | ||
559 | into that are not already in the systemwide list of known host | ||
560 | keys. The format of this file is described above. This file | ||
561 | should be writable only by root/the owner and can, but need not | ||
562 | be, world-readable. | ||
563 | |||
564 | ~/.ssh/rc | ||
565 | Contains initialization routines to be run before the user's home | ||
566 | directory becomes accessible. This file should be writable only | ||
567 | by the user, and need not be readable by anyone else. | ||
568 | |||
569 | /etc/hosts.equiv | ||
570 | This file is for host-based authentication (see ssh(1)). It | ||
571 | should only be writable by root. | ||
572 | |||
573 | /etc/moduli | ||
574 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group | ||
575 | Exchange" key exchange method. The file format is described in | ||
576 | moduli(5). If no usable groups are found in this file then fixed | ||
577 | internal groups will be used. | ||
578 | |||
579 | /etc/motd | ||
580 | See motd(5). | ||
581 | |||
582 | /etc/nologin | ||
583 | If this file exists, sshd refuses to let anyone except root log | ||
584 | in. The contents of the file are displayed to anyone trying to | ||
585 | log in, and non-root connections are refused. The file should be | ||
586 | world-readable. | ||
587 | |||
588 | /etc/shosts.equiv | ||
589 | This file is used in exactly the same way as hosts.equiv, but | ||
590 | allows host-based authentication without permitting login with | ||
591 | rlogin/rsh. | ||
592 | |||
593 | /etc/ssh/ssh_host_ecdsa_key | ||
594 | /etc/ssh/ssh_host_ed25519_key | ||
595 | /etc/ssh/ssh_host_rsa_key | ||
596 | These files contain the private parts of the host keys. These | ||
597 | files should only be owned by root, readable only by root, and | ||
598 | not accessible to others. Note that sshd does not start if these | ||
599 | files are group/world-accessible. | ||
600 | |||
601 | /etc/ssh/ssh_host_ecdsa_key.pub | ||
602 | /etc/ssh/ssh_host_ed25519_key.pub | ||
603 | /etc/ssh/ssh_host_rsa_key.pub | ||
604 | These files contain the public parts of the host keys. These | ||
605 | files should be world-readable but writable only by root. Their | ||
606 | contents should match the respective private parts. These files | ||
607 | are not really used for anything; they are provided for the | ||
608 | convenience of the user so their contents can be copied to known | ||
609 | hosts files. These files are created using ssh-keygen(1). | ||
610 | |||
611 | /etc/ssh/ssh_known_hosts | ||
612 | Systemwide list of known host keys. This file should be prepared | ||
613 | by the system administrator to contain the public host keys of | ||
614 | all machines in the organization. The format of this file is | ||
615 | described above. This file should be writable only by root/the | ||
616 | owner and should be world-readable. | ||
617 | |||
618 | /etc/ssh/sshd_config | ||
619 | Contains configuration data for sshd. The file format and | ||
620 | configuration options are described in sshd_config(5). | ||
621 | |||
622 | /etc/ssh/sshrc | ||
623 | Similar to ~/.ssh/rc, it can be used to specify machine-specific | ||
624 | login-time initializations globally. This file should be | ||
625 | writable only by root, and should be world-readable. | ||
626 | |||
627 | /var/empty | ||
628 | chroot(2) directory used by sshd during privilege separation in | ||
629 | the pre-authentication phase. The directory should not contain | ||
630 | any files and must be owned by root and not group or world- | ||
631 | writable. | ||
632 | |||
633 | /var/run/sshd.pid | ||
634 | Contains the process ID of the sshd listening for connections (if | ||
635 | there are several daemons running concurrently for different | ||
636 | ports, this contains the process ID of the one started last). | ||
637 | The content of this file is not sensitive; it can be world- | ||
638 | readable. | ||
639 | |||
640 | SEE ALSO | ||
641 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | ||
642 | ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5), | ||
643 | inetd(8), sftp-server(8) | ||
644 | |||
645 | AUTHORS | ||
646 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
647 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
648 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
649 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
650 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | ||
651 | for privilege separation. | ||
652 | |||
653 | OpenBSD 6.6 July 22, 2018 OpenBSD 6.6 | ||
diff --git a/sshd_config.0 b/sshd_config.0 new file mode 100644 index 000000000..1b732197c --- /dev/null +++ b/sshd_config.0 | |||
@@ -0,0 +1,1102 @@ | |||
1 | SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) | ||
2 | |||
3 | NAME | ||
4 | sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file | ||
5 | |||
6 | DESCRIPTION | ||
7 | sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file | ||
8 | specified with -f on the command line). The file contains keyword- | ||
9 | argument pairs, one per line. For each keyword, the first obtained value | ||
10 | will be used. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as | ||
11 | comments. Arguments may optionally be enclosed in double quotes (") in | ||
12 | order to represent arguments containing spaces. | ||
13 | |||
14 | The possible keywords and their meanings are as follows (note that | ||
15 | keywords are case-insensitive and arguments are case-sensitive): | ||
16 | |||
17 | AcceptEnv | ||
18 | Specifies what environment variables sent by the client will be | ||
19 | copied into the session's environ(7). See SendEnv and SetEnv in | ||
20 | ssh_config(5) for how to configure the client. The TERM | ||
21 | environment variable is always accepted whenever the client | ||
22 | requests a pseudo-terminal as it is required by the protocol. | ||
23 | Variables are specified by name, which may contain the wildcard | ||
24 | characters M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be | ||
25 | separated by whitespace or spread across multiple AcceptEnv | ||
26 | directives. Be warned that some environment variables could be | ||
27 | used to bypass restricted user environments. For this reason, | ||
28 | care should be taken in the use of this directive. The default | ||
29 | is not to accept any environment variables. | ||
30 | |||
31 | AddressFamily | ||
32 | Specifies which address family should be used by sshd(8). Valid | ||
33 | arguments are any (the default), inet (use IPv4 only), or inet6 | ||
34 | (use IPv6 only). | ||
35 | |||
36 | AllowAgentForwarding | ||
37 | Specifies whether ssh-agent(1) forwarding is permitted. The | ||
38 | default is yes. Note that disabling agent forwarding does not | ||
39 | improve security unless users are also denied shell access, as | ||
40 | they can always install their own forwarders. | ||
41 | |||
42 | AllowGroups | ||
43 | This keyword can be followed by a list of group name patterns, | ||
44 | separated by spaces. If specified, login is allowed only for | ||
45 | users whose primary group or supplementary group list matches one | ||
46 | of the patterns. Only group names are valid; a numerical group | ||
47 | ID is not recognized. By default, login is allowed for all | ||
48 | groups. The allow/deny directives are processed in the following | ||
49 | order: DenyUsers, AllowUsers, DenyGroups, and finally | ||
50 | AllowGroups. | ||
51 | |||
52 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
53 | |||
54 | AllowStreamLocalForwarding | ||
55 | Specifies whether StreamLocal (Unix-domain socket) forwarding is | ||
56 | permitted. The available options are yes (the default) or all to | ||
57 | allow StreamLocal forwarding, no to prevent all StreamLocal | ||
58 | forwarding, local to allow local (from the perspective of ssh(1)) | ||
59 | forwarding only or remote to allow remote forwarding only. Note | ||
60 | that disabling StreamLocal forwarding does not improve security | ||
61 | unless users are also denied shell access, as they can always | ||
62 | install their own forwarders. | ||
63 | |||
64 | AllowTcpForwarding | ||
65 | Specifies whether TCP forwarding is permitted. The available | ||
66 | options are yes (the default) or all to allow TCP forwarding, no | ||
67 | to prevent all TCP forwarding, local to allow local (from the | ||
68 | perspective of ssh(1)) forwarding only or remote to allow remote | ||
69 | forwarding only. Note that disabling TCP forwarding does not | ||
70 | improve security unless users are also denied shell access, as | ||
71 | they can always install their own forwarders. | ||
72 | |||
73 | AllowUsers | ||
74 | This keyword can be followed by a list of user name patterns, | ||
75 | separated by spaces. If specified, login is allowed only for | ||
76 | user names that match one of the patterns. Only user names are | ||
77 | valid; a numerical user ID is not recognized. By default, login | ||
78 | is allowed for all users. If the pattern takes the form | ||
79 | USER@HOST then USER and HOST are separately checked, restricting | ||
80 | logins to particular users from particular hosts. HOST criteria | ||
81 | may additionally contain addresses to match in CIDR | ||
82 | address/masklen format. The allow/deny directives are processed | ||
83 | in the following order: DenyUsers, AllowUsers, DenyGroups, and | ||
84 | finally AllowGroups. | ||
85 | |||
86 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
87 | |||
88 | AuthenticationMethods | ||
89 | Specifies the authentication methods that must be successfully | ||
90 | completed for a user to be granted access. This option must be | ||
91 | followed by one or more lists of comma-separated authentication | ||
92 | method names, or by the single string any to indicate the default | ||
93 | behaviour of accepting any single authentication method. If the | ||
94 | default is overridden, then successful authentication requires | ||
95 | completion of every method in at least one of these lists. | ||
96 | |||
97 | For example, "publickey,password publickey,keyboard-interactive" | ||
98 | would require the user to complete public key authentication, | ||
99 | followed by either password or keyboard interactive | ||
100 | authentication. Only methods that are next in one or more lists | ||
101 | are offered at each stage, so for this example it would not be | ||
102 | possible to attempt password or keyboard-interactive | ||
103 | authentication before public key. | ||
104 | |||
105 | For keyboard interactive authentication it is also possible to | ||
106 | restrict authentication to a specific device by appending a colon | ||
107 | followed by the device identifier bsdauth or pam. depending on | ||
108 | the server configuration. For example, | ||
109 | "keyboard-interactive:bsdauth" would restrict keyboard | ||
110 | interactive authentication to the bsdauth device. | ||
111 | |||
112 | If the publickey method is listed more than once, sshd(8) | ||
113 | verifies that keys that have been used successfully are not | ||
114 | reused for subsequent authentications. For example, | ||
115 | "publickey,publickey" requires successful authentication using | ||
116 | two different public keys. | ||
117 | |||
118 | Note that each authentication method listed should also be | ||
119 | explicitly enabled in the configuration. | ||
120 | |||
121 | The available authentication methods are: "gssapi-with-mic", | ||
122 | "hostbased", "keyboard-interactive", "none" (used for access to | ||
123 | password-less accounts when PermitEmptyPasswords is enabled), | ||
124 | "password" and "publickey". | ||
125 | |||
126 | AuthorizedKeysCommand | ||
127 | Specifies a program to be used to look up the user's public keys. | ||
128 | The program must be owned by root, not writable by group or | ||
129 | others and specified by an absolute path. Arguments to | ||
130 | AuthorizedKeysCommand accept the tokens described in the TOKENS | ||
131 | section. If no arguments are specified then the username of the | ||
132 | target user is used. | ||
133 | |||
134 | The program should produce on standard output zero or more lines | ||
135 | of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a | ||
136 | key supplied by AuthorizedKeysCommand does not successfully | ||
137 | authenticate and authorize the user then public key | ||
138 | authentication continues using the usual AuthorizedKeysFile | ||
139 | files. By default, no AuthorizedKeysCommand is run. | ||
140 | |||
141 | AuthorizedKeysCommandUser | ||
142 | Specifies the user under whose account the AuthorizedKeysCommand | ||
143 | is run. It is recommended to use a dedicated user that has no | ||
144 | other role on the host than running authorized keys commands. If | ||
145 | AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser | ||
146 | is not, then sshd(8) will refuse to start. | ||
147 | |||
148 | AuthorizedKeysFile | ||
149 | Specifies the file that contains the public keys used for user | ||
150 | authentication. The format is described in the AUTHORIZED_KEYS | ||
151 | FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile | ||
152 | accept the tokens described in the TOKENS section. After | ||
153 | expansion, AuthorizedKeysFile is taken to be an absolute path or | ||
154 | one relative to the user's home directory. Multiple files may be | ||
155 | listed, separated by whitespace. Alternately this option may be | ||
156 | set to none to skip checking for user keys in files. The default | ||
157 | is ".ssh/authorized_keys .ssh/authorized_keys2". | ||
158 | |||
159 | AuthorizedPrincipalsCommand | ||
160 | Specifies a program to be used to generate the list of allowed | ||
161 | certificate principals as per AuthorizedPrincipalsFile. The | ||
162 | program must be owned by root, not writable by group or others | ||
163 | and specified by an absolute path. Arguments to | ||
164 | AuthorizedPrincipalsCommand accept the tokens described in the | ||
165 | TOKENS section. If no arguments are specified then the username | ||
166 | of the target user is used. | ||
167 | |||
168 | The program should produce on standard output zero or more lines | ||
169 | of AuthorizedPrincipalsFile output. If either | ||
170 | AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is | ||
171 | specified, then certificates offered by the client for | ||
172 | authentication must contain a principal that is listed. By | ||
173 | default, no AuthorizedPrincipalsCommand is run. | ||
174 | |||
175 | AuthorizedPrincipalsCommandUser | ||
176 | Specifies the user under whose account the | ||
177 | AuthorizedPrincipalsCommand is run. It is recommended to use a | ||
178 | dedicated user that has no other role on the host than running | ||
179 | authorized principals commands. If AuthorizedPrincipalsCommand | ||
180 | is specified but AuthorizedPrincipalsCommandUser is not, then | ||
181 | sshd(8) will refuse to start. | ||
182 | |||
183 | AuthorizedPrincipalsFile | ||
184 | Specifies a file that lists principal names that are accepted for | ||
185 | certificate authentication. When using certificates signed by a | ||
186 | key listed in TrustedUserCAKeys, this file lists names, one of | ||
187 | which must appear in the certificate for it to be accepted for | ||
188 | authentication. Names are listed one per line preceded by key | ||
189 | options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). | ||
190 | Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored. | ||
191 | |||
192 | Arguments to AuthorizedPrincipalsFile accept the tokens described | ||
193 | in the TOKENS section. After expansion, AuthorizedPrincipalsFile | ||
194 | is taken to be an absolute path or one relative to the user's | ||
195 | home directory. The default is none, i.e. not to use a | ||
196 | principals file M-bM-^@M-^S in this case, the username of the user must | ||
197 | appear in a certificate's principals list for it to be accepted. | ||
198 | |||
199 | Note that AuthorizedPrincipalsFile is only used when | ||
200 | authentication proceeds using a CA listed in TrustedUserCAKeys | ||
201 | and is not consulted for certification authorities trusted via | ||
202 | ~/.ssh/authorized_keys, though the principals= key option offers | ||
203 | a similar facility (see sshd(8) for details). | ||
204 | |||
205 | Banner The contents of the specified file are sent to the remote user | ||
206 | before authentication is allowed. If the argument is none then | ||
207 | no banner is displayed. By default, no banner is displayed. | ||
208 | |||
209 | CASignatureAlgorithms | ||
210 | Specifies which algorithms are allowed for signing of | ||
211 | certificates by certificate authorities (CAs). The default is: | ||
212 | |||
213 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
214 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
215 | |||
216 | Certificates signed using other algorithms will not be accepted | ||
217 | for public key or host-based authentication. | ||
218 | |||
219 | ChallengeResponseAuthentication | ||
220 | Specifies whether challenge-response authentication is allowed | ||
221 | (e.g. via PAM or through authentication styles supported in | ||
222 | login.conf(5)) The default is yes. | ||
223 | |||
224 | ChrootDirectory | ||
225 | Specifies the pathname of a directory to chroot(2) to after | ||
226 | authentication. At session startup sshd(8) checks that all | ||
227 | components of the pathname are root-owned directories which are | ||
228 | not writable by any other user or group. After the chroot, | ||
229 | sshd(8) changes the working directory to the user's home | ||
230 | directory. Arguments to ChrootDirectory accept the tokens | ||
231 | described in the TOKENS section. | ||
232 | |||
233 | The ChrootDirectory must contain the necessary files and | ||
234 | directories to support the user's session. For an interactive | ||
235 | session this requires at least a shell, typically sh(1), and | ||
236 | basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), | ||
237 | stderr(4), and tty(4) devices. For file transfer sessions using | ||
238 | SFTP no additional configuration of the environment is necessary | ||
239 | if the in-process sftp-server is used, though sessions which use | ||
240 | logging may require /dev/log inside the chroot directory on some | ||
241 | operating systems (see sftp-server(8) for details). | ||
242 | |||
243 | For safety, it is very important that the directory hierarchy be | ||
244 | prevented from modification by other processes on the system | ||
245 | (especially those outside the jail). Misconfiguration can lead | ||
246 | to unsafe environments which sshd(8) cannot detect. | ||
247 | |||
248 | The default is none, indicating not to chroot(2). | ||
249 | |||
250 | Ciphers | ||
251 | Specifies the ciphers allowed. Multiple ciphers must be comma- | ||
252 | separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
253 | then the specified ciphers will be appended to the default set | ||
254 | instead of replacing them. If the specified list begins with a | ||
255 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) | ||
256 | will be removed from the default set instead of replacing them. | ||
257 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
258 | specified ciphers will be placed at the head of the default set. | ||
259 | |||
260 | The supported ciphers are: | ||
261 | |||
262 | 3des-cbc | ||
263 | aes128-cbc | ||
264 | aes192-cbc | ||
265 | aes256-cbc | ||
266 | aes128-ctr | ||
267 | aes192-ctr | ||
268 | aes256-ctr | ||
269 | aes128-gcm@openssh.com | ||
270 | aes256-gcm@openssh.com | ||
271 | chacha20-poly1305@openssh.com | ||
272 | |||
273 | The default is: | ||
274 | |||
275 | chacha20-poly1305@openssh.com, | ||
276 | aes128-ctr,aes192-ctr,aes256-ctr, | ||
277 | aes128-gcm@openssh.com,aes256-gcm@openssh.com | ||
278 | |||
279 | The list of available ciphers may also be obtained using "ssh -Q | ||
280 | cipher". | ||
281 | |||
282 | ClientAliveCountMax | ||
283 | Sets the number of client alive messages which may be sent | ||
284 | without sshd(8) receiving any messages back from the client. If | ||
285 | this threshold is reached while client alive messages are being | ||
286 | sent, sshd will disconnect the client, terminating the session. | ||
287 | It is important to note that the use of client alive messages is | ||
288 | very different from TCPKeepAlive. The client alive messages are | ||
289 | sent through the encrypted channel and therefore will not be | ||
290 | spoofable. The TCP keepalive option enabled by TCPKeepAlive is | ||
291 | spoofable. The client alive mechanism is valuable when the | ||
292 | client or server depend on knowing when a connection has become | ||
293 | unresponsive. | ||
294 | |||
295 | The default value is 3. If ClientAliveInterval is set to 15, and | ||
296 | ClientAliveCountMax is left at the default, unresponsive SSH | ||
297 | clients will be disconnected after approximately 45 seconds. | ||
298 | |||
299 | ClientAliveInterval | ||
300 | Sets a timeout interval in seconds after which if no data has | ||
301 | been received from the client, sshd(8) will send a message | ||
302 | through the encrypted channel to request a response from the | ||
303 | client. The default is 0, indicating that these messages will | ||
304 | not be sent to the client. | ||
305 | |||
306 | Compression | ||
307 | Specifies whether compression is enabled after the user has | ||
308 | authenticated successfully. The argument must be yes, delayed (a | ||
309 | legacy synonym for yes) or no. The default is yes. | ||
310 | |||
311 | DenyGroups | ||
312 | This keyword can be followed by a list of group name patterns, | ||
313 | separated by spaces. Login is disallowed for users whose primary | ||
314 | group or supplementary group list matches one of the patterns. | ||
315 | Only group names are valid; a numerical group ID is not | ||
316 | recognized. By default, login is allowed for all groups. The | ||
317 | allow/deny directives are processed in the following order: | ||
318 | DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. | ||
319 | |||
320 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
321 | |||
322 | DenyUsers | ||
323 | This keyword can be followed by a list of user name patterns, | ||
324 | separated by spaces. Login is disallowed for user names that | ||
325 | match one of the patterns. Only user names are valid; a | ||
326 | numerical user ID is not recognized. By default, login is | ||
327 | allowed for all users. If the pattern takes the form USER@HOST | ||
328 | then USER and HOST are separately checked, restricting logins to | ||
329 | particular users from particular hosts. HOST criteria may | ||
330 | additionally contain addresses to match in CIDR address/masklen | ||
331 | format. The allow/deny directives are processed in the following | ||
332 | order: DenyUsers, AllowUsers, DenyGroups, and finally | ||
333 | AllowGroups. | ||
334 | |||
335 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
336 | |||
337 | DisableForwarding | ||
338 | Disables all forwarding features, including X11, ssh-agent(1), | ||
339 | TCP and StreamLocal. This option overrides all other forwarding- | ||
340 | related options and may simplify restricted configurations. | ||
341 | |||
342 | ExposeAuthInfo | ||
343 | Writes a temporary file containing a list of authentication | ||
344 | methods and public credentials (e.g. keys) used to authenticate | ||
345 | the user. The location of the file is exposed to the user | ||
346 | session through the SSH_USER_AUTH environment variable. The | ||
347 | default is no. | ||
348 | |||
349 | FingerprintHash | ||
350 | Specifies the hash algorithm used when logging key fingerprints. | ||
351 | Valid options are: md5 and sha256. The default is sha256. | ||
352 | |||
353 | ForceCommand | ||
354 | Forces the execution of the command specified by ForceCommand, | ||
355 | ignoring any command supplied by the client and ~/.ssh/rc if | ||
356 | present. The command is invoked by using the user's login shell | ||
357 | with the -c option. This applies to shell, command, or subsystem | ||
358 | execution. It is most useful inside a Match block. The command | ||
359 | originally supplied by the client is available in the | ||
360 | SSH_ORIGINAL_COMMAND environment variable. Specifying a command | ||
361 | of internal-sftp will force the use of an in-process SFTP server | ||
362 | that requires no support files when used with ChrootDirectory. | ||
363 | The default is none. | ||
364 | |||
365 | GatewayPorts | ||
366 | Specifies whether remote hosts are allowed to connect to ports | ||
367 | forwarded for the client. By default, sshd(8) binds remote port | ||
368 | forwardings to the loopback address. This prevents other remote | ||
369 | hosts from connecting to forwarded ports. GatewayPorts can be | ||
370 | used to specify that sshd should allow remote port forwardings to | ||
371 | bind to non-loopback addresses, thus allowing other hosts to | ||
372 | connect. The argument may be no to force remote port forwardings | ||
373 | to be available to the local host only, yes to force remote port | ||
374 | forwardings to bind to the wildcard address, or clientspecified | ||
375 | to allow the client to select the address to which the forwarding | ||
376 | is bound. The default is no. | ||
377 | |||
378 | GSSAPIAuthentication | ||
379 | Specifies whether user authentication based on GSSAPI is allowed. | ||
380 | The default is no. | ||
381 | |||
382 | GSSAPICleanupCredentials | ||
383 | Specifies whether to automatically destroy the user's credentials | ||
384 | cache on logout. The default is yes. | ||
385 | |||
386 | GSSAPIStrictAcceptorCheck | ||
387 | Determines whether to be strict about the identity of the GSSAPI | ||
388 | acceptor a client authenticates against. If set to yes then the | ||
389 | client must authenticate against the host service on the current | ||
390 | hostname. If set to no then the client may authenticate against | ||
391 | any service key stored in the machine's default store. This | ||
392 | facility is provided to assist with operation on multi homed | ||
393 | machines. The default is yes. | ||
394 | |||
395 | HostbasedAcceptedKeyTypes | ||
396 | Specifies the key types that will be accepted for hostbased | ||
397 | authentication as a list of comma-separated patterns. | ||
398 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
399 | then the specified key types will be appended to the default set | ||
400 | instead of replacing them. If the specified list begins with a | ||
401 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | ||
402 | will be removed from the default set instead of replacing them. | ||
403 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
404 | specified key types will be placed at the head of the default | ||
405 | set. The default for this option is: | ||
406 | |||
407 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
408 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
409 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
410 | ssh-ed25519-cert-v01@openssh.com, | ||
411 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | ||
412 | ssh-rsa-cert-v01@openssh.com, | ||
413 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
414 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
415 | |||
416 | The list of available key types may also be obtained using "ssh | ||
417 | -Q key". | ||
418 | |||
419 | HostbasedAuthentication | ||
420 | Specifies whether rhosts or /etc/hosts.equiv authentication | ||
421 | together with successful public key client host authentication is | ||
422 | allowed (host-based authentication). The default is no. | ||
423 | |||
424 | HostbasedUsesNameFromPacketOnly | ||
425 | Specifies whether or not the server will attempt to perform a | ||
426 | reverse name lookup when matching the name in the ~/.shosts, | ||
427 | ~/.rhosts, and /etc/hosts.equiv files during | ||
428 | HostbasedAuthentication. A setting of yes means that sshd(8) | ||
429 | uses the name supplied by the client rather than attempting to | ||
430 | resolve the name from the TCP connection itself. The default is | ||
431 | no. | ||
432 | |||
433 | HostCertificate | ||
434 | Specifies a file containing a public host certificate. The | ||
435 | certificate's public key must match a private host key already | ||
436 | specified by HostKey. The default behaviour of sshd(8) is not to | ||
437 | load any certificates. | ||
438 | |||
439 | HostKey | ||
440 | Specifies a file containing a private host key used by SSH. The | ||
441 | defaults are /etc/ssh/ssh_host_ecdsa_key, | ||
442 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. | ||
443 | |||
444 | Note that sshd(8) will refuse to use a file if it is group/world- | ||
445 | accessible and that the HostKeyAlgorithms option restricts which | ||
446 | of the keys are actually used by sshd(8). | ||
447 | |||
448 | It is possible to have multiple host key files. It is also | ||
449 | possible to specify public host key files instead. In this case | ||
450 | operations on the private key will be delegated to an | ||
451 | ssh-agent(1). | ||
452 | |||
453 | HostKeyAgent | ||
454 | Identifies the UNIX-domain socket used to communicate with an | ||
455 | agent that has access to the private host keys. If the string | ||
456 | "SSH_AUTH_SOCK" is specified, the location of the socket will be | ||
457 | read from the SSH_AUTH_SOCK environment variable. | ||
458 | |||
459 | HostKeyAlgorithms | ||
460 | Specifies the host key algorithms that the server offers. The | ||
461 | default for this option is: | ||
462 | |||
463 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
464 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
465 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
466 | ssh-ed25519-cert-v01@openssh.com, | ||
467 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | ||
468 | ssh-rsa-cert-v01@openssh.com, | ||
469 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
470 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
471 | |||
472 | The list of available key types may also be obtained using "ssh | ||
473 | -Q key". | ||
474 | |||
475 | IgnoreRhosts | ||
476 | Specifies that .rhosts and .shosts files will not be used in | ||
477 | HostbasedAuthentication. | ||
478 | |||
479 | /etc/hosts.equiv and /etc/shosts.equiv are still used. The | ||
480 | default is yes. | ||
481 | |||
482 | IgnoreUserKnownHosts | ||
483 | Specifies whether sshd(8) should ignore the user's | ||
484 | ~/.ssh/known_hosts during HostbasedAuthentication and use only | ||
485 | the system-wide known hosts file /etc/ssh/known_hosts. The | ||
486 | default is no. | ||
487 | |||
488 | IPQoS Specifies the IPv4 type-of-service or DSCP class for the | ||
489 | connection. Accepted values are af11, af12, af13, af21, af22, | ||
490 | af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, | ||
491 | cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, a | ||
492 | numeric value, or none to use the operating system default. This | ||
493 | option may take one or two arguments, separated by whitespace. | ||
494 | If one argument is specified, it is used as the packet class | ||
495 | unconditionally. If two values are specified, the first is | ||
496 | automatically selected for interactive sessions and the second | ||
497 | for non-interactive sessions. The default is af21 (Low-Latency | ||
498 | Data) for interactive sessions and cs1 (Lower Effort) for non- | ||
499 | interactive sessions. | ||
500 | |||
501 | KbdInteractiveAuthentication | ||
502 | Specifies whether to allow keyboard-interactive authentication. | ||
503 | The argument to this keyword must be yes or no. The default is | ||
504 | to use whatever value ChallengeResponseAuthentication is set to | ||
505 | (by default yes). | ||
506 | |||
507 | KerberosAuthentication | ||
508 | Specifies whether the password provided by the user for | ||
509 | PasswordAuthentication will be validated through the Kerberos | ||
510 | KDC. To use this option, the server needs a Kerberos servtab | ||
511 | which allows the verification of the KDC's identity. The default | ||
512 | is no. | ||
513 | |||
514 | KerberosGetAFSToken | ||
515 | If AFS is active and the user has a Kerberos 5 TGT, attempt to | ||
516 | acquire an AFS token before accessing the user's home directory. | ||
517 | The default is no. | ||
518 | |||
519 | KerberosOrLocalPasswd | ||
520 | If password authentication through Kerberos fails then the | ||
521 | password will be validated via any additional local mechanism | ||
522 | such as /etc/passwd. The default is yes. | ||
523 | |||
524 | KerberosTicketCleanup | ||
525 | Specifies whether to automatically destroy the user's ticket | ||
526 | cache file on logout. The default is yes. | ||
527 | |||
528 | KexAlgorithms | ||
529 | Specifies the available KEX (Key Exchange) algorithms. Multiple | ||
530 | algorithms must be comma-separated. Alternately if the specified | ||
531 | list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will | ||
532 | be appended to the default set instead of replacing them. If the | ||
533 | specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified | ||
534 | methods (including wildcards) will be removed from the default | ||
535 | set instead of replacing them. If the specified list begins with | ||
536 | a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the | ||
537 | head of the default set. The supported algorithms are: | ||
538 | |||
539 | curve25519-sha256 | ||
540 | curve25519-sha256@libssh.org | ||
541 | diffie-hellman-group1-sha1 | ||
542 | diffie-hellman-group14-sha1 | ||
543 | diffie-hellman-group14-sha256 | ||
544 | diffie-hellman-group16-sha512 | ||
545 | diffie-hellman-group18-sha512 | ||
546 | diffie-hellman-group-exchange-sha1 | ||
547 | diffie-hellman-group-exchange-sha256 | ||
548 | ecdh-sha2-nistp256 | ||
549 | ecdh-sha2-nistp384 | ||
550 | ecdh-sha2-nistp521 | ||
551 | |||
552 | The default is: | ||
553 | |||
554 | curve25519-sha256,curve25519-sha256@libssh.org, | ||
555 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | ||
556 | diffie-hellman-group-exchange-sha256, | ||
557 | diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, | ||
558 | diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 | ||
559 | |||
560 | The list of available key exchange algorithms may also be | ||
561 | obtained using "ssh -Q kex". | ||
562 | |||
563 | ListenAddress | ||
564 | Specifies the local addresses sshd(8) should listen on. The | ||
565 | following forms may be used: | ||
566 | |||
567 | ListenAddress hostname|address [rdomain domain] | ||
568 | ListenAddress hostname:port [rdomain domain] | ||
569 | ListenAddress IPv4_address:port [rdomain domain] | ||
570 | ListenAddress [hostname|address]:port [rdomain domain] | ||
571 | |||
572 | The optional rdomain qualifier requests sshd(8) listen in an | ||
573 | explicit routing domain. If port is not specified, sshd will | ||
574 | listen on the address and all Port options specified. The | ||
575 | default is to listen on all local addresses on the current | ||
576 | default routing domain. Multiple ListenAddress options are | ||
577 | permitted. For more information on routing domains, see | ||
578 | rdomain(4). | ||
579 | |||
580 | LoginGraceTime | ||
581 | The server disconnects after this time if the user has not | ||
582 | successfully logged in. If the value is 0, there is no time | ||
583 | limit. The default is 120 seconds. | ||
584 | |||
585 | LogLevel | ||
586 | Gives the verbosity level that is used when logging messages from | ||
587 | sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, | ||
588 | VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. | ||
589 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | ||
590 | higher levels of debugging output. Logging with a DEBUG level | ||
591 | violates the privacy of users and is not recommended. | ||
592 | |||
593 | MACs Specifies the available MAC (message authentication code) | ||
594 | algorithms. The MAC algorithm is used for data integrity | ||
595 | protection. Multiple algorithms must be comma-separated. If the | ||
596 | specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | ||
597 | algorithms will be appended to the default set instead of | ||
598 | replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y | ||
599 | character, then the specified algorithms (including wildcards) | ||
600 | will be removed from the default set instead of replacing them. | ||
601 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
602 | specified algorithms will be placed at the head of the default | ||
603 | set. | ||
604 | |||
605 | The algorithms that contain "-etm" calculate the MAC after | ||
606 | encryption (encrypt-then-mac). These are considered safer and | ||
607 | their use recommended. The supported MACs are: | ||
608 | |||
609 | hmac-md5 | ||
610 | hmac-md5-96 | ||
611 | hmac-sha1 | ||
612 | hmac-sha1-96 | ||
613 | hmac-sha2-256 | ||
614 | hmac-sha2-512 | ||
615 | umac-64@openssh.com | ||
616 | umac-128@openssh.com | ||
617 | hmac-md5-etm@openssh.com | ||
618 | hmac-md5-96-etm@openssh.com | ||
619 | hmac-sha1-etm@openssh.com | ||
620 | hmac-sha1-96-etm@openssh.com | ||
621 | hmac-sha2-256-etm@openssh.com | ||
622 | hmac-sha2-512-etm@openssh.com | ||
623 | umac-64-etm@openssh.com | ||
624 | umac-128-etm@openssh.com | ||
625 | |||
626 | The default is: | ||
627 | |||
628 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | ||
629 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | ||
630 | hmac-sha1-etm@openssh.com, | ||
631 | umac-64@openssh.com,umac-128@openssh.com, | ||
632 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 | ||
633 | |||
634 | The list of available MAC algorithms may also be obtained using | ||
635 | "ssh -Q mac". | ||
636 | |||
637 | Match Introduces a conditional block. If all of the criteria on the | ||
638 | Match line are satisfied, the keywords on the following lines | ||
639 | override those set in the global section of the config file, | ||
640 | until either another Match line or the end of the file. If a | ||
641 | keyword appears in multiple Match blocks that are satisfied, only | ||
642 | the first instance of the keyword is applied. | ||
643 | |||
644 | The arguments to Match are one or more criteria-pattern pairs or | ||
645 | the single token All which matches all criteria. The available | ||
646 | criteria are User, Group, Host, LocalAddress, LocalPort, RDomain, | ||
647 | and Address (with RDomain representing the rdomain(4) on which | ||
648 | the connection was received). | ||
649 | |||
650 | The match patterns may consist of single entries or comma- | ||
651 | separated lists and may use the wildcard and negation operators | ||
652 | described in the PATTERNS section of ssh_config(5). | ||
653 | |||
654 | The patterns in an Address criteria may additionally contain | ||
655 | addresses to match in CIDR address/masklen format, such as | ||
656 | 192.0.2.0/24 or 2001:db8::/32. Note that the mask length | ||
657 | provided must be consistent with the address - it is an error to | ||
658 | specify a mask length that is too long for the address or one | ||
659 | with bits set in this host portion of the address. For example, | ||
660 | 192.0.2.0/33 and 192.0.2.0/8, respectively. | ||
661 | |||
662 | Only a subset of keywords may be used on the lines following a | ||
663 | Match keyword. Available keywords are AcceptEnv, | ||
664 | AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, | ||
665 | AllowTcpForwarding, AllowUsers, AuthenticationMethods, | ||
666 | AuthorizedKeysCommand, AuthorizedKeysCommandUser, | ||
667 | AuthorizedKeysFile, AuthorizedPrincipalsCommand, | ||
668 | AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, | ||
669 | Banner, ChrootDirectory, ClientAliveCountMax, | ||
670 | ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, | ||
671 | GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, | ||
672 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, | ||
673 | KbdInteractiveAuthentication, KerberosAuthentication, LogLevel, | ||
674 | MaxAuthTries, MaxSessions, PasswordAuthentication, | ||
675 | PermitEmptyPasswords, PermitListen, PermitOpen, PermitRootLogin, | ||
676 | PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, | ||
677 | PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv, | ||
678 | StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, | ||
679 | X11DisplayOffset, X11Forwarding and X11UseLocalhost. | ||
680 | |||
681 | MaxAuthTries | ||
682 | Specifies the maximum number of authentication attempts permitted | ||
683 | per connection. Once the number of failures reaches half this | ||
684 | value, additional failures are logged. The default is 6. | ||
685 | |||
686 | MaxSessions | ||
687 | Specifies the maximum number of open shell, login or subsystem | ||
688 | (e.g. sftp) sessions permitted per network connection. Multiple | ||
689 | sessions may be established by clients that support connection | ||
690 | multiplexing. Setting MaxSessions to 1 will effectively disable | ||
691 | session multiplexing, whereas setting it to 0 will prevent all | ||
692 | shell, login and subsystem sessions while still permitting | ||
693 | forwarding. The default is 10. | ||
694 | |||
695 | MaxStartups | ||
696 | Specifies the maximum number of concurrent unauthenticated | ||
697 | connections to the SSH daemon. Additional connections will be | ||
698 | dropped until authentication succeeds or the LoginGraceTime | ||
699 | expires for a connection. The default is 10:30:100. | ||
700 | |||
701 | Alternatively, random early drop can be enabled by specifying the | ||
702 | three colon separated values start:rate:full (e.g. "10:30:60"). | ||
703 | sshd(8) will refuse connection attempts with a probability of | ||
704 | rate/100 (30%) if there are currently start (10) unauthenticated | ||
705 | connections. The probability increases linearly and all | ||
706 | connection attempts are refused if the number of unauthenticated | ||
707 | connections reaches full (60). | ||
708 | |||
709 | PasswordAuthentication | ||
710 | Specifies whether password authentication is allowed. The | ||
711 | default is yes. | ||
712 | |||
713 | PermitEmptyPasswords | ||
714 | When password authentication is allowed, it specifies whether the | ||
715 | server allows login to accounts with empty password strings. The | ||
716 | default is no. | ||
717 | |||
718 | PermitListen | ||
719 | Specifies the addresses/ports on which a remote TCP port | ||
720 | forwarding may listen. The listen specification must be one of | ||
721 | the following forms: | ||
722 | |||
723 | PermitListen port | ||
724 | PermitListen host:port | ||
725 | |||
726 | Multiple permissions may be specified by separating them with | ||
727 | whitespace. An argument of any can be used to remove all | ||
728 | restrictions and permit any listen requests. An argument of none | ||
729 | can be used to prohibit all listen requests. The host name may | ||
730 | contain wildcards as described in the PATTERNS section in | ||
731 | ssh_config(5). The wildcard M-bM-^@M-^X*M-bM-^@M-^Y can also be used in place of a | ||
732 | port number to allow all ports. By default all port forwarding | ||
733 | listen requests are permitted. Note that the GatewayPorts option | ||
734 | may further restrict which addresses may be listened on. Note | ||
735 | also that ssh(1) will request a listen host of M-bM-^@M-^\localhostM-bM-^@M-^] if no | ||
736 | listen host was specifically requested, and this name is treated | ||
737 | differently to explicit localhost addresses of M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and | ||
738 | M-bM-^@M-^\::1M-bM-^@M-^]. | ||
739 | |||
740 | PermitOpen | ||
741 | Specifies the destinations to which TCP port forwarding is | ||
742 | permitted. The forwarding specification must be one of the | ||
743 | following forms: | ||
744 | |||
745 | PermitOpen host:port | ||
746 | PermitOpen IPv4_addr:port | ||
747 | PermitOpen [IPv6_addr]:port | ||
748 | |||
749 | Multiple forwards may be specified by separating them with | ||
750 | whitespace. An argument of any can be used to remove all | ||
751 | restrictions and permit any forwarding requests. An argument of | ||
752 | none can be used to prohibit all forwarding requests. The | ||
753 | wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or | ||
754 | ports, respectively. By default all port forwarding requests are | ||
755 | permitted. | ||
756 | |||
757 | PermitRootLogin | ||
758 | Specifies whether root can log in using ssh(1). The argument | ||
759 | must be yes, prohibit-password, forced-commands-only, or no. The | ||
760 | default is prohibit-password. | ||
761 | |||
762 | If this option is set to prohibit-password (or its deprecated | ||
763 | alias, without-password), password and keyboard-interactive | ||
764 | authentication are disabled for root. | ||
765 | |||
766 | If this option is set to forced-commands-only, root login with | ||
767 | public key authentication will be allowed, but only if the | ||
768 | command option has been specified (which may be useful for taking | ||
769 | remote backups even if root login is normally not allowed). All | ||
770 | other authentication methods are disabled for root. | ||
771 | |||
772 | If this option is set to no, root is not allowed to log in. | ||
773 | |||
774 | PermitTTY | ||
775 | Specifies whether pty(4) allocation is permitted. The default is | ||
776 | yes. | ||
777 | |||
778 | PermitTunnel | ||
779 | Specifies whether tun(4) device forwarding is allowed. The | ||
780 | argument must be yes, point-to-point (layer 3), ethernet (layer | ||
781 | 2), or no. Specifying yes permits both point-to-point and | ||
782 | ethernet. The default is no. | ||
783 | |||
784 | Independent of this setting, the permissions of the selected | ||
785 | tun(4) device must allow access to the user. | ||
786 | |||
787 | PermitUserEnvironment | ||
788 | Specifies whether ~/.ssh/environment and environment= options in | ||
789 | ~/.ssh/authorized_keys are processed by sshd(8). Valid options | ||
790 | are yes, no or a pattern-list specifying which environment | ||
791 | variable names to accept (for example "LANG,LC_*"). The default | ||
792 | is no. Enabling environment processing may enable users to | ||
793 | bypass access restrictions in some configurations using | ||
794 | mechanisms such as LD_PRELOAD. | ||
795 | |||
796 | PermitUserRC | ||
797 | Specifies whether any ~/.ssh/rc file is executed. The default is | ||
798 | yes. | ||
799 | |||
800 | PidFile | ||
801 | Specifies the file that contains the process ID of the SSH | ||
802 | daemon, or none to not write one. The default is | ||
803 | /var/run/sshd.pid. | ||
804 | |||
805 | Port Specifies the port number that sshd(8) listens on. The default | ||
806 | is 22. Multiple options of this type are permitted. See also | ||
807 | ListenAddress. | ||
808 | |||
809 | PrintLastLog | ||
810 | Specifies whether sshd(8) should print the date and time of the | ||
811 | last user login when a user logs in interactively. The default | ||
812 | is yes. | ||
813 | |||
814 | PrintMotd | ||
815 | Specifies whether sshd(8) should print /etc/motd when a user logs | ||
816 | in interactively. (On some systems it is also printed by the | ||
817 | shell, /etc/profile, or equivalent.) The default is yes. | ||
818 | |||
819 | PubkeyAcceptedKeyTypes | ||
820 | Specifies the key types that will be accepted for public key | ||
821 | authentication as a list of comma-separated patterns. | ||
822 | Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
823 | then the specified key types will be appended to the default set | ||
824 | instead of replacing them. If the specified list begins with a | ||
825 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards) | ||
826 | will be removed from the default set instead of replacing them. | ||
827 | If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the | ||
828 | specified key types will be placed at the head of the default | ||
829 | set. The default for this option is: | ||
830 | |||
831 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
832 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
833 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
834 | ssh-ed25519-cert-v01@openssh.com, | ||
835 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | ||
836 | ssh-rsa-cert-v01@openssh.com, | ||
837 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
838 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | ||
839 | |||
840 | The list of available key types may also be obtained using "ssh | ||
841 | -Q key". | ||
842 | |||
843 | PubkeyAuthentication | ||
844 | Specifies whether public key authentication is allowed. The | ||
845 | default is yes. | ||
846 | |||
847 | RekeyLimit | ||
848 | Specifies the maximum amount of data that may be transmitted | ||
849 | before the session key is renegotiated, optionally followed a | ||
850 | maximum amount of time that may pass before the session key is | ||
851 | renegotiated. The first argument is specified in bytes and may | ||
852 | have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, | ||
853 | Megabytes, or Gigabytes, respectively. The default is between | ||
854 | M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second | ||
855 | value is specified in seconds and may use any of the units | ||
856 | documented in the TIME FORMATS section. The default value for | ||
857 | RekeyLimit is default none, which means that rekeying is | ||
858 | performed after the cipher's default amount of data has been sent | ||
859 | or received and no time based rekeying is done. | ||
860 | |||
861 | RevokedKeys | ||
862 | Specifies revoked public keys file, or none to not use one. Keys | ||
863 | listed in this file will be refused for public key | ||
864 | authentication. Note that if this file is not readable, then | ||
865 | public key authentication will be refused for all users. Keys | ||
866 | may be specified as a text file, listing one public key per line, | ||
867 | or as an OpenSSH Key Revocation List (KRL) as generated by | ||
868 | ssh-keygen(1). For more information on KRLs, see the KEY | ||
869 | REVOCATION LISTS section in ssh-keygen(1). | ||
870 | |||
871 | RDomain | ||
872 | Specifies an explicit routing domain that is applied after | ||
873 | authentication has completed. The user session, as well and any | ||
874 | forwarded or listening IP sockets, will be bound to this | ||
875 | rdomain(4). If the routing domain is set to %D, then the domain | ||
876 | in which the incoming connection was received will be applied. | ||
877 | |||
878 | SetEnv Specifies one or more environment variables to set in child | ||
879 | sessions started by sshd(8) as M-bM-^@M-^\NAME=VALUEM-bM-^@M-^]. The environment | ||
880 | value may be quoted (e.g. if it contains whitespace characters). | ||
881 | Environment variables set by SetEnv override the default | ||
882 | environment and any variables specified by the user via AcceptEnv | ||
883 | or PermitUserEnvironment. | ||
884 | |||
885 | StreamLocalBindMask | ||
886 | Sets the octal file creation mode mask (umask) used when creating | ||
887 | a Unix-domain socket file for local or remote port forwarding. | ||
888 | This option is only used for port forwarding to a Unix-domain | ||
889 | socket file. | ||
890 | |||
891 | The default value is 0177, which creates a Unix-domain socket | ||
892 | file that is readable and writable only by the owner. Note that | ||
893 | not all operating systems honor the file mode on Unix-domain | ||
894 | socket files. | ||
895 | |||
896 | StreamLocalBindUnlink | ||
897 | Specifies whether to remove an existing Unix-domain socket file | ||
898 | for local or remote port forwarding before creating a new one. | ||
899 | If the socket file already exists and StreamLocalBindUnlink is | ||
900 | not enabled, sshd will be unable to forward the port to the Unix- | ||
901 | domain socket file. This option is only used for port forwarding | ||
902 | to a Unix-domain socket file. | ||
903 | |||
904 | The argument must be yes or no. The default is no. | ||
905 | |||
906 | StrictModes | ||
907 | Specifies whether sshd(8) should check file modes and ownership | ||
908 | of the user's files and home directory before accepting login. | ||
909 | This is normally desirable because novices sometimes accidentally | ||
910 | leave their directory or files world-writable. The default is | ||
911 | yes. Note that this does not apply to ChrootDirectory, whose | ||
912 | permissions and ownership are checked unconditionally. | ||
913 | |||
914 | Subsystem | ||
915 | Configures an external subsystem (e.g. file transfer daemon). | ||
916 | Arguments should be a subsystem name and a command (with optional | ||
917 | arguments) to execute upon subsystem request. | ||
918 | |||
919 | The command sftp-server implements the SFTP file transfer | ||
920 | subsystem. | ||
921 | |||
922 | Alternately the name internal-sftp implements an in-process SFTP | ||
923 | server. This may simplify configurations using ChrootDirectory | ||
924 | to force a different filesystem root on clients. | ||
925 | |||
926 | By default no subsystems are defined. | ||
927 | |||
928 | SyslogFacility | ||
929 | Gives the facility code that is used when logging messages from | ||
930 | sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, | ||
931 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The | ||
932 | default is AUTH. | ||
933 | |||
934 | TCPKeepAlive | ||
935 | Specifies whether the system should send TCP keepalive messages | ||
936 | to the other side. If they are sent, death of the connection or | ||
937 | crash of one of the machines will be properly noticed. However, | ||
938 | this means that connections will die if the route is down | ||
939 | temporarily, and some people find it annoying. On the other | ||
940 | hand, if TCP keepalives are not sent, sessions may hang | ||
941 | indefinitely on the server, leaving "ghost" users and consuming | ||
942 | server resources. | ||
943 | |||
944 | The default is yes (to send TCP keepalive messages), and the | ||
945 | server will notice if the network goes down or the client host | ||
946 | crashes. This avoids infinitely hanging sessions. | ||
947 | |||
948 | To disable TCP keepalive messages, the value should be set to no. | ||
949 | |||
950 | TrustedUserCAKeys | ||
951 | Specifies a file containing public keys of certificate | ||
952 | authorities that are trusted to sign user certificates for | ||
953 | authentication, or none to not use one. Keys are listed one per | ||
954 | line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If | ||
955 | a certificate is presented for authentication and has its signing | ||
956 | CA key listed in this file, then it may be used for | ||
957 | authentication for any user listed in the certificate's | ||
958 | principals list. Note that certificates that lack a list of | ||
959 | principals will not be permitted for authentication using | ||
960 | TrustedUserCAKeys. For more details on certificates, see the | ||
961 | CERTIFICATES section in ssh-keygen(1). | ||
962 | |||
963 | UseDNS Specifies whether sshd(8) should look up the remote host name, | ||
964 | and to check that the resolved host name for the remote IP | ||
965 | address maps back to the very same IP address. | ||
966 | |||
967 | If this option is set to no (the default) then only addresses and | ||
968 | not host names may be used in ~/.ssh/authorized_keys from and | ||
969 | sshd_config Match Host directives. | ||
970 | |||
971 | UsePAM Enables the Pluggable Authentication Module interface. If set to | ||
972 | yes this will enable PAM authentication using | ||
973 | ChallengeResponseAuthentication and PasswordAuthentication in | ||
974 | addition to PAM account and session module processing for all | ||
975 | authentication types. | ||
976 | |||
977 | Because PAM challenge-response authentication usually serves an | ||
978 | equivalent role to password authentication, you should disable | ||
979 | either PasswordAuthentication or ChallengeResponseAuthentication. | ||
980 | |||
981 | If UsePAM is enabled, you will not be able to run sshd(8) as a | ||
982 | non-root user. The default is no. | ||
983 | |||
984 | VersionAddendum | ||
985 | Optionally specifies additional text to append to the SSH | ||
986 | protocol banner sent by the server upon connection. The default | ||
987 | is none. | ||
988 | |||
989 | X11DisplayOffset | ||
990 | Specifies the first display number available for sshd(8)'s X11 | ||
991 | forwarding. This prevents sshd from interfering with real X11 | ||
992 | servers. The default is 10. | ||
993 | |||
994 | X11Forwarding | ||
995 | Specifies whether X11 forwarding is permitted. The argument must | ||
996 | be yes or no. The default is no. | ||
997 | |||
998 | When X11 forwarding is enabled, there may be additional exposure | ||
999 | to the server and to client displays if the sshd(8) proxy display | ||
1000 | is configured to listen on the wildcard address (see | ||
1001 | X11UseLocalhost), though this is not the default. Additionally, | ||
1002 | the authentication spoofing and authentication data verification | ||
1003 | and substitution occur on the client side. The security risk of | ||
1004 | using X11 forwarding is that the client's X11 display server may | ||
1005 | be exposed to attack when the SSH client requests forwarding (see | ||
1006 | the warnings for ForwardX11 in ssh_config(5)). A system | ||
1007 | administrator may have a stance in which they want to protect | ||
1008 | clients that may expose themselves to attack by unwittingly | ||
1009 | requesting X11 forwarding, which can warrant a no setting. | ||
1010 | |||
1011 | Note that disabling X11 forwarding does not prevent users from | ||
1012 | forwarding X11 traffic, as users can always install their own | ||
1013 | forwarders. | ||
1014 | |||
1015 | X11UseLocalhost | ||
1016 | Specifies whether sshd(8) should bind the X11 forwarding server | ||
1017 | to the loopback address or to the wildcard address. By default, | ||
1018 | sshd binds the forwarding server to the loopback address and sets | ||
1019 | the hostname part of the DISPLAY environment variable to | ||
1020 | localhost. This prevents remote hosts from connecting to the | ||
1021 | proxy display. However, some older X11 clients may not function | ||
1022 | with this configuration. X11UseLocalhost may be set to no to | ||
1023 | specify that the forwarding server should be bound to the | ||
1024 | wildcard address. The argument must be yes or no. The default | ||
1025 | is yes. | ||
1026 | |||
1027 | XAuthLocation | ||
1028 | Specifies the full pathname of the xauth(1) program, or none to | ||
1029 | not use one. The default is /usr/X11R6/bin/xauth. | ||
1030 | |||
1031 | TIME FORMATS | ||
1032 | sshd(8) command-line arguments and configuration file options that | ||
1033 | specify time may be expressed using a sequence of the form: | ||
1034 | time[qualifier], where time is a positive integer value and qualifier is | ||
1035 | one of the following: | ||
1036 | |||
1037 | M-bM-^_M-(noneM-bM-^_M-) seconds | ||
1038 | s | S seconds | ||
1039 | m | M minutes | ||
1040 | h | H hours | ||
1041 | d | D days | ||
1042 | w | W weeks | ||
1043 | |||
1044 | Each member of the sequence is added together to calculate the total time | ||
1045 | value. | ||
1046 | |||
1047 | Time format examples: | ||
1048 | |||
1049 | 600 600 seconds (10 minutes) | ||
1050 | 10m 10 minutes | ||
1051 | 1h30m 1 hour 30 minutes (90 minutes) | ||
1052 | |||
1053 | TOKENS | ||
1054 | Arguments to some keywords can make use of tokens, which are expanded at | ||
1055 | runtime: | ||
1056 | |||
1057 | %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. | ||
1058 | %D The routing domain in which the incoming connection was | ||
1059 | received. | ||
1060 | %F The fingerprint of the CA key. | ||
1061 | %f The fingerprint of the key or certificate. | ||
1062 | %h The home directory of the user. | ||
1063 | %i The key ID in the certificate. | ||
1064 | %K The base64-encoded CA key. | ||
1065 | %k The base64-encoded key or certificate for authentication. | ||
1066 | %s The serial number of the certificate. | ||
1067 | %T The type of the CA key. | ||
1068 | %t The key or certificate type. | ||
1069 | %U The numeric user ID of the target user. | ||
1070 | %u The username. | ||
1071 | |||
1072 | AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u. | ||
1073 | |||
1074 | AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u. | ||
1075 | |||
1076 | AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, | ||
1077 | %k, %s, %T, %t, %U, and %u. | ||
1078 | |||
1079 | AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u. | ||
1080 | |||
1081 | ChrootDirectory accepts the tokens %%, %h, %U, and %u. | ||
1082 | |||
1083 | RoutingDomain accepts the token %D. | ||
1084 | |||
1085 | FILES | ||
1086 | /etc/ssh/sshd_config | ||
1087 | Contains configuration data for sshd(8). This file should be | ||
1088 | writable by root only, but it is recommended (though not | ||
1089 | necessary) that it be world-readable. | ||
1090 | |||
1091 | SEE ALSO | ||
1092 | sftp-server(8), sshd(8) | ||
1093 | |||
1094 | AUTHORS | ||
1095 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
1096 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
1097 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
1098 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
1099 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | ||
1100 | for privilege separation. | ||
1101 | |||
1102 | OpenBSD 6.6 September 6, 2019 OpenBSD 6.6 | ||