summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog10266
-rw-r--r--config.h.in1767
-rwxr-xr-xconfigure20337
-rw-r--r--moduli.074
-rw-r--r--scp.0168
-rw-r--r--sftp-server.096
-rw-r--r--sftp.0386
-rw-r--r--ssh-add.0129
-rw-r--r--ssh-agent.0120
-rw-r--r--ssh-keygen.0570
-rw-r--r--ssh-keyscan.0111
-rw-r--r--ssh-keysign.052
-rw-r--r--ssh-pkcs11-helper.025
-rw-r--r--ssh.0971
-rw-r--r--ssh_config.01077
-rw-r--r--sshd.0626
-rw-r--r--sshd_config.01019
17 files changed, 37794 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 000000000..d48aba33c
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,10266 @@
1commit 4a354fc231174901f2629437c2a6e924a2dd6772
2Author: Damien Miller <djm@mindrot.org>
3Date: Mon Dec 19 15:59:26 2016 +1100
4
5 crank version numbers for release
6
7commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9
8Author: djm@openbsd.org <djm@openbsd.org>
9Date: Mon Dec 19 04:55:51 2016 +0000
10
11 upstream commit
12
13 openssh-7.4
14
15 Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
16
17commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b
18Author: djm@openbsd.org <djm@openbsd.org>
19Date: Mon Dec 19 04:55:18 2016 +0000
20
21 upstream commit
22
23 remove testcase that depends on exact output and
24 behaviour of snprintf(..., "%s", NULL)
25
26 Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
27
28commit eae735a82d759054f6ec7b4e887fb7a5692c66d7
29Author: dtucker@openbsd.org <dtucker@openbsd.org>
30Date: Mon Dec 19 03:32:57 2016 +0000
31
32 upstream commit
33
34 Use LOGNAME to get current user and fall back to whoami if
35 not set. Mainly to benefit -portable since some platforms don't have whoami.
36
37 Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
38
39commit 0d2f88428487518eea60602bd593989013831dcf
40Author: dtucker@openbsd.org <dtucker@openbsd.org>
41Date: Fri Dec 16 03:51:19 2016 +0000
42
43 upstream commit
44
45 Add regression test for AllowUsers and DenyUsers. Patch from
46 Zev Weiss <zev at bewilderbeest.net>
47
48 Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
49
50commit 3bc8180a008929f6fe98af4a56fb37d04444b417
51Author: Darren Tucker <dtucker@zip.com.au>
52Date: Fri Dec 16 15:02:24 2016 +1100
53
54 Add missing monitor.h include.
55
56 Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
57
58commit 410681f9015d76cc7b137dd90dac897f673244a0
59Author: djm@openbsd.org <djm@openbsd.org>
60Date: Fri Dec 16 02:48:55 2016 +0000
61
62 upstream commit
63
64 revert to rev1.2; the new bits in this test depend on changes
65 to ssh that aren't yet committed
66
67 Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
68
69commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e
70Author: dtucker@openbsd.org <dtucker@openbsd.org>
71Date: Fri Dec 16 01:06:27 2016 +0000
72
73 upstream commit
74
75 Move the "stop sshd" code into its own helper function.
76 Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
77
78 Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
79
80commit e15e7152331e3976b35475fd4e9c72897ad0f074
81Author: djm@openbsd.org <djm@openbsd.org>
82Date: Fri Dec 16 01:01:07 2016 +0000
83
84 upstream commit
85
86 regression test for certificates along with private key
87 with no public half. bz#2617, mostly from Adam Eijdenberg
88
89 Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
90
91commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500
92Author: dtucker@openbsd.org <dtucker@openbsd.org>
93Date: Thu Dec 15 23:50:37 2016 +0000
94
95 upstream commit
96
97 Use $SUDO to read pidfile in case root's umask is
98 restricted. From portable.
99
100 Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
101
102commit fe06b68f824f8f55670442fb31f2c03526dd326c
103Author: dtucker@openbsd.org <dtucker@openbsd.org>
104Date: Thu Dec 15 21:29:05 2016 +0000
105
106 upstream commit
107
108 Add missing braces in DenyUsers code. Patch from zev at
109 bewilderbeest.net, ok deraadt@
110
111 Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
112
113commit dcc7d74242a574fd5c4afbb4224795b1644321e7
114Author: dtucker@openbsd.org <dtucker@openbsd.org>
115Date: Thu Dec 15 21:20:41 2016 +0000
116
117 upstream commit
118
119 Fix text in error message. Patch from zev at
120 bewilderbeest.net.
121
122 Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
123
124commit b737e4d7433577403a31cff6614f6a1b0b5e22f4
125Author: djm@openbsd.org <djm@openbsd.org>
126Date: Wed Dec 14 00:36:34 2016 +0000
127
128 upstream commit
129
130 disable Unix-domain socket forwarding when privsep is
131 disabled
132
133 Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
134
135commit 08a1e7014d65c5b59416a0e138c1f73f417496eb
136Author: djm@openbsd.org <djm@openbsd.org>
137Date: Fri Dec 9 03:04:29 2016 +0000
138
139 upstream commit
140
141 log connections dropped in excess of MaxStartups at
142 verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
143
144 Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
145
146commit 10e290ec00964b2bf70faab15a10a5574bb80527
147Author: Darren Tucker <dtucker@zip.com.au>
148Date: Tue Dec 13 13:51:32 2016 +1100
149
150 Get default of TEST_SSH_UTF8 from environment.
151
152commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104
153Author: Darren Tucker <dtucker@zip.com.au>
154Date: Tue Dec 13 12:56:40 2016 +1100
155
156 Remove commented-out includes.
157
158 These commented-out includes have "Still needed?" comments. Since
159 they've been commented out for ~13 years I assert that they're not.
160
161commit 25275f1c9d5f01a0877d39444e8f90521a598ea0
162Author: Darren Tucker <dtucker@zip.com.au>
163Date: Tue Dec 13 12:54:23 2016 +1100
164
165 Add prototype for strcasestr in compat library.
166
167commit afec07732aa2985142f3e0b9a01eb6391f523dec
168Author: Darren Tucker <dtucker@zip.com.au>
169Date: Tue Dec 13 10:23:03 2016 +1100
170
171 Add strcasestr to compat library.
172
173 Fixes build on (at least) Solaris 10.
174
175commit dda78a03af32e7994f132d923c2046e98b7c56c8
176Author: Damien Miller <djm@mindrot.org>
177Date: Mon Dec 12 13:57:10 2016 +1100
178
179 Force Turkish locales back to C/POSIX; bz#2643
180
181 Turkish locales are unique in their handling of the letters 'i' and
182 'I' (yes, they are different letters) and OpenSSH isn't remotely
183 prepared to deal with that. For now, the best we can do is to force
184 OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
185 encoding if possible.
186
187 ok dtucker@
188
189commit c35995048f41239fc8895aadc3374c5f75180554
190Author: Darren Tucker <dtucker@zip.com.au>
191Date: Fri Dec 9 12:52:02 2016 +1100
192
193 exit is in stdlib.h not unistd.h (that's _exit).
194
195commit d399a8b914aace62418c0cfa20341aa37a192f98
196Author: Darren Tucker <dtucker@zip.com.au>
197Date: Fri Dec 9 12:33:25 2016 +1100
198
199 Include <unistd.h> for exit in utf8 locale test.
200
201commit 47b8c99ab3221188ad3926108dd9d36da3b528ec
202Author: Darren Tucker <dtucker@zip.com.au>
203Date: Thu Dec 8 15:48:34 2016 +1100
204
205 Check for utf8 local support before testing it.
206
207 Check for utf8 local support and if not found, do not attempt to run the
208 utf8 tests. Suggested by djm@
209
210commit 4089fc1885b3a2822204effbb02b74e3da58240d
211Author: Darren Tucker <dtucker@zip.com.au>
212Date: Thu Dec 8 12:57:24 2016 +1100
213
214 Use AC_PATH_TOOL for krb5-config.
215
216 This will use the host-prefixed version when cross compiling; patch from
217 david.michael at coreos.com.
218
219commit b4867e0712c89b93be905220c82f0a15e6865d1e
220Author: djm@openbsd.org <djm@openbsd.org>
221Date: Tue Dec 6 07:48:01 2016 +0000
222
223 upstream commit
224
225 make IdentityFile successfully load and use certificates that
226 have no corresponding bare public key. E.g. just a private id_rsa and
227 certificate id_rsa-cert.pub (and no id_rsa.pub).
228
229 bz#2617 ok dtucker@
230
231 Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604
232
233commit c9792783a98881eb7ed295680013ca97a958f8ac
234Author: Damien Miller <djm@mindrot.org>
235Date: Fri Nov 25 14:04:21 2016 +1100
236
237 Add a gnome-ssh-askpass3 target for GTK+3 version
238
239 Based on patch from Colin Watson via bz#2640
240
241commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763
242Author: Damien Miller <djm@mindrot.org>
243Date: Fri Nov 25 14:03:53 2016 +1100
244
245 Make gnome-ssh-askpass2.c GTK+3-friendly
246
247 Patch from Colin Watson via bz#2640
248
249commit b9844a45c7f0162fd1b5465683879793d4cc4aaa
250Author: djm@openbsd.org <djm@openbsd.org>
251Date: Sun Dec 4 23:54:02 2016 +0000
252
253 upstream commit
254
255 Fix public key authentication when multiple
256 authentication is in use. Instead of deleting and re-preparing the entire
257 keys list, just reset the 'used' flags; the keys list is already in a good
258 order (with already- tried keys at the back)
259
260 Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
261
262 Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
263
264commit f2398eb774075c687b13af5bc22009eb08889abe
265Author: dtucker@openbsd.org <dtucker@openbsd.org>
266Date: Sun Dec 4 22:27:25 2016 +0000
267
268 upstream commit
269
270 Unlink PidFile on SIGHUP and always recreate it when the
271 new sshd starts. Regression tests (and possibly other things) depend on the
272 pidfile being recreated after SIGHUP, and unlinking it means it won't contain
273 a stale pid if sshd fails to restart. ok djm@ markus@
274
275 Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
276
277commit 85aa2efeba51a96bf6834f9accf2935d96150296
278Author: djm@openbsd.org <djm@openbsd.org>
279Date: Wed Nov 30 03:01:33 2016 +0000
280
281 upstream commit
282
283 test new behaviour of cert force-command restriction vs.
284 authorized_key/ principals
285
286 Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
287
288commit 5d333131cd8519d022389cfd3236280818dae1bc
289Author: jmc@openbsd.org <jmc@openbsd.org>
290Date: Wed Nov 30 06:54:26 2016 +0000
291
292 upstream commit
293
294 tweak previous; while here fix up FILES and AUTHORS;
295
296 Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
297
298commit 786d5994da79151180cb14a6cf157ebbba61c0cc
299Author: djm@openbsd.org <djm@openbsd.org>
300Date: Wed Nov 30 03:07:37 2016 +0000
301
302 upstream commit
303
304 add a whitelist of paths from which ssh-agent will load
305 (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
306
307 Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
308
309commit 7844f357cdd90530eec81340847783f1f1da010b
310Author: djm@openbsd.org <djm@openbsd.org>
311Date: Wed Nov 30 03:00:05 2016 +0000
312
313 upstream commit
314
315 Add a sshd_config DisableForwaring option that disables
316 X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
317 anything else we might implement in the future.
318
319 This, like the 'restrict' authorized_keys flag, is intended to be a
320 simple and future-proof way of restricting an account. Suggested as
321 a complement to 'restrict' by Jann Horn; ok markus@
322
323 Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
324
325commit fd6dcef2030d23c43f986d26979f84619c10589d
326Author: djm@openbsd.org <djm@openbsd.org>
327Date: Wed Nov 30 02:57:40 2016 +0000
328
329 upstream commit
330
331 When a forced-command appears in both a certificate and
332 an authorized keys/principals command= restriction, refuse to accept the
333 certificate unless they are identical.
334
335 The previous (documented) behaviour of having the certificate forced-
336 command override the other could be a bit confused and more error-prone.
337
338 Pointed out by Jann Horn of Project Zero; ok dtucker@
339
340 Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
341
342commit 7fc4766ac78abae81ee75b22b7550720bfa28a33
343Author: dtucker@openbsd.org <dtucker@openbsd.org>
344Date: Wed Nov 30 00:28:31 2016 +0000
345
346 upstream commit
347
348 On startup, check to see if sshd is already daemonized
349 and if so, skip the call to daemon() and do not rewrite the PidFile. This
350 means that when sshd re-execs itself on SIGHUP the process ID will no longer
351 change. Should address bz#2641. ok djm@ markus@.
352
353 Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
354
355commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc
356Author: Damien Miller <djm@mindrot.org>
357Date: Wed Nov 30 13:51:49 2016 +1100
358
359 factor out common PRNG reseed before privdrop
360
361 Add a call to RAND_poll() to ensure than more than pid+time gets
362 stirred into child processes states. Prompted by analysis from Jann
363 Horn at Project Zero. ok dtucker@
364
365commit 79e4829ec81dead1b30999e1626eca589319a47f
366Author: dtucker@openbsd.org <dtucker@openbsd.org>
367Date: Fri Nov 25 03:02:01 2016 +0000
368
369 upstream commit
370
371 Allow PuTTY interop tests to run unattended. bz#2639,
372 patch from cjwatson at debian.org.
373
374 Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0
375
376commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc
377Author: dtucker@openbsd.org <dtucker@openbsd.org>
378Date: Fri Nov 25 02:56:49 2016 +0000
379
380 upstream commit
381
382 Reverse args to sshd-log-wrapper. Matches change in
383 portable, where it allows sshd do be optionally run under Valgrind.
384
385 Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
386
387commit bd13017736ec2f8f9ca498fe109fb0035f322733
388Author: dtucker@openbsd.org <dtucker@openbsd.org>
389Date: Fri Nov 25 02:49:18 2016 +0000
390
391 upstream commit
392
393 Fix typo in trace message; from portable.
394
395 Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a
396
397commit 7da751d8b007c7f3e814fd5737c2351440d78b4c
398Author: tb@openbsd.org <tb@openbsd.org>
399Date: Tue Nov 1 13:43:27 2016 +0000
400
401 upstream commit
402
403 Clean up MALLOC_OPTIONS. For the unittests, move
404 MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.
405
406 ok otto
407
408 Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
409
410commit 36f58e68221bced35e06d1cca8d97c48807a8b71
411Author: tb@openbsd.org <tb@openbsd.org>
412Date: Mon Oct 31 23:45:08 2016 +0000
413
414 upstream commit
415
416 Remove the obsolete A and P flags from MALLOC_OPTIONS.
417
418 ok dtucker
419
420 Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59
421
422commit b0899ee26a6630883c0f2350098b6a35e647f512
423Author: dtucker@openbsd.org <dtucker@openbsd.org>
424Date: Tue Nov 29 03:54:50 2016 +0000
425
426 upstream commit
427
428 Factor out code to disconnect from controlling terminal
429 into its own function. ok djm@
430
431 Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
432
433commit 54d022026aae4f53fa74cc636e4a032d9689b64d
434Author: djm@openbsd.org <djm@openbsd.org>
435Date: Fri Nov 25 23:24:45 2016 +0000
436
437 upstream commit
438
439 use sshbuf_allocate() to pre-allocate the buffer used for
440 loading keys. This avoids implicit realloc inside the buffer code, which
441 might theoretically leave fragments of the key on the heap. This doesn't
442 appear to happen in practice for normal sized keys, but was observed for
443 novelty oversize ones.
444
445 Pointed out by Jann Horn of Project Zero; ok markus@
446
447 Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1
448
449commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e
450Author: djm@openbsd.org <djm@openbsd.org>
451Date: Fri Nov 25 23:22:04 2016 +0000
452
453 upstream commit
454
455 split allocation out of sshbuf_reserve() into a separate
456 sshbuf_allocate() function; ok markus@
457
458 Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
459
460commit f0ddedee460486fa0e32fefb2950548009e5026e
461Author: markus@openbsd.org <markus@openbsd.org>
462Date: Wed Nov 23 23:14:15 2016 +0000
463
464 upstream commit
465
466 allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
467 djm
468
469 Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
470
471commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a
472Author: djm@openbsd.org <djm@openbsd.org>
473Date: Tue Nov 8 22:04:34 2016 +0000
474
475 upstream commit
476
477 unbreak DenyUsers; reported by henning@
478
479 Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
480
481commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a
482Author: djm@openbsd.org <djm@openbsd.org>
483Date: Sun Nov 6 05:46:37 2016 +0000
484
485 upstream commit
486
487 Validate address ranges for AllowUser/DenyUsers at
488 configuration load time and refuse to accept bad ones. It was previously
489 possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
490 these would always match.
491
492 Thanks to Laurence Parry for a detailed bug report. ok markus (for
493 a previous diff version)
494
495 Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
496
497commit efb494e81d1317209256b38b49f4280897c61e69
498Author: djm@openbsd.org <djm@openbsd.org>
499Date: Fri Oct 28 03:33:52 2016 +0000
500
501 upstream commit
502
503 Improve pkcs11_add_provider() logging: demote some
504 excessively verbose error()s to debug()s, include PKCS#11 provider name and
505 slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
506
507 Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
508
509commit 5ee3fb5affd7646f141749483205ade5fc54adaf
510Author: Darren Tucker <dtucker@zip.com.au>
511Date: Tue Nov 1 08:12:33 2016 +1100
512
513 Use ptrace(PT_DENY_ATTACH, ..) on OS X.
514
515commit 315d2a4e674d0b7115574645cb51f968420ebb34
516Author: Damien Miller <djm@mindrot.org>
517Date: Fri Oct 28 14:34:07 2016 +1100
518
519 Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
520
521 ok dtucker@
522
523commit a9ff3950b8e80ff971b4d44bbce96df27aed28af
524Author: Darren Tucker <dtucker@zip.com.au>
525Date: Fri Oct 28 14:26:58 2016 +1100
526
527 Move OPENSSL_NO_RIPEMD160 to compat.
528
529 Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
530 ripemd160 MACs.
531
532commit bce58885160e5db2adda3054c3b81fe770f7285a
533Author: Darren Tucker <dtucker@zip.com.au>
534Date: Fri Oct 28 13:52:31 2016 +1100
535
536 Check if RIPEMD160 is disabled in OpenSSL.
537
538commit d924640d4c355d1b5eca1f4cc60146a9975dbbff
539Author: Darren Tucker <dtucker@zip.com.au>
540Date: Fri Oct 28 13:38:19 2016 +1100
541
542 Skip ssh1 specfic ciphers.
543
544 cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try
545 to compile them when Protocol 1 is not enabled.
546
547commit 79d078e7a49caef746516d9710ec369ba45feab6
548Author: jsg@openbsd.org <jsg@openbsd.org>
549Date: Tue Oct 25 04:08:13 2016 +0000
550
551 upstream commit
552
553 Fix logic in add_local_forward() that inverted a test
554 when code was refactored out into bind_permitted(). This broke ssh port
555 forwarding for non-priv ports as a non root user.
556
557 ok dtucker@ 'looks good' deraadt@
558
559 Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
560
561commit a903e315dee483e555c8a3a02c2946937f9b4e5d
562Author: dtucker@openbsd.org <dtucker@openbsd.org>
563Date: Mon Oct 24 01:09:17 2016 +0000
564
565 upstream commit
566
567 Remove dead breaks, found via opencoverage.net. ok
568 deraadt@
569
570 Upstream-ID: ad9cc655829d67fad219762810770787ba913069
571
572commit b4e96b4c9bea4182846e4942ba2048e6d708ee54
573Author: Darren Tucker <dtucker@zip.com.au>
574Date: Wed Oct 26 08:43:25 2016 +1100
575
576 Use !=NULL instead of >0 for getdefaultproj.
577
578 getdefaultproj() returns a pointer so test it for NULL inequality
579 instead of >0. Fixes compiler warning and is more correct. Patch from
580 David Binderman.
581
582commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5
583Author: dtucker@openbsd.org <dtucker@openbsd.org>
584Date: Sun Oct 23 22:04:05 2016 +0000
585
586 upstream commit
587
588 Factor out "can bind to low ports" check into its own function. This will
589 make it easier for Portable to support platforms with permissions models
590 other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much"
591 deraadt@.
592
593 Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
594
595commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894
596Author: dtucker@openbsd.org <dtucker@openbsd.org>
597Date: Wed Oct 19 23:21:56 2016 +0000
598
599 upstream commit
600
601 When tearing down ControlMaster connecctions, don't
602 pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@.
603
604 Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
605
606commit 09e6a7d8354224933febc08ddcbc2010f542284e
607Author: Darren Tucker <dtucker@zip.com.au>
608Date: Mon Oct 24 09:06:18 2016 +1100
609
610 Wrap stdint.h include in ifdef.
611
612commit 08d9e9516e587b25127545c029e5464b2e7f2919
613Author: Darren Tucker <dtucker@zip.com.au>
614Date: Fri Oct 21 09:46:46 2016 +1100
615
616 Fix formatting.
617
618commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d
619Author: Darren Tucker <dtucker@zip.com.au>
620Date: Fri Oct 21 06:55:58 2016 +1100
621
622 Update links to https.
623
624 www.openssh.com now supports https and ftp.openbsd.org no longer
625 supports ftp. Make all links to these https.
626
627commit dd4e7212a6141f37742de97795e79db51e4427ad
628Author: Darren Tucker <dtucker@zip.com.au>
629Date: Fri Oct 21 06:48:46 2016 +1100
630
631 Update host key generation examples.
632
633 Remove ssh1 host key generation, add ssh-keygen -A
634
635commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639
636Author: Darren Tucker <dtucker@zip.com.au>
637Date: Fri Oct 21 05:22:55 2016 +1100
638
639 Update links.
640
641 Make links to openssh.com HTTPS now that it's supported, point release
642 notes link to the HTML release notes page, and update a couple of other
643 links and bits of text.
644
645commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6
646Author: Darren Tucker <dtucker@zip.com.au>
647Date: Thu Oct 20 03:42:09 2016 +1100
648
649 Remote channels .orig and .rej files.
650
651 These files were incorrectly added during an OpenBSD sync.
652
653commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c
654Author: dtucker@openbsd.org <dtucker@openbsd.org>
655Date: Tue Oct 18 17:32:54 2016 +0000
656
657 upstream commit
658
659 Remove channel_input_port_forward_request(); the only caller
660 was the recently-removed SSH1 server code so it's now dead code. ok markus@
661
662 Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
663
664commit 2c6697c443d2c9c908260eed73eb9143223e3ec9
665Author: millert@openbsd.org <millert@openbsd.org>
666Date: Tue Oct 18 12:41:22 2016 +0000
667
668 upstream commit
669
670 Install a signal handler for tty-generated signals and
671 wait for the ssh child to suspend before suspending sftp. This lets ssh
672 restore the terminal mode as needed when it is suspended at the password
673 prompt. OK dtucker@
674
675 Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
676
677commit fd2a8f1033fa2316fff719fd5176968277560158
678Author: jmc@openbsd.org <jmc@openbsd.org>
679Date: Sat Oct 15 19:56:25 2016 +0000
680
681 upstream commit
682
683 various formatting fixes, specifically removing Dq;
684
685 Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
686
687commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3
688Author: Darren Tucker <dtucker@zip.com.au>
689Date: Wed Oct 19 03:26:09 2016 +1100
690
691 Import readpassphrase.c rev 1.26.
692
693 Author: miller@openbsd.org:
694 Avoid generate SIGTTOU when restoring the terminal mode. If we get
695 SIGTTOU it means the process is not in the foreground process group
696 which, in most cases, means that the shell has taken control of the tty.
697 Requiring the user the fg the process in this case doesn't make sense
698 and can result in both SIGTSTP and SIGTTOU being sent which can lead to
699 the process being suspended again immediately after being brought into
700 the foreground.
701
702commit f901440cc844062c9bab0183d133f7ccc58ac3a5
703Author: Darren Tucker <dtucker@zip.com.au>
704Date: Wed Oct 19 03:23:16 2016 +1100
705
706 Import readpassphrase.c rev 1.25.
707
708 Wrap <readpassphrase.h> so internal calls go direct and
709 readpassphrase is weak.
710
711 (DEF_WEAK is a no-op in portable.)
712
713commit 032147b69527e5448a511049b2d43dbcae582624
714Author: Darren Tucker <dtucker@zip.com.au>
715Date: Sat Oct 15 05:51:12 2016 +1100
716
717 Move DEF_WEAK into defines.h.
718
719 As well pull in more recent changes from OpenBSD these will start to
720 arrive so put it where the definition is shared.
721
722commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04
723Author: Darren Tucker <dtucker@zip.com.au>
724Date: Sat Oct 15 04:34:46 2016 +1100
725
726 Remove do_pam_set_tty which is dead code.
727
728 The callers of do_pam_set_tty were removed in 2008, so this is now dead
729 code. bz#2604, pointed out by jjelen at redhat.com.
730
731commit ca04de83f210959ad2ed870a30ba1732c3ae00e3
732Author: Damien Miller <djm@mindrot.org>
733Date: Thu Oct 13 18:53:43 2016 +1100
734
735 unbreak principals-command test
736
737 Undo inconsistetly updated variable name.
738
739commit 1723ec92eb485ce06b4cbf49712d21975d873909
740Author: djm@openbsd.org <djm@openbsd.org>
741Date: Tue Oct 11 21:49:54 2016 +0000
742
743 upstream commit
744
745 fix the KEX fuzzer - the previous method of obtaining the
746 packet contents was broken. This now uses the new per-packet input hook, so
747 it sees exact post-decrypt packets and doesn't have to pass packet integrity
748 checks. ok markus@
749
750 Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
751
752commit 09f997893f109799cddbfce6d7e67f787045cbb2
753Author: natano@openbsd.org <natano@openbsd.org>
754Date: Thu Oct 6 09:31:38 2016 +0000
755
756 upstream commit
757
758 Move USER out of the way to unbreak the BUILDUSER
759 mechanism. ok tb
760
761 Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
762
763commit 3049a012c482a7016f674db168f23fd524edce27
764Author: bluhm@openbsd.org <bluhm@openbsd.org>
765Date: Fri Sep 30 11:55:20 2016 +0000
766
767 upstream commit
768
769 In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
770 environment can change it. OK djm@
771
772 Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
773
774commit 39af7b444db28c1cb01b7ea468a4f574a44f375b
775Author: djm@openbsd.org <djm@openbsd.org>
776Date: Tue Oct 11 21:47:45 2016 +0000
777
778 upstream commit
779
780 Add a per-packet input hook that is called with the
781 decrypted packet contents. This will be used for fuzzing; ok markus@
782
783 Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
784
785commit ec165c392ca54317dbe3064a8c200de6531e89ad
786Author: markus@openbsd.org <markus@openbsd.org>
787Date: Mon Oct 10 19:28:48 2016 +0000
788
789 upstream commit
790
791 Unregister the KEXINIT handler after message has been
792 received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
793 allocation of up to 128MB -- until the connection is closed. Reported by
794 shilei-c at 360.cn
795
796 Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
797
798commit 29d40319392e6e19deeca9d45468aa1119846e50
799Author: Darren Tucker <dtucker@zip.com.au>
800Date: Thu Oct 13 04:07:20 2016 +1100
801
802 Import rev 1.24 from OpenBSD.
803
804 revision 1.24
805 date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4;
806 most obvious unsigned char casts for ctype
807 ok jca krw ingo
808
809commit 12069e56221de207ed666c2449dedb431a2a7ca2
810Author: Darren Tucker <dtucker@zip.com.au>
811Date: Thu Oct 13 04:04:44 2016 +1100
812
813 Import rev 1.23 from OpenBSD. Fixes bz#2619.
814
815 revision 1.23
816 date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
817 Defer installing signal handlers until echo is disabled so that we
818 get suspended normally when not the foreground process. Fix potential
819 infinite loop when restoring terminal settings if process is in the
820 background when restore occurs. OK miod@
821
822commit 7508d83eff89af069760b4cc587305588a64e415
823Author: Darren Tucker <dtucker@zip.com.au>
824Date: Thu Oct 13 03:53:51 2016 +1100
825
826 If we don't have TCSASOFT, define it to zero.
827
828 This makes it a no-op when we use it below, which allows us to re-sync
829 those lines with the upstream and make future updates easier.
830
831commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377
832Author: jmc@openbsd.org <jmc@openbsd.org>
833Date: Fri Oct 7 14:41:52 2016 +0000
834
835 upstream commit
836
837 tidy up the formatting in this file. more specifically,
838 replace .Dq, which looks appalling, with .Cm, where appropriate;
839
840 Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738
841
842commit a571dbcc7b7b25371174569b13df5159bc4c6c7a
843Author: djm@openbsd.org <djm@openbsd.org>
844Date: Tue Oct 4 21:34:40 2016 +0000
845
846 upstream commit
847
848 add a comment about implicitly-expected checks to
849 sshkey_ec_validate_public()
850
851 Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
852
853commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00
854Author: djm@openbsd.org <djm@openbsd.org>
855Date: Fri Sep 30 20:24:46 2016 +0000
856
857 upstream commit
858
859 fix some -Wpointer-sign warnings in the new mux proxy; ok
860 markus@
861
862 Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
863
864commit ca71c36645fc26fcd739a8cfdc702cec85607761
865Author: bluhm@openbsd.org <bluhm@openbsd.org>
866Date: Wed Sep 28 20:09:52 2016 +0000
867
868 upstream commit
869
870 Add a makefile rule to create the ssh library when
871 regress needs it. This allows to run the ssh regression tests without doing
872 a "make build" before. Discussed with dtucker@ and djm@; OK djm@
873
874 Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025
875
876commit ce44c970f913d2a047903dba8670554ac42fc479
877Author: bluhm@openbsd.org <bluhm@openbsd.org>
878Date: Mon Sep 26 21:34:38 2016 +0000
879
880 upstream commit
881
882 Allow to run ssh regression tests as root. If the user
883 is already root, the test should not expect that SUDO is set. If ssh needs
884 another user, use sudo or doas to switch from root if necessary. OK dtucker@
885
886 Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2
887
888commit 8d0578478586e283e751ca51e7b0690631da139a
889Author: markus@openbsd.org <markus@openbsd.org>
890Date: Fri Sep 30 09:19:13 2016 +0000
891
892 upstream commit
893
894 ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
895 client speaks the ssh-packet protocol directly over unix-domain socket. - mux
896 server acts as a proxy, translates channel IDs and relays to the server. - no
897 filedescriptor passing necessary. - combined with unix-domain forwarding it's
898 even possible to run mux client and server on different machines. feedback
899 & ok djm@
900
901 Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
902
903commit b7689155f3f5c4999846c07a852b1c7a43b09cec
904Author: djm@openbsd.org <djm@openbsd.org>
905Date: Wed Sep 28 21:44:52 2016 +0000
906
907 upstream commit
908
909 put back some pre-auth zlib bits that I shouldn't have
910 removed - they are still used by the client. Spotted by naddy@
911
912 Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2
913
914commit 4577adead6a7d600c8e764619d99477a08192c8f
915Author: djm@openbsd.org <djm@openbsd.org>
916Date: Wed Sep 28 20:32:42 2016 +0000
917
918 upstream commit
919
920 restore pre-auth compression support in the client -- the
921 previous commit was intended to remove it from the server only.
922
923 remove a few server-side pre-auth compression bits that escaped
924
925 adjust wording of Compression directive in sshd_config(5)
926
927 pointed out by naddy@ ok markus@
928
929 Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
930
931commit 80d1c963b4dc84ffd11d09617b39c4bffda08956
932Author: jmc@openbsd.org <jmc@openbsd.org>
933Date: Wed Sep 28 17:59:22 2016 +0000
934
935 upstream commit
936
937 use a separate TOKENS section, as we've done for
938 sshd_config(5); help/ok djm
939
940 Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d
941
942commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455
943Author: Damien Miller <djm@mindrot.org>
944Date: Thu Sep 29 03:19:23 2016 +1000
945
946 Remove portability support for mmap
947
948 We no longer need to wrap/replace mmap for portability now that
949 pre-auth compression has been removed from OpenSSH.
950
951commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f
952Author: djm@openbsd.org <djm@openbsd.org>
953Date: Wed Sep 28 16:33:06 2016 +0000
954
955 upstream commit
956
957 Remove support for pre-authentication compression. Doing
958 compression early in the protocol probably seemed reasonable in the 1990s,
959 but today it's clearly a bad idea in terms of both cryptography (cf. multiple
960 compression oracle attacks in TLS) and attack surface.
961
962 Moreover, to support it across privilege-separation zlib needed
963 the assistance of a complex shared-memory manager that made the
964 required attack surface considerably larger.
965
966 Prompted by Guido Vranken pointing out a compiler-elided security
967 check in the shared memory manager found by Stack
968 (http://css.csail.mit.edu/stack/); ok deraadt@ markus@
969
970 NB. pre-auth authentication has been disabled by default in sshd
971 for >10 years.
972
973 Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
974
975commit 27c3a9c2aede2184856b5de1e6eca414bb751c38
976Author: djm@openbsd.org <djm@openbsd.org>
977Date: Mon Sep 26 21:16:11 2016 +0000
978
979 upstream commit
980
981 Avoid a theoretical signed integer overflow should
982 BN_num_bytes() ever violate its manpage and return a negative value. Improve
983 order of tests to avoid confusing increasingly pedantic compilers.
984
985 Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
986 unstable optimisation analyser output. ok deraadt@
987
988 Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
989
990commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be
991Author: Damien Miller <djm@mindrot.org>
992Date: Wed Sep 28 07:40:33 2016 +1000
993
994 fix mdoc2man.awk formatting for top-level lists
995
996 Reported by Glenn Golden
997 Diagnosis and fix from Ingo Schwarze
998
999commit b97739dc21570209ed9d4e7beee0c669ed23b097
1000Author: djm@openbsd.org <djm@openbsd.org>
1001Date: Thu Sep 22 21:15:41 2016 +0000
1002
1003 upstream commit
1004
1005 missing bit from previous commit
1006
1007 Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37
1008
1009commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb
1010Author: jmc@openbsd.org <jmc@openbsd.org>
1011Date: Thu Sep 22 19:19:01 2016 +0000
1012
1013 upstream commit
1014
1015 organise the token stuff into a separate section; ok
1016 markus for an earlier version of the diff ok/tweaks djm
1017
1018 Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8
1019
1020commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b
1021Author: djm@openbsd.org <djm@openbsd.org>
1022Date: Thu Sep 22 17:55:13 2016 +0000
1023
1024 upstream commit
1025
1026 mention curve25519-sha256 KEX
1027
1028 Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf
1029
1030commit 0493766d5676c7ca358824ea8d3c90f6047953df
1031Author: djm@openbsd.org <djm@openbsd.org>
1032Date: Thu Sep 22 17:52:53 2016 +0000
1033
1034 upstream commit
1035
1036 support plain curve25519-sha256 KEX algorithm now that it
1037 is approaching standardisation (same algorithm is currently supported as
1038 curve25519-sha256@libssh.org)
1039
1040 Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2
1041
1042commit f31c654b30a6f02ce0b8ea8ab81791b675489628
1043Author: dtucker@openbsd.org <dtucker@openbsd.org>
1044Date: Thu Sep 22 02:29:57 2016 +0000
1045
1046 upstream commit
1047
1048 If ssh receives a PACKET_DISCONNECT during userauth it
1049 will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
1050 session being authenticated. Check for this and exit if necessary. ok djm@
1051
1052 Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
1053
1054commit 1622649b7a829fc8dc313042a43a974f0f3e8a99
1055Author: djm@openbsd.org <djm@openbsd.org>
1056Date: Wed Sep 21 19:53:12 2016 +0000
1057
1058 upstream commit
1059
1060 correctly return errors from kex_send_ext_info(). Fix from
1061 Sami Farin via https://github.com/openssh/openssh-portable/pull/50
1062
1063 Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c
1064
1065commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb
1066Author: djm@openbsd.org <djm@openbsd.org>
1067Date: Wed Sep 21 17:44:20 2016 +0000
1068
1069 upstream commit
1070
1071 cast uint64_t for printf
1072
1073 Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1
1074
1075commit 5f63ab474f58834feca4f35c498be03b7dd38a16
1076Author: djm@openbsd.org <djm@openbsd.org>
1077Date: Wed Sep 21 17:03:54 2016 +0000
1078
1079 upstream commit
1080
1081 disable tests for affirmative negated match after backout of
1082 match change
1083
1084 Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd
1085
1086commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0
1087Author: djm@openbsd.org <djm@openbsd.org>
1088Date: Wed Sep 21 16:55:42 2016 +0000
1089
1090 upstream commit
1091
1092 Revert two recent changes to negated address matching. The
1093 new behaviour offers unintuitive surprises. We'll find a better way to deal
1094 with single negated matches.
1095
1096 match.c 1.31:
1097 > fix matching for pattern lists that contain a single negated match,
1098 > e.g. "Host !example"
1099 >
1100 > report and patch from Robin Becker. bz#1918 ok dtucker@
1101
1102 addrmatch.c 1.11:
1103 > fix negated address matching where the address list consists of a
1104 > single negated match, e.g. "Match addr !192.20.0.1"
1105 >
1106 > Report and patch from Jakub Jelen. bz#2397 ok dtucker@
1107
1108 Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6
1109
1110commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844
1111Author: djm@openbsd.org <djm@openbsd.org>
1112Date: Wed Sep 21 01:35:12 2016 +0000
1113
1114 upstream commit
1115
1116 test all the AuthorizedPrincipalsCommand % expansions
1117
1118 Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3
1119
1120commit bfa9d969ab6235d4938ce069d4db7e5825c56a19
1121Author: djm@openbsd.org <djm@openbsd.org>
1122Date: Wed Sep 21 01:34:45 2016 +0000
1123
1124 upstream commit
1125
1126 add a way for principals command to get see key ID and serial
1127 too
1128
1129 Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb
1130
1131commit 920585b826af1c639e4ed78b2eba01fd2337b127
1132Author: djm@openbsd.org <djm@openbsd.org>
1133Date: Fri Sep 16 06:09:31 2016 +0000
1134
1135 upstream commit
1136
1137 add a note on kexfuzz' limitations
1138
1139 Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec
1140
1141commit 0445ff184080b196e12321998b4ce80b0f33f8d1
1142Author: djm@openbsd.org <djm@openbsd.org>
1143Date: Fri Sep 16 01:01:41 2016 +0000
1144
1145 upstream commit
1146
1147 fix for newer modp DH groups
1148 (diffie-hellman-group14-sha256 etc)
1149
1150 Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68
1151
1152commit 28652bca29046f62c7045e933e6b931de1d16737
1153Author: markus@openbsd.org <markus@openbsd.org>
1154Date: Mon Sep 19 19:02:19 2016 +0000
1155
1156 upstream commit
1157
1158 move inbound NEWKEYS handling to kex layer; otherwise
1159 early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed
1160 with & ok djm@
1161
1162 Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f
1163
1164commit 492710894acfcc2f173d14d1d45bd2e688df605d
1165Author: natano@openbsd.org <natano@openbsd.org>
1166Date: Mon Sep 19 07:52:42 2016 +0000
1167
1168 upstream commit
1169
1170 Replace two more arc4random() loops with
1171 arc4random_buf().
1172
1173 tweaks and ok dtucker
1174 ok deraadt
1175
1176 Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
1177
1178commit 1036356324fecc13099ac6e986b549f6219327d7
1179Author: tedu@openbsd.org <tedu@openbsd.org>
1180Date: Sat Sep 17 18:00:27 2016 +0000
1181
1182 upstream commit
1183
1184 replace two arc4random loops with arc4random_buf ok
1185 deraadt natano
1186
1187 Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48
1188
1189commit 00df97ff68a49a756d4b977cd02283690f5dfa34
1190Author: djm@openbsd.org <djm@openbsd.org>
1191Date: Wed Sep 14 20:11:26 2016 +0000
1192
1193 upstream commit
1194
1195 take fingerprint of correct key for
1196 AuthorizedPrincipalsCommand
1197
1198 Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38
1199
1200commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6
1201Author: djm@openbsd.org <djm@openbsd.org>
1202Date: Wed Sep 14 05:42:25 2016 +0000
1203
1204 upstream commit
1205
1206 add %-escapes to AuthorizedPrincipalsCommand to match those
1207 supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a
1208 few more to provide access to the certificate's CA key; 'looks ok' dtucker@
1209
1210 Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb
1211
1212commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda
1213Author: dtucker@openbsd.org <dtucker@openbsd.org>
1214Date: Wed Sep 14 00:45:31 2016 +0000
1215
1216 upstream commit
1217
1218 Improve test coverage of ssh-keygen -T a bit.
1219
1220 Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72
1221
1222commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b
1223Author: dtucker@openbsd.org <dtucker@openbsd.org>
1224Date: Mon Sep 12 02:25:46 2016 +0000
1225
1226 upstream commit
1227
1228 Add testcase for ssh-keygen -j, -J and -K options for
1229 moduli screening. Does not currently test generation as that is extremely
1230 slow.
1231
1232 Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062
1233
1234commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2
1235Author: djm@openbsd.org <djm@openbsd.org>
1236Date: Tue Aug 23 08:17:04 2016 +0000
1237
1238 upstream commit
1239
1240 add tests for addr_match_list()
1241
1242 Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e
1243
1244commit 445e218878035b59c704c18406e8aeaff4c8aa25
1245Author: djm@openbsd.org <djm@openbsd.org>
1246Date: Mon Sep 12 23:39:34 2016 +0000
1247
1248 upstream commit
1249
1250 handle certs in rsa_hash_alg_from_ident(), saving an
1251 unnecessary special case elsewhere.
1252
1253 Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4
1254
1255commit 130f5df4fa37cace8c079dccb690e5cafbf00751
1256Author: djm@openbsd.org <djm@openbsd.org>
1257Date: Mon Sep 12 23:31:27 2016 +0000
1258
1259 upstream commit
1260
1261 list all supported signature algorithms in the
1262 server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
1263 Ron Frederick; ok markus@
1264
1265 Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
1266
1267commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd
1268Author: Darren Tucker <dtucker@zip.com.au>
1269Date: Mon Sep 12 14:43:58 2016 +1000
1270
1271 Remove no-op brackets to resync with upstream.
1272
1273commit 7050896e7395866278c19c2ff080c26152619d1d
1274Author: Darren Tucker <dtucker@zip.com.au>
1275Date: Mon Sep 12 13:57:28 2016 +1000
1276
1277 Resync ssh-keygen -W error message with upstream.
1278
1279commit 43cceff82cc20413cce58ba3375e19684e62cec4
1280Author: Darren Tucker <dtucker@zip.com.au>
1281Date: Mon Sep 12 13:55:37 2016 +1000
1282
1283 Move ssh-keygen -W handling code to match upstream
1284
1285commit af48d541360b1d7737b35740a4b1ca34e1652cd9
1286Author: Darren Tucker <dtucker@zip.com.au>
1287Date: Mon Sep 12 13:52:17 2016 +1000
1288
1289 Move ssh-keygen -T handling code to match upstream.
1290
1291commit d8c3cfbb018825c6c86547165ddaf11924901c49
1292Author: Darren Tucker <dtucker@zip.com.au>
1293Date: Mon Sep 12 13:30:50 2016 +1000
1294
1295 Move -M handling code to match upstream.
1296
1297commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364
1298Author: dtucker@openbsd.org <dtucker@openbsd.org>
1299Date: Mon Sep 12 03:29:16 2016 +0000
1300
1301 upstream commit
1302
1303 Spaces->tabs.
1304
1305 Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7
1306
1307commit 11e5e644536821ceb3bb4dd8487fbf0588522887
1308Author: dtucker@openbsd.org <dtucker@openbsd.org>
1309Date: Mon Sep 12 03:25:20 2016 +0000
1310
1311 upstream commit
1312
1313 Style whitespace fix. Also happens to remove a no-op
1314 diff with portable.
1315
1316 Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3
1317
1318commit 9136ec134c97a8aff2917760c03134f52945ff3c
1319Author: deraadt@openbsd.org <deraadt@openbsd.org>
1320Date: Mon Sep 12 01:22:38 2016 +0000
1321
1322 upstream commit
1323
1324 Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
1325 use those definitions rather than pulling <sys/param.h> and unknown namespace
1326 pollution. ok djm markus dtucker
1327
1328 Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
1329
1330commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7
1331Author: jmc@openbsd.org <jmc@openbsd.org>
1332Date: Wed Sep 7 18:39:24 2016 +0000
1333
1334 upstream commit
1335
1336 sort; from matthew martin
1337
1338 Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
1339
1340commit 06ce56b05def9460aecc7cdb40e861a346214793
1341Author: markus@openbsd.org <markus@openbsd.org>
1342Date: Tue Sep 6 09:22:56 2016 +0000
1343
1344 upstream commit
1345
1346 ssh_set_newkeys: print correct block counters on
1347 rekeying; ok djm@
1348
1349 Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e
1350
1351commit e5e8d9114ac6837a038f4952994ca95a97fafe8d
1352Author: markus@openbsd.org <markus@openbsd.org>
1353Date: Tue Sep 6 09:14:05 2016 +0000
1354
1355 upstream commit
1356
1357 update ext_info_c every time we receive a kexinit msg;
1358 fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis &
1359 Mancha; ok djm@
1360
1361 Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856
1362
1363commit da95318dbedbaa1335323dba370975c2f251afd8
1364Author: djm@openbsd.org <djm@openbsd.org>
1365Date: Mon Sep 5 14:02:42 2016 +0000
1366
1367 upstream commit
1368
1369 remove 3des-cbc from the client's default proposal;
1370 64-bit block ciphers are not safe in 2016 and we don't want to wait until
1371 attacks like sweet32 are extended to SSH.
1372
1373 As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
1374 cause problems connecting to older devices using the defaults, but
1375 it's highly likely that such devices already need explicit
1376 configuration for KEX and hostkeys anyway.
1377
1378 ok deraadt, markus, dtucker
1379
1380 Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f
1381
1382commit b33ad6d997d36edfea65e243cd12ccd01f413549
1383Author: djm@openbsd.org <djm@openbsd.org>
1384Date: Mon Sep 5 13:57:31 2016 +0000
1385
1386 upstream commit
1387
1388 enforce expected request flow for GSSAPI calls; thanks to
1389 Jakub Jelen for testing; ok markus@
1390
1391 Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9
1392
1393commit 0bb2980260fb24e5e0b51adac471395781b66261
1394Author: Darren Tucker <dtucker@zip.com.au>
1395Date: Mon Sep 12 11:07:00 2016 +1000
1396
1397 Restore ssh-keygen's -J and -j option handling.
1398
1399 These were incorrectly removed in the 1d9a2e28 sync commit.
1400
1401commit 775f8a23f2353f5869003c57a213d14b28e0736e
1402Author: Damien Miller <djm@mindrot.org>
1403Date: Wed Aug 31 10:48:07 2016 +1000
1404
1405 tighten PAM monitor calls
1406
1407 only allow kbd-interactive ones when that authentication method is
1408 enabled. Prompted by Solar Designer
1409
1410commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4
1411Author: djm@openbsd.org <djm@openbsd.org>
1412Date: Tue Aug 30 07:50:21 2016 +0000
1413
1414 upstream commit
1415
1416 restrict monitor auth calls to be allowed only when their
1417 respective authentication methods are enabled in the configuration.
1418
1419 prompted by Solar Designer; ok markus dtucker
1420
1421 Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553
1422
1423commit b38b95f5bcc52278feb839afda2987933f68ff96
1424Author: Damien Miller <djm@mindrot.org>
1425Date: Mon Aug 29 11:47:07 2016 +1000
1426
1427 Tighten monitor state-machine flow for PAM calls
1428
1429 (attack surface reduction)
1430
1431commit dc664d1bd0fc91b24406a3e9575b81c285b8342b
1432Author: djm@openbsd.org <djm@openbsd.org>
1433Date: Sun Aug 28 22:28:12 2016 +0000
1434
1435 upstream commit
1436
1437 fix uninitialised optlen in getsockopt() call; harmless
1438 on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok
1439 deraadt@
1440
1441 Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965
1442
1443commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7
1444Author: guenther@openbsd.org <guenther@openbsd.org>
1445Date: Sat Aug 27 04:05:12 2016 +0000
1446
1447 upstream commit
1448
1449 Pull in <sys/time.h> for struct timeval
1450
1451 ok deraadt@
1452
1453 Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6
1454
1455commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538
1456Author: guenther@openbsd.org <guenther@openbsd.org>
1457Date: Sat Aug 27 04:04:56 2016 +0000
1458
1459 upstream commit
1460
1461 Pull in <stdlib.h> for NULL
1462
1463 ok deraadt@
1464
1465 Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043
1466
1467commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36
1468Author: djm@openbsd.org <djm@openbsd.org>
1469Date: Thu Aug 25 23:57:54 2016 +0000
1470
1471 upstream commit
1472
1473 add a sIgnore opcode that silently ignores options and
1474 use it to suppress noisy deprecation warnings for the Protocol directive.
1475
1476 req henning, ok markus
1477
1478 Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0
1479
1480commit a94c60306643ae904add6e8ed219e4be3494255c
1481Author: djm@openbsd.org <djm@openbsd.org>
1482Date: Thu Aug 25 23:56:51 2016 +0000
1483
1484 upstream commit
1485
1486 remove superfluous NOTREACHED comment
1487
1488 Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c
1489
1490commit fc041c47144ce28cf71353124a8a5d183cd6a251
1491Author: otto@openbsd.org <otto@openbsd.org>
1492Date: Tue Aug 23 16:21:45 2016 +0000
1493
1494 upstream commit
1495
1496 fix previous, a condition was modified incorrectly; ok
1497 markus@ deraadt@
1498
1499 Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453
1500
1501commit 23555eb13a9b0550371a16dcf8beaab7a5806a64
1502Author: djm@openbsd.org <djm@openbsd.org>
1503Date: Tue Aug 23 08:17:42 2016 +0000
1504
1505 upstream commit
1506
1507 downgrade an error() to a debug2() to match similar cases
1508 in addr_match_list()
1509
1510 Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c
1511
1512commit a39627134f6d90e7009eeb14e9582ecbc7a99192
1513Author: djm@openbsd.org <djm@openbsd.org>
1514Date: Tue Aug 23 06:36:23 2016 +0000
1515
1516 upstream commit
1517
1518 remove Protocol directive from client/server configs that
1519 causes spammy deprecation warnings
1520
1521 hardcode SSH_PROTOCOLS=2, since that's all we support on the server
1522 now (the client still may support both, so it could get confused)
1523
1524 Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181
1525
1526commit 6ee4f1c01ee31e65245881d49d4bccf014956066
1527Author: Damien Miller <djm@mindrot.org>
1528Date: Tue Aug 23 16:33:48 2016 +1000
1529
1530 hook match and utf8 unittests up to Makefile
1531
1532commit 114efe2bc0dd2842d997940a833f115e6fc04854
1533Author: djm@openbsd.org <djm@openbsd.org>
1534Date: Fri Aug 19 06:44:13 2016 +0000
1535
1536 upstream commit
1537
1538 add tests for matching functions
1539
1540 Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c
1541
1542commit 857568d2ac81c14bcfd625b27536c1e28c992b3c
1543Author: Damien Miller <djm@mindrot.org>
1544Date: Tue Aug 23 14:32:37 2016 +1000
1545
1546 removing UseLogin bits from configure.ac
1547
1548commit cc182d01cef8ca35a1d25ea9bf4e2ff72e588208
1549Author: djm@openbsd.org <djm@openbsd.org>
1550Date: Tue Aug 23 03:24:10 2016 +0000
1551
1552 upstream commit
1553
1554 fix negated address matching where the address list
1555 consists of a single negated match, e.g. "Match addr !192.20.0.1"
1556
1557 Report and patch from Jakub Jelen. bz#2397 ok dtucker@
1558
1559 Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8
1560
1561commit 4067ec8a4c64ccf16250c35ff577b4422767da64
1562Author: djm@openbsd.org <djm@openbsd.org>
1563Date: Tue Aug 23 03:22:49 2016 +0000
1564
1565 upstream commit
1566
1567 fix matching for pattern lists that contain a single
1568 negated match, e.g. "Host !example"
1569
1570 report and patch from Robin Becker. bz#1918 ok dtucker@
1571
1572 Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea
1573
1574commit 83b581862a1dbb06fc859959f829dde2654aef3c
1575Author: djm@openbsd.org <djm@openbsd.org>
1576Date: Fri Aug 19 03:18:06 2016 +0000
1577
1578 upstream commit
1579
1580 remove UseLogin option and support for having /bin/login
1581 manage login sessions; ok deraadt markus dtucker
1582
1583 Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
1584
1585commit ffe6549c2f7a999cc5264b873a60322e91862581
1586Author: naddy@openbsd.org <naddy@openbsd.org>
1587Date: Mon Aug 15 12:32:04 2016 +0000
1588
1589 upstream commit
1590
1591 Catch up with the SSH1 code removal and delete all
1592 mention of protocol 1 particularities, key files and formats, command line
1593 options, and configuration keywords from the server documentation and
1594 examples. ok jmc@
1595
1596 Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f
1597
1598commit c38ea634893a1975dbbec798fb968c9488013f4a
1599Author: naddy@openbsd.org <naddy@openbsd.org>
1600Date: Mon Aug 15 12:27:56 2016 +0000
1601
1602 upstream commit
1603
1604 Remove more SSH1 server code: * Drop sshd's -k option. *
1605 Retire configuration keywords that only apply to protocol 1, as well as the
1606 "protocol" keyword. * Remove some related vestiges of protocol 1 support.
1607
1608 ok markus@
1609
1610 Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d
1611
1612commit 33ba55d9e358c07f069e579bfab80eccaaad52cb
1613Author: Darren Tucker <dtucker@zip.com.au>
1614Date: Wed Aug 17 16:26:04 2016 +1000
1615
1616 Only check for prctl once.
1617
1618commit 976ba8a8fd66a969bf658280c1e5adf694cc2fc6
1619Author: Darren Tucker <dtucker@zip.com.au>
1620Date: Wed Aug 17 15:33:10 2016 +1000
1621
1622 Fix typo.
1623
1624commit 9abf84c25ff4448891edcde60533a6e7b2870de1
1625Author: Darren Tucker <dtucker@zip.com.au>
1626Date: Wed Aug 17 14:25:43 2016 +1000
1627
1628 Correct LDFLAGS for clang example.
1629
1630 --with-ldflags isn't used until after the -ftrapv test, so mention
1631 LDFLAGS instead for now.
1632
1633commit 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21
1634Author: Darren Tucker <dtucker@zip.com.au>
1635Date: Wed Aug 17 14:08:42 2016 +1000
1636
1637 Remove obsolete CVS $Id from source files.
1638
1639 Since -portable switched to git the CVS $Id tags are no longer being
1640 updated and are becoming increasingly misleading. Remove them.
1641
1642commit adab758242121181700e48b4f6c60d6b660411fe
1643Author: Darren Tucker <dtucker@zip.com.au>
1644Date: Wed Aug 17 13:40:58 2016 +1000
1645
1646 Remove now-obsolete CVS $Id tags from text files.
1647
1648 Since -portable switched to git, the CVS $Id tags are no longer being
1649 updated and are becoming increasingly misleading. Remove them.
1650
1651commit 560c0068541315002ec4c1c00a560bbd30f2d671
1652Author: Darren Tucker <dtucker@zip.com.au>
1653Date: Wed Aug 17 13:38:30 2016 +1000
1654
1655 Add a section for compiler specifics.
1656
1657 Add a section for compiler specifics and document the runtime requirements
1658 for clang's integer sanitization.
1659
1660commit a8fc0f42e1eda2fa3393d1ea5e61322d5e07a9cd
1661Author: Darren Tucker <dtucker@zip.com.au>
1662Date: Wed Aug 17 13:35:43 2016 +1000
1663
1664 Test multiplying two long long ints.
1665
1666 When using clang with -ftrapv or -sanitize=integer the tests would pass
1667 but linking would fail with "undefined reference to __mulodi4".
1668 Explicitly test for this before enabling -trapv.
1669
1670commit a1cc637e7e11778eb727559634a6ef1c19c619f6
1671Author: Damien Miller <djm@mindrot.org>
1672Date: Tue Aug 16 14:47:34 2016 +1000
1673
1674 add a --with-login-program configure argument
1675
1676 Saves messing around with LOGIN_PROGRAM env var, which come
1677 packaging environments make hard to do during configure phase.
1678
1679commit 8bd81e1596ab1bab355146cb65e82fb96ade3b23
1680Author: Damien Miller <djm@mindrot.org>
1681Date: Tue Aug 16 13:30:56 2016 +1000
1682
1683 add --with-pam-service to specify PAM service name
1684
1685 Saves messing around with CFLAGS to do it.
1686
1687commit 74433a19bb6f4cef607680fa4d1d7d81ca3826aa
1688Author: Damien Miller <djm@mindrot.org>
1689Date: Tue Aug 16 13:28:23 2016 +1000
1690
1691 fix false positives when compiled with msan
1692
1693 Our explicit_bzero successfully confused clang -fsanitize-memory
1694 in to thinking that memset is never called to initialise memory.
1695 Ensure that it is called in a way that the compiler recognises.
1696
1697commit 6cb6dcffe1a2204ba9006de20f73255c268fcb6b
1698Author: markus@openbsd.org <markus@openbsd.org>
1699Date: Sat Aug 13 17:47:40 2016 +0000
1700
1701 upstream commit
1702
1703 remove ssh1 server code; ok djm@
1704
1705 Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
1706
1707commit 42d47adc5ad1187f22c726cbc52e71d6b1767ca2
1708Author: jca@openbsd.org <jca@openbsd.org>
1709Date: Fri Aug 12 19:19:04 2016 +0000
1710
1711 upstream commit
1712
1713 Use 2001:db8::/32, the official IPv6 subnet for
1714 configuration examples.
1715
1716 This makes the IPv6 example consistent with IPv4, and removes a dubious
1717 mention of a 6bone subnet.
1718
1719 ok sthen@ millert@
1720
1721 Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634
1722
1723commit b61f53c0c3b43c28e013d3b3696d64d1c0204821
1724Author: dtucker@openbsd.org <dtucker@openbsd.org>
1725Date: Thu Aug 11 01:42:11 2016 +0000
1726
1727 upstream commit
1728
1729 Update moduli file.
1730
1731 Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8
1732
1733commit f217d9bd42d306f69f56335231036b44502d8191
1734Author: Darren Tucker <dtucker@zip.com.au>
1735Date: Thu Aug 11 11:42:48 2016 +1000
1736
1737 Import updated moduli.
1738
1739commit 67dca60fbb4923b7a11c1645b90a5ca57c03d8be
1740Author: dtucker@openbsd.org <dtucker@openbsd.org>
1741Date: Mon Aug 8 22:40:57 2016 +0000
1742
1743 upstream commit
1744
1745 Improve error message for overlong ControlPath. ok markus@
1746 djm@
1747
1748 Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
1749
1750commit 4706c1d8c15cd5565b59512853c2da9bd4ca26c9
1751Author: djm@openbsd.org <djm@openbsd.org>
1752Date: Wed Aug 3 05:41:57 2016 +0000
1753
1754 upstream commit
1755
1756 small refactor of cipher.c: make ciphercontext opaque to
1757 callers feedback and ok markus@
1758
1759 Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
1760
1761commit e600348a7afd6325cc5cd783cb424065cbc20434
1762Author: dtucker@openbsd.org <dtucker@openbsd.org>
1763Date: Wed Aug 3 04:23:55 2016 +0000
1764
1765 upstream commit
1766
1767 Fix bug introduced in rev 1.467 which causes
1768 "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1
1769 and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol
1770 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de,
1771 ok deraadt@
1772
1773 Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc
1774
1775commit d7e7348e72f9b203189e3fffb75605afecba4fda
1776Author: djm@openbsd.org <djm@openbsd.org>
1777Date: Wed Jul 27 23:18:12 2016 +0000
1778
1779 upstream commit
1780
1781 better bounds check on iovcnt (we only ever use fixed,
1782 positive values)
1783
1784 Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee
1785
1786commit 5faa52d295f764562ed6dd75c4a4ce9134ae71e3
1787Author: Darren Tucker <dtucker@zip.com.au>
1788Date: Tue Aug 2 15:22:40 2016 +1000
1789
1790 Use tabs consistently inside "case $host".
1791
1792commit 20e5e8ba9c5d868d897896190542213a60fffbd2
1793Author: Darren Tucker <dtucker@zip.com.au>
1794Date: Tue Aug 2 12:16:34 2016 +1000
1795
1796 Explicitly test for broken strnvis.
1797
1798 NetBSD added an strnvis and unfortunately made it incompatible with the
1799 existing one in OpenBSD and Linux's libbsd (the former having existed
1800 for over ten years). Despite this incompatibility being reported during
1801 development (see http://gnats.netbsd.org/44977) they still shipped it.
1802 Even more unfortunately FreeBSD and later MacOS picked up this incompatible
1803 implementation. Try to detect this mess, and assume the only safe option
1804 if we're cross compiling.
1805
1806 OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag);
1807 NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag);
1808
1809 ok djm@
1810
1811commit b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c
1812Author: Damien Miller <djm@mindrot.org>
1813Date: Tue Aug 2 11:06:23 2016 +1000
1814
1815 update recommended autoconf version
1816
1817commit 23902e31dfd18c6d7bb41ccd73de3b5358a377da
1818Author: Damien Miller <djm@mindrot.org>
1819Date: Tue Aug 2 10:48:04 2016 +1000
1820
1821 update config.guess and config.sub to current
1822
1823 upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e
1824
1825commit dd1031b78b83083615b68d7163c44f4408635be2
1826Author: Darren Tucker <dtucker@zip.com.au>
1827Date: Tue Aug 2 10:01:52 2016 +1000
1828
1829 Replace spaces with tabs.
1830
1831 Mechanically replace spaces with tabs in compat files not synced with
1832 OpenBSD.
1833
1834commit c20dccb5614c5714f4155dda01bcdebf97cfae7e
1835Author: Darren Tucker <dtucker@zip.com.au>
1836Date: Tue Aug 2 09:44:25 2016 +1000
1837
1838 Strip trailing whitespace.
1839
1840 Mechanically strip trailing whitespace on files not synced with OpenBSD
1841 (or in the case of bsd-snprint.c, rsync).
1842
1843commit 30f9bd1c0963c23bfba8468dfd26aa17609ba42f
1844Author: Darren Tucker <dtucker@zip.com.au>
1845Date: Tue Aug 2 09:06:27 2016 +1000
1846
1847 Repair $OpenBSD markers.
1848
1849commit 9715d4ad4b53877ec23dc8681dd7a405de9419a6
1850Author: Darren Tucker <dtucker@zip.com.au>
1851Date: Tue Aug 2 09:02:42 2016 +1000
1852
1853 Repair $OpenBSD marker.
1854
1855commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c
1856Author: Tim Rice <tim@multitalents.net>
1857Date: Mon Aug 1 14:31:52 2016 -0700
1858
1859 modified: configure.ac opensshd.init.in
1860 Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
1861 Spotted by Jean-Pierre Radley
1862
1863commit 99522ba7ec6963a05c04a156bf20e3ba3605987c
1864Author: Damien Miller <djm@mindrot.org>
1865Date: Thu Jul 28 08:54:27 2016 +1000
1866
1867 define _OPENBSD_SOURCE for reallocarray on NetBSD
1868
1869 Report by and debugged with Hisashi T Fujinaka, dtucker nailed
1870 the problem (lack of prototype causing return type confusion).
1871
1872commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187
1873Author: Damien Miller <djm@mindrot.org>
1874Date: Wed Jul 27 08:25:42 2016 +1000
1875
1876 KNF
1877
1878commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331
1879Author: Damien Miller <djm@mindrot.org>
1880Date: Wed Jul 27 08:25:23 2016 +1000
1881
1882 Linux auditing also needs packet.h
1883
1884commit 393bd381a45884b589baa9aed4394f1d250255ca
1885Author: Damien Miller <djm@mindrot.org>
1886Date: Wed Jul 27 08:18:05 2016 +1000
1887
1888 fix auditing on Linux
1889
1890 get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
1891
1892commit 80e766fb089de4f3c92b1600eb99e9495e37c992
1893Author: Damien Miller <djm@mindrot.org>
1894Date: Sun Jul 24 21:50:13 2016 +1000
1895
1896 crank version numbers
1897
1898commit b1a478792d458f2e938a302e64bab2b520edc1b3
1899Author: djm@openbsd.org <djm@openbsd.org>
1900Date: Sun Jul 24 11:45:36 2016 +0000
1901
1902 upstream commit
1903
1904 openssh-7.3
1905
1906 Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
1907
1908commit 353766e0881f069aeca30275ab706cd60a1a8fdd
1909Author: Darren Tucker <dtucker@zip.com.au>
1910Date: Sat Jul 23 16:14:42 2016 +1000
1911
1912 Move Cygwin IPPORT_RESERVED overrride to defines.h
1913
1914 Patch from vinschen at redhat.com.
1915
1916commit 368dd977ae07afb93f4ecea23615128c95ab2b32
1917Author: djm@openbsd.org <djm@openbsd.org>
1918Date: Sat Jul 23 02:54:08 2016 +0000
1919
1920 upstream commit
1921
1922 fix pledge violation with ssh -f; reported by Valentin
1923 Kozamernik ok dtucker@
1924
1925 Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
1926
1927commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e
1928Author: djm@openbsd.org <djm@openbsd.org>
1929Date: Fri Jul 22 07:00:46 2016 +0000
1930
1931 upstream commit
1932
1933 improve wording; suggested by jmc@
1934
1935 Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
1936
1937commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8
1938Author: dtucker@openbsd.org <dtucker@openbsd.org>
1939Date: Fri Jul 22 05:46:11 2016 +0000
1940
1941 upstream commit
1942
1943 Lower loglevel for "Authenticated with partial success"
1944 message similar to other similar level. bz#2599, patch from cgallek at
1945 gmail.com, ok markus@
1946
1947 Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
1948
1949commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6
1950Author: Damien Miller <djm@mindrot.org>
1951Date: Fri Jul 22 14:06:36 2016 +1000
1952
1953 retry waitpid on EINTR failure
1954
1955 patch from Jakub Jelen on bz#2581; ok dtucker@
1956
1957commit da88a70a89c800e74ea8e5661ffa127a3cc79a92
1958Author: djm@openbsd.org <djm@openbsd.org>
1959Date: Fri Jul 22 03:47:36 2016 +0000
1960
1961 upstream commit
1962
1963 constify a few functions' arguments; patch from Jakub
1964 Jelen bz#2581
1965
1966 Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
1967
1968commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf
1969Author: djm@openbsd.org <djm@openbsd.org>
1970Date: Fri Jul 22 03:39:13 2016 +0000
1971
1972 upstream commit
1973
1974 move debug("%p", key) to before key is free'd; probable
1975 undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
1976
1977 Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
1978
1979commit 286f5a77c3bfec1e8892ca268087ac885ac871bf
1980Author: djm@openbsd.org <djm@openbsd.org>
1981Date: Fri Jul 22 03:35:11 2016 +0000
1982
1983 upstream commit
1984
1985 reverse the order in which -J/JumpHost proxies are visited to
1986 be more intuitive and document
1987
1988 reported by and manpage bits naddy@
1989
1990 Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
1991
1992commit fcd135c9df440bcd2d5870405ad3311743d78d97
1993Author: dtucker@openbsd.org <dtucker@openbsd.org>
1994Date: Thu Jul 21 01:39:35 2016 +0000
1995
1996 upstream commit
1997
1998 Skip passwords longer than 1k in length so clients can't
1999 easily DoS sshd by sending very long passwords, causing it to spend CPU
2000 hashing them. feedback djm@, ok markus@.
2001
2002 Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
2003 360.cn and coredump at autistici.org
2004
2005 Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
2006
2007commit 324583e8fb3935690be58790425793df619c6d4d
2008Author: naddy@openbsd.org <naddy@openbsd.org>
2009Date: Wed Jul 20 10:45:27 2016 +0000
2010
2011 upstream commit
2012
2013 Do not clobber the global jump_host variables when
2014 parsing an inactive configuration. ok djm@
2015
2016 Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
2017
2018commit 32d921c323b989d28405e78d0a8923d12913d737
2019Author: jmc@openbsd.org <jmc@openbsd.org>
2020Date: Tue Jul 19 12:59:16 2016 +0000
2021
2022 upstream commit
2023
2024 tweak previous;
2025
2026 Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
2027
2028commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
2029Author: dtucker@openbsd.org <dtucker@openbsd.org>
2030Date: Tue Jul 19 11:38:53 2016 +0000
2031
2032 upstream commit
2033
2034 Allow wildcard for PermitOpen hosts as well as ports.
2035 bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
2036 markus@
2037
2038 Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
2039
2040commit b98a2a8348e907b3d71caafd80f0be8fdd075943
2041Author: markus@openbsd.org <markus@openbsd.org>
2042Date: Mon Jul 18 11:35:33 2016 +0000
2043
2044 upstream commit
2045
2046 Reduce timing attack against obsolete CBC modes by always
2047 computing the MAC over a fixed size of data. Reported by Jean Paul
2048 Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
2049
2050 Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
2051
2052commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc
2053Author: Darren Tucker <dtucker@zip.com.au>
2054Date: Thu Jul 21 14:17:31 2016 +1000
2055
2056 Search users for one with a valid salt.
2057
2058 If the root account is locked (eg password "!!" or "*LK*") keep looking
2059 until we find a user with a valid salt to use for crypting passwords of
2060 invalid users. ok djm@
2061
2062commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782
2063Author: Darren Tucker <dtucker@zip.com.au>
2064Date: Mon Jul 18 17:22:49 2016 +1000
2065
2066 Explicitly specify source files for regress tools.
2067
2068 Since adding $(REGRESSLIBS), $? is wrong because it includes only the
2069 changed source files. $< seems like it'd be right however it doesn't
2070 seem to work on some non-GNU makes, so do what works everywhere.
2071
2072commit eac1bbd06872c273f16ac0f9976b0aef026b701b
2073Author: Darren Tucker <dtucker@zip.com.au>
2074Date: Mon Jul 18 17:12:22 2016 +1000
2075
2076 Conditionally include err.h.
2077
2078commit 0a454147568746c503f669e1ba861f76a2e7a585
2079Author: Darren Tucker <dtucker@zip.com.au>
2080Date: Mon Jul 18 16:26:26 2016 +1000
2081
2082 Remove local implementation of err, errx.
2083
2084 We now have a shared implementation in libopenbsd-compat.
2085
2086commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1
2087Author: djm@openbsd.org <djm@openbsd.org>
2088Date: Mon Jul 18 06:08:01 2016 +0000
2089
2090 upstream commit
2091
2092 Add some unsigned overflow checks for extra_pad. None of
2093 these are reachable with the amount of padding that we use internally.
2094 bz#2566, pointed out by Torben Hansen. ok markus@
2095
2096 Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
2097
2098commit c71ba790c304545464bb494de974cdf0f4b5cf1e
2099Author: Darren Tucker <dtucker@zip.com.au>
2100Date: Mon Jul 18 15:43:25 2016 +1000
2101
2102 Add dependency on libs for unit tests.
2103
2104 Makes "./configure && make tests" work again. ok djm@
2105
2106commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8
2107Author: Darren Tucker <dtucker@zip.com.au>
2108Date: Mon Jul 18 13:47:39 2016 +1000
2109
2110 Correct location for kexfuzz in clean target.
2111
2112commit 01558b7b07af43da774d3a11a5c51fa9c310849d
2113Author: Darren Tucker <dtucker@zip.com.au>
2114Date: Mon Jul 18 09:33:25 2016 +1000
2115
2116 Handle PAM_MAXTRIES from modules.
2117
2118 bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
2119 password and keyboard-interative authentication methods. Should prevent
2120 "sshd ignoring max retries" warnings in the log. ok djm@
2121
2122 It probably won't trigger with keyboard-interactive in the default
2123 configuration because the retry counter is stored in module-private
2124 storage which goes away with the sshd PAM process (see bz#688). On the
2125 other hand, those cases probably won't log a warning either.
2126
2127commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc
2128Author: djm@openbsd.org <djm@openbsd.org>
2129Date: Sun Jul 17 04:20:16 2016 +0000
2130
2131 upstream commit
2132
2133 support UTF-8 characters in ssh(1) banners using
2134 schwarze@'s safe fmprintf printer; bz#2058
2135
2136 feedback schwarze@ ok dtucker@
2137
2138 Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
2139
2140commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7
2141Author: jmc@openbsd.org <jmc@openbsd.org>
2142Date: Sat Jul 16 06:57:55 2016 +0000
2143
2144 upstream commit
2145
2146 - add proxyjump to the options list - formatting fixes -
2147 update usage()
2148
2149 ok djm
2150
2151 Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
2152
2153commit af1f084857621f14bd9391aba8033d35886c2455
2154Author: dtucker@openbsd.org <dtucker@openbsd.org>
2155Date: Fri Jul 15 05:01:58 2016 +0000
2156
2157 upstream commit
2158
2159 Reduce the syslog level of some relatively common protocol
2160 events from LOG_CRIT by replacing fatal() calls with logdie(). Part of
2161 bz#2585, ok djm@
2162
2163 Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5
2164
2165commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f
2166Author: Damien Miller <djm@mindrot.org>
2167Date: Fri Jul 15 19:14:48 2016 +1000
2168
2169 missing openssl/dh.h
2170
2171commit 4a984fd342effe5f0aad874a0d538c4322d973c0
2172Author: Damien Miller <djm@mindrot.org>
2173Date: Fri Jul 15 18:47:07 2016 +1000
2174
2175 cast to avoid type warning in error message
2176
2177commit 5abfb15ced985c340359ae7fb65a625ed3692b3e
2178Author: Darren Tucker <dtucker@zip.com.au>
2179Date: Fri Jul 15 14:48:30 2016 +1000
2180
2181 Move VA_COPY macro into compat header.
2182
2183 Some AIX compilers unconditionally undefine va_copy but don't set it back
2184 to an internal function, causing link errors. In some compat code we
2185 already use VA_COPY instead so move the two existing instances into the
2186 shared header and use for sshbuf-getput-basic.c too. Should fix building
2187 with at lease some versions of AIX's compiler. bz#2589, ok djm@
2188
2189commit 832b7443b7a8e181c95898bc5d73497b7190decd
2190Author: Damien Miller <djm@mindrot.org>
2191Date: Fri Jul 15 14:45:34 2016 +1000
2192
2193 disable ciphers not supported by OpenSSL
2194
2195 bz#2466 ok dtucker@
2196
2197commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8
2198Author: Damien Miller <djm@mindrot.org>
2199Date: Fri Jul 15 13:54:31 2016 +1000
2200
2201 add a --disable-pkcs11 knob
2202
2203commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9
2204Author: Damien Miller <djm@mindrot.org>
2205Date: Fri Jul 15 13:44:38 2016 +1000
2206
2207 fix newline escaping for unsupported_algorithms
2208
2209 The hmac-ripemd160 was incorrect and could lead to broken
2210 Makefiles on systems that lacked support for it, but I made
2211 all the others consistent too.
2212
2213commit ed877ef653847d056bb433975d731b7a1132a979
2214Author: djm@openbsd.org <djm@openbsd.org>
2215Date: Fri Jul 15 00:24:30 2016 +0000
2216
2217 upstream commit
2218
2219 Add a ProxyJump ssh_config(5) option and corresponding -J
2220 ssh(1) command-line flag to allow simplified indirection through a SSH
2221 bastion or "jump host".
2222
2223 These options construct a proxy command that connects to the
2224 specified jump host(s) (more than one may be specified) and uses
2225 port-forwarding to establish a connection to the next destination.
2226
2227 This codifies the safest way of indirecting connections through SSH
2228 servers and makes it easy to use.
2229
2230 ok markus@
2231
2232 Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
2233
2234commit 5c02dd126206a26785379e80f2d3848e4470b711
2235Author: Darren Tucker <dtucker@zip.com.au>
2236Date: Fri Jul 15 12:56:39 2016 +1000
2237
2238 Map umac_ctx struct name too.
2239
2240 Prevents size mismatch linker warnings on Solaris 11.
2241
2242commit 283b97ff33ea2c641161950849931bd578de6946
2243Author: Darren Tucker <dtucker@zip.com.au>
2244Date: Fri Jul 15 13:49:44 2016 +1000
2245
2246 Mitigate timing of disallowed users PAM logins.
2247
2248 When sshd decides to not allow a login (eg PermitRootLogin=no) and
2249 it's using PAM, it sends a fake password to PAM so that the timing for
2250 the failure is not noticeably different whether or not the password
2251 is correct. This behaviour can be detected by sending a very long
2252 password string which is slower to hash than the fake password.
2253
2254 Mitigate by constructing an invalid password that is the same length
2255 as the one from the client and thus takes the same time to hash.
2256 Diff from djm@
2257
2258commit 9286875a73b2de7736b5e50692739d314cd8d9dc
2259Author: Darren Tucker <dtucker@zip.com.au>
2260Date: Fri Jul 15 13:32:45 2016 +1000
2261
2262 Determine appropriate salt for invalid users.
2263
2264 When sshd is processing a non-PAM login for a non-existent user it uses
2265 the string from the fakepw structure as the salt for crypt(3)ing the
2266 password supplied by the client. That string has a Blowfish prefix, so on
2267 systems that don't understand that crypt will fail fast due to an invalid
2268 salt, and even on those that do it may have significantly different timing
2269 from the hash methods used for real accounts (eg sha512). This allows
2270 user enumeration by, eg, sending large password strings. This was noted
2271 by EddieEzra.Harari at verint.com (CVE-2016-6210).
2272
2273 To mitigate, use the same hash algorithm that root uses for hashing
2274 passwords for users that do not exist on the system. ok djm@
2275
2276commit a162dd5e58ca5b224d7500abe35e1ef32b5de071
2277Author: Darren Tucker <dtucker@zip.com.au>
2278Date: Thu Jul 14 21:19:59 2016 +1000
2279
2280 OpenSSL 1.1.x not currently supported.
2281
2282commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb
2283Author: Darren Tucker <dtucker@zip.com.au>
2284Date: Thu Jul 14 12:25:24 2016 +1000
2285
2286 Check for VIS_ALL.
2287
2288 If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
2289
2290commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0
2291Author: dtucker@openbsd.org <dtucker@openbsd.org>
2292Date: Thu Jul 14 01:24:21 2016 +0000
2293
2294 upstream commit
2295
2296 Correct equal in test.
2297
2298 Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a
2299
2300commit 372807c2065c8572fdc6478b25cc5ac363743073
2301Author: tb@openbsd.org <tb@openbsd.org>
2302Date: Mon Jul 11 21:38:13 2016 +0000
2303
2304 upstream commit
2305
2306 Add missing "recvfd" pledge promise: Raf Czlonka reported
2307 ssh coredumps when Control* keywords were set in ssh_config. This patch also
2308 fixes similar problems with scp and sftp.
2309
2310 ok deraadt, looks good to millert
2311
2312 Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
2313
2314commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd
2315Author: tedu@openbsd.org <tedu@openbsd.org>
2316Date: Mon Jul 11 03:19:44 2016 +0000
2317
2318 upstream commit
2319
2320 obsolete note about fascistloggin is obsolete. ok djm
2321 dtucker
2322
2323 Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
2324
2325commit a2333584170a565adf4f209586772ef8053b10b8
2326Author: Darren Tucker <dtucker@zip.com.au>
2327Date: Thu Jul 14 10:59:09 2016 +1000
2328
2329 Add compat code for missing wcwidth.
2330
2331 If we don't have wcwidth force fallback implementations of nl_langinfo
2332 and mbtowc. Based on advice from Ingo Schwarze.
2333
2334commit 8aaec7050614494014c47510b7e94daf6e644c62
2335Author: Damien Miller <djm@mindrot.org>
2336Date: Thu Jul 14 09:48:48 2016 +1000
2337
2338 fix missing include for systems with err.h
2339
2340commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243
2341Author: Darren Tucker <dtucker@zip.com.au>
2342Date: Wed Jul 13 14:42:35 2016 +1000
2343
2344 Move err.h replacements into compat lib.
2345
2346 Move implementations of err.h replacement functions into their own file
2347 in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
2348
2349commit f3f2cc8386868f51440c45210098f65f9787449a
2350Author: Darren Tucker <dtucker@zip.com.au>
2351Date: Mon Jul 11 17:23:38 2016 +1000
2352
2353 Check for wchar.h and langinfo.h
2354
2355 Wrap includes in the appropriate #ifdefs.
2356
2357commit b9c50614eba9d90939b2b119b6e1b7e03b462278
2358Author: Damien Miller <djm@mindrot.org>
2359Date: Fri Jul 8 13:59:13 2016 +1000
2360
2361 whitelist more architectures for seccomp-bpf
2362
2363 bz#2590 - testing and patch from Jakub Jelen
2364
2365commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
2366Author: guenther@openbsd.org <guenther@openbsd.org>
2367Date: Mon Jul 4 18:01:44 2016 +0000
2368
2369 upstream commit
2370
2371 DEBUGLIBS has been broken since the gcc4 switch, so delete
2372 it. CFLAGS contains -g by default anyway
2373
2374 problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
2375 ok millert@ kettenis@ deraadt@
2376
2377 Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
2378
2379commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
2380Author: djm@openbsd.org <djm@openbsd.org>
2381Date: Fri Jul 8 03:44:42 2016 +0000
2382
2383 upstream commit
2384
2385 Improve crypto ordering for Encrypt-then-MAC (EtM) mode
2386 MAC algorithms.
2387
2388 Previously we were computing the MAC, decrypting the packet and then
2389 checking the MAC. This gave rise to the possibility of creating a
2390 side-channel oracle in the decryption step, though no such oracle has
2391 been identified.
2392
2393 This adds a mac_check() function that computes and checks the MAC in
2394 one pass, and uses it to advance MAC checking for EtM algorithms to
2395 before payload decryption.
2396
2397 Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
2398 Martin Albrecht. feedback and ok markus@
2399
2400 Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
2401
2402commit 71f5598f06941f645a451948c4a5125c83828e1c
2403Author: guenther@openbsd.org <guenther@openbsd.org>
2404Date: Mon Jul 4 18:01:44 2016 +0000
2405
2406 upstream commit
2407
2408 DEBUGLIBS has been broken since the gcc4 switch, so
2409 delete it. CFLAGS contains -g by default anyway
2410
2411 problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
2412 ok millert@ kettenis@ deraadt@
2413
2414 Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
2415
2416commit e683fc6f1c8c7295648dbda679df8307786ec1ce
2417Author: dtucker@openbsd.org <dtucker@openbsd.org>
2418Date: Thu Jun 30 05:17:05 2016 +0000
2419
2420 upstream commit
2421
2422 Explicitly check for 100% completion to avoid potential
2423 floating point rounding error, which could cause progressmeter to report 99%
2424 on completion. While there invert the test so the 100% case is clearer. with
2425 & ok djm@
2426
2427 Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
2428
2429commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
2430Author: jmc@openbsd.org <jmc@openbsd.org>
2431Date: Wed Jun 29 17:14:28 2016 +0000
2432
2433 upstream commit
2434
2435 sort the -o list;
2436
2437 Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
2438
2439commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af
2440Author: djm@openbsd.org <djm@openbsd.org>
2441Date: Thu Jun 23 05:17:51 2016 +0000
2442
2443 upstream commit
2444
2445 fix AuthenticationMethods during configuration re-parse;
2446 reported by Juan Francisco Cantero Hurtado
2447
2448 Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
2449
2450commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e
2451Author: djm@openbsd.org <djm@openbsd.org>
2452Date: Sun Jun 19 07:48:02 2016 +0000
2453
2454 upstream commit
2455
2456 revert 1.34; causes problems loading public keys
2457
2458 reported by semarie@
2459
2460 Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
2461
2462commit ad23a75509f4320d43f628c50f0817e3ad12bfa7
2463Author: jmc@openbsd.org <jmc@openbsd.org>
2464Date: Fri Jun 17 06:33:30 2016 +0000
2465
2466 upstream commit
2467
2468 grammar fix;
2469
2470 Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
2471
2472commit 5e28b1a2a3757548b40018cc2493540a17c82e27
2473Author: djm@openbsd.org <djm@openbsd.org>
2474Date: Fri Jun 17 05:06:23 2016 +0000
2475
2476 upstream commit
2477
2478 translate OpenSSL error codes to something more
2479 meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
2480
2481 Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
2482
2483commit b64faeb5eda7eff8210c754d00464f9fe9d23de5
2484Author: djm@openbsd.org <djm@openbsd.org>
2485Date: Fri Jun 17 05:03:40 2016 +0000
2486
2487 upstream commit
2488
2489 ban AuthenticationMethods="" and accept
2490 AuthenticationMethods=any for the default behaviour of not requiring multiple
2491 authentication
2492
2493 bz#2398 from Jakub Jelen; ok dtucker@
2494
2495 Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
2496
2497commit 9816fc5daee5ca924dd5c4781825afbaab728877
2498Author: dtucker@openbsd.org <dtucker@openbsd.org>
2499Date: Thu Jun 16 11:00:17 2016 +0000
2500
2501 upstream commit
2502
2503 Include stdarg.h for va_copy as per man page.
2504
2505 Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
2506
2507commit b6cf84b51bc0f5889db48bf29a0c771954ade283
2508Author: jmc@openbsd.org <jmc@openbsd.org>
2509Date: Thu Jun 16 06:10:45 2016 +0000
2510
2511 upstream commit
2512
2513 keys stored in openssh format can have comments too; diff
2514 from yonas yanfa, tweaked a bit;
2515
2516 ok djm
2517
2518 Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
2519
2520commit aa37768f17d01974b6bfa481e5e83841b6c76f86
2521Author: Darren Tucker <dtucker@zip.com.au>
2522Date: Mon Jun 20 15:55:34 2016 +1000
2523
2524 get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX
2525
2526 Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
2527 change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
2528 Fixes build on AIX.
2529
2530commit 009891afc8df37bc2101e15d1e0b6433cfb90549
2531Author: Darren Tucker <dtucker@zip.com.au>
2532Date: Fri Jun 17 14:34:09 2016 +1000
2533
2534 Remove duplicate code from PAM. ok djm@
2535
2536commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba
2537Author: dtucker@openbsd.org <dtucker@openbsd.org>
2538Date: Wed Jun 15 00:40:40 2016 +0000
2539
2540 upstream commit
2541
2542 Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
2543 about forward and reverse DNS not matching. We haven't supported IP-based
2544 auth methods for a very long time so it's now misleading. part of bz#2585,
2545 ok markus@
2546
2547 Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
2548
2549commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd
2550Author: Darren Tucker <dtucker@zip.com.au>
2551Date: Wed Jun 15 11:22:38 2016 +1000
2552
2553 Move platform_disable_tracing into its own file.
2554
2555 Prevents link errors resolving the extern "options" when platform.o
2556 gets linked into ssh-agent when building --with-pam.
2557
2558commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070
2559Author: Darren Tucker <dtucker@zip.com.au>
2560Date: Tue Jun 14 13:55:12 2016 +1000
2561
2562 Track skipped upstream commit IDs.
2563
2564 There are a small number of "upstream" commits that do not correspond to
2565 a file in -portable. This file tracks those so that we can reconcile
2566 OpenBSD and Portable to ensure that no commits are accidentally missed.
2567
2568 If you add something to .skipped-commit-ids please also add an upstream
2569 ID line in the following format when you commit it.
2570
2571 Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
2572 Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
2573 Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
2574 Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
2575 Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
2576 Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
2577 Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
2578 Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
2579 Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
2580 Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
2581
2582commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f
2583Author: Darren Tucker <dtucker@zip.com.au>
2584Date: Tue Jun 14 13:51:01 2016 +1000
2585
2586 Remove now-defunct .cvsignore files. ok djm
2587
2588commit 68777faf271efb2713960605c748f6c8a4b26d55
2589Author: dtucker@openbsd.org <dtucker@openbsd.org>
2590Date: Wed Jun 8 02:13:01 2016 +0000
2591
2592 upstream commit
2593
2594 Back out rev 1.28 "Check min and max sizes sent by the
2595 client" change. It caused "key_verify failed for server_host_key" in clients
2596 that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
2597 ok djm@
2598
2599 Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
2600
2601commit a86ec4d0737ac5879223e7cd9d68c448df46e169
2602Author: Darren Tucker <dtucker@zip.com.au>
2603Date: Tue Jun 14 10:48:27 2016 +1000
2604
2605 Use Solaris setpflags(__PROC_PROTECT, ...).
2606
2607 Where possible, use Solaris setpflags to disable process tracing on
2608 ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
2609 at oracle.com, ok djm.
2610
2611commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573
2612Author: Darren Tucker <dtucker@zip.com.au>
2613Date: Tue Jun 14 10:43:53 2016 +1000
2614
2615 Shorten prctl code a tiny bit.
2616
2617commit 0fb7f5985351fbbcd2613d8485482c538e5123be
2618Author: Darren Tucker <dtucker@zip.com.au>
2619Date: Thu Jun 9 16:23:07 2016 +1000
2620
2621 Move prctl PR_SET_DUMPABLE into platform.c.
2622
2623 This should make it easier to add additional platform support such as
2624 Solaris (bz#2584).
2625
2626commit e6508898c3cd838324ecfe1abd0eb8cf802e7106
2627Author: dtucker@openbsd.org <dtucker@openbsd.org>
2628Date: Fri Jun 3 04:10:41 2016 +0000
2629
2630 upstream commit
2631
2632 Add a test for ssh(1)'s config file parsing.
2633
2634 Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
2635
2636commit ab0a536066dfa32def0bd7272c096ebb5eb25b11
2637Author: dtucker@openbsd.org <dtucker@openbsd.org>
2638Date: Fri Jun 3 03:47:59 2016 +0000
2639
2640 upstream commit
2641
2642 Add 'sshd' to the test ID as I'm about to add a similar
2643 set for ssh.
2644
2645 Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
2646
2647commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb
2648Author: schwarze@openbsd.org <schwarze@openbsd.org>
2649Date: Mon May 30 12:14:08 2016 +0000
2650
2651 upstream commit
2652
2653 stricter malloc.conf(5) options for utf8 tests
2654
2655 Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
2656
2657commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc
2658Author: schwarze@openbsd.org <schwarze@openbsd.org>
2659Date: Mon May 30 12:05:56 2016 +0000
2660
2661 upstream commit
2662
2663 Fix two rare edge cases: 1. If vasprintf() returns < 0,
2664 do not access a NULL pointer in snmprintf(), and do not free() the pointer
2665 returned from vasprintf() because on some systems other than OpenBSD, it
2666 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
2667 rather than -1 and NULL.
2668
2669 Besides, free(dst) is pointless after failure (not a bug).
2670
2671 One half OK martijn@, the other half OK deraadt@;
2672 committing quickly before people get hurt.
2673
2674 Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
2675
2676commit 016881eb33a7948028848c90f4c7ac42e3af0e87
2677Author: schwarze@openbsd.org <schwarze@openbsd.org>
2678Date: Thu May 26 19:14:25 2016 +0000
2679
2680 upstream commit
2681
2682 test the new utf8 module
2683
2684 Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
2685
2686commit d4219028bdef448e089376f3afe81ef6079da264
2687Author: dtucker@openbsd.org <dtucker@openbsd.org>
2688Date: Tue May 3 15:30:46 2016 +0000
2689
2690 upstream commit
2691
2692 Set umask to prevent "Bad owner or permissions" errors.
2693
2694 Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
2695
2696commit 07d5608bb237e9b3fe86a2aeaa429392230faebf
2697Author: djm@openbsd.org <djm@openbsd.org>
2698Date: Tue May 3 14:41:04 2016 +0000
2699
2700 upstream commit
2701
2702 support doas
2703
2704 Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
2705
2706commit 01cabf10adc7676cba5f40536a34d3b246edb73f
2707Author: djm@openbsd.org <djm@openbsd.org>
2708Date: Tue May 3 13:48:33 2016 +0000
2709
2710 upstream commit
2711
2712 unit tests for sshbuf_dup_string()
2713
2714 Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
2715
2716commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372
2717Author: jmc@openbsd.org <jmc@openbsd.org>
2718Date: Fri Jun 3 06:44:12 2016 +0000
2719
2720 upstream commit
2721
2722 tweak previous;
2723
2724 Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
2725
2726commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4
2727Author: dtucker@openbsd.org <dtucker@openbsd.org>
2728Date: Fri Jun 3 04:09:38 2016 +0000
2729
2730 upstream commit
2731
2732 Allow ExitOnForwardFailure and ClearAllForwardings to be
2733 overridden when using ssh -W (but still default to yes in that case).
2734 bz#2577, ok djm@.
2735
2736 Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
2737
2738commit 8543ff3f5020fe659839b15f05b8c522bde6cee5
2739Author: dtucker@openbsd.org <dtucker@openbsd.org>
2740Date: Fri Jun 3 03:14:41 2016 +0000
2741
2742 upstream commit
2743
2744 Move the host and port used by ssh -W into the Options
2745 struct. This will make future changes a bit easier. ok djm@
2746
2747 Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
2748
2749commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368
2750Author: dtucker@openbsd.org <dtucker@openbsd.org>
2751Date: Wed Jun 1 04:19:49 2016 +0000
2752
2753 upstream commit
2754
2755 Check min and max sizes sent by the client against what
2756 we support before passing them to the monitor. ok djm@
2757
2758 Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
2759
2760commit 564cd2a8926ccb1dca43a535073540935b5e0373
2761Author: dtucker@openbsd.org <dtucker@openbsd.org>
2762Date: Tue May 31 23:46:14 2016 +0000
2763
2764 upstream commit
2765
2766 Ensure that the client's proposed DH-GEX max value is at
2767 least as big as the minimum the server will accept. ok djm@
2768
2769 Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
2770
2771commit df820722e40309c9b3f360ea4ed47a584ed74333
2772Author: Darren Tucker <dtucker@zip.com.au>
2773Date: Mon Jun 6 11:36:13 2016 +1000
2774
2775 Add compat bits to utf8.c.
2776
2777commit 05c6574652571becfe9d924226c967a3f4b3f879
2778Author: Darren Tucker <dtucker@zip.com.au>
2779Date: Mon Jun 6 11:33:43 2016 +1000
2780
2781 Fix utf->utf8 typo.
2782
2783commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce
2784Author: schwarze@openbsd.org <schwarze@openbsd.org>
2785Date: Mon May 30 18:34:41 2016 +0000
2786
2787 upstream commit
2788
2789 Backout rev. 1.43 for now.
2790
2791 The function update_progress_meter() calls refresh_progress_meter()
2792 which calls snmprintf() which calls malloc(); but update_progress_meter()
2793 acts as the SIGALRM signal handler.
2794
2795 "malloc(): error: recursive call" reported by sobrado@.
2796
2797 Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
2798
2799commit cd9e1eabeb4137182200035ab6fa4522f8d24044
2800Author: schwarze@openbsd.org <schwarze@openbsd.org>
2801Date: Mon May 30 12:57:21 2016 +0000
2802
2803 upstream commit
2804
2805 Even when only writing an unescaped character, the dst
2806 buffer may need to grow, or it would be overrun; issue found by tb@ with
2807 malloc.conf(5) 'C'.
2808
2809 While here, reserve an additional byte for the terminating NUL
2810 up front such that we don't have to realloc() later just for that.
2811
2812 OK tb@
2813
2814 Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
2815
2816commit ac284a355f8065eaef2a16f446f3c44cdd17371d
2817Author: schwarze@openbsd.org <schwarze@openbsd.org>
2818Date: Mon May 30 12:05:56 2016 +0000
2819
2820 upstream commit
2821
2822 Fix two rare edge cases: 1. If vasprintf() returns < 0,
2823 do not access a NULL pointer in snmprintf(), and do not free() the pointer
2824 returned from vasprintf() because on some systems other than OpenBSD, it
2825 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
2826 rather than -1 and NULL.
2827
2828 Besides, free(dst) is pointless after failure (not a bug).
2829
2830 One half OK martijn@, the other half OK deraadt@;
2831 committing quickly before people get hurt.
2832
2833 Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
2834
2835commit 0e059cdf5fd86297546c63fa8607c24059118832
2836Author: schwarze@openbsd.org <schwarze@openbsd.org>
2837Date: Wed May 25 23:48:45 2016 +0000
2838
2839 upstream commit
2840
2841 To prevent screwing up terminal settings when printing to
2842 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
2843 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
2844 character sets, abort printing of the current string in these cases. In
2845 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
2846 sanitize data received from the remote host; * sanitize filenames, usernames,
2847 and similar data even locally; * take character display widths into account
2848 for the progressmeter.
2849
2850 This is believed to be sufficient to keep the local terminal safe
2851 on OpenBSD, but bad things can still happen on other systems with
2852 state-dependent locales because many places in the code print
2853 unencoded ASCII characters into the output stream.
2854
2855 Using feedback from djm@ and martijn@,
2856 various aspects discussed with many others.
2857
2858 deraadt@ says it should go in now, i probably already hesitated too long
2859
2860 Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2861
2862commit 8c02e3639acefe1e447e293dbe23a0917abd3734
2863Author: dtucker@openbsd.org <dtucker@openbsd.org>
2864Date: Tue May 24 04:43:45 2016 +0000
2865
2866 upstream commit
2867
2868 KNF compression proposal and simplify the client side a
2869 little. ok djm@
2870
2871 Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
2872
2873commit 7ec4946fb686813eb5f8c57397e465f5485159f4
2874Author: dtucker@openbsd.org <dtucker@openbsd.org>
2875Date: Tue May 24 02:31:57 2016 +0000
2876
2877 upstream commit
2878
2879 Back out 'plug memleak'.
2880
2881 Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
2882
2883commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5
2884Author: djm@openbsd.org <djm@openbsd.org>
2885Date: Mon May 23 23:30:50 2016 +0000
2886
2887 upstream commit
2888
2889 prefer agent-hosted keys to keys from PKCS#11; ok markus
2890
2891 Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
2892
2893commit a0cb7778fbc9b43458f7072eb68dd858766384d1
2894Author: dtucker@openbsd.org <dtucker@openbsd.org>
2895Date: Mon May 23 00:17:27 2016 +0000
2896
2897 upstream commit
2898
2899 Plug mem leak in filter_proposal. ok djm@
2900
2901 Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
2902
2903commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743
2904Author: Darren Tucker <dtucker@zip.com.au>
2905Date: Fri Jun 3 16:03:44 2016 +1000
2906
2907 Update vis.h and vis.c from OpenBSD.
2908
2909 This will be needed for the upcoming utf8 changes.
2910
2911commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77
2912Author: Tim Rice <tim@multitalents.net>
2913Date: Tue May 31 11:13:22 2016 -0700
2914
2915 modified: configure.ac
2916 whitspace clean up. No code changes.
2917
2918commit 604a037d84e41e31f0aec9075df0b8740c130200
2919Author: Damien Miller <djm@mindrot.org>
2920Date: Tue May 31 16:45:28 2016 +1000
2921
2922 whitespace at EOL
2923
2924commit 18424200160ff5c923113e0a37ebe21ab7bcd17c
2925Author: Darren Tucker <dtucker@zip.com.au>
2926Date: Mon May 30 19:35:28 2016 +1000
2927
2928 Add missing ssh-host-config --name option
2929
2930 Patch from vinschen@redhat.com.
2931
2932commit 39c0cecaa188a37a2e134795caa68e03f3ced592
2933Author: Darren Tucker <dtucker@zip.com.au>
2934Date: Fri May 20 10:01:58 2016 +1000
2935
2936 Fix comment about sshpam_const and AIX.
2937
2938 From mschwager via github.
2939
2940commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30
2941Author: Damien Miller <djm@mindrot.org>
2942Date: Fri May 20 09:56:53 2016 +1000
2943
2944 Deny lstat syscalls in seccomp sandbox
2945
2946 Avoids sandbox violations for some krb/gssapi libraries.
2947
2948commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0
2949Author: djm@openbsd.org <djm@openbsd.org>
2950Date: Thu May 19 07:45:32 2016 +0000
2951
2952 upstream commit
2953
2954 fix type of ed25519 values
2955
2956 Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
2957
2958commit 75e21688f523799c9e0cc6601d76a9c5ca79f787
2959Author: markus@openbsd.org <markus@openbsd.org>
2960Date: Wed May 4 14:32:26 2016 +0000
2961
2962 upstream commit
2963
2964 add IdentityAgent; noticed & ok jmc@
2965
2966 Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
2967
2968commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b
2969Author: markus@openbsd.org <markus@openbsd.org>
2970Date: Wed May 4 14:29:58 2016 +0000
2971
2972 upstream commit
2973
2974 allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
2975
2976 Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
2977
2978commit 0516454151ae722fc8256c3c56115c6baf24c5b0
2979Author: markus@openbsd.org <markus@openbsd.org>
2980Date: Wed May 4 14:22:33 2016 +0000
2981
2982 upstream commit
2983
2984 move SSH_MSG_NONE, so we don't have to include ssh1.h;
2985 ok deraadt@
2986
2987 Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
2988
2989commit 332ff3d770631e7513fea38cf0d3689f673f0e3f
2990Author: Damien Miller <djm@mindrot.org>
2991Date: Tue May 10 09:51:06 2016 +1000
2992
2993 initialise salen in binresvport_sa
2994
2995 avoids failures with UsePrivilegedPort=yes
2996
2997 patch from Juan Gallego
2998
2999commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804
3000Author: markus@openbsd.org <markus@openbsd.org>
3001Date: Wed May 4 14:04:40 2016 +0000
3002
3003 upstream commit
3004
3005 missing const in prototypes (ssh1)
3006
3007 Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
3008
3009commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28
3010Author: dtucker@openbsd.org <dtucker@openbsd.org>
3011Date: Wed May 4 14:00:09 2016 +0000
3012
3013 upstream commit
3014
3015 Fix inverted logic for updating StreamLocalBindMask which
3016 would cause the server to set an invalid mask. ok djm@
3017
3018 Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
3019
3020commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81
3021Author: markus@openbsd.org <markus@openbsd.org>
3022Date: Wed May 4 12:21:53 2016 +0000
3023
3024 upstream commit
3025
3026 IdentityAgent for specifying specific agent sockets; ok
3027 djm@
3028
3029 Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
3030
3031commit 910e59bba09ac309d78ce61e356da35292212935
3032Author: djm@openbsd.org <djm@openbsd.org>
3033Date: Wed May 4 12:16:39 2016 +0000
3034
3035 upstream commit
3036
3037 fix junk characters after quotes
3038
3039 Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
3040
3041commit 9283884e647b8be50ccd2997537af0065672107d
3042Author: jmc@openbsd.org <jmc@openbsd.org>
3043Date: Tue May 3 18:38:12 2016 +0000
3044
3045 upstream commit
3046
3047 correct article;
3048
3049 Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
3050
3051commit cfefbcea1057c2623e76c579174a4107a0b6e6cd
3052Author: djm@openbsd.org <djm@openbsd.org>
3053Date: Tue May 3 15:57:39 2016 +0000
3054
3055 upstream commit
3056
3057 fix overriding of StreamLocalBindMask and
3058 StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
3059
3060 Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
3061
3062commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549
3063Author: djm@openbsd.org <djm@openbsd.org>
3064Date: Tue May 3 15:25:06 2016 +0000
3065
3066 upstream commit
3067
3068 don't forget to include StreamLocalBindUnlink in the
3069 config dump output
3070
3071 Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
3072
3073commit cdcd941994dc430f50d0a4e6a712d32b66e6199e
3074Author: djm@openbsd.org <djm@openbsd.org>
3075Date: Tue May 3 14:54:08 2016 +0000
3076
3077 upstream commit
3078
3079 make nethack^wrandomart fingerprint flag more readily
3080 searchable pointed out by Matt Johnston
3081
3082 Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
3083
3084commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d
3085Author: djm@openbsd.org <djm@openbsd.org>
3086Date: Tue May 3 13:10:24 2016 +0000
3087
3088 upstream commit
3089
3090 clarify ordering of subkeys; pointed out by ietf-ssh AT
3091 stbuehler.de
3092
3093 Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
3094
3095commit cca3b4395807bfb7aaeb83d2838f5c062ce30566
3096Author: dtucker@openbsd.org <dtucker@openbsd.org>
3097Date: Tue May 3 12:15:49 2016 +0000
3098
3099 upstream commit
3100
3101 Use a subshell for constructing key types to work around
3102 different sed behaviours for -portable.
3103
3104 Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
3105
3106commit fa58208c6502dcce3e0daac0ca991ee657daf1f5
3107Author: djm@openbsd.org <djm@openbsd.org>
3108Date: Tue May 3 10:27:59 2016 +0000
3109
3110 upstream commit
3111
3112 correct some typos and remove a long-stale XXX note.
3113
3114 add specification for ed25519 certificates
3115
3116 mention no host certificate options/extensions are currently defined
3117
3118 pointed out by Simon Tatham
3119
3120 Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
3121
3122commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04
3123Author: djm@openbsd.org <djm@openbsd.org>
3124Date: Tue May 3 10:24:27 2016 +0000
3125
3126 upstream commit
3127
3128 add ed25519 keys that are supported but missing from this
3129 documents; from Peter Moody
3130
3131 Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
3132
3133commit 7f3d76319a69dab2efe3a520a8fef5b97e923636
3134Author: dtucker@openbsd.org <dtucker@openbsd.org>
3135Date: Tue May 3 09:03:49 2016 +0000
3136
3137 upstream commit
3138
3139 Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch
3140 from Simon Tatham, ok markus@
3141
3142 Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
3143
3144commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62
3145Author: djm@openbsd.org <djm@openbsd.org>
3146Date: Mon May 2 14:10:58 2016 +0000
3147
3148 upstream commit
3149
3150 unbreak config parsing on reexec from previous commit
3151
3152 Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
3153
3154commit 67f1459efd2e85bf03d032539283fa8107218936
3155Author: djm@openbsd.org <djm@openbsd.org>
3156Date: Mon May 2 09:52:00 2016 +0000
3157
3158 upstream commit
3159
3160 unit and regress tests for SHA256/512; ok markus
3161
3162 Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
3163
3164commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7
3165Author: djm@openbsd.org <djm@openbsd.org>
3166Date: Mon May 2 10:26:04 2016 +0000
3167
3168 upstream commit
3169
3170 add support for additional fixed DH groups from
3171 draft-ietf-curdle-ssh-kex-sha2-03
3172
3173 diffie-hellman-group14-sha256 (2K group)
3174 diffie-hellman-group16-sha512 (4K group)
3175 diffie-hellman-group18-sha512 (8K group)
3176
3177 based on patch from Mark D. Baushke and Darren Tucker
3178 ok markus@
3179
3180 Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
3181
3182commit 57464e3934ba53ad8590ee3ccd840f693407fc1e
3183Author: djm@openbsd.org <djm@openbsd.org>
3184Date: Mon May 2 09:36:42 2016 +0000
3185
3186 upstream commit
3187
3188 support SHA256 and SHA512 RSA signatures in certificates;
3189 ok markus@
3190
3191 Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
3192
3193commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e
3194Author: djm@openbsd.org <djm@openbsd.org>
3195Date: Mon May 2 08:49:03 2016 +0000
3196
3197 upstream commit
3198
3199 fix signed/unsigned errors reported by clang-3.7; add
3200 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
3201 better safety checking; feedback and ok markus@
3202
3203 Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
3204
3205commit d2d6bf864e52af8491a60dd507f85b74361f5da3
3206Author: djm@openbsd.org <djm@openbsd.org>
3207Date: Fri Apr 29 08:07:53 2016 +0000
3208
3209 upstream commit
3210
3211 close ControlPersist background process stderr when not
3212 in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
3213
3214 Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
3215
3216commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8
3217Author: djm@openbsd.org <djm@openbsd.org>
3218Date: Thu Apr 28 14:30:21 2016 +0000
3219
3220 upstream commit
3221
3222 fix comment
3223
3224 Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
3225
3226commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6
3227Author: jmc@openbsd.org <jmc@openbsd.org>
3228Date: Wed Apr 27 13:53:48 2016 +0000
3229
3230 upstream commit
3231
3232 cidr permitted for {allow,deny}users; from lars nooden ok djm
3233
3234 Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
3235
3236commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22
3237Author: djm@openbsd.org <djm@openbsd.org>
3238Date: Thu Apr 21 06:08:02 2016 +0000
3239
3240 upstream commit
3241
3242 make argument == NULL tests more consistent
3243
3244 Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
3245
3246commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3
3247Author: jmc@openbsd.org <jmc@openbsd.org>
3248Date: Sun Apr 17 14:34:46 2016 +0000
3249
3250 upstream commit
3251
3252 tweak previous;
3253
3254 Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
3255
3256commit 0f839e5969efa3bda615991be8a9d9311554c573
3257Author: djm@openbsd.org <djm@openbsd.org>
3258Date: Fri Apr 15 02:57:10 2016 +0000
3259
3260 upstream commit
3261
3262 missing bit of Include regress
3263
3264 Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
3265
3266commit 12e4ac46aed681da55c2bba3cd11dfcab23591be
3267Author: djm@openbsd.org <djm@openbsd.org>
3268Date: Fri Apr 15 02:55:53 2016 +0000
3269
3270 upstream commit
3271
3272 remove redundant CLEANFILES section
3273
3274 Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
3275
3276commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c
3277Author: djm@openbsd.org <djm@openbsd.org>
3278Date: Fri Apr 15 00:48:01 2016 +0000
3279
3280 upstream commit
3281
3282 sync CLEANFILES with portable, sort
3283
3284 Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
3285
3286commit 35f22dad263cce5c61d933ae439998cb965b8748
3287Author: djm@openbsd.org <djm@openbsd.org>
3288Date: Fri Apr 15 00:31:10 2016 +0000
3289
3290 upstream commit
3291
3292 regression test for ssh_config Include directive
3293
3294 Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
3295
3296commit 6b8a1a87005818d4700ce8b42faef746e82c1f51
3297Author: djm@openbsd.org <djm@openbsd.org>
3298Date: Thu Apr 14 23:57:17 2016 +0000
3299
3300 upstream commit
3301
3302 unbreak test for recent ssh de-duplicated forwarding
3303 change
3304
3305 Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
3306
3307commit 076787702418985a2cc6808212dc28ce7afc01f0
3308Author: djm@openbsd.org <djm@openbsd.org>
3309Date: Thu Apr 14 23:21:42 2016 +0000
3310
3311 upstream commit
3312
3313 add test knob and warning for StrictModes
3314
3315 Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
3316
3317commit dc7990be865450574c7940c9880567f5d2555b37
3318Author: djm@openbsd.org <djm@openbsd.org>
3319Date: Fri Apr 15 00:30:19 2016 +0000
3320
3321 upstream commit
3322
3323 Include directive for ssh_config(5); feedback & ok markus@
3324
3325 Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
3326
3327commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755
3328Author: Damien Miller <djm@mindrot.org>
3329Date: Wed Apr 13 10:39:57 2016 +1000
3330
3331 ignore PAM environment vars when UseLogin=yes
3332
3333 If PAM is configured to read user-specified environment variables
3334 and UseLogin=yes in sshd_config, then a hostile local user may
3335 attack /bin/login via LD_PRELOAD or similar environment variables
3336 set via PAM.
3337
3338 CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
3339
3340commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9
3341Author: djm@openbsd.org <djm@openbsd.org>
3342Date: Sat Apr 9 12:39:30 2016 +0000
3343
3344 upstream commit
3345
3346 make private key loading functions consistently handle NULL
3347 key pointer arguments; ok markus@
3348
3349 Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
3350
3351commit 5f41f030e2feb5295657285aa8c6602c7810bc4b
3352Author: Darren Tucker <dtucker@zip.com.au>
3353Date: Fri Apr 8 21:14:13 2016 +1000
3354
3355 Remove NO_IPPORT_RESERVED_CONCEPT
3356
3357 Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
3358 the same effect without causing problems syncing patches with OpenBSD.
3359 Resync the two affected functions with OpenBSD. ok djm, sanity checked
3360 by Corinna.
3361
3362commit 34a01b2cf737d946ddb140618e28c3048ab7a229
3363Author: djm@openbsd.org <djm@openbsd.org>
3364Date: Fri Apr 8 08:19:17 2016 +0000
3365
3366 upstream commit
3367
3368 whitespace at EOL
3369
3370 Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
3371
3372commit 90ee563fa6b54c59896c6c332c5188f866c5e75f
3373Author: djm@openbsd.org <djm@openbsd.org>
3374Date: Fri Apr 8 06:35:54 2016 +0000
3375
3376 upstream commit
3377
3378 We accidentally send an empty string and a zero uint32 with
3379 every direct-streamlocal@openssh.com channel open, in contravention of our
3380 own spec.
3381
3382 Fixing this is too hard wrt existing versions that expect these
3383 fields to be present and fatal() if they aren't, so document them
3384 as "reserved" fields in the PROTOCOL spec as though we always
3385 intended this and let us never speak of it again.
3386
3387 bz#2529, reported by Ron Frederick
3388
3389 Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
3390
3391commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558
3392Author: djm@openbsd.org <djm@openbsd.org>
3393Date: Wed Apr 6 06:42:17 2016 +0000
3394
3395 upstream commit
3396
3397 don't record duplicate LocalForward and RemoteForward
3398 entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
3399 where the same forwards are added on the second pass through the
3400 configuration file. bz#2562; ok dtucker@
3401
3402 Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
3403
3404commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8
3405Author: krw@openbsd.org <krw@openbsd.org>
3406Date: Sat Apr 2 14:37:42 2016 +0000
3407
3408 upstream commit
3409
3410 Another use for fcntl() and thus of the superfluous 3rd
3411 parameter is when sanitising standard fd's before calling daemon().
3412
3413 Use a tweaked version of the ssh(1) function in all three places
3414 found using fcntl() this way.
3415
3416 ok jca@ beck@
3417
3418 Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
3419
3420commit b3413534aa9d71a941005df2760d1eec2c2b0854
3421Author: Darren Tucker <dtucker@zip.com.au>
3422Date: Mon Apr 4 11:09:21 2016 +1000
3423
3424 Tidy up openssl header test.
3425
3426commit 815bcac0b94bb448de5acdd6ba925b8725240b4f
3427Author: Darren Tucker <dtucker@zip.com.au>
3428Date: Mon Apr 4 11:07:59 2016 +1000
3429
3430 Fix configure-time warnings for openssl test.
3431
3432commit 95687f5831ae680f7959446d8ae4b52452ee05dd
3433Author: djm@openbsd.org <djm@openbsd.org>
3434Date: Fri Apr 1 02:34:10 2016 +0000
3435
3436 upstream commit
3437
3438 whitespace at EOL
3439
3440 Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
3441
3442commit fdfbf4580de09d84a974211715e14f88a5704b8e
3443Author: dtucker@openbsd.org <dtucker@openbsd.org>
3444Date: Thu Mar 31 05:24:06 2016 +0000
3445
3446 upstream commit
3447
3448 Remove fallback from moduli to "primes" file that was
3449 deprecated in 2001 and fix log messages referring to primes file. Based on
3450 patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@
3451
3452 Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
3453
3454commit 0235a5fa67fcac51adb564cba69011a535f86f6b
3455Author: djm@openbsd.org <djm@openbsd.org>
3456Date: Thu Mar 17 17:19:43 2016 +0000
3457
3458 upstream commit
3459
3460 UseDNS affects ssh hostname processing in authorized_keys,
3461 not known_hosts; bz#2554 reported by jjelen AT redhat.com
3462
3463 Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
3464
3465commit 8c4739338f5e379d05b19d6e544540114965f07e
3466Author: Darren Tucker <dtucker@zip.com.au>
3467Date: Tue Mar 15 09:24:43 2016 +1100
3468
3469 Don't call Solaris setproject() with UsePAM=yes.
3470
3471 When Solaris Projects are enabled along with PAM setting the project
3472 is PAM's responsiblity. bz#2425, based on patch from
3473 brent.paulson at gmail.com.
3474
3475commit cff26f373c58457a32cb263e212cfff53fca987b
3476Author: Damien Miller <djm@mindrot.org>
3477Date: Tue Mar 15 04:30:21 2016 +1100
3478
3479 remove slogin from *.spec
3480
3481commit c38905ba391434834da86abfc988a2b8b9b62477
3482Author: djm@openbsd.org <djm@openbsd.org>
3483Date: Mon Mar 14 16:20:54 2016 +0000
3484
3485 upstream commit
3486
3487 unbreak authentication using lone certificate keys in
3488 ssh-agent: when attempting pubkey auth with a certificate, if no separate
3489 private key is found among the keys then try with the certificate key itself.
3490
3491 bz#2550 reported by Peter Moody
3492
3493 Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
3494
3495commit 4b4bfb01cd40b9ddb948e6026ddd287cc303d871
3496Author: djm@openbsd.org <djm@openbsd.org>
3497Date: Thu Mar 10 11:47:57 2016 +0000
3498
3499 upstream commit
3500
3501 sanitise characters destined for xauth reported by
3502 github.com/tintinweb feedback and ok deraadt and markus
3503
3504 Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
3505
3506commit 732b463d37221722b1206f43aa59563766a6a968
3507Author: Darren Tucker <dtucker@zip.com.au>
3508Date: Mon Mar 14 16:04:23 2016 +1100
3509
3510 Pass supported malloc options to connect-privsep.
3511
3512 This allows us to activate only the supported options during the malloc
3513 option portion of the connect-privsep test.
3514
3515commit d29c5b9b3e9f27394ca97a364ed4bb4a55a59744
3516Author: Darren Tucker <dtucker@zip.com.au>
3517Date: Mon Mar 14 09:30:58 2016 +1100
3518
3519 Remove leftover roaming.h file.
3520
3521 Pointed out by des at des.no.
3522
3523commit 8ff20ec95f4377021ed5e9b2331320f5c5a34cea
3524Author: Darren Tucker <dtucker@zip.com.au>
3525Date: Mon Mar 14 09:24:03 2016 +1100
3526
3527 Quote variables that may contain whitespace.
3528
3529 The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to
3530 survive paths containing whitespace. bz#2551, from Corinna Vinschen via
3531 Philip Hands.
3532
3533commit 627824480c01f0b24541842c7206ab9009644d02
3534Author: Darren Tucker <dtucker@zip.com.au>
3535Date: Fri Mar 11 14:47:41 2016 +1100
3536
3537 Include priv.h for priv_set_t.
3538
3539 From alex at cooperi.net.
3540
3541commit e960051f9a264f682c4d2fefbeecffcfc66b0ddf
3542Author: Darren Tucker <dtucker@zip.com.au>
3543Date: Wed Mar 9 13:14:18 2016 +1100
3544
3545 Wrap stdint.h inside #ifdef HAVE_STDINT_H.
3546
3547commit 2c48bd344d2c4b5e08dae9aea5ff44fc19a5e363
3548Author: Darren Tucker <dtucker@zip.com.au>
3549Date: Wed Mar 9 12:46:50 2016 +1100
3550
3551 Add compat to monotime_double().
3552
3553 Apply all of the portability changes in monotime() to monotime() double.
3554 Fixes build on at least older FreeBSD systems.
3555
3556commit 7b40ef6c2eef40c339f6ea8920cb8a44838e10c9
3557Author: Damien Miller <djm@mindrot.org>
3558Date: Tue Mar 8 14:12:58 2016 -0800
3559
3560 make a regress-binaries target
3561
3562 Easier to build all the regression/unit test binaries in one pass
3563 than going through all of ${REGRESS_BINARIES}
3564
3565commit c425494d6b6181beb54a1b3763ef9e944fd3c214
3566Author: Damien Miller <djm@mindrot.org>
3567Date: Tue Mar 8 14:03:54 2016 -0800
3568
3569 unbreak kexfuzz for -Werror without __bounded__
3570
3571commit 3ed9218c336607846563daea5d5ab4f701f4e042
3572Author: Damien Miller <djm@mindrot.org>
3573Date: Tue Mar 8 14:01:29 2016 -0800
3574
3575 unbreak PAM after canohost refactor
3576
3577commit 885fb2a44ff694f01e4f6470f803629e11f62961
3578Author: Darren Tucker <dtucker@zip.com.au>
3579Date: Tue Mar 8 11:58:43 2016 +1100
3580
3581 auth_get_canonical_hostname in portable code.
3582
3583 "refactor canohost.c" replaced get_canonical_hostname, this makes the
3584 same change to some portable-specific code.
3585
3586commit 95767262caa6692eff1e1565be1f5cb297949a89
3587Author: djm@openbsd.org <djm@openbsd.org>
3588Date: Mon Mar 7 19:02:43 2016 +0000
3589
3590 upstream commit
3591
3592 refactor canohost.c: move functions that cache results closer
3593 to the places that use them (authn and session code). After this, no state is
3594 cached in canohost.c
3595
3596 feedback and ok markus@
3597
3598 Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
3599
3600commit af0bb38ffd1f2c4f9f43b0029be2efe922815255
3601Author: Damien Miller <djm@mindrot.org>
3602Date: Fri Mar 4 15:11:55 2016 +1100
3603
3604 hook unittests/misc/kexfuzz into build
3605
3606commit 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248
3607Author: dtucker@openbsd.org <dtucker@openbsd.org>
3608Date: Fri Mar 4 02:48:06 2016 +0000
3609
3610 upstream commit
3611
3612 Filter debug messages out of log before picking the last
3613 two lines. Should prevent problems if any more debug output is added late in
3614 the connection.
3615
3616 Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
3617
3618commit 0892edaa3ce623381d3a7635544cbc69b31cf9cb
3619Author: djm@openbsd.org <djm@openbsd.org>
3620Date: Fri Mar 4 02:30:36 2016 +0000
3621
3622 upstream commit
3623
3624 add KEX fuzzer harness; ok deraadt@
3625
3626 Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1
3627
3628commit ae2562c47d41b68dbb00240fd6dd60bed205367a
3629Author: dtucker@openbsd.org <dtucker@openbsd.org>
3630Date: Thu Mar 3 00:46:53 2016 +0000
3631
3632 upstream commit
3633
3634 Look back 3 lines for possible error messages. Changes
3635 to the code mean that "Bad packet length" errors are 3 lines back instead of
3636 the previous two, which meant we didn't skip some offsets that we intended
3637 to.
3638
3639 Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
3640
3641commit 988e429d903acfb298bfddfd75e7994327adfed0
3642Author: djm@openbsd.org <djm@openbsd.org>
3643Date: Fri Mar 4 03:35:44 2016 +0000
3644
3645 upstream commit
3646
3647 fix ClientAliveInterval when a time-based RekeyLimit is
3648 set; previously keepalive packets were not being sent. bz#2252 report and
3649 analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@
3650
3651 Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
3652
3653commit 8ef04d7a94bcdb8b0085fdd2a79a844b7d40792d
3654Author: dtucker@openbsd.org <dtucker@openbsd.org>
3655Date: Wed Mar 2 22:43:52 2016 +0000
3656
3657 upstream commit
3658
3659 Improve accuracy of reported transfer speeds by waiting
3660 for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
3661
3662 Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
3663
3664commit b8d4eafe29684fe4f5bb587f7eab948e6ed62723
3665Author: dtucker@openbsd.org <dtucker@openbsd.org>
3666Date: Wed Mar 2 22:42:40 2016 +0000
3667
3668 upstream commit
3669
3670 Improve precision of progressmeter for sftp and scp by
3671 storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@
3672
3673 Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
3674
3675commit 18f64b969c70ed00e74b9d8e50359dbe698ce4c0
3676Author: jca@openbsd.org <jca@openbsd.org>
3677Date: Mon Feb 29 20:22:36 2016 +0000
3678
3679 upstream commit
3680
3681 Print ssize_t with %zd; ok deraadt@ mmcc@
3682
3683 Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd
3684
3685commit 6e7f68ce38130c794ec1fb8d2a6091fbe982628d
3686Author: djm@openbsd.org <djm@openbsd.org>
3687Date: Sun Feb 28 22:27:00 2016 +0000
3688
3689 upstream commit
3690
3691 rearrange DH public value tests to be a little more clear
3692
3693 rearrange DH private value generation to explain rationale more
3694 clearly and include an extra sanity check.
3695
3696 ok deraadt
3697
3698 Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
3699
3700commit 2ed17aa34008bdfc8db674315adc425a0712be11
3701Author: Darren Tucker <dtucker@zip.com.au>
3702Date: Tue Mar 1 15:24:20 2016 +1100
3703
3704 Import updated moduli file from OpenBSD.
3705
3706 Note that 1.5k bit groups have been removed.
3707
3708commit 72b061d4ba0f909501c595d709ea76e06b01e5c9
3709Author: Darren Tucker <dtucker@zip.com.au>
3710Date: Fri Feb 26 14:40:04 2016 +1100
3711
3712 Add a note about using xlc on AIX.
3713
3714commit fd4e4f2416baa2e6565ea49d52aade296bad3e28
3715Author: Darren Tucker <dtucker@zip.com.au>
3716Date: Wed Feb 24 10:44:25 2016 +1100
3717
3718 Skip PrintLastLog in config dump mode.
3719
3720 When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the
3721 config dump since it'll be reported as UNKNOWN.
3722
3723commit 99135c764fa250801da5ec3b8d06cbd0111caae8
3724Author: Damien Miller <djm@mindrot.org>
3725Date: Tue Feb 23 20:17:23 2016 +1100
3726
3727 update spec/README versions ahead of release
3728
3729commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5
3730Author: Damien Miller <djm@mindrot.org>
3731Date: Tue Feb 23 20:16:53 2016 +1100
3732
3733 put back portable patchlevel to p1
3734
3735commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f
3736Author: djm@openbsd.org <djm@openbsd.org>
3737Date: Tue Feb 23 09:14:34 2016 +0000
3738
3739 upstream commit
3740
3741 openssh-7.2
3742
3743 Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78
3744
3745commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf
3746Author: Damien Miller <djm@mindrot.org>
3747Date: Tue Feb 23 16:12:13 2016 +1100
3748
3749 Disable tests where fs perms are incorrect
3750
3751 Some tests have strict requirements on the filesystem permissions
3752 for certain files and directories. This adds a regress/check-perm
3753 tool that copies the relevant logic from sshd to exactly test
3754 the paths in question. This lets us skip tests when the local
3755 filesystem doesn't conform to our expectations rather than
3756 continuing and failing the test run.
3757
3758 ok dtucker@
3759
3760commit 39f303b1f36d934d8410b05625f25c7bcb75db4d
3761Author: Damien Miller <djm@mindrot.org>
3762Date: Tue Feb 23 12:56:59 2016 +1100
3763
3764 fix sandbox on OSX Lion
3765
3766 sshd was failing with:
3767
3768 ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw
3769 image not found [preauth]
3770
3771 caused by chroot before sandboxing. Avoid by explicitly linking libsandbox
3772 to sshd. Spotted by Darren.
3773
3774commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4
3775Author: djm@openbsd.org <djm@openbsd.org>
3776Date: Tue Feb 23 01:34:14 2016 +0000
3777
3778 upstream commit
3779
3780 fix spurious error message when incorrect passphrase
3781 entered for keys; reported by espie@ ok deraadt@
3782
3783 Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
3784
3785commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc
3786Author: sobrado@openbsd.org <sobrado@openbsd.org>
3787Date: Sat Feb 20 23:06:23 2016 +0000
3788
3789 upstream commit
3790
3791 set ssh(1) protocol version to 2 only.
3792
3793 ok djm@
3794
3795 Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10
3796
3797commit 9262e07826ba5eebf8423f7ac9e47ec488c47869
3798Author: sobrado@openbsd.org <sobrado@openbsd.org>
3799Date: Sat Feb 20 23:02:39 2016 +0000
3800
3801 upstream commit
3802
3803 add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to
3804 IdentityFile.
3805
3806 ok djm@
3807
3808 Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf
3809
3810commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5
3811Author: sobrado@openbsd.org <sobrado@openbsd.org>
3812Date: Sat Feb 20 23:01:46 2016 +0000
3813
3814 upstream commit
3815
3816 AddressFamily defaults to any.
3817
3818 ok djm@
3819
3820 Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c
3821
3822commit 907091acb188b1057d50c2158f74c3ecf1c2302b
3823Author: Darren Tucker <dtucker@zip.com.au>
3824Date: Fri Feb 19 09:05:39 2016 +1100
3825
3826 Make Solaris privs code build on older systems.
3827
3828 Not all systems with Solaris privs have priv_basicset so factor that
3829 out and provide backward compatibility code. Similarly, not all have
3830 PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from
3831 alex at cooperi.net and djm@ with help from carson at taltos.org and
3832 wieland at purdue.edu.
3833
3834commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59
3835Author: djm@openbsd.org <djm@openbsd.org>
3836Date: Wed Feb 17 22:20:14 2016 +0000
3837
3838 upstream commit
3839
3840 rekey refactor broke SSH1; spotted by Tom G. Christensen
3841
3842 Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243
3843
3844commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca
3845Author: djm@openbsd.org <djm@openbsd.org>
3846Date: Wed Feb 17 08:57:34 2016 +0000
3847
3848 upstream commit
3849
3850 rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly
3851 in *KeyTypes options yet. Remove them from the lists of algorithms for now.
3852 committing on behalf of markus@ ok djm@
3853
3854 Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
3855
3856commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b
3857Author: jmc@openbsd.org <jmc@openbsd.org>
3858Date: Wed Feb 17 07:38:19 2016 +0000
3859
3860 upstream commit
3861
3862 since these pages now clearly tell folks to avoid v1,
3863 normalise the docs from a v2 perspective (i.e. stop pointing out which bits
3864 are v2 only);
3865
3866 ok/tweaks djm ok markus
3867
3868 Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
3869
3870commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d
3871Author: djm@openbsd.org <djm@openbsd.org>
3872Date: Wed Feb 17 05:29:04 2016 +0000
3873
3874 upstream commit
3875
3876 make sandboxed privilege separation the default, not just
3877 for new installs; "absolutely" deraadt@
3878
3879 Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b
3880
3881commit eb3f7337a651aa01d5dec019025e6cdc124ed081
3882Author: jmc@openbsd.org <jmc@openbsd.org>
3883Date: Tue Feb 16 07:47:54 2016 +0000
3884
3885 upstream commit
3886
3887 no need to state that protocol 2 is the default twice;
3888
3889 Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb
3890
3891commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005
3892Author: djm@openbsd.org <djm@openbsd.org>
3893Date: Tue Feb 16 05:11:04 2016 +0000
3894
3895 upstream commit
3896
3897 Replace list of ciphers and MACs adjacent to -1/-2 flag
3898 descriptions in ssh(1) with a strong recommendation not to use protocol 1.
3899 Add a similar warning to the Protocol option descriptions in ssh_config(5)
3900 and sshd_config(5);
3901
3902 prompted by and ok mmcc@
3903
3904 Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
3905
3906commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2
3907Author: djm@openbsd.org <djm@openbsd.org>
3908Date: Tue Feb 16 03:37:48 2016 +0000
3909
3910 upstream commit
3911
3912 add a "Close session" log entry (at loglevel=verbose) to
3913 correspond to the existing "Starting session" one. Also include the session
3914 id number to make multiplexed sessions more apparent.
3915
3916 feedback and ok dtucker@
3917
3918 Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c
3919
3920commit 624fd395b559820705171f460dd33d67743d13d6
3921Author: djm@openbsd.org <djm@openbsd.org>
3922Date: Wed Feb 17 02:24:17 2016 +0000
3923
3924 upstream commit
3925
3926 include bad $SSH_CONNECTION in failure output
3927
3928 Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529
3929
3930commit 60d860e54b4f199e5e89963b1c086981309753cb
3931Author: Darren Tucker <dtucker@zip.com.au>
3932Date: Wed Feb 17 13:37:09 2016 +1100
3933
3934 Rollback addition of va_start.
3935
3936 va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however
3937 it has the wrong number of args and it's not usable in non-variadic
3938 functions anyway so it breaks things (for example Solaris 2.6 as
3939 reported by Tom G. Christensen).i ok djm@
3940
3941commit 2fee909c3cee2472a98b26eb82696297b81e0d38
3942Author: Darren Tucker <dtucker@zip.com.au>
3943Date: Wed Feb 17 09:48:15 2016 +1100
3944
3945 Look for gethostbyname in libresolv and libnsl.
3946
3947 Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
3948
3949commit 5ac712d81a84396aab441a272ec429af5b738302
3950Author: Damien Miller <djm@mindrot.org>
3951Date: Tue Feb 16 10:45:02 2016 +1100
3952
3953 make existing ssh_malloc_init only for __OpenBSD__
3954
3955commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec
3956Author: djm@openbsd.org <djm@openbsd.org>
3957Date: Mon Feb 15 23:32:37 2016 +0000
3958
3959 upstream commit
3960
3961 memleak of algorithm name in mm_answer_sign; reported by
3962 Jakub Jelen
3963
3964 Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08
3965
3966commit ffb1e7e896139a42ceb78676f637658f44612411
3967Author: dtucker@openbsd.org <dtucker@openbsd.org>
3968Date: Mon Feb 15 09:47:49 2016 +0000
3969
3970 upstream commit
3971
3972 Add a function to enable security-related malloc_options.
3973 With and ok deraadt@, something similar has been in the snaps for a while.
3974
3975 Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
3976
3977commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c
3978Author: Damien Miller <djm@mindrot.org>
3979Date: Tue Feb 16 10:34:39 2016 +1100
3980
3981 sync ssh-copy-id with upstream 783ef08b0a75
3982
3983commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd
3984Author: djm@openbsd.org <djm@openbsd.org>
3985Date: Fri Feb 12 00:20:30 2016 +0000
3986
3987 upstream commit
3988
3989 avoid fatal() for PKCS11 tokens that present empty key IDs
3990 bz#1773, ok markus@
3991
3992 Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
3993
3994commit e4c918a6c721410792b287c9fd21356a1bed5805
3995Author: djm@openbsd.org <djm@openbsd.org>
3996Date: Thu Feb 11 02:56:32 2016 +0000
3997
3998 upstream commit
3999
4000 sync crypto algorithm lists in ssh_config(5) and
4001 sshd_config(5) with current reality. bz#2527
4002
4003 Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6
4004
4005commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517
4006Author: djm@openbsd.org <djm@openbsd.org>
4007Date: Thu Feb 11 02:21:34 2016 +0000
4008
4009 upstream commit
4010
4011 fix regression in openssh-6.8 sftp client: existing
4012 destination directories would incorrectly terminate recursive uploads;
4013 bz#2528
4014
4015 Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18
4016
4017commit 714e367226ded4dc3897078be48b961637350b05
4018Author: djm@openbsd.org <djm@openbsd.org>
4019Date: Tue Feb 9 05:30:04 2016 +0000
4020
4021 upstream commit
4022
4023 turn off more old crypto in the client: hmac-md5, ripemd,
4024 truncated HMACs, RC4, blowfish. ok markus@ dtucker@
4025
4026 Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e
4027
4028commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3
4029Author: djm@openbsd.org <djm@openbsd.org>
4030Date: Mon Feb 8 23:40:12 2016 +0000
4031
4032 upstream commit
4033
4034 don't attempt to percent_expand() already-canonicalised
4035 addresses, avoiding unnecessary failures when attempting to connect to scoped
4036 IPv6 addresses (that naturally contain '%' characters)
4037
4038 Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
4039
4040commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a
4041Author: djm@openbsd.org <djm@openbsd.org>
4042Date: Mon Feb 8 10:57:07 2016 +0000
4043
4044 upstream commit
4045
4046 refactor activation of rekeying
4047
4048 This makes automatic rekeying internal to the packet code (previously
4049 the server and client loops needed to assist). In doing to it makes
4050 application of rekey limits more accurate by accounting for packets
4051 about to be sent as well as packets queued during rekeying events
4052 themselves.
4053
4054 Based on a patch from dtucker@ which was in turn based on a patch
4055 Aleksander Adamowski in bz#2521; ok markus@
4056
4057 Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
4058
4059commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d
4060Author: naddy@openbsd.org <naddy@openbsd.org>
4061Date: Fri Feb 5 13:28:19 2016 +0000
4062
4063 upstream commit
4064
4065 Only check errno if read() has returned an error. EOF is
4066 not an error. This fixes a problem where the mux master would sporadically
4067 fail to notice that the client had exited. ok mikeb@ djm@
4068
4069 Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53
4070
4071commit 56d7dac790693ce420d225119283bc355cff9185
4072Author: jsg@openbsd.org <jsg@openbsd.org>
4073Date: Fri Feb 5 04:31:21 2016 +0000
4074
4075 upstream commit
4076
4077 avoid an uninitialised value when NumberOfPasswordPrompts
4078 is 0 ok markus@ djm@
4079
4080 Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b
4081
4082commit deae7d52d59c5019c528f977360d87fdda15d20b
4083Author: djm@openbsd.org <djm@openbsd.org>
4084Date: Fri Feb 5 03:07:06 2016 +0000
4085
4086 upstream commit
4087
4088 mention internal DH-GEX fallback groups; bz#2302
4089
4090 Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e
4091
4092commit cac3b6665f884d46192c0dc98a64112e8b11a766
4093Author: djm@openbsd.org <djm@openbsd.org>
4094Date: Fri Feb 5 02:37:56 2016 +0000
4095
4096 upstream commit
4097
4098 better description for MaxSessions; bz#2531
4099
4100 Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da
4101
4102commit 5ef4b0fdcc7a239577a754829b50022b91ab4712
4103Author: Damien Miller <djm@mindrot.org>
4104Date: Wed Jan 27 17:45:56 2016 +1100
4105
4106 avoid FreeBSD RCS Id in comment
4107
4108 Change old $FreeBSD version string in comment so it doesn't
4109 become an RCS ident downstream; requested by des AT des.no
4110
4111commit 696d12683c90d20a0a9c5f4275fc916b7011fb04
4112Author: djm@openbsd.org <djm@openbsd.org>
4113Date: Thu Feb 4 23:43:48 2016 +0000
4114
4115 upstream commit
4116
4117 printf argument casts to avoid warnings on strict
4118 compilers
4119
4120 Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c
4121
4122commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a
4123Author: millert@openbsd.org <millert@openbsd.org>
4124Date: Mon Feb 1 21:18:17 2016 +0000
4125
4126 upstream commit
4127
4128 Avoid ugly "DISPLAY "(null)" invalid; disabling X11
4129 forwarding" message when DISPLAY is not set. This could also result in a
4130 crash on systems with a printf that doesn't handle NULL. OK djm@
4131
4132 Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
4133
4134commit 537f88ec7bcf40bd444ac5584c707c5588c55c43
4135Author: dtucker@openbsd.org <dtucker@openbsd.org>
4136Date: Fri Jan 29 05:18:15 2016 +0000
4137
4138 upstream commit
4139
4140 Add regression test for RekeyLimit parsing of >32bit values
4141 (4G and 8G).
4142
4143 Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328
4144
4145commit 4c6cb8330460f94e6c7ae28a364236d4188156a3
4146Author: dtucker@openbsd.org <dtucker@openbsd.org>
4147Date: Fri Jan 29 23:04:46 2016 +0000
4148
4149 upstream commit
4150
4151 Remove leftover roaming dead code. ok djm markus.
4152
4153 Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be
4154
4155commit 28136471809806d6246ef41e4341467a39fe2f91
4156Author: djm@openbsd.org <djm@openbsd.org>
4157Date: Fri Jan 29 05:46:01 2016 +0000
4158
4159 upstream commit
4160
4161 include packet type of non-data packets in debug3 output;
4162 ok markus dtucker
4163
4164 Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41
4165
4166commit 6fd6e28daccafaa35f02741036abe64534c361a1
4167Author: dtucker@openbsd.org <dtucker@openbsd.org>
4168Date: Fri Jan 29 03:31:03 2016 +0000
4169
4170 upstream commit
4171
4172 Revert "account for packets buffered but not yet
4173 processed" change as it breaks for very small RekeyLimit values due to
4174 continuous rekeying. ok djm@
4175
4176 Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19
4177
4178commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb
4179Author: dtucker@openbsd.org <dtucker@openbsd.org>
4180Date: Fri Jan 29 02:54:45 2016 +0000
4181
4182 upstream commit
4183
4184 Allow RekeyLimits in excess of 4G up to 2**63 bits
4185 (limited by the return type of scan_scaled). Part of bz#2521, ok djm.
4186
4187 Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
4188
4189commit c0060a65296f01d4634f274eee184c0e93ba0f23
4190Author: dtucker@openbsd.org <dtucker@openbsd.org>
4191Date: Fri Jan 29 02:42:46 2016 +0000
4192
4193 upstream commit
4194
4195 Account for packets buffered but not yet processed when
4196 computing whether or not it is time to perform rekeying. bz#2521, based
4197 loosely on a patch from olo at fb.com, ok djm@
4198
4199 Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c
4200
4201commit 44cf930e670488c85c9efeb373fa5f4b455692ac
4202Author: djm@openbsd.org <djm@openbsd.org>
4203Date: Wed Jan 27 06:44:58 2016 +0000
4204
4205 upstream commit
4206
4207 change old $FreeBSD version string in comment so it doesn't
4208 become an RCS ident downstream; requested by des AT des.no
4209
4210 Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722
4211
4212commit ebacd377769ac07d1bf3c75169644336056b7060
4213Author: djm@openbsd.org <djm@openbsd.org>
4214Date: Wed Jan 27 00:53:12 2016 +0000
4215
4216 upstream commit
4217
4218 make the debug messages a bit more useful here
4219
4220 Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64
4221
4222commit 458abc2934e82034c5c281336d8dc0f910aecad3
4223Author: jsg@openbsd.org <jsg@openbsd.org>
4224Date: Sat Jan 23 05:31:35 2016 +0000
4225
4226 upstream commit
4227
4228 Zero a stack buffer with explicit_bzero() instead of
4229 memset() when returning from client_loop() for consistency with
4230 buffer_free()/sshbuf_free().
4231
4232 ok dtucker@ deraadt@ djm@
4233
4234 Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66
4235
4236commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0
4237Author: dtucker@openbsd.org <dtucker@openbsd.org>
4238Date: Wed Jan 20 09:22:39 2016 +0000
4239
4240 upstream commit
4241
4242 Include sys/time.h for gettimeofday. From sortie at
4243 maxsi.org.
4244
4245 Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b
4246
4247commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a
4248Author: markus@openbsd.org <markus@openbsd.org>
4249Date: Thu Jan 14 22:56:56 2016 +0000
4250
4251 upstream commit
4252
4253 fd leaks; report Qualys Security Advisory team; ok
4254 deraadt@
4255
4256 Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
4257
4258commit a306863831c57ec5fad918687cc5d289ee8e2635
4259Author: markus@openbsd.org <markus@openbsd.org>
4260Date: Thu Jan 14 16:17:39 2016 +0000
4261
4262 upstream commit
4263
4264 remove roaming support; ok djm@
4265
4266 Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
4267
4268commit 6ef49e83e30688504552ac10875feabd5521565f
4269Author: deraadt@openbsd.org <deraadt@openbsd.org>
4270Date: Thu Jan 14 14:34:34 2016 +0000
4271
4272 upstream commit
4273
4274 Disable experimental client-side roaming support. Server
4275 side was disabled/gutted for years already, but this aspect was surprisingly
4276 forgotten. Thanks for report from Qualys
4277
4278 Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
4279
4280commit 8d7b523b96d3be180572d9d338cedaafc0570f60
4281Author: Damien Miller <djm@mindrot.org>
4282Date: Thu Jan 14 11:08:19 2016 +1100
4283
4284 bump version numbers
4285
4286commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca
4287Author: Damien Miller <djm@mindrot.org>
4288Date: Thu Jan 14 11:04:04 2016 +1100
4289
4290 openssh-7.1p2
4291
4292commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5
4293Author: Damien Miller <djm@mindrot.org>
4294Date: Fri Jan 15 01:30:36 2016 +1100
4295
4296 forcibly disable roaming support in the client
4297
4298commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
4299Author: djm@openbsd.org <djm@openbsd.org>
4300Date: Wed Jan 13 23:04:47 2016 +0000
4301
4302 upstream commit
4303
4304 eliminate fallback from untrusted X11 forwarding to trusted
4305 forwarding when the X server disables the SECURITY extension; Reported by
4306 Thomas Hoger; ok deraadt@
4307
4308 Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
4309
4310commit 9a728cc918fad67c8a9a71201088b1e150340ba4
4311Author: djm@openbsd.org <djm@openbsd.org>
4312Date: Tue Jan 12 23:42:54 2016 +0000
4313
4314 upstream commit
4315
4316 use explicit_bzero() more liberally in the buffer code; ok
4317 deraadt
4318
4319 Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
4320
4321commit 4626cbaf78767fc8e9c86dd04785386c59ae0839
4322Author: Damien Miller <djm@mindrot.org>
4323Date: Fri Jan 8 14:24:56 2016 +1100
4324
4325 Support Illumos/Solaris fine-grained privileges
4326
4327 Includes a pre-auth privsep sandbox and several pledge()
4328 emulations. bz#2511, patch by Alex Wilson.
4329
4330 ok dtucker@
4331
4332commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d
4333Author: djm@openbsd.org <djm@openbsd.org>
4334Date: Thu Dec 31 00:33:52 2015 +0000
4335
4336 upstream commit
4337
4338 fix three bugs in KRL code related to (unused) signature
4339 support: verification length was being incorrectly calculated, multiple
4340 signatures were being incorrectly processed and a NULL dereference that
4341 occurred when signatures were verified. Reported by Carl Jackson
4342
4343 Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b
4344
4345commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a
4346Author: djm@openbsd.org <djm@openbsd.org>
4347Date: Wed Dec 30 23:46:14 2015 +0000
4348
4349 upstream commit
4350
4351 unused prototype
4352
4353 Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97
4354
4355commit 6213f0e180e54122bb1ba928e11c784e2b4e5380
4356Author: guenther@openbsd.org <guenther@openbsd.org>
4357Date: Sat Dec 26 20:51:35 2015 +0000
4358
4359 upstream commit
4360
4361 Use pread/pwrite instead separate lseek+read/write for
4362 lastlog. Cast to off_t before multiplication to avoid truncation on ILP32
4363
4364 ok kettenis@ mmcc@
4365
4366 Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf
4367
4368commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f
4369Author: semarie@openbsd.org <semarie@openbsd.org>
4370Date: Sat Dec 26 07:46:03 2015 +0000
4371
4372 upstream commit
4373
4374 adjust pledge promises for ControlMaster: when using
4375 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.
4376
4377 problem found by halex@
4378
4379 ok halex@
4380
4381 Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
4382
4383commit 271df8185d9689b3fb0523f58514481b858f6843
4384Author: djm@openbsd.org <djm@openbsd.org>
4385Date: Sun Dec 13 22:42:23 2015 +0000
4386
4387 upstream commit
4388
4389 unbreak connections with peers that set
4390 first_kex_follows; fix from Matt Johnston va bz#2515
4391
4392 Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
4393
4394commit 43849a47c5f8687699eafbcb5604f6b9c395179f
4395Author: doug@openbsd.org <doug@openbsd.org>
4396Date: Fri Dec 11 17:41:37 2015 +0000
4397
4398 upstream commit
4399
4400 Add "id" to ssh-agent pledge for subprocess support.
4401
4402 Found the hard way by Jan Johansson when using ssh-agent with X. Also,
4403 rearranged proc/exec and retval to match other pledge calls in the tree.
4404
4405 ok djm@
4406
4407 Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
4408
4409commit 52d7078421844b2f88329f5be3de370b0a938636
4410Author: mmcc@openbsd.org <mmcc@openbsd.org>
4411Date: Fri Dec 11 04:21:11 2015 +0000
4412
4413 upstream commit
4414
4415 Remove NULL-checks before sshbuf_free().
4416
4417 ok djm@
4418
4419 Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
4420
4421commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7
4422Author: djm@openbsd.org <djm@openbsd.org>
4423Date: Fri Dec 11 03:24:25 2015 +0000
4424
4425 upstream commit
4426
4427 include remote port number in a few more messages; makes
4428 tying log messages together into a session a bit easier; bz#2503 ok dtucker@
4429
4430 Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e
4431
4432commit 6091c362e89079397e68744ae30df121b0a72c07
4433Author: djm@openbsd.org <djm@openbsd.org>
4434Date: Fri Dec 11 03:20:09 2015 +0000
4435
4436 upstream commit
4437
4438 don't try to load SSHv1 private key when compiled without
4439 SSHv1 support. From Iain Morgan bz#2505
4440
4441 Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7
4442
4443commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352
4444Author: djm@openbsd.org <djm@openbsd.org>
4445Date: Fri Dec 11 03:19:09 2015 +0000
4446
4447 upstream commit
4448
4449 use SSH_MAX_PUBKEY_BYTES consistently as buffer size when
4450 reading key files. Increase it to match the size of the buffers already being
4451 used.
4452
4453 Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
4454
4455commit 89540b6de025b80404a0cb8418c06377f3f98848
4456Author: mmcc@openbsd.org <mmcc@openbsd.org>
4457Date: Fri Dec 11 02:31:47 2015 +0000
4458
4459 upstream commit
4460
4461 Remove NULL-checks before sshkey_free().
4462
4463 ok djm@
4464
4465 Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
4466
4467commit 79394ed6d74572c2d2643d73937dad33727fc240
4468Author: dtucker@openbsd.org <dtucker@openbsd.org>
4469Date: Fri Dec 11 02:29:03 2015 +0000
4470
4471 upstream commit
4472
4473 fflush stdout so that output is seen even when running in
4474 debug mode when output may otherwise not be flushed. Patch from dustin at
4475 null-ptr.net.
4476
4477 Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
4478
4479commit ee607cccb6636eb543282ba90e0677b0604d8b7a
4480Author: Darren Tucker <dtucker@zip.com.au>
4481Date: Tue Dec 15 15:23:49 2015 +1100
4482
4483 Increase robustness of redhat/openssh.spec
4484
4485 - remove configure --with-rsh, because this option isn't supported anymore
4486 - replace last occurrence of BuildPreReq by BuildRequires
4487 - update grep statement to query the krb5 include directory
4488
4489 Patch from CarstenGrohmann via github, ok djm.
4490
4491commit b5fa0cd73555b991a543145603658d7088ec6b60
4492Author: Darren Tucker <dtucker@zip.com.au>
4493Date: Tue Dec 15 15:10:32 2015 +1100
4494
4495 Allow --without-ssl-engine with --without-openssl
4496
4497 Patch from Mike Frysinger via github.
4498
4499commit c1d7e546f6029024f3257cc25c92f2bddf163125
4500Author: Darren Tucker <dtucker@zip.com.au>
4501Date: Tue Dec 15 14:27:09 2015 +1100
4502
4503 Include openssl crypto.h for SSLeay.
4504
4505 Patch from doughdemon via github.
4506
4507commit c6f5f01651526e88c00d988ce59d71f481ebac62
4508Author: Darren Tucker <dtucker@zip.com.au>
4509Date: Tue Dec 15 13:59:12 2015 +1100
4510
4511 Add sys/time.h for gettimeofday.
4512
4513 Should allow it it compile with MUSL libc. Based on patch from
4514 doughdemon via github.
4515
4516commit 39736be06c7498ef57d6970f2d85cf066ae57c82
4517Author: djm@openbsd.org <djm@openbsd.org>
4518Date: Fri Dec 11 02:20:28 2015 +0000
4519
4520 upstream commit
4521
4522 correct error messages; from Tomas Kuthan bz#2507
4523
4524 Upstream-ID: 7454a0affeab772398052954c79300aa82077093
4525
4526commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6
4527Author: mmcc@openbsd.org <mmcc@openbsd.org>
4528Date: Fri Dec 11 00:20:04 2015 +0000
4529
4530 upstream commit
4531
4532 Pass (char *)NULL rather than (char *)0 to execl and
4533 execlp.
4534
4535 ok dtucker@
4536
4537 Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492
4538
4539commit d59ce08811bf94111c2f442184cf7d1257ffae24
4540Author: mmcc@openbsd.org <mmcc@openbsd.org>
4541Date: Thu Dec 10 17:08:40 2015 +0000
4542
4543 upstream commit
4544
4545 Remove NULL-checks before free().
4546
4547 ok dtucker@
4548
4549 Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
4550
4551commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71
4552Author: mmcc@openbsd.org <mmcc@openbsd.org>
4553Date: Thu Dec 10 07:01:35 2015 +0000
4554
4555 upstream commit
4556
4557 Fix a couple "the the" typos. ok dtucker@
4558
4559 Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72
4560
4561commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e
4562Author: markus@openbsd.org <markus@openbsd.org>
4563Date: Mon Dec 7 20:04:09 2015 +0000
4564
4565 upstream commit
4566
4567 stricter encoding type checks for ssh-rsa; ok djm@
4568
4569 Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650
4570
4571commit d86a3ba7af160c13496102aed861ae48a4297072
4572Author: Damien Miller <djm@mindrot.org>
4573Date: Wed Dec 9 09:18:45 2015 +1100
4574
4575 Don't set IPV6_V6ONLY on OpenBSD
4576
4577 It isn't necessary and runs afoul of pledge(2) restrictions.
4578
4579commit da98c11d03d819a15429d8fff9688acd7505439f
4580Author: djm@openbsd.org <djm@openbsd.org>
4581Date: Mon Dec 7 02:20:46 2015 +0000
4582
4583 upstream commit
4584
4585 basic unit tests for rsa-sha2-* signature types
4586
4587 Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c
4588
4589commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0
4590Author: markus@openbsd.org <markus@openbsd.org>
4591Date: Sat Dec 5 20:53:21 2015 +0000
4592
4593 upstream commit
4594
4595 prefer rsa-sha2-512 over -256 for hostkeys, too; noticed
4596 by naddy@
4597
4598 Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe
4599
4600commit 8b56e59714d87181505e4678f0d6d39955caf10e
4601Author: tobias@openbsd.org <tobias@openbsd.org>
4602Date: Fri Dec 4 21:51:06 2015 +0000
4603
4604 upstream commit
4605
4606 Properly handle invalid %-format by calling fatal.
4607
4608 ok deraadt, djm
4609
4610 Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac
4611
4612commit 76c9fbbe35aabc1db977fb78e827644345e9442e
4613Author: markus@openbsd.org <markus@openbsd.org>
4614Date: Fri Dec 4 16:41:28 2015 +0000
4615
4616 upstream commit
4617
4618 implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
4619 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
4620 draft-ssh-ext-info-04.txt; with & ok djm@
4621
4622 Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
4623
4624commit 6064a8b8295cb5a17b5ebcfade53053377714f40
4625Author: djm@openbsd.org <djm@openbsd.org>
4626Date: Fri Dec 4 00:24:55 2015 +0000
4627
4628 upstream commit
4629
4630 clean up agent_fd handling; properly initialise it to -1
4631 and make tests consistent
4632
4633 ok markus@
4634
4635 Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707
4636
4637commit b91926a97620f3e51761c271ba57aa5db790f48d
4638Author: semarie@openbsd.org <semarie@openbsd.org>
4639Date: Thu Dec 3 17:00:18 2015 +0000
4640
4641 upstream commit
4642
4643 pledges ssh client: - mux client: which is used when
4644 ControlMaster is in use. will end with "stdio proc tty" (proc is to
4645 permit sending SIGWINCH to mux master on window resize)
4646
4647 - client loop: several levels of pledging depending of your used options
4648
4649 ok deraadt@
4650
4651 Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
4652
4653commit bcce47466bbc974636f588b5e4a9a18ae386f64a
4654Author: doug@openbsd.org <doug@openbsd.org>
4655Date: Wed Dec 2 08:30:50 2015 +0000
4656
4657 upstream commit
4658
4659 Add "cpath" to the ssh-agent pledge so the cleanup
4660 handler can unlink().
4661
4662 ok djm@
4663
4664 Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d
4665
4666commit a90d001543f46716b6590c6dcc681d5f5322f8cf
4667Author: djm@openbsd.org <djm@openbsd.org>
4668Date: Wed Dec 2 08:00:58 2015 +0000
4669
4670 upstream commit
4671
4672 ssh-agent pledge needs proc for askpass; spotted by todd@
4673
4674 Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a
4675
4676commit d952162b3c158a8f23220587bb6c8fcda75da551
4677Author: djm@openbsd.org <djm@openbsd.org>
4678Date: Tue Dec 1 23:29:24 2015 +0000
4679
4680 upstream commit
4681
4682 basic pledge() for ssh-agent, more refinement needed
4683
4684 Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
4685
4686commit f0191d7c8e76e30551084b79341886d9bb38e453
4687Author: Damien Miller <djm@mindrot.org>
4688Date: Mon Nov 30 10:53:25 2015 +1100
4689
4690 Revert "stub for pledge(2) for systems that lack it"
4691
4692 This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c.
4693
4694 dtucker beat me to it :/
4695
4696commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676
4697Author: Damien Miller <djm@mindrot.org>
4698Date: Mon Nov 30 10:37:03 2015 +1100
4699
4700 revert 7d4c7513: bring back S/Key prototypes
4701
4702 (but leave RCSID changes)
4703
4704commit 14c887c8393adde2d9fd437d498be30f8c98535c
4705Author: Damien Miller <djm@mindrot.org>
4706Date: Mon Nov 30 09:45:29 2015 +1100
4707
4708 stub for pledge(2) for systems that lack it
4709
4710commit 452c0b6af5d14c37553e30059bf74456012493f3
4711Author: djm@openbsd.org <djm@openbsd.org>
4712Date: Sun Nov 29 22:18:37 2015 +0000
4713
4714 upstream commit
4715
4716 pledge, better fatal() messages; feedback deraadt@
4717
4718 Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f
4719
4720commit 6da413c085dba37127687b2617a415602505729b
4721Author: deraadt@openbsd.org <deraadt@openbsd.org>
4722Date: Sat Nov 28 06:50:52 2015 +0000
4723
4724 upstream commit
4725
4726 do not leak temp file if there is no known_hosts file
4727 from craig leres, ok djm
4728
4729 Upstream-ID: c820497fd5574844c782e79405c55860f170e426
4730
4731commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16
4732Author: Darren Tucker <dtucker@zip.com.au>
4733Date: Mon Nov 30 07:23:53 2015 +1100
4734
4735 Add a null implementation of pledge.
4736
4737 Fixes builds on almost everything.
4738
4739commit b1d6b3971ef256a08692efc409fc9ada719111cc
4740Author: djm@openbsd.org <djm@openbsd.org>
4741Date: Sat Nov 28 06:41:03 2015 +0000
4742
4743 upstream commit
4744
4745 don't include port number in tcpip-forward replies for
4746 requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok
4747 markus
4748
4749 Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a
4750
4751commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65
4752Author: deraadt@openbsd.org <deraadt@openbsd.org>
4753Date: Fri Nov 27 00:49:31 2015 +0000
4754
4755 upstream commit
4756
4757 pledge "stdio rpath wpath cpath fattr tty proc exec"
4758 except for the -p option (which sadly has insane semantics...) ok semarie
4759 dtucker
4760
4761 Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
4762
4763commit 4d90625b229cf6b3551d81550a9861897509a65f
4764Author: halex@openbsd.org <halex@openbsd.org>
4765Date: Fri Nov 20 23:04:01 2015 +0000
4766
4767 upstream commit
4768
4769 allow comment change for all supported formats
4770
4771 ok djm@
4772
4773 Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
4774
4775commit 8ca915fc761519dd1f7766a550ec597a81db5646
4776Author: djm@openbsd.org <djm@openbsd.org>
4777Date: Fri Nov 20 01:45:29 2015 +0000
4778
4779 upstream commit
4780
4781 add cast to make -Werror clean
4782
4783 Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d
4784
4785commit ac9473580dcd401f8281305af98635cdaae9bf96
4786Author: Damien Miller <djm@mindrot.org>
4787Date: Fri Nov 20 12:35:41 2015 +1100
4788
4789 fix multiple authentication using S/Key w/ privsep
4790
4791 bz#2502, patch from Kevin Korb and feandil_
4792
4793commit 88b6fcdeb87a2fb76767854d9eb15006662dca57
4794Author: djm@openbsd.org <djm@openbsd.org>
4795Date: Thu Nov 19 08:23:27 2015 +0000
4796
4797 upstream commit
4798
4799 ban ConnectionAttempts=0, it makes no sense and would cause
4800 ssh_connect_direct() to print an uninitialised stack variable; bz#2500
4801 reported by dvw AT phas.ubc.ca
4802
4803 Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
4804
4805commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7
4806Author: djm@openbsd.org <djm@openbsd.org>
4807Date: Thu Nov 19 01:12:32 2015 +0000
4808
4809 upstream commit
4810
4811 trailing whitespace
4812
4813 Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
4814
4815commit f96516d052dbe38561f6b92b0e4365d8e24bb686
4816Author: djm@openbsd.org <djm@openbsd.org>
4817Date: Thu Nov 19 01:09:38 2015 +0000
4818
4819 upstream commit
4820
4821 print host certificate contents at debug level
4822
4823 Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d
4824
4825commit 499cf36fecd6040e30e2912dd25655bc574739a7
4826Author: djm@openbsd.org <djm@openbsd.org>
4827Date: Thu Nov 19 01:08:55 2015 +0000
4828
4829 upstream commit
4830
4831 move the certificate validity formatting code to
4832 sshkey.[ch]
4833
4834 Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
4835
4836commit bcb7bc77bbb1535d1008c7714085556f3065d99d
4837Author: djm@openbsd.org <djm@openbsd.org>
4838Date: Wed Nov 18 08:37:28 2015 +0000
4839
4840 upstream commit
4841
4842 fix "ssh-keygen -l" of private key, broken in support for
4843 multiple plain keys on stdin
4844
4845 Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
4846
4847commit 259adb6179e23195c8f6913635ea71040d1ccd63
4848Author: millert@openbsd.org <millert@openbsd.org>
4849Date: Mon Nov 16 23:47:52 2015 +0000
4850
4851 upstream commit
4852
4853 Replace remaining calls to index(3) with strchr(3). OK
4854 jca@ krw@
4855
4856 Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
4857
4858commit c56a255162c2166884539c0a1f7511575325b477
4859Author: djm@openbsd.org <djm@openbsd.org>
4860Date: Mon Nov 16 22:53:07 2015 +0000
4861
4862 upstream commit
4863
4864 Allow fingerprinting from standard input "ssh-keygen -lf
4865 -"
4866
4867 Support fingerprinting multiple plain keys in a file and authorized_keys
4868 files too (bz#1319)
4869
4870 ok markus@
4871
4872 Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
4873
4874commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204
4875Author: djm@openbsd.org <djm@openbsd.org>
4876Date: Mon Nov 16 22:51:05 2015 +0000
4877
4878 upstream commit
4879
4880 always call privsep_preauth_child() regardless of whether
4881 sshd was started by root; it does important priming before sandboxing and
4882 failing to call it could result in sandbox violations later; ok markus@
4883
4884 Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
4885
4886commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f
4887Author: djm@openbsd.org <djm@openbsd.org>
4888Date: Mon Nov 16 22:50:01 2015 +0000
4889
4890 upstream commit
4891
4892 improve sshkey_read() semantics; only update *cpp when a
4893 key is successfully read; ok markus@
4894
4895 Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
4896
4897commit db6f8dc5dd5655b59368efd074994d4568bc3556
4898Author: logan@openbsd.org <logan@openbsd.org>
4899Date: Mon Nov 16 06:13:04 2015 +0000
4900
4901 upstream commit
4902
4903 1) Use xcalloc() instead of xmalloc() to check for
4904 potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size
4905 just before the for loop. (suggested by djm@)
4906
4907 OK djm@
4908
4909 Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
4910
4911commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0
4912Author: djm@openbsd.org <djm@openbsd.org>
4913Date: Mon Nov 16 00:30:02 2015 +0000
4914
4915 upstream commit
4916
4917 Add a new authorized_keys option "restrict" that
4918 includes all current and future key restrictions (no-*-forwarding, etc). Also
4919 add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
4920 This simplifies the task of setting up restricted keys and ensures they are
4921 maximally-restricted, regardless of any permissions we might implement in the
4922 future.
4923
4924 Example:
4925
4926 restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
4927
4928 Idea from Jann Horn; ok markus@
4929
4930 Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
4931
4932commit e41a071f7bda6af1fb3f081bed0151235fa61f15
4933Author: jmc@openbsd.org <jmc@openbsd.org>
4934Date: Sun Nov 15 23:58:04 2015 +0000
4935
4936 upstream commit
4937
4938 correct section number for ssh-agent;
4939
4940 Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6
4941
4942commit 1a11670286acddcc19f5eff0966c380831fc4638
4943Author: jmc@openbsd.org <jmc@openbsd.org>
4944Date: Sun Nov 15 23:54:15 2015 +0000
4945
4946 upstream commit
4947
4948 do not confuse mandoc by presenting "Dd";
4949
4950 Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
4951
4952commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b
4953Author: jcs@openbsd.org <jcs@openbsd.org>
4954Date: Sun Nov 15 22:26:49 2015 +0000
4955
4956 upstream commit
4957
4958 Add an AddKeysToAgent client option which can be set to
4959 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
4960 private key that is used during authentication will be added to ssh-agent if
4961 it is running (with confirmation enabled if set to 'confirm').
4962
4963 Initial version from Joachim Schipper many years ago.
4964
4965 ok markus@
4966
4967 Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
4968
4969commit d87063d9baf5479b6e813d47dfb694a97df6f6f5
4970Author: djm@openbsd.org <djm@openbsd.org>
4971Date: Fri Nov 13 04:39:35 2015 +0000
4972
4973 upstream commit
4974
4975 send SSH2_MSG_UNIMPLEMENTED replies to unexpected
4976 messages during KEX; bz#2949, ok dtucker@
4977
4978 Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786
4979
4980commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc
4981Author: djm@openbsd.org <djm@openbsd.org>
4982Date: Fri Nov 13 04:38:06 2015 +0000
4983
4984 upstream commit
4985
4986 Support "none" as an argument for sshd_config
4987 ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
4988 global default. bz#2486 ok dtucker@
4989
4990 Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
4991
4992commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe
4993Author: djm@openbsd.org <djm@openbsd.org>
4994Date: Fri Nov 13 04:34:15 2015 +0000
4995
4996 upstream commit
4997
4998 support multiple certificates (one per line) and
4999 reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
5000
5001 Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
5002
5003commit b6b9108f5b561c83612cb97ece4134eb59fde071
5004Author: djm@openbsd.org <djm@openbsd.org>
5005Date: Fri Nov 13 02:57:46 2015 +0000
5006
5007 upstream commit
5008
5009 list a couple more options usable in Match blocks;
5010 bz#2489
5011
5012 Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
5013
5014commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb
5015Author: djm@openbsd.org <djm@openbsd.org>
5016Date: Wed Nov 11 04:56:39 2015 +0000
5017
5018 upstream commit
5019
5020 improve PEEK/POKE macros: better casts, don't multiply
5021 evaluate arguments; ok deraadt@
5022
5023 Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
5024
5025commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec
5026Author: djm@openbsd.org <djm@openbsd.org>
5027Date: Wed Nov 11 01:48:01 2015 +0000
5028
5029 upstream commit
5030
5031 remove prototypes for long-gone s/key support; ok
5032 dtucker@
5033
5034 Upstream-ID: db5bed3c57118af986490ab23d399df807359a79
5035
5036commit 07889c75926c040b8e095949c724e66af26441cb
5037Author: Damien Miller <djm@mindrot.org>
5038Date: Sat Nov 14 18:44:49 2015 +1100
5039
5040 read back from libcrypto RAND when privdropping
5041
5042 makes certain libcrypto implementations cache a /dev/urandom fd
5043 in preparation of sandboxing. Based on patch by Greg Hartman.
5044
5045commit 1560596f44c01bb0cef977816410950ed17b8ecd
5046Author: Darren Tucker <dtucker@zip.com.au>
5047Date: Tue Nov 10 11:14:47 2015 +1100
5048
5049 Fix compiler warnings in the openssl header check.
5050
5051 Noted by Austin English.
5052
5053commit e72a8575ffe1d8adff42c9abe9ca36938acc036b
5054Author: jmc@openbsd.org <jmc@openbsd.org>
5055Date: Sun Nov 8 23:24:03 2015 +0000
5056
5057 upstream commit
5058
5059 -c before -H, in SYNOPSIS and usage();
5060
5061 Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
5062
5063commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485
5064Author: djm@openbsd.org <djm@openbsd.org>
5065Date: Sun Nov 8 22:30:20 2015 +0000
5066
5067 upstream commit
5068
5069 Add "ssh-keyscan -c ..." flag to allow fetching
5070 certificates instead of plain keys; ok markus@
5071
5072 Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
5073
5074commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346
5075Author: jmc@openbsd.org <jmc@openbsd.org>
5076Date: Sun Nov 8 22:08:38 2015 +0000
5077
5078 upstream commit
5079
5080 remove slogin links; ok deraadt markus djm
5081
5082 Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
5083
5084commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0
5085Author: djm@openbsd.org <djm@openbsd.org>
5086Date: Sun Nov 8 21:59:11 2015 +0000
5087
5088 upstream commit
5089
5090 fix OOB read in packet code caused by missing return
5091 statement found by Ben Hawkes; ok markus@ deraadt@
5092
5093 Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
5094
5095commit 5e288923a303ca672b686908320bc5368ebec6e6
5096Author: mmcc@openbsd.org <mmcc@openbsd.org>
5097Date: Fri Nov 6 00:31:41 2015 +0000
5098
5099 upstream commit
5100
5101 1. rlogin and rsh are long gone 2. protocol version isn't
5102 of core relevance here, and v1 is going away
5103
5104 ok markus@, deraadt@
5105
5106 Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8
5107
5108commit 8b29008bbe97f33381d9b4b93fcfa304168d0286
5109Author: jmc@openbsd.org <jmc@openbsd.org>
5110Date: Thu Nov 5 09:48:05 2015 +0000
5111
5112 upstream commit
5113
5114 "commandline" -> "command line", since there are so few
5115 examples of the former in the pages, so many of the latter, and in some of
5116 these pages we had multiple spellings;
5117
5118 prompted by tj
5119
5120 Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
5121
5122commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e
5123Author: Darren Tucker <dtucker@zip.com.au>
5124Date: Thu Oct 29 20:57:34 2015 +1100
5125
5126 (re)wrap SYS_sendsyslog in ifdef.
5127
5128 Replace ifdef that went missing in commit
5129 c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older
5130 OpenBSDs.
5131
5132commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff
5133Author: djm@openbsd.org <djm@openbsd.org>
5134Date: Thu Oct 29 08:05:17 2015 +0000
5135
5136 upstream commit
5137
5138 regress test for "PubkeyAcceptedKeyTypes +..." inside a
5139 Match block
5140
5141 Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
5142
5143commit abd9dbc3c0d8c8c7561347cfa22166156e78c077
5144Author: dtucker@openbsd.org <dtucker@openbsd.org>
5145Date: Mon Oct 26 02:50:58 2015 +0000
5146
5147 upstream commit
5148
5149 Fix typo certopt->certopts in shell variable. This would
5150 cause the test to hang at a host key prompt if you have an A or CNAME for
5151 "proxy" in your local domain.
5152
5153 Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
5154
5155commit ed08510d38aef930a061ae30d10f2a9cf233bafa
5156Author: djm@openbsd.org <djm@openbsd.org>
5157Date: Thu Oct 29 08:05:01 2015 +0000
5158
5159 upstream commit
5160
5161 Fix "PubkeyAcceptedKeyTypes +..." inside a Match block;
5162 ok dtucker@
5163
5164 Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
5165
5166commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5
5167Author: djm@openbsd.org <djm@openbsd.org>
5168Date: Tue Oct 27 08:54:52 2015 +0000
5169
5170 upstream commit
5171
5172 fix execv arguments in a way less likely to cause grief
5173 for -portable; ok dtucker@
5174
5175 Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
5176
5177commit 63d188175accea83305e89fafa011136ff3d96ad
5178Author: djm@openbsd.org <djm@openbsd.org>
5179Date: Tue Oct 27 01:44:45 2015 +0000
5180
5181 upstream commit
5182
5183 log certificate serial in verbose() messages to match the
5184 main auth success/fail message; ok dtucker@
5185
5186 Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
5187
5188commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f
5189Author: djm@openbsd.org <djm@openbsd.org>
5190Date: Tue Oct 27 00:49:53 2015 +0000
5191
5192 upstream commit
5193
5194 avoid de-const warning & shrink; ok dtucker@
5195
5196 Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
5197
5198commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e
5199Author: dtucker@openbsd.org <dtucker@openbsd.org>
5200Date: Sun Oct 25 23:42:00 2015 +0000
5201
5202 upstream commit
5203
5204 Expand tildes in filenames passed to -i before checking
5205 whether or not the identity file exists. This means that if the shell
5206 doesn't do the expansion (eg because the option and filename were given as a
5207 single argument) then we'll still add the key. bz#2481, ok markus@
5208
5209 Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
5210
5211commit 97e184e508dd33c37860c732c0eca3fc57698b40
5212Author: dtucker@openbsd.org <dtucker@openbsd.org>
5213Date: Sun Oct 25 23:14:03 2015 +0000
5214
5215 upstream commit
5216
5217 Do not prepend "exec" to the shell command run by "Match
5218 exec" in a config file. It's an unnecessary optimization from repurposed
5219 ProxyCommand code and prevents some things working with some shells.
5220 bz#2471, pointed out by res at qoxp.net. ok markus@
5221
5222 Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
5223
5224commit 8db134e7f457bcb069ec72bc4ee722e2af557c69
5225Author: Darren Tucker <dtucker@zip.com.au>
5226Date: Thu Oct 29 10:48:23 2015 +1100
5227
5228 Prevent name collisions with system glob (bz#2463)
5229
5230 Move glob.h from includes.h to the only caller (sftp) and override the
5231 names for the symbols. This prevents name collisions with the system glob
5232 in the case where something other than ssh uses it (eg kerberos). With
5233 jjelen at redhat.com, ok djm@
5234
5235commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5
5236Author: dtucker@openbsd.org <dtucker@openbsd.org>
5237Date: Fri Oct 23 02:22:01 2015 +0000
5238
5239 upstream commit
5240
5241 Update expected group sizes to match recent code changes.
5242
5243 Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794
5244
5245commit 9ada37d36003a77902e90a3214981e417457cf13
5246Author: djm@openbsd.org <djm@openbsd.org>
5247Date: Sat Oct 24 22:56:19 2015 +0000
5248
5249 upstream commit
5250
5251 fix keyscan output for multiple hosts/addrs on one line
5252 when host hashing or a non standard port is in use; bz#2479 ok dtucker@
5253
5254 Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
5255
5256commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319
5257Author: djm@openbsd.org <djm@openbsd.org>
5258Date: Sat Oct 24 22:52:22 2015 +0000
5259
5260 upstream commit
5261
5262 skip "Could not chdir to home directory" message when
5263 chrooted
5264
5265 patch from Christian Hesse in bz#2485 ok dtucker@
5266
5267 Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
5268
5269commit a820a8618ec44735dabc688fab96fba38ad66bb2
5270Author: sthen@openbsd.org <sthen@openbsd.org>
5271Date: Sat Oct 24 08:34:09 2015 +0000
5272
5273 upstream commit
5274
5275 Handle the split of tun(4) "link0" into tap(4) in ssh
5276 tun-forwarding. Adapted from portable (using separate devices for this is the
5277 normal case in most OS). ok djm@
5278
5279 Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39
5280
5281commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b
5282Author: gsoares@openbsd.org <gsoares@openbsd.org>
5283Date: Wed Oct 21 11:33:03 2015 +0000
5284
5285 upstream commit
5286
5287 fix memory leak in error path ok djm@
5288
5289 Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35
5290
5291commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5
5292Author: mmcc@openbsd.org <mmcc@openbsd.org>
5293Date: Tue Oct 20 23:24:25 2015 +0000
5294
5295 upstream commit
5296
5297 Compare pointers to NULL rather than 0.
5298
5299 ok djm@
5300
5301 Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8
5302
5303commit f98a09cacff7baad8748c9aa217afd155a4d493f
5304Author: mmcc@openbsd.org <mmcc@openbsd.org>
5305Date: Tue Oct 20 03:36:35 2015 +0000
5306
5307 upstream commit
5308
5309 Replace a function-local allocation with stack memory.
5310
5311 ok djm@
5312
5313 Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
5314
5315commit ac908c1eeacccfa85659594d92428659320fd57e
5316Author: Damien Miller <djm@mindrot.org>
5317Date: Thu Oct 22 09:35:24 2015 +1100
5318
5319 turn off PrintLastLog when --disable-lastlog
5320
5321 bz#2278 from Brent Paulson
5322
5323commit b56deb847f4a0115a8bf488bf6ee8524658162fd
5324Author: djm@openbsd.org <djm@openbsd.org>
5325Date: Fri Oct 16 22:32:22 2015 +0000
5326
5327 upstream commit
5328
5329 increase the minimum modulus that we will send or accept in
5330 diffie-hellman-group-exchange to 2048 bits; ok markus@
5331
5332 Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
5333
5334commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9
5335Author: djm@openbsd.org <djm@openbsd.org>
5336Date: Fri Oct 16 18:40:49 2015 +0000
5337
5338 upstream commit
5339
5340 better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
5341 hostname canonicalisation - treat them as already canonical and remove the
5342 trailing '.' before matching ssh_config; ok markus@
5343
5344 Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a
5345
5346commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7
5347Author: mmcc@openbsd.org <mmcc@openbsd.org>
5348Date: Fri Oct 16 17:07:24 2015 +0000
5349
5350 upstream commit
5351
5352 0 -> NULL when comparing with a char*.
5353
5354 ok dtucker@, djm@.
5355
5356 Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
5357
5358commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2
5359Author: djm@openbsd.org <djm@openbsd.org>
5360Date: Thu Oct 15 23:51:40 2015 +0000
5361
5362 upstream commit
5363
5364 fix some signed/unsigned integer type mismatches in
5365 format strings; reported by Nicholas Lemonias
5366
5367 Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
5368
5369commit 1a2663a15d356bb188196b6414b4c50dc12fd42b
5370Author: djm@openbsd.org <djm@openbsd.org>
5371Date: Thu Oct 15 23:08:23 2015 +0000
5372
5373 upstream commit
5374
5375 argument to sshkey_from_private() and sshkey_demote()
5376 can't be NULL
5377
5378 Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
5379
5380commit 0f754e29dd3760fc0b172c1220f18b753fb0957e
5381Author: Damien Miller <djm@mindrot.org>
5382Date: Fri Oct 16 10:53:14 2015 +1100
5383
5384 need va_copy before va_start
5385
5386 reported by Nicholas Lemonias
5387
5388commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd
5389Author: Damien Miller <djm@mindrot.org>
5390Date: Thu Oct 15 15:48:28 2015 -0700
5391
5392 fix compilation on systems without SYMLOOP_MAX
5393
5394commit fafe1d84a210fb3dae7744f268059cc583db8c12
5395Author: Damien Miller <djm@mindrot.org>
5396Date: Wed Oct 14 09:22:15 2015 -0700
5397
5398 s/SANDBOX_TAME/SANDBOX_PLEDGE/g
5399
5400commit 8f22911027ff6c17d7226d232ccd20727f389310
5401Author: Damien Miller <djm@mindrot.org>
5402Date: Wed Oct 14 08:28:19 2015 +1100
5403
5404 upstream commit
5405
5406 revision 1.20
5407 date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
5408 In rev 1.15 the sizeof argument was fixed in a strlcat() call but
5409 the truncation check immediately following it was not updated to
5410 match. Not an issue in practice since the buffers are the same
5411 size. OK deraadt@
5412
5413commit 23fa695bb735f54f04d46123662609edb6c76767
5414Author: Damien Miller <djm@mindrot.org>
5415Date: Wed Oct 14 08:27:51 2015 +1100
5416
5417 upstream commit
5418
5419 revision 1.19
5420 date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
5421 Move to the <limits.h> universe.
5422 review by millert, binary checking process with doug, concept with guenther
5423
5424commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b
5425Author: Damien Miller <djm@mindrot.org>
5426Date: Wed Oct 14 08:27:08 2015 +1100
5427
5428 upstream commit
5429
5430 revision 1.18
5431 date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
5432 Revert last commit due to changed semantics found by make release.
5433
5434commit c39ad23b06e9aecc3ff788e92f787a08472905b1
5435Author: Damien Miller <djm@mindrot.org>
5436Date: Wed Oct 14 08:26:24 2015 +1100
5437
5438 upstream commit
5439
5440 revision 1.17
5441 date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
5442 Better POSIX compliance in realpath(3).
5443
5444 millert@ made changes to realpath.c based on FreeBSD's version. I merged
5445 Todd's changes into dl_realpath.c.
5446
5447 ok millert@, guenther@
5448
5449commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4
5450Author: Damien Miller <djm@mindrot.org>
5451Date: Wed Oct 14 08:25:55 2015 +1100
5452
5453 upstream commit
5454
5455 revision 1.16
5456 date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1;
5457 - Add comments regarding copies of these files also in libexec/ld.so
5458 okay guenther@
5459
5460commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410
5461Author: Damien Miller <djm@mindrot.org>
5462Date: Wed Oct 14 08:25:32 2015 +1100
5463
5464 upstream commit
5465
5466 revision 1.15
5467 date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2;
5468 specify the bounds of the dst to strlcat (both values were static and
5469 equal, but it is more correct)
5470 from Michal Mazurek
5471
5472commit 7365fe5b4859de2305e40ea132da3823830fa710
5473Author: Damien Miller <djm@mindrot.org>
5474Date: Wed Oct 14 08:25:09 2015 +1100
5475
5476 upstream commit
5477
5478 revision 1.14
5479 date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
5480 Recent Single Unix will malloc memory if the second argument of realpath()
5481 is NULL, and third-party software is starting to rely upon this.
5482 Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
5483 tweaks from nicm@ and yours truly.
5484
5485commit e679c09cd1951f963793aa3d9748d1c3fdcf808f
5486Author: djm@openbsd.org <djm@openbsd.org>
5487Date: Tue Oct 13 16:15:21 2015 +0000
5488
5489 upstream commit
5490
5491 apply PubkeyAcceptedKeyTypes filtering earlier, so all
5492 skipped keys are noted before pubkey authentication starts. ok dtucker@
5493
5494 Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
5495
5496commit 179c353f564ec7ada64b87730b25fb41107babd7
5497Author: djm@openbsd.org <djm@openbsd.org>
5498Date: Tue Oct 13 00:21:27 2015 +0000
5499
5500 upstream commit
5501
5502 free the correct IV length, don't assume it's always the
5503 cipher blocksize; ok dtucker@
5504
5505 Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298
5506
5507commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3
5508Author: deraadt@openbsd.org <deraadt@openbsd.org>
5509Date: Fri Oct 9 01:37:08 2015 +0000
5510
5511 upstream commit
5512
5513 Change all tame callers to namechange to pledge(2).
5514
5515 Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
5516
5517commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73
5518Author: Damien Miller <djm@mindrot.org>
5519Date: Thu Oct 8 04:30:48 2015 +1100
5520
5521 hook tame(2) sandbox up to build
5522
5523 OpenBSD only for now
5524
5525commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6
5526Author: djm@openbsd.org <djm@openbsd.org>
5527Date: Wed Oct 7 15:59:12 2015 +0000
5528
5529 upstream commit
5530
5531 include PubkeyAcceptedKeyTypes in ssh -G config dump
5532
5533 Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
5534
5535commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e
5536Author: sobrado@openbsd.org <sobrado@openbsd.org>
5537Date: Wed Oct 7 14:45:30 2015 +0000
5538
5539 upstream commit
5540
5541 UsePrivilegeSeparation defaults to sandbox now.
5542
5543 ok djm@
5544
5545 Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
5546
5547commit 2905d6f99c837bb699b6ebc61711b19acd030709
5548Author: djm@openbsd.org <djm@openbsd.org>
5549Date: Wed Oct 7 00:54:06 2015 +0000
5550
5551 upstream commit
5552
5553 don't try to change tun device flags if they are already
5554 what we need; makes it possible to use tun/tap networking as non- root user
5555 if device permissions and interface flags are pre-established; based on patch
5556 by Ossi Herrala
5557
5558 Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
5559
5560commit 0dc74512bdb105b048883f07de538b37e5e024d4
5561Author: Damien Miller <djm@mindrot.org>
5562Date: Mon Oct 5 18:33:05 2015 -0700
5563
5564 unbreak merge botch
5565
5566commit fdd020e86439afa7f537e2429d29d4b744c94331
5567Author: djm@openbsd.org <djm@openbsd.org>
5568Date: Tue Oct 6 01:20:59 2015 +0000
5569
5570 upstream commit
5571
5572 adapt to recent sshkey_parse_private_fileblob() API
5573 change
5574
5575 Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
5576
5577commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5
5578Author: djm@openbsd.org <djm@openbsd.org>
5579Date: Thu Sep 24 07:15:39 2015 +0000
5580
5581 upstream commit
5582
5583 fix command-line option to match what was actually
5584 committed
5585
5586 Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
5587
5588commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd
5589Author: djm@openbsd.org <djm@openbsd.org>
5590Date: Thu Sep 24 06:16:53 2015 +0000
5591
5592 upstream commit
5593
5594 regress test for CertificateFile; patch from Meghana Bhat
5595 via bz#2436
5596
5597 Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
5598
5599commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad
5600Author: djm@openbsd.org <djm@openbsd.org>
5601Date: Mon Oct 5 17:11:21 2015 +0000
5602
5603 upstream commit
5604
5605 some more bzero->explicit_bzero, from Michael McConville
5606
5607 Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
5608
5609commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011
5610Author: deraadt@openbsd.org <deraadt@openbsd.org>
5611Date: Fri Oct 2 15:52:55 2015 +0000
5612
5613 upstream commit
5614
5615 fix email
5616
5617 Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
5618
5619commit b19e1b4ab11884c4f62aee9f8ab53127a4732658
5620Author: deraadt@openbsd.org <deraadt@openbsd.org>
5621Date: Fri Oct 2 01:39:52 2015 +0000
5622
5623 upstream commit
5624
5625 a sandbox using tame ok djm
5626
5627 Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
5628
5629commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac
5630Author: deraadt@openbsd.org <deraadt@openbsd.org>
5631Date: Fri Oct 2 01:39:26 2015 +0000
5632
5633 upstream commit
5634
5635 re-order system calls in order of risk, ok i'll be
5636 honest, ordered this way they look like tame... ok djm
5637
5638 Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
5639
5640commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546
5641Author: jmc@openbsd.org <jmc@openbsd.org>
5642Date: Fri Sep 25 18:19:54 2015 +0000
5643
5644 upstream commit
5645
5646 some certificatefile tweaks; ok djm
5647
5648 Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
5649
5650commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8
5651Author: djm@openbsd.org <djm@openbsd.org>
5652Date: Thu Sep 24 06:15:11 2015 +0000
5653
5654 upstream commit
5655
5656 add ssh_config CertificateFile option to explicitly list
5657 a certificate; patch from Meghana Bhat on bz#2436; ok markus@
5658
5659 Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
5660
5661commit e3cbb06ade83c72b640a53728d362bbefa0008e2
5662Author: sobrado@openbsd.org <sobrado@openbsd.org>
5663Date: Tue Sep 22 08:33:23 2015 +0000
5664
5665 upstream commit
5666
5667 fix two typos.
5668
5669 Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709
5670
5671commit 8408218c1ca88cb17d15278174a24a94a6f65fe1
5672Author: djm@openbsd.org <djm@openbsd.org>
5673Date: Mon Sep 21 04:31:00 2015 +0000
5674
5675 upstream commit
5676
5677 fix possible hang on closed output; bz#2469 reported by Tomas
5678 Kuthan ok markus@
5679
5680 Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3
5681
5682commit 0097248f90a00865082e8c146b905a6555cc146f
5683Author: djm@openbsd.org <djm@openbsd.org>
5684Date: Fri Sep 11 04:55:01 2015 +0000
5685
5686 upstream commit
5687
5688 skip if running as root; many systems (inc OpenBSD) allow
5689 root to ptrace arbitrary processes
5690
5691 Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
5692
5693commit 9c06c814aff925e11a5cc592c06929c258a014f6
5694Author: djm@openbsd.org <djm@openbsd.org>
5695Date: Fri Sep 11 03:44:21 2015 +0000
5696
5697 upstream commit
5698
5699 try all supported key types here; bz#2455 reported by
5700 Jakub Jelen
5701
5702 Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba
5703
5704commit 3c019a936b43f3e2773f3edbde7c114d73caaa4c
5705Author: tim@openbsd.org <tim@openbsd.org>
5706Date: Sun Sep 13 14:39:16 2015 +0000
5707
5708 upstream commit
5709
5710 - Fix error message: passphrase needs to be at least 5
5711 characters, not 4. - Remove unused function argument. - Remove two
5712 unnecessary variables.
5713
5714 OK djm@
5715
5716 Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
5717
5718commit 2681cdb6e0de7c1af549dac37a9531af202b4434
5719Author: tim@openbsd.org <tim@openbsd.org>
5720Date: Sun Sep 13 13:48:19 2015 +0000
5721
5722 upstream commit
5723
5724 When adding keys to the agent, don't ignore the comment
5725 of keys for which the user is prompted for a passphrase.
5726
5727 Tweak and OK djm@
5728
5729 Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
5730
5731commit 14692f7b8251cdda847e648a82735eef8a4d2a33
5732Author: guenther@openbsd.org <guenther@openbsd.org>
5733Date: Fri Sep 11 08:50:04 2015 +0000
5734
5735 upstream commit
5736
5737 Use explicit_bzero() when zeroing before free()
5738
5739 from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
5740 ok millert@ djm@
5741
5742 Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
5743
5744commit 846f6fa4cfa8483a9195971dbdd162220f199d85
5745Author: jmc@openbsd.org <jmc@openbsd.org>
5746Date: Fri Sep 11 06:55:46 2015 +0000
5747
5748 upstream commit
5749
5750 sync -Q in usage() to SYNOPSIS; since it's drastically
5751 shorter, i've reformatted the block to sync with the man (80 cols) and saved
5752 a line;
5753
5754 Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
5755
5756commit 95923e0520a8647417ee6dcdff44694703dfeef0
5757Author: jmc@openbsd.org <jmc@openbsd.org>
5758Date: Fri Sep 11 06:51:39 2015 +0000
5759
5760 upstream commit
5761
5762 tweak previous;
5763
5764 Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6
5765
5766commit 86ac462f833b05d8ed9de9c50ccb295d7faa79ff
5767Author: dtucker@openbsd.org <dtucker@openbsd.org>
5768Date: Fri Sep 11 05:27:02 2015 +0000
5769
5770 upstream commit
5771
5772 Update usage to match man page.
5773
5774 Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
5775
5776commit 674b3b68c1d36b2562324927cd03857b565e05e8
5777Author: djm@openbsd.org <djm@openbsd.org>
5778Date: Fri Sep 11 03:47:28 2015 +0000
5779
5780 upstream commit
5781
5782 expand %i in ControlPath to UID; bz#2449
5783
5784 patch from Christian Hesse w/ feedback from dtucker@
5785
5786 Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
5787
5788commit c0f55db7ee00c8202b05cb4b9ad4ce72cc45df41
5789Author: djm@openbsd.org <djm@openbsd.org>
5790Date: Fri Sep 11 03:42:32 2015 +0000
5791
5792 upstream commit
5793
5794 mention -Q key-plain and -Q key-cert; bz#2455 pointed out
5795 by Jakub Jelen
5796
5797 Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
5798
5799commit cfffbdb10fdf0f02d3f4232232eef7ec3876c383
5800Author: Darren Tucker <dtucker@zip.com.au>
5801Date: Mon Sep 14 16:24:21 2015 +1000
5802
5803 Use ssh-keygen -A when generating host keys.
5804
5805 Use ssh-keygen -A instead of per-keytype invocations when generating host
5806 keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
5807 since it can't specify alternate locations. bz#2459, ok djm@
5808
5809commit 366bada1e9e124654aac55b72b6ccf878755b0dc
5810Author: Darren Tucker <dtucker@zip.com.au>
5811Date: Fri Sep 11 13:29:22 2015 +1000
5812
5813 Correct default value for --with-ssh1.
5814
5815 bz#2457, from konto-mindrot.org at walimnieto.com.
5816
5817commit 2bca8a43e7dd9b04d7070824ffebb823c72587b2
5818Author: djm@openbsd.org <djm@openbsd.org>
5819Date: Fri Sep 11 03:13:36 2015 +0000
5820
5821 upstream commit
5822
5823 more clarity on what AuthorizedKeysFile=none does; based
5824 on diff by Thiebaud Weksteen
5825
5826 Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
5827
5828commit 61942ea4a01e6db4fdf37ad61de81312ffe310e9
5829Author: djm@openbsd.org <djm@openbsd.org>
5830Date: Wed Sep 9 00:52:44 2015 +0000
5831
5832 upstream commit
5833
5834 openssh_RSA_verify return type is int, so don't make it
5835 size_t within the function itself with only negative numbers or zero assigned
5836 to it. bz#2460
5837
5838 Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
5839
5840commit 4f7cc2f8cc861a21e6dbd7f6c25652afb38b9b96
5841Author: dtucker@openbsd.org <dtucker@openbsd.org>
5842Date: Fri Sep 4 08:21:47 2015 +0000
5843
5844 upstream commit
5845
5846 Plug minor memory leaks when options are used more than
5847 once. bz#2182, patch from Tiago Cunha, ok deraadt djm
5848
5849 Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
5850
5851commit 7ad8b287c8453a3e61dbc0d34d467632b8b06fc8
5852Author: Darren Tucker <dtucker@zip.com.au>
5853Date: Fri Sep 11 13:11:02 2015 +1000
5854
5855 Force resolution of _res for correct detection.
5856
5857 bz#2259, from sconeu at yahoo.com.
5858
5859commit 26ad18247213ff72b4438abe7fc660c958810fa2
5860Author: Damien Miller <djm@mindrot.org>
5861Date: Thu Sep 10 10:57:41 2015 +1000
5862
5863 allow getrandom syscall; from Felix von Leitner
5864
5865commit 5245bc1e6b129a10a928f73f11c3aa32656c44b4
5866Author: jmc@openbsd.org <jmc@openbsd.org>
5867Date: Fri Sep 4 06:40:45 2015 +0000
5868
5869 upstream commit
5870
5871 full stop belongs outside the brackets, not inside;
5872
5873 Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a
5874
5875commit a85768a9321d74b41219eeb3c9be9f1702cbf6a5
5876Author: djm@openbsd.org <djm@openbsd.org>
5877Date: Fri Sep 4 04:56:09 2015 +0000
5878
5879 upstream commit
5880
5881 add a debug2() right before DNS resolution; it's a place
5882 where ssh could previously silently hang for a while. bz#2433
5883
5884 Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
5885
5886commit 46152af8d27aa34d5d26ed1c371dc8aa142d4730
5887Author: djm@openbsd.org <djm@openbsd.org>
5888Date: Fri Sep 4 04:55:24 2015 +0000
5889
5890 upstream commit
5891
5892 correct function name in error messages
5893
5894 Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
5895
5896commit a954cdb799a4d83c2d40fbf3e7b9f187fbfd72fc
5897Author: djm@openbsd.org <djm@openbsd.org>
5898Date: Fri Sep 4 04:47:50 2015 +0000
5899
5900 upstream commit
5901
5902 better document ExitOnForwardFailure; bz#2444, ok
5903 dtucker@
5904
5905 Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2
5906
5907commit f54d8ac2474b6fc3afa081cf759b48a6c89d3319
5908Author: djm@openbsd.org <djm@openbsd.org>
5909Date: Fri Sep 4 04:44:08 2015 +0000
5910
5911 upstream commit
5912
5913 don't record hostbased authentication hostkeys as user
5914 keys in test for multiple authentication with the same key
5915
5916 Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
5917
5918commit ac3451dd65f27ecf85dc045c46d49e2bbcb8dddd
5919Author: djm@openbsd.org <djm@openbsd.org>
5920Date: Fri Sep 4 03:57:38 2015 +0000
5921
5922 upstream commit
5923
5924 remove extra newline in nethack-mode hostkey; from
5925 Christian Hesse bz#2686
5926
5927 Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
5928
5929commit 9e3ed9ebb1a7e47c155c28399ddf09b306ea05df
5930Author: djm@openbsd.org <djm@openbsd.org>
5931Date: Fri Sep 4 04:23:10 2015 +0000
5932
5933 upstream commit
5934
5935 trim junk from end of file; bz#2455 from Jakub Jelen
5936
5937 Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6
5938
5939commit f3a3ea180afff080bab82087ee0b60db9fd84f6c
5940Author: jsg@openbsd.org <jsg@openbsd.org>
5941Date: Wed Sep 2 07:51:12 2015 +0000
5942
5943 upstream commit
5944
5945 Fix occurrences of "r = func() != 0" which result in the
5946 wrong error codes being returned due to != having higher precedence than =.
5947
5948 ok deraadt@ markus@
5949
5950 Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
5951
5952commit f498a98cf83feeb7ea01c15cd1c98b3111361f3a
5953Author: Damien Miller <djm@mindrot.org>
5954Date: Thu Sep 3 09:11:22 2015 +1000
5955
5956 don't check for yp_match; ok tim@
5957
5958commit 9690b78b7848b0b376980a61d51b1613e187ddb5
5959Author: djm@openbsd.org <djm@openbsd.org>
5960Date: Fri Aug 21 23:57:48 2015 +0000
5961
5962 upstream commit
5963
5964 Improve printing of KEX offers and decisions
5965
5966 The debug output now labels the client and server offers and the
5967 negotiated options. ok markus@
5968
5969 Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
5970
5971commit 60a92470e21340e1a3fc10f9c7140d8e1519dc55
5972Author: djm@openbsd.org <djm@openbsd.org>
5973Date: Fri Aug 21 23:53:08 2015 +0000
5974
5975 upstream commit
5976
5977 Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
5978 Reported by Bryan Drewery
5979
5980 Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
5981
5982commit 6310f60fffca2d1e464168e7d1f7e3b6b0268897
5983Author: djm@openbsd.org <djm@openbsd.org>
5984Date: Fri Aug 21 23:52:30 2015 +0000
5985
5986 upstream commit
5987
5988 Fix expansion of HostkeyAlgorithms=+...
5989
5990 Reported by Bryan Drewery
5991
5992 Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d
5993
5994commit e774e5ea56237fd626a8161f9005023dff3e76c9
5995Author: deraadt@openbsd.org <deraadt@openbsd.org>
5996Date: Fri Aug 21 23:29:31 2015 +0000
5997
5998 upstream commit
5999
6000 Improve size == 0, count == 0 checking in mm_zalloc,
6001 which is "array" like. Discussed with tedu, millert, otto.... and ok djm
6002
6003 Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
6004
6005commit 189de02d9ad6f3645417c0ddf359b923aae5f926
6006Author: Damien Miller <djm@mindrot.org>
6007Date: Fri Aug 21 15:45:02 2015 +1000
6008
6009 expose POLLHUP and POLLNVAL for netcat.c
6010
6011commit e91346dc2bbf460246df2ab591b7613908c1b0ad
6012Author: Damien Miller <djm@mindrot.org>
6013Date: Fri Aug 21 14:49:03 2015 +1000
6014
6015 we don't use Github for issues/pull-requests
6016
6017commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23
6018Author: Damien Miller <djm@mindrot.org>
6019Date: Fri Aug 21 14:43:55 2015 +1000
6020
6021 fix URL for connect.c
6022
6023commit d026a8d3da0f8186598442997c7d0a28e7275414
6024Author: Damien Miller <djm@mindrot.org>
6025Date: Fri Aug 21 13:47:10 2015 +1000
6026
6027 update version numbers for 7.1
6028
6029commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed
6030Author: djm@openbsd.org <djm@openbsd.org>
6031Date: Fri Aug 21 03:45:26 2015 +0000
6032
6033 upstream commit
6034
6035 openssh-7.1
6036
6037 Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
6038
6039commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf
6040Author: djm@openbsd.org <djm@openbsd.org>
6041Date: Fri Aug 21 03:42:19 2015 +0000
6042
6043 upstream commit
6044
6045 fix inverted logic that broke PermitRootLogin; reported
6046 by Mantas Mikulenas; ok markus@
6047
6048 Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
6049
6050commit ce445b0ed927e45bd5bdce8f836eb353998dd65c
6051Author: deraadt@openbsd.org <deraadt@openbsd.org>
6052Date: Thu Aug 20 22:32:42 2015 +0000
6053
6054 upstream commit
6055
6056 Do not cast result of malloc/calloc/realloc* if stdlib.h
6057 is in scope ok krw millert
6058
6059 Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
6060
6061commit 05291e5288704d1a98bacda269eb5a0153599146
6062Author: naddy@openbsd.org <naddy@openbsd.org>
6063Date: Thu Aug 20 19:20:06 2015 +0000
6064
6065 upstream commit
6066
6067 In the certificates section, be consistent about using
6068 "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@
6069
6070 Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
6071
6072commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4
6073Author: djm@openbsd.org <djm@openbsd.org>
6074Date: Wed Aug 19 23:21:42 2015 +0000
6075
6076 upstream commit
6077
6078 Better compat matching for WinSCP, add compat matching
6079 for FuTTY (fork of PuTTY); ok markus@ deraadt@
6080
6081 Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
6082
6083commit ec6eda16ebab771aa3dfc90629b41953b999cb1e
6084Author: djm@openbsd.org <djm@openbsd.org>
6085Date: Wed Aug 19 23:19:01 2015 +0000
6086
6087 upstream commit
6088
6089 fix double-free() in error path of DSA key generation
6090 reported by Mateusz Kocielski; ok markus@
6091
6092 Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
6093
6094commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b
6095Author: djm@openbsd.org <djm@openbsd.org>
6096Date: Wed Aug 19 23:18:26 2015 +0000
6097
6098 upstream commit
6099
6100 fix free() of uninitialised pointer reported by Mateusz
6101 Kocielski; ok markus@
6102
6103 Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
6104
6105commit c837643b93509a3ef538cb6624b678c5fe32ff79
6106Author: djm@openbsd.org <djm@openbsd.org>
6107Date: Wed Aug 19 23:17:51 2015 +0000
6108
6109 upstream commit
6110
6111 fixed unlink([uninitialised memory]) reported by Mateusz
6112 Kocielski; ok markus@
6113
6114 Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
6115
6116commit 1f8d3d629cd553031021068eb9c646a5f1e50994
6117Author: jmc@openbsd.org <jmc@openbsd.org>
6118Date: Fri Aug 14 15:32:41 2015 +0000
6119
6120 upstream commit
6121
6122 match myproposal.h order; from brian conway (i snuck in a
6123 tweak while here)
6124
6125 ok dtucker
6126
6127 Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
6128
6129commit 1dc8d93ce69d6565747eb44446ed117187621b26
6130Author: deraadt@openbsd.org <deraadt@openbsd.org>
6131Date: Thu Aug 6 14:53:21 2015 +0000
6132
6133 upstream commit
6134
6135 add prohibit-password as a synonymn for without-password,
6136 since the without-password is causing too many questions. Harden it to ban
6137 all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
6138 djm, ok markus
6139
6140 Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
6141
6142commit 90a95a4745a531b62b81ce3b025e892bdc434de5
6143Author: Damien Miller <djm@mindrot.org>
6144Date: Tue Aug 11 13:53:41 2015 +1000
6145
6146 update version in README
6147
6148commit 318c37743534b58124f1bab37a8a0087a3a9bd2f
6149Author: Damien Miller <djm@mindrot.org>
6150Date: Tue Aug 11 13:53:09 2015 +1000
6151
6152 update versions in *.spec
6153
6154commit 5e75f5198769056089fb06c4d738ab0e5abc66f7
6155Author: Damien Miller <djm@mindrot.org>
6156Date: Tue Aug 11 13:34:12 2015 +1000
6157
6158 set sshpam_ctxt to NULL after free
6159
6160 Avoids use-after-free in monitor when privsep child is compromised.
6161 Reported by Moritz Jodeit; ok dtucker@
6162
6163commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
6164Author: Damien Miller <djm@mindrot.org>
6165Date: Tue Aug 11 13:33:24 2015 +1000
6166
6167 Don't resend username to PAM; it already has it.
6168
6169 Pointed out by Moritz Jodeit; ok dtucker@
6170
6171commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca
6172Author: Darren Tucker <dtucker@zip.com.au>
6173Date: Mon Jul 27 12:14:25 2015 +1000
6174
6175 Import updated moduli file from OpenBSD.
6176
6177commit 55b263fb7cfeacb81aaf1c2036e0394c881637da
6178Author: Damien Miller <djm@mindrot.org>
6179Date: Mon Aug 10 11:13:44 2015 +1000
6180
6181 let principals-command.sh work for noexec /var/run
6182
6183commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897
6184Author: Damien Miller <djm@mindrot.org>
6185Date: Thu Aug 6 11:43:42 2015 +1000
6186
6187 work around echo -n / sed behaviour in tests
6188
6189commit d85dad81778c1aa8106acd46930b25fdf0d15b2a
6190Author: djm@openbsd.org <djm@openbsd.org>
6191Date: Wed Aug 5 05:27:33 2015 +0000
6192
6193 upstream commit
6194
6195 adjust for RSA minimum modulus switch; ok deraadt@
6196
6197 Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
6198
6199commit 57e8e229bad5fe6056b5f1199665f5f7008192c6
6200Author: djm@openbsd.org <djm@openbsd.org>
6201Date: Tue Aug 4 05:23:06 2015 +0000
6202
6203 upstream commit
6204
6205 backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this
6206 release; problems spotted by sthen@ ok deraadt@ markus@
6207
6208 Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
6209
6210commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a
6211Author: djm@openbsd.org <djm@openbsd.org>
6212Date: Sun Aug 2 09:56:42 2015 +0000
6213
6214 upstream commit
6215
6216 openssh 7.0; ok deraadt@
6217
6218 Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
6219
6220commit 3d5728a0f6874ce4efb16913a12963595070f3a9
6221Author: chris@openbsd.org <chris@openbsd.org>
6222Date: Fri Jul 31 15:38:09 2015 +0000
6223
6224 upstream commit
6225
6226 Allow PermitRootLogin to be overridden by config
6227
6228 ok markus@ deeradt@
6229
6230 Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
6231
6232commit 6f941396b6835ad18018845f515b0c4fe20be21a
6233Author: djm@openbsd.org <djm@openbsd.org>
6234Date: Thu Jul 30 23:09:15 2015 +0000
6235
6236 upstream commit
6237
6238 fix pty permissions; patch from Nikolay Edigaryev; ok
6239 deraadt
6240
6241 Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
6242
6243commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0
6244Author: deraadt@openbsd.org <deraadt@openbsd.org>
6245Date: Thu Jul 30 19:23:02 2015 +0000
6246
6247 upstream commit
6248
6249 change default: PermitRootLogin without-password matching
6250 install script changes coming as well ok djm markus
6251
6252 Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
6253
6254commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c
6255Author: Damien Miller <djm@mindrot.org>
6256Date: Thu Jul 30 12:31:39 2015 +1000
6257
6258 downgrade OOM adjustment logging: verbose -> debug
6259
6260commit f9eca249d4961f28ae4b09186d7dc91de74b5895
6261Author: djm@openbsd.org <djm@openbsd.org>
6262Date: Thu Jul 30 00:01:34 2015 +0000
6263
6264 upstream commit
6265
6266 Allow ssh_config and sshd_config kex parameters options be
6267 prefixed by a '+' to indicate that the specified items be appended to the
6268 default rather than replacing it.
6269
6270 approach suggested by dtucker@, feedback dlg@, ok markus@
6271
6272 Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
6273
6274commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163
6275Author: djm@openbsd.org <djm@openbsd.org>
6276Date: Wed Jul 29 08:34:54 2015 +0000
6277
6278 upstream commit
6279
6280 fix bug in previous; was printing incorrect string for
6281 failed host key algorithms negotiation
6282
6283 Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
6284
6285commit f319912b0d0e1675b8bb051ed8213792c788bcb2
6286Author: djm@openbsd.org <djm@openbsd.org>
6287Date: Wed Jul 29 04:43:06 2015 +0000
6288
6289 upstream commit
6290
6291 include the peer's offer when logging a failure to
6292 negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@
6293
6294 Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
6295
6296commit b6ea0e573042eb85d84defb19227c89eb74cf05a
6297Author: djm@openbsd.org <djm@openbsd.org>
6298Date: Tue Jul 28 23:20:42 2015 +0000
6299
6300 upstream commit
6301
6302 add Cisco to the list of clients that choke on the
6303 hostkeys update extension. Pointed out by Howard Kash
6304
6305 Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
6306
6307commit 3f628c7b537291c1019ce86af90756fb4e66d0fd
6308Author: guenther@openbsd.org <guenther@openbsd.org>
6309Date: Mon Jul 27 16:29:23 2015 +0000
6310
6311 upstream commit
6312
6313 Permit kbind(2) use in the sandbox now, to ease testing
6314 of ld.so work using it
6315
6316 reminded by miod@, ok deraadt@
6317
6318 Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
6319
6320commit ebe27ebe520098bbc0fe58945a87ce8490121edb
6321Author: millert@openbsd.org <millert@openbsd.org>
6322Date: Mon Jul 20 18:44:12 2015 +0000
6323
6324 upstream commit
6325
6326 Move .Pp before .Bl, not after to quiet mandoc -Tlint.
6327 Noticed by jmc@
6328
6329 Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
6330
6331commit d5d91d0da819611167782c66ab629159169d94d4
6332Author: millert@openbsd.org <millert@openbsd.org>
6333Date: Mon Jul 20 18:42:35 2015 +0000
6334
6335 upstream commit
6336
6337 Sync usage with SYNOPSIS
6338
6339 Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
6340
6341commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743
6342Author: millert@openbsd.org <millert@openbsd.org>
6343Date: Mon Jul 20 15:39:52 2015 +0000
6344
6345 upstream commit
6346
6347 Better desciption of Unix domain socket forwarding.
6348 bz#2423; ok jmc@
6349
6350 Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
6351
6352commit d56fd1828074a4031b18b8faa0bf949669eb18a0
6353Author: Damien Miller <djm@mindrot.org>
6354Date: Mon Jul 20 11:19:51 2015 +1000
6355
6356 make realpath.c compile -Wsign-compare clean
6357
6358commit c63c9a691dca26bb7648827f5a13668832948929
6359Author: djm@openbsd.org <djm@openbsd.org>
6360Date: Mon Jul 20 00:30:01 2015 +0000
6361
6362 upstream commit
6363
6364 mention that the default of UseDNS=no implies that
6365 hostnames cannot be used for host matching in sshd_config and
6366 authorized_keys; bz#2045, ok dtucker@
6367
6368 Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
6369
6370commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76
6371Author: djm@openbsd.org <djm@openbsd.org>
6372Date: Sat Jul 18 08:02:17 2015 +0000
6373
6374 upstream commit
6375
6376 don't ignore PKCS#11 hosted keys that return empty
6377 CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
6378
6379 Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
6380
6381commit b15fd989c8c62074397160147a8d5bc34b3f3c63
6382Author: djm@openbsd.org <djm@openbsd.org>
6383Date: Sat Jul 18 08:00:21 2015 +0000
6384
6385 upstream commit
6386
6387 skip uninitialised PKCS#11 slots; patch from Jakub Jelen
6388 in bz#2427 ok markus@
6389
6390 Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
6391
6392commit 5b64f85bb811246c59ebab70aed331f26ba37b18
6393Author: djm@openbsd.org <djm@openbsd.org>
6394Date: Sat Jul 18 07:57:14 2015 +0000
6395
6396 upstream commit
6397
6398 only query each keyboard-interactive device once per
6399 authentication request regardless of how many times it is listed; ok markus@
6400
6401 Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
6402
6403commit cd7324d0667794eb5c236d8a4e0f236251babc2d
6404Author: djm@openbsd.org <djm@openbsd.org>
6405Date: Fri Jul 17 03:34:27 2015 +0000
6406
6407 upstream commit
6408
6409 remove -u flag to diff (only used for error output) to make
6410 things easier for -portable
6411
6412 Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
6413
6414commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a
6415Author: djm@openbsd.org <djm@openbsd.org>
6416Date: Fri Jul 17 03:09:19 2015 +0000
6417
6418 upstream commit
6419
6420 direct-streamlocal@openssh.com Unix domain foward
6421 messages do not contain a "reserved for future use" field and in fact,
6422 serverloop.c checks that there isn't one. Remove erroneous mention from
6423 PROTOCOL description. bz#2421 from Daniel Black
6424
6425 Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
6426
6427commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52
6428Author: djm@openbsd.org <djm@openbsd.org>
6429Date: Fri Jul 17 03:04:27 2015 +0000
6430
6431 upstream commit
6432
6433 describe magic for setting up Unix domain socket fowards
6434 via the mux channel; bz#2422 patch from Daniel Black
6435
6436 Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861
6437
6438commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc
6439Author: Darren Tucker <dtucker@zip.com.au>
6440Date: Fri Jul 17 12:52:34 2015 +1000
6441
6442 Check if realpath works on nonexistent files.
6443
6444 On some platforms the native realpath doesn't work with non-existent
6445 files (this is actually specified in some versions of POSIX), however
6446 the sftp spec says its realpath with "canonicalize any given path name".
6447 On those platforms, use realpath from the compat library.
6448
6449 In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
6450 the realpath symbol to the checked version, so redefine ours to
6451 something else so we pick up the compat version we want.
6452
6453 bz#2428, ok djm@
6454
6455commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0
6456Author: djm@openbsd.org <djm@openbsd.org>
6457Date: Fri Jul 17 02:47:45 2015 +0000
6458
6459 upstream commit
6460
6461 fix incorrect test for SSH1 keys when compiled without SSH1
6462 support
6463
6464 Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
6465
6466commit df56a8035d429b2184ee94aaa7e580c1ff67f73a
6467Author: djm@openbsd.org <djm@openbsd.org>
6468Date: Wed Jul 15 08:00:11 2015 +0000
6469
6470 upstream commit
6471
6472 fix NULL-deref when SSH1 reenabled
6473
6474 Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
6475
6476commit 41e38c4d49dd60908484e6703316651333f16b93
6477Author: djm@openbsd.org <djm@openbsd.org>
6478Date: Wed Jul 15 07:19:50 2015 +0000
6479
6480 upstream commit
6481
6482 regen RSA1 test keys; the last batch was missing their
6483 private parts
6484
6485 Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
6486
6487commit 5bf0933184cb622ca3f96d224bf3299fd2285acc
6488Author: markus@openbsd.org <markus@openbsd.org>
6489Date: Fri Jul 10 06:23:25 2015 +0000
6490
6491 upstream commit
6492
6493 Adapt tests, now that DSA if off by default; use
6494 PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA.
6495
6496 Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c
6497
6498commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc
6499Author: markus@openbsd.org <markus@openbsd.org>
6500Date: Tue Jul 7 14:54:16 2015 +0000
6501
6502 upstream commit
6503
6504 regen test data after mktestdata.sh changes
6505
6506 Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
6507
6508commit 7c8c174c69f681d4910fa41c37646763692b28e2
6509Author: markus@openbsd.org <markus@openbsd.org>
6510Date: Tue Jul 7 14:53:30 2015 +0000
6511
6512 upstream commit
6513
6514 adapt tests to new minimum RSA size and default FP format
6515
6516 Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
6517
6518commit 6a977a4b68747ade189e43d302f33403fd4a47ac
6519Author: djm@openbsd.org <djm@openbsd.org>
6520Date: Fri Jul 3 04:39:23 2015 +0000
6521
6522 upstream commit
6523
6524 legacy v00 certificates are gone; adapt and don't try to
6525 test them; "sure" markus@ dtucker@
6526
6527 Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
6528
6529commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385
6530Author: djm@openbsd.org <djm@openbsd.org>
6531Date: Wed Jul 1 23:11:18 2015 +0000
6532
6533 upstream commit
6534
6535 don't expect SSH v.1 in unittests
6536
6537 Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
6538
6539commit 3c099845798a817cdde513c39074ec2063781f18
6540Author: djm@openbsd.org <djm@openbsd.org>
6541Date: Mon Jun 15 06:38:50 2015 +0000
6542
6543 upstream commit
6544
6545 turn SSH1 back on to match src/usr.bin/ssh being tested
6546
6547 Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
6548
6549commit b1dc2b33689668c75e95f873a42d5aea1f4af1db
6550Author: dtucker@openbsd.org <dtucker@openbsd.org>
6551Date: Mon Jul 13 04:57:14 2015 +0000
6552
6553 upstream commit
6554
6555 Add "PuTTY_Local:" to the clients to which we do not
6556 offer DH-GEX. This was the string that was used for development versions
6557 prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
6558 there are some extant products based on those versions. bx2424 from Jay
6559 Rouman, ok markus@ djm@
6560
6561 Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
6562
6563commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9
6564Author: markus@openbsd.org <markus@openbsd.org>
6565Date: Fri Jul 10 06:21:53 2015 +0000
6566
6567 upstream commit
6568
6569 Turn off DSA by default; add HostKeyAlgorithms to the
6570 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
6571 tested or turned back on; feedback and ok djm@
6572
6573 Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
6574
6575commit 16db0a7ee9a87945cc594d13863cfcb86038db59
6576Author: markus@openbsd.org <markus@openbsd.org>
6577Date: Thu Jul 9 09:49:46 2015 +0000
6578
6579 upstream commit
6580
6581 re-enable ed25519-certs if compiled w/o openssl; ok djm
6582
6583 Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
6584
6585commit c355bf306ac33de6545ce9dac22b84a194601e2f
6586Author: markus@openbsd.org <markus@openbsd.org>
6587Date: Wed Jul 8 20:24:02 2015 +0000
6588
6589 upstream commit
6590
6591 no need to include the old buffer/key API
6592
6593 Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
6594
6595commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee
6596Author: markus@openbsd.org <markus@openbsd.org>
6597Date: Wed Jul 8 19:09:25 2015 +0000
6598
6599 upstream commit
6600
6601 typedefs for Cipher&CipherContext are unused
6602
6603 Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
6604
6605commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0
6606Author: markus@openbsd.org <markus@openbsd.org>
6607Date: Wed Jul 8 19:04:21 2015 +0000
6608
6609 upstream commit
6610
6611 xmalloc.h is unused
6612
6613 Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
6614
6615commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31
6616Author: markus@openbsd.org <markus@openbsd.org>
6617Date: Wed Jul 8 19:01:15 2015 +0000
6618
6619 upstream commit
6620
6621 compress.c is gone
6622
6623 Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
6624
6625commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615
6626Author: djm@openbsd.org <djm@openbsd.org>
6627Date: Fri Jul 3 04:05:54 2015 +0000
6628
6629 upstream commit
6630
6631 another SSH_RSA_MINIMUM_MODULUS_SIZE that needed
6632 cranking
6633
6634 Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
6635
6636commit b1f383da5cd3cb921fc7776f17a14f44b8a31757
6637Author: djm@openbsd.org <djm@openbsd.org>
6638Date: Fri Jul 3 03:56:25 2015 +0000
6639
6640 upstream commit
6641
6642 add an XXX reminder for getting correct key paths from
6643 sshd_config
6644
6645 Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
6646
6647commit 933935ce8d093996c34d7efa4d59113163080680
6648Author: djm@openbsd.org <djm@openbsd.org>
6649Date: Fri Jul 3 03:49:45 2015 +0000
6650
6651 upstream commit
6652
6653 refuse to generate or accept RSA keys smaller than 1024
6654 bits; feedback and ok dtucker@
6655
6656 Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
6657
6658commit bdfd29f60b74f3e678297269dc6247a5699583c1
6659Author: djm@openbsd.org <djm@openbsd.org>
6660Date: Fri Jul 3 03:47:00 2015 +0000
6661
6662 upstream commit
6663
6664 turn off 1024 bit diffie-hellman-group1-sha1 key
6665 exchange method (already off in server, this turns it off in the client by
6666 default too) ok dtucker@
6667
6668 Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
6669
6670commit c28fc62d789d860c75e23a9fa9fb250eb2beca57
6671Author: djm@openbsd.org <djm@openbsd.org>
6672Date: Fri Jul 3 03:43:18 2015 +0000
6673
6674 upstream commit
6675
6676 delete support for legacy v00 certificates; "sure"
6677 markus@ dtucker@
6678
6679 Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
6680
6681commit 564d63e1b4a9637a209d42a9d49646781fc9caef
6682Author: djm@openbsd.org <djm@openbsd.org>
6683Date: Wed Jul 1 23:10:47 2015 +0000
6684
6685 upstream commit
6686
6687 Compile-time disable SSH v.1 again
6688
6689 Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
6690
6691commit 868109b650504dd9bcccdb1f51d0906f967c20ff
6692Author: djm@openbsd.org <djm@openbsd.org>
6693Date: Wed Jul 1 02:39:06 2015 +0000
6694
6695 upstream commit
6696
6697 twiddle PermitRootLogin back
6698
6699 Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
6700
6701commit 7de4b03a6e4071d454b72927ffaf52949fa34545
6702Author: djm@openbsd.org <djm@openbsd.org>
6703Date: Wed Jul 1 02:32:17 2015 +0000
6704
6705 upstream commit
6706
6707 twiddle; (this commit marks the openssh-6.9 release)
6708
6709 Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
6710
6711commit 1bf477d3cdf1a864646d59820878783d42357a1d
6712Author: djm@openbsd.org <djm@openbsd.org>
6713Date: Wed Jul 1 02:26:31 2015 +0000
6714
6715 upstream commit
6716
6717 better refuse ForwardX11Trusted=no connections attempted
6718 after ForwardX11Timeout expires; reported by Jann Horn
6719
6720 Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
6721
6722commit 47aa7a0f8551b471fcae0447c1d78464f6dba869
6723Author: djm@openbsd.org <djm@openbsd.org>
6724Date: Wed Jul 1 01:56:13 2015 +0000
6725
6726 upstream commit
6727
6728 put back default PermitRootLogin=no
6729
6730 Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
6731
6732commit 984b064fe2a23733733262f88d2e1b2a1a501662
6733Author: djm@openbsd.org <djm@openbsd.org>
6734Date: Wed Jul 1 01:55:13 2015 +0000
6735
6736 upstream commit
6737
6738 openssh-6.9
6739
6740 Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
6741
6742commit d921082ed670f516652eeba50705e1e9f6325346
6743Author: djm@openbsd.org <djm@openbsd.org>
6744Date: Wed Jul 1 01:55:00 2015 +0000
6745
6746 upstream commit
6747
6748 reset default PermitRootLogin to 'yes' (momentarily, for
6749 release)
6750
6751 Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
6752
6753commit 66295e0e1ba860e527f191b6325d2d77dec4dbce
6754Author: Damien Miller <djm@mindrot.org>
6755Date: Wed Jul 1 11:49:12 2015 +1000
6756
6757 crank version numbers for release
6758
6759commit 37035c07d4f26bb1fbe000d2acf78efdb008681d
6760Author: Damien Miller <djm@mindrot.org>
6761Date: Wed Jul 1 10:49:37 2015 +1000
6762
6763 s/--with-ssh1/--without-ssh1/
6764
6765commit 629df770dbadc2accfbe1c81b3f31f876d0acd84
6766Author: djm@openbsd.org <djm@openbsd.org>
6767Date: Tue Jun 30 05:25:07 2015 +0000
6768
6769 upstream commit
6770
6771 fatal() when a remote window update causes the window
6772 value to overflow. Reported by Georg Wicherski, ok markus@
6773
6774 Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
6775
6776commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2
6777Author: djm@openbsd.org <djm@openbsd.org>
6778Date: Tue Jun 30 05:23:25 2015 +0000
6779
6780 upstream commit
6781
6782 Fix math error in remote window calculations that causes
6783 eventual stalls for datagram channels. Reported by Georg Wicherski, ok
6784 markus@
6785
6786 Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
6787
6788commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889
6789Author: Damien Miller <djm@mindrot.org>
6790Date: Tue Jun 30 16:05:40 2015 +1000
6791
6792 skip IPv6-related portions on hosts without IPv6
6793
6794 with Tim Rice
6795
6796commit 512caddf590857af6aa12218461b5c0441028cf5
6797Author: djm@openbsd.org <djm@openbsd.org>
6798Date: Mon Jun 29 22:35:12 2015 +0000
6799
6800 upstream commit
6801
6802 add getpid to sandbox, reachable by grace_alarm_handler
6803
6804 reported by Jakub Jelen; bz#2419
6805
6806 Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
6807
6808commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93
6809Author: djm@openbsd.org <djm@openbsd.org>
6810Date: Fri Jun 26 05:13:20 2015 +0000
6811
6812 upstream commit
6813
6814 Fix \-escaping bug that caused forward path parsing to skip
6815 two characters and skip past the end of the string.
6816
6817 Based on patch by Salvador Fandino; ok dtucker@
6818
6819 Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
6820
6821commit bc20205c91c9920361d12b15d253d4997dba494a
6822Author: Damien Miller <djm@mindrot.org>
6823Date: Thu Jun 25 09:51:39 2015 +1000
6824
6825 add missing pselect6
6826
6827 patch from Jakub Jelen
6828
6829commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a
6830Author: djm@openbsd.org <djm@openbsd.org>
6831Date: Wed Jun 24 23:47:23 2015 +0000
6832
6833 upstream commit
6834
6835 correct test to sshkey_sign(); spotted by Albert S.
6836
6837 Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
6838
6839commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3
6840Author: dtucker@openbsd.org <dtucker@openbsd.org>
6841Date: Wed Jun 24 01:49:19 2015 +0000
6842
6843 upstream commit
6844
6845 Revert previous commit. We still want to call setgroups
6846 in the case where there are zero groups to remove any that we might otherwise
6847 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
6848 to setgroups is always a static global it's always valid to dereference in
6849 this case. ok deraadt@ djm@
6850
6851 Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
6852
6853commit 882f8bf94f79528caa65b0ba71c185d705bb7195
6854Author: dtucker@openbsd.org <dtucker@openbsd.org>
6855Date: Wed Jun 24 01:49:19 2015 +0000
6856
6857 upstream commit
6858
6859 Revert previous commit. We still want to call setgroups in
6860 the case where there are zero groups to remove any that we might otherwise
6861 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
6862 to setgroups is always a static global it's always valid to dereference in
6863 this case. ok deraadt@ djm@
6864
6865 Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
6866
6867commit 9488538a726951e82b3a4374f3c558d72c80a89b
6868Author: djm@openbsd.org <djm@openbsd.org>
6869Date: Mon Jun 22 23:42:16 2015 +0000
6870
6871 upstream commit
6872
6873 Don't count successful partial authentication as failures
6874 in monitor; this may have caused the monitor to refuse multiple
6875 authentications that would otherwise have successfully completed; ok markus@
6876
6877 Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3
6878
6879commit 63b78d003bd8ca111a736e6cea6333da50f5f09b
6880Author: dtucker@openbsd.org <dtucker@openbsd.org>
6881Date: Mon Jun 22 12:29:57 2015 +0000
6882
6883 upstream commit
6884
6885 Don't call setgroups if we have zero groups; there's no
6886 guarantee that it won't try to deref the pointer. Based on a patch from mail
6887 at quitesimple.org, ok djm deraadt
6888
6889 Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
6890
6891commit 5c15e22c691c79a47747bcf5490126656f97cecd
6892Author: Damien Miller <djm@mindrot.org>
6893Date: Thu Jun 18 15:07:56 2015 +1000
6894
6895 fix syntax error
6896
6897commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403
6898Author: jsing@openbsd.org <jsing@openbsd.org>
6899Date: Mon Jun 15 18:44:22 2015 +0000
6900
6901 upstream commit
6902
6903 If AuthorizedPrincipalsCommand is specified, however
6904 AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
6905 potentially fail due to key_cert_check_authority() failing to locate a
6906 principal that matches the username, even though an authorized principal has
6907 already been matched in the output of the subprocess. Fix this by using the
6908 same logic to determine if pw->pw_name should be passed, as is used to
6909 determine if a authorized principal must be matched earlier on.
6910
6911 ok djm@
6912
6913 Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
6914
6915commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905
6916Author: jsing@openbsd.org <jsing@openbsd.org>
6917Date: Mon Jun 15 18:42:19 2015 +0000
6918
6919 upstream commit
6920
6921 Make the arguments to match_principals_command() similar
6922 to match_principals_file(), by changing the last argument a struct
6923 sshkey_cert * and dereferencing key->cert in the caller.
6924
6925 No functional change.
6926
6927 ok djm@
6928
6929 Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
6930
6931commit 97e2e1596c202a4693468378b16b2353fd2d6c5e
6932Author: Damien Miller <djm@mindrot.org>
6933Date: Wed Jun 17 14:36:54 2015 +1000
6934
6935 trivial optimisation for seccomp-bpf
6936
6937 When doing arg inspection and the syscall doesn't match, skip
6938 past the instruction that reloads the syscall into the accumulator,
6939 since the accumulator hasn't been modified at this point.
6940
6941commit 99f33d7304893bd9fa04d227cb6e870171cded19
6942Author: Damien Miller <djm@mindrot.org>
6943Date: Wed Jun 17 10:50:51 2015 +1000
6944
6945 aarch64 support for seccomp-bpf sandbox
6946
6947 Also resort and tidy syscall list. Based on patches by Jakub Jelen
6948 bz#2361; ok dtucker@
6949
6950commit 4ef702e1244633c1025ec7cfe044b9ab267097bf
6951Author: djm@openbsd.org <djm@openbsd.org>
6952Date: Mon Jun 15 01:32:50 2015 +0000
6953
6954 upstream commit
6955
6956 return failure on RSA signature error; reported by Albert S
6957
6958 Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa
6959
6960commit a170f22baf18af0b1acf2788b8b715605f41a1f9
6961Author: Tim Rice <tim@multitalents.net>
6962Date: Tue Jun 9 22:41:13 2015 -0700
6963
6964 Fix t12 rules for out of tree builds.
6965
6966commit ec04dc4a5515c913121bc04ed261857e68fa5c18
6967Author: millert@openbsd.org <millert@openbsd.org>
6968Date: Fri Jun 5 15:13:13 2015 +0000
6969
6970 upstream commit
6971
6972 For "ssh -L 12345:/tmp/sock" don't fail with "No forward host
6973 name." (we have a path, not a host name). Based on a diff from Jared
6974 Yanovich. OK djm@
6975
6976 Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
6977
6978commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6
6979Author: djm@openbsd.org <djm@openbsd.org>
6980Date: Fri Jun 5 03:44:14 2015 +0000
6981
6982 upstream commit
6983
6984 typo: accidental repetition; bz#2386
6985
6986 Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
6987
6988commit adfb24c69d1b6f5e758db200866c711e25a2ba73
6989Author: Darren Tucker <dtucker@zip.com.au>
6990Date: Fri Jun 5 14:51:40 2015 +1000
6991
6992 Add Linux powerpc64le and powerpcle entries.
6993
6994 Stopgap to resolve bz#2409 because we are so close to release and will
6995 update config.guess and friends shortly after the release. ok djm@
6996
6997commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da
6998Merge: 6397eed d2480bc
6999Author: Tim Rice <tim@multitalents.net>
7000Date: Wed Jun 3 21:43:13 2015 -0700
7001
7002 Merge branch 'master' of git.mindrot.org:/var/git/openssh
7003
7004commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc
7005Author: Tim Rice <tim@multitalents.net>
7006Date: Wed Jun 3 21:41:11 2015 -0700
7007
7008 Remove unneeded backslashes. Patch from Ángel González
7009
7010commit d2480bcac1caf31b03068de877a47d6e1027bf6d
7011Author: Darren Tucker <dtucker@zip.com.au>
7012Date: Thu Jun 4 14:10:55 2015 +1000
7013
7014 Remove redundant include of stdarg.h. bz#2410
7015
7016commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb
7017Author: djm@openbsd.org <djm@openbsd.org>
7018Date: Tue Jun 2 09:10:40 2015 +0000
7019
7020 upstream commit
7021
7022 mention CheckHostIP adding addresses to known_hosts;
7023 bz#1993; ok dtucker@
7024
7025 Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
7026
7027commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818
7028Author: Darren Tucker <dtucker@zip.com.au>
7029Date: Tue Jun 2 20:15:26 2015 +1000
7030
7031 Replace strcpy with strlcpy.
7032
7033 ok djm, sanity check by Corinna Vinschen.
7034
7035commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143
7036Author: Damien Miller <djm@mindrot.org>
7037Date: Fri May 29 18:27:21 2015 +1000
7038
7039 skip, rather than fatal when run without SUDO set
7040
7041commit 599f01142a376645b15cbc9349d7e8975e1cf245
7042Author: Damien Miller <djm@mindrot.org>
7043Date: Fri May 29 18:03:15 2015 +1000
7044
7045 fix merge botch that left ",," in KEX algs
7046
7047commit 0c2a81dfc21822f2423edd30751e5ec53467b347
7048Author: Damien Miller <djm@mindrot.org>
7049Date: Fri May 29 17:08:28 2015 +1000
7050
7051 re-enable SSH protocol 1 at compile time
7052
7053commit db438f9285d64282d3ac9e8c0944f59f037c0151
7054Author: djm@openbsd.org <djm@openbsd.org>
7055Date: Fri May 29 03:05:13 2015 +0000
7056
7057 upstream commit
7058
7059 make this work without SUDO set; ok dtucker@
7060
7061 Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715
7062
7063commit 1d9a2e2849c9864fe75daabf433436341c968e14
7064Author: djm@openbsd.org <djm@openbsd.org>
7065Date: Thu May 28 07:37:31 2015 +0000
7066
7067 upstream commit
7068
7069 wrap all moduli-related code in #ifdef WITH_OPENSSL.
7070 based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
7071
7072 Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
7073
7074commit 496aeb25bc2d6c434171292e4714771b594bd00e
7075Author: dtucker@openbsd.org <dtucker@openbsd.org>
7076Date: Thu May 28 05:41:29 2015 +0000
7077
7078 upstream commit
7079
7080 Increase the allowed length of the known host file name
7081 in the log message to be consistent with other cases. Part of bz#1993, ok
7082 deraadt.
7083
7084 Upstream-ID: a9e97567be49f25daf286721450968251ff78397
7085
7086commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14
7087Author: dtucker@openbsd.org <dtucker@openbsd.org>
7088Date: Thu May 28 05:09:45 2015 +0000
7089
7090 upstream commit
7091
7092 Fix typo (keywork->keyword)
7093
7094 Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534
7095
7096commit 9cc6842493fbf23025ccc1edab064869640d3bec
7097Author: djm@openbsd.org <djm@openbsd.org>
7098Date: Thu May 28 04:50:53 2015 +0000
7099
7100 upstream commit
7101
7102 add error message on ftruncate failure; bz#2176
7103
7104 Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf
7105
7106commit d1958793a0072c22be26d136dbda5ae263e717a0
7107Author: djm@openbsd.org <djm@openbsd.org>
7108Date: Thu May 28 04:40:13 2015 +0000
7109
7110 upstream commit
7111
7112 make ssh-keygen default to ed25519 keys when compiled
7113 without OpenSSL; bz#2388, ok dtucker@
7114
7115 Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71
7116
7117commit 3ecde664c9fc5fb3667aedf9e6671462600f6496
7118Author: dtucker@openbsd.org <dtucker@openbsd.org>
7119Date: Wed May 27 23:51:10 2015 +0000
7120
7121 upstream commit
7122
7123 Reorder client proposal to prefer
7124 diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@
7125
7126 Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058
7127
7128commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68
7129Author: dtucker@openbsd.org <dtucker@openbsd.org>
7130Date: Wed May 27 23:39:18 2015 +0000
7131
7132 upstream commit
7133
7134 Add a stronger (4k bit) fallback group that sshd can use
7135 when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok
7136 markus@ (earlier version), djm@
7137
7138 Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4
7139
7140commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a
7141Author: Darren Tucker <dtucker@zip.com.au>
7142Date: Thu May 28 10:03:40 2015 +1000
7143
7144 New moduli file from OpenBSD, removing 1k groups.
7145
7146 Remove 1k bit groups. ok deraadt@, markus@
7147
7148commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea
7149Author: djm@openbsd.org <djm@openbsd.org>
7150Date: Wed May 27 05:15:02 2015 +0000
7151
7152 upstream commit
7153
7154 support PKCS#11 devices with external PIN entry devices
7155 bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
7156
7157 Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
7158
7159commit b282fec1aa05246ed3482270eb70fc3ec5f39a00
7160Author: dtucker@openbsd.org <dtucker@openbsd.org>
7161Date: Tue May 26 23:23:40 2015 +0000
7162
7163 upstream commit
7164
7165 Cap DH-GEX group size at 4kbits for Cisco implementations.
7166 Some of them will choke when asked for preferred sizes >4k instead of
7167 returning the 4k group that they do have. bz#2209, ok djm@
7168
7169 Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
7170
7171commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e
7172Author: djm@openbsd.org <djm@openbsd.org>
7173Date: Sun May 24 23:39:16 2015 +0000
7174
7175 upstream commit
7176
7177 add missing 'c' option to getopt(), case statement was
7178 already there; from Felix Bolte
7179
7180 Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081
7181
7182commit 64a89ec07660abba4d0da7c0095b7371c98bab62
7183Author: jsg@openbsd.org <jsg@openbsd.org>
7184Date: Sat May 23 14:28:37 2015 +0000
7185
7186 upstream commit
7187
7188 fix a memory leak in an error path ok markus@ dtucker@
7189
7190 Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598
7191
7192commit f948737449257d2cb83ffcfe7275eb79b677fd4a
7193Author: djm@openbsd.org <djm@openbsd.org>
7194Date: Fri May 22 05:28:45 2015 +0000
7195
7196 upstream commit
7197
7198 mention ssh-keygen -E for comparing legacy MD5
7199 fingerprints; bz#2332
7200
7201 Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
7202
7203commit 0882332616e4f0272c31cc47bf2018f9cb258a4e
7204Author: djm@openbsd.org <djm@openbsd.org>
7205Date: Fri May 22 04:45:52 2015 +0000
7206
7207 upstream commit
7208
7209 Reorder EscapeChar option parsing to avoid a single-byte
7210 out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
7211
7212 Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
7213
7214commit d7c31da4d42c115843edee2074d7d501f8804420
7215Author: djm@openbsd.org <djm@openbsd.org>
7216Date: Fri May 22 03:50:02 2015 +0000
7217
7218 upstream commit
7219
7220 add knob to relax GSSAPI host credential check for
7221 multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
7222 (kerberos/GSSAPI is not compiled by default on OpenBSD)
7223
7224 Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d
7225
7226commit aa72196a00be6e0b666215edcffbc10af234cb0e
7227Author: Darren Tucker <dtucker@zip.com.au>
7228Date: Fri May 22 17:49:46 2015 +1000
7229
7230 Include signal.h for sig_atomic_t, used by kex.h.
7231
7232 bz#2402, from tomas.kuthan at oracle com.
7233
7234commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a
7235Author: Darren Tucker <dtucker@zip.com.au>
7236Date: Fri May 22 12:47:24 2015 +1000
7237
7238 Import updated moduli file from OpenBSD.
7239
7240commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9
7241Author: djm@openbsd.org <djm@openbsd.org>
7242Date: Thu May 21 12:01:19 2015 +0000
7243
7244 upstream commit
7245
7246 Support "ssh-keygen -lF hostname" to find search known_hosts
7247 and print key hashes. Already advertised by ssh-keygen(1), but not delivered
7248 by code; ok dtucker@
7249
7250 Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387
7251
7252commit e97201feca10b5196da35819ae516d0b87cf3a50
7253Author: Damien Miller <djm@mindrot.org>
7254Date: Thu May 21 17:55:15 2015 +1000
7255
7256 conditionalise util.h inclusion
7257
7258commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0
7259Author: djm@openbsd.org <djm@openbsd.org>
7260Date: Thu May 21 06:44:25 2015 +0000
7261
7262 upstream commit
7263
7264 regress test for AuthorizedPrincipalsCommand
7265
7266 Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219
7267
7268commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1
7269Author: djm@openbsd.org <djm@openbsd.org>
7270Date: Thu May 21 06:40:02 2015 +0000
7271
7272 upstream commit
7273
7274 regress test for AuthorizedKeysCommand arguments
7275
7276 Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12
7277
7278commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1
7279Author: djm@openbsd.org <djm@openbsd.org>
7280Date: Thu May 21 06:43:30 2015 +0000
7281
7282 upstream commit
7283
7284 add AuthorizedPrincipalsCommand that allows getting
7285 authorized_principals from a subprocess rather than a file, which is quite
7286 useful in deployments with large userbases
7287
7288 feedback and ok markus@
7289
7290 Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
7291
7292commit 24232a3e5ab467678a86aa67968bbb915caffed4
7293Author: djm@openbsd.org <djm@openbsd.org>
7294Date: Thu May 21 06:38:35 2015 +0000
7295
7296 upstream commit
7297
7298 support arguments to AuthorizedKeysCommand
7299
7300 bz#2081 loosely based on patch by Sami Hartikainen
7301 feedback and ok markus@
7302
7303 Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7
7304
7305commit d80fbe41a57c72420c87a628444da16d09d66ca7
7306Author: djm@openbsd.org <djm@openbsd.org>
7307Date: Thu May 21 04:55:51 2015 +0000
7308
7309 upstream commit
7310
7311 refactor: split base64 encoding of pubkey into its own
7312 sshkey_to_base64() function and out of sshkey_write(); ok markus@
7313
7314 Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
7315
7316commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5
7317Author: deraadt@openbsd.org <deraadt@openbsd.org>
7318Date: Mon May 18 15:06:05 2015 +0000
7319
7320 upstream commit
7321
7322 getentropy() and sendsyslog() have been around long
7323 enough. openssh-portable may want the #ifdef's but not base. discussed with
7324 djm few weeks back
7325
7326 Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926
7327
7328commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e
7329Author: dtucker@openbsd.org <dtucker@openbsd.org>
7330Date: Fri May 15 05:44:21 2015 +0000
7331
7332 upstream commit
7333
7334 Use a salted hash of the lock passphrase instead of plain
7335 text and do constant-time comparisons of it. Should prevent leaking any
7336 information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
7337 incrementing delay for each failed unlock attempt up to 10s. ok markus@
7338 (earlier version), djm@
7339
7340 Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
7341
7342commit d028d5d3a697c71b21e4066d8672cacab3caa0a8
7343Author: Damien Miller <djm@mindrot.org>
7344Date: Tue May 5 19:10:58 2015 +1000
7345
7346 upstream commit
7347
7348 - tedu@cvs.openbsd.org 2015/01/12 03:20:04
7349 [bcrypt_pbkdf.c]
7350 rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
7351 nor are they the same size.
7352
7353commit f6391d4e59b058984163ab28f4e317e7a72478f1
7354Author: Damien Miller <djm@mindrot.org>
7355Date: Tue May 5 19:10:23 2015 +1000
7356
7357 upstream commit
7358
7359 - deraadt@cvs.openbsd.org 2015/01/08 00:30:07
7360 [bcrypt_pbkdf.c]
7361 declare a local version of MIN(), call it MINIMUM()
7362
7363commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f
7364Author: Damien Miller <djm@mindrot.org>
7365Date: Tue May 5 19:09:46 2015 +1000
7366
7367 upstream commit
7368
7369 - djm@cvs.openbsd.org 2014/12/30 01:41:43
7370 [bcrypt_pbkdf.c]
7371 typo in comment: ouput => output
7372
7373commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2
7374Author: djm@openbsd.org <djm@openbsd.org>
7375Date: Mon May 4 06:10:48 2015 +0000
7376
7377 upstream commit
7378
7379 Remove pattern length argument from match_pattern_list(), we
7380 only ever use it for strlen(pattern).
7381
7382 Prompted by hanno AT hboeck.de pointing an out-of-bound read
7383 error caused by an incorrect pattern length found using AFL
7384 and his own tools.
7385
7386 ok markus@
7387
7388commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4
7389Author: djm@openbsd.org <djm@openbsd.org>
7390Date: Fri May 1 07:10:01 2015 +0000
7391
7392 upstream commit
7393
7394 refactor ssh_dispatch_run_fatal() to use sshpkt_fatal()
7395 to better report error conditions. Teach sshpkt_fatal() about ECONNRESET.
7396
7397 Improves error messages on TCP connection resets. bz#2257
7398
7399 ok dtucker@
7400
7401commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d
7402Author: djm@openbsd.org <djm@openbsd.org>
7403Date: Fri May 1 07:08:08 2015 +0000
7404
7405 upstream commit
7406
7407 a couple of parse targets were missing activep checks,
7408 causing them to be misapplied in match context; bz#2272 diagnosis and
7409 original patch from Sami Hartikainen ok dtucker@
7410
7411commit 7e8528cad04b2775c3b7db08abf8fb42e47e6b2a
7412Author: djm@openbsd.org <djm@openbsd.org>
7413Date: Fri May 1 04:17:51 2015 +0000
7414
7415 upstream commit
7416
7417 make handling of AuthorizedPrincipalsFile=none more
7418 consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@
7419
7420commit ca430d4d9cc0f62eca3b1fb1e2928395b7ce80f7
7421Author: djm@openbsd.org <djm@openbsd.org>
7422Date: Fri May 1 04:03:20 2015 +0000
7423
7424 upstream commit
7425
7426 remove failed remote forwards established by muliplexing
7427 from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
7428 dtucker@
7429
7430commit 8312cfb8ad88657517b3e23ac8c56c8e38eb9792
7431Author: djm@openbsd.org <djm@openbsd.org>
7432Date: Fri May 1 04:01:58 2015 +0000
7433
7434 upstream commit
7435
7436 reduce stderr spam when using ssh -S /path/mux -O forward
7437 -R 0:... ok dtucker@
7438
7439commit 179be0f5e62f1f492462571944e45a3da660d82b
7440Author: djm@openbsd.org <djm@openbsd.org>
7441Date: Fri May 1 03:23:51 2015 +0000
7442
7443 upstream commit
7444
7445 prevent authorized_keys options picked up on public key
7446 tests without a corresponding private key authentication being applied to
7447 other authentication methods. Reported by halex@, ok markus@
7448
7449commit a42d67be65b719a430b7fcaba2a4e4118382723a
7450Author: djm@openbsd.org <djm@openbsd.org>
7451Date: Fri May 1 03:20:54 2015 +0000
7452
7453 upstream commit
7454
7455 Don't make parsing of authorized_keys' environment=
7456 option conditional on PermitUserEnv - always parse it, but only use the
7457 result if the option is enabled. This prevents the syntax of authorized_keys
7458 changing depending on which sshd_config options were enabled.
7459
7460 bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
7461
7462commit e661a86353e11592c7ed6a847e19a83609f49e77
7463Author: djm@openbsd.org <djm@openbsd.org>
7464Date: Mon May 4 06:10:48 2015 +0000
7465
7466 upstream commit
7467
7468 Remove pattern length argument from match_pattern_list(), we
7469 only ever use it for strlen(pattern).
7470
7471 Prompted by hanno AT hboeck.de pointing an out-of-bound read
7472 error caused by an incorrect pattern length found using AFL
7473 and his own tools.
7474
7475 ok markus@
7476
7477commit 0ef1de742be2ee4b10381193fe90730925b7f027
7478Author: dtucker@openbsd.org <dtucker@openbsd.org>
7479Date: Thu Apr 23 05:01:19 2015 +0000
7480
7481 upstream commit
7482
7483 Add a simple regression test for sshd's configuration
7484 parser. Right now, all it does is run the output of sshd -T back through
7485 itself and ensure the output is valid and invariant.
7486
7487commit 368f83c793275faa2c52f60eaa9bdac155c4254b
7488Author: djm@openbsd.org <djm@openbsd.org>
7489Date: Wed Apr 22 01:38:36 2015 +0000
7490
7491 upstream commit
7492
7493 use correct key for nested certificate test
7494
7495commit 8d4d1bfddbbd7d21f545dc6997081d1ea1fbc99a
7496Author: djm@openbsd.org <djm@openbsd.org>
7497Date: Fri May 1 07:11:47 2015 +0000
7498
7499 upstream commit
7500
7501 mention that the user's shell from /etc/passwd is used
7502 for commands too; bz#1459 ok dtucker@
7503
7504commit 5ab283d0016bbc9d4d71e8e5284d011bc5a930cf
7505Author: djm@openbsd.org <djm@openbsd.org>
7506Date: Fri May 8 07:29:00 2015 +0000
7507
7508 upstream commit
7509
7510 whitespace
7511
7512 Upstream-Regress-ID: 6b708a3e709d5b7fd37890f874bafdff1f597519
7513
7514commit 8377d5008ad260048192e1e56ad7d15a56d103dd
7515Author: djm@openbsd.org <djm@openbsd.org>
7516Date: Fri May 8 07:26:13 2015 +0000
7517
7518 upstream commit
7519
7520 whitespace at EOL
7521
7522 Upstream-Regress-ID: 9c48911643d5b05173b36a012041bed4080b8554
7523
7524commit c28a3436fa8737709ea88e4437f8f23a6ab50359
7525Author: djm@openbsd.org <djm@openbsd.org>
7526Date: Fri May 8 06:45:13 2015 +0000
7527
7528 upstream commit
7529
7530 moar whitespace at eol
7531
7532 Upstream-ID: 64eaf872a3ba52ed41e494287e80d40aaba4b515
7533
7534commit 2b64c490468fd4ca35ac8d5cc31c0520dc1508bb
7535Author: djm@openbsd.org <djm@openbsd.org>
7536Date: Fri May 8 06:41:56 2015 +0000
7537
7538 upstream commit
7539
7540 whitespace at EOL
7541
7542 Upstream-ID: 57bcf67d666c6fc1ad798aee448fdc3f70f7ec2c
7543
7544commit 4e636cf201ce6e7e3b9088568218f9d4e2c51712
7545Author: djm@openbsd.org <djm@openbsd.org>
7546Date: Fri May 8 03:56:51 2015 +0000
7547
7548 upstream commit
7549
7550 whitespace at EOL
7551
7552commit 38b8272f823dc1dd4e29dbcee83943ed48bb12fa
7553Author: dtucker@openbsd.org <dtucker@openbsd.org>
7554Date: Mon May 4 01:47:53 2015 +0000
7555
7556 upstream commit
7557
7558 Use diff w/out -u for better portability
7559
7560commit 297060f42d5189a4065ea1b6f0afdf6371fb0507
7561Author: dtucker@openbsd.org <dtucker@openbsd.org>
7562Date: Fri May 8 03:25:07 2015 +0000
7563
7564 upstream commit
7565
7566 Use xcalloc for permitted_adm_opens instead of xmalloc to
7567 ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok
7568 djm@
7569
7570commit 63ebf019be863b2d90492a85e248cf55a6e87403
7571Author: djm@openbsd.org <djm@openbsd.org>
7572Date: Fri May 8 03:17:49 2015 +0000
7573
7574 upstream commit
7575
7576 don't choke on new-format private keys encrypted with an
7577 AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
7578
7579commit f8484dac678ab3098ae522a5f03bb2530f822987
7580Author: dtucker@openbsd.org <dtucker@openbsd.org>
7581Date: Wed May 6 05:45:17 2015 +0000
7582
7583 upstream commit
7584
7585 Clarify pseudo-terminal request behaviour and use
7586 "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@.
7587
7588commit ea139507bef8bad26e86ed99a42c7233ad115c38
7589Author: dtucker@openbsd.org <dtucker@openbsd.org>
7590Date: Wed May 6 04:07:18 2015 +0000
7591
7592 upstream commit
7593
7594 Blacklist DH-GEX for specific PuTTY versions known to
7595 send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
7596 According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
7597 messages. ok djm@
7598
7599commit b58234f00ee3872eb84f6e9e572a9a34e902e36e
7600Author: dtucker@openbsd.org <dtucker@openbsd.org>
7601Date: Tue May 5 10:17:49 2015 +0000
7602
7603 upstream commit
7604
7605 WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
7606 don't offer that KEX method. ok markus@
7607
7608commit d5b1507a207253b39e810e91e68f9598691b7a29
7609Author: jsg@openbsd.org <jsg@openbsd.org>
7610Date: Tue May 5 02:48:17 2015 +0000
7611
7612 upstream commit
7613
7614 use the sizeof the struct not the sizeof a pointer to the
7615 struct in ssh_digest_start()
7616
7617 This file is only used if ssh is built with OPENSSL=no
7618
7619 ok markus@
7620
7621commit a647b9b8e616c231594b2710c925d31b1b8afea3
7622Author: Darren Tucker <dtucker@zip.com.au>
7623Date: Fri May 8 11:07:27 2015 +1000
7624
7625 Put brackets around mblen() compat constant.
7626
7627 This might help with the reported problem cross compiling for Android
7628 ("error: expected identifier or '(' before numeric constant") but
7629 shouldn't hurt in any case.
7630
7631commit d1680d36e17244d9af3843aeb5025cb8e40d6c07
7632Author: Darren Tucker <dtucker@zip.com.au>
7633Date: Thu Apr 30 09:18:11 2015 +1000
7634
7635 xrealloc -> xreallocarray in portable code too.
7636
7637commit 531a57a3893f9fcd4aaaba8c312b612bbbcc021e
7638Author: dtucker@openbsd.org <dtucker@openbsd.org>
7639Date: Wed Apr 29 03:48:56 2015 +0000
7640
7641 upstream commit
7642
7643 Allow ListenAddress, Port and AddressFamily in any
7644 order. bz#68, ok djm@, jmc@ (for the man page bit).
7645
7646commit c1d5bcf1aaf1209af02f79e48ba1cbc76a87b56f
7647Author: jmc@openbsd.org <jmc@openbsd.org>
7648Date: Tue Apr 28 13:47:38 2015 +0000
7649
7650 upstream commit
7651
7652 enviroment -> environment: apologies to darren for not
7653 spotting that first time round...
7654
7655commit 43beea053db191cac47c2cd8d3dc1930158aff1a
7656Author: dtucker@openbsd.org <dtucker@openbsd.org>
7657Date: Tue Apr 28 10:25:15 2015 +0000
7658
7659 upstream commit
7660
7661 Fix typo in previous
7662
7663commit 85b96ef41374f3ddc9139581f87da09b2cd9199e
7664Author: dtucker@openbsd.org <dtucker@openbsd.org>
7665Date: Tue Apr 28 10:17:58 2015 +0000
7666
7667 upstream commit
7668
7669 Document that the TERM environment variable is not
7670 subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
7671 jjelen at redhat, help and ok jmc@
7672
7673commit 88a7c598a94ff53f76df228eeaae238d2d467565
7674Author: djm@openbsd.org <djm@openbsd.org>
7675Date: Mon Apr 27 21:42:48 2015 +0000
7676
7677 upstream commit
7678
7679 Make sshd default to PermitRootLogin=no; ok deraadt@
7680 rpe@
7681
7682commit 734226b4480a6c736096c729fcf6f391400599c7
7683Author: djm@openbsd.org <djm@openbsd.org>
7684Date: Mon Apr 27 01:52:30 2015 +0000
7685
7686 upstream commit
7687
7688 fix compilation with OPENSSL=no; ok dtucker@
7689
7690commit a4b9d2ce1eb7703eaf0809b0c8a82ded8aa4f1c6
7691Author: dtucker@openbsd.org <dtucker@openbsd.org>
7692Date: Mon Apr 27 00:37:53 2015 +0000
7693
7694 upstream commit
7695
7696 Include stdio.h for FILE (used in sshkey.h) so it
7697 compiles with OPENSSL=no.
7698
7699commit dbcc652f4ca11fe04e5930c7ef18a219318c6cda
7700Author: djm@openbsd.org <djm@openbsd.org>
7701Date: Mon Apr 27 00:21:21 2015 +0000
7702
7703 upstream commit
7704
7705 allow "sshd -f none" to skip reading the config file,
7706 much like "ssh -F none" does. ok dtucker
7707
7708commit b7ca276fca316c952f0b90f5adb1448c8481eedc
7709Author: jmc@openbsd.org <jmc@openbsd.org>
7710Date: Fri Apr 24 06:26:49 2015 +0000
7711
7712 upstream commit
7713
7714 combine -Dd onto one line and update usage();
7715
7716commit 2ea974630d7017e4c7666d14d9dc939707613e96
7717Author: djm@openbsd.org <djm@openbsd.org>
7718Date: Fri Apr 24 05:26:44 2015 +0000
7719
7720 upstream commit
7721
7722 add ssh-agent -D to leave ssh-agent in foreground
7723 without enabling debug mode; bz#2381 ok dtucker@
7724
7725commit 8ac2ffd7aa06042f6b924c87139f2fea5c5682f7
7726Author: deraadt@openbsd.org <deraadt@openbsd.org>
7727Date: Fri Apr 24 01:36:24 2015 +0000
7728
7729 upstream commit
7730
7731 2*len -> use xreallocarray() ok djm
7732
7733commit 657a5fbc0d0aff309079ff8fb386f17e964963c2
7734Author: deraadt@openbsd.org <deraadt@openbsd.org>
7735Date: Fri Apr 24 01:36:00 2015 +0000
7736
7737 upstream commit
7738
7739 rename xrealloc() to xreallocarray() since it follows
7740 that form. ok djm
7741
7742commit 1108ae242fdd2c304307b68ddf46aebe43ebffaa
7743Author: dtucker@openbsd.org <dtucker@openbsd.org>
7744Date: Thu Apr 23 04:59:10 2015 +0000
7745
7746 upstream commit
7747
7748 Two small fixes for sshd -T: ListenAddress'es are added
7749 to a list head so reverse the order when printing them to ensure the
7750 behaviour remains the same, and print StreamLocalBindMask as octal with
7751 leading zero. ok deraadt@
7752
7753commit bd902b8473e1168f19378d5d0ae68d0c203525df
7754Author: dtucker@openbsd.org <dtucker@openbsd.org>
7755Date: Thu Apr 23 04:53:53 2015 +0000
7756
7757 upstream commit
7758
7759 Check for and reject missing arguments for
7760 VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com,
7761 ok djm@
7762
7763commit ca42c1758575e592239de1d5755140e054b91a0d
7764Author: djm@openbsd.org <djm@openbsd.org>
7765Date: Wed Apr 22 01:24:01 2015 +0000
7766
7767 upstream commit
7768
7769 unknown certificate extensions are non-fatal, so don't
7770 fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok
7771 dtucker@
7772
7773commit 39bfbf7caad231cc4bda6909fb1af0705bca04d8
7774Author: jsg@openbsd.org <jsg@openbsd.org>
7775Date: Tue Apr 21 07:01:00 2015 +0000
7776
7777 upstream commit
7778
7779 Add back a backslash removed in rev 1.42 so
7780 KEX_SERVER_ENCRYPT will include aes again.
7781
7782 ok deraadt@
7783
7784commit 6b0d576bb87eca3efd2b309fcfe4edfefc289f9c
7785Author: djm@openbsd.org <djm@openbsd.org>
7786Date: Fri Apr 17 13:32:09 2015 +0000
7787
7788 upstream commit
7789
7790 s/recommended/required/ that private keys be og-r this
7791 wording change was made a while ago but got accidentally reverted
7792
7793commit 44a8e7ce6f3ab4c2eb1ae49115c210b98e53c4df
7794Author: djm@openbsd.org <djm@openbsd.org>
7795Date: Fri Apr 17 13:25:52 2015 +0000
7796
7797 upstream commit
7798
7799 don't try to cleanup NULL KEX proposals in
7800 kex_prop_free(); found by Jukka Taimisto and Markus Hietava
7801
7802commit 3038a191872d2882052306098c1810d14835e704
7803Author: djm@openbsd.org <djm@openbsd.org>
7804Date: Fri Apr 17 13:19:22 2015 +0000
7805
7806 upstream commit
7807
7808 use error/logit/fatal instead of fprintf(stderr, ...)
7809 and exit(0), fix a few errors that were being printed to stdout instead of
7810 stderr and a few non-errors that were going to stderr instead of stdout
7811 bz#2325; ok dtucker
7812
7813commit a58be33cb6cd24441fa7e634db0e5babdd56f07f
7814Author: djm@openbsd.org <djm@openbsd.org>
7815Date: Fri Apr 17 13:16:48 2015 +0000
7816
7817 upstream commit
7818
7819 debug log missing DISPLAY environment when X11
7820 forwarding requested; bz#1682 ok dtucker@
7821
7822commit 17d4d9d9fbc8fb80e322f94d95eecc604588a474
7823Author: djm@openbsd.org <djm@openbsd.org>
7824Date: Fri Apr 17 04:32:31 2015 +0000
7825
7826 upstream commit
7827
7828 don't call record_login() in monitor when UseLogin is
7829 enabled; bz#278 reported by drk AT sgi.com; ok dtucker
7830
7831commit 40132ff87b6cbc3dc05fb5df2e9d8e3afa06aafd
7832Author: dtucker@openbsd.org <dtucker@openbsd.org>
7833Date: Fri Apr 17 04:12:35 2015 +0000
7834
7835 upstream commit
7836
7837 Add some missing options to sshd -T and fix the output
7838 of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat
7839 com, ok djm.
7840
7841commit 6cc7cfa936afde2d829e56ee6528c7ea47a42441
7842Author: dtucker@openbsd.org <dtucker@openbsd.org>
7843Date: Thu Apr 16 23:25:50 2015 +0000
7844
7845 upstream commit
7846
7847 Document "none" for PidFile XAuthLocation
7848 TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
7849
7850commit 15fdfc9b1c6808b26bc54d4d61a38b54541763ed
7851Author: dtucker@openbsd.org <dtucker@openbsd.org>
7852Date: Wed Apr 15 23:23:25 2015 +0000
7853
7854 upstream commit
7855
7856 Plug leak of address passed to logging. bz#2373, patch
7857 from jjelen at redhat, ok markus@
7858
7859commit bb2289e2a47d465eaaaeff3dee2a6b7777b4c291
7860Author: dtucker@openbsd.org <dtucker@openbsd.org>
7861Date: Tue Apr 14 04:17:03 2015 +0000
7862
7863 upstream commit
7864
7865 Output remote username in debug output since with Host
7866 and Match it's not always obvious what it will be. bz#2368, ok djm@
7867
7868commit 70860b6d07461906730632f9758ff1b7c98c695a
7869Author: Darren Tucker <dtucker@zip.com.au>
7870Date: Fri Apr 17 10:56:13 2015 +1000
7871
7872 Format UsePAM setting when using sshd -T.
7873
7874 Part of bz#2346, patch from jjelen at redhat com.
7875
7876commit ee15d9c9f0720f5a8b0b34e4b10ecf21f9824814
7877Author: Darren Tucker <dtucker@zip.com.au>
7878Date: Fri Apr 17 10:40:23 2015 +1000
7879
7880 Wrap endian.h include inside ifdef (bz#2370).
7881
7882commit 408f4c2ad4a4c41baa7b9b2b7423d875abbfa70b
7883Author: Darren Tucker <dtucker@zip.com.au>
7884Date: Fri Apr 17 09:39:58 2015 +1000
7885
7886 Look for '${host}-ar' before 'ar'.
7887
7888 This changes configure.ac to look for '${host}-ar' as set by
7889 AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
7890 Useful when cross-compiling when all your binutils are prefixed.
7891
7892 Patch from moben at exherbo org via astrand at lysator liu se and
7893 bz#2352.
7894
7895commit 673a1c16ad078d41558247ce739fe812c960acc8
7896Author: Damien Miller <djm@google.com>
7897Date: Thu Apr 16 11:40:20 2015 +1000
7898
7899 remove dependency on arpa/telnet.h
7900
7901commit 202d443eeda1829d336595a3cfc07827e49f45ed
7902Author: Darren Tucker <dtucker@zip.com.au>
7903Date: Wed Apr 15 15:59:49 2015 +1000
7904
7905 Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits.
7906
7907commit 597986493412c499f2bc2209420cb195f97b3668
7908Author: Damien Miller <djm@google.com>
7909Date: Thu Apr 9 10:14:48 2015 +1000
7910
7911 platform's with openpty don't need pty_release
7912
7913commit 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0
7914Author: djm@openbsd.org <djm@openbsd.org>
7915Date: Mon Apr 13 02:04:08 2015 +0000
7916
7917 upstream commit
7918
7919 deprecate ancient, pre-RFC4419 and undocumented
7920 SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
7921 reasonable" dtucker@
7922
7923commit d8f391caef62378463a0e6b36f940170dadfe605
7924Author: dtucker@openbsd.org <dtucker@openbsd.org>
7925Date: Fri Apr 10 05:16:50 2015 +0000
7926
7927 upstream commit
7928
7929 Don't send hostkey advertisments
7930 (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
7931 handle them. Newer versions should be OK. Patch from Bryan Drewery and
7932 IWAMOTO Kouichi, ok djm@
7933
7934commit 2c2cfe1a1c97eb9a08cc9817fd0678209680c636
7935Author: djm@openbsd.org <djm@openbsd.org>
7936Date: Fri Apr 10 00:08:55 2015 +0000
7937
7938 upstream commit
7939
7940 include port number if a non-default one has been
7941 specified; based on patch from Michael Handler
7942
7943commit 4492a4f222da4cf1e8eab12689196322e27b08c4
7944Author: djm@openbsd.org <djm@openbsd.org>
7945Date: Tue Apr 7 23:00:42 2015 +0000
7946
7947 upstream commit
7948
7949 treat Protocol=1,2|2,1 as Protocol=2 when compiled
7950 without SSH1 support; ok dtucker@ millert@
7951
7952commit c265e2e6e932efc6d86f6cc885dea33637a67564
7953Author: miod@openbsd.org <miod@openbsd.org>
7954Date: Sun Apr 5 15:43:43 2015 +0000
7955
7956 upstream commit
7957
7958 Do not use int for sig_atomic_t; spotted by
7959 christos@netbsd; ok markus@
7960
7961commit e7bf3a5eda6a1b02bef6096fed78527ee11e54cc
7962Author: Darren Tucker <dtucker@zip.com.au>
7963Date: Tue Apr 7 10:48:04 2015 +1000
7964
7965 Use do{}while(0) for no-op functions.
7966
7967 From FreeBSD.
7968
7969commit bb99844abae2b6447272f79e7fa84134802eb4df
7970Author: Darren Tucker <dtucker@zip.com.au>
7971Date: Tue Apr 7 10:47:15 2015 +1000
7972
7973 Wrap blf.h include in ifdef. From FreeBSD.
7974
7975commit d9b9b43656091cf0ad55c122f08fadb07dad0abd
7976Author: Darren Tucker <dtucker@zip.com.au>
7977Date: Tue Apr 7 09:10:00 2015 +1000
7978
7979 Fix misspellings of regress CONFOPTS env variables.
7980
7981 Patch from Bryan Drewery.
7982
7983commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156
7984Author: djm@openbsd.org <djm@openbsd.org>
7985Date: Fri Apr 3 22:17:27 2015 +0000
7986
7987 upstream commit
7988
7989 correct return value in pubkey parsing, spotted by Ben Hawkes
7990 ok markus@
7991
7992commit 7da2be0cb9601ed25460c83aa4d44052b967ba0f
7993Author: djm@openbsd.org <djm@openbsd.org>
7994Date: Tue Mar 31 22:59:01 2015 +0000
7995
7996 upstream commit
7997
7998 adapt to recent hostfile.c change: when parsing
7999 known_hosts without fully parsing the keys therein, hostkeys_foreach() will
8000 now correctly identify KEY_RSA1 keys; ok markus@ miod@
8001
8002commit 9e1777a0d1c706714b055811c12ab8cc21033e4a
8003Author: markus@openbsd.org <markus@openbsd.org>
8004Date: Tue Mar 24 20:19:15 2015 +0000
8005
8006 upstream commit
8007
8008 use ${SSH} for -Q instead of installed ssh
8009
8010commit ce1b358ea414a2cc88e4430cd5a2ea7fecd9de57
8011Author: djm@openbsd.org <djm@openbsd.org>
8012Date: Mon Mar 16 22:46:14 2015 +0000
8013
8014 upstream commit
8015
8016 make CLEANFILES clean up more of the tests' droppings
8017
8018commit 398f9ef192d820b67beba01ec234d66faca65775
8019Author: djm@openbsd.org <djm@openbsd.org>
8020Date: Tue Mar 31 22:57:06 2015 +0000
8021
8022 upstream commit
8023
8024 downgrade error() for known_hosts parse errors to debug()
8025 to quiet warnings from ssh1 keys present when compiled !ssh1.
8026
8027 also identify ssh1 keys when scanning, even when compiled !ssh1
8028
8029 ok markus@ miod@
8030
8031commit 9a47ab80030a31f2d122b8fd95bd48c408b9fcd9
8032Author: djm@openbsd.org <djm@openbsd.org>
8033Date: Tue Mar 31 22:55:50 2015 +0000
8034
8035 upstream commit
8036
8037 fd leak for !ssh1 case; found by unittests; ok markus@
8038
8039commit c9a0805a6280681901c270755a7cd630d7c5280e
8040Author: djm@openbsd.org <djm@openbsd.org>
8041Date: Tue Mar 31 22:55:24 2015 +0000
8042
8043 upstream commit
8044
8045 don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
8046 listener; reported by miod@; ok miod@ markus@
8047
8048commit 704d8c88988cae38fb755a6243b119731d223222
8049Author: tobias@openbsd.org <tobias@openbsd.org>
8050Date: Tue Mar 31 11:06:49 2015 +0000
8051
8052 upstream commit
8053
8054 Comments are only supported for RSA1 keys. If a user
8055 tried to add one and entered his passphrase, explicitly clear it before exit.
8056 This is done in all other error paths, too.
8057
8058 ok djm
8059
8060commit 78de1673c05ea2c33e0d4a4b64ecb5186b6ea2e9
8061Author: jmc@openbsd.org <jmc@openbsd.org>
8062Date: Mon Mar 30 18:28:37 2015 +0000
8063
8064 upstream commit
8065
8066 ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
8067 diff originally from jiri b;
8068
8069commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00
8070Author: djm@openbsd.org <djm@openbsd.org>
8071Date: Mon Mar 30 00:00:29 2015 +0000
8072
8073 upstream commit
8074
8075 fix uninitialised memory read when parsing a config file
8076 consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
8077 dtucker
8078
8079commit fecede00a76fbb33a349f5121c0b2f9fbc04a777
8080Author: markus@openbsd.org <markus@openbsd.org>
8081Date: Thu Mar 26 19:32:19 2015 +0000
8082
8083 upstream commit
8084
8085 sigp and lenp are not optional in ssh_agent_sign(); ok
8086 djm@
8087
8088commit 1b0ef3813244c78669e6d4d54c624f600945327d
8089Author: naddy@openbsd.org <naddy@openbsd.org>
8090Date: Thu Mar 26 12:32:38 2015 +0000
8091
8092 upstream commit
8093
8094 don't try to load .ssh/identity by default if SSH1 is
8095 disabled; ok markus@
8096
8097commit f9b78852379b74a2d14e6fc94fe52af30b7e9c31
8098Author: djm@openbsd.org <djm@openbsd.org>
8099Date: Thu Mar 26 07:00:04 2015 +0000
8100
8101 upstream commit
8102
8103 ban all-zero curve25519 keys as recommended by latest
8104 CFRG curves draft; ok markus
8105
8106commit b8afbe2c1aaf573565e4da775261dfafc8b1ba9c
8107Author: djm@openbsd.org <djm@openbsd.org>
8108Date: Thu Mar 26 06:59:28 2015 +0000
8109
8110 upstream commit
8111
8112 relax bits needed check to allow
8113 diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
8114 selected as symmetric cipher; ok markus
8115
8116commit 47842f71e31da130555353c1d57a1e5a8937f1c0
8117Author: markus@openbsd.org <markus@openbsd.org>
8118Date: Wed Mar 25 19:29:58 2015 +0000
8119
8120 upstream commit
8121
8122 ignore v1 errors on ssh-add -D; only try v2 keys on
8123 -l/-L (unless WITH_SSH1) ok djm@
8124
8125commit 5f57e77f91bf2230c09eca96eb5ecec39e5f2da6
8126Author: markus@openbsd.org <markus@openbsd.org>
8127Date: Wed Mar 25 19:21:48 2015 +0000
8128
8129 upstream commit
8130
8131 unbreak ssh_agent_sign (lenp vs *lenp)
8132
8133commit 4daeb67181054f2a377677fac919ee8f9ed3490e
8134Author: markus@openbsd.org <markus@openbsd.org>
8135Date: Tue Mar 24 20:10:08 2015 +0000
8136
8137 upstream commit
8138
8139 don't leak 'setp' on error; noted by Nicholas Lemonias;
8140 ok djm@
8141
8142commit 7d4f96f9de2a18af0d9fa75ea89a4990de0344f5
8143Author: markus@openbsd.org <markus@openbsd.org>
8144Date: Tue Mar 24 20:09:11 2015 +0000
8145
8146 upstream commit
8147
8148 consistent check for NULL as noted by Nicholas
8149 Lemonias; ok djm@
8150
8151commit df100be51354e447d9345cf1ec22e6013c0eed50
8152Author: markus@openbsd.org <markus@openbsd.org>
8153Date: Tue Mar 24 20:03:44 2015 +0000
8154
8155 upstream commit
8156
8157 correct fmt-string for size_t as noted by Nicholas
8158 Lemonias; ok djm@
8159
8160commit a22b9ef21285e81775732436f7c84a27bd3f71e0
8161Author: djm@openbsd.org <djm@openbsd.org>
8162Date: Tue Mar 24 09:17:21 2015 +0000
8163
8164 upstream commit
8165
8166 promote chacha20-poly1305@openssh.com to be the default
8167 cipher; ok markus
8168
8169commit 2aa9da1a3b360cf7b13e96fe1521534b91501fb5
8170Author: djm@openbsd.org <djm@openbsd.org>
8171Date: Tue Mar 24 01:29:19 2015 +0000
8172
8173 upstream commit
8174
8175 Compile-time disable SSH protocol 1. You can turn it
8176 back on using the Makefile.inc knob if you need it to talk to ancient
8177 devices.
8178
8179commit 53097b2022154edf96b4e8526af5666f979503f7
8180Author: djm@openbsd.org <djm@openbsd.org>
8181Date: Tue Mar 24 01:11:12 2015 +0000
8182
8183 upstream commit
8184
8185 fix double-negative error message "ssh1 is not
8186 unsupported"
8187
8188commit 5c27e3b6ec2db711dfcd40e6359c0bcdd0b62ea9
8189Author: djm@openbsd.org <djm@openbsd.org>
8190Date: Mon Mar 23 06:06:38 2015 +0000
8191
8192 upstream commit
8193
8194 for ssh-keygen -A, don't try (and fail) to generate ssh
8195 v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
8196 without OpenSSL based on patch by Mike Frysinger; bz#2369
8197
8198commit 725fd22a8c41db7de73a638539a5157b7e4424ae
8199Author: djm@openbsd.org <djm@openbsd.org>
8200Date: Wed Mar 18 01:44:21 2015 +0000
8201
8202 upstream commit
8203
8204 KRL support doesn't need OpenSSL anymore, remove #ifdefs
8205 from around call
8206
8207commit b07011c18e0b2e172c5fd09d21fb159a0bf5fcc7
8208Author: djm@openbsd.org <djm@openbsd.org>
8209Date: Mon Mar 16 11:09:52 2015 +0000
8210
8211 upstream commit
8212
8213 #if 0 some more arrays used only for decrypting (we don't
8214 use since we only need encrypt for AES-CTR)
8215
8216commit 1cb3016635898d287e9d58b50c430995652d5358
8217Author: jsg@openbsd.org <jsg@openbsd.org>
8218Date: Wed Mar 11 00:48:39 2015 +0000
8219
8220 upstream commit
8221
8222 add back the changes from rev 1.206, djm reverted this by
8223 mistake in rev 1.207
8224
8225commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697
8226Author: Damien Miller <djm@mindrot.org>
8227Date: Fri Mar 20 09:11:59 2015 +1100
8228
8229 remove error() accidentally inserted for debugging
8230
8231 pointed out by Christian Hesse
8232
8233commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
8234Author: Tim Rice <tim@multitalents.net>
8235Date: Mon Mar 16 22:49:20 2015 -0700
8236
8237 portability fix: Solaris systems may not have a grep that understands -q
8238
8239commit 8ef691f7d9ef500257a549d0906d78187490668f
8240Author: Damien Miller <djm@google.com>
8241Date: Wed Mar 11 10:35:26 2015 +1100
8242
8243 fix compile with clang
8244
8245commit 4df590cf8dc799e8986268d62019b487a8ed63ad
8246Author: Damien Miller <djm@google.com>
8247Date: Wed Mar 11 10:02:39 2015 +1100
8248
8249 make unit tests work for !OPENSSH_HAS_ECC
8250
8251commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba
8252Author: djm@openbsd.org <djm@openbsd.org>
8253Date: Sat Mar 7 04:41:48 2015 +0000
8254
8255 upstream commit
8256
8257 unbreak for w/SSH1 (default) case; ok markus@ deraadt@
8258
8259commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f
8260Author: Damien Miller <djm@mindrot.org>
8261Date: Thu Mar 5 18:39:20 2015 -0800
8262
8263 unbreak hostkeys test for w/ SSH1 case
8264
8265commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4
8266Author: djm@openbsd.org <djm@openbsd.org>
8267Date: Fri Mar 6 01:40:56 2015 +0000
8268
8269 upstream commit
8270
8271 fix sshkey_certify() return value for unsupported key types;
8272 ok markus@ deraadt@
8273
8274commit be8f658e550a434eac04256bfbc4289457a24e99
8275Author: Damien Miller <djm@mindrot.org>
8276Date: Wed Mar 4 15:38:03 2015 -0800
8277
8278 update version numbers to match version.h
8279
8280commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc
8281Author: djm@openbsd.org <djm@openbsd.org>
8282Date: Wed Mar 4 23:22:35 2015 +0000
8283
8284 upstream commit
8285
8286 make these work with !SSH1; ok markus@ deraadt@
8287
8288commit 2f04af92f036b0c87a23efb259c37da98cd81fe6
8289Author: djm@openbsd.org <djm@openbsd.org>
8290Date: Wed Mar 4 21:12:59 2015 +0000
8291
8292 upstream commit
8293
8294 make ssh-add -D work with !SSH1 agent
8295
8296commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b
8297Author: Damien Miller <djm@mindrot.org>
8298Date: Wed Mar 4 00:55:48 2015 -0800
8299
8300 netcat needs poll.h portability goop
8301
8302commit dad2b1892b4c1b7e58df483a8c5b983c4454e099
8303Author: markus@openbsd.org <markus@openbsd.org>
8304Date: Tue Mar 3 22:35:19 2015 +0000
8305
8306 upstream commit
8307
8308 make it possible to run tests w/o ssh1 support; ok djm@
8309
8310commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2
8311Author: djm@openbsd.org <djm@openbsd.org>
8312Date: Wed Mar 4 18:53:53 2015 +0000
8313
8314 upstream commit
8315
8316 crank; ok markus, deraadt
8317
8318commit bbffb23daa0b002dd9f296e396a9ab8a5866b339
8319Author: Damien Miller <djm@mindrot.org>
8320Date: Tue Mar 3 13:50:27 2015 -0800
8321
8322 more --without-ssh1 fixes
8323
8324commit 6c2039286f503e2012a58a1d109e389016e7a99b
8325Author: Damien Miller <djm@mindrot.org>
8326Date: Tue Mar 3 13:48:48 2015 -0800
8327
8328 fix merge both that broke --without-ssh1 compile
8329
8330commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3
8331Author: djm@openbsd.org <djm@openbsd.org>
8332Date: Tue Mar 3 21:21:13 2015 +0000
8333
8334 upstream commit
8335
8336 add SSH1 Makefile knob to make it easier to build without
8337 SSH1 support; ok markus@
8338
8339commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c
8340Author: djm@openbsd.org <djm@openbsd.org>
8341Date: Tue Mar 3 20:42:49 2015 +0000
8342
8343 upstream commit
8344
8345 expand __unused to full __attribute__ for better portability
8346
8347commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6
8348Author: Damien Miller <djm@mindrot.org>
8349Date: Wed Mar 4 07:41:27 2015 +1100
8350
8351 avoid warning
8352
8353commit d1bc844322461f882b4fd2277ba9a8d4966573d2
8354Author: Damien Miller <djm@mindrot.org>
8355Date: Wed Mar 4 06:31:45 2015 +1100
8356
8357 Revert "define __unused to nothing if not already defined"
8358
8359 This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908.
8360
8361 Some system headers have objects named __unused
8362
8363commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1
8364Author: Damien Miller <djm@mindrot.org>
8365Date: Wed Mar 4 05:02:45 2015 +1100
8366
8367 check for crypt and DES_crypt in openssl block
8368
8369 fixes builds on systems that use DES_crypt; based on patch
8370 from Roumen Petrov
8371
8372commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908
8373Author: Damien Miller <djm@mindrot.org>
8374Date: Wed Mar 4 04:59:13 2015 +1100
8375
8376 define __unused to nothing if not already defined
8377
8378 fixes builds on BSD/OS
8379
8380commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9
8381Author: djm@openbsd.org <djm@openbsd.org>
8382Date: Tue Mar 3 17:53:40 2015 +0000
8383
8384 upstream commit
8385
8386 reorder logic for better portability; patch from Roumen
8387 Petrov
8388
8389commit 68d2dfc464fbcdf8d6387884260f9801f4352393
8390Author: djm@openbsd.org <djm@openbsd.org>
8391Date: Tue Mar 3 06:48:58 2015 +0000
8392
8393 upstream commit
8394
8395 Allow "ssh -Q protocol-version" to list supported SSH
8396 protocol versions. Useful for detecting builds without SSH v.1 support; idea
8397 and ok markus@
8398
8399commit 39e2f1229562e1195169905607bc12290d21f021
8400Author: millert@openbsd.org <millert@openbsd.org>
8401Date: Sun Mar 1 15:44:40 2015 +0000
8402
8403 upstream commit
8404
8405 Make sure we only call getnameinfo() for AF_INET or AF_INET6
8406 sockets. getpeername() of a Unix domain socket may return without error on
8407 some systems without actually setting ss_family so getnameinfo() was getting
8408 called with ss_family set to AF_UNSPEC. OK djm@
8409
8410commit e47536ba9692d271b8ad89078abdecf0a1c11707
8411Author: Damien Miller <djm@mindrot.org>
8412Date: Sat Feb 28 08:20:11 2015 -0800
8413
8414 portability fixes for regress/netcat.c
8415
8416 Mostly avoiding "err(1, NULL)"
8417
8418commit 02973ad5f6f49d8420e50a392331432b0396c100
8419Author: Damien Miller <djm@mindrot.org>
8420Date: Sat Feb 28 08:05:27 2015 -0800
8421
8422 twiddle another test for portability
8423
8424 from Tom G. Christensen
8425
8426commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0
8427Author: Damien Miller <djm@mindrot.org>
8428Date: Fri Feb 27 15:52:49 2015 -0800
8429
8430 twiddle test for portability
8431
8432commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83
8433Author: Damien Miller <djm@mindrot.org>
8434Date: Thu Feb 26 20:33:22 2015 -0800
8435
8436 make regress/netcat.c fd passing (more) portable
8437
8438commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea
8439Author: Damien Miller <djm@mindrot.org>
8440Date: Thu Feb 26 20:32:58 2015 -0800
8441
8442 create OBJ/valgrind-out before running unittests
8443
8444commit bd58853102cee739f0e115e6d4b5334332ab1442
8445Author: Damien Miller <djm@mindrot.org>
8446Date: Wed Feb 25 16:58:22 2015 -0800
8447
8448 valgrind support
8449
8450commit f43d17269194761eded9e89f17456332f4c83824
8451Author: djm@openbsd.org <djm@openbsd.org>
8452Date: Thu Feb 26 20:45:47 2015 +0000
8453
8454 upstream commit
8455
8456 don't printf NULL key comments; reported by Tom Christensen
8457
8458commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8
8459Author: djm@openbsd.org <djm@openbsd.org>
8460Date: Wed Feb 25 23:05:47 2015 +0000
8461
8462 upstream commit
8463
8464 zero cmsgbuf before use; we initialise the bits we use
8465 but valgrind still spams warning on it
8466
8467commit a63cfa26864b93ab6afefad0b630e5358ed8edfa
8468Author: djm@openbsd.org <djm@openbsd.org>
8469Date: Wed Feb 25 19:54:02 2015 +0000
8470
8471 upstream commit
8472
8473 fix small memory leak when UpdateHostkeys=no
8474
8475commit e6b950341dd75baa8526f1862bca39e52f5b879b
8476Author: Tim Rice <tim@multitalents.net>
8477Date: Wed Feb 25 09:56:48 2015 -0800
8478
8479 Revert "Work around finicky USL linker so netcat will build."
8480
8481 This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b.
8482
8483 No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3
8484
8485commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0
8486Author: djm@openbsd.org <djm@openbsd.org>
8487Date: Wed Feb 25 17:29:38 2015 +0000
8488
8489 upstream commit
8490
8491 don't leak validity of user in "too many authentication
8492 failures" disconnect message; reported by Sebastian Reitenbach
8493
8494commit 6288e3a935494df12519164f52ca5c8c65fc3ca5
8495Author: naddy@openbsd.org <naddy@openbsd.org>
8496Date: Tue Feb 24 15:24:05 2015 +0000
8497
8498 upstream commit
8499
8500 add -v (show ASCII art) to -l's synopsis; ok djm@
8501
8502commit 678e473e2af2e4802f24dd913985864d9ead7fb3
8503Author: Darren Tucker <dtucker@zip.com.au>
8504Date: Thu Feb 26 04:12:58 2015 +1100
8505
8506 Remove dependency on xmalloc.
8507
8508 Remove ssh_get_progname's dependency on xmalloc, which should reduce
8509 link order problems. ok djm@
8510
8511commit 5d5ec165c5b614b03678afdad881f10e25832e46
8512Author: Darren Tucker <dtucker@zip.com.au>
8513Date: Wed Feb 25 15:32:49 2015 +1100
8514
8515 Restrict ECDSA and ECDH tests.
8516
8517 ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
8518 that does not have eliptic curve functionality.
8519
8520commit 1734e276d99b17e92d4233fac7aef3a3180aaca7
8521Author: Darren Tucker <dtucker@zip.com.au>
8522Date: Wed Feb 25 13:40:45 2015 +1100
8523
8524 Move definition of _NSIG.
8525
8526 _NSIG is only unsed in one file, so move it there prevent redefinition
8527 warnings reported by Kevin Brott.
8528
8529commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d
8530Author: Darren Tucker <dtucker@zip.com.au>
8531Date: Wed Feb 25 13:17:40 2015 +1100
8532
8533 Add includes.h for compatibility stuff.
8534
8535commit 38806bda6d2e48ad32812b461eebe17672ada771
8536Author: Damien Miller <djm@mindrot.org>
8537Date: Tue Feb 24 16:50:06 2015 -0800
8538
8539 include netdb.h to look for MAXHOSTNAMELEN; ok tim
8540
8541commit d1db656021d0cd8c001a6692f772f1de29b67c8b
8542Author: Tim Rice <tim@multitalents.net>
8543Date: Tue Feb 24 10:42:08 2015 -0800
8544
8545 Work around finicky USL linker so netcat will build.
8546
8547commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3
8548Author: Damien Miller <djm@mindrot.org>
8549Date: Tue Feb 24 09:23:04 2015 -0800
8550
8551 include includes.h to avoid build failure on AIX
8552
8553commit 13af342458f5064144abbb07e5ac9bbd4eb42567
8554Author: Tim Rice <tim@multitalents.net>
8555Date: Tue Feb 24 07:56:47 2015 -0800
8556
8557 Original portability patch from djm@ for platforms missing err.h.
8558 Fix name space clash on Solaris 10. Still more to do for Solaris 10
8559 to deal with msghdr structure differences. ok djm@
8560
8561commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2
8562Author: Tim Rice <tim@multitalents.net>
8563Date: Mon Feb 23 22:06:56 2015 -0800
8564
8565 cleaner way fix dispatch.h portion of commit
8566 a88dd1da119052870bb2654c1a32c51971eade16
8567 (some systems have sig_atomic_t in signal.h, some in sys/signal.h)
8568 Sounds good to me djm@
8569
8570commit 676c38d7cbe65b76bbfff796861bb6615cc6a596
8571Author: Tim Rice <tim@multitalents.net>
8572Date: Mon Feb 23 21:51:33 2015 -0800
8573
8574 portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255
8575
8576commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6
8577Author: Tim Rice <tim@multitalents.net>
8578Date: Mon Feb 23 21:50:34 2015 -0800
8579
8580 portablity fix: s/__inline__/inline/
8581
8582commit 4c356308a88d309c796325bb75dce90ca16591d5
8583Author: Darren Tucker <dtucker@zip.com.au>
8584Date: Tue Feb 24 13:49:31 2015 +1100
8585
8586 Wrap stdint.h includes in HAVE_STDINT_H.
8587
8588commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614
8589Author: Darren Tucker <dtucker@zip.com.au>
8590Date: Tue Feb 24 13:43:57 2015 +1100
8591
8592 Add AI_NUMERICSERV to fake-rfc2553.
8593
8594 Our getaddrinfo implementation always returns numeric values already.
8595
8596commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4
8597Author: Darren Tucker <dtucker@zip.com.au>
8598Date: Tue Feb 24 13:39:57 2015 +1100
8599
8600 Include OpenSSL's objects.h before bn.h.
8601
8602 Prevents compile errors on some platforms (at least old GCCs and AIX's
8603 XLC compilers).
8604
8605commit dcc8997d116f615195aa7c9ec019fb36c28c6228
8606Author: Darren Tucker <dtucker@zip.com.au>
8607Date: Tue Feb 24 12:30:59 2015 +1100
8608
8609 Convert two macros into functions.
8610
8611 Convert packet_send_debug and packet_disconnect from macros to
8612 functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with
8613 variadic macros with only one argument so we convert these two into
8614 functions. ok djm@
8615
8616commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1
8617Author: djm@openbsd.org <djm@openbsd.org>
8618Date: Mon Feb 23 22:21:21 2015 +0000
8619
8620 upstream commit
8621
8622 further silence spurious error message even when -v is
8623 specified (e.g. to get visual host keys); reported by naddy@
8624
8625commit 9af21979c00652029e160295e988dea40758ece2
8626Author: Damien Miller <djm@mindrot.org>
8627Date: Tue Feb 24 09:04:32 2015 +1100
8628
8629 don't include stdint.h unless HAVE_STDINT_H set
8630
8631commit 62f678dd51660d6f8aee1da33d3222c5de10a89e
8632Author: Damien Miller <djm@mindrot.org>
8633Date: Tue Feb 24 09:02:54 2015 +1100
8634
8635 nother sys/queue.h -> sys-queue.h fix
8636
8637 spotted by Tom Christensen
8638
8639commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f
8640Author: djm@openbsd.org <djm@openbsd.org>
8641Date: Mon Feb 23 20:32:15 2015 +0000
8642
8643 upstream commit
8644
8645 fix a race condition by using a mux socket rather than an
8646 ineffectual wait statement
8647
8648commit a88dd1da119052870bb2654c1a32c51971eade16
8649Author: Damien Miller <djm@mindrot.org>
8650Date: Tue Feb 24 06:30:29 2015 +1100
8651
8652 various include fixes for portable
8653
8654commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd
8655Author: djm@openbsd.org <djm@openbsd.org>
8656Date: Mon Feb 23 16:55:51 2015 +0000
8657
8658 upstream commit
8659
8660 add an XXX to remind me to improve sshkey_load_public
8661
8662commit e94e4b07ef2eaead38b085a60535df9981cdbcdb
8663Author: djm@openbsd.org <djm@openbsd.org>
8664Date: Mon Feb 23 16:55:31 2015 +0000
8665
8666 upstream commit
8667
8668 silence a spurious error message when listing
8669 fingerprints for known_hosts; bz#2342
8670
8671commit f2293a65392b54ac721f66bc0b44462e8d1d81f8
8672Author: djm@openbsd.org <djm@openbsd.org>
8673Date: Mon Feb 23 16:33:25 2015 +0000
8674
8675 upstream commit
8676
8677 fix setting/clearing of TTY raw mode around
8678 UpdateHostKeys=ask confirmation question; reported by Herb Goldman
8679
8680commit f2004cd1adf34492eae0a44b1ef84e0e31b06088
8681Author: Darren Tucker <dtucker@zip.com.au>
8682Date: Mon Feb 23 05:04:21 2015 +1100
8683
8684 Repair for non-ECC OpenSSL.
8685
8686 Ifdef out the ECC parts when building with an OpenSSL that doesn't have
8687 it.
8688
8689commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f
8690Author: Darren Tucker <dtucker@zip.com.au>
8691Date: Mon Feb 23 03:07:24 2015 +1100
8692
8693 Wrap stdint.h includes in ifdefs.
8694
8695commit f81f1bbc5b892c8614ea740b1f92735652eb43f0
8696Author: Tim Rice <tim@multitalents.net>
8697Date: Sat Feb 21 18:12:10 2015 -0800
8698
8699 out of tree build fix
8700
8701commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae
8702Author: Tim Rice <tim@multitalents.net>
8703Date: Sat Feb 21 18:08:51 2015 -0800
8704
8705 mkdir kex unit test directory so testing out of tree builds works
8706
8707commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c
8708Author: halex@openbsd.org <halex@openbsd.org>
8709Date: Sat Feb 21 21:46:57 2015 +0000
8710
8711 upstream commit
8712
8713 make "ssh-add -d" properly remove a corresponding
8714 certificate, and also not whine and fail if there is none
8715
8716 ok djm@
8717
8718commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6
8719Author: Damien Miller <djm@mindrot.org>
8720Date: Sun Feb 22 07:57:27 2015 +1100
8721
8722 mkdir hostkey and bitmap unit test directories
8723
8724commit bd49da2ef197efac5e38f5399263a8b47990c538
8725Author: djm@openbsd.org <djm@openbsd.org>
8726Date: Fri Feb 20 23:46:01 2015 +0000
8727
8728 upstream commit
8729
8730 sort options useable under Match case-insensitively; prodded
8731 jmc@
8732
8733commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac
8734Author: djm@openbsd.org <djm@openbsd.org>
8735Date: Sat Feb 21 20:51:02 2015 +0000
8736
8737 upstream commit
8738
8739 correct paths to configuration files being written/updated;
8740 they live in $OBJ not cwd; some by Roumen Petrov
8741
8742commit 28ba006c1acddff992ae946d0bc0b500b531ba6b
8743Author: Darren Tucker <dtucker@zip.com.au>
8744Date: Sat Feb 21 15:41:07 2015 +1100
8745
8746 More correct checking of HAVE_DECL_AI_NUMERICSERV.
8747
8748commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54
8749Author: Darren Tucker <dtucker@zip.com.au>
8750Date: Sat Feb 21 15:10:33 2015 +1100
8751
8752 Add null declaration of AI_NUMERICINFO.
8753
8754 Some platforms (older FreeBSD and DragonFly versions) do have
8755 getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
8756 in those cases.
8757
8758commit 18a208d6a460d707a45916db63a571e805f5db46
8759Author: djm@openbsd.org <djm@openbsd.org>
8760Date: Fri Feb 20 22:40:32 2015 +0000
8761
8762 upstream commit
8763
8764 more options that are available under Match; bz#2353 reported
8765 by calestyo AT scientia.net
8766
8767commit 44732de06884238049f285f1455b2181baa7dc82
8768Author: djm@openbsd.org <djm@openbsd.org>
8769Date: Fri Feb 20 22:17:21 2015 +0000
8770
8771 upstream commit
8772
8773 UpdateHostKeys fixes:
8774
8775 I accidentally changed the format of the hostkeys@openssh.com messages
8776 last week without changing the extension name, and this has been causing
8777 connection failures for people who are running -current. First reported
8778 by sthen@
8779
8780 s/hostkeys@openssh.com/hostkeys-00@openssh.com/
8781 Change the name of the proof message too, and reorder it a little.
8782
8783 Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
8784 available to read the response) so disable UpdateHostKeys if it is in
8785 ask mode and ControlPersist is active (and document this)
8786
8787commit 13a39414d25646f93e6d355521d832a03aaaffe2
8788Author: djm@openbsd.org <djm@openbsd.org>
8789Date: Tue Feb 17 00:14:05 2015 +0000
8790
8791 upstream commit
8792
8793 Regression: I broke logging of public key fingerprints in
8794 1.46. Pointed out by Pontus Lundkvist
8795
8796commit 773dda25e828c4c9a52f7bdce6e1e5924157beab
8797Author: Damien Miller <djm@mindrot.org>
8798Date: Fri Jan 30 23:10:17 2015 +1100
8799
8800 repair --without-openssl; broken in refactor
8801
8802commit e89c780886b23600de1e1c8d74aabd1ff61f43f0
8803Author: Damien Miller <djm@google.com>
8804Date: Tue Feb 17 10:04:55 2015 +1100
8805
8806 hook up hostkeys unittest to portable Makefiles
8807
8808commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99
8809Author: djm@openbsd.org <djm@openbsd.org>
8810Date: Mon Feb 16 22:21:03 2015 +0000
8811
8812 upstream commit
8813
8814 enable hostkeys unit tests
8815
8816commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b
8817Author: djm@openbsd.org <djm@openbsd.org>
8818Date: Mon Feb 16 22:20:50 2015 +0000
8819
8820 upstream commit
8821
8822 check string/memory compare arguments aren't NULL
8823
8824commit ef575ef20d09f20722e26b45dab80b3620469687
8825Author: djm@openbsd.org <djm@openbsd.org>
8826Date: Mon Feb 16 22:18:34 2015 +0000
8827
8828 upstream commit
8829
8830 unit tests for hostfile.c code, just hostkeys_foreach so
8831 far
8832
8833commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7
8834Author: markus@openbsd.org <markus@openbsd.org>
8835Date: Sat Feb 14 12:43:16 2015 +0000
8836
8837 upstream commit
8838
8839 test server rekey limit
8840
8841commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3
8842Author: djm@openbsd.org <djm@openbsd.org>
8843Date: Mon Feb 16 22:30:03 2015 +0000
8844
8845 upstream commit
8846
8847 partial backout of:
8848
8849 revision 1.441
8850 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid
8851 : x8klYPZMJSrVlt3O;
8852 Let sshd load public host keys even when private keys are missing.
8853 Allows sshd to advertise additional keys for future key rotation.
8854 Also log fingerprint of hostkeys loaded; ok markus@
8855
8856 hostkey updates now require access to the private key, so we can't
8857 load public keys only. The improved log messages (fingerprints of keys
8858 loaded) are kept.
8859
8860commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc
8861Author: djm@openbsd.org <djm@openbsd.org>
8862Date: Mon Feb 16 22:13:32 2015 +0000
8863
8864 upstream commit
8865
8866 Revise hostkeys@openssh.com hostkey learning extension.
8867
8868 The client will not ask the server to prove ownership of the private
8869 halves of any hitherto-unseen hostkeys it offers to the client.
8870
8871 Allow UpdateHostKeys option to take an 'ask' argument to let the
8872 user manually review keys offered.
8873
8874 ok markus@
8875
8876commit 6c5c949782d86a6e7d58006599c7685bfcd01685
8877Author: djm@openbsd.org <djm@openbsd.org>
8878Date: Mon Feb 16 22:08:57 2015 +0000
8879
8880 upstream commit
8881
8882 Refactor hostkeys_foreach() and dependent code Deal with
8883 IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing
8884 changed ok markus@ as part of larger commit
8885
8886commit 51b082ccbe633dc970df1d1f4c9c0497115fe721
8887Author: miod@openbsd.org <miod@openbsd.org>
8888Date: Mon Feb 16 18:26:26 2015 +0000
8889
8890 upstream commit
8891
8892 Declare ge25519_base as extern, to prevent it from
8893 becoming a common. Gets us rid of ``lignment 4 of symbol
8894 `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in
8895 mod_ed25519.o'' warnings at link time.
8896
8897commit 02db468bf7e3281a8e3c058ced571b38b6407c34
8898Author: markus@openbsd.org <markus@openbsd.org>
8899Date: Fri Feb 13 18:57:00 2015 +0000
8900
8901 upstream commit
8902
8903 make rekey_limit for sshd w/privsep work; ok djm@
8904 dtucker@
8905
8906commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8
8907Author: dtucker@openbsd.org <dtucker@openbsd.org>
8908Date: Thu Feb 12 20:34:19 2015 +0000
8909
8910 upstream commit
8911
8912 Prevent sshd spamming syslog with
8913 "ssh_dispatch_run_fatal: disconnected". ok markus@
8914
8915commit d4c0295d1afc342057ba358237acad6be8af480b
8916Author: djm@openbsd.org <djm@openbsd.org>
8917Date: Wed Feb 11 01:20:38 2015 +0000
8918
8919 upstream commit
8920
8921 Some packet error messages show the address of the peer,
8922 but might be generated after the socket to the peer has suffered a TCP reset.
8923 In these cases, getpeername() won't work so cache the address earlier.
8924
8925 spotted in the wild via deraadt@ and tedu@
8926
8927commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d
8928Author: jsg@openbsd.org <jsg@openbsd.org>
8929Date: Mon Feb 9 23:22:37 2015 +0000
8930
8931 upstream commit
8932
8933 fix some leaks in error paths ok markus@
8934
8935commit fd36834871d06a03e1ff8d69e41992efa1bbf85f
8936Author: millert@openbsd.org <millert@openbsd.org>
8937Date: Fri Feb 6 23:21:59 2015 +0000
8938
8939 upstream commit
8940
8941 SIZE_MAX is standard, we should be using it in preference to
8942 the obsolete SIZE_T_MAX. OK miod@ beck@
8943
8944commit 1910a286d7771eab84c0b047f31c0a17505236fa
8945Author: millert@openbsd.org <millert@openbsd.org>
8946Date: Thu Feb 5 12:59:57 2015 +0000
8947
8948 upstream commit
8949
8950 Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
8951
8952commit ce4f59b2405845584f45e0b3214760eb0008c06c
8953Author: deraadt@openbsd.org <deraadt@openbsd.org>
8954Date: Tue Feb 3 08:07:20 2015 +0000
8955
8956 upstream commit
8957
8958 missing ; djm and mlarkin really having great
8959 interactions recently
8960
8961commit 5d34aa94938abb12b877a25be51862757f25d54b
8962Author: halex@openbsd.org <halex@openbsd.org>
8963Date: Tue Feb 3 00:34:14 2015 +0000
8964
8965 upstream commit
8966
8967 slightly extend the passphrase prompt if running with -c
8968 in order to give the user a chance to notice if unintentionally running
8969 without it
8970
8971 wording tweak and ok djm@
8972
8973commit cb3bde373e80902c7d5d0db429f85068d19b2918
8974Author: djm@openbsd.org <djm@openbsd.org>
8975Date: Mon Feb 2 22:48:53 2015 +0000
8976
8977 upstream commit
8978
8979 handle PKCS#11 C_Login returning
8980 CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
8981
8982commit 15ad750e5ec3cc69765b7eba1ce90060e7083399
8983Author: djm@openbsd.org <djm@openbsd.org>
8984Date: Mon Feb 2 07:41:40 2015 +0000
8985
8986 upstream commit
8987
8988 turn UpdateHostkeys off by default until I figure out
8989 mlarkin@'s warning message; requested by deraadt@
8990
8991commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9
8992Author: deraadt@openbsd.org <deraadt@openbsd.org>
8993Date: Mon Feb 2 01:57:44 2015 +0000
8994
8995 upstream commit
8996
8997 increasing encounters with difficult DNS setups in
8998 darknets has convinced me UseDNS off by default is better ok djm
8999
9000commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38
9001Author: djm@openbsd.org <djm@openbsd.org>
9002Date: Sat Jan 31 20:30:05 2015 +0000
9003
9004 upstream commit
9005
9006 Let sshd load public host keys even when private keys are
9007 missing. Allows sshd to advertise additional keys for future key rotation.
9008 Also log fingerprint of hostkeys loaded; ok markus@
9009
9010commit 46347ed5968f582661e8a70a45f448e0179ca0ab
9011Author: djm@openbsd.org <djm@openbsd.org>
9012Date: Fri Jan 30 11:43:14 2015 +0000
9013
9014 upstream commit
9015
9016 Add a ssh_config HostbasedKeyType option to control which
9017 host public key types are tried during hostbased authentication.
9018
9019 This may be used to prevent too many keys being sent to the server,
9020 and blowing past its MaxAuthTries limit.
9021
9022 bz#2211 based on patch by Iain Morgan; ok markus@
9023
9024commit 802660cb70453fa4d230cb0233bc1bbdf8328de1
9025Author: djm@openbsd.org <djm@openbsd.org>
9026Date: Fri Jan 30 10:44:49 2015 +0000
9027
9028 upstream commit
9029
9030 set a timeout to prevent hangs when talking to busted
9031 servers; ok markus@
9032
9033commit 86936ec245a15c7abe71a0722610998b0a28b194
9034Author: djm@openbsd.org <djm@openbsd.org>
9035Date: Fri Jan 30 01:11:39 2015 +0000
9036
9037 upstream commit
9038
9039 regression test for 'wildcard CA' serial/key ID revocations
9040
9041commit 4509b5d4a4fa645a022635bfa7e86d09b285001f
9042Author: djm@openbsd.org <djm@openbsd.org>
9043Date: Fri Jan 30 01:13:33 2015 +0000
9044
9045 upstream commit
9046
9047 avoid more fatal/exit in the packet.c paths that
9048 ssh-keyscan uses; feedback and "looks good" markus@
9049
9050commit 669aee994348468af8b4b2ebd29b602cf2860b22
9051Author: djm@openbsd.org <djm@openbsd.org>
9052Date: Fri Jan 30 01:10:33 2015 +0000
9053
9054 upstream commit
9055
9056 permit KRLs that revoke certificates by serial number or
9057 key ID without scoping to a particular CA; ok markus@
9058
9059commit 7a2c368477e26575d0866247d3313da4256cb2b5
9060Author: djm@openbsd.org <djm@openbsd.org>
9061Date: Fri Jan 30 00:59:19 2015 +0000
9062
9063 upstream commit
9064
9065 missing parentheses after if in do_convert_from() broke
9066 private key conversion from other formats some time in 2010; bz#2345 reported
9067 by jjelen AT redhat.com
9068
9069commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355
9070Author: djm@openbsd.org <djm@openbsd.org>
9071Date: Fri Jan 30 00:22:25 2015 +0000
9072
9073 upstream commit
9074
9075 fix ssh protocol 1, spotted by miod@
9076
9077commit 9ce86c926dfa6e0635161b035e3944e611cbccf0
9078Author: djm@openbsd.org <djm@openbsd.org>
9079Date: Wed Jan 28 22:36:00 2015 +0000
9080
9081 upstream commit
9082
9083 update to new API (key_fingerprint => sshkey_fingerprint)
9084 check sshkey_fingerprint return values; ok markus
9085
9086commit 9125525c37bf73ad3ee4025520889d2ce9d10f29
9087Author: djm@openbsd.org <djm@openbsd.org>
9088Date: Wed Jan 28 22:05:31 2015 +0000
9089
9090 upstream commit
9091
9092 avoid fatal() calls in packet code makes ssh-keyscan more
9093 reliable against server failures ok dtucker@ markus@
9094
9095commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb
9096Author: djm@openbsd.org <djm@openbsd.org>
9097Date: Wed Jan 28 21:15:47 2015 +0000
9098
9099 upstream commit
9100
9101 avoid fatal() calls in packet code makes ssh-keyscan more
9102 reliable against server failures ok dtucker@ markus@
9103
9104commit 1a3d14f6b44a494037c7deab485abe6496bf2c60
9105Author: djm@openbsd.org <djm@openbsd.org>
9106Date: Wed Jan 28 11:07:25 2015 +0000
9107
9108 upstream commit
9109
9110 remove obsolete comment
9111
9112commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639
9113Author: okan@openbsd.org <okan@openbsd.org>
9114Date: Tue Jan 27 12:54:06 2015 +0000
9115
9116 upstream commit
9117
9118 Since r1.2 removed the use of PRI* macros, inttypes.h is
9119 no longer required.
9120
9121 ok djm@
9122
9123commit 69ff64f69615c2a21c97cb5878a0996c21423257
9124Author: Damien Miller <djm@mindrot.org>
9125Date: Tue Jan 27 23:07:43 2015 +1100
9126
9127 compile on systems without TCP_MD5SIG (e.g. OSX)
9128
9129commit 358964f3082fb90b2ae15bcab07b6105cfad5a43
9130Author: Damien Miller <djm@mindrot.org>
9131Date: Tue Jan 27 23:07:25 2015 +1100
9132
9133 use ssh-keygen under test rather than system's
9134
9135commit a2c95c1bf33ea53038324d1fdd774bc953f98236
9136Author: Damien Miller <djm@mindrot.org>
9137Date: Tue Jan 27 23:06:59 2015 +1100
9138
9139 OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX
9140
9141commit ade31d7b6f608a19b85bee29a7a00b1e636a2919
9142Author: Damien Miller <djm@mindrot.org>
9143Date: Tue Jan 27 23:06:23 2015 +1100
9144
9145 these need active_state defined to link on OSX
9146
9147 temporary measure until active_state goes away entirely
9148
9149commit e56aa87502f22c5844918c10190e8b4f785f067b
9150Author: djm@openbsd.org <djm@openbsd.org>
9151Date: Tue Jan 27 12:01:36 2015 +0000
9152
9153 upstream commit
9154
9155 use printf instead of echo -n to reduce diff against
9156 -portable
9157
9158commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068
9159Author: jmc@openbsd.org <jmc@openbsd.org>
9160Date: Mon Jan 26 13:55:29 2015 +0000
9161
9162 upstream commit
9163
9164 sort previous;
9165
9166commit 3076ee7d530d5b16842fac7a6229706c7e5acd26
9167Author: djm@openbsd.org <djm@openbsd.org>
9168Date: Mon Jan 26 13:36:53 2015 +0000
9169
9170 upstream commit
9171
9172 properly restore umask
9173
9174commit d411d395556b73ba1b9e451516a0bd6697c4b03d
9175Author: djm@openbsd.org <djm@openbsd.org>
9176Date: Mon Jan 26 06:12:18 2015 +0000
9177
9178 upstream commit
9179
9180 regression test for host key rotation
9181
9182commit fe8a3a51699afbc6407a8fae59b73349d01e49f8
9183Author: djm@openbsd.org <djm@openbsd.org>
9184Date: Mon Jan 26 06:11:28 2015 +0000
9185
9186 upstream commit
9187
9188 adapt to sshkey API tweaks
9189
9190commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434
9191Author: miod@openbsd.org <miod@openbsd.org>
9192Date: Sat Jan 24 10:39:21 2015 +0000
9193
9194 upstream commit
9195
9196 Move -lz late in the linker commandline for things to
9197 build on static arches.
9198
9199commit 0dad3b806fddb93c475b30853b9be1a25d673a33
9200Author: miod@openbsd.org <miod@openbsd.org>
9201Date: Fri Jan 23 21:21:23 2015 +0000
9202
9203 upstream commit
9204
9205 -Wpointer-sign is supported by gcc 4 only.
9206
9207commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098
9208Author: djm@openbsd.org <djm@openbsd.org>
9209Date: Tue Jan 20 22:58:57 2015 +0000
9210
9211 upstream commit
9212
9213 use SUBDIR to recuse into unit tests; makes "make obj"
9214 actually work
9215
9216commit 1d1092bff8db27080155541212b420703f8b9c92
9217Author: djm@openbsd.org <djm@openbsd.org>
9218Date: Mon Jan 26 12:16:36 2015 +0000
9219
9220 upstream commit
9221
9222 correct description of UpdateHostKeys in ssh_config.5 and
9223 add it to -o lists for ssh, scp and sftp; pointed out by jmc@
9224
9225commit 5104db7cbd6cdd9c5971f4358e74414862fc1022
9226Author: djm@openbsd.org <djm@openbsd.org>
9227Date: Mon Jan 26 06:10:03 2015 +0000
9228
9229 upstream commit
9230
9231 correctly match ECDSA subtype (== curve) for
9232 offered/recevied host keys. Fixes connection-killing host key mismatches when
9233 a server offers multiple ECDSA keys with different curve type (an extremely
9234 unlikely configuration).
9235
9236 ok markus, "looks mechanical" deraadt@
9237
9238commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2
9239Author: djm@openbsd.org <djm@openbsd.org>
9240Date: Mon Jan 26 03:04:45 2015 +0000
9241
9242 upstream commit
9243
9244 Host key rotation support.
9245
9246 Add a hostkeys@openssh.com protocol extension (global request) for
9247 a server to inform a client of all its available host key after
9248 authentication has completed. The client may record the keys in
9249 known_hosts, allowing it to upgrade to better host key algorithms
9250 and a server to gracefully rotate its keys.
9251
9252 The client side of this is controlled by a UpdateHostkeys config
9253 option (default on).
9254
9255 ok markus@
9256
9257commit 60b1825262b1f1e24fc72050b907189c92daf18e
9258Author: djm@openbsd.org <djm@openbsd.org>
9259Date: Mon Jan 26 02:59:11 2015 +0000
9260
9261 upstream commit
9262
9263 small refactor and add some convenience functions; ok
9264 markus
9265
9266commit a5a3e3328ddce91e76f71ff479022d53e35c60c9
9267Author: jmc@openbsd.org <jmc@openbsd.org>
9268Date: Thu Jan 22 21:00:42 2015 +0000
9269
9270 upstream commit
9271
9272 heirarchy -> hierarchy;
9273
9274commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11
9275Author: deraadt@openbsd.org <deraadt@openbsd.org>
9276Date: Thu Jan 22 20:24:41 2015 +0000
9277
9278 upstream commit
9279
9280 Provide a warning about chroot misuses (which sadly, seem
9281 to have become quite popular because shiny). sshd cannot detect/manage/do
9282 anything about these cases, best we can do is warn in the right spot in the
9283 man page. ok markus
9284
9285commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076
9286Author: deraadt@openbsd.org <deraadt@openbsd.org>
9287Date: Tue Jan 20 23:14:00 2015 +0000
9288
9289 upstream commit
9290
9291 Reduce use of <sys/param.h> and transition to <limits.h>
9292 throughout. ok djm markus
9293
9294commit 57e783c8ba2c0797f93977e83b2a8644a03065d8
9295Author: markus@openbsd.org <markus@openbsd.org>
9296Date: Tue Jan 20 20:16:21 2015 +0000
9297
9298 upstream commit
9299
9300 kex_setup errors are fatal()
9301
9302commit 1d6424a6ff94633c221297ae8f42d54e12a20912
9303Author: djm@openbsd.org <djm@openbsd.org>
9304Date: Tue Jan 20 08:02:33 2015 +0000
9305
9306 upstream commit
9307
9308 this test would accidentally delete agent.sh if run without
9309 obj/
9310
9311commit 12b5f50777203e12575f1b08568281e447249ed3
9312Author: djm@openbsd.org <djm@openbsd.org>
9313Date: Tue Jan 20 07:56:44 2015 +0000
9314
9315 upstream commit
9316
9317 make this compile with KERBEROS5 enabled
9318
9319commit e2cc6bef08941256817d44d146115b3478586ad4
9320Author: djm@openbsd.org <djm@openbsd.org>
9321Date: Tue Jan 20 07:55:33 2015 +0000
9322
9323 upstream commit
9324
9325 fix hostkeys in agent; ok markus@
9326
9327commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1
9328Author: Damien Miller <djm@mindrot.org>
9329Date: Tue Jan 20 10:11:31 2015 +1100
9330
9331 fix kex test
9332
9333commit c78a578107c7e6dcf5d30a2f34cb6581bef14029
9334Author: markus@openbsd.org <markus@openbsd.org>
9335Date: Mon Jan 19 20:45:25 2015 +0000
9336
9337 upstream commit
9338
9339 finally enable the KEX tests I wrote some years ago...
9340
9341commit 31821d7217e686667d04935aeec99e1fc4a46e7e
9342Author: markus@openbsd.org <markus@openbsd.org>
9343Date: Mon Jan 19 20:42:31 2015 +0000
9344
9345 upstream commit
9346
9347 adapt to new error message (SSH_ERR_MAC_INVALID)
9348
9349commit d3716ca19e510e95d956ae14d5b367e364bff7f1
9350Author: djm@openbsd.org <djm@openbsd.org>
9351Date: Mon Jan 19 17:31:13 2015 +0000
9352
9353 upstream commit
9354
9355 this test was broken in at least two ways, such that it
9356 wasn't checking that a KRL was not excluding valid keys
9357
9358commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3
9359Author: markus@openbsd.org <markus@openbsd.org>
9360Date: Mon Jan 19 20:32:39 2015 +0000
9361
9362 upstream commit
9363
9364 switch ssh-keyscan from setjmp to multiple ssh transport
9365 layer instances ok djm@
9366
9367commit f582f0e917bb0017b00944783cd5f408bf4b0b5e
9368Author: markus@openbsd.org <markus@openbsd.org>
9369Date: Mon Jan 19 20:30:23 2015 +0000
9370
9371 upstream commit
9372
9373 add experimental api for packet layer; ok djm@
9374
9375commit 48b3b2ba75181f11fca7f327058a591f4426cade
9376Author: markus@openbsd.org <markus@openbsd.org>
9377Date: Mon Jan 19 20:20:20 2015 +0000
9378
9379 upstream commit
9380
9381 store compat flags in struct ssh; ok djm@
9382
9383commit 57d10cbe861a235dd269c74fb2fe248469ecee9d
9384Author: markus@openbsd.org <markus@openbsd.org>
9385Date: Mon Jan 19 20:16:15 2015 +0000
9386
9387 upstream commit
9388
9389 adapt kex to sshbuf and struct ssh; ok djm@
9390
9391commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a
9392Author: markus@openbsd.org <markus@openbsd.org>
9393Date: Mon Jan 19 20:07:45 2015 +0000
9394
9395 upstream commit
9396
9397 move dispatch to struct ssh; ok djm@
9398
9399commit 091c302829210c41e7f57c3f094c7b9c054306f0
9400Author: markus@openbsd.org <markus@openbsd.org>
9401Date: Mon Jan 19 19:52:16 2015 +0000
9402
9403 upstream commit
9404
9405 update packet.c & isolate, introduce struct ssh a) switch
9406 packet.c to buffer api and isolate per-connection info into struct ssh b)
9407 (de)serialization of the state is moved from monitor to packet.c c) the old
9408 packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
9409 integrated into packet.c with and ok djm@
9410
9411commit 4e62cc68ce4ba20245d208b252e74e91d3785b74
9412Author: djm@openbsd.org <djm@openbsd.org>
9413Date: Mon Jan 19 17:35:48 2015 +0000
9414
9415 upstream commit
9416
9417 fix format strings in (disabled) debugging
9418
9419commit d85e06245907d49a2cd0cfa0abf59150ad616f42
9420Author: djm@openbsd.org <djm@openbsd.org>
9421Date: Mon Jan 19 06:01:32 2015 +0000
9422
9423 upstream commit
9424
9425 be a bit more careful in these tests to ensure that
9426 known_hosts is clean
9427
9428commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf
9429Author: djm@openbsd.org <djm@openbsd.org>
9430Date: Sun Jan 18 22:00:18 2015 +0000
9431
9432 upstream commit
9433
9434 regression test for known_host file editing using
9435 ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
9436 markus@
9437
9438commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3
9439Author: djm@openbsd.org <djm@openbsd.org>
9440Date: Sun Jan 18 19:54:46 2015 +0000
9441
9442 upstream commit
9443
9444 more and better key tests
9445
9446 test signatures and verification
9447 test certificate generation
9448 flesh out nested cert test
9449
9450 removes most of the XXX todo markers
9451
9452commit 589e69fd82724cfc9738f128e4771da2e6405d0d
9453Author: djm@openbsd.org <djm@openbsd.org>
9454Date: Sun Jan 18 19:53:58 2015 +0000
9455
9456 upstream commit
9457
9458 make the signature fuzzing test much more rigorous:
9459 ensure that the fuzzed input cases do not match the original (using new
9460 fuzz_matches_original() function) and check that the verification fails in
9461 each case
9462
9463commit 80603c0daa2538c349c1c152405580b164d5475f
9464Author: djm@openbsd.org <djm@openbsd.org>
9465Date: Sun Jan 18 19:52:44 2015 +0000
9466
9467 upstream commit
9468
9469 add a fuzz_matches_original() function to the fuzzer to
9470 detect fuzz cases that are identical to the original data. Hacky
9471 implementation, but very useful when you need the fuzz to be different, e.g.
9472 when verifying signature
9473
9474commit 87d5495bd337e358ad69c524fcb9495208c0750b
9475Author: djm@openbsd.org <djm@openbsd.org>
9476Date: Sun Jan 18 19:50:55 2015 +0000
9477
9478 upstream commit
9479
9480 better dumps from the fuzzer (shown on errors) -
9481 include the original data as well as the fuzzed copy.
9482
9483commit d59ec478c453a3fff05badbbfd96aa856364f2c2
9484Author: djm@openbsd.org <djm@openbsd.org>
9485Date: Sun Jan 18 19:47:55 2015 +0000
9486
9487 upstream commit
9488
9489 enable hostkey-agent.sh test
9490
9491commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105
9492Author: djm@openbsd.org <djm@openbsd.org>
9493Date: Sat Jan 17 18:54:30 2015 +0000
9494
9495 upstream commit
9496
9497 unit test for hostkeys in ssh-agent
9498
9499commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2
9500Author: markus@openbsd.org <markus@openbsd.org>
9501Date: Thu Jan 15 23:41:29 2015 +0000
9502
9503 upstream commit
9504
9505 add kex unit tests
9506
9507commit d2099dec6da21ae627f6289aedae6bc1d41a22ce
9508Author: deraadt@openbsd.org <deraadt@openbsd.org>
9509Date: Mon Jan 19 00:32:54 2015 +0000
9510
9511 upstream commit
9512
9513 djm, your /usr/include tree is old
9514
9515commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54
9516Author: djm@openbsd.org <djm@openbsd.org>
9517Date: Sun Jan 18 21:51:19 2015 +0000
9518
9519 upstream commit
9520
9521 some feedback from markus@: comment hostkeys_foreach()
9522 context and avoid a member in it.
9523
9524commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f
9525Author: djm@openbsd.org <djm@openbsd.org>
9526Date: Sun Jan 18 21:49:42 2015 +0000
9527
9528 upstream commit
9529
9530 make ssh-keygen use hostkeys_foreach(). Removes some
9531 horrendous code; ok markus@
9532
9533commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9
9534Author: djm@openbsd.org <djm@openbsd.org>
9535Date: Sun Jan 18 21:48:09 2015 +0000
9536
9537 upstream commit
9538
9539 convert load_hostkeys() (hostkey ordering and
9540 known_host matching) to use the new hostkey_foreach() iterator; ok markus
9541
9542commit c29811cc480a260e42fd88849fc86a80c1e91038
9543Author: djm@openbsd.org <djm@openbsd.org>
9544Date: Sun Jan 18 21:40:23 2015 +0000
9545
9546 upstream commit
9547
9548 introduce hostkeys_foreach() to allow iteration over a
9549 known_hosts file or controlled subset thereof. This will allow us to pull out
9550 some ugly and duplicated code, and will be used to implement hostkey rotation
9551 later.
9552
9553 feedback and ok markus
9554
9555commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346
9556Author: deraadt@openbsd.org <deraadt@openbsd.org>
9557Date: Sun Jan 18 14:01:00 2015 +0000
9558
9559 upstream commit
9560
9561 string truncation due to sizeof(size) ok djm markus
9562
9563commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41
9564Author: djm@openbsd.org <djm@openbsd.org>
9565Date: Sun Jan 18 13:33:34 2015 +0000
9566
9567 upstream commit
9568
9569 avoid trailing ',' in host key algorithms
9570
9571commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007
9572Author: djm@openbsd.org <djm@openbsd.org>
9573Date: Sun Jan 18 13:22:28 2015 +0000
9574
9575 upstream commit
9576
9577 infer key length correctly when user specified a fully-
9578 qualified key name instead of using the -b bits option; ok markus@
9579
9580commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5
9581Author: djm@openbsd.org <djm@openbsd.org>
9582Date: Sat Jan 17 18:53:34 2015 +0000
9583
9584 upstream commit
9585
9586 fix hostkeys on ssh agent; found by unit test I'm about
9587 to commit
9588
9589commit 369d61f17657b814124268f99c033e4dc6e436c1
9590Author: schwarze@openbsd.org <schwarze@openbsd.org>
9591Date: Fri Jan 16 16:20:23 2015 +0000
9592
9593 upstream commit
9594
9595 garbage collect empty .No macros mandoc warns about
9596
9597commit bb8b442d32dbdb8521d610e10d8b248d938bd747
9598Author: djm@openbsd.org <djm@openbsd.org>
9599Date: Fri Jan 16 15:55:07 2015 +0000
9600
9601 upstream commit
9602
9603 regression: incorrect error message on
9604 otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
9605
9606commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc
9607Author: djm@openbsd.org <djm@openbsd.org>
9608Date: Fri Jan 16 07:19:48 2015 +0000
9609
9610 upstream commit
9611
9612 when hostname canonicalisation is enabled, try to parse
9613 hostnames as addresses before looking them up for canonicalisation. fixes
9614 bz#2074 and avoids needless DNS lookups in some cases; ok markus
9615
9616commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c
9617Author: deraadt@openbsd.org <deraadt@openbsd.org>
9618Date: Fri Jan 16 06:40:12 2015 +0000
9619
9620 upstream commit
9621
9622 Replace <sys/param.h> with <limits.h> and other less
9623 dirty headers where possible. Annotate <sys/param.h> lines with their
9624 current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
9625 LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
9626 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
9627 These are the files confirmed through binary verification. ok guenther,
9628 millert, doug (helped with the verification protocol)
9629
9630commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c
9631Author: markus@openbsd.org <markus@openbsd.org>
9632Date: Thu Jan 15 21:38:50 2015 +0000
9633
9634 upstream commit
9635
9636 remove xmalloc, switch to sshbuf
9637
9638commit e17ac01f8b763e4b83976b9e521e90a280acc097
9639Author: markus@openbsd.org <markus@openbsd.org>
9640Date: Thu Jan 15 21:37:14 2015 +0000
9641
9642 upstream commit
9643
9644 switch to sshbuf
9645
9646commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0
9647Author: naddy@openbsd.org <naddy@openbsd.org>
9648Date: Thu Jan 15 18:32:54 2015 +0000
9649
9650 upstream commit
9651
9652 handle UMAC128 initialization like UMAC; ok djm@ markus@
9653
9654commit f14564c1f7792446bca143580aef0e7ac25dcdae
9655Author: djm@openbsd.org <djm@openbsd.org>
9656Date: Thu Jan 15 11:04:36 2015 +0000
9657
9658 upstream commit
9659
9660 fix regression reported by brad@ for passworded keys without
9661 agent present
9662
9663commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e
9664Author: Damien Miller <djm@mindrot.org>
9665Date: Thu Jan 15 22:08:23 2015 +1100
9666
9667 make bitmap test compile
9668
9669commit d333f89abf7179021e5c3f28673f469abe032062
9670Author: djm@openbsd.org <djm@openbsd.org>
9671Date: Thu Jan 15 07:36:28 2015 +0000
9672
9673 upstream commit
9674
9675 unit tests for KRL bitmap
9676
9677commit 7613f828f49c55ff356007ae9645038ab6682556
9678Author: markus@openbsd.org <markus@openbsd.org>
9679Date: Wed Jan 14 09:58:21 2015 +0000
9680
9681 upstream commit
9682
9683 re-add comment about full path
9684
9685commit 6c43b48b307c41cd656b415621a644074579a578
9686Author: markus@openbsd.org <markus@openbsd.org>
9687Date: Wed Jan 14 09:54:38 2015 +0000
9688
9689 upstream commit
9690
9691 don't reset to the installed sshd; connect before
9692 reconfigure, too
9693
9694commit 771bb47a1df8b69061f09462e78aa0b66cd594bf
9695Author: djm@openbsd.org <djm@openbsd.org>
9696Date: Tue Jan 13 14:51:51 2015 +0000
9697
9698 upstream commit
9699
9700 implement a SIGINFO handler so we can discern a stuck
9701 fuzz test from a merely glacial one; prompted by and ok markus
9702
9703commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f
9704Author: djm@openbsd.org <djm@openbsd.org>
9705Date: Tue Jan 13 08:23:26 2015 +0000
9706
9707 upstream commit
9708
9709 use $SSH instead of installed ssh to allow override;
9710 spotted by markus@
9711
9712commit 0920553d0aee117a596b03ed5b49b280d34a32c5
9713Author: djm@openbsd.org <djm@openbsd.org>
9714Date: Tue Jan 13 07:49:49 2015 +0000
9715
9716 upstream commit
9717
9718 regress test for PubkeyAcceptedKeyTypes; ok markus@
9719
9720commit 27ca1a5c0095eda151934bca39a77e391f875d17
9721Author: markus@openbsd.org <markus@openbsd.org>
9722Date: Mon Jan 12 20:13:27 2015 +0000
9723
9724 upstream commit
9725
9726 unbreak parsing of pubkey comments; with gerhard; ok
9727 djm/deraadt
9728
9729commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc
9730Author: djm@openbsd.org <djm@openbsd.org>
9731Date: Mon Jan 12 11:46:32 2015 +0000
9732
9733 upstream commit
9734
9735 fatal if soft-PKCS11 library is missing rather (rather
9736 than continue and fail with a more cryptic error)
9737
9738commit c3554cdd2a1a62434b8161017aa76fa09718a003
9739Author: djm@openbsd.org <djm@openbsd.org>
9740Date: Mon Jan 12 11:12:38 2015 +0000
9741
9742 upstream commit
9743
9744 let this test all supporte key types; pointed out/ok
9745 markus@
9746
9747commit 1129dcfc5a3e508635004bcc05a3574cb7687167
9748Author: djm@openbsd.org <djm@openbsd.org>
9749Date: Thu Jan 15 09:40:00 2015 +0000
9750
9751 upstream commit
9752
9753 sync ssh-keysign, ssh-keygen and some dependencies to the
9754 new buffer/key API; mostly mechanical, ok markus@
9755
9756commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c
9757Author: djm@openbsd.org <djm@openbsd.org>
9758Date: Thu Jan 15 07:57:08 2015 +0000
9759
9760 upstream commit
9761
9762 remove commented-out test code now that it has moved to a
9763 proper unit test
9764
9765commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f
9766Author: djm@openbsd.org <djm@openbsd.org>
9767Date: Wed Jan 14 20:54:29 2015 +0000
9768
9769 upstream commit
9770
9771 whitespace
9772
9773commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
9774Author: djm@openbsd.org <djm@openbsd.org>
9775Date: Wed Jan 14 20:05:27 2015 +0000
9776
9777 upstream commit
9778
9779 move authfd.c and its tentacles to the new buffer/key
9780 API; ok markus@
9781
9782commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289
9783Author: djm@openbsd.org <djm@openbsd.org>
9784Date: Wed Jan 14 19:33:41 2015 +0000
9785
9786 upstream commit
9787
9788 fix small regression: ssh-agent would return a success
9789 message but an empty signature if asked to sign using an unknown key; ok
9790 markus@
9791
9792commit b03ebe2c22b8166e4f64c37737f4278676e3488d
9793Author: Damien Miller <djm@mindrot.org>
9794Date: Thu Jan 15 03:08:58 2015 +1100
9795
9796 more --without-openssl
9797
9798 fix some regressions caused by upstream merges
9799
9800 enable KRLs now that they no longer require BIGNUMs
9801
9802commit bc42cc6fe784f36df225c44c93b74830027cb5a2
9803Author: Damien Miller <djm@mindrot.org>
9804Date: Thu Jan 15 03:08:29 2015 +1100
9805
9806 kludge around tun API mismatch betterer
9807
9808commit c332110291089b624fa0951fbf2d1ee6de525b9f
9809Author: Damien Miller <djm@mindrot.org>
9810Date: Thu Jan 15 02:59:51 2015 +1100
9811
9812 some systems lack SO_REUSEPORT
9813
9814commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae
9815Author: Damien Miller <djm@mindrot.org>
9816Date: Thu Jan 15 02:35:50 2015 +1100
9817
9818 fix merge botch
9819
9820commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b
9821Author: Damien Miller <djm@mindrot.org>
9822Date: Thu Jan 15 02:35:33 2015 +1100
9823
9824 unbreak across API change
9825
9826commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47
9827Author: Damien Miller <djm@mindrot.org>
9828Date: Thu Jan 15 02:30:18 2015 +1100
9829
9830 need includes.h for portable OpenSSH
9831
9832commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9
9833Author: Damien Miller <djm@mindrot.org>
9834Date: Thu Jan 15 02:21:31 2015 +1100
9835
9836 support --without-openssl at configure time
9837
9838 Disables and removes dependency on OpenSSL. Many features don't
9839 work and the set of crypto options is greatly restricted. This
9840 will only work on system with native arc4random or /dev/urandom.
9841
9842 Considered highly experimental for now.
9843
9844commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9
9845Author: Damien Miller <djm@mindrot.org>
9846Date: Thu Jan 15 02:28:00 2015 +1100
9847
9848 add files missed in last commit
9849
9850commit a165bab605f7be55940bb8fae977398e8c96a46d
9851Author: djm@openbsd.org <djm@openbsd.org>
9852Date: Wed Jan 14 15:02:39 2015 +0000
9853
9854 upstream commit
9855
9856 avoid BIGNUM in KRL code by using a simple bitmap;
9857 feedback and ok markus
9858
9859commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32
9860Author: djm@openbsd.org <djm@openbsd.org>
9861Date: Wed Jan 14 13:54:13 2015 +0000
9862
9863 upstream commit
9864
9865 update sftp client and server to new buffer API. pretty
9866 much just mechanical changes; with & ok markus
9867
9868commit 139ca81866ec1b219c717d17061e5e7ad1059e2a
9869Author: markus@openbsd.org <markus@openbsd.org>
9870Date: Wed Jan 14 13:09:09 2015 +0000
9871
9872 upstream commit
9873
9874 switch to sshbuf/sshkey; with & ok djm@
9875
9876commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180
9877Author: Damien Miller <djm@mindrot.org>
9878Date: Wed Jan 14 21:48:18 2015 +1100
9879
9880 support --without-openssl at configure time
9881
9882 Disables and removes dependency on OpenSSL. Many features don't
9883 work and the set of crypto options is greatly restricted. This
9884 will only work on system with native arc4random or /dev/urandom.
9885
9886 Considered highly experimental for now.
9887
9888commit 54924b53af15ccdcbb9f89984512b5efef641a31
9889Author: djm@openbsd.org <djm@openbsd.org>
9890Date: Wed Jan 14 10:46:28 2015 +0000
9891
9892 upstream commit
9893
9894 avoid an warning for the !OPENSSL case
9895
9896commit ae8b463217f7c9b66655bfc3945c050ffdaeb861
9897Author: markus@openbsd.org <markus@openbsd.org>
9898Date: Wed Jan 14 10:30:34 2015 +0000
9899
9900 upstream commit
9901
9902 swith auth-options to new sshbuf/sshkey; ok djm@
9903
9904commit 540e891191b98b89ee90aacf5b14a4a68635e763
9905Author: djm@openbsd.org <djm@openbsd.org>
9906Date: Wed Jan 14 10:29:45 2015 +0000
9907
9908 upstream commit
9909
9910 make non-OpenSSL aes-ctr work on sshd w/ privsep; ok
9911 markus@
9912
9913commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53
9914Author: markus@openbsd.org <markus@openbsd.org>
9915Date: Wed Jan 14 10:24:42 2015 +0000
9916
9917 upstream commit
9918
9919 remove unneeded includes, sync my copyright across files
9920 & whitespace; ok djm@
9921
9922commit 128343bcdb0b60fc826f2733df8cf979ec1627b4
9923Author: markus@openbsd.org <markus@openbsd.org>
9924Date: Tue Jan 13 19:31:40 2015 +0000
9925
9926 upstream commit
9927
9928 adapt mac.c to ssherr.h return codes (de-fatal) and
9929 simplify dependencies ok djm@
9930
9931commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed
9932Author: djm@openbsd.org <djm@openbsd.org>
9933Date: Tue Jan 13 19:04:35 2015 +0000
9934
9935 upstream commit
9936
9937 sync changes from libopenssh; prepared by markus@ mostly
9938 debug output tweaks, a couple of error return value changes and some other
9939 minor stuff
9940
9941commit 76c0480a85675f03a1376167cb686abed01a3583
9942Author: Damien Miller <djm@mindrot.org>
9943Date: Tue Jan 13 19:38:18 2015 +1100
9944
9945 add --without-ssh1 option to configure
9946
9947 Allows disabling support for SSH protocol 1.
9948
9949commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03
9950Author: djm@openbsd.org <djm@openbsd.org>
9951Date: Tue Jan 13 07:39:19 2015 +0000
9952
9953 upstream commit
9954
9955 add sshd_config HostbasedAcceptedKeyTypes and
9956 PubkeyAcceptedKeyTypes options to allow sshd to control what public key types
9957 will be accepted. Currently defaults to all. Feedback & ok markus@
9958
9959commit 816d1538c24209a93ba0560b27c4fda57c3fff65
9960Author: markus@openbsd.org <markus@openbsd.org>
9961Date: Mon Jan 12 20:13:27 2015 +0000
9962
9963 upstream commit
9964
9965 unbreak parsing of pubkey comments; with gerhard; ok
9966 djm/deraadt
9967
9968commit 0097565f849851812df610b7b6b3c4bd414f6c62
9969Author: markus@openbsd.org <markus@openbsd.org>
9970Date: Mon Jan 12 19:22:46 2015 +0000
9971
9972 upstream commit
9973
9974 missing error assigment on sshbuf_put_string()
9975
9976commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5
9977Author: djm@openbsd.org <djm@openbsd.org>
9978Date: Mon Jan 12 15:18:07 2015 +0000
9979
9980 upstream commit
9981
9982 apparently memcpy(x, NULL, 0) is undefined behaviour
9983 according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls
9984 when length==0; ok markus@
9985
9986commit 905fe30fca82f38213763616d0d26eb6790bde33
9987Author: markus@openbsd.org <markus@openbsd.org>
9988Date: Mon Jan 12 14:05:19 2015 +0000
9989
9990 upstream commit
9991
9992 free->sshkey_free; ok djm@
9993
9994commit f067cca2bc20c86b110174c3fef04086a7f57b13
9995Author: markus@openbsd.org <markus@openbsd.org>
9996Date: Mon Jan 12 13:29:27 2015 +0000
9997
9998 upstream commit
9999
10000 allow WITH_OPENSSL w/o WITH_SSH1; ok djm@
10001
10002commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d
10003Author: djm@openbsd.org <djm@openbsd.org>
10004Date: Thu Jan 8 13:10:58 2015 +0000
10005
10006 upstream commit
10007
10008 adjust for sshkey_load_file() API change
10009
10010commit e752c6d547036c602b89e9e704851463bd160e32
10011Author: djm@openbsd.org <djm@openbsd.org>
10012Date: Thu Jan 8 13:44:36 2015 +0000
10013
10014 upstream commit
10015
10016 fix ssh_config FingerprintHash evaluation order; from Petr
10017 Lautrbach
10018
10019commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf
10020Author: djm@openbsd.org <djm@openbsd.org>
10021Date: Thu Jan 8 10:15:45 2015 +0000
10022
10023 upstream commit
10024
10025 reorder hostbased key attempts to better match the
10026 default hostkey algorithms order in myproposal.h; ok markus@
10027
10028commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46
10029Author: djm@openbsd.org <djm@openbsd.org>
10030Date: Thu Jan 8 10:14:08 2015 +0000
10031
10032 upstream commit
10033
10034 deprecate key_load_private_pem() and
10035 sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
10036 not require pathnames to be specified (they weren't really used).
10037
10038 Fixes a few other things en passant:
10039
10040 Makes ed25519 keys work for hostbased authentication (ssh-keysign
10041 previously used the PEM-only routines).
10042
10043 Fixes key comment regression bz#2306: key pathnames were being lost as
10044 comment fields.
10045
10046 ok markus@
10047
10048commit febbe09e4e9aff579b0c5cc1623f756862e4757d
10049Author: tedu@openbsd.org <tedu@openbsd.org>
10050Date: Wed Jan 7 18:15:07 2015 +0000
10051
10052 upstream commit
10053
10054 workaround for the Meyer, et al, Bleichenbacher Side
10055 Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm
10056 markus
10057
10058commit 5191df927db282d3123ca2f34a04d8d96153911a
10059Author: djm@openbsd.org <djm@openbsd.org>
10060Date: Tue Dec 23 22:42:48 2014 +0000
10061
10062 upstream commit
10063
10064 KNF and add a little more debug()
10065
10066commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7
10067Author: jmc@openbsd.org <jmc@openbsd.org>
10068Date: Mon Dec 22 09:26:31 2014 +0000
10069
10070 upstream commit
10071
10072 add fingerprinthash to the options list;
10073
10074commit 296ef0560f60980da01d83b9f0e1a5257826536f
10075Author: jmc@openbsd.org <jmc@openbsd.org>
10076Date: Mon Dec 22 09:24:59 2014 +0000
10077
10078 upstream commit
10079
10080 tweak previous;
10081
10082commit 462082eacbd37778a173afb6b84c6f4d898a18b5
10083Author: Damien Miller <djm@google.com>
10084Date: Tue Dec 30 08:16:11 2014 +1100
10085
10086 avoid uninitialised free of ldns_res
10087
10088 If an invalid rdclass was passed to getrrsetbyname() then
10089 this would execute a free on an uninitialised pointer.
10090 OpenSSH only ever calls this with a fixed and valid rdclass.
10091
10092 Reported by Joshua Rogers
10093
10094commit 01b63498801053f131a0740eb9d13faf35d636c8
10095Author: Damien Miller <djm@google.com>
10096Date: Mon Dec 29 18:10:18 2014 +1100
10097
10098 pull updated OpenBSD BCrypt PBKDF implementation
10099
10100 Includes fix for 1 byte output overflow for large key length
10101 requests (not reachable in OpenSSH).
10102
10103 Pointed out by Joshua Rogers
10104
10105commit c528c1b4af2f06712177b3de9b30705752f7cbcb
10106Author: Damien Miller <djm@google.com>
10107Date: Tue Dec 23 15:26:13 2014 +1100
10108
10109 fix variable name for IPv6 case in construct_utmpx
10110
10111 patch from writeonce AT midipix.org via bz#2296
10112
10113commit 293cac52dcda123244b2e594d15592e5e481c55e
10114Author: Damien Miller <djm@google.com>
10115Date: Mon Dec 22 16:30:42 2014 +1100
10116
10117 include and use OpenBSD netcat in regress/
10118
10119commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d
10120Author: djm@openbsd.org <djm@openbsd.org>
10121Date: Mon Dec 22 09:05:17 2014 +0000
10122
10123 upstream commit
10124
10125 mention ssh -Q feature to list supported { MAC, cipher,
10126 KEX, key } algorithms in more places and include the query string used to
10127 list the relevant information; bz#2288
10128
10129commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700
10130Author: jmc@openbsd.org <jmc@openbsd.org>
10131Date: Mon Dec 22 08:24:17 2014 +0000
10132
10133 upstream commit
10134
10135 tweak previous;
10136
10137commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6
10138Author: djm@openbsd.org <djm@openbsd.org>
10139Date: Mon Dec 22 08:06:03 2014 +0000
10140
10141 upstream commit
10142
10143 regression test for multiple required pubkey authentication;
10144 ok markus@
10145
10146commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2
10147Author: djm@openbsd.org <djm@openbsd.org>
10148Date: Mon Dec 22 08:04:23 2014 +0000
10149
10150 upstream commit
10151
10152 correct description of what will happen when a
10153 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd
10154 will refuse to start)
10155
10156commit 161cf419f412446635013ac49e8c660cadc36080
10157Author: djm@openbsd.org <djm@openbsd.org>
10158Date: Mon Dec 22 07:55:51 2014 +0000
10159
10160 upstream commit
10161
10162 make internal handling of filename arguments of "none"
10163 more consistent with ssh. "none" arguments are now replaced with NULL when
10164 the configuration is finalised.
10165
10166 Simplifies checking later on (just need to test not-NULL rather than
10167 that + strcmp) and cleans up some inconsistencies. ok markus@
10168
10169commit f69b69b8625be447b8826b21d87713874dac25a6
10170Author: djm@openbsd.org <djm@openbsd.org>
10171Date: Mon Dec 22 07:51:30 2014 +0000
10172
10173 upstream commit
10174
10175 remember which public keys have been used for
10176 authentication and refuse to accept previously-used keys.
10177
10178 This allows AuthenticationMethods=publickey,publickey to require
10179 that users authenticate using two _different_ pubkeys.
10180
10181 ok markus@
10182
10183commit 46ac2ed4677968224c4ca825bc98fc68dae183f0
10184Author: djm@openbsd.org <djm@openbsd.org>
10185Date: Mon Dec 22 07:24:11 2014 +0000
10186
10187 upstream commit
10188
10189 fix passing of wildcard forward bind addresses when
10190 connection multiplexing is in use; patch from Sami Hartikainen via bz#2324;
10191 ok dtucker@
10192
10193commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1
10194Author: djm@openbsd.org <djm@openbsd.org>
10195Date: Mon Dec 22 06:14:29 2014 +0000
10196
10197 upstream commit
10198
10199 make this slightly easier to diff against portable
10200
10201commit 0715bcdddbf68953964058f17255bf54734b8737
10202Author: Damien Miller <djm@mindrot.org>
10203Date: Mon Dec 22 13:47:07 2014 +1100
10204
10205 add missing regress output file
10206
10207commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593
10208Author: djm@openbsd.org <djm@openbsd.org>
10209Date: Mon Dec 22 02:15:52 2014 +0000
10210
10211 upstream commit
10212
10213 adjust for new SHA256 key fingerprints and
10214 slightly-different MD5 hex fingerprint format
10215
10216commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151
10217Author: djm@openbsd.org <djm@openbsd.org>
10218Date: Mon Dec 22 01:14:49 2014 +0000
10219
10220 upstream commit
10221
10222 poll changes to netcat (usr.bin/netcat.c r1.125) broke
10223 this test; fix it by ensuring more stdio fds are sent to devnull
10224
10225commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260
10226Author: jmc@openbsd.org <jmc@openbsd.org>
10227Date: Sun Dec 21 23:35:14 2014 +0000
10228
10229 upstream commit
10230
10231 tweak previous;
10232
10233commit b79efde5c3badf5ce4312fe608d8307eade533c5
10234Author: djm@openbsd.org <djm@openbsd.org>
10235Date: Sun Dec 21 23:12:42 2014 +0000
10236
10237 upstream commit
10238
10239 document FingerprintHash here too
10240
10241commit d16bdd8027dd116afa01324bb071a4016cdc1a75
10242Author: Damien Miller <djm@mindrot.org>
10243Date: Mon Dec 22 10:18:09 2014 +1100
10244
10245 missing include for base64 encoding
10246
10247commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
10248Author: djm@openbsd.org <djm@openbsd.org>
10249Date: Sun Dec 21 22:27:55 2014 +0000
10250
10251 upstream commit
10252
10253 Add FingerprintHash option to control algorithm used for
10254 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
10255 base64.
10256
10257 Feedback and ok naddy@ markus@
10258
10259commit 058f839fe15c51be8b3a844a76ab9a8db550be4f
10260Author: djm@openbsd.org <djm@openbsd.org>
10261Date: Thu Dec 18 23:58:04 2014 +0000
10262
10263 upstream commit
10264
10265 don't count partial authentication success as a failure
10266 against MaxAuthTries; ok deraadt@
diff --git a/config.h.in b/config.h.in
new file mode 100644
index 000000000..75e02ab45
--- /dev/null
+++ b/config.h.in
@@ -0,0 +1,1767 @@
1/* config.h.in. Generated from configure.ac by autoheader. */
2
3/* Define if building universal (internal helper macro) */
4#undef AC_APPLE_UNIVERSAL_BUILD
5
6/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
7 */
8#undef AIX_GETNAMEINFO_HACK
9
10/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
11#undef AIX_LOGINFAILED_4ARG
12
13/* System only supports IPv4 audit records */
14#undef AU_IPv4
15
16/* Define if your resolver libs need this for getrrsetbyname */
17#undef BIND_8_COMPAT
18
19/* The system has incomplete BSM API */
20#undef BROKEN_BSM_API
21
22/* Define if cmsg_type is not passed correctly */
23#undef BROKEN_CMSG_TYPE
24
25/* getaddrinfo is broken (if present) */
26#undef BROKEN_GETADDRINFO
27
28/* getgroups(0,NULL) will return -1 */
29#undef BROKEN_GETGROUPS
30
31/* FreeBSD glob does not do what we need */
32#undef BROKEN_GLOB
33
34/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
35#undef BROKEN_INET_NTOA
36
37/* ia_uinfo routines not supported by OS yet */
38#undef BROKEN_LIBIAF
39
40/* Define if your struct dirent expects you to allocate extra space for d_name
41 */
42#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
43
44/* Can't do comparisons on readv */
45#undef BROKEN_READV_COMPARISON
46
47/* NetBSD read function is sometimes redirected, breaking atomicio comparisons
48 against it */
49#undef BROKEN_READ_COMPARISON
50
51/* realpath does not work with nonexistent files */
52#undef BROKEN_REALPATH
53
54/* Needed for NeXT */
55#undef BROKEN_SAVED_UIDS
56
57/* Define if your setregid() is broken */
58#undef BROKEN_SETREGID
59
60/* Define if your setresgid() is broken */
61#undef BROKEN_SETRESGID
62
63/* Define if your setresuid() is broken */
64#undef BROKEN_SETRESUID
65
66/* Define if your setreuid() is broken */
67#undef BROKEN_SETREUID
68
69/* LynxOS has broken setvbuf() implementation */
70#undef BROKEN_SETVBUF
71
72/* QNX shadow support is broken */
73#undef BROKEN_SHADOW_EXPIRE
74
75/* Define if your snprintf is busted */
76#undef BROKEN_SNPRINTF
77
78/* strnvis detected broken */
79#undef BROKEN_STRNVIS
80
81/* tcgetattr with ICANON may hang */
82#undef BROKEN_TCGETATTR_ICANON
83
84/* updwtmpx is broken (if present) */
85#undef BROKEN_UPDWTMPX
86
87/* Define if you have BSD auth support */
88#undef BSD_AUTH
89
90/* Define if you want to specify the path to your lastlog file */
91#undef CONF_LASTLOG_FILE
92
93/* Define if you want to specify the path to your utmp file */
94#undef CONF_UTMP_FILE
95
96/* Define if you want to specify the path to your wtmpx file */
97#undef CONF_WTMPX_FILE
98
99/* Define if you want to specify the path to your wtmp file */
100#undef CONF_WTMP_FILE
101
102/* Define if your platform needs to skip post auth file descriptor passing */
103#undef DISABLE_FD_PASSING
104
105/* Define if you don't want to use lastlog */
106#undef DISABLE_LASTLOG
107
108/* Define if you don't want to use your system's login() call */
109#undef DISABLE_LOGIN
110
111/* Define if you don't want to use pututline() etc. to write [uw]tmp */
112#undef DISABLE_PUTUTLINE
113
114/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
115#undef DISABLE_PUTUTXLINE
116
117/* Define if you want to disable shadow passwords */
118#undef DISABLE_SHADOW
119
120/* Define if you don't want to use utmp */
121#undef DISABLE_UTMP
122
123/* Define if you don't want to use utmpx */
124#undef DISABLE_UTMPX
125
126/* Define if you don't want to use wtmp */
127#undef DISABLE_WTMP
128
129/* Define if you don't want to use wtmpx */
130#undef DISABLE_WTMPX
131
132/* Enable for PKCS#11 support */
133#undef ENABLE_PKCS11
134
135/* File names may not contain backslash characters */
136#undef FILESYSTEM_NO_BACKSLASH
137
138/* fsid_t has member val */
139#undef FSID_HAS_VAL
140
141/* fsid_t has member __val */
142#undef FSID_HAS___VAL
143
144/* Define to 1 if the `getpgrp' function requires zero arguments. */
145#undef GETPGRP_VOID
146
147/* Conflicting defs for getspnam */
148#undef GETSPNAM_CONFLICTING_DEFS
149
150/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
151#undef GLOB_HAS_ALTDIRFUNC
152
153/* Define if your system glob() function has gl_matchc options in glob_t */
154#undef GLOB_HAS_GL_MATCHC
155
156/* Define if your system glob() function has gl_statv options in glob_t */
157#undef GLOB_HAS_GL_STATV
158
159/* Define this if you want GSSAPI support in the version 2 protocol */
160#undef GSSAPI
161
162/* Define if you want to use shadow password expire field */
163#undef HAS_SHADOW_EXPIRE
164
165/* Define if your system uses access rights style file descriptor passing */
166#undef HAVE_ACCRIGHTS_IN_MSGHDR
167
168/* Define if you have ut_addr in utmp.h */
169#undef HAVE_ADDR_IN_UTMP
170
171/* Define if you have ut_addr in utmpx.h */
172#undef HAVE_ADDR_IN_UTMPX
173
174/* Define if you have ut_addr_v6 in utmp.h */
175#undef HAVE_ADDR_V6_IN_UTMP
176
177/* Define if you have ut_addr_v6 in utmpx.h */
178#undef HAVE_ADDR_V6_IN_UTMPX
179
180/* Define to 1 if you have the `arc4random' function. */
181#undef HAVE_ARC4RANDOM
182
183/* Define to 1 if you have the `arc4random_buf' function. */
184#undef HAVE_ARC4RANDOM_BUF
185
186/* Define to 1 if you have the `arc4random_stir' function. */
187#undef HAVE_ARC4RANDOM_STIR
188
189/* Define to 1 if you have the `arc4random_uniform' function. */
190#undef HAVE_ARC4RANDOM_UNIFORM
191
192/* Define to 1 if you have the `asprintf' function. */
193#undef HAVE_ASPRINTF
194
195/* OpenBSD's gcc has bounded */
196#undef HAVE_ATTRIBUTE__BOUNDED__
197
198/* Have attribute nonnull */
199#undef HAVE_ATTRIBUTE__NONNULL__
200
201/* OpenBSD's gcc has sentinel */
202#undef HAVE_ATTRIBUTE__SENTINEL__
203
204/* Define to 1 if you have the `aug_get_machine' function. */
205#undef HAVE_AUG_GET_MACHINE
206
207/* Define to 1 if you have the `b64_ntop' function. */
208#undef HAVE_B64_NTOP
209
210/* Define to 1 if you have the `b64_pton' function. */
211#undef HAVE_B64_PTON
212
213/* Define if you have the basename function. */
214#undef HAVE_BASENAME
215
216/* Define to 1 if you have the `bcopy' function. */
217#undef HAVE_BCOPY
218
219/* Define to 1 if you have the `bcrypt_pbkdf' function. */
220#undef HAVE_BCRYPT_PBKDF
221
222/* Define to 1 if you have the `bindresvport_sa' function. */
223#undef HAVE_BINDRESVPORT_SA
224
225/* Define to 1 if you have the `blf_enc' function. */
226#undef HAVE_BLF_ENC
227
228/* Define to 1 if you have the <blf.h> header file. */
229#undef HAVE_BLF_H
230
231/* Define to 1 if you have the `Blowfish_expand0state' function. */
232#undef HAVE_BLOWFISH_EXPAND0STATE
233
234/* Define to 1 if you have the `Blowfish_expandstate' function. */
235#undef HAVE_BLOWFISH_EXPANDSTATE
236
237/* Define to 1 if you have the `Blowfish_initstate' function. */
238#undef HAVE_BLOWFISH_INITSTATE
239
240/* Define to 1 if you have the `Blowfish_stream2word' function. */
241#undef HAVE_BLOWFISH_STREAM2WORD
242
243/* Define to 1 if you have the `BN_is_prime_ex' function. */
244#undef HAVE_BN_IS_PRIME_EX
245
246/* Define to 1 if you have the <bsd/libutil.h> header file. */
247#undef HAVE_BSD_LIBUTIL_H
248
249/* Define to 1 if you have the <bsm/audit.h> header file. */
250#undef HAVE_BSM_AUDIT_H
251
252/* Define to 1 if you have the <bstring.h> header file. */
253#undef HAVE_BSTRING_H
254
255/* Define to 1 if you have the `cap_rights_limit' function. */
256#undef HAVE_CAP_RIGHTS_LIMIT
257
258/* Define to 1 if you have the `clock' function. */
259#undef HAVE_CLOCK
260
261/* Have clock_gettime */
262#undef HAVE_CLOCK_GETTIME
263
264/* define if you have clock_t data type */
265#undef HAVE_CLOCK_T
266
267/* Define to 1 if you have the `closefrom' function. */
268#undef HAVE_CLOSEFROM
269
270/* Define if gai_strerror() returns const char * */
271#undef HAVE_CONST_GAI_STRERROR_PROTO
272
273/* Define if your system uses ancillary data style file descriptor passing */
274#undef HAVE_CONTROL_IN_MSGHDR
275
276/* Define to 1 if you have the `crypt' function. */
277#undef HAVE_CRYPT
278
279/* Define to 1 if you have the <crypto/sha2.h> header file. */
280#undef HAVE_CRYPTO_SHA2_H
281
282/* Define to 1 if you have the <crypt.h> header file. */
283#undef HAVE_CRYPT_H
284
285/* Define if you are on Cygwin */
286#undef HAVE_CYGWIN
287
288/* Define if your libraries define daemon() */
289#undef HAVE_DAEMON
290
291/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if
292 you don't. */
293#undef HAVE_DECL_AI_NUMERICSERV
294
295/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
296 don't. */
297#undef HAVE_DECL_AUTHENTICATE
298
299/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
300 don't. */
301#undef HAVE_DECL_GLOB_NOMATCH
302
303/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
304 and to 0 if you don't. */
305#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
306
307/* Define to 1 if you have the declaration of `howmany', and to 0 if you
308 don't. */
309#undef HAVE_DECL_HOWMANY
310
311/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
312 don't. */
313#undef HAVE_DECL_H_ERRNO
314
315/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
316 don't. */
317#undef HAVE_DECL_LOGINFAILED
318
319/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
320 you don't. */
321#undef HAVE_DECL_LOGINRESTRICTIONS
322
323/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
324 don't. */
325#undef HAVE_DECL_LOGINSUCCESS
326
327/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you
328 don't. */
329#undef HAVE_DECL_MAXSYMLINKS
330
331/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
332 don't. */
333#undef HAVE_DECL_NFDBITS
334
335/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
336 don't. */
337#undef HAVE_DECL_OFFSETOF
338
339/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
340 don't. */
341#undef HAVE_DECL_O_NONBLOCK
342
343/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
344 don't. */
345#undef HAVE_DECL_PASSWDEXPIRED
346
347/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
348 don't. */
349#undef HAVE_DECL_SETAUTHDB
350
351/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
352 don't. */
353#undef HAVE_DECL_SHUT_RD
354
355/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
356 */
357#undef HAVE_DECL_WRITEV
358
359/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
360 don't. */
361#undef HAVE_DECL__GETLONG
362
363/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
364 don't. */
365#undef HAVE_DECL__GETSHORT
366
367/* Define to 1 if you have the `DES_crypt' function. */
368#undef HAVE_DES_CRYPT
369
370/* Define if you have /dev/ptmx */
371#undef HAVE_DEV_PTMX
372
373/* Define if you have /dev/ptc */
374#undef HAVE_DEV_PTS_AND_PTC
375
376/* Define to 1 if you have the <dirent.h> header file. */
377#undef HAVE_DIRENT_H
378
379/* Define to 1 if you have the `dirfd' function. */
380#undef HAVE_DIRFD
381
382/* Define to 1 if you have the `dirname' function. */
383#undef HAVE_DIRNAME
384
385/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
386#undef HAVE_DSA_GENERATE_PARAMETERS_EX
387
388/* Define to 1 if you have the <elf.h> header file. */
389#undef HAVE_ELF_H
390
391/* Define to 1 if you have the `endgrent' function. */
392#undef HAVE_ENDGRENT
393
394/* Define to 1 if you have the <endian.h> header file. */
395#undef HAVE_ENDIAN_H
396
397/* Define to 1 if you have the `endutent' function. */
398#undef HAVE_ENDUTENT
399
400/* Define to 1 if you have the `endutxent' function. */
401#undef HAVE_ENDUTXENT
402
403/* Define to 1 if you have the `err' function. */
404#undef HAVE_ERR
405
406/* Define to 1 if you have the `errx' function. */
407#undef HAVE_ERRX
408
409/* Define to 1 if you have the <err.h> header file. */
410#undef HAVE_ERR_H
411
412/* Define if your system has /etc/default/login */
413#undef HAVE_ETC_DEFAULT_LOGIN
414
415/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
416#undef HAVE_EVP_CIPHER_CTX_CTRL
417
418/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
419#undef HAVE_EVP_DIGESTFINAL_EX
420
421/* Define to 1 if you have the `EVP_DigestInit_ex' function. */
422#undef HAVE_EVP_DIGESTINIT_EX
423
424/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
425#undef HAVE_EVP_MD_CTX_CLEANUP
426
427/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
428#undef HAVE_EVP_MD_CTX_COPY_EX
429
430/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
431#undef HAVE_EVP_MD_CTX_INIT
432
433/* Define to 1 if you have the `EVP_ripemd160' function. */
434#undef HAVE_EVP_RIPEMD160
435
436/* Define to 1 if you have the `EVP_sha256' function. */
437#undef HAVE_EVP_SHA256
438
439/* Define if you have ut_exit in utmp.h */
440#undef HAVE_EXIT_IN_UTMP
441
442/* Define to 1 if you have the `explicit_bzero' function. */
443#undef HAVE_EXPLICIT_BZERO
444
445/* Define to 1 if you have the `fchmod' function. */
446#undef HAVE_FCHMOD
447
448/* Define to 1 if you have the `fchown' function. */
449#undef HAVE_FCHOWN
450
451/* Use F_CLOSEM fcntl for closefrom */
452#undef HAVE_FCNTL_CLOSEM
453
454/* Define to 1 if you have the <fcntl.h> header file. */
455#undef HAVE_FCNTL_H
456
457/* Define to 1 if the system has the type `fd_mask'. */
458#undef HAVE_FD_MASK
459
460/* Define to 1 if you have the <features.h> header file. */
461#undef HAVE_FEATURES_H
462
463/* Define to 1 if you have the <floatingpoint.h> header file. */
464#undef HAVE_FLOATINGPOINT_H
465
466/* Define to 1 if you have the `fmt_scaled' function. */
467#undef HAVE_FMT_SCALED
468
469/* Define to 1 if you have the `freeaddrinfo' function. */
470#undef HAVE_FREEADDRINFO
471
472/* Define to 1 if the system has the type `fsblkcnt_t'. */
473#undef HAVE_FSBLKCNT_T
474
475/* Define to 1 if the system has the type `fsfilcnt_t'. */
476#undef HAVE_FSFILCNT_T
477
478/* Define to 1 if you have the `fstatfs' function. */
479#undef HAVE_FSTATFS
480
481/* Define to 1 if you have the `fstatvfs' function. */
482#undef HAVE_FSTATVFS
483
484/* Define to 1 if you have the `futimes' function. */
485#undef HAVE_FUTIMES
486
487/* Define to 1 if you have the `gai_strerror' function. */
488#undef HAVE_GAI_STRERROR
489
490/* Define to 1 if you have the `getaddrinfo' function. */
491#undef HAVE_GETADDRINFO
492
493/* Define to 1 if you have the `getaudit' function. */
494#undef HAVE_GETAUDIT
495
496/* Define to 1 if you have the `getaudit_addr' function. */
497#undef HAVE_GETAUDIT_ADDR
498
499/* Define to 1 if you have the `getcwd' function. */
500#undef HAVE_GETCWD
501
502/* Define to 1 if you have the `getgrouplist' function. */
503#undef HAVE_GETGROUPLIST
504
505/* Define to 1 if you have the `getgrset' function. */
506#undef HAVE_GETGRSET
507
508/* Define to 1 if you have the `getlastlogxbyname' function. */
509#undef HAVE_GETLASTLOGXBYNAME
510
511/* Define to 1 if you have the `getluid' function. */
512#undef HAVE_GETLUID
513
514/* Define to 1 if you have the `getnameinfo' function. */
515#undef HAVE_GETNAMEINFO
516
517/* Define to 1 if you have the `getopt' function. */
518#undef HAVE_GETOPT
519
520/* Define to 1 if you have the <getopt.h> header file. */
521#undef HAVE_GETOPT_H
522
523/* Define if your getopt(3) defines and uses optreset */
524#undef HAVE_GETOPT_OPTRESET
525
526/* Define if your libraries define getpagesize() */
527#undef HAVE_GETPAGESIZE
528
529/* Define to 1 if you have the `getpeereid' function. */
530#undef HAVE_GETPEEREID
531
532/* Define to 1 if you have the `getpeerucred' function. */
533#undef HAVE_GETPEERUCRED
534
535/* Define to 1 if you have the `getpgid' function. */
536#undef HAVE_GETPGID
537
538/* Define to 1 if you have the `getpgrp' function. */
539#undef HAVE_GETPGRP
540
541/* Define to 1 if you have the `getpwanam' function. */
542#undef HAVE_GETPWANAM
543
544/* Define to 1 if you have the `getrlimit' function. */
545#undef HAVE_GETRLIMIT
546
547/* Define if getrrsetbyname() exists */
548#undef HAVE_GETRRSETBYNAME
549
550/* Define to 1 if you have the `getrusage' function. */
551#undef HAVE_GETRUSAGE
552
553/* Define to 1 if you have the `getseuserbyname' function. */
554#undef HAVE_GETSEUSERBYNAME
555
556/* Define to 1 if you have the `gettimeofday' function. */
557#undef HAVE_GETTIMEOFDAY
558
559/* Define to 1 if you have the `getttyent' function. */
560#undef HAVE_GETTTYENT
561
562/* Define to 1 if you have the `getutent' function. */
563#undef HAVE_GETUTENT
564
565/* Define to 1 if you have the `getutid' function. */
566#undef HAVE_GETUTID
567
568/* Define to 1 if you have the `getutline' function. */
569#undef HAVE_GETUTLINE
570
571/* Define to 1 if you have the `getutxent' function. */
572#undef HAVE_GETUTXENT
573
574/* Define to 1 if you have the `getutxid' function. */
575#undef HAVE_GETUTXID
576
577/* Define to 1 if you have the `getutxline' function. */
578#undef HAVE_GETUTXLINE
579
580/* Define to 1 if you have the `getutxuser' function. */
581#undef HAVE_GETUTXUSER
582
583/* Define to 1 if you have the `get_default_context_with_level' function. */
584#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
585
586/* Define to 1 if you have the `glob' function. */
587#undef HAVE_GLOB
588
589/* Define to 1 if you have the <glob.h> header file. */
590#undef HAVE_GLOB_H
591
592/* Define to 1 if you have the `group_from_gid' function. */
593#undef HAVE_GROUP_FROM_GID
594
595/* Define to 1 if you have the <gssapi_generic.h> header file. */
596#undef HAVE_GSSAPI_GENERIC_H
597
598/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
599#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
600
601/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
602#undef HAVE_GSSAPI_GSSAPI_H
603
604/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
605#undef HAVE_GSSAPI_GSSAPI_KRB5_H
606
607/* Define to 1 if you have the <gssapi.h> header file. */
608#undef HAVE_GSSAPI_H
609
610/* Define to 1 if you have the <gssapi_krb5.h> header file. */
611#undef HAVE_GSSAPI_KRB5_H
612
613/* Define if HEADER.ad exists in arpa/nameser.h */
614#undef HAVE_HEADER_AD
615
616/* Define to 1 if you have the `HMAC_CTX_init' function. */
617#undef HAVE_HMAC_CTX_INIT
618
619/* Define if you have ut_host in utmp.h */
620#undef HAVE_HOST_IN_UTMP
621
622/* Define if you have ut_host in utmpx.h */
623#undef HAVE_HOST_IN_UTMPX
624
625/* Define to 1 if you have the <iaf.h> header file. */
626#undef HAVE_IAF_H
627
628/* Define to 1 if you have the <ia.h> header file. */
629#undef HAVE_IA_H
630
631/* Define if you have ut_id in utmp.h */
632#undef HAVE_ID_IN_UTMP
633
634/* Define if you have ut_id in utmpx.h */
635#undef HAVE_ID_IN_UTMPX
636
637/* Define to 1 if you have the `inet_aton' function. */
638#undef HAVE_INET_ATON
639
640/* Define to 1 if you have the `inet_ntoa' function. */
641#undef HAVE_INET_NTOA
642
643/* Define to 1 if you have the `inet_ntop' function. */
644#undef HAVE_INET_NTOP
645
646/* Define to 1 if you have the `innetgr' function. */
647#undef HAVE_INNETGR
648
649/* define if you have int64_t data type */
650#undef HAVE_INT64_T
651
652/* Define to 1 if the system has the type `intmax_t'. */
653#undef HAVE_INTMAX_T
654
655/* Define to 1 if you have the <inttypes.h> header file. */
656#undef HAVE_INTTYPES_H
657
658/* define if you have intxx_t data type */
659#undef HAVE_INTXX_T
660
661/* Define to 1 if the system has the type `in_addr_t'. */
662#undef HAVE_IN_ADDR_T
663
664/* Define to 1 if the system has the type `in_port_t'. */
665#undef HAVE_IN_PORT_T
666
667/* Define if you have isblank(3C). */
668#undef HAVE_ISBLANK
669
670/* Define to 1 if you have the `krb5_cc_new_unique' function. */
671#undef HAVE_KRB5_CC_NEW_UNIQUE
672
673/* Define to 1 if you have the `krb5_free_error_message' function. */
674#undef HAVE_KRB5_FREE_ERROR_MESSAGE
675
676/* Define to 1 if you have the `krb5_get_error_message' function. */
677#undef HAVE_KRB5_GET_ERROR_MESSAGE
678
679/* Define to 1 if you have the <langinfo.h> header file. */
680#undef HAVE_LANGINFO_H
681
682/* Define to 1 if you have the <lastlog.h> header file. */
683#undef HAVE_LASTLOG_H
684
685/* Define if you want ldns support */
686#undef HAVE_LDNS
687
688/* Define to 1 if you have the <libaudit.h> header file. */
689#undef HAVE_LIBAUDIT_H
690
691/* Define to 1 if you have the `bsm' library (-lbsm). */
692#undef HAVE_LIBBSM
693
694/* Define to 1 if you have the `crypt' library (-lcrypt). */
695#undef HAVE_LIBCRYPT
696
697/* Define to 1 if you have the `dl' library (-ldl). */
698#undef HAVE_LIBDL
699
700/* Define to 1 if you have the <libgen.h> header file. */
701#undef HAVE_LIBGEN_H
702
703/* Define if system has libiaf that supports set_id */
704#undef HAVE_LIBIAF
705
706/* Define to 1 if you have the `network' library (-lnetwork). */
707#undef HAVE_LIBNETWORK
708
709/* Define to 1 if you have the `pam' library (-lpam). */
710#undef HAVE_LIBPAM
711
712/* Define to 1 if you have the `socket' library (-lsocket). */
713#undef HAVE_LIBSOCKET
714
715/* Define to 1 if you have the <libutil.h> header file. */
716#undef HAVE_LIBUTIL_H
717
718/* Define to 1 if you have the `xnet' library (-lxnet). */
719#undef HAVE_LIBXNET
720
721/* Define to 1 if you have the `z' library (-lz). */
722#undef HAVE_LIBZ
723
724/* Define to 1 if you have the <limits.h> header file. */
725#undef HAVE_LIMITS_H
726
727/* Define to 1 if you have the <linux/audit.h> header file. */
728#undef HAVE_LINUX_AUDIT_H
729
730/* Define to 1 if you have the <linux/filter.h> header file. */
731#undef HAVE_LINUX_FILTER_H
732
733/* Define to 1 if you have the <linux/if_tun.h> header file. */
734#undef HAVE_LINUX_IF_TUN_H
735
736/* Define to 1 if you have the <linux/seccomp.h> header file. */
737#undef HAVE_LINUX_SECCOMP_H
738
739/* Define to 1 if you have the <locale.h> header file. */
740#undef HAVE_LOCALE_H
741
742/* Define to 1 if you have the `login' function. */
743#undef HAVE_LOGIN
744
745/* Define to 1 if you have the <login_cap.h> header file. */
746#undef HAVE_LOGIN_CAP_H
747
748/* Define to 1 if you have the `login_getcapbool' function. */
749#undef HAVE_LOGIN_GETCAPBOOL
750
751/* Define to 1 if you have the <login.h> header file. */
752#undef HAVE_LOGIN_H
753
754/* Define to 1 if you have the `logout' function. */
755#undef HAVE_LOGOUT
756
757/* Define to 1 if you have the `logwtmp' function. */
758#undef HAVE_LOGWTMP
759
760/* Define to 1 if the system has the type `long double'. */
761#undef HAVE_LONG_DOUBLE
762
763/* Define to 1 if the system has the type `long long'. */
764#undef HAVE_LONG_LONG
765
766/* Define to 1 if you have the <maillock.h> header file. */
767#undef HAVE_MAILLOCK_H
768
769/* Define to 1 if you have the `mblen' function. */
770#undef HAVE_MBLEN
771
772/* Define to 1 if you have the `mbtowc' function. */
773#undef HAVE_MBTOWC
774
775/* Define to 1 if you have the `md5_crypt' function. */
776#undef HAVE_MD5_CRYPT
777
778/* Define if you want to allow MD5 passwords */
779#undef HAVE_MD5_PASSWORDS
780
781/* Define to 1 if you have the `memmove' function. */
782#undef HAVE_MEMMOVE
783
784/* Define to 1 if you have the <memory.h> header file. */
785#undef HAVE_MEMORY_H
786
787/* Define to 1 if you have the `memset_s' function. */
788#undef HAVE_MEMSET_S
789
790/* Define to 1 if you have the `mkdtemp' function. */
791#undef HAVE_MKDTEMP
792
793/* define if you have mode_t data type */
794#undef HAVE_MODE_T
795
796/* Some systems put nanosleep outside of libc */
797#undef HAVE_NANOSLEEP
798
799/* Define to 1 if you have the <ndir.h> header file. */
800#undef HAVE_NDIR_H
801
802/* Define to 1 if you have the <netdb.h> header file. */
803#undef HAVE_NETDB_H
804
805/* Define to 1 if you have the <netgroup.h> header file. */
806#undef HAVE_NETGROUP_H
807
808/* Define to 1 if you have the <net/if_tun.h> header file. */
809#undef HAVE_NET_IF_TUN_H
810
811/* Define if you are on NeXT */
812#undef HAVE_NEXT
813
814/* Define to 1 if you have the `ngetaddrinfo' function. */
815#undef HAVE_NGETADDRINFO
816
817/* Define to 1 if you have the `nl_langinfo' function. */
818#undef HAVE_NL_LANGINFO
819
820/* Define to 1 if you have the `nsleep' function. */
821#undef HAVE_NSLEEP
822
823/* Define to 1 if you have the `ogetaddrinfo' function. */
824#undef HAVE_OGETADDRINFO
825
826/* Define if you have an old version of PAM which takes only one argument to
827 pam_strerror */
828#undef HAVE_OLD_PAM
829
830/* Define to 1 if you have the `openlog_r' function. */
831#undef HAVE_OPENLOG_R
832
833/* Define to 1 if you have the `openpty' function. */
834#undef HAVE_OPENPTY
835
836/* Define if your ssl headers are included with #include <openssl/header.h> */
837#undef HAVE_OPENSSL
838
839/* Define if you have Digital Unix Security Integration Architecture */
840#undef HAVE_OSF_SIA
841
842/* Define to 1 if you have the `pam_getenvlist' function. */
843#undef HAVE_PAM_GETENVLIST
844
845/* Define to 1 if you have the <pam/pam_appl.h> header file. */
846#undef HAVE_PAM_PAM_APPL_H
847
848/* Define to 1 if you have the `pam_putenv' function. */
849#undef HAVE_PAM_PUTENV
850
851/* Define to 1 if you have the <paths.h> header file. */
852#undef HAVE_PATHS_H
853
854/* Define if you have ut_pid in utmp.h */
855#undef HAVE_PID_IN_UTMP
856
857/* define if you have pid_t data type */
858#undef HAVE_PID_T
859
860/* Define to 1 if you have the `pledge' function. */
861#undef HAVE_PLEDGE
862
863/* Define to 1 if you have the `poll' function. */
864#undef HAVE_POLL
865
866/* Define to 1 if you have the <poll.h> header file. */
867#undef HAVE_POLL_H
868
869/* Define to 1 if you have the `prctl' function. */
870#undef HAVE_PRCTL
871
872/* Define to 1 if you have the `priv_basicset' function. */
873#undef HAVE_PRIV_BASICSET
874
875/* Define to 1 if you have the <priv.h> header file. */
876#undef HAVE_PRIV_H
877
878/* Define if you have /proc/$pid/fd */
879#undef HAVE_PROC_PID
880
881/* Define to 1 if you have the `pstat' function. */
882#undef HAVE_PSTAT
883
884/* Define to 1 if you have the <pty.h> header file. */
885#undef HAVE_PTY_H
886
887/* Define to 1 if you have the `pututline' function. */
888#undef HAVE_PUTUTLINE
889
890/* Define to 1 if you have the `pututxline' function. */
891#undef HAVE_PUTUTXLINE
892
893/* Define to 1 if you have the `readpassphrase' function. */
894#undef HAVE_READPASSPHRASE
895
896/* Define to 1 if you have the <readpassphrase.h> header file. */
897#undef HAVE_READPASSPHRASE_H
898
899/* Define to 1 if you have the `reallocarray' function. */
900#undef HAVE_REALLOCARRAY
901
902/* Define to 1 if you have the `realpath' function. */
903#undef HAVE_REALPATH
904
905/* Define to 1 if you have the `recvmsg' function. */
906#undef HAVE_RECVMSG
907
908/* sys/resource.h has RLIMIT_NPROC */
909#undef HAVE_RLIMIT_NPROC
910
911/* Define to 1 if you have the <rpc/types.h> header file. */
912#undef HAVE_RPC_TYPES_H
913
914/* Define to 1 if you have the `rresvport_af' function. */
915#undef HAVE_RRESVPORT_AF
916
917/* Define to 1 if you have the `RSA_generate_key_ex' function. */
918#undef HAVE_RSA_GENERATE_KEY_EX
919
920/* Define to 1 if you have the `RSA_get_default_method' function. */
921#undef HAVE_RSA_GET_DEFAULT_METHOD
922
923/* Define to 1 if you have the <sandbox.h> header file. */
924#undef HAVE_SANDBOX_H
925
926/* Define to 1 if you have the `sandbox_init' function. */
927#undef HAVE_SANDBOX_INIT
928
929/* define if you have sa_family_t data type */
930#undef HAVE_SA_FAMILY_T
931
932/* Define to 1 if you have the `scan_scaled' function. */
933#undef HAVE_SCAN_SCALED
934
935/* Define if you have SecureWare-based protected password database */
936#undef HAVE_SECUREWARE
937
938/* Define to 1 if you have the <security/pam_appl.h> header file. */
939#undef HAVE_SECURITY_PAM_APPL_H
940
941/* Define to 1 if you have the `sendmsg' function. */
942#undef HAVE_SENDMSG
943
944/* Define to 1 if you have the `setauthdb' function. */
945#undef HAVE_SETAUTHDB
946
947/* Define to 1 if you have the `setdtablesize' function. */
948#undef HAVE_SETDTABLESIZE
949
950/* Define to 1 if you have the `setegid' function. */
951#undef HAVE_SETEGID
952
953/* Define to 1 if you have the `setenv' function. */
954#undef HAVE_SETENV
955
956/* Define to 1 if you have the `seteuid' function. */
957#undef HAVE_SETEUID
958
959/* Define to 1 if you have the `setgroupent' function. */
960#undef HAVE_SETGROUPENT
961
962/* Define to 1 if you have the `setgroups' function. */
963#undef HAVE_SETGROUPS
964
965/* Define to 1 if you have the `setlinebuf' function. */
966#undef HAVE_SETLINEBUF
967
968/* Define to 1 if you have the `setlogin' function. */
969#undef HAVE_SETLOGIN
970
971/* Define to 1 if you have the `setluid' function. */
972#undef HAVE_SETLUID
973
974/* Define to 1 if you have the `setpassent' function. */
975#undef HAVE_SETPASSENT
976
977/* Define to 1 if you have the `setpcred' function. */
978#undef HAVE_SETPCRED
979
980/* Define to 1 if you have the `setpflags' function. */
981#undef HAVE_SETPFLAGS
982
983/* Define to 1 if you have the `setppriv' function. */
984#undef HAVE_SETPPRIV
985
986/* Define to 1 if you have the `setproctitle' function. */
987#undef HAVE_SETPROCTITLE
988
989/* Define to 1 if you have the `setregid' function. */
990#undef HAVE_SETREGID
991
992/* Define to 1 if you have the `setresgid' function. */
993#undef HAVE_SETRESGID
994
995/* Define to 1 if you have the `setresuid' function. */
996#undef HAVE_SETRESUID
997
998/* Define to 1 if you have the `setreuid' function. */
999#undef HAVE_SETREUID
1000
1001/* Define to 1 if you have the `setrlimit' function. */
1002#undef HAVE_SETRLIMIT
1003
1004/* Define to 1 if you have the `setsid' function. */
1005#undef HAVE_SETSID
1006
1007/* Define to 1 if you have the `setutent' function. */
1008#undef HAVE_SETUTENT
1009
1010/* Define to 1 if you have the `setutxdb' function. */
1011#undef HAVE_SETUTXDB
1012
1013/* Define to 1 if you have the `setutxent' function. */
1014#undef HAVE_SETUTXENT
1015
1016/* Define to 1 if you have the `setvbuf' function. */
1017#undef HAVE_SETVBUF
1018
1019/* Define to 1 if you have the `set_id' function. */
1020#undef HAVE_SET_ID
1021
1022/* Define to 1 if you have the `SHA256_Update' function. */
1023#undef HAVE_SHA256_UPDATE
1024
1025/* Define to 1 if you have the <sha2.h> header file. */
1026#undef HAVE_SHA2_H
1027
1028/* Define to 1 if you have the <shadow.h> header file. */
1029#undef HAVE_SHADOW_H
1030
1031/* Define to 1 if you have the `sigaction' function. */
1032#undef HAVE_SIGACTION
1033
1034/* Define to 1 if you have the `sigvec' function. */
1035#undef HAVE_SIGVEC
1036
1037/* Define to 1 if the system has the type `sig_atomic_t'. */
1038#undef HAVE_SIG_ATOMIC_T
1039
1040/* define if you have size_t data type */
1041#undef HAVE_SIZE_T
1042
1043/* Define to 1 if you have the `snprintf' function. */
1044#undef HAVE_SNPRINTF
1045
1046/* Define to 1 if you have the `socketpair' function. */
1047#undef HAVE_SOCKETPAIR
1048
1049/* Have PEERCRED socket option */
1050#undef HAVE_SO_PEERCRED
1051
1052/* define if you have ssize_t data type */
1053#undef HAVE_SSIZE_T
1054
1055/* Fields in struct sockaddr_storage */
1056#undef HAVE_SS_FAMILY_IN_SS
1057
1058/* Define to 1 if you have the `statfs' function. */
1059#undef HAVE_STATFS
1060
1061/* Define to 1 if you have the `statvfs' function. */
1062#undef HAVE_STATVFS
1063
1064/* Define to 1 if you have the <stddef.h> header file. */
1065#undef HAVE_STDDEF_H
1066
1067/* Define to 1 if you have the <stdint.h> header file. */
1068#undef HAVE_STDINT_H
1069
1070/* Define to 1 if you have the <stdlib.h> header file. */
1071#undef HAVE_STDLIB_H
1072
1073/* Define to 1 if you have the `strcasestr' function. */
1074#undef HAVE_STRCASESTR
1075
1076/* Define to 1 if you have the `strdup' function. */
1077#undef HAVE_STRDUP
1078
1079/* Define to 1 if you have the `strerror' function. */
1080#undef HAVE_STRERROR
1081
1082/* Define to 1 if you have the `strftime' function. */
1083#undef HAVE_STRFTIME
1084
1085/* Silly mkstemp() */
1086#undef HAVE_STRICT_MKSTEMP
1087
1088/* Define to 1 if you have the <strings.h> header file. */
1089#undef HAVE_STRINGS_H
1090
1091/* Define to 1 if you have the <string.h> header file. */
1092#undef HAVE_STRING_H
1093
1094/* Define to 1 if you have the `strlcat' function. */
1095#undef HAVE_STRLCAT
1096
1097/* Define to 1 if you have the `strlcpy' function. */
1098#undef HAVE_STRLCPY
1099
1100/* Define to 1 if you have the `strmode' function. */
1101#undef HAVE_STRMODE
1102
1103/* Define to 1 if you have the `strnlen' function. */
1104#undef HAVE_STRNLEN
1105
1106/* Define to 1 if you have the `strnvis' function. */
1107#undef HAVE_STRNVIS
1108
1109/* Define to 1 if you have the `strptime' function. */
1110#undef HAVE_STRPTIME
1111
1112/* Define to 1 if you have the `strsep' function. */
1113#undef HAVE_STRSEP
1114
1115/* Define to 1 if you have the `strtoll' function. */
1116#undef HAVE_STRTOLL
1117
1118/* Define to 1 if you have the `strtonum' function. */
1119#undef HAVE_STRTONUM
1120
1121/* Define to 1 if you have the `strtoul' function. */
1122#undef HAVE_STRTOUL
1123
1124/* Define to 1 if you have the `strtoull' function. */
1125#undef HAVE_STRTOULL
1126
1127/* define if you have struct addrinfo data type */
1128#undef HAVE_STRUCT_ADDRINFO
1129
1130/* define if you have struct in6_addr data type */
1131#undef HAVE_STRUCT_IN6_ADDR
1132
1133/* Define to 1 if `pw_change' is a member of `struct passwd'. */
1134#undef HAVE_STRUCT_PASSWD_PW_CHANGE
1135
1136/* Define to 1 if `pw_class' is a member of `struct passwd'. */
1137#undef HAVE_STRUCT_PASSWD_PW_CLASS
1138
1139/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
1140#undef HAVE_STRUCT_PASSWD_PW_EXPIRE
1141
1142/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
1143#undef HAVE_STRUCT_PASSWD_PW_GECOS
1144
1145/* define if you have struct sockaddr_in6 data type */
1146#undef HAVE_STRUCT_SOCKADDR_IN6
1147
1148/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
1149#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
1150
1151/* define if you have struct sockaddr_storage data type */
1152#undef HAVE_STRUCT_SOCKADDR_STORAGE
1153
1154/* Define to 1 if `st_blksize' is a member of `struct stat'. */
1155#undef HAVE_STRUCT_STAT_ST_BLKSIZE
1156
1157/* Define to 1 if the system has the type `struct timespec'. */
1158#undef HAVE_STRUCT_TIMESPEC
1159
1160/* define if you have struct timeval */
1161#undef HAVE_STRUCT_TIMEVAL
1162
1163/* Define to 1 if you have the `swap32' function. */
1164#undef HAVE_SWAP32
1165
1166/* Define to 1 if you have the `sysconf' function. */
1167#undef HAVE_SYSCONF
1168
1169/* Define if you have syslen in utmpx.h */
1170#undef HAVE_SYSLEN_IN_UTMPX
1171
1172/* Define to 1 if you have the <sys/audit.h> header file. */
1173#undef HAVE_SYS_AUDIT_H
1174
1175/* Define to 1 if you have the <sys/bitypes.h> header file. */
1176#undef HAVE_SYS_BITYPES_H
1177
1178/* Define to 1 if you have the <sys/bsdtty.h> header file. */
1179#undef HAVE_SYS_BSDTTY_H
1180
1181/* Define to 1 if you have the <sys/capability.h> header file. */
1182#undef HAVE_SYS_CAPABILITY_H
1183
1184/* Define to 1 if you have the <sys/cdefs.h> header file. */
1185#undef HAVE_SYS_CDEFS_H
1186
1187/* Define to 1 if you have the <sys/dir.h> header file. */
1188#undef HAVE_SYS_DIR_H
1189
1190/* Define if your system defines sys_errlist[] */
1191#undef HAVE_SYS_ERRLIST
1192
1193/* Define to 1 if you have the <sys/mman.h> header file. */
1194#undef HAVE_SYS_MMAN_H
1195
1196/* Define to 1 if you have the <sys/mount.h> header file. */
1197#undef HAVE_SYS_MOUNT_H
1198
1199/* Define to 1 if you have the <sys/ndir.h> header file. */
1200#undef HAVE_SYS_NDIR_H
1201
1202/* Define if your system defines sys_nerr */
1203#undef HAVE_SYS_NERR
1204
1205/* Define to 1 if you have the <sys/poll.h> header file. */
1206#undef HAVE_SYS_POLL_H
1207
1208/* Define to 1 if you have the <sys/prctl.h> header file. */
1209#undef HAVE_SYS_PRCTL_H
1210
1211/* Define to 1 if you have the <sys/pstat.h> header file. */
1212#undef HAVE_SYS_PSTAT_H
1213
1214/* Define to 1 if you have the <sys/ptms.h> header file. */
1215#undef HAVE_SYS_PTMS_H
1216
1217/* Define to 1 if you have the <sys/ptrace.h> header file. */
1218#undef HAVE_SYS_PTRACE_H
1219
1220/* Define to 1 if you have the <sys/select.h> header file. */
1221#undef HAVE_SYS_SELECT_H
1222
1223/* Define to 1 if you have the <sys/statvfs.h> header file. */
1224#undef HAVE_SYS_STATVFS_H
1225
1226/* Define to 1 if you have the <sys/stat.h> header file. */
1227#undef HAVE_SYS_STAT_H
1228
1229/* Define to 1 if you have the <sys/stream.h> header file. */
1230#undef HAVE_SYS_STREAM_H
1231
1232/* Define to 1 if you have the <sys/stropts.h> header file. */
1233#undef HAVE_SYS_STROPTS_H
1234
1235/* Define to 1 if you have the <sys/strtio.h> header file. */
1236#undef HAVE_SYS_STRTIO_H
1237
1238/* Force use of sys/syslog.h on Ultrix */
1239#undef HAVE_SYS_SYSLOG_H
1240
1241/* Define to 1 if you have the <sys/sysmacros.h> header file. */
1242#undef HAVE_SYS_SYSMACROS_H
1243
1244/* Define to 1 if you have the <sys/timers.h> header file. */
1245#undef HAVE_SYS_TIMERS_H
1246
1247/* Define to 1 if you have the <sys/time.h> header file. */
1248#undef HAVE_SYS_TIME_H
1249
1250/* Define to 1 if you have the <sys/types.h> header file. */
1251#undef HAVE_SYS_TYPES_H
1252
1253/* Define to 1 if you have the <sys/un.h> header file. */
1254#undef HAVE_SYS_UN_H
1255
1256/* Define to 1 if you have the `tcgetpgrp' function. */
1257#undef HAVE_TCGETPGRP
1258
1259/* Define to 1 if you have the `tcsendbreak' function. */
1260#undef HAVE_TCSENDBREAK
1261
1262/* Define to 1 if you have the `time' function. */
1263#undef HAVE_TIME
1264
1265/* Define to 1 if you have the <time.h> header file. */
1266#undef HAVE_TIME_H
1267
1268/* Define if you have ut_time in utmp.h */
1269#undef HAVE_TIME_IN_UTMP
1270
1271/* Define if you have ut_time in utmpx.h */
1272#undef HAVE_TIME_IN_UTMPX
1273
1274/* Define to 1 if you have the `timingsafe_bcmp' function. */
1275#undef HAVE_TIMINGSAFE_BCMP
1276
1277/* Define to 1 if you have the <tmpdir.h> header file. */
1278#undef HAVE_TMPDIR_H
1279
1280/* Define to 1 if you have the `truncate' function. */
1281#undef HAVE_TRUNCATE
1282
1283/* Define to 1 if you have the <ttyent.h> header file. */
1284#undef HAVE_TTYENT_H
1285
1286/* Define if you have ut_tv in utmp.h */
1287#undef HAVE_TV_IN_UTMP
1288
1289/* Define if you have ut_tv in utmpx.h */
1290#undef HAVE_TV_IN_UTMPX
1291
1292/* Define if you have ut_type in utmp.h */
1293#undef HAVE_TYPE_IN_UTMP
1294
1295/* Define if you have ut_type in utmpx.h */
1296#undef HAVE_TYPE_IN_UTMPX
1297
1298/* Define to 1 if you have the <ucred.h> header file. */
1299#undef HAVE_UCRED_H
1300
1301/* Define to 1 if the system has the type `uintmax_t'. */
1302#undef HAVE_UINTMAX_T
1303
1304/* define if you have uintxx_t data type */
1305#undef HAVE_UINTXX_T
1306
1307/* Define to 1 if you have the <unistd.h> header file. */
1308#undef HAVE_UNISTD_H
1309
1310/* Define to 1 if you have the `unsetenv' function. */
1311#undef HAVE_UNSETENV
1312
1313/* Define to 1 if the system has the type `unsigned long long'. */
1314#undef HAVE_UNSIGNED_LONG_LONG
1315
1316/* Define to 1 if you have the `updwtmp' function. */
1317#undef HAVE_UPDWTMP
1318
1319/* Define to 1 if you have the `updwtmpx' function. */
1320#undef HAVE_UPDWTMPX
1321
1322/* Define to 1 if you have the <usersec.h> header file. */
1323#undef HAVE_USERSEC_H
1324
1325/* Define to 1 if you have the `user_from_uid' function. */
1326#undef HAVE_USER_FROM_UID
1327
1328/* Define to 1 if you have the `usleep' function. */
1329#undef HAVE_USLEEP
1330
1331/* Define to 1 if you have the <util.h> header file. */
1332#undef HAVE_UTIL_H
1333
1334/* Define to 1 if you have the `utimes' function. */
1335#undef HAVE_UTIMES
1336
1337/* Define to 1 if you have the <utime.h> header file. */
1338#undef HAVE_UTIME_H
1339
1340/* Define to 1 if you have the `utmpname' function. */
1341#undef HAVE_UTMPNAME
1342
1343/* Define to 1 if you have the `utmpxname' function. */
1344#undef HAVE_UTMPXNAME
1345
1346/* Define to 1 if you have the <utmpx.h> header file. */
1347#undef HAVE_UTMPX_H
1348
1349/* Define to 1 if you have the <utmp.h> header file. */
1350#undef HAVE_UTMP_H
1351
1352/* define if you have u_char data type */
1353#undef HAVE_U_CHAR
1354
1355/* define if you have u_int data type */
1356#undef HAVE_U_INT
1357
1358/* define if you have u_int64_t data type */
1359#undef HAVE_U_INT64_T
1360
1361/* define if you have u_intxx_t data type */
1362#undef HAVE_U_INTXX_T
1363
1364/* Define to 1 if you have the `vasprintf' function. */
1365#undef HAVE_VASPRINTF
1366
1367/* Define if va_copy exists */
1368#undef HAVE_VA_COPY
1369
1370/* Define to 1 if you have the <vis.h> header file. */
1371#undef HAVE_VIS_H
1372
1373/* Define to 1 if you have the `vsnprintf' function. */
1374#undef HAVE_VSNPRINTF
1375
1376/* Define to 1 if you have the `waitpid' function. */
1377#undef HAVE_WAITPID
1378
1379/* Define to 1 if you have the `warn' function. */
1380#undef HAVE_WARN
1381
1382/* Define to 1 if you have the <wchar.h> header file. */
1383#undef HAVE_WCHAR_H
1384
1385/* Define to 1 if you have the `wcwidth' function. */
1386#undef HAVE_WCWIDTH
1387
1388/* Define to 1 if you have the `_getlong' function. */
1389#undef HAVE__GETLONG
1390
1391/* Define to 1 if you have the `_getpty' function. */
1392#undef HAVE__GETPTY
1393
1394/* Define to 1 if you have the `_getshort' function. */
1395#undef HAVE__GETSHORT
1396
1397/* Define if you have struct __res_state _res as an extern */
1398#undef HAVE__RES_EXTERN
1399
1400/* Define to 1 if you have the `__b64_ntop' function. */
1401#undef HAVE___B64_NTOP
1402
1403/* Define to 1 if you have the `__b64_pton' function. */
1404#undef HAVE___B64_PTON
1405
1406/* Define if compiler implements __FUNCTION__ */
1407#undef HAVE___FUNCTION__
1408
1409/* Define if libc defines __progname */
1410#undef HAVE___PROGNAME
1411
1412/* Fields in struct sockaddr_storage */
1413#undef HAVE___SS_FAMILY_IN_SS
1414
1415/* Define if __va_copy exists */
1416#undef HAVE___VA_COPY
1417
1418/* Define if compiler implements __func__ */
1419#undef HAVE___func__
1420
1421/* Define this if you are using the Heimdal version of Kerberos V5 */
1422#undef HEIMDAL
1423
1424/* Define if you need to use IP address instead of hostname in $DISPLAY */
1425#undef IPADDR_IN_DISPLAY
1426
1427/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
1428#undef IPV4_IN_IPV6
1429
1430/* Define if your system choked on IP TOS setting */
1431#undef IP_TOS_IS_BROKEN
1432
1433/* Define if you want Kerberos 5 support */
1434#undef KRB5
1435
1436/* Define if pututxline updates lastlog too */
1437#undef LASTLOG_WRITE_PUTUTXLINE
1438
1439/* Define to whatever link() returns for "not supported" if it doesn't return
1440 EOPNOTSUPP. */
1441#undef LINK_OPNOTSUPP_ERRNO
1442
1443/* Adjust Linux out-of-memory killer */
1444#undef LINUX_OOM_ADJUST
1445
1446/* max value of long long calculated by configure */
1447#undef LLONG_MAX
1448
1449/* min value of long long calculated by configure */
1450#undef LLONG_MIN
1451
1452/* Account locked with pw(1) */
1453#undef LOCKED_PASSWD_PREFIX
1454
1455/* String used in /etc/passwd to denote locked account */
1456#undef LOCKED_PASSWD_STRING
1457
1458/* String used in /etc/passwd to denote locked account */
1459#undef LOCKED_PASSWD_SUBSTR
1460
1461/* Some systems need a utmpx entry for /bin/login to work */
1462#undef LOGIN_NEEDS_UTMPX
1463
1464/* Set this to your mail directory if you do not have _PATH_MAILDIR */
1465#undef MAIL_DIRECTORY
1466
1467/* Need setpgrp to acquire controlling tty */
1468#undef NEED_SETPGRP
1469
1470/* compiler does not accept __attribute__ on return types */
1471#undef NO_ATTRIBUTE_ON_RETURN_TYPE
1472
1473/* Define if you don't want to use lastlog in session.c */
1474#undef NO_SSH_LASTLOG
1475
1476/* Define to disable UID restoration test */
1477#undef NO_UID_RESTORATION_TEST
1478
1479/* Define if X11 doesn't support AF_UNIX sockets on that system */
1480#undef NO_X11_UNIX_SOCKETS
1481
1482/* Define if EVP_DigestUpdate returns void */
1483#undef OPENSSL_EVP_DIGESTUPDATE_VOID
1484
1485/* OpenSSL has ECC */
1486#undef OPENSSL_HAS_ECC
1487
1488/* libcrypto has NID_X9_62_prime256v1 */
1489#undef OPENSSL_HAS_NISTP256
1490
1491/* libcrypto has NID_secp384r1 */
1492#undef OPENSSL_HAS_NISTP384
1493
1494/* libcrypto has NID_secp521r1 */
1495#undef OPENSSL_HAS_NISTP521
1496
1497/* libcrypto has EVP AES CTR */
1498#undef OPENSSL_HAVE_EVPCTR
1499
1500/* libcrypto has EVP AES GCM */
1501#undef OPENSSL_HAVE_EVPGCM
1502
1503/* libcrypto is missing AES 192 and 256 bit functions */
1504#undef OPENSSL_LOBOTOMISED_AES
1505
1506/* Define if you want the OpenSSL internally seeded PRNG only */
1507#undef OPENSSL_PRNG_ONLY
1508
1509/* Define to the address where bug reports for this package should be sent. */
1510#undef PACKAGE_BUGREPORT
1511
1512/* Define to the full name of this package. */
1513#undef PACKAGE_NAME
1514
1515/* Define to the full name and version of this package. */
1516#undef PACKAGE_STRING
1517
1518/* Define to the one symbol short name of this package. */
1519#undef PACKAGE_TARNAME
1520
1521/* Define to the home page for this package. */
1522#undef PACKAGE_URL
1523
1524/* Define to the version of this package. */
1525#undef PACKAGE_VERSION
1526
1527/* Define if you are using Solaris-derived PAM which passes pam_messages to
1528 the conversation function with an extra level of indirection */
1529#undef PAM_SUN_CODEBASE
1530
1531/* Work around problematic Linux PAM modules handling of PAM_TTY */
1532#undef PAM_TTY_KLUDGE
1533
1534/* must supply username to passwd */
1535#undef PASSWD_NEEDS_USERNAME
1536
1537/* System dirs owned by bin (uid 2) */
1538#undef PLATFORM_SYS_DIR_UID
1539
1540/* Port number of PRNGD/EGD random number socket */
1541#undef PRNGD_PORT
1542
1543/* Location of PRNGD/EGD random number socket */
1544#undef PRNGD_SOCKET
1545
1546/* read(1) can return 0 for a non-closed fd */
1547#undef PTY_ZEROREAD
1548
1549/* Sandbox using capsicum */
1550#undef SANDBOX_CAPSICUM
1551
1552/* Sandbox using Darwin sandbox_init(3) */
1553#undef SANDBOX_DARWIN
1554
1555/* no privsep sandboxing */
1556#undef SANDBOX_NULL
1557
1558/* Sandbox using pledge(2) */
1559#undef SANDBOX_PLEDGE
1560
1561/* Sandbox using setrlimit(2) */
1562#undef SANDBOX_RLIMIT
1563
1564/* Sandbox using seccomp filter */
1565#undef SANDBOX_SECCOMP_FILTER
1566
1567/* setrlimit RLIMIT_FSIZE works */
1568#undef SANDBOX_SKIP_RLIMIT_FSIZE
1569
1570/* define if setrlimit RLIMIT_NOFILE breaks things */
1571#undef SANDBOX_SKIP_RLIMIT_NOFILE
1572
1573/* Sandbox using Solaris/Illumos privileges */
1574#undef SANDBOX_SOLARIS
1575
1576/* Sandbox using systrace(4) */
1577#undef SANDBOX_SYSTRACE
1578
1579/* Specify the system call convention in use */
1580#undef SECCOMP_AUDIT_ARCH
1581
1582/* Define if your platform breaks doing a seteuid before a setuid */
1583#undef SETEUID_BREAKS_SETUID
1584
1585/* The size of `int', as computed by sizeof. */
1586#undef SIZEOF_INT
1587
1588/* The size of `long int', as computed by sizeof. */
1589#undef SIZEOF_LONG_INT
1590
1591/* The size of `long long int', as computed by sizeof. */
1592#undef SIZEOF_LONG_LONG_INT
1593
1594/* The size of `short int', as computed by sizeof. */
1595#undef SIZEOF_SHORT_INT
1596
1597/* Define if you want S/Key support */
1598#undef SKEY
1599
1600/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
1601#undef SKEYCHALLENGE_4ARG
1602
1603/* Define as const if snprintf() can declare const char *fmt */
1604#undef SNPRINTF_CONST
1605
1606/* Define to a Set Process Title type if your system is supported by
1607 bsd-setproctitle.c */
1608#undef SPT_TYPE
1609
1610/* Define if sshd somehow reacquires a controlling TTY after setsid() */
1611#undef SSHD_ACQUIRES_CTTY
1612
1613/* sshd PAM service name */
1614#undef SSHD_PAM_SERVICE
1615
1616/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
1617#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
1618
1619/* Use audit debugging module */
1620#undef SSH_AUDIT_EVENTS
1621
1622/* Windows is sensitive to read buffer size */
1623#undef SSH_IOBUFSZ
1624
1625/* non-privileged user for privilege separation */
1626#undef SSH_PRIVSEP_USER
1627
1628/* Use tunnel device compatibility to OpenBSD */
1629#undef SSH_TUN_COMPAT_AF
1630
1631/* Open tunnel devices the FreeBSD way */
1632#undef SSH_TUN_FREEBSD
1633
1634/* Open tunnel devices the Linux tun/tap way */
1635#undef SSH_TUN_LINUX
1636
1637/* No layer 2 tunnel support */
1638#undef SSH_TUN_NO_L2
1639
1640/* Open tunnel devices the OpenBSD way */
1641#undef SSH_TUN_OPENBSD
1642
1643/* Prepend the address family to IP tunnel traffic */
1644#undef SSH_TUN_PREPEND_AF
1645
1646/* Define to 1 if you have the ANSI C header files. */
1647#undef STDC_HEADERS
1648
1649/* Define if you want a different $PATH for the superuser */
1650#undef SUPERUSER_PATH
1651
1652/* syslog_r function is safe to use in in a signal handler */
1653#undef SYSLOG_R_SAFE_IN_SIGHAND
1654
1655/* Support passwords > 8 chars */
1656#undef UNIXWARE_LONG_PASSWORDS
1657
1658/* Specify default $PATH */
1659#undef USER_PATH
1660
1661/* Define this if you want to use libkafs' AFS support */
1662#undef USE_AFS
1663
1664/* Use BSM audit module */
1665#undef USE_BSM_AUDIT
1666
1667/* Use btmp to log bad logins */
1668#undef USE_BTMP
1669
1670/* Use libedit for sftp */
1671#undef USE_LIBEDIT
1672
1673/* Use Linux audit module */
1674#undef USE_LINUX_AUDIT
1675
1676/* Enable OpenSSL engine support */
1677#undef USE_OPENSSL_ENGINE
1678
1679/* Define if you want to enable PAM support */
1680#undef USE_PAM
1681
1682/* Use PIPES instead of a socketpair() */
1683#undef USE_PIPES
1684
1685/* Define if you have Solaris privileges */
1686#undef USE_SOLARIS_PRIVS
1687
1688/* Define if you have Solaris process contracts */
1689#undef USE_SOLARIS_PROCESS_CONTRACTS
1690
1691/* Define if you have Solaris projects */
1692#undef USE_SOLARIS_PROJECTS
1693
1694/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
1695#undef WITH_ABBREV_NO_TTY
1696
1697/* Define if you want to enable AIX4's authenticate function */
1698#undef WITH_AIXAUTHENTICATE
1699
1700/* Define if you have/want arrays (cluster-wide session managment, not C
1701 arrays) */
1702#undef WITH_IRIX_ARRAY
1703
1704/* Define if you want IRIX audit trails */
1705#undef WITH_IRIX_AUDIT
1706
1707/* Define if you want IRIX kernel jobs */
1708#undef WITH_IRIX_JOBS
1709
1710/* Define if you want IRIX project management */
1711#undef WITH_IRIX_PROJECT
1712
1713/* use libcrypto for cryptography */
1714#undef WITH_OPENSSL
1715
1716/* Define if you want SELinux support. */
1717#undef WITH_SELINUX
1718
1719/* include SSH protocol version 1 support */
1720#undef WITH_SSH1
1721
1722/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
1723 significant byte first (like Motorola and SPARC, unlike Intel). */
1724#if defined AC_APPLE_UNIVERSAL_BUILD
1725# if defined __BIG_ENDIAN__
1726# define WORDS_BIGENDIAN 1
1727# endif
1728#else
1729# ifndef WORDS_BIGENDIAN
1730# undef WORDS_BIGENDIAN
1731# endif
1732#endif
1733
1734/* Define if xauth is found in your path */
1735#undef XAUTH_PATH
1736
1737/* Enable large inode numbers on Mac OS X 10.5. */
1738#ifndef _DARWIN_USE_64_BIT_INODE
1739# define _DARWIN_USE_64_BIT_INODE 1
1740#endif
1741
1742/* Number of bits in a file offset, on hosts where this is settable. */
1743#undef _FILE_OFFSET_BITS
1744
1745/* Define for large files, on AIX-style hosts. */
1746#undef _LARGE_FILES
1747
1748/* log for bad login attempts */
1749#undef _PATH_BTMP
1750
1751/* Full path of your "passwd" program */
1752#undef _PATH_PASSWD_PROG
1753
1754/* Specify location of ssh.pid */
1755#undef _PATH_SSH_PIDDIR
1756
1757/* Define if we don't have struct __res_state in resolv.h */
1758#undef __res_state
1759
1760/* Define to `__inline__' or `__inline' if that's what the C compiler
1761 calls it, or to nothing if 'inline' is not supported under any name. */
1762#ifndef __cplusplus
1763#undef inline
1764#endif
1765
1766/* type to use in place of socklen_t if not defined */
1767#undef socklen_t
diff --git a/configure b/configure
new file mode 100755
index 000000000..ec3a98ffc
--- /dev/null
+++ b/configure
@@ -0,0 +1,20337 @@
1#! /bin/sh
2# From configure.ac Revision: 1.583 .
3# Guess values for system-dependent variables and create Makefiles.
4# Generated by GNU Autoconf 2.69 for OpenSSH Portable.
5#
6# Report bugs to <openssh-unix-dev@mindrot.org>.
7#
8#
9# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
10#
11#
12# This configure script is free software; the Free Software Foundation
13# gives unlimited permission to copy, distribute and modify it.
14## -------------------- ##
15## M4sh Initialization. ##
16## -------------------- ##
17
18# Be more Bourne compatible
19DUALCASE=1; export DUALCASE # for MKS sh
20if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
21 emulate sh
22 NULLCMD=:
23 # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
24 # is contrary to our usage. Disable this feature.
25 alias -g '${1+"$@"}'='"$@"'
26 setopt NO_GLOB_SUBST
27else
28 case `(set -o) 2>/dev/null` in #(
29 *posix*) :
30 set -o posix ;; #(
31 *) :
32 ;;
33esac
34fi
35
36
37as_nl='
38'
39export as_nl
40# Printing a long string crashes Solaris 7 /usr/bin/printf.
41as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
42as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
43as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
44# Prefer a ksh shell builtin over an external printf program on Solaris,
45# but without wasting forks for bash or zsh.
46if test -z "$BASH_VERSION$ZSH_VERSION" \
47 && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
48 as_echo='print -r --'
49 as_echo_n='print -rn --'
50elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
51 as_echo='printf %s\n'
52 as_echo_n='printf %s'
53else
54 if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
55 as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
56 as_echo_n='/usr/ucb/echo -n'
57 else
58 as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
59 as_echo_n_body='eval
60 arg=$1;
61 case $arg in #(
62 *"$as_nl"*)
63 expr "X$arg" : "X\\(.*\\)$as_nl";
64 arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
65 esac;
66 expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
67 '
68 export as_echo_n_body
69 as_echo_n='sh -c $as_echo_n_body as_echo'
70 fi
71 export as_echo_body
72 as_echo='sh -c $as_echo_body as_echo'
73fi
74
75# The user is always right.
76if test "${PATH_SEPARATOR+set}" != set; then
77 PATH_SEPARATOR=:
78 (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
79 (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
80 PATH_SEPARATOR=';'
81 }
82fi
83
84
85# IFS
86# We need space, tab and new line, in precisely that order. Quoting is
87# there to prevent editors from complaining about space-tab.
88# (If _AS_PATH_WALK were called with IFS unset, it would disable word
89# splitting by setting IFS to empty value.)
90IFS=" "" $as_nl"
91
92# Find who we are. Look in the path if we contain no directory separator.
93as_myself=
94case $0 in #((
95 *[\\/]* ) as_myself=$0 ;;
96 *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
97for as_dir in $PATH
98do
99 IFS=$as_save_IFS
100 test -z "$as_dir" && as_dir=.
101 test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
102 done
103IFS=$as_save_IFS
104
105 ;;
106esac
107# We did not find ourselves, most probably we were run as `sh COMMAND'
108# in which case we are not to be found in the path.
109if test "x$as_myself" = x; then
110 as_myself=$0
111fi
112if test ! -f "$as_myself"; then
113 $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
114 exit 1
115fi
116
117# Unset variables that we do not need and which cause bugs (e.g. in
118# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
119# suppresses any "Segmentation fault" message there. '((' could
120# trigger a bug in pdksh 5.2.14.
121for as_var in BASH_ENV ENV MAIL MAILPATH
122do eval test x\${$as_var+set} = xset \
123 && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
124done
125PS1='$ '
126PS2='> '
127PS4='+ '
128
129# NLS nuisances.
130LC_ALL=C
131export LC_ALL
132LANGUAGE=C
133export LANGUAGE
134
135# CDPATH.
136(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
137
138# Use a proper internal environment variable to ensure we don't fall
139 # into an infinite loop, continuously re-executing ourselves.
140 if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
141 _as_can_reexec=no; export _as_can_reexec;
142 # We cannot yet assume a decent shell, so we have to provide a
143# neutralization value for shells without unset; and this also
144# works around shells that cannot unset nonexistent variables.
145# Preserve -v and -x to the replacement shell.
146BASH_ENV=/dev/null
147ENV=/dev/null
148(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
149case $- in # ((((
150 *v*x* | *x*v* ) as_opts=-vx ;;
151 *v* ) as_opts=-v ;;
152 *x* ) as_opts=-x ;;
153 * ) as_opts= ;;
154esac
155exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
156# Admittedly, this is quite paranoid, since all the known shells bail
157# out after a failed `exec'.
158$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
159as_fn_exit 255
160 fi
161 # We don't want this to propagate to other subprocesses.
162 { _as_can_reexec=; unset _as_can_reexec;}
163if test "x$CONFIG_SHELL" = x; then
164 as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
165 emulate sh
166 NULLCMD=:
167 # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
168 # is contrary to our usage. Disable this feature.
169 alias -g '\${1+\"\$@\"}'='\"\$@\"'
170 setopt NO_GLOB_SUBST
171else
172 case \`(set -o) 2>/dev/null\` in #(
173 *posix*) :
174 set -o posix ;; #(
175 *) :
176 ;;
177esac
178fi
179"
180 as_required="as_fn_return () { (exit \$1); }
181as_fn_success () { as_fn_return 0; }
182as_fn_failure () { as_fn_return 1; }
183as_fn_ret_success () { return 0; }
184as_fn_ret_failure () { return 1; }
185
186exitcode=0
187as_fn_success || { exitcode=1; echo as_fn_success failed.; }
188as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
189as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
190as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
191if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
192
193else
194 exitcode=1; echo positional parameters were not saved.
195fi
196test x\$exitcode = x0 || exit 1
197test -x / || exit 1"
198 as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
199 as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
200 eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
201 test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
202test \$(( 1 + 1 )) = 2 || exit 1"
203 if (eval "$as_required") 2>/dev/null; then :
204 as_have_required=yes
205else
206 as_have_required=no
207fi
208 if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
209
210else
211 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
212as_found=false
213for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
214do
215 IFS=$as_save_IFS
216 test -z "$as_dir" && as_dir=.
217 as_found=:
218 case $as_dir in #(
219 /*)
220 for as_base in sh bash ksh sh5; do
221 # Try only shells that exist, to save several forks.
222 as_shell=$as_dir/$as_base
223 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
224 { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
225 CONFIG_SHELL=$as_shell as_have_required=yes
226 if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
227 break 2
228fi
229fi
230 done;;
231 esac
232 as_found=false
233done
234$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
235 { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
236 CONFIG_SHELL=$SHELL as_have_required=yes
237fi; }
238IFS=$as_save_IFS
239
240
241 if test "x$CONFIG_SHELL" != x; then :
242 export CONFIG_SHELL
243 # We cannot yet assume a decent shell, so we have to provide a
244# neutralization value for shells without unset; and this also
245# works around shells that cannot unset nonexistent variables.
246# Preserve -v and -x to the replacement shell.
247BASH_ENV=/dev/null
248ENV=/dev/null
249(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
250case $- in # ((((
251 *v*x* | *x*v* ) as_opts=-vx ;;
252 *v* ) as_opts=-v ;;
253 *x* ) as_opts=-x ;;
254 * ) as_opts= ;;
255esac
256exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
257# Admittedly, this is quite paranoid, since all the known shells bail
258# out after a failed `exec'.
259$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
260exit 255
261fi
262
263 if test x$as_have_required = xno; then :
264 $as_echo "$0: This script requires a shell more modern than all"
265 $as_echo "$0: the shells that I found on your system."
266 if test x${ZSH_VERSION+set} = xset ; then
267 $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
268 $as_echo "$0: be upgraded to zsh 4.3.4 or later."
269 else
270 $as_echo "$0: Please tell bug-autoconf@gnu.org and
271$0: openssh-unix-dev@mindrot.org about your system,
272$0: including any error possibly output before this
273$0: message. Then install a modern shell, or manually run
274$0: the script under such a shell if you do have one."
275 fi
276 exit 1
277fi
278fi
279fi
280SHELL=${CONFIG_SHELL-/bin/sh}
281export SHELL
282# Unset more variables known to interfere with behavior of common tools.
283CLICOLOR_FORCE= GREP_OPTIONS=
284unset CLICOLOR_FORCE GREP_OPTIONS
285
286## --------------------- ##
287## M4sh Shell Functions. ##
288## --------------------- ##
289# as_fn_unset VAR
290# ---------------
291# Portably unset VAR.
292as_fn_unset ()
293{
294 { eval $1=; unset $1;}
295}
296as_unset=as_fn_unset
297
298# as_fn_set_status STATUS
299# -----------------------
300# Set $? to STATUS, without forking.
301as_fn_set_status ()
302{
303 return $1
304} # as_fn_set_status
305
306# as_fn_exit STATUS
307# -----------------
308# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
309as_fn_exit ()
310{
311 set +e
312 as_fn_set_status $1
313 exit $1
314} # as_fn_exit
315
316# as_fn_mkdir_p
317# -------------
318# Create "$as_dir" as a directory, including parents if necessary.
319as_fn_mkdir_p ()
320{
321
322 case $as_dir in #(
323 -*) as_dir=./$as_dir;;
324 esac
325 test -d "$as_dir" || eval $as_mkdir_p || {
326 as_dirs=
327 while :; do
328 case $as_dir in #(
329 *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
330 *) as_qdir=$as_dir;;
331 esac
332 as_dirs="'$as_qdir' $as_dirs"
333 as_dir=`$as_dirname -- "$as_dir" ||
334$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
335 X"$as_dir" : 'X\(//\)[^/]' \| \
336 X"$as_dir" : 'X\(//\)$' \| \
337 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
338$as_echo X"$as_dir" |
339 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
340 s//\1/
341 q
342 }
343 /^X\(\/\/\)[^/].*/{
344 s//\1/
345 q
346 }
347 /^X\(\/\/\)$/{
348 s//\1/
349 q
350 }
351 /^X\(\/\).*/{
352 s//\1/
353 q
354 }
355 s/.*/./; q'`
356 test -d "$as_dir" && break
357 done
358 test -z "$as_dirs" || eval "mkdir $as_dirs"
359 } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
360
361
362} # as_fn_mkdir_p
363
364# as_fn_executable_p FILE
365# -----------------------
366# Test if FILE is an executable regular file.
367as_fn_executable_p ()
368{
369 test -f "$1" && test -x "$1"
370} # as_fn_executable_p
371# as_fn_append VAR VALUE
372# ----------------------
373# Append the text in VALUE to the end of the definition contained in VAR. Take
374# advantage of any shell optimizations that allow amortized linear growth over
375# repeated appends, instead of the typical quadratic growth present in naive
376# implementations.
377if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
378 eval 'as_fn_append ()
379 {
380 eval $1+=\$2
381 }'
382else
383 as_fn_append ()
384 {
385 eval $1=\$$1\$2
386 }
387fi # as_fn_append
388
389# as_fn_arith ARG...
390# ------------------
391# Perform arithmetic evaluation on the ARGs, and store the result in the
392# global $as_val. Take advantage of shells that can avoid forks. The arguments
393# must be portable across $(()) and expr.
394if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
395 eval 'as_fn_arith ()
396 {
397 as_val=$(( $* ))
398 }'
399else
400 as_fn_arith ()
401 {
402 as_val=`expr "$@" || test $? -eq 1`
403 }
404fi # as_fn_arith
405
406
407# as_fn_error STATUS ERROR [LINENO LOG_FD]
408# ----------------------------------------
409# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
410# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
411# script with STATUS, using 1 if that was 0.
412as_fn_error ()
413{
414 as_status=$1; test $as_status -eq 0 && as_status=1
415 if test "$4"; then
416 as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
417 $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
418 fi
419 $as_echo "$as_me: error: $2" >&2
420 as_fn_exit $as_status
421} # as_fn_error
422
423if expr a : '\(a\)' >/dev/null 2>&1 &&
424 test "X`expr 00001 : '.*\(...\)'`" = X001; then
425 as_expr=expr
426else
427 as_expr=false
428fi
429
430if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
431 as_basename=basename
432else
433 as_basename=false
434fi
435
436if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
437 as_dirname=dirname
438else
439 as_dirname=false
440fi
441
442as_me=`$as_basename -- "$0" ||
443$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
444 X"$0" : 'X\(//\)$' \| \
445 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
446$as_echo X/"$0" |
447 sed '/^.*\/\([^/][^/]*\)\/*$/{
448 s//\1/
449 q
450 }
451 /^X\/\(\/\/\)$/{
452 s//\1/
453 q
454 }
455 /^X\/\(\/\).*/{
456 s//\1/
457 q
458 }
459 s/.*/./; q'`
460
461# Avoid depending upon Character Ranges.
462as_cr_letters='abcdefghijklmnopqrstuvwxyz'
463as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
464as_cr_Letters=$as_cr_letters$as_cr_LETTERS
465as_cr_digits='0123456789'
466as_cr_alnum=$as_cr_Letters$as_cr_digits
467
468
469 as_lineno_1=$LINENO as_lineno_1a=$LINENO
470 as_lineno_2=$LINENO as_lineno_2a=$LINENO
471 eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
472 test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
473 # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
474 sed -n '
475 p
476 /[$]LINENO/=
477 ' <$as_myself |
478 sed '
479 s/[$]LINENO.*/&-/
480 t lineno
481 b
482 :lineno
483 N
484 :loop
485 s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
486 t loop
487 s/-\n.*//
488 ' >$as_me.lineno &&
489 chmod +x "$as_me.lineno" ||
490 { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
491
492 # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
493 # already done that, so ensure we don't try to do so again and fall
494 # in an infinite loop. This has already happened in practice.
495 _as_can_reexec=no; export _as_can_reexec
496 # Don't try to exec as it changes $[0], causing all sort of problems
497 # (the dirname of $[0] is not the place where we might find the
498 # original and so on. Autoconf is especially sensitive to this).
499 . "./$as_me.lineno"
500 # Exit status is that of the last command.
501 exit
502}
503
504ECHO_C= ECHO_N= ECHO_T=
505case `echo -n x` in #(((((
506-n*)
507 case `echo 'xy\c'` in
508 *c*) ECHO_T=' ';; # ECHO_T is single tab character.
509 xy) ECHO_C='\c';;
510 *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
511 ECHO_T=' ';;
512 esac;;
513*)
514 ECHO_N='-n';;
515esac
516
517rm -f conf$$ conf$$.exe conf$$.file
518if test -d conf$$.dir; then
519 rm -f conf$$.dir/conf$$.file
520else
521 rm -f conf$$.dir
522 mkdir conf$$.dir 2>/dev/null
523fi
524if (echo >conf$$.file) 2>/dev/null; then
525 if ln -s conf$$.file conf$$ 2>/dev/null; then
526 as_ln_s='ln -s'
527 # ... but there are two gotchas:
528 # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
529 # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
530 # In both cases, we have to default to `cp -pR'.
531 ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
532 as_ln_s='cp -pR'
533 elif ln conf$$.file conf$$ 2>/dev/null; then
534 as_ln_s=ln
535 else
536 as_ln_s='cp -pR'
537 fi
538else
539 as_ln_s='cp -pR'
540fi
541rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
542rmdir conf$$.dir 2>/dev/null
543
544if mkdir -p . 2>/dev/null; then
545 as_mkdir_p='mkdir -p "$as_dir"'
546else
547 test -d ./-p && rmdir ./-p
548 as_mkdir_p=false
549fi
550
551as_test_x='test -x'
552as_executable_p=as_fn_executable_p
553
554# Sed expression to map a string onto a valid CPP name.
555as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
556
557# Sed expression to map a string onto a valid variable name.
558as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
559
560
561test -n "$DJDIR" || exec 7<&0 </dev/null
562exec 6>&1
563
564# Name of the host.
565# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
566# so uname gets run too.
567ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
568
569#
570# Initializations.
571#
572ac_default_prefix=/usr/local
573ac_clean_files=
574ac_config_libobj_dir=.
575LIBOBJS=
576cross_compiling=no
577subdirs=
578MFLAGS=
579MAKEFLAGS=
580
581# Identity of this package.
582PACKAGE_NAME='OpenSSH'
583PACKAGE_TARNAME='openssh'
584PACKAGE_VERSION='Portable'
585PACKAGE_STRING='OpenSSH Portable'
586PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org'
587PACKAGE_URL=''
588
589ac_unique_file="ssh.c"
590# Factoring default headers for most tests.
591ac_includes_default="\
592#include <stdio.h>
593#ifdef HAVE_SYS_TYPES_H
594# include <sys/types.h>
595#endif
596#ifdef HAVE_SYS_STAT_H
597# include <sys/stat.h>
598#endif
599#ifdef STDC_HEADERS
600# include <stdlib.h>
601# include <stddef.h>
602#else
603# ifdef HAVE_STDLIB_H
604# include <stdlib.h>
605# endif
606#endif
607#ifdef HAVE_STRING_H
608# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
609# include <memory.h>
610# endif
611# include <string.h>
612#endif
613#ifdef HAVE_STRINGS_H
614# include <strings.h>
615#endif
616#ifdef HAVE_INTTYPES_H
617# include <inttypes.h>
618#endif
619#ifdef HAVE_STDINT_H
620# include <stdint.h>
621#endif
622#ifdef HAVE_UNISTD_H
623# include <unistd.h>
624#endif"
625
626ac_subst_vars='LTLIBOBJS
627LIBOBJS
628UNSUPPORTED_ALGORITHMS
629TEST_MALLOC_OPTIONS
630TEST_SSH_UTF8
631TEST_SSH_IPV6
632piddir
633user_path
634mansubdir
635MANTYPE
636XAUTH_PATH
637STRIP_OPT
638xauth_path
639PRIVSEP_PATH
640K5LIBS
641GSSLIBS
642KRB5CONF
643SSHDLIBS
644SSHLIBS
645SSH_PRIVSEP_USER
646COMMENT_OUT_ECC
647TEST_SSH_ECC
648LIBEDIT
649PKGCONFIG
650COMMENT_OUT_RSA1
651LD
652PATH_PASSWD_PROG
653STARTUP_SCRIPT_SHELL
654MAKE_PACKAGE_SUPPORTED
655PATH_USERADD_PROG
656PATH_GROUPADD_PROG
657MANFMT
658TEST_SHELL
659MANDOC
660NROFF
661GROFF
662SH
663TEST_MINUS_S_SH
664ENT
665SED
666PERL
667KILL
668CAT
669ac_ct_AR
670AR
671INSTALL_DATA
672INSTALL_SCRIPT
673INSTALL_PROGRAM
674RANLIB
675AWK
676EGREP
677GREP
678CPP
679host_os
680host_vendor
681host_cpu
682host
683build_os
684build_vendor
685build_cpu
686build
687OBJEXT
688EXEEXT
689ac_ct_CC
690CPPFLAGS
691LDFLAGS
692CFLAGS
693CC
694target_alias
695host_alias
696build_alias
697LIBS
698ECHO_T
699ECHO_N
700ECHO_C
701DEFS
702mandir
703localedir
704libdir
705psdir
706pdfdir
707dvidir
708htmldir
709infodir
710docdir
711oldincludedir
712includedir
713localstatedir
714sharedstatedir
715sysconfdir
716datadir
717datarootdir
718libexecdir
719sbindir
720bindir
721program_transform_name
722prefix
723exec_prefix
724PACKAGE_URL
725PACKAGE_BUGREPORT
726PACKAGE_STRING
727PACKAGE_VERSION
728PACKAGE_TARNAME
729PACKAGE_NAME
730PATH_SEPARATOR
731SHELL'
732ac_subst_files=''
733ac_user_opts='
734enable_option_checking
735enable_largefile
736with_openssl
737with_ssh1
738with_stackprotect
739with_hardening
740with_rpath
741with_cflags
742with_cppflags
743with_ldflags
744with_libs
745with_Werror
746with_solaris_contracts
747with_solaris_projects
748with_solaris_privs
749with_osfsia
750with_zlib
751with_zlib_version_check
752with_skey
753with_ldns
754with_libedit
755with_audit
756with_pie
757enable_pkcs11
758with_ssl_dir
759with_openssl_header_check
760with_ssl_engine
761with_prngd_port
762with_prngd_socket
763with_pam
764with_pam_service
765with_privsep_user
766with_sandbox
767with_selinux
768with_kerberos5
769with_privsep_path
770with_xauth
771enable_strip
772with_maildir
773with_mantype
774with_md5_passwords
775with_shadow
776with_ipaddr_display
777enable_etc_default_login
778with_default_path
779with_superuser_path
780with_4in6
781with_bsd_auth
782with_pid_dir
783enable_lastlog
784enable_utmp
785enable_utmpx
786enable_wtmp
787enable_wtmpx
788enable_libutil
789enable_pututline
790enable_pututxline
791with_lastlog
792'
793 ac_precious_vars='build_alias
794host_alias
795target_alias
796CC
797CFLAGS
798LDFLAGS
799LIBS
800CPPFLAGS
801CPP'
802
803
804# Initialize some variables set by options.
805ac_init_help=
806ac_init_version=false
807ac_unrecognized_opts=
808ac_unrecognized_sep=
809# The variables have the same names as the options, with
810# dashes changed to underlines.
811cache_file=/dev/null
812exec_prefix=NONE
813no_create=
814no_recursion=
815prefix=NONE
816program_prefix=NONE
817program_suffix=NONE
818program_transform_name=s,x,x,
819silent=
820site=
821srcdir=
822verbose=
823x_includes=NONE
824x_libraries=NONE
825
826# Installation directory options.
827# These are left unexpanded so users can "make install exec_prefix=/foo"
828# and all the variables that are supposed to be based on exec_prefix
829# by default will actually change.
830# Use braces instead of parens because sh, perl, etc. also accept them.
831# (The list follows the same order as the GNU Coding Standards.)
832bindir='${exec_prefix}/bin'
833sbindir='${exec_prefix}/sbin'
834libexecdir='${exec_prefix}/libexec'
835datarootdir='${prefix}/share'
836datadir='${datarootdir}'
837sysconfdir='${prefix}/etc'
838sharedstatedir='${prefix}/com'
839localstatedir='${prefix}/var'
840includedir='${prefix}/include'
841oldincludedir='/usr/include'
842docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
843infodir='${datarootdir}/info'
844htmldir='${docdir}'
845dvidir='${docdir}'
846pdfdir='${docdir}'
847psdir='${docdir}'
848libdir='${exec_prefix}/lib'
849localedir='${datarootdir}/locale'
850mandir='${datarootdir}/man'
851
852ac_prev=
853ac_dashdash=
854for ac_option
855do
856 # If the previous option needs an argument, assign it.
857 if test -n "$ac_prev"; then
858 eval $ac_prev=\$ac_option
859 ac_prev=
860 continue
861 fi
862
863 case $ac_option in
864 *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
865 *=) ac_optarg= ;;
866 *) ac_optarg=yes ;;
867 esac
868
869 # Accept the important Cygnus configure options, so we can diagnose typos.
870
871 case $ac_dashdash$ac_option in
872 --)
873 ac_dashdash=yes ;;
874
875 -bindir | --bindir | --bindi | --bind | --bin | --bi)
876 ac_prev=bindir ;;
877 -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
878 bindir=$ac_optarg ;;
879
880 -build | --build | --buil | --bui | --bu)
881 ac_prev=build_alias ;;
882 -build=* | --build=* | --buil=* | --bui=* | --bu=*)
883 build_alias=$ac_optarg ;;
884
885 -cache-file | --cache-file | --cache-fil | --cache-fi \
886 | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
887 ac_prev=cache_file ;;
888 -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
889 | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
890 cache_file=$ac_optarg ;;
891
892 --config-cache | -C)
893 cache_file=config.cache ;;
894
895 -datadir | --datadir | --datadi | --datad)
896 ac_prev=datadir ;;
897 -datadir=* | --datadir=* | --datadi=* | --datad=*)
898 datadir=$ac_optarg ;;
899
900 -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
901 | --dataroo | --dataro | --datar)
902 ac_prev=datarootdir ;;
903 -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
904 | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
905 datarootdir=$ac_optarg ;;
906
907 -disable-* | --disable-*)
908 ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
909 # Reject names that are not valid shell variable names.
910 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
911 as_fn_error $? "invalid feature name: $ac_useropt"
912 ac_useropt_orig=$ac_useropt
913 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
914 case $ac_user_opts in
915 *"
916"enable_$ac_useropt"
917"*) ;;
918 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
919 ac_unrecognized_sep=', ';;
920 esac
921 eval enable_$ac_useropt=no ;;
922
923 -docdir | --docdir | --docdi | --doc | --do)
924 ac_prev=docdir ;;
925 -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
926 docdir=$ac_optarg ;;
927
928 -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
929 ac_prev=dvidir ;;
930 -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
931 dvidir=$ac_optarg ;;
932
933 -enable-* | --enable-*)
934 ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
935 # Reject names that are not valid shell variable names.
936 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
937 as_fn_error $? "invalid feature name: $ac_useropt"
938 ac_useropt_orig=$ac_useropt
939 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
940 case $ac_user_opts in
941 *"
942"enable_$ac_useropt"
943"*) ;;
944 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
945 ac_unrecognized_sep=', ';;
946 esac
947 eval enable_$ac_useropt=\$ac_optarg ;;
948
949 -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
950 | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
951 | --exec | --exe | --ex)
952 ac_prev=exec_prefix ;;
953 -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
954 | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
955 | --exec=* | --exe=* | --ex=*)
956 exec_prefix=$ac_optarg ;;
957
958 -gas | --gas | --ga | --g)
959 # Obsolete; use --with-gas.
960 with_gas=yes ;;
961
962 -help | --help | --hel | --he | -h)
963 ac_init_help=long ;;
964 -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
965 ac_init_help=recursive ;;
966 -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
967 ac_init_help=short ;;
968
969 -host | --host | --hos | --ho)
970 ac_prev=host_alias ;;
971 -host=* | --host=* | --hos=* | --ho=*)
972 host_alias=$ac_optarg ;;
973
974 -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
975 ac_prev=htmldir ;;
976 -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
977 | --ht=*)
978 htmldir=$ac_optarg ;;
979
980 -includedir | --includedir | --includedi | --included | --include \
981 | --includ | --inclu | --incl | --inc)
982 ac_prev=includedir ;;
983 -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
984 | --includ=* | --inclu=* | --incl=* | --inc=*)
985 includedir=$ac_optarg ;;
986
987 -infodir | --infodir | --infodi | --infod | --info | --inf)
988 ac_prev=infodir ;;
989 -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
990 infodir=$ac_optarg ;;
991
992 -libdir | --libdir | --libdi | --libd)
993 ac_prev=libdir ;;
994 -libdir=* | --libdir=* | --libdi=* | --libd=*)
995 libdir=$ac_optarg ;;
996
997 -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
998 | --libexe | --libex | --libe)
999 ac_prev=libexecdir ;;
1000 -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
1001 | --libexe=* | --libex=* | --libe=*)
1002 libexecdir=$ac_optarg ;;
1003
1004 -localedir | --localedir | --localedi | --localed | --locale)
1005 ac_prev=localedir ;;
1006 -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
1007 localedir=$ac_optarg ;;
1008
1009 -localstatedir | --localstatedir | --localstatedi | --localstated \
1010 | --localstate | --localstat | --localsta | --localst | --locals)
1011 ac_prev=localstatedir ;;
1012 -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
1013 | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
1014 localstatedir=$ac_optarg ;;
1015
1016 -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
1017 ac_prev=mandir ;;
1018 -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
1019 mandir=$ac_optarg ;;
1020
1021 -nfp | --nfp | --nf)
1022 # Obsolete; use --without-fp.
1023 with_fp=no ;;
1024
1025 -no-create | --no-create | --no-creat | --no-crea | --no-cre \
1026 | --no-cr | --no-c | -n)
1027 no_create=yes ;;
1028
1029 -no-recursion | --no-recursion | --no-recursio | --no-recursi \
1030 | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
1031 no_recursion=yes ;;
1032
1033 -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
1034 | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
1035 | --oldin | --oldi | --old | --ol | --o)
1036 ac_prev=oldincludedir ;;
1037 -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
1038 | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
1039 | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
1040 oldincludedir=$ac_optarg ;;
1041
1042 -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
1043 ac_prev=prefix ;;
1044 -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
1045 prefix=$ac_optarg ;;
1046
1047 -program-prefix | --program-prefix | --program-prefi | --program-pref \
1048 | --program-pre | --program-pr | --program-p)
1049 ac_prev=program_prefix ;;
1050 -program-prefix=* | --program-prefix=* | --program-prefi=* \
1051 | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
1052 program_prefix=$ac_optarg ;;
1053
1054 -program-suffix | --program-suffix | --program-suffi | --program-suff \
1055 | --program-suf | --program-su | --program-s)
1056 ac_prev=program_suffix ;;
1057 -program-suffix=* | --program-suffix=* | --program-suffi=* \
1058 | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
1059 program_suffix=$ac_optarg ;;
1060
1061 -program-transform-name | --program-transform-name \
1062 | --program-transform-nam | --program-transform-na \
1063 | --program-transform-n | --program-transform- \
1064 | --program-transform | --program-transfor \
1065 | --program-transfo | --program-transf \
1066 | --program-trans | --program-tran \
1067 | --progr-tra | --program-tr | --program-t)
1068 ac_prev=program_transform_name ;;
1069 -program-transform-name=* | --program-transform-name=* \
1070 | --program-transform-nam=* | --program-transform-na=* \
1071 | --program-transform-n=* | --program-transform-=* \
1072 | --program-transform=* | --program-transfor=* \
1073 | --program-transfo=* | --program-transf=* \
1074 | --program-trans=* | --program-tran=* \
1075 | --progr-tra=* | --program-tr=* | --program-t=*)
1076 program_transform_name=$ac_optarg ;;
1077
1078 -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
1079 ac_prev=pdfdir ;;
1080 -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
1081 pdfdir=$ac_optarg ;;
1082
1083 -psdir | --psdir | --psdi | --psd | --ps)
1084 ac_prev=psdir ;;
1085 -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
1086 psdir=$ac_optarg ;;
1087
1088 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
1089 | -silent | --silent | --silen | --sile | --sil)
1090 silent=yes ;;
1091
1092 -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
1093 ac_prev=sbindir ;;
1094 -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
1095 | --sbi=* | --sb=*)
1096 sbindir=$ac_optarg ;;
1097
1098 -sharedstatedir | --sharedstatedir | --sharedstatedi \
1099 | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
1100 | --sharedst | --shareds | --shared | --share | --shar \
1101 | --sha | --sh)
1102 ac_prev=sharedstatedir ;;
1103 -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
1104 | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
1105 | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
1106 | --sha=* | --sh=*)
1107 sharedstatedir=$ac_optarg ;;
1108
1109 -site | --site | --sit)
1110 ac_prev=site ;;
1111 -site=* | --site=* | --sit=*)
1112 site=$ac_optarg ;;
1113
1114 -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
1115 ac_prev=srcdir ;;
1116 -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
1117 srcdir=$ac_optarg ;;
1118
1119 -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
1120 | --syscon | --sysco | --sysc | --sys | --sy)
1121 ac_prev=sysconfdir ;;
1122 -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
1123 | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
1124 sysconfdir=$ac_optarg ;;
1125
1126 -target | --target | --targe | --targ | --tar | --ta | --t)
1127 ac_prev=target_alias ;;
1128 -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
1129 target_alias=$ac_optarg ;;
1130
1131 -v | -verbose | --verbose | --verbos | --verbo | --verb)
1132 verbose=yes ;;
1133
1134 -version | --version | --versio | --versi | --vers | -V)
1135 ac_init_version=: ;;
1136
1137 -with-* | --with-*)
1138 ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
1139 # Reject names that are not valid shell variable names.
1140 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1141 as_fn_error $? "invalid package name: $ac_useropt"
1142 ac_useropt_orig=$ac_useropt
1143 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1144 case $ac_user_opts in
1145 *"
1146"with_$ac_useropt"
1147"*) ;;
1148 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
1149 ac_unrecognized_sep=', ';;
1150 esac
1151 eval with_$ac_useropt=\$ac_optarg ;;
1152
1153 -without-* | --without-*)
1154 ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
1155 # Reject names that are not valid shell variable names.
1156 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1157 as_fn_error $? "invalid package name: $ac_useropt"
1158 ac_useropt_orig=$ac_useropt
1159 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1160 case $ac_user_opts in
1161 *"
1162"with_$ac_useropt"
1163"*) ;;
1164 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
1165 ac_unrecognized_sep=', ';;
1166 esac
1167 eval with_$ac_useropt=no ;;
1168
1169 --x)
1170 # Obsolete; use --with-x.
1171 with_x=yes ;;
1172
1173 -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
1174 | --x-incl | --x-inc | --x-in | --x-i)
1175 ac_prev=x_includes ;;
1176 -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
1177 | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
1178 x_includes=$ac_optarg ;;
1179
1180 -x-libraries | --x-libraries | --x-librarie | --x-librari \
1181 | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
1182 ac_prev=x_libraries ;;
1183 -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
1184 | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
1185 x_libraries=$ac_optarg ;;
1186
1187 -*) as_fn_error $? "unrecognized option: \`$ac_option'
1188Try \`$0 --help' for more information"
1189 ;;
1190
1191 *=*)
1192 ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
1193 # Reject names that are not valid shell variable names.
1194 case $ac_envvar in #(
1195 '' | [0-9]* | *[!_$as_cr_alnum]* )
1196 as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
1197 esac
1198 eval $ac_envvar=\$ac_optarg
1199 export $ac_envvar ;;
1200
1201 *)
1202 # FIXME: should be removed in autoconf 3.0.
1203 $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
1204 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
1205 $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
1206 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
1207 ;;
1208
1209 esac
1210done
1211
1212if test -n "$ac_prev"; then
1213 ac_option=--`echo $ac_prev | sed 's/_/-/g'`
1214 as_fn_error $? "missing argument to $ac_option"
1215fi
1216
1217if test -n "$ac_unrecognized_opts"; then
1218 case $enable_option_checking in
1219 no) ;;
1220 fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
1221 *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
1222 esac
1223fi
1224
1225# Check all directory arguments for consistency.
1226for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
1227 datadir sysconfdir sharedstatedir localstatedir includedir \
1228 oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
1229 libdir localedir mandir
1230do
1231 eval ac_val=\$$ac_var
1232 # Remove trailing slashes.
1233 case $ac_val in
1234 */ )
1235 ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
1236 eval $ac_var=\$ac_val;;
1237 esac
1238 # Be sure to have absolute directory names.
1239 case $ac_val in
1240 [\\/$]* | ?:[\\/]* ) continue;;
1241 NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
1242 esac
1243 as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
1244done
1245
1246# There might be people who depend on the old broken behavior: `$host'
1247# used to hold the argument of --host etc.
1248# FIXME: To remove some day.
1249build=$build_alias
1250host=$host_alias
1251target=$target_alias
1252
1253# FIXME: To remove some day.
1254if test "x$host_alias" != x; then
1255 if test "x$build_alias" = x; then
1256 cross_compiling=maybe
1257 elif test "x$build_alias" != "x$host_alias"; then
1258 cross_compiling=yes
1259 fi
1260fi
1261
1262ac_tool_prefix=
1263test -n "$host_alias" && ac_tool_prefix=$host_alias-
1264
1265test "$silent" = yes && exec 6>/dev/null
1266
1267
1268ac_pwd=`pwd` && test -n "$ac_pwd" &&
1269ac_ls_di=`ls -di .` &&
1270ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
1271 as_fn_error $? "working directory cannot be determined"
1272test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
1273 as_fn_error $? "pwd does not report name of working directory"
1274
1275
1276# Find the source files, if location was not specified.
1277if test -z "$srcdir"; then
1278 ac_srcdir_defaulted=yes
1279 # Try the directory containing this script, then the parent directory.
1280 ac_confdir=`$as_dirname -- "$as_myself" ||
1281$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1282 X"$as_myself" : 'X\(//\)[^/]' \| \
1283 X"$as_myself" : 'X\(//\)$' \| \
1284 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
1285$as_echo X"$as_myself" |
1286 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
1287 s//\1/
1288 q
1289 }
1290 /^X\(\/\/\)[^/].*/{
1291 s//\1/
1292 q
1293 }
1294 /^X\(\/\/\)$/{
1295 s//\1/
1296 q
1297 }
1298 /^X\(\/\).*/{
1299 s//\1/
1300 q
1301 }
1302 s/.*/./; q'`
1303 srcdir=$ac_confdir
1304 if test ! -r "$srcdir/$ac_unique_file"; then
1305 srcdir=..
1306 fi
1307else
1308 ac_srcdir_defaulted=no
1309fi
1310if test ! -r "$srcdir/$ac_unique_file"; then
1311 test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
1312 as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
1313fi
1314ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
1315ac_abs_confdir=`(
1316 cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
1317 pwd)`
1318# When building in place, set srcdir=.
1319if test "$ac_abs_confdir" = "$ac_pwd"; then
1320 srcdir=.
1321fi
1322# Remove unnecessary trailing slashes from srcdir.
1323# Double slashes in file names in object file debugging info
1324# mess up M-x gdb in Emacs.
1325case $srcdir in
1326*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
1327esac
1328for ac_var in $ac_precious_vars; do
1329 eval ac_env_${ac_var}_set=\${${ac_var}+set}
1330 eval ac_env_${ac_var}_value=\$${ac_var}
1331 eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
1332 eval ac_cv_env_${ac_var}_value=\$${ac_var}
1333done
1334
1335#
1336# Report the --help message.
1337#
1338if test "$ac_init_help" = "long"; then
1339 # Omit some internal or obsolete options to make the list less imposing.
1340 # This message is too long to be a string in the A/UX 3.1 sh.
1341 cat <<_ACEOF
1342\`configure' configures OpenSSH Portable to adapt to many kinds of systems.
1343
1344Usage: $0 [OPTION]... [VAR=VALUE]...
1345
1346To assign environment variables (e.g., CC, CFLAGS...), specify them as
1347VAR=VALUE. See below for descriptions of some of the useful variables.
1348
1349Defaults for the options are specified in brackets.
1350
1351Configuration:
1352 -h, --help display this help and exit
1353 --help=short display options specific to this package
1354 --help=recursive display the short help of all the included packages
1355 -V, --version display version information and exit
1356 -q, --quiet, --silent do not print \`checking ...' messages
1357 --cache-file=FILE cache test results in FILE [disabled]
1358 -C, --config-cache alias for \`--cache-file=config.cache'
1359 -n, --no-create do not create output files
1360 --srcdir=DIR find the sources in DIR [configure dir or \`..']
1361
1362Installation directories:
1363 --prefix=PREFIX install architecture-independent files in PREFIX
1364 [$ac_default_prefix]
1365 --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
1366 [PREFIX]
1367
1368By default, \`make install' will install all the files in
1369\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
1370an installation prefix other than \`$ac_default_prefix' using \`--prefix',
1371for instance \`--prefix=\$HOME'.
1372
1373For better control, use the options below.
1374
1375Fine tuning of the installation directories:
1376 --bindir=DIR user executables [EPREFIX/bin]
1377 --sbindir=DIR system admin executables [EPREFIX/sbin]
1378 --libexecdir=DIR program executables [EPREFIX/libexec]
1379 --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
1380 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
1381 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
1382 --libdir=DIR object code libraries [EPREFIX/lib]
1383 --includedir=DIR C header files [PREFIX/include]
1384 --oldincludedir=DIR C header files for non-gcc [/usr/include]
1385 --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
1386 --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
1387 --infodir=DIR info documentation [DATAROOTDIR/info]
1388 --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
1389 --mandir=DIR man documentation [DATAROOTDIR/man]
1390 --docdir=DIR documentation root [DATAROOTDIR/doc/openssh]
1391 --htmldir=DIR html documentation [DOCDIR]
1392 --dvidir=DIR dvi documentation [DOCDIR]
1393 --pdfdir=DIR pdf documentation [DOCDIR]
1394 --psdir=DIR ps documentation [DOCDIR]
1395_ACEOF
1396
1397 cat <<\_ACEOF
1398
1399System types:
1400 --build=BUILD configure for building on BUILD [guessed]
1401 --host=HOST cross-compile to build programs to run on HOST [BUILD]
1402_ACEOF
1403fi
1404
1405if test -n "$ac_init_help"; then
1406 case $ac_init_help in
1407 short | recursive ) echo "Configuration of OpenSSH Portable:";;
1408 esac
1409 cat <<\_ACEOF
1410
1411Optional Features:
1412 --disable-option-checking ignore unrecognized --enable/--with options
1413 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
1414 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1415 --disable-largefile omit support for large files
1416 --disable-pkcs11 disable PKCS#11 support code [no]
1417 --disable-strip Disable calling strip(1) on install
1418 --disable-etc-default-login Disable using PATH from /etc/default/login no
1419 --disable-lastlog disable use of lastlog even if detected no
1420 --disable-utmp disable use of utmp even if detected no
1421 --disable-utmpx disable use of utmpx even if detected no
1422 --disable-wtmp disable use of wtmp even if detected no
1423 --disable-wtmpx disable use of wtmpx even if detected no
1424 --disable-libutil disable use of libutil (login() etc.) no
1425 --disable-pututline disable use of pututline() etc. (uwtmp) no
1426 --disable-pututxline disable use of pututxline() etc. (uwtmpx) no
1427
1428Optional Packages:
1429 --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
1430 --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
1431 --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL**
1432 --with-ssh1 Enable support for SSH protocol 1
1433 --without-stackprotect Don't use compiler's stack protection
1434 --without-hardening Don't use toolchain hardening flags
1435 --without-rpath Disable auto-added -R linker paths
1436 --with-cflags Specify additional flags to pass to compiler
1437 --with-cppflags Specify additional flags to pass to preprocessor
1438 --with-ldflags Specify additional flags to pass to linker
1439 --with-libs Specify additional libraries to link with
1440 --with-Werror Build main code with -Werror
1441 --with-solaris-contracts Enable Solaris process contracts (experimental)
1442 --with-solaris-projects Enable Solaris projects (experimental)
1443 --with-solaris-privs Enable Solaris/Illumos privileges (experimental)
1444 --with-osfsia Enable Digital Unix SIA
1445 --with-zlib=PATH Use zlib in PATH
1446 --without-zlib-version-check Disable zlib version check
1447 --with-skey[=PATH] Enable S/Key support (optionally in PATH)
1448 --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
1449 --with-libedit[=PATH] Enable libedit support for sftp
1450 --with-audit=module Enable audit support (modules=debug,bsm,linux)
1451 --with-pie Build Position Independent Executables if possible
1452 --with-ssl-dir=PATH Specify path to OpenSSL installation
1453 --without-openssl-header-check Disable OpenSSL version consistency check
1454 --with-ssl-engine Enable OpenSSL (hardware) ENGINE support
1455 --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
1456 --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
1457 --with-pam Enable PAM support
1458 --with-pam-service=name Specify PAM service name
1459 --with-privsep-user=user Specify non-privileged user for privilege separation
1460 --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)
1461 --with-selinux Enable SELinux support
1462 --with-kerberos5=PATH Enable Kerberos 5 support
1463 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
1464 --with-xauth=PATH Specify path to xauth program
1465 --with-maildir=/path/to/mail Specify your system mail directory
1466 --with-mantype=man|cat|doc Set man page type
1467 --with-md5-passwords Enable use of MD5 passwords
1468 --without-shadow Disable shadow password support
1469 --with-ipaddr-display Use ip address instead of hostname in $DISPLAY
1470 --with-default-path= Specify default $PATH environment for server
1471 --with-superuser-path= Specify different path for super-user
1472 --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
1473 --with-bsd-auth Enable BSD auth support
1474 --with-pid-dir=PATH Specify location of ssh.pid file
1475 --with-lastlog=FILE|DIR specify lastlog location common locations
1476
1477Some influential environment variables:
1478 CC C compiler command
1479 CFLAGS C compiler flags
1480 LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
1481 nonstandard directory <lib dir>
1482 LIBS libraries to pass to the linker, e.g. -l<library>
1483 CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
1484 you have headers in a nonstandard directory <include dir>
1485 CPP C preprocessor
1486
1487Use these variables to override the choices made by `configure' or to help
1488it to find libraries and programs with nonstandard names/locations.
1489
1490Report bugs to <openssh-unix-dev@mindrot.org>.
1491_ACEOF
1492ac_status=$?
1493fi
1494
1495if test "$ac_init_help" = "recursive"; then
1496 # If there are subdirs, report their specific --help.
1497 for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
1498 test -d "$ac_dir" ||
1499 { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
1500 continue
1501 ac_builddir=.
1502
1503case "$ac_dir" in
1504.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
1505*)
1506 ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
1507 # A ".." for each directory in $ac_dir_suffix.
1508 ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
1509 case $ac_top_builddir_sub in
1510 "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
1511 *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
1512 esac ;;
1513esac
1514ac_abs_top_builddir=$ac_pwd
1515ac_abs_builddir=$ac_pwd$ac_dir_suffix
1516# for backward compatibility:
1517ac_top_builddir=$ac_top_build_prefix
1518
1519case $srcdir in
1520 .) # We are building in place.
1521 ac_srcdir=.
1522 ac_top_srcdir=$ac_top_builddir_sub
1523 ac_abs_top_srcdir=$ac_pwd ;;
1524 [\\/]* | ?:[\\/]* ) # Absolute name.
1525 ac_srcdir=$srcdir$ac_dir_suffix;
1526 ac_top_srcdir=$srcdir
1527 ac_abs_top_srcdir=$srcdir ;;
1528 *) # Relative name.
1529 ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
1530 ac_top_srcdir=$ac_top_build_prefix$srcdir
1531 ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
1532esac
1533ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
1534
1535 cd "$ac_dir" || { ac_status=$?; continue; }
1536 # Check for guested configure.
1537 if test -f "$ac_srcdir/configure.gnu"; then
1538 echo &&
1539 $SHELL "$ac_srcdir/configure.gnu" --help=recursive
1540 elif test -f "$ac_srcdir/configure"; then
1541 echo &&
1542 $SHELL "$ac_srcdir/configure" --help=recursive
1543 else
1544 $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
1545 fi || ac_status=$?
1546 cd "$ac_pwd" || { ac_status=$?; break; }
1547 done
1548fi
1549
1550test -n "$ac_init_help" && exit $ac_status
1551if $ac_init_version; then
1552 cat <<\_ACEOF
1553OpenSSH configure Portable
1554generated by GNU Autoconf 2.69
1555
1556Copyright (C) 2012 Free Software Foundation, Inc.
1557This configure script is free software; the Free Software Foundation
1558gives unlimited permission to copy, distribute and modify it.
1559_ACEOF
1560 exit
1561fi
1562
1563## ------------------------ ##
1564## Autoconf initialization. ##
1565## ------------------------ ##
1566
1567# ac_fn_c_try_compile LINENO
1568# --------------------------
1569# Try to compile conftest.$ac_ext, and return whether this succeeded.
1570ac_fn_c_try_compile ()
1571{
1572 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1573 rm -f conftest.$ac_objext
1574 if { { ac_try="$ac_compile"
1575case "(($ac_try" in
1576 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1577 *) ac_try_echo=$ac_try;;
1578esac
1579eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1580$as_echo "$ac_try_echo"; } >&5
1581 (eval "$ac_compile") 2>conftest.err
1582 ac_status=$?
1583 if test -s conftest.err; then
1584 grep -v '^ *+' conftest.err >conftest.er1
1585 cat conftest.er1 >&5
1586 mv -f conftest.er1 conftest.err
1587 fi
1588 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1589 test $ac_status = 0; } && {
1590 test -z "$ac_c_werror_flag" ||
1591 test ! -s conftest.err
1592 } && test -s conftest.$ac_objext; then :
1593 ac_retval=0
1594else
1595 $as_echo "$as_me: failed program was:" >&5
1596sed 's/^/| /' conftest.$ac_ext >&5
1597
1598 ac_retval=1
1599fi
1600 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1601 as_fn_set_status $ac_retval
1602
1603} # ac_fn_c_try_compile
1604
1605# ac_fn_c_try_run LINENO
1606# ----------------------
1607# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
1608# that executables *can* be run.
1609ac_fn_c_try_run ()
1610{
1611 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1612 if { { ac_try="$ac_link"
1613case "(($ac_try" in
1614 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1615 *) ac_try_echo=$ac_try;;
1616esac
1617eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1618$as_echo "$ac_try_echo"; } >&5
1619 (eval "$ac_link") 2>&5
1620 ac_status=$?
1621 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1622 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
1623 { { case "(($ac_try" in
1624 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1625 *) ac_try_echo=$ac_try;;
1626esac
1627eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1628$as_echo "$ac_try_echo"; } >&5
1629 (eval "$ac_try") 2>&5
1630 ac_status=$?
1631 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1632 test $ac_status = 0; }; }; then :
1633 ac_retval=0
1634else
1635 $as_echo "$as_me: program exited with status $ac_status" >&5
1636 $as_echo "$as_me: failed program was:" >&5
1637sed 's/^/| /' conftest.$ac_ext >&5
1638
1639 ac_retval=$ac_status
1640fi
1641 rm -rf conftest.dSYM conftest_ipa8_conftest.oo
1642 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1643 as_fn_set_status $ac_retval
1644
1645} # ac_fn_c_try_run
1646
1647# ac_fn_c_try_cpp LINENO
1648# ----------------------
1649# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
1650ac_fn_c_try_cpp ()
1651{
1652 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1653 if { { ac_try="$ac_cpp conftest.$ac_ext"
1654case "(($ac_try" in
1655 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1656 *) ac_try_echo=$ac_try;;
1657esac
1658eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1659$as_echo "$ac_try_echo"; } >&5
1660 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
1661 ac_status=$?
1662 if test -s conftest.err; then
1663 grep -v '^ *+' conftest.err >conftest.er1
1664 cat conftest.er1 >&5
1665 mv -f conftest.er1 conftest.err
1666 fi
1667 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1668 test $ac_status = 0; } > conftest.i && {
1669 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
1670 test ! -s conftest.err
1671 }; then :
1672 ac_retval=0
1673else
1674 $as_echo "$as_me: failed program was:" >&5
1675sed 's/^/| /' conftest.$ac_ext >&5
1676
1677 ac_retval=1
1678fi
1679 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1680 as_fn_set_status $ac_retval
1681
1682} # ac_fn_c_try_cpp
1683
1684# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
1685# -------------------------------------------------------
1686# Tests whether HEADER exists and can be compiled using the include files in
1687# INCLUDES, setting the cache variable VAR accordingly.
1688ac_fn_c_check_header_compile ()
1689{
1690 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1691 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1692$as_echo_n "checking for $2... " >&6; }
1693if eval \${$3+:} false; then :
1694 $as_echo_n "(cached) " >&6
1695else
1696 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1697/* end confdefs.h. */
1698$4
1699#include <$2>
1700_ACEOF
1701if ac_fn_c_try_compile "$LINENO"; then :
1702 eval "$3=yes"
1703else
1704 eval "$3=no"
1705fi
1706rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
1707fi
1708eval ac_res=\$$3
1709 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1710$as_echo "$ac_res" >&6; }
1711 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1712
1713} # ac_fn_c_check_header_compile
1714
1715# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
1716# ---------------------------------------------
1717# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
1718# accordingly.
1719ac_fn_c_check_decl ()
1720{
1721 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1722 as_decl_name=`echo $2|sed 's/ *(.*//'`
1723 as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
1724 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
1725$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
1726if eval \${$3+:} false; then :
1727 $as_echo_n "(cached) " >&6
1728else
1729 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1730/* end confdefs.h. */
1731$4
1732int
1733main ()
1734{
1735#ifndef $as_decl_name
1736#ifdef __cplusplus
1737 (void) $as_decl_use;
1738#else
1739 (void) $as_decl_name;
1740#endif
1741#endif
1742
1743 ;
1744 return 0;
1745}
1746_ACEOF
1747if ac_fn_c_try_compile "$LINENO"; then :
1748 eval "$3=yes"
1749else
1750 eval "$3=no"
1751fi
1752rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
1753fi
1754eval ac_res=\$$3
1755 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1756$as_echo "$ac_res" >&6; }
1757 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1758
1759} # ac_fn_c_check_decl
1760
1761# ac_fn_c_try_link LINENO
1762# -----------------------
1763# Try to link conftest.$ac_ext, and return whether this succeeded.
1764ac_fn_c_try_link ()
1765{
1766 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1767 rm -f conftest.$ac_objext conftest$ac_exeext
1768 if { { ac_try="$ac_link"
1769case "(($ac_try" in
1770 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1771 *) ac_try_echo=$ac_try;;
1772esac
1773eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1774$as_echo "$ac_try_echo"; } >&5
1775 (eval "$ac_link") 2>conftest.err
1776 ac_status=$?
1777 if test -s conftest.err; then
1778 grep -v '^ *+' conftest.err >conftest.er1
1779 cat conftest.er1 >&5
1780 mv -f conftest.er1 conftest.err
1781 fi
1782 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1783 test $ac_status = 0; } && {
1784 test -z "$ac_c_werror_flag" ||
1785 test ! -s conftest.err
1786 } && test -s conftest$ac_exeext && {
1787 test "$cross_compiling" = yes ||
1788 test -x conftest$ac_exeext
1789 }; then :
1790 ac_retval=0
1791else
1792 $as_echo "$as_me: failed program was:" >&5
1793sed 's/^/| /' conftest.$ac_ext >&5
1794
1795 ac_retval=1
1796fi
1797 # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
1798 # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
1799 # interfere with the next link command; also delete a directory that is
1800 # left behind by Apple's compiler. We do this before executing the actions.
1801 rm -rf conftest.dSYM conftest_ipa8_conftest.oo
1802 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1803 as_fn_set_status $ac_retval
1804
1805} # ac_fn_c_try_link
1806
1807# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
1808# -------------------------------------------------------
1809# Tests whether HEADER exists, giving a warning if it cannot be compiled using
1810# the include files in INCLUDES and setting the cache variable VAR
1811# accordingly.
1812ac_fn_c_check_header_mongrel ()
1813{
1814 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1815 if eval \${$3+:} false; then :
1816 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1817$as_echo_n "checking for $2... " >&6; }
1818if eval \${$3+:} false; then :
1819 $as_echo_n "(cached) " >&6
1820fi
1821eval ac_res=\$$3
1822 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1823$as_echo "$ac_res" >&6; }
1824else
1825 # Is the header compilable?
1826{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
1827$as_echo_n "checking $2 usability... " >&6; }
1828cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1829/* end confdefs.h. */
1830$4
1831#include <$2>
1832_ACEOF
1833if ac_fn_c_try_compile "$LINENO"; then :
1834 ac_header_compiler=yes
1835else
1836 ac_header_compiler=no
1837fi
1838rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
1839{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
1840$as_echo "$ac_header_compiler" >&6; }
1841
1842# Is the header present?
1843{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
1844$as_echo_n "checking $2 presence... " >&6; }
1845cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1846/* end confdefs.h. */
1847#include <$2>
1848_ACEOF
1849if ac_fn_c_try_cpp "$LINENO"; then :
1850 ac_header_preproc=yes
1851else
1852 ac_header_preproc=no
1853fi
1854rm -f conftest.err conftest.i conftest.$ac_ext
1855{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
1856$as_echo "$ac_header_preproc" >&6; }
1857
1858# So? What about this header?
1859case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
1860 yes:no: )
1861 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
1862$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
1863 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
1864$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
1865 ;;
1866 no:yes:* )
1867 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
1868$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
1869 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
1870$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
1871 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
1872$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
1873 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
1874$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
1875 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
1876$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
1877( $as_echo "## ------------------------------------------- ##
1878## Report this to openssh-unix-dev@mindrot.org ##
1879## ------------------------------------------- ##"
1880 ) | sed "s/^/$as_me: WARNING: /" >&2
1881 ;;
1882esac
1883 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1884$as_echo_n "checking for $2... " >&6; }
1885if eval \${$3+:} false; then :
1886 $as_echo_n "(cached) " >&6
1887else
1888 eval "$3=\$ac_header_compiler"
1889fi
1890eval ac_res=\$$3
1891 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1892$as_echo "$ac_res" >&6; }
1893fi
1894 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1895
1896} # ac_fn_c_check_header_mongrel
1897
1898# ac_fn_c_check_func LINENO FUNC VAR
1899# ----------------------------------
1900# Tests whether FUNC exists, setting the cache variable VAR accordingly
1901ac_fn_c_check_func ()
1902{
1903 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1904 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1905$as_echo_n "checking for $2... " >&6; }
1906if eval \${$3+:} false; then :
1907 $as_echo_n "(cached) " >&6
1908else
1909 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1910/* end confdefs.h. */
1911/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
1912 For example, HP-UX 11i <limits.h> declares gettimeofday. */
1913#define $2 innocuous_$2
1914
1915/* System header to define __stub macros and hopefully few prototypes,
1916 which can conflict with char $2 (); below.
1917 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
1918 <limits.h> exists even on freestanding compilers. */
1919
1920#ifdef __STDC__
1921# include <limits.h>
1922#else
1923# include <assert.h>
1924#endif
1925
1926#undef $2
1927
1928/* Override any GCC internal prototype to avoid an error.
1929 Use char because int might match the return type of a GCC
1930 builtin and then its argument prototype would still apply. */
1931#ifdef __cplusplus
1932extern "C"
1933#endif
1934char $2 ();
1935/* The GNU C library defines this for functions which it implements
1936 to always fail with ENOSYS. Some functions are actually named
1937 something starting with __ and the normal name is an alias. */
1938#if defined __stub_$2 || defined __stub___$2
1939choke me
1940#endif
1941
1942int
1943main ()
1944{
1945return $2 ();
1946 ;
1947 return 0;
1948}
1949_ACEOF
1950if ac_fn_c_try_link "$LINENO"; then :
1951 eval "$3=yes"
1952else
1953 eval "$3=no"
1954fi
1955rm -f core conftest.err conftest.$ac_objext \
1956 conftest$ac_exeext conftest.$ac_ext
1957fi
1958eval ac_res=\$$3
1959 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1960$as_echo "$ac_res" >&6; }
1961 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1962
1963} # ac_fn_c_check_func
1964
1965# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
1966# -------------------------------------------
1967# Tests whether TYPE exists after having included INCLUDES, setting cache
1968# variable VAR accordingly.
1969ac_fn_c_check_type ()
1970{
1971 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1972 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1973$as_echo_n "checking for $2... " >&6; }
1974if eval \${$3+:} false; then :
1975 $as_echo_n "(cached) " >&6
1976else
1977 eval "$3=no"
1978 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1979/* end confdefs.h. */
1980$4
1981int
1982main ()
1983{
1984if (sizeof ($2))
1985 return 0;
1986 ;
1987 return 0;
1988}
1989_ACEOF
1990if ac_fn_c_try_compile "$LINENO"; then :
1991 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1992/* end confdefs.h. */
1993$4
1994int
1995main ()
1996{
1997if (sizeof (($2)))
1998 return 0;
1999 ;
2000 return 0;
2001}
2002_ACEOF
2003if ac_fn_c_try_compile "$LINENO"; then :
2004
2005else
2006 eval "$3=yes"
2007fi
2008rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2009fi
2010rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2011fi
2012eval ac_res=\$$3
2013 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
2014$as_echo "$ac_res" >&6; }
2015 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2016
2017} # ac_fn_c_check_type
2018
2019# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
2020# --------------------------------------------
2021# Tries to find the compile-time value of EXPR in a program that includes
2022# INCLUDES, setting VAR accordingly. Returns whether the value could be
2023# computed
2024ac_fn_c_compute_int ()
2025{
2026 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2027 if test "$cross_compiling" = yes; then
2028 # Depending upon the size, compute the lo and hi bounds.
2029cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2030/* end confdefs.h. */
2031$4
2032int
2033main ()
2034{
2035static int test_array [1 - 2 * !(($2) >= 0)];
2036test_array [0] = 0;
2037return test_array [0];
2038
2039 ;
2040 return 0;
2041}
2042_ACEOF
2043if ac_fn_c_try_compile "$LINENO"; then :
2044 ac_lo=0 ac_mid=0
2045 while :; do
2046 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2047/* end confdefs.h. */
2048$4
2049int
2050main ()
2051{
2052static int test_array [1 - 2 * !(($2) <= $ac_mid)];
2053test_array [0] = 0;
2054return test_array [0];
2055
2056 ;
2057 return 0;
2058}
2059_ACEOF
2060if ac_fn_c_try_compile "$LINENO"; then :
2061 ac_hi=$ac_mid; break
2062else
2063 as_fn_arith $ac_mid + 1 && ac_lo=$as_val
2064 if test $ac_lo -le $ac_mid; then
2065 ac_lo= ac_hi=
2066 break
2067 fi
2068 as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
2069fi
2070rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2071 done
2072else
2073 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2074/* end confdefs.h. */
2075$4
2076int
2077main ()
2078{
2079static int test_array [1 - 2 * !(($2) < 0)];
2080test_array [0] = 0;
2081return test_array [0];
2082
2083 ;
2084 return 0;
2085}
2086_ACEOF
2087if ac_fn_c_try_compile "$LINENO"; then :
2088 ac_hi=-1 ac_mid=-1
2089 while :; do
2090 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2091/* end confdefs.h. */
2092$4
2093int
2094main ()
2095{
2096static int test_array [1 - 2 * !(($2) >= $ac_mid)];
2097test_array [0] = 0;
2098return test_array [0];
2099
2100 ;
2101 return 0;
2102}
2103_ACEOF
2104if ac_fn_c_try_compile "$LINENO"; then :
2105 ac_lo=$ac_mid; break
2106else
2107 as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
2108 if test $ac_mid -le $ac_hi; then
2109 ac_lo= ac_hi=
2110 break
2111 fi
2112 as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
2113fi
2114rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2115 done
2116else
2117 ac_lo= ac_hi=
2118fi
2119rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2120fi
2121rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2122# Binary search between lo and hi bounds.
2123while test "x$ac_lo" != "x$ac_hi"; do
2124 as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
2125 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2126/* end confdefs.h. */
2127$4
2128int
2129main ()
2130{
2131static int test_array [1 - 2 * !(($2) <= $ac_mid)];
2132test_array [0] = 0;
2133return test_array [0];
2134
2135 ;
2136 return 0;
2137}
2138_ACEOF
2139if ac_fn_c_try_compile "$LINENO"; then :
2140 ac_hi=$ac_mid
2141else
2142 as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
2143fi
2144rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2145done
2146case $ac_lo in #((
2147?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
2148'') ac_retval=1 ;;
2149esac
2150 else
2151 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2152/* end confdefs.h. */
2153$4
2154static long int longval () { return $2; }
2155static unsigned long int ulongval () { return $2; }
2156#include <stdio.h>
2157#include <stdlib.h>
2158int
2159main ()
2160{
2161
2162 FILE *f = fopen ("conftest.val", "w");
2163 if (! f)
2164 return 1;
2165 if (($2) < 0)
2166 {
2167 long int i = longval ();
2168 if (i != ($2))
2169 return 1;
2170 fprintf (f, "%ld", i);
2171 }
2172 else
2173 {
2174 unsigned long int i = ulongval ();
2175 if (i != ($2))
2176 return 1;
2177 fprintf (f, "%lu", i);
2178 }
2179 /* Do not output a trailing newline, as this causes \r\n confusion
2180 on some platforms. */
2181 return ferror (f) || fclose (f) != 0;
2182
2183 ;
2184 return 0;
2185}
2186_ACEOF
2187if ac_fn_c_try_run "$LINENO"; then :
2188 echo >>conftest.val; read $3 <conftest.val; ac_retval=0
2189else
2190 ac_retval=1
2191fi
2192rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
2193 conftest.$ac_objext conftest.beam conftest.$ac_ext
2194rm -f conftest.val
2195
2196 fi
2197 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2198 as_fn_set_status $ac_retval
2199
2200} # ac_fn_c_compute_int
2201
2202# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
2203# ----------------------------------------------------
2204# Tries to find if the field MEMBER exists in type AGGR, after including
2205# INCLUDES, setting cache variable VAR accordingly.
2206ac_fn_c_check_member ()
2207{
2208 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2209 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
2210$as_echo_n "checking for $2.$3... " >&6; }
2211if eval \${$4+:} false; then :
2212 $as_echo_n "(cached) " >&6
2213else
2214 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2215/* end confdefs.h. */
2216$5
2217int
2218main ()
2219{
2220static $2 ac_aggr;
2221if (ac_aggr.$3)
2222return 0;
2223 ;
2224 return 0;
2225}
2226_ACEOF
2227if ac_fn_c_try_compile "$LINENO"; then :
2228 eval "$4=yes"
2229else
2230 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2231/* end confdefs.h. */
2232$5
2233int
2234main ()
2235{
2236static $2 ac_aggr;
2237if (sizeof ac_aggr.$3)
2238return 0;
2239 ;
2240 return 0;
2241}
2242_ACEOF
2243if ac_fn_c_try_compile "$LINENO"; then :
2244 eval "$4=yes"
2245else
2246 eval "$4=no"
2247fi
2248rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2249fi
2250rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2251fi
2252eval ac_res=\$$4
2253 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
2254$as_echo "$ac_res" >&6; }
2255 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2256
2257} # ac_fn_c_check_member
2258cat >config.log <<_ACEOF
2259This file contains any messages produced by compilers while
2260running configure, to aid debugging if configure makes a mistake.
2261
2262It was created by OpenSSH $as_me Portable, which was
2263generated by GNU Autoconf 2.69. Invocation command line was
2264
2265 $ $0 $@
2266
2267_ACEOF
2268exec 5>>config.log
2269{
2270cat <<_ASUNAME
2271## --------- ##
2272## Platform. ##
2273## --------- ##
2274
2275hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
2276uname -m = `(uname -m) 2>/dev/null || echo unknown`
2277uname -r = `(uname -r) 2>/dev/null || echo unknown`
2278uname -s = `(uname -s) 2>/dev/null || echo unknown`
2279uname -v = `(uname -v) 2>/dev/null || echo unknown`
2280
2281/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
2282/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
2283
2284/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
2285/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
2286/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
2287/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
2288/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
2289/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
2290/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
2291
2292_ASUNAME
2293
2294as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2295for as_dir in $PATH
2296do
2297 IFS=$as_save_IFS
2298 test -z "$as_dir" && as_dir=.
2299 $as_echo "PATH: $as_dir"
2300 done
2301IFS=$as_save_IFS
2302
2303} >&5
2304
2305cat >&5 <<_ACEOF
2306
2307
2308## ----------- ##
2309## Core tests. ##
2310## ----------- ##
2311
2312_ACEOF
2313
2314
2315# Keep a trace of the command line.
2316# Strip out --no-create and --no-recursion so they do not pile up.
2317# Strip out --silent because we don't want to record it for future runs.
2318# Also quote any args containing shell meta-characters.
2319# Make two passes to allow for proper duplicate-argument suppression.
2320ac_configure_args=
2321ac_configure_args0=
2322ac_configure_args1=
2323ac_must_keep_next=false
2324for ac_pass in 1 2
2325do
2326 for ac_arg
2327 do
2328 case $ac_arg in
2329 -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
2330 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
2331 | -silent | --silent | --silen | --sile | --sil)
2332 continue ;;
2333 *\'*)
2334 ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
2335 esac
2336 case $ac_pass in
2337 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
2338 2)
2339 as_fn_append ac_configure_args1 " '$ac_arg'"
2340 if test $ac_must_keep_next = true; then
2341 ac_must_keep_next=false # Got value, back to normal.
2342 else
2343 case $ac_arg in
2344 *=* | --config-cache | -C | -disable-* | --disable-* \
2345 | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
2346 | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
2347 | -with-* | --with-* | -without-* | --without-* | --x)
2348 case "$ac_configure_args0 " in
2349 "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
2350 esac
2351 ;;
2352 -* ) ac_must_keep_next=true ;;
2353 esac
2354 fi
2355 as_fn_append ac_configure_args " '$ac_arg'"
2356 ;;
2357 esac
2358 done
2359done
2360{ ac_configure_args0=; unset ac_configure_args0;}
2361{ ac_configure_args1=; unset ac_configure_args1;}
2362
2363# When interrupted or exit'd, cleanup temporary files, and complete
2364# config.log. We remove comments because anyway the quotes in there
2365# would cause problems or look ugly.
2366# WARNING: Use '\'' to represent an apostrophe within the trap.
2367# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
2368trap 'exit_status=$?
2369 # Save into config.log some information that might help in debugging.
2370 {
2371 echo
2372
2373 $as_echo "## ---------------- ##
2374## Cache variables. ##
2375## ---------------- ##"
2376 echo
2377 # The following way of writing the cache mishandles newlines in values,
2378(
2379 for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
2380 eval ac_val=\$$ac_var
2381 case $ac_val in #(
2382 *${as_nl}*)
2383 case $ac_var in #(
2384 *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
2385$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
2386 esac
2387 case $ac_var in #(
2388 _ | IFS | as_nl) ;; #(
2389 BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
2390 *) { eval $ac_var=; unset $ac_var;} ;;
2391 esac ;;
2392 esac
2393 done
2394 (set) 2>&1 |
2395 case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
2396 *${as_nl}ac_space=\ *)
2397 sed -n \
2398 "s/'\''/'\''\\\\'\'''\''/g;
2399 s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
2400 ;; #(
2401 *)
2402 sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
2403 ;;
2404 esac |
2405 sort
2406)
2407 echo
2408
2409 $as_echo "## ----------------- ##
2410## Output variables. ##
2411## ----------------- ##"
2412 echo
2413 for ac_var in $ac_subst_vars
2414 do
2415 eval ac_val=\$$ac_var
2416 case $ac_val in
2417 *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
2418 esac
2419 $as_echo "$ac_var='\''$ac_val'\''"
2420 done | sort
2421 echo
2422
2423 if test -n "$ac_subst_files"; then
2424 $as_echo "## ------------------- ##
2425## File substitutions. ##
2426## ------------------- ##"
2427 echo
2428 for ac_var in $ac_subst_files
2429 do
2430 eval ac_val=\$$ac_var
2431 case $ac_val in
2432 *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
2433 esac
2434 $as_echo "$ac_var='\''$ac_val'\''"
2435 done | sort
2436 echo
2437 fi
2438
2439 if test -s confdefs.h; then
2440 $as_echo "## ----------- ##
2441## confdefs.h. ##
2442## ----------- ##"
2443 echo
2444 cat confdefs.h
2445 echo
2446 fi
2447 test "$ac_signal" != 0 &&
2448 $as_echo "$as_me: caught signal $ac_signal"
2449 $as_echo "$as_me: exit $exit_status"
2450 } >&5
2451 rm -f core *.core core.conftest.* &&
2452 rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
2453 exit $exit_status
2454' 0
2455for ac_signal in 1 2 13 15; do
2456 trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
2457done
2458ac_signal=0
2459
2460# confdefs.h avoids OS command line length limits that DEFS can exceed.
2461rm -f -r conftest* confdefs.h
2462
2463$as_echo "/* confdefs.h */" > confdefs.h
2464
2465# Predefined preprocessor variables.
2466
2467cat >>confdefs.h <<_ACEOF
2468#define PACKAGE_NAME "$PACKAGE_NAME"
2469_ACEOF
2470
2471cat >>confdefs.h <<_ACEOF
2472#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
2473_ACEOF
2474
2475cat >>confdefs.h <<_ACEOF
2476#define PACKAGE_VERSION "$PACKAGE_VERSION"
2477_ACEOF
2478
2479cat >>confdefs.h <<_ACEOF
2480#define PACKAGE_STRING "$PACKAGE_STRING"
2481_ACEOF
2482
2483cat >>confdefs.h <<_ACEOF
2484#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
2485_ACEOF
2486
2487cat >>confdefs.h <<_ACEOF
2488#define PACKAGE_URL "$PACKAGE_URL"
2489_ACEOF
2490
2491
2492# Let the site file select an alternate cache file if it wants to.
2493# Prefer an explicitly selected file to automatically selected ones.
2494ac_site_file1=NONE
2495ac_site_file2=NONE
2496if test -n "$CONFIG_SITE"; then
2497 # We do not want a PATH search for config.site.
2498 case $CONFIG_SITE in #((
2499 -*) ac_site_file1=./$CONFIG_SITE;;
2500 */*) ac_site_file1=$CONFIG_SITE;;
2501 *) ac_site_file1=./$CONFIG_SITE;;
2502 esac
2503elif test "x$prefix" != xNONE; then
2504 ac_site_file1=$prefix/share/config.site
2505 ac_site_file2=$prefix/etc/config.site
2506else
2507 ac_site_file1=$ac_default_prefix/share/config.site
2508 ac_site_file2=$ac_default_prefix/etc/config.site
2509fi
2510for ac_site_file in "$ac_site_file1" "$ac_site_file2"
2511do
2512 test "x$ac_site_file" = xNONE && continue
2513 if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
2514 { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
2515$as_echo "$as_me: loading site script $ac_site_file" >&6;}
2516 sed 's/^/| /' "$ac_site_file" >&5
2517 . "$ac_site_file" \
2518 || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2519$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2520as_fn_error $? "failed to load site script $ac_site_file
2521See \`config.log' for more details" "$LINENO" 5; }
2522 fi
2523done
2524
2525if test -r "$cache_file"; then
2526 # Some versions of bash will fail to source /dev/null (special files
2527 # actually), so we avoid doing that. DJGPP emulates it as a regular file.
2528 if test /dev/null != "$cache_file" && test -f "$cache_file"; then
2529 { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
2530$as_echo "$as_me: loading cache $cache_file" >&6;}
2531 case $cache_file in
2532 [\\/]* | ?:[\\/]* ) . "$cache_file";;
2533 *) . "./$cache_file";;
2534 esac
2535 fi
2536else
2537 { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
2538$as_echo "$as_me: creating cache $cache_file" >&6;}
2539 >$cache_file
2540fi
2541
2542# Check that the precious variables saved in the cache have kept the same
2543# value.
2544ac_cache_corrupted=false
2545for ac_var in $ac_precious_vars; do
2546 eval ac_old_set=\$ac_cv_env_${ac_var}_set
2547 eval ac_new_set=\$ac_env_${ac_var}_set
2548 eval ac_old_val=\$ac_cv_env_${ac_var}_value
2549 eval ac_new_val=\$ac_env_${ac_var}_value
2550 case $ac_old_set,$ac_new_set in
2551 set,)
2552 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
2553$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
2554 ac_cache_corrupted=: ;;
2555 ,set)
2556 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
2557$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
2558 ac_cache_corrupted=: ;;
2559 ,);;
2560 *)
2561 if test "x$ac_old_val" != "x$ac_new_val"; then
2562 # differences in whitespace do not lead to failure.
2563 ac_old_val_w=`echo x $ac_old_val`
2564 ac_new_val_w=`echo x $ac_new_val`
2565 if test "$ac_old_val_w" != "$ac_new_val_w"; then
2566 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
2567$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
2568 ac_cache_corrupted=:
2569 else
2570 { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
2571$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
2572 eval $ac_var=\$ac_old_val
2573 fi
2574 { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
2575$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
2576 { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
2577$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
2578 fi;;
2579 esac
2580 # Pass precious variables to config.status.
2581 if test "$ac_new_set" = set; then
2582 case $ac_new_val in
2583 *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
2584 *) ac_arg=$ac_var=$ac_new_val ;;
2585 esac
2586 case " $ac_configure_args " in
2587 *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
2588 *) as_fn_append ac_configure_args " '$ac_arg'" ;;
2589 esac
2590 fi
2591done
2592if $ac_cache_corrupted; then
2593 { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2594$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2595 { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
2596$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
2597 as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
2598fi
2599## -------------------- ##
2600## Main body of script. ##
2601## -------------------- ##
2602
2603ac_ext=c
2604ac_cpp='$CPP $CPPFLAGS'
2605ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2606ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2607ac_compiler_gnu=$ac_cv_c_compiler_gnu
2608
2609
2610
2611
2612ac_ext=c
2613ac_cpp='$CPP $CPPFLAGS'
2614ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2615ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2616ac_compiler_gnu=$ac_cv_c_compiler_gnu
2617
2618
2619ac_config_headers="$ac_config_headers config.h"
2620
2621ac_ext=c
2622ac_cpp='$CPP $CPPFLAGS'
2623ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2624ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2625ac_compiler_gnu=$ac_cv_c_compiler_gnu
2626if test -n "$ac_tool_prefix"; then
2627 # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
2628set dummy ${ac_tool_prefix}gcc; ac_word=$2
2629{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2630$as_echo_n "checking for $ac_word... " >&6; }
2631if ${ac_cv_prog_CC+:} false; then :
2632 $as_echo_n "(cached) " >&6
2633else
2634 if test -n "$CC"; then
2635 ac_cv_prog_CC="$CC" # Let the user override the test.
2636else
2637as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2638for as_dir in $PATH
2639do
2640 IFS=$as_save_IFS
2641 test -z "$as_dir" && as_dir=.
2642 for ac_exec_ext in '' $ac_executable_extensions; do
2643 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2644 ac_cv_prog_CC="${ac_tool_prefix}gcc"
2645 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2646 break 2
2647 fi
2648done
2649 done
2650IFS=$as_save_IFS
2651
2652fi
2653fi
2654CC=$ac_cv_prog_CC
2655if test -n "$CC"; then
2656 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2657$as_echo "$CC" >&6; }
2658else
2659 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2660$as_echo "no" >&6; }
2661fi
2662
2663
2664fi
2665if test -z "$ac_cv_prog_CC"; then
2666 ac_ct_CC=$CC
2667 # Extract the first word of "gcc", so it can be a program name with args.
2668set dummy gcc; ac_word=$2
2669{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2670$as_echo_n "checking for $ac_word... " >&6; }
2671if ${ac_cv_prog_ac_ct_CC+:} false; then :
2672 $as_echo_n "(cached) " >&6
2673else
2674 if test -n "$ac_ct_CC"; then
2675 ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
2676else
2677as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2678for as_dir in $PATH
2679do
2680 IFS=$as_save_IFS
2681 test -z "$as_dir" && as_dir=.
2682 for ac_exec_ext in '' $ac_executable_extensions; do
2683 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2684 ac_cv_prog_ac_ct_CC="gcc"
2685 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2686 break 2
2687 fi
2688done
2689 done
2690IFS=$as_save_IFS
2691
2692fi
2693fi
2694ac_ct_CC=$ac_cv_prog_ac_ct_CC
2695if test -n "$ac_ct_CC"; then
2696 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
2697$as_echo "$ac_ct_CC" >&6; }
2698else
2699 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2700$as_echo "no" >&6; }
2701fi
2702
2703 if test "x$ac_ct_CC" = x; then
2704 CC=""
2705 else
2706 case $cross_compiling:$ac_tool_warned in
2707yes:)
2708{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
2709$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
2710ac_tool_warned=yes ;;
2711esac
2712 CC=$ac_ct_CC
2713 fi
2714else
2715 CC="$ac_cv_prog_CC"
2716fi
2717
2718if test -z "$CC"; then
2719 if test -n "$ac_tool_prefix"; then
2720 # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
2721set dummy ${ac_tool_prefix}cc; ac_word=$2
2722{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2723$as_echo_n "checking for $ac_word... " >&6; }
2724if ${ac_cv_prog_CC+:} false; then :
2725 $as_echo_n "(cached) " >&6
2726else
2727 if test -n "$CC"; then
2728 ac_cv_prog_CC="$CC" # Let the user override the test.
2729else
2730as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2731for as_dir in $PATH
2732do
2733 IFS=$as_save_IFS
2734 test -z "$as_dir" && as_dir=.
2735 for ac_exec_ext in '' $ac_executable_extensions; do
2736 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2737 ac_cv_prog_CC="${ac_tool_prefix}cc"
2738 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2739 break 2
2740 fi
2741done
2742 done
2743IFS=$as_save_IFS
2744
2745fi
2746fi
2747CC=$ac_cv_prog_CC
2748if test -n "$CC"; then
2749 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2750$as_echo "$CC" >&6; }
2751else
2752 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2753$as_echo "no" >&6; }
2754fi
2755
2756
2757 fi
2758fi
2759if test -z "$CC"; then
2760 # Extract the first word of "cc", so it can be a program name with args.
2761set dummy cc; ac_word=$2
2762{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2763$as_echo_n "checking for $ac_word... " >&6; }
2764if ${ac_cv_prog_CC+:} false; then :
2765 $as_echo_n "(cached) " >&6
2766else
2767 if test -n "$CC"; then
2768 ac_cv_prog_CC="$CC" # Let the user override the test.
2769else
2770 ac_prog_rejected=no
2771as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2772for as_dir in $PATH
2773do
2774 IFS=$as_save_IFS
2775 test -z "$as_dir" && as_dir=.
2776 for ac_exec_ext in '' $ac_executable_extensions; do
2777 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2778 if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
2779 ac_prog_rejected=yes
2780 continue
2781 fi
2782 ac_cv_prog_CC="cc"
2783 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2784 break 2
2785 fi
2786done
2787 done
2788IFS=$as_save_IFS
2789
2790if test $ac_prog_rejected = yes; then
2791 # We found a bogon in the path, so make sure we never use it.
2792 set dummy $ac_cv_prog_CC
2793 shift
2794 if test $# != 0; then
2795 # We chose a different compiler from the bogus one.
2796 # However, it has the same basename, so the bogon will be chosen
2797 # first if we set CC to just the basename; use the full file name.
2798 shift
2799 ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
2800 fi
2801fi
2802fi
2803fi
2804CC=$ac_cv_prog_CC
2805if test -n "$CC"; then
2806 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2807$as_echo "$CC" >&6; }
2808else
2809 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2810$as_echo "no" >&6; }
2811fi
2812
2813
2814fi
2815if test -z "$CC"; then
2816 if test -n "$ac_tool_prefix"; then
2817 for ac_prog in cl.exe
2818 do
2819 # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
2820set dummy $ac_tool_prefix$ac_prog; ac_word=$2
2821{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2822$as_echo_n "checking for $ac_word... " >&6; }
2823if ${ac_cv_prog_CC+:} false; then :
2824 $as_echo_n "(cached) " >&6
2825else
2826 if test -n "$CC"; then
2827 ac_cv_prog_CC="$CC" # Let the user override the test.
2828else
2829as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2830for as_dir in $PATH
2831do
2832 IFS=$as_save_IFS
2833 test -z "$as_dir" && as_dir=.
2834 for ac_exec_ext in '' $ac_executable_extensions; do
2835 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2836 ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
2837 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2838 break 2
2839 fi
2840done
2841 done
2842IFS=$as_save_IFS
2843
2844fi
2845fi
2846CC=$ac_cv_prog_CC
2847if test -n "$CC"; then
2848 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2849$as_echo "$CC" >&6; }
2850else
2851 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2852$as_echo "no" >&6; }
2853fi
2854
2855
2856 test -n "$CC" && break
2857 done
2858fi
2859if test -z "$CC"; then
2860 ac_ct_CC=$CC
2861 for ac_prog in cl.exe
2862do
2863 # Extract the first word of "$ac_prog", so it can be a program name with args.
2864set dummy $ac_prog; ac_word=$2
2865{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2866$as_echo_n "checking for $ac_word... " >&6; }
2867if ${ac_cv_prog_ac_ct_CC+:} false; then :
2868 $as_echo_n "(cached) " >&6
2869else
2870 if test -n "$ac_ct_CC"; then
2871 ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
2872else
2873as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2874for as_dir in $PATH
2875do
2876 IFS=$as_save_IFS
2877 test -z "$as_dir" && as_dir=.
2878 for ac_exec_ext in '' $ac_executable_extensions; do
2879 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2880 ac_cv_prog_ac_ct_CC="$ac_prog"
2881 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2882 break 2
2883 fi
2884done
2885 done
2886IFS=$as_save_IFS
2887
2888fi
2889fi
2890ac_ct_CC=$ac_cv_prog_ac_ct_CC
2891if test -n "$ac_ct_CC"; then
2892 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
2893$as_echo "$ac_ct_CC" >&6; }
2894else
2895 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2896$as_echo "no" >&6; }
2897fi
2898
2899
2900 test -n "$ac_ct_CC" && break
2901done
2902
2903 if test "x$ac_ct_CC" = x; then
2904 CC=""
2905 else
2906 case $cross_compiling:$ac_tool_warned in
2907yes:)
2908{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
2909$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
2910ac_tool_warned=yes ;;
2911esac
2912 CC=$ac_ct_CC
2913 fi
2914fi
2915
2916fi
2917
2918
2919test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2920$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2921as_fn_error $? "no acceptable C compiler found in \$PATH
2922See \`config.log' for more details" "$LINENO" 5; }
2923
2924# Provide some information about the compiler.
2925$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
2926set X $ac_compile
2927ac_compiler=$2
2928for ac_option in --version -v -V -qversion; do
2929 { { ac_try="$ac_compiler $ac_option >&5"
2930case "(($ac_try" in
2931 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2932 *) ac_try_echo=$ac_try;;
2933esac
2934eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2935$as_echo "$ac_try_echo"; } >&5
2936 (eval "$ac_compiler $ac_option >&5") 2>conftest.err
2937 ac_status=$?
2938 if test -s conftest.err; then
2939 sed '10a\
2940... rest of stderr output deleted ...
2941 10q' conftest.err >conftest.er1
2942 cat conftest.er1 >&5
2943 fi
2944 rm -f conftest.er1 conftest.err
2945 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2946 test $ac_status = 0; }
2947done
2948
2949cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2950/* end confdefs.h. */
2951
2952int
2953main ()
2954{
2955
2956 ;
2957 return 0;
2958}
2959_ACEOF
2960ac_clean_files_save=$ac_clean_files
2961ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
2962# Try to create an executable without -o first, disregard a.out.
2963# It will help us diagnose broken compilers, and finding out an intuition
2964# of exeext.
2965{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
2966$as_echo_n "checking whether the C compiler works... " >&6; }
2967ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
2968
2969# The possible output files:
2970ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
2971
2972ac_rmfiles=
2973for ac_file in $ac_files
2974do
2975 case $ac_file in
2976 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
2977 * ) ac_rmfiles="$ac_rmfiles $ac_file";;
2978 esac
2979done
2980rm -f $ac_rmfiles
2981
2982if { { ac_try="$ac_link_default"
2983case "(($ac_try" in
2984 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2985 *) ac_try_echo=$ac_try;;
2986esac
2987eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2988$as_echo "$ac_try_echo"; } >&5
2989 (eval "$ac_link_default") 2>&5
2990 ac_status=$?
2991 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2992 test $ac_status = 0; }; then :
2993 # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
2994# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
2995# in a Makefile. We should not override ac_cv_exeext if it was cached,
2996# so that the user can short-circuit this test for compilers unknown to
2997# Autoconf.
2998for ac_file in $ac_files ''
2999do
3000 test -f "$ac_file" || continue
3001 case $ac_file in
3002 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
3003 ;;
3004 [ab].out )
3005 # We found the default executable, but exeext='' is most
3006 # certainly right.
3007 break;;
3008 *.* )
3009 if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
3010 then :; else
3011 ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
3012 fi
3013 # We set ac_cv_exeext here because the later test for it is not
3014 # safe: cross compilers may not add the suffix if given an `-o'
3015 # argument, so we may need to know it at that point already.
3016 # Even if this section looks crufty: it has the advantage of
3017 # actually working.
3018 break;;
3019 * )
3020 break;;
3021 esac
3022done
3023test "$ac_cv_exeext" = no && ac_cv_exeext=
3024
3025else
3026 ac_file=''
3027fi
3028if test -z "$ac_file"; then :
3029 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3030$as_echo "no" >&6; }
3031$as_echo "$as_me: failed program was:" >&5
3032sed 's/^/| /' conftest.$ac_ext >&5
3033
3034{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3035$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3036as_fn_error 77 "C compiler cannot create executables
3037See \`config.log' for more details" "$LINENO" 5; }
3038else
3039 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3040$as_echo "yes" >&6; }
3041fi
3042{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
3043$as_echo_n "checking for C compiler default output file name... " >&6; }
3044{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
3045$as_echo "$ac_file" >&6; }
3046ac_exeext=$ac_cv_exeext
3047
3048rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
3049ac_clean_files=$ac_clean_files_save
3050{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
3051$as_echo_n "checking for suffix of executables... " >&6; }
3052if { { ac_try="$ac_link"
3053case "(($ac_try" in
3054 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3055 *) ac_try_echo=$ac_try;;
3056esac
3057eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3058$as_echo "$ac_try_echo"; } >&5
3059 (eval "$ac_link") 2>&5
3060 ac_status=$?
3061 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3062 test $ac_status = 0; }; then :
3063 # If both `conftest.exe' and `conftest' are `present' (well, observable)
3064# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
3065# work properly (i.e., refer to `conftest.exe'), while it won't with
3066# `rm'.
3067for ac_file in conftest.exe conftest conftest.*; do
3068 test -f "$ac_file" || continue
3069 case $ac_file in
3070 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
3071 *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
3072 break;;
3073 * ) break;;
3074 esac
3075done
3076else
3077 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3078$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3079as_fn_error $? "cannot compute suffix of executables: cannot compile and link
3080See \`config.log' for more details" "$LINENO" 5; }
3081fi
3082rm -f conftest conftest$ac_cv_exeext
3083{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
3084$as_echo "$ac_cv_exeext" >&6; }
3085
3086rm -f conftest.$ac_ext
3087EXEEXT=$ac_cv_exeext
3088ac_exeext=$EXEEXT
3089cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3090/* end confdefs.h. */
3091#include <stdio.h>
3092int
3093main ()
3094{
3095FILE *f = fopen ("conftest.out", "w");
3096 return ferror (f) || fclose (f) != 0;
3097
3098 ;
3099 return 0;
3100}
3101_ACEOF
3102ac_clean_files="$ac_clean_files conftest.out"
3103# Check that the compiler produces executables we can run. If not, either
3104# the compiler is broken, or we cross compile.
3105{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
3106$as_echo_n "checking whether we are cross compiling... " >&6; }
3107if test "$cross_compiling" != yes; then
3108 { { ac_try="$ac_link"
3109case "(($ac_try" in
3110 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3111 *) ac_try_echo=$ac_try;;
3112esac
3113eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3114$as_echo "$ac_try_echo"; } >&5
3115 (eval "$ac_link") 2>&5
3116 ac_status=$?
3117 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3118 test $ac_status = 0; }
3119 if { ac_try='./conftest$ac_cv_exeext'
3120 { { case "(($ac_try" in
3121 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3122 *) ac_try_echo=$ac_try;;
3123esac
3124eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3125$as_echo "$ac_try_echo"; } >&5
3126 (eval "$ac_try") 2>&5
3127 ac_status=$?
3128 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3129 test $ac_status = 0; }; }; then
3130 cross_compiling=no
3131 else
3132 if test "$cross_compiling" = maybe; then
3133 cross_compiling=yes
3134 else
3135 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3136$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3137as_fn_error $? "cannot run C compiled programs.
3138If you meant to cross compile, use \`--host'.
3139See \`config.log' for more details" "$LINENO" 5; }
3140 fi
3141 fi
3142fi
3143{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
3144$as_echo "$cross_compiling" >&6; }
3145
3146rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
3147ac_clean_files=$ac_clean_files_save
3148{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
3149$as_echo_n "checking for suffix of object files... " >&6; }
3150if ${ac_cv_objext+:} false; then :
3151 $as_echo_n "(cached) " >&6
3152else
3153 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3154/* end confdefs.h. */
3155
3156int
3157main ()
3158{
3159
3160 ;
3161 return 0;
3162}
3163_ACEOF
3164rm -f conftest.o conftest.obj
3165if { { ac_try="$ac_compile"
3166case "(($ac_try" in
3167 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3168 *) ac_try_echo=$ac_try;;
3169esac
3170eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3171$as_echo "$ac_try_echo"; } >&5
3172 (eval "$ac_compile") 2>&5
3173 ac_status=$?
3174 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3175 test $ac_status = 0; }; then :
3176 for ac_file in conftest.o conftest.obj conftest.*; do
3177 test -f "$ac_file" || continue;
3178 case $ac_file in
3179 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
3180 *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
3181 break;;
3182 esac
3183done
3184else
3185 $as_echo "$as_me: failed program was:" >&5
3186sed 's/^/| /' conftest.$ac_ext >&5
3187
3188{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3189$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3190as_fn_error $? "cannot compute suffix of object files: cannot compile
3191See \`config.log' for more details" "$LINENO" 5; }
3192fi
3193rm -f conftest.$ac_cv_objext conftest.$ac_ext
3194fi
3195{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
3196$as_echo "$ac_cv_objext" >&6; }
3197OBJEXT=$ac_cv_objext
3198ac_objext=$OBJEXT
3199{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
3200$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
3201if ${ac_cv_c_compiler_gnu+:} false; then :
3202 $as_echo_n "(cached) " >&6
3203else
3204 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3205/* end confdefs.h. */
3206
3207int
3208main ()
3209{
3210#ifndef __GNUC__
3211 choke me
3212#endif
3213
3214 ;
3215 return 0;
3216}
3217_ACEOF
3218if ac_fn_c_try_compile "$LINENO"; then :
3219 ac_compiler_gnu=yes
3220else
3221 ac_compiler_gnu=no
3222fi
3223rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3224ac_cv_c_compiler_gnu=$ac_compiler_gnu
3225
3226fi
3227{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
3228$as_echo "$ac_cv_c_compiler_gnu" >&6; }
3229if test $ac_compiler_gnu = yes; then
3230 GCC=yes
3231else
3232 GCC=
3233fi
3234ac_test_CFLAGS=${CFLAGS+set}
3235ac_save_CFLAGS=$CFLAGS
3236{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
3237$as_echo_n "checking whether $CC accepts -g... " >&6; }
3238if ${ac_cv_prog_cc_g+:} false; then :
3239 $as_echo_n "(cached) " >&6
3240else
3241 ac_save_c_werror_flag=$ac_c_werror_flag
3242 ac_c_werror_flag=yes
3243 ac_cv_prog_cc_g=no
3244 CFLAGS="-g"
3245 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3246/* end confdefs.h. */
3247
3248int
3249main ()
3250{
3251
3252 ;
3253 return 0;
3254}
3255_ACEOF
3256if ac_fn_c_try_compile "$LINENO"; then :
3257 ac_cv_prog_cc_g=yes
3258else
3259 CFLAGS=""
3260 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3261/* end confdefs.h. */
3262
3263int
3264main ()
3265{
3266
3267 ;
3268 return 0;
3269}
3270_ACEOF
3271if ac_fn_c_try_compile "$LINENO"; then :
3272
3273else
3274 ac_c_werror_flag=$ac_save_c_werror_flag
3275 CFLAGS="-g"
3276 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3277/* end confdefs.h. */
3278
3279int
3280main ()
3281{
3282
3283 ;
3284 return 0;
3285}
3286_ACEOF
3287if ac_fn_c_try_compile "$LINENO"; then :
3288 ac_cv_prog_cc_g=yes
3289fi
3290rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3291fi
3292rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3293fi
3294rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3295 ac_c_werror_flag=$ac_save_c_werror_flag
3296fi
3297{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
3298$as_echo "$ac_cv_prog_cc_g" >&6; }
3299if test "$ac_test_CFLAGS" = set; then
3300 CFLAGS=$ac_save_CFLAGS
3301elif test $ac_cv_prog_cc_g = yes; then
3302 if test "$GCC" = yes; then
3303 CFLAGS="-g -O2"
3304 else
3305 CFLAGS="-g"
3306 fi
3307else
3308 if test "$GCC" = yes; then
3309 CFLAGS="-O2"
3310 else
3311 CFLAGS=
3312 fi
3313fi
3314{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
3315$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
3316if ${ac_cv_prog_cc_c89+:} false; then :
3317 $as_echo_n "(cached) " >&6
3318else
3319 ac_cv_prog_cc_c89=no
3320ac_save_CC=$CC
3321cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3322/* end confdefs.h. */
3323#include <stdarg.h>
3324#include <stdio.h>
3325struct stat;
3326/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
3327struct buf { int x; };
3328FILE * (*rcsopen) (struct buf *, struct stat *, int);
3329static char *e (p, i)
3330 char **p;
3331 int i;
3332{
3333 return p[i];
3334}
3335static char *f (char * (*g) (char **, int), char **p, ...)
3336{
3337 char *s;
3338 va_list v;
3339 va_start (v,p);
3340 s = g (p, va_arg (v,int));
3341 va_end (v);
3342 return s;
3343}
3344
3345/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
3346 function prototypes and stuff, but not '\xHH' hex character constants.
3347 These don't provoke an error unfortunately, instead are silently treated
3348 as 'x'. The following induces an error, until -std is added to get
3349 proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
3350 array size at least. It's necessary to write '\x00'==0 to get something
3351 that's true only with -std. */
3352int osf4_cc_array ['\x00' == 0 ? 1 : -1];
3353
3354/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
3355 inside strings and character constants. */
3356#define FOO(x) 'x'
3357int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
3358
3359int test (int i, double x);
3360struct s1 {int (*f) (int a);};
3361struct s2 {int (*f) (double a);};
3362int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
3363int argc;
3364char **argv;
3365int
3366main ()
3367{
3368return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
3369 ;
3370 return 0;
3371}
3372_ACEOF
3373for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
3374 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
3375do
3376 CC="$ac_save_CC $ac_arg"
3377 if ac_fn_c_try_compile "$LINENO"; then :
3378 ac_cv_prog_cc_c89=$ac_arg
3379fi
3380rm -f core conftest.err conftest.$ac_objext
3381 test "x$ac_cv_prog_cc_c89" != "xno" && break
3382done
3383rm -f conftest.$ac_ext
3384CC=$ac_save_CC
3385
3386fi
3387# AC_CACHE_VAL
3388case "x$ac_cv_prog_cc_c89" in
3389 x)
3390 { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
3391$as_echo "none needed" >&6; } ;;
3392 xno)
3393 { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
3394$as_echo "unsupported" >&6; } ;;
3395 *)
3396 CC="$CC $ac_cv_prog_cc_c89"
3397 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
3398$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
3399esac
3400if test "x$ac_cv_prog_cc_c89" != xno; then :
3401
3402fi
3403
3404ac_ext=c
3405ac_cpp='$CPP $CPPFLAGS'
3406ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3407ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3408ac_compiler_gnu=$ac_cv_c_compiler_gnu
3409
3410ac_aux_dir=
3411for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
3412 if test -f "$ac_dir/install-sh"; then
3413 ac_aux_dir=$ac_dir
3414 ac_install_sh="$ac_aux_dir/install-sh -c"
3415 break
3416 elif test -f "$ac_dir/install.sh"; then
3417 ac_aux_dir=$ac_dir
3418 ac_install_sh="$ac_aux_dir/install.sh -c"
3419 break
3420 elif test -f "$ac_dir/shtool"; then
3421 ac_aux_dir=$ac_dir
3422 ac_install_sh="$ac_aux_dir/shtool install -c"
3423 break
3424 fi
3425done
3426if test -z "$ac_aux_dir"; then
3427 as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
3428fi
3429
3430# These three variables are undocumented and unsupported,
3431# and are intended to be withdrawn in a future Autoconf release.
3432# They can cause serious problems if a builder's source tree is in a directory
3433# whose full name contains unusual characters.
3434ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
3435ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
3436ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
3437
3438
3439# Make sure we can run config.sub.
3440$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
3441 as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
3442
3443{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
3444$as_echo_n "checking build system type... " >&6; }
3445if ${ac_cv_build+:} false; then :
3446 $as_echo_n "(cached) " >&6
3447else
3448 ac_build_alias=$build_alias
3449test "x$ac_build_alias" = x &&
3450 ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
3451test "x$ac_build_alias" = x &&
3452 as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
3453ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
3454 as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
3455
3456fi
3457{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
3458$as_echo "$ac_cv_build" >&6; }
3459case $ac_cv_build in
3460*-*-*) ;;
3461*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
3462esac
3463build=$ac_cv_build
3464ac_save_IFS=$IFS; IFS='-'
3465set x $ac_cv_build
3466shift
3467build_cpu=$1
3468build_vendor=$2
3469shift; shift
3470# Remember, the first character of IFS is used to create $*,
3471# except with old shells:
3472build_os=$*
3473IFS=$ac_save_IFS
3474case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
3475
3476
3477{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
3478$as_echo_n "checking host system type... " >&6; }
3479if ${ac_cv_host+:} false; then :
3480 $as_echo_n "(cached) " >&6
3481else
3482 if test "x$host_alias" = x; then
3483 ac_cv_host=$ac_cv_build
3484else
3485 ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
3486 as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
3487fi
3488
3489fi
3490{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
3491$as_echo "$ac_cv_host" >&6; }
3492case $ac_cv_host in
3493*-*-*) ;;
3494*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
3495esac
3496host=$ac_cv_host
3497ac_save_IFS=$IFS; IFS='-'
3498set x $ac_cv_host
3499shift
3500host_cpu=$1
3501host_vendor=$2
3502shift; shift
3503# Remember, the first character of IFS is used to create $*,
3504# except with old shells:
3505host_os=$*
3506IFS=$ac_save_IFS
3507case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
3508
3509
3510
3511ac_ext=c
3512ac_cpp='$CPP $CPPFLAGS'
3513ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3514ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3515ac_compiler_gnu=$ac_cv_c_compiler_gnu
3516{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
3517$as_echo_n "checking how to run the C preprocessor... " >&6; }
3518# On Suns, sometimes $CPP names a directory.
3519if test -n "$CPP" && test -d "$CPP"; then
3520 CPP=
3521fi
3522if test -z "$CPP"; then
3523 if ${ac_cv_prog_CPP+:} false; then :
3524 $as_echo_n "(cached) " >&6
3525else
3526 # Double quotes because CPP needs to be expanded
3527 for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
3528 do
3529 ac_preproc_ok=false
3530for ac_c_preproc_warn_flag in '' yes
3531do
3532 # Use a header file that comes with gcc, so configuring glibc
3533 # with a fresh cross-compiler works.
3534 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
3535 # <limits.h> exists even on freestanding compilers.
3536 # On the NeXT, cc -E runs the code through the compiler's parser,
3537 # not just through cpp. "Syntax error" is here to catch this case.
3538 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3539/* end confdefs.h. */
3540#ifdef __STDC__
3541# include <limits.h>
3542#else
3543# include <assert.h>
3544#endif
3545 Syntax error
3546_ACEOF
3547if ac_fn_c_try_cpp "$LINENO"; then :
3548
3549else
3550 # Broken: fails on valid input.
3551continue
3552fi
3553rm -f conftest.err conftest.i conftest.$ac_ext
3554
3555 # OK, works on sane cases. Now check whether nonexistent headers
3556 # can be detected and how.
3557 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3558/* end confdefs.h. */
3559#include <ac_nonexistent.h>
3560_ACEOF
3561if ac_fn_c_try_cpp "$LINENO"; then :
3562 # Broken: success on invalid input.
3563continue
3564else
3565 # Passes both tests.
3566ac_preproc_ok=:
3567break
3568fi
3569rm -f conftest.err conftest.i conftest.$ac_ext
3570
3571done
3572# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
3573rm -f conftest.i conftest.err conftest.$ac_ext
3574if $ac_preproc_ok; then :
3575 break
3576fi
3577
3578 done
3579 ac_cv_prog_CPP=$CPP
3580
3581fi
3582 CPP=$ac_cv_prog_CPP
3583else
3584 ac_cv_prog_CPP=$CPP
3585fi
3586{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
3587$as_echo "$CPP" >&6; }
3588ac_preproc_ok=false
3589for ac_c_preproc_warn_flag in '' yes
3590do
3591 # Use a header file that comes with gcc, so configuring glibc
3592 # with a fresh cross-compiler works.
3593 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
3594 # <limits.h> exists even on freestanding compilers.
3595 # On the NeXT, cc -E runs the code through the compiler's parser,
3596 # not just through cpp. "Syntax error" is here to catch this case.
3597 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3598/* end confdefs.h. */
3599#ifdef __STDC__
3600# include <limits.h>
3601#else
3602# include <assert.h>
3603#endif
3604 Syntax error
3605_ACEOF
3606if ac_fn_c_try_cpp "$LINENO"; then :
3607
3608else
3609 # Broken: fails on valid input.
3610continue
3611fi
3612rm -f conftest.err conftest.i conftest.$ac_ext
3613
3614 # OK, works on sane cases. Now check whether nonexistent headers
3615 # can be detected and how.
3616 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3617/* end confdefs.h. */
3618#include <ac_nonexistent.h>
3619_ACEOF
3620if ac_fn_c_try_cpp "$LINENO"; then :
3621 # Broken: success on invalid input.
3622continue
3623else
3624 # Passes both tests.
3625ac_preproc_ok=:
3626break
3627fi
3628rm -f conftest.err conftest.i conftest.$ac_ext
3629
3630done
3631# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
3632rm -f conftest.i conftest.err conftest.$ac_ext
3633if $ac_preproc_ok; then :
3634
3635else
3636 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3637$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3638as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
3639See \`config.log' for more details" "$LINENO" 5; }
3640fi
3641
3642ac_ext=c
3643ac_cpp='$CPP $CPPFLAGS'
3644ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3645ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3646ac_compiler_gnu=$ac_cv_c_compiler_gnu
3647
3648
3649{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
3650$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
3651if ${ac_cv_path_GREP+:} false; then :
3652 $as_echo_n "(cached) " >&6
3653else
3654 if test -z "$GREP"; then
3655 ac_path_GREP_found=false
3656 # Loop through the user's path and test for each of PROGNAME-LIST
3657 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3658for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
3659do
3660 IFS=$as_save_IFS
3661 test -z "$as_dir" && as_dir=.
3662 for ac_prog in grep ggrep; do
3663 for ac_exec_ext in '' $ac_executable_extensions; do
3664 ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
3665 as_fn_executable_p "$ac_path_GREP" || continue
3666# Check for GNU ac_path_GREP and select it if it is found.
3667 # Check for GNU $ac_path_GREP
3668case `"$ac_path_GREP" --version 2>&1` in
3669*GNU*)
3670 ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
3671*)
3672 ac_count=0
3673 $as_echo_n 0123456789 >"conftest.in"
3674 while :
3675 do
3676 cat "conftest.in" "conftest.in" >"conftest.tmp"
3677 mv "conftest.tmp" "conftest.in"
3678 cp "conftest.in" "conftest.nl"
3679 $as_echo 'GREP' >> "conftest.nl"
3680 "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
3681 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
3682 as_fn_arith $ac_count + 1 && ac_count=$as_val
3683 if test $ac_count -gt ${ac_path_GREP_max-0}; then
3684 # Best one so far, save it but keep looking for a better one
3685 ac_cv_path_GREP="$ac_path_GREP"
3686 ac_path_GREP_max=$ac_count
3687 fi
3688 # 10*(2^10) chars as input seems more than enough
3689 test $ac_count -gt 10 && break
3690 done
3691 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
3692esac
3693
3694 $ac_path_GREP_found && break 3
3695 done
3696 done
3697 done
3698IFS=$as_save_IFS
3699 if test -z "$ac_cv_path_GREP"; then
3700 as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
3701 fi
3702else
3703 ac_cv_path_GREP=$GREP
3704fi
3705
3706fi
3707{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
3708$as_echo "$ac_cv_path_GREP" >&6; }
3709 GREP="$ac_cv_path_GREP"
3710
3711
3712{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
3713$as_echo_n "checking for egrep... " >&6; }
3714if ${ac_cv_path_EGREP+:} false; then :
3715 $as_echo_n "(cached) " >&6
3716else
3717 if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
3718 then ac_cv_path_EGREP="$GREP -E"
3719 else
3720 if test -z "$EGREP"; then
3721 ac_path_EGREP_found=false
3722 # Loop through the user's path and test for each of PROGNAME-LIST
3723 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3724for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
3725do
3726 IFS=$as_save_IFS
3727 test -z "$as_dir" && as_dir=.
3728 for ac_prog in egrep; do
3729 for ac_exec_ext in '' $ac_executable_extensions; do
3730 ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
3731 as_fn_executable_p "$ac_path_EGREP" || continue
3732# Check for GNU ac_path_EGREP and select it if it is found.
3733 # Check for GNU $ac_path_EGREP
3734case `"$ac_path_EGREP" --version 2>&1` in
3735*GNU*)
3736 ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
3737*)
3738 ac_count=0
3739 $as_echo_n 0123456789 >"conftest.in"
3740 while :
3741 do
3742 cat "conftest.in" "conftest.in" >"conftest.tmp"
3743 mv "conftest.tmp" "conftest.in"
3744 cp "conftest.in" "conftest.nl"
3745 $as_echo 'EGREP' >> "conftest.nl"
3746 "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
3747 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
3748 as_fn_arith $ac_count + 1 && ac_count=$as_val
3749 if test $ac_count -gt ${ac_path_EGREP_max-0}; then
3750 # Best one so far, save it but keep looking for a better one
3751 ac_cv_path_EGREP="$ac_path_EGREP"
3752 ac_path_EGREP_max=$ac_count
3753 fi
3754 # 10*(2^10) chars as input seems more than enough
3755 test $ac_count -gt 10 && break
3756 done
3757 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
3758esac
3759
3760 $ac_path_EGREP_found && break 3
3761 done
3762 done
3763 done
3764IFS=$as_save_IFS
3765 if test -z "$ac_cv_path_EGREP"; then
3766 as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
3767 fi
3768else
3769 ac_cv_path_EGREP=$EGREP
3770fi
3771
3772 fi
3773fi
3774{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
3775$as_echo "$ac_cv_path_EGREP" >&6; }
3776 EGREP="$ac_cv_path_EGREP"
3777
3778
3779{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
3780$as_echo_n "checking for ANSI C header files... " >&6; }
3781if ${ac_cv_header_stdc+:} false; then :
3782 $as_echo_n "(cached) " >&6
3783else
3784 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3785/* end confdefs.h. */
3786#include <stdlib.h>
3787#include <stdarg.h>
3788#include <string.h>
3789#include <float.h>
3790
3791int
3792main ()
3793{
3794
3795 ;
3796 return 0;
3797}
3798_ACEOF
3799if ac_fn_c_try_compile "$LINENO"; then :
3800 ac_cv_header_stdc=yes
3801else
3802 ac_cv_header_stdc=no
3803fi
3804rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3805
3806if test $ac_cv_header_stdc = yes; then
3807 # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
3808 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3809/* end confdefs.h. */
3810#include <string.h>
3811
3812_ACEOF
3813if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
3814 $EGREP "memchr" >/dev/null 2>&1; then :
3815
3816else
3817 ac_cv_header_stdc=no
3818fi
3819rm -f conftest*
3820
3821fi
3822
3823if test $ac_cv_header_stdc = yes; then
3824 # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
3825 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3826/* end confdefs.h. */
3827#include <stdlib.h>
3828
3829_ACEOF
3830if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
3831 $EGREP "free" >/dev/null 2>&1; then :
3832
3833else
3834 ac_cv_header_stdc=no
3835fi
3836rm -f conftest*
3837
3838fi
3839
3840if test $ac_cv_header_stdc = yes; then
3841 # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
3842 if test "$cross_compiling" = yes; then :
3843 :
3844else
3845 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3846/* end confdefs.h. */
3847#include <ctype.h>
3848#include <stdlib.h>
3849#if ((' ' & 0x0FF) == 0x020)
3850# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
3851# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
3852#else
3853# define ISLOWER(c) \
3854 (('a' <= (c) && (c) <= 'i') \
3855 || ('j' <= (c) && (c) <= 'r') \
3856 || ('s' <= (c) && (c) <= 'z'))
3857# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
3858#endif
3859
3860#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
3861int
3862main ()
3863{
3864 int i;
3865 for (i = 0; i < 256; i++)
3866 if (XOR (islower (i), ISLOWER (i))
3867 || toupper (i) != TOUPPER (i))
3868 return 2;
3869 return 0;
3870}
3871_ACEOF
3872if ac_fn_c_try_run "$LINENO"; then :
3873
3874else
3875 ac_cv_header_stdc=no
3876fi
3877rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
3878 conftest.$ac_objext conftest.beam conftest.$ac_ext
3879fi
3880
3881fi
3882fi
3883{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
3884$as_echo "$ac_cv_header_stdc" >&6; }
3885if test $ac_cv_header_stdc = yes; then
3886
3887$as_echo "#define STDC_HEADERS 1" >>confdefs.h
3888
3889fi
3890
3891# On IRIX 5.3, sys/types and inttypes.h are conflicting.
3892for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
3893 inttypes.h stdint.h unistd.h
3894do :
3895 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
3896ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
3897"
3898if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
3899 cat >>confdefs.h <<_ACEOF
3900#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
3901_ACEOF
3902
3903fi
3904
3905done
3906
3907
3908 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
3909$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
3910if ${ac_cv_c_bigendian+:} false; then :
3911 $as_echo_n "(cached) " >&6
3912else
3913 ac_cv_c_bigendian=unknown
3914 # See if we're dealing with a universal compiler.
3915 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3916/* end confdefs.h. */
3917#ifndef __APPLE_CC__
3918 not a universal capable compiler
3919 #endif
3920 typedef int dummy;
3921
3922_ACEOF
3923if ac_fn_c_try_compile "$LINENO"; then :
3924
3925 # Check for potential -arch flags. It is not universal unless
3926 # there are at least two -arch flags with different values.
3927 ac_arch=
3928 ac_prev=
3929 for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
3930 if test -n "$ac_prev"; then
3931 case $ac_word in
3932 i?86 | x86_64 | ppc | ppc64)
3933 if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
3934 ac_arch=$ac_word
3935 else
3936 ac_cv_c_bigendian=universal
3937 break
3938 fi
3939 ;;
3940 esac
3941 ac_prev=
3942 elif test "x$ac_word" = "x-arch"; then
3943 ac_prev=arch
3944 fi
3945 done
3946fi
3947rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3948 if test $ac_cv_c_bigendian = unknown; then
3949 # See if sys/param.h defines the BYTE_ORDER macro.
3950 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3951/* end confdefs.h. */
3952#include <sys/types.h>
3953 #include <sys/param.h>
3954
3955int
3956main ()
3957{
3958#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
3959 && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
3960 && LITTLE_ENDIAN)
3961 bogus endian macros
3962 #endif
3963
3964 ;
3965 return 0;
3966}
3967_ACEOF
3968if ac_fn_c_try_compile "$LINENO"; then :
3969 # It does; now see whether it defined to BIG_ENDIAN or not.
3970 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3971/* end confdefs.h. */
3972#include <sys/types.h>
3973 #include <sys/param.h>
3974
3975int
3976main ()
3977{
3978#if BYTE_ORDER != BIG_ENDIAN
3979 not big endian
3980 #endif
3981
3982 ;
3983 return 0;
3984}
3985_ACEOF
3986if ac_fn_c_try_compile "$LINENO"; then :
3987 ac_cv_c_bigendian=yes
3988else
3989 ac_cv_c_bigendian=no
3990fi
3991rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3992fi
3993rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3994 fi
3995 if test $ac_cv_c_bigendian = unknown; then
3996 # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
3997 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3998/* end confdefs.h. */
3999#include <limits.h>
4000
4001int
4002main ()
4003{
4004#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
4005 bogus endian macros
4006 #endif
4007
4008 ;
4009 return 0;
4010}
4011_ACEOF
4012if ac_fn_c_try_compile "$LINENO"; then :
4013 # It does; now see whether it defined to _BIG_ENDIAN or not.
4014 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4015/* end confdefs.h. */
4016#include <limits.h>
4017
4018int
4019main ()
4020{
4021#ifndef _BIG_ENDIAN
4022 not big endian
4023 #endif
4024
4025 ;
4026 return 0;
4027}
4028_ACEOF
4029if ac_fn_c_try_compile "$LINENO"; then :
4030 ac_cv_c_bigendian=yes
4031else
4032 ac_cv_c_bigendian=no
4033fi
4034rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4035fi
4036rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4037 fi
4038 if test $ac_cv_c_bigendian = unknown; then
4039 # Compile a test program.
4040 if test "$cross_compiling" = yes; then :
4041 # Try to guess by grepping values from an object file.
4042 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4043/* end confdefs.h. */
4044short int ascii_mm[] =
4045 { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
4046 short int ascii_ii[] =
4047 { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
4048 int use_ascii (int i) {
4049 return ascii_mm[i] + ascii_ii[i];
4050 }
4051 short int ebcdic_ii[] =
4052 { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
4053 short int ebcdic_mm[] =
4054 { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
4055 int use_ebcdic (int i) {
4056 return ebcdic_mm[i] + ebcdic_ii[i];
4057 }
4058 extern int foo;
4059
4060int
4061main ()
4062{
4063return use_ascii (foo) == use_ebcdic (foo);
4064 ;
4065 return 0;
4066}
4067_ACEOF
4068if ac_fn_c_try_compile "$LINENO"; then :
4069 if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
4070 ac_cv_c_bigendian=yes
4071 fi
4072 if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
4073 if test "$ac_cv_c_bigendian" = unknown; then
4074 ac_cv_c_bigendian=no
4075 else
4076 # finding both strings is unlikely to happen, but who knows?
4077 ac_cv_c_bigendian=unknown
4078 fi
4079 fi
4080fi
4081rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4082else
4083 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4084/* end confdefs.h. */
4085$ac_includes_default
4086int
4087main ()
4088{
4089
4090 /* Are we little or big endian? From Harbison&Steele. */
4091 union
4092 {
4093 long int l;
4094 char c[sizeof (long int)];
4095 } u;
4096 u.l = 1;
4097 return u.c[sizeof (long int) - 1] == 1;
4098
4099 ;
4100 return 0;
4101}
4102_ACEOF
4103if ac_fn_c_try_run "$LINENO"; then :
4104 ac_cv_c_bigendian=no
4105else
4106 ac_cv_c_bigendian=yes
4107fi
4108rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
4109 conftest.$ac_objext conftest.beam conftest.$ac_ext
4110fi
4111
4112 fi
4113fi
4114{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
4115$as_echo "$ac_cv_c_bigendian" >&6; }
4116 case $ac_cv_c_bigendian in #(
4117 yes)
4118 $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
4119;; #(
4120 no)
4121 ;; #(
4122 universal)
4123
4124$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
4125
4126 ;; #(
4127 *)
4128 as_fn_error $? "unknown endianness
4129 presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
4130 esac
4131
4132
4133# Checks for programs.
4134for ac_prog in gawk mawk nawk awk
4135do
4136 # Extract the first word of "$ac_prog", so it can be a program name with args.
4137set dummy $ac_prog; ac_word=$2
4138{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4139$as_echo_n "checking for $ac_word... " >&6; }
4140if ${ac_cv_prog_AWK+:} false; then :
4141 $as_echo_n "(cached) " >&6
4142else
4143 if test -n "$AWK"; then
4144 ac_cv_prog_AWK="$AWK" # Let the user override the test.
4145else
4146as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4147for as_dir in $PATH
4148do
4149 IFS=$as_save_IFS
4150 test -z "$as_dir" && as_dir=.
4151 for ac_exec_ext in '' $ac_executable_extensions; do
4152 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4153 ac_cv_prog_AWK="$ac_prog"
4154 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4155 break 2
4156 fi
4157done
4158 done
4159IFS=$as_save_IFS
4160
4161fi
4162fi
4163AWK=$ac_cv_prog_AWK
4164if test -n "$AWK"; then
4165 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
4166$as_echo "$AWK" >&6; }
4167else
4168 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4169$as_echo "no" >&6; }
4170fi
4171
4172
4173 test -n "$AWK" && break
4174done
4175
4176ac_ext=c
4177ac_cpp='$CPP $CPPFLAGS'
4178ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
4179ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
4180ac_compiler_gnu=$ac_cv_c_compiler_gnu
4181{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
4182$as_echo_n "checking how to run the C preprocessor... " >&6; }
4183# On Suns, sometimes $CPP names a directory.
4184if test -n "$CPP" && test -d "$CPP"; then
4185 CPP=
4186fi
4187if test -z "$CPP"; then
4188 if ${ac_cv_prog_CPP+:} false; then :
4189 $as_echo_n "(cached) " >&6
4190else
4191 # Double quotes because CPP needs to be expanded
4192 for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
4193 do
4194 ac_preproc_ok=false
4195for ac_c_preproc_warn_flag in '' yes
4196do
4197 # Use a header file that comes with gcc, so configuring glibc
4198 # with a fresh cross-compiler works.
4199 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
4200 # <limits.h> exists even on freestanding compilers.
4201 # On the NeXT, cc -E runs the code through the compiler's parser,
4202 # not just through cpp. "Syntax error" is here to catch this case.
4203 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4204/* end confdefs.h. */
4205#ifdef __STDC__
4206# include <limits.h>
4207#else
4208# include <assert.h>
4209#endif
4210 Syntax error
4211_ACEOF
4212if ac_fn_c_try_cpp "$LINENO"; then :
4213
4214else
4215 # Broken: fails on valid input.
4216continue
4217fi
4218rm -f conftest.err conftest.i conftest.$ac_ext
4219
4220 # OK, works on sane cases. Now check whether nonexistent headers
4221 # can be detected and how.
4222 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4223/* end confdefs.h. */
4224#include <ac_nonexistent.h>
4225_ACEOF
4226if ac_fn_c_try_cpp "$LINENO"; then :
4227 # Broken: success on invalid input.
4228continue
4229else
4230 # Passes both tests.
4231ac_preproc_ok=:
4232break
4233fi
4234rm -f conftest.err conftest.i conftest.$ac_ext
4235
4236done
4237# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
4238rm -f conftest.i conftest.err conftest.$ac_ext
4239if $ac_preproc_ok; then :
4240 break
4241fi
4242
4243 done
4244 ac_cv_prog_CPP=$CPP
4245
4246fi
4247 CPP=$ac_cv_prog_CPP
4248else
4249 ac_cv_prog_CPP=$CPP
4250fi
4251{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
4252$as_echo "$CPP" >&6; }
4253ac_preproc_ok=false
4254for ac_c_preproc_warn_flag in '' yes
4255do
4256 # Use a header file that comes with gcc, so configuring glibc
4257 # with a fresh cross-compiler works.
4258 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
4259 # <limits.h> exists even on freestanding compilers.
4260 # On the NeXT, cc -E runs the code through the compiler's parser,
4261 # not just through cpp. "Syntax error" is here to catch this case.
4262 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4263/* end confdefs.h. */
4264#ifdef __STDC__
4265# include <limits.h>
4266#else
4267# include <assert.h>
4268#endif
4269 Syntax error
4270_ACEOF
4271if ac_fn_c_try_cpp "$LINENO"; then :
4272
4273else
4274 # Broken: fails on valid input.
4275continue
4276fi
4277rm -f conftest.err conftest.i conftest.$ac_ext
4278
4279 # OK, works on sane cases. Now check whether nonexistent headers
4280 # can be detected and how.
4281 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4282/* end confdefs.h. */
4283#include <ac_nonexistent.h>
4284_ACEOF
4285if ac_fn_c_try_cpp "$LINENO"; then :
4286 # Broken: success on invalid input.
4287continue
4288else
4289 # Passes both tests.
4290ac_preproc_ok=:
4291break
4292fi
4293rm -f conftest.err conftest.i conftest.$ac_ext
4294
4295done
4296# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
4297rm -f conftest.i conftest.err conftest.$ac_ext
4298if $ac_preproc_ok; then :
4299
4300else
4301 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
4302$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
4303as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
4304See \`config.log' for more details" "$LINENO" 5; }
4305fi
4306
4307ac_ext=c
4308ac_cpp='$CPP $CPPFLAGS'
4309ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
4310ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
4311ac_compiler_gnu=$ac_cv_c_compiler_gnu
4312
4313if test -n "$ac_tool_prefix"; then
4314 # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
4315set dummy ${ac_tool_prefix}ranlib; ac_word=$2
4316{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4317$as_echo_n "checking for $ac_word... " >&6; }
4318if ${ac_cv_prog_RANLIB+:} false; then :
4319 $as_echo_n "(cached) " >&6
4320else
4321 if test -n "$RANLIB"; then
4322 ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
4323else
4324as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4325for as_dir in $PATH
4326do
4327 IFS=$as_save_IFS
4328 test -z "$as_dir" && as_dir=.
4329 for ac_exec_ext in '' $ac_executable_extensions; do
4330 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4331 ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
4332 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4333 break 2
4334 fi
4335done
4336 done
4337IFS=$as_save_IFS
4338
4339fi
4340fi
4341RANLIB=$ac_cv_prog_RANLIB
4342if test -n "$RANLIB"; then
4343 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
4344$as_echo "$RANLIB" >&6; }
4345else
4346 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4347$as_echo "no" >&6; }
4348fi
4349
4350
4351fi
4352if test -z "$ac_cv_prog_RANLIB"; then
4353 ac_ct_RANLIB=$RANLIB
4354 # Extract the first word of "ranlib", so it can be a program name with args.
4355set dummy ranlib; ac_word=$2
4356{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4357$as_echo_n "checking for $ac_word... " >&6; }
4358if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
4359 $as_echo_n "(cached) " >&6
4360else
4361 if test -n "$ac_ct_RANLIB"; then
4362 ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
4363else
4364as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4365for as_dir in $PATH
4366do
4367 IFS=$as_save_IFS
4368 test -z "$as_dir" && as_dir=.
4369 for ac_exec_ext in '' $ac_executable_extensions; do
4370 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4371 ac_cv_prog_ac_ct_RANLIB="ranlib"
4372 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4373 break 2
4374 fi
4375done
4376 done
4377IFS=$as_save_IFS
4378
4379fi
4380fi
4381ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
4382if test -n "$ac_ct_RANLIB"; then
4383 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
4384$as_echo "$ac_ct_RANLIB" >&6; }
4385else
4386 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4387$as_echo "no" >&6; }
4388fi
4389
4390 if test "x$ac_ct_RANLIB" = x; then
4391 RANLIB=":"
4392 else
4393 case $cross_compiling:$ac_tool_warned in
4394yes:)
4395{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
4396$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
4397ac_tool_warned=yes ;;
4398esac
4399 RANLIB=$ac_ct_RANLIB
4400 fi
4401else
4402 RANLIB="$ac_cv_prog_RANLIB"
4403fi
4404
4405# Find a good install program. We prefer a C program (faster),
4406# so one script is as good as another. But avoid the broken or
4407# incompatible versions:
4408# SysV /etc/install, /usr/sbin/install
4409# SunOS /usr/etc/install
4410# IRIX /sbin/install
4411# AIX /bin/install
4412# AmigaOS /C/install, which installs bootblocks on floppy discs
4413# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
4414# AFS /usr/afsws/bin/install, which mishandles nonexistent args
4415# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
4416# OS/2's system install, which has a completely different semantic
4417# ./install, which can be erroneously created by make from ./install.sh.
4418# Reject install programs that cannot install multiple files.
4419{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
4420$as_echo_n "checking for a BSD-compatible install... " >&6; }
4421if test -z "$INSTALL"; then
4422if ${ac_cv_path_install+:} false; then :
4423 $as_echo_n "(cached) " >&6
4424else
4425 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4426for as_dir in $PATH
4427do
4428 IFS=$as_save_IFS
4429 test -z "$as_dir" && as_dir=.
4430 # Account for people who put trailing slashes in PATH elements.
4431case $as_dir/ in #((
4432 ./ | .// | /[cC]/* | \
4433 /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
4434 ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
4435 /usr/ucb/* ) ;;
4436 *)
4437 # OSF1 and SCO ODT 3.0 have their own names for install.
4438 # Don't use installbsd from OSF since it installs stuff as root
4439 # by default.
4440 for ac_prog in ginstall scoinst install; do
4441 for ac_exec_ext in '' $ac_executable_extensions; do
4442 if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
4443 if test $ac_prog = install &&
4444 grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
4445 # AIX install. It has an incompatible calling convention.
4446 :
4447 elif test $ac_prog = install &&
4448 grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
4449 # program-specific install script used by HP pwplus--don't use.
4450 :
4451 else
4452 rm -rf conftest.one conftest.two conftest.dir
4453 echo one > conftest.one
4454 echo two > conftest.two
4455 mkdir conftest.dir
4456 if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
4457 test -s conftest.one && test -s conftest.two &&
4458 test -s conftest.dir/conftest.one &&
4459 test -s conftest.dir/conftest.two
4460 then
4461 ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
4462 break 3
4463 fi
4464 fi
4465 fi
4466 done
4467 done
4468 ;;
4469esac
4470
4471 done
4472IFS=$as_save_IFS
4473
4474rm -rf conftest.one conftest.two conftest.dir
4475
4476fi
4477 if test "${ac_cv_path_install+set}" = set; then
4478 INSTALL=$ac_cv_path_install
4479 else
4480 # As a last resort, use the slow shell script. Don't cache a
4481 # value for INSTALL within a source directory, because that will
4482 # break other packages using the cache if that directory is
4483 # removed, or if the value is a relative name.
4484 INSTALL=$ac_install_sh
4485 fi
4486fi
4487{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
4488$as_echo "$INSTALL" >&6; }
4489
4490# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
4491# It thinks the first close brace ends the variable substitution.
4492test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
4493
4494test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
4495
4496test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
4497
4498{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
4499$as_echo_n "checking for egrep... " >&6; }
4500if ${ac_cv_path_EGREP+:} false; then :
4501 $as_echo_n "(cached) " >&6
4502else
4503 if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
4504 then ac_cv_path_EGREP="$GREP -E"
4505 else
4506 if test -z "$EGREP"; then
4507 ac_path_EGREP_found=false
4508 # Loop through the user's path and test for each of PROGNAME-LIST
4509 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4510for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
4511do
4512 IFS=$as_save_IFS
4513 test -z "$as_dir" && as_dir=.
4514 for ac_prog in egrep; do
4515 for ac_exec_ext in '' $ac_executable_extensions; do
4516 ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
4517 as_fn_executable_p "$ac_path_EGREP" || continue
4518# Check for GNU ac_path_EGREP and select it if it is found.
4519 # Check for GNU $ac_path_EGREP
4520case `"$ac_path_EGREP" --version 2>&1` in
4521*GNU*)
4522 ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
4523*)
4524 ac_count=0
4525 $as_echo_n 0123456789 >"conftest.in"
4526 while :
4527 do
4528 cat "conftest.in" "conftest.in" >"conftest.tmp"
4529 mv "conftest.tmp" "conftest.in"
4530 cp "conftest.in" "conftest.nl"
4531 $as_echo 'EGREP' >> "conftest.nl"
4532 "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
4533 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
4534 as_fn_arith $ac_count + 1 && ac_count=$as_val
4535 if test $ac_count -gt ${ac_path_EGREP_max-0}; then
4536 # Best one so far, save it but keep looking for a better one
4537 ac_cv_path_EGREP="$ac_path_EGREP"
4538 ac_path_EGREP_max=$ac_count
4539 fi
4540 # 10*(2^10) chars as input seems more than enough
4541 test $ac_count -gt 10 && break
4542 done
4543 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
4544esac
4545
4546 $ac_path_EGREP_found && break 3
4547 done
4548 done
4549 done
4550IFS=$as_save_IFS
4551 if test -z "$ac_cv_path_EGREP"; then
4552 as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
4553 fi
4554else
4555 ac_cv_path_EGREP=$EGREP
4556fi
4557
4558 fi
4559fi
4560{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
4561$as_echo "$ac_cv_path_EGREP" >&6; }
4562 EGREP="$ac_cv_path_EGREP"
4563
4564
4565if test -n "$ac_tool_prefix"; then
4566 for ac_prog in ar
4567 do
4568 # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
4569set dummy $ac_tool_prefix$ac_prog; ac_word=$2
4570{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4571$as_echo_n "checking for $ac_word... " >&6; }
4572if ${ac_cv_prog_AR+:} false; then :
4573 $as_echo_n "(cached) " >&6
4574else
4575 if test -n "$AR"; then
4576 ac_cv_prog_AR="$AR" # Let the user override the test.
4577else
4578as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4579for as_dir in $PATH
4580do
4581 IFS=$as_save_IFS
4582 test -z "$as_dir" && as_dir=.
4583 for ac_exec_ext in '' $ac_executable_extensions; do
4584 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4585 ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
4586 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4587 break 2
4588 fi
4589done
4590 done
4591IFS=$as_save_IFS
4592
4593fi
4594fi
4595AR=$ac_cv_prog_AR
4596if test -n "$AR"; then
4597 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
4598$as_echo "$AR" >&6; }
4599else
4600 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4601$as_echo "no" >&6; }
4602fi
4603
4604
4605 test -n "$AR" && break
4606 done
4607fi
4608if test -z "$AR"; then
4609 ac_ct_AR=$AR
4610 for ac_prog in ar
4611do
4612 # Extract the first word of "$ac_prog", so it can be a program name with args.
4613set dummy $ac_prog; ac_word=$2
4614{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4615$as_echo_n "checking for $ac_word... " >&6; }
4616if ${ac_cv_prog_ac_ct_AR+:} false; then :
4617 $as_echo_n "(cached) " >&6
4618else
4619 if test -n "$ac_ct_AR"; then
4620 ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
4621else
4622as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4623for as_dir in $PATH
4624do
4625 IFS=$as_save_IFS
4626 test -z "$as_dir" && as_dir=.
4627 for ac_exec_ext in '' $ac_executable_extensions; do
4628 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4629 ac_cv_prog_ac_ct_AR="$ac_prog"
4630 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4631 break 2
4632 fi
4633done
4634 done
4635IFS=$as_save_IFS
4636
4637fi
4638fi
4639ac_ct_AR=$ac_cv_prog_ac_ct_AR
4640if test -n "$ac_ct_AR"; then
4641 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
4642$as_echo "$ac_ct_AR" >&6; }
4643else
4644 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4645$as_echo "no" >&6; }
4646fi
4647
4648
4649 test -n "$ac_ct_AR" && break
4650done
4651
4652 if test "x$ac_ct_AR" = x; then
4653 AR=""
4654 else
4655 case $cross_compiling:$ac_tool_warned in
4656yes:)
4657{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
4658$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
4659ac_tool_warned=yes ;;
4660esac
4661 AR=$ac_ct_AR
4662 fi
4663fi
4664
4665# Extract the first word of "cat", so it can be a program name with args.
4666set dummy cat; ac_word=$2
4667{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4668$as_echo_n "checking for $ac_word... " >&6; }
4669if ${ac_cv_path_CAT+:} false; then :
4670 $as_echo_n "(cached) " >&6
4671else
4672 case $CAT in
4673 [\\/]* | ?:[\\/]*)
4674 ac_cv_path_CAT="$CAT" # Let the user override the test with a path.
4675 ;;
4676 *)
4677 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4678for as_dir in $PATH
4679do
4680 IFS=$as_save_IFS
4681 test -z "$as_dir" && as_dir=.
4682 for ac_exec_ext in '' $ac_executable_extensions; do
4683 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4684 ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext"
4685 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4686 break 2
4687 fi
4688done
4689 done
4690IFS=$as_save_IFS
4691
4692 ;;
4693esac
4694fi
4695CAT=$ac_cv_path_CAT
4696if test -n "$CAT"; then
4697 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5
4698$as_echo "$CAT" >&6; }
4699else
4700 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4701$as_echo "no" >&6; }
4702fi
4703
4704
4705# Extract the first word of "kill", so it can be a program name with args.
4706set dummy kill; ac_word=$2
4707{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4708$as_echo_n "checking for $ac_word... " >&6; }
4709if ${ac_cv_path_KILL+:} false; then :
4710 $as_echo_n "(cached) " >&6
4711else
4712 case $KILL in
4713 [\\/]* | ?:[\\/]*)
4714 ac_cv_path_KILL="$KILL" # Let the user override the test with a path.
4715 ;;
4716 *)
4717 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4718for as_dir in $PATH
4719do
4720 IFS=$as_save_IFS
4721 test -z "$as_dir" && as_dir=.
4722 for ac_exec_ext in '' $ac_executable_extensions; do
4723 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4724 ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext"
4725 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4726 break 2
4727 fi
4728done
4729 done
4730IFS=$as_save_IFS
4731
4732 ;;
4733esac
4734fi
4735KILL=$ac_cv_path_KILL
4736if test -n "$KILL"; then
4737 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5
4738$as_echo "$KILL" >&6; }
4739else
4740 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4741$as_echo "no" >&6; }
4742fi
4743
4744
4745for ac_prog in perl5 perl
4746do
4747 # Extract the first word of "$ac_prog", so it can be a program name with args.
4748set dummy $ac_prog; ac_word=$2
4749{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4750$as_echo_n "checking for $ac_word... " >&6; }
4751if ${ac_cv_path_PERL+:} false; then :
4752 $as_echo_n "(cached) " >&6
4753else
4754 case $PERL in
4755 [\\/]* | ?:[\\/]*)
4756 ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
4757 ;;
4758 *)
4759 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4760for as_dir in $PATH
4761do
4762 IFS=$as_save_IFS
4763 test -z "$as_dir" && as_dir=.
4764 for ac_exec_ext in '' $ac_executable_extensions; do
4765 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4766 ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
4767 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4768 break 2
4769 fi
4770done
4771 done
4772IFS=$as_save_IFS
4773
4774 ;;
4775esac
4776fi
4777PERL=$ac_cv_path_PERL
4778if test -n "$PERL"; then
4779 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
4780$as_echo "$PERL" >&6; }
4781else
4782 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4783$as_echo "no" >&6; }
4784fi
4785
4786
4787 test -n "$PERL" && break
4788done
4789
4790# Extract the first word of "sed", so it can be a program name with args.
4791set dummy sed; ac_word=$2
4792{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4793$as_echo_n "checking for $ac_word... " >&6; }
4794if ${ac_cv_path_SED+:} false; then :
4795 $as_echo_n "(cached) " >&6
4796else
4797 case $SED in
4798 [\\/]* | ?:[\\/]*)
4799 ac_cv_path_SED="$SED" # Let the user override the test with a path.
4800 ;;
4801 *)
4802 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4803for as_dir in $PATH
4804do
4805 IFS=$as_save_IFS
4806 test -z "$as_dir" && as_dir=.
4807 for ac_exec_ext in '' $ac_executable_extensions; do
4808 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4809 ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
4810 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4811 break 2
4812 fi
4813done
4814 done
4815IFS=$as_save_IFS
4816
4817 ;;
4818esac
4819fi
4820SED=$ac_cv_path_SED
4821if test -n "$SED"; then
4822 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5
4823$as_echo "$SED" >&6; }
4824else
4825 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4826$as_echo "no" >&6; }
4827fi
4828
4829
4830
4831# Extract the first word of "ent", so it can be a program name with args.
4832set dummy ent; ac_word=$2
4833{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4834$as_echo_n "checking for $ac_word... " >&6; }
4835if ${ac_cv_path_ENT+:} false; then :
4836 $as_echo_n "(cached) " >&6
4837else
4838 case $ENT in
4839 [\\/]* | ?:[\\/]*)
4840 ac_cv_path_ENT="$ENT" # Let the user override the test with a path.
4841 ;;
4842 *)
4843 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4844for as_dir in $PATH
4845do
4846 IFS=$as_save_IFS
4847 test -z "$as_dir" && as_dir=.
4848 for ac_exec_ext in '' $ac_executable_extensions; do
4849 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4850 ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext"
4851 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4852 break 2
4853 fi
4854done
4855 done
4856IFS=$as_save_IFS
4857
4858 ;;
4859esac
4860fi
4861ENT=$ac_cv_path_ENT
4862if test -n "$ENT"; then
4863 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5
4864$as_echo "$ENT" >&6; }
4865else
4866 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4867$as_echo "no" >&6; }
4868fi
4869
4870
4871
4872# Extract the first word of "bash", so it can be a program name with args.
4873set dummy bash; ac_word=$2
4874{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4875$as_echo_n "checking for $ac_word... " >&6; }
4876if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
4877 $as_echo_n "(cached) " >&6
4878else
4879 case $TEST_MINUS_S_SH in
4880 [\\/]* | ?:[\\/]*)
4881 ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
4882 ;;
4883 *)
4884 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4885for as_dir in $PATH
4886do
4887 IFS=$as_save_IFS
4888 test -z "$as_dir" && as_dir=.
4889 for ac_exec_ext in '' $ac_executable_extensions; do
4890 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4891 ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
4892 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4893 break 2
4894 fi
4895done
4896 done
4897IFS=$as_save_IFS
4898
4899 ;;
4900esac
4901fi
4902TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
4903if test -n "$TEST_MINUS_S_SH"; then
4904 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
4905$as_echo "$TEST_MINUS_S_SH" >&6; }
4906else
4907 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4908$as_echo "no" >&6; }
4909fi
4910
4911
4912# Extract the first word of "ksh", so it can be a program name with args.
4913set dummy ksh; ac_word=$2
4914{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4915$as_echo_n "checking for $ac_word... " >&6; }
4916if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
4917 $as_echo_n "(cached) " >&6
4918else
4919 case $TEST_MINUS_S_SH in
4920 [\\/]* | ?:[\\/]*)
4921 ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
4922 ;;
4923 *)
4924 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4925for as_dir in $PATH
4926do
4927 IFS=$as_save_IFS
4928 test -z "$as_dir" && as_dir=.
4929 for ac_exec_ext in '' $ac_executable_extensions; do
4930 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4931 ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
4932 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4933 break 2
4934 fi
4935done
4936 done
4937IFS=$as_save_IFS
4938
4939 ;;
4940esac
4941fi
4942TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
4943if test -n "$TEST_MINUS_S_SH"; then
4944 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
4945$as_echo "$TEST_MINUS_S_SH" >&6; }
4946else
4947 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4948$as_echo "no" >&6; }
4949fi
4950
4951
4952# Extract the first word of "sh", so it can be a program name with args.
4953set dummy sh; ac_word=$2
4954{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4955$as_echo_n "checking for $ac_word... " >&6; }
4956if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
4957 $as_echo_n "(cached) " >&6
4958else
4959 case $TEST_MINUS_S_SH in
4960 [\\/]* | ?:[\\/]*)
4961 ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
4962 ;;
4963 *)
4964 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4965for as_dir in $PATH
4966do
4967 IFS=$as_save_IFS
4968 test -z "$as_dir" && as_dir=.
4969 for ac_exec_ext in '' $ac_executable_extensions; do
4970 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4971 ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
4972 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4973 break 2
4974 fi
4975done
4976 done
4977IFS=$as_save_IFS
4978
4979 ;;
4980esac
4981fi
4982TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
4983if test -n "$TEST_MINUS_S_SH"; then
4984 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
4985$as_echo "$TEST_MINUS_S_SH" >&6; }
4986else
4987 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4988$as_echo "no" >&6; }
4989fi
4990
4991
4992# Extract the first word of "sh", so it can be a program name with args.
4993set dummy sh; ac_word=$2
4994{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4995$as_echo_n "checking for $ac_word... " >&6; }
4996if ${ac_cv_path_SH+:} false; then :
4997 $as_echo_n "(cached) " >&6
4998else
4999 case $SH in
5000 [\\/]* | ?:[\\/]*)
5001 ac_cv_path_SH="$SH" # Let the user override the test with a path.
5002 ;;
5003 *)
5004 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5005for as_dir in $PATH
5006do
5007 IFS=$as_save_IFS
5008 test -z "$as_dir" && as_dir=.
5009 for ac_exec_ext in '' $ac_executable_extensions; do
5010 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5011 ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
5012 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5013 break 2
5014 fi
5015done
5016 done
5017IFS=$as_save_IFS
5018
5019 ;;
5020esac
5021fi
5022SH=$ac_cv_path_SH
5023if test -n "$SH"; then
5024 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
5025$as_echo "$SH" >&6; }
5026else
5027 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5028$as_echo "no" >&6; }
5029fi
5030
5031
5032# Extract the first word of "groff", so it can be a program name with args.
5033set dummy groff; ac_word=$2
5034{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5035$as_echo_n "checking for $ac_word... " >&6; }
5036if ${ac_cv_path_GROFF+:} false; then :
5037 $as_echo_n "(cached) " >&6
5038else
5039 case $GROFF in
5040 [\\/]* | ?:[\\/]*)
5041 ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
5042 ;;
5043 *)
5044 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5045for as_dir in $PATH
5046do
5047 IFS=$as_save_IFS
5048 test -z "$as_dir" && as_dir=.
5049 for ac_exec_ext in '' $ac_executable_extensions; do
5050 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5051 ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
5052 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5053 break 2
5054 fi
5055done
5056 done
5057IFS=$as_save_IFS
5058
5059 ;;
5060esac
5061fi
5062GROFF=$ac_cv_path_GROFF
5063if test -n "$GROFF"; then
5064 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5
5065$as_echo "$GROFF" >&6; }
5066else
5067 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5068$as_echo "no" >&6; }
5069fi
5070
5071
5072# Extract the first word of "nroff", so it can be a program name with args.
5073set dummy nroff; ac_word=$2
5074{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5075$as_echo_n "checking for $ac_word... " >&6; }
5076if ${ac_cv_path_NROFF+:} false; then :
5077 $as_echo_n "(cached) " >&6
5078else
5079 case $NROFF in
5080 [\\/]* | ?:[\\/]*)
5081 ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
5082 ;;
5083 *)
5084 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5085for as_dir in $PATH
5086do
5087 IFS=$as_save_IFS
5088 test -z "$as_dir" && as_dir=.
5089 for ac_exec_ext in '' $ac_executable_extensions; do
5090 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5091 ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
5092 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5093 break 2
5094 fi
5095done
5096 done
5097IFS=$as_save_IFS
5098
5099 ;;
5100esac
5101fi
5102NROFF=$ac_cv_path_NROFF
5103if test -n "$NROFF"; then
5104 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
5105$as_echo "$NROFF" >&6; }
5106else
5107 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5108$as_echo "no" >&6; }
5109fi
5110
5111
5112# Extract the first word of "mandoc", so it can be a program name with args.
5113set dummy mandoc; ac_word=$2
5114{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5115$as_echo_n "checking for $ac_word... " >&6; }
5116if ${ac_cv_path_MANDOC+:} false; then :
5117 $as_echo_n "(cached) " >&6
5118else
5119 case $MANDOC in
5120 [\\/]* | ?:[\\/]*)
5121 ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path.
5122 ;;
5123 *)
5124 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5125for as_dir in $PATH
5126do
5127 IFS=$as_save_IFS
5128 test -z "$as_dir" && as_dir=.
5129 for ac_exec_ext in '' $ac_executable_extensions; do
5130 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5131 ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext"
5132 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5133 break 2
5134 fi
5135done
5136 done
5137IFS=$as_save_IFS
5138
5139 ;;
5140esac
5141fi
5142MANDOC=$ac_cv_path_MANDOC
5143if test -n "$MANDOC"; then
5144 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5
5145$as_echo "$MANDOC" >&6; }
5146else
5147 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5148$as_echo "no" >&6; }
5149fi
5150
5151
5152TEST_SHELL=sh
5153
5154
5155if test "x$MANDOC" != "x" ; then
5156 MANFMT="$MANDOC"
5157elif test "x$NROFF" != "x" ; then
5158 MANFMT="$NROFF -mandoc"
5159elif test "x$GROFF" != "x" ; then
5160 MANFMT="$GROFF -mandoc -Tascii"
5161else
5162 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5
5163$as_echo "$as_me: WARNING: no manpage formatted found" >&2;}
5164 MANFMT="false"
5165fi
5166
5167
5168# Extract the first word of "groupadd", so it can be a program name with args.
5169set dummy groupadd; ac_word=$2
5170{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5171$as_echo_n "checking for $ac_word... " >&6; }
5172if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then :
5173 $as_echo_n "(cached) " >&6
5174else
5175 case $PATH_GROUPADD_PROG in
5176 [\\/]* | ?:[\\/]*)
5177 ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path.
5178 ;;
5179 *)
5180 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5181for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
5182do
5183 IFS=$as_save_IFS
5184 test -z "$as_dir" && as_dir=.
5185 for ac_exec_ext in '' $ac_executable_extensions; do
5186 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5187 ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext"
5188 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5189 break 2
5190 fi
5191done
5192 done
5193IFS=$as_save_IFS
5194
5195 test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd"
5196 ;;
5197esac
5198fi
5199PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG
5200if test -n "$PATH_GROUPADD_PROG"; then
5201 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5
5202$as_echo "$PATH_GROUPADD_PROG" >&6; }
5203else
5204 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5205$as_echo "no" >&6; }
5206fi
5207
5208
5209# Extract the first word of "useradd", so it can be a program name with args.
5210set dummy useradd; ac_word=$2
5211{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5212$as_echo_n "checking for $ac_word... " >&6; }
5213if ${ac_cv_path_PATH_USERADD_PROG+:} false; then :
5214 $as_echo_n "(cached) " >&6
5215else
5216 case $PATH_USERADD_PROG in
5217 [\\/]* | ?:[\\/]*)
5218 ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path.
5219 ;;
5220 *)
5221 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5222for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
5223do
5224 IFS=$as_save_IFS
5225 test -z "$as_dir" && as_dir=.
5226 for ac_exec_ext in '' $ac_executable_extensions; do
5227 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5228 ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext"
5229 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5230 break 2
5231 fi
5232done
5233 done
5234IFS=$as_save_IFS
5235
5236 test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd"
5237 ;;
5238esac
5239fi
5240PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG
5241if test -n "$PATH_USERADD_PROG"; then
5242 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5
5243$as_echo "$PATH_USERADD_PROG" >&6; }
5244else
5245 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5246$as_echo "no" >&6; }
5247fi
5248
5249
5250# Extract the first word of "pkgmk", so it can be a program name with args.
5251set dummy pkgmk; ac_word=$2
5252{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5253$as_echo_n "checking for $ac_word... " >&6; }
5254if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then :
5255 $as_echo_n "(cached) " >&6
5256else
5257 if test -n "$MAKE_PACKAGE_SUPPORTED"; then
5258 ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test.
5259else
5260as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5261for as_dir in $PATH
5262do
5263 IFS=$as_save_IFS
5264 test -z "$as_dir" && as_dir=.
5265 for ac_exec_ext in '' $ac_executable_extensions; do
5266 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5267 ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes"
5268 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5269 break 2
5270 fi
5271done
5272 done
5273IFS=$as_save_IFS
5274
5275 test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no"
5276fi
5277fi
5278MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED
5279if test -n "$MAKE_PACKAGE_SUPPORTED"; then
5280 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5
5281$as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; }
5282else
5283 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5284$as_echo "no" >&6; }
5285fi
5286
5287
5288if test -x /sbin/sh; then
5289 STARTUP_SCRIPT_SHELL=/sbin/sh
5290
5291else
5292 STARTUP_SCRIPT_SHELL=/bin/sh
5293
5294fi
5295
5296# System features
5297# Check whether --enable-largefile was given.
5298if test "${enable_largefile+set}" = set; then :
5299 enableval=$enable_largefile;
5300fi
5301
5302if test "$enable_largefile" != no; then
5303
5304 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
5305$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
5306if ${ac_cv_sys_largefile_CC+:} false; then :
5307 $as_echo_n "(cached) " >&6
5308else
5309 ac_cv_sys_largefile_CC=no
5310 if test "$GCC" != yes; then
5311 ac_save_CC=$CC
5312 while :; do
5313 # IRIX 6.2 and later do not support large files by default,
5314 # so use the C compiler's -n32 option if that helps.
5315 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5316/* end confdefs.h. */
5317#include <sys/types.h>
5318 /* Check that off_t can represent 2**63 - 1 correctly.
5319 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5320 since some C++ compilers masquerading as C compilers
5321 incorrectly reject 9223372036854775807. */
5322#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5323 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5324 && LARGE_OFF_T % 2147483647 == 1)
5325 ? 1 : -1];
5326int
5327main ()
5328{
5329
5330 ;
5331 return 0;
5332}
5333_ACEOF
5334 if ac_fn_c_try_compile "$LINENO"; then :
5335 break
5336fi
5337rm -f core conftest.err conftest.$ac_objext
5338 CC="$CC -n32"
5339 if ac_fn_c_try_compile "$LINENO"; then :
5340 ac_cv_sys_largefile_CC=' -n32'; break
5341fi
5342rm -f core conftest.err conftest.$ac_objext
5343 break
5344 done
5345 CC=$ac_save_CC
5346 rm -f conftest.$ac_ext
5347 fi
5348fi
5349{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
5350$as_echo "$ac_cv_sys_largefile_CC" >&6; }
5351 if test "$ac_cv_sys_largefile_CC" != no; then
5352 CC=$CC$ac_cv_sys_largefile_CC
5353 fi
5354
5355 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
5356$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
5357if ${ac_cv_sys_file_offset_bits+:} false; then :
5358 $as_echo_n "(cached) " >&6
5359else
5360 while :; do
5361 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5362/* end confdefs.h. */
5363#include <sys/types.h>
5364 /* Check that off_t can represent 2**63 - 1 correctly.
5365 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5366 since some C++ compilers masquerading as C compilers
5367 incorrectly reject 9223372036854775807. */
5368#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5369 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5370 && LARGE_OFF_T % 2147483647 == 1)
5371 ? 1 : -1];
5372int
5373main ()
5374{
5375
5376 ;
5377 return 0;
5378}
5379_ACEOF
5380if ac_fn_c_try_compile "$LINENO"; then :
5381 ac_cv_sys_file_offset_bits=no; break
5382fi
5383rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5384 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5385/* end confdefs.h. */
5386#define _FILE_OFFSET_BITS 64
5387#include <sys/types.h>
5388 /* Check that off_t can represent 2**63 - 1 correctly.
5389 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5390 since some C++ compilers masquerading as C compilers
5391 incorrectly reject 9223372036854775807. */
5392#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5393 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5394 && LARGE_OFF_T % 2147483647 == 1)
5395 ? 1 : -1];
5396int
5397main ()
5398{
5399
5400 ;
5401 return 0;
5402}
5403_ACEOF
5404if ac_fn_c_try_compile "$LINENO"; then :
5405 ac_cv_sys_file_offset_bits=64; break
5406fi
5407rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5408 ac_cv_sys_file_offset_bits=unknown
5409 break
5410done
5411fi
5412{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
5413$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
5414case $ac_cv_sys_file_offset_bits in #(
5415 no | unknown) ;;
5416 *)
5417cat >>confdefs.h <<_ACEOF
5418#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
5419_ACEOF
5420;;
5421esac
5422rm -rf conftest*
5423 if test $ac_cv_sys_file_offset_bits = unknown; then
5424 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
5425$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
5426if ${ac_cv_sys_large_files+:} false; then :
5427 $as_echo_n "(cached) " >&6
5428else
5429 while :; do
5430 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5431/* end confdefs.h. */
5432#include <sys/types.h>
5433 /* Check that off_t can represent 2**63 - 1 correctly.
5434 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5435 since some C++ compilers masquerading as C compilers
5436 incorrectly reject 9223372036854775807. */
5437#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5438 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5439 && LARGE_OFF_T % 2147483647 == 1)
5440 ? 1 : -1];
5441int
5442main ()
5443{
5444
5445 ;
5446 return 0;
5447}
5448_ACEOF
5449if ac_fn_c_try_compile "$LINENO"; then :
5450 ac_cv_sys_large_files=no; break
5451fi
5452rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5453 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5454/* end confdefs.h. */
5455#define _LARGE_FILES 1
5456#include <sys/types.h>
5457 /* Check that off_t can represent 2**63 - 1 correctly.
5458 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5459 since some C++ compilers masquerading as C compilers
5460 incorrectly reject 9223372036854775807. */
5461#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5462 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5463 && LARGE_OFF_T % 2147483647 == 1)
5464 ? 1 : -1];
5465int
5466main ()
5467{
5468
5469 ;
5470 return 0;
5471}
5472_ACEOF
5473if ac_fn_c_try_compile "$LINENO"; then :
5474 ac_cv_sys_large_files=1; break
5475fi
5476rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5477 ac_cv_sys_large_files=unknown
5478 break
5479done
5480fi
5481{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
5482$as_echo "$ac_cv_sys_large_files" >&6; }
5483case $ac_cv_sys_large_files in #(
5484 no | unknown) ;;
5485 *)
5486cat >>confdefs.h <<_ACEOF
5487#define _LARGE_FILES $ac_cv_sys_large_files
5488_ACEOF
5489;;
5490esac
5491rm -rf conftest*
5492 fi
5493
5494
5495fi
5496
5497
5498if test -z "$AR" ; then
5499 as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5
5500fi
5501
5502# Extract the first word of "passwd", so it can be a program name with args.
5503set dummy passwd; ac_word=$2
5504{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5505$as_echo_n "checking for $ac_word... " >&6; }
5506if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then :
5507 $as_echo_n "(cached) " >&6
5508else
5509 case $PATH_PASSWD_PROG in
5510 [\\/]* | ?:[\\/]*)
5511 ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path.
5512 ;;
5513 *)
5514 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5515for as_dir in $PATH
5516do
5517 IFS=$as_save_IFS
5518 test -z "$as_dir" && as_dir=.
5519 for ac_exec_ext in '' $ac_executable_extensions; do
5520 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5521 ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext"
5522 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5523 break 2
5524 fi
5525done
5526 done
5527IFS=$as_save_IFS
5528
5529 ;;
5530esac
5531fi
5532PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG
5533if test -n "$PATH_PASSWD_PROG"; then
5534 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5
5535$as_echo "$PATH_PASSWD_PROG" >&6; }
5536else
5537 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5538$as_echo "no" >&6; }
5539fi
5540
5541
5542if test ! -z "$PATH_PASSWD_PROG" ; then
5543
5544cat >>confdefs.h <<_ACEOF
5545#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG"
5546_ACEOF
5547
5548fi
5549
5550if test -z "$LD" ; then
5551 LD=$CC
5552fi
5553
5554
5555{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
5556$as_echo_n "checking for inline... " >&6; }
5557if ${ac_cv_c_inline+:} false; then :
5558 $as_echo_n "(cached) " >&6
5559else
5560 ac_cv_c_inline=no
5561for ac_kw in inline __inline__ __inline; do
5562 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5563/* end confdefs.h. */
5564#ifndef __cplusplus
5565typedef int foo_t;
5566static $ac_kw foo_t static_foo () {return 0; }
5567$ac_kw foo_t foo () {return 0; }
5568#endif
5569
5570_ACEOF
5571if ac_fn_c_try_compile "$LINENO"; then :
5572 ac_cv_c_inline=$ac_kw
5573fi
5574rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5575 test "$ac_cv_c_inline" != no && break
5576done
5577
5578fi
5579{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
5580$as_echo "$ac_cv_c_inline" >&6; }
5581
5582case $ac_cv_c_inline in
5583 inline | yes) ;;
5584 *)
5585 case $ac_cv_c_inline in
5586 no) ac_val=;;
5587 *) ac_val=$ac_cv_c_inline;;
5588 esac
5589 cat >>confdefs.h <<_ACEOF
5590#ifndef __cplusplus
5591#define inline $ac_val
5592#endif
5593_ACEOF
5594 ;;
5595esac
5596
5597
5598ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
5599"
5600if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
5601 have_llong_max=1
5602fi
5603
5604ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" "
5605 #include <sys/types.h>
5606 #include <sys/param.h>
5607 #include <dev/systrace.h>
5608
5609"
5610if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then :
5611 have_systr_policy_kill=1
5612fi
5613
5614ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" "
5615 #include <sys/types.h>
5616 #include <sys/resource.h>
5617
5618"
5619if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then :
5620
5621$as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h
5622
5623fi
5624
5625ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" "
5626 #include <sys/types.h>
5627 #include <linux/prctl.h>
5628
5629"
5630if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then :
5631 have_linux_no_new_privs=1
5632fi
5633
5634
5635openssl=yes
5636ssh1=no
5637COMMENT_OUT_RSA1="#no ssh1#"
5638
5639# Check whether --with-openssl was given.
5640if test "${with_openssl+set}" = set; then :
5641 withval=$with_openssl; if test "x$withval" = "xno" ; then
5642 openssl=no
5643 ssh1=no
5644 fi
5645
5646
5647fi
5648
5649{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL will be used for cryptography" >&5
5650$as_echo_n "checking whether OpenSSL will be used for cryptography... " >&6; }
5651if test "x$openssl" = "xyes" ; then
5652 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5653$as_echo "yes" >&6; }
5654
5655cat >>confdefs.h <<_ACEOF
5656#define WITH_OPENSSL 1
5657_ACEOF
5658
5659else
5660 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5661$as_echo "no" >&6; }
5662fi
5663
5664
5665# Check whether --with-ssh1 was given.
5666if test "${with_ssh1+set}" = set; then :
5667 withval=$with_ssh1;
5668 if test "x$withval" = "xyes" ; then
5669 if test "x$openssl" = "xno" ; then
5670 as_fn_error $? "Cannot enable SSH protocol 1 with OpenSSL disabled" "$LINENO" 5
5671 fi
5672 ssh1=yes
5673 COMMENT_OUT_RSA1=""
5674 elif test "x$withval" = "xno" ; then
5675 ssh1=no
5676 else
5677 as_fn_error $? "unknown --with-ssh1 argument" "$LINENO" 5
5678 fi
5679
5680
5681fi
5682
5683{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SSH protocol 1 support is enabled" >&5
5684$as_echo_n "checking whether SSH protocol 1 support is enabled... " >&6; }
5685if test "x$ssh1" = "xyes" ; then
5686 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5687$as_echo "yes" >&6; }
5688
5689cat >>confdefs.h <<_ACEOF
5690#define WITH_SSH1 1
5691_ACEOF
5692
5693
5694else
5695 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5696$as_echo "no" >&6; }
5697fi
5698
5699use_stack_protector=1
5700use_toolchain_hardening=1
5701
5702# Check whether --with-stackprotect was given.
5703if test "${with_stackprotect+set}" = set; then :
5704 withval=$with_stackprotect;
5705 if test "x$withval" = "xno"; then
5706 use_stack_protector=0
5707 fi
5708fi
5709
5710
5711# Check whether --with-hardening was given.
5712if test "${with_hardening+set}" = set; then :
5713 withval=$with_hardening;
5714 if test "x$withval" = "xno"; then
5715 use_toolchain_hardening=0
5716 fi
5717fi
5718
5719
5720# We use -Werror for the tests only so that we catch warnings like "this is
5721# on by default" for things like -fPIE.
5722{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5
5723$as_echo_n "checking if $CC supports -Werror... " >&6; }
5724saved_CFLAGS="$CFLAGS"
5725CFLAGS="$CFLAGS -Werror"
5726cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5727/* end confdefs.h. */
5728int main(void) { return 0; }
5729_ACEOF
5730if ac_fn_c_try_compile "$LINENO"; then :
5731 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5732$as_echo "yes" >&6; }
5733 WERROR="-Werror"
5734else
5735 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5736$as_echo "no" >&6; }
5737 WERROR=""
5738
5739fi
5740rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5741CFLAGS="$saved_CFLAGS"
5742
5743if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
5744 {
5745 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5
5746$as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; }
5747 saved_CFLAGS="$CFLAGS"
5748 CFLAGS="$CFLAGS $WERROR -Qunused-arguments"
5749 _define_flag=""
5750 test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments"
5751 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5752/* end confdefs.h. */
5753
5754#include <stdlib.h>
5755#include <stdio.h>
5756int main(int argc, char **argv) {
5757 /* Some math to catch -ftrapv problems in the toolchain */
5758 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5759 float l = i * 2.1;
5760 double m = l / 0.5;
5761 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5762 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5763 exit(0);
5764}
5765
5766_ACEOF
5767if ac_fn_c_try_compile "$LINENO"; then :
5768
5769if `grep -i "unrecognized option" conftest.err >/dev/null`
5770then
5771 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5772$as_echo "no" >&6; }
5773 CFLAGS="$saved_CFLAGS"
5774else
5775 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5776$as_echo "yes" >&6; }
5777 CFLAGS="$saved_CFLAGS $_define_flag"
5778fi
5779else
5780 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5781$as_echo "no" >&6; }
5782 CFLAGS="$saved_CFLAGS"
5783
5784fi
5785rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5786}
5787 {
5788 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5
5789$as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; }
5790 saved_CFLAGS="$CFLAGS"
5791 CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option"
5792 _define_flag=""
5793 test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option"
5794 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5795/* end confdefs.h. */
5796
5797#include <stdlib.h>
5798#include <stdio.h>
5799int main(int argc, char **argv) {
5800 /* Some math to catch -ftrapv problems in the toolchain */
5801 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5802 float l = i * 2.1;
5803 double m = l / 0.5;
5804 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5805 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5806 exit(0);
5807}
5808
5809_ACEOF
5810if ac_fn_c_try_compile "$LINENO"; then :
5811
5812if `grep -i "unrecognized option" conftest.err >/dev/null`
5813then
5814 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5815$as_echo "no" >&6; }
5816 CFLAGS="$saved_CFLAGS"
5817else
5818 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5819$as_echo "yes" >&6; }
5820 CFLAGS="$saved_CFLAGS $_define_flag"
5821fi
5822else
5823 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5824$as_echo "no" >&6; }
5825 CFLAGS="$saved_CFLAGS"
5826
5827fi
5828rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5829}
5830 {
5831 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5
5832$as_echo_n "checking if $CC supports compile flag -Wall... " >&6; }
5833 saved_CFLAGS="$CFLAGS"
5834 CFLAGS="$CFLAGS $WERROR -Wall"
5835 _define_flag=""
5836 test "x$_define_flag" = "x" && _define_flag="-Wall"
5837 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5838/* end confdefs.h. */
5839
5840#include <stdlib.h>
5841#include <stdio.h>
5842int main(int argc, char **argv) {
5843 /* Some math to catch -ftrapv problems in the toolchain */
5844 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5845 float l = i * 2.1;
5846 double m = l / 0.5;
5847 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5848 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5849 exit(0);
5850}
5851
5852_ACEOF
5853if ac_fn_c_try_compile "$LINENO"; then :
5854
5855if `grep -i "unrecognized option" conftest.err >/dev/null`
5856then
5857 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5858$as_echo "no" >&6; }
5859 CFLAGS="$saved_CFLAGS"
5860else
5861 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5862$as_echo "yes" >&6; }
5863 CFLAGS="$saved_CFLAGS $_define_flag"
5864fi
5865else
5866 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5867$as_echo "no" >&6; }
5868 CFLAGS="$saved_CFLAGS"
5869
5870fi
5871rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5872}
5873 {
5874 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5
5875$as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; }
5876 saved_CFLAGS="$CFLAGS"
5877 CFLAGS="$CFLAGS $WERROR -Wpointer-arith"
5878 _define_flag=""
5879 test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith"
5880 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5881/* end confdefs.h. */
5882
5883#include <stdlib.h>
5884#include <stdio.h>
5885int main(int argc, char **argv) {
5886 /* Some math to catch -ftrapv problems in the toolchain */
5887 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5888 float l = i * 2.1;
5889 double m = l / 0.5;
5890 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5891 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5892 exit(0);
5893}
5894
5895_ACEOF
5896if ac_fn_c_try_compile "$LINENO"; then :
5897
5898if `grep -i "unrecognized option" conftest.err >/dev/null`
5899then
5900 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5901$as_echo "no" >&6; }
5902 CFLAGS="$saved_CFLAGS"
5903else
5904 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5905$as_echo "yes" >&6; }
5906 CFLAGS="$saved_CFLAGS $_define_flag"
5907fi
5908else
5909 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5910$as_echo "no" >&6; }
5911 CFLAGS="$saved_CFLAGS"
5912
5913fi
5914rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5915}
5916 {
5917 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5
5918$as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; }
5919 saved_CFLAGS="$CFLAGS"
5920 CFLAGS="$CFLAGS $WERROR -Wuninitialized"
5921 _define_flag=""
5922 test "x$_define_flag" = "x" && _define_flag="-Wuninitialized"
5923 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5924/* end confdefs.h. */
5925
5926#include <stdlib.h>
5927#include <stdio.h>
5928int main(int argc, char **argv) {
5929 /* Some math to catch -ftrapv problems in the toolchain */
5930 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5931 float l = i * 2.1;
5932 double m = l / 0.5;
5933 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5934 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5935 exit(0);
5936}
5937
5938_ACEOF
5939if ac_fn_c_try_compile "$LINENO"; then :
5940
5941if `grep -i "unrecognized option" conftest.err >/dev/null`
5942then
5943 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5944$as_echo "no" >&6; }
5945 CFLAGS="$saved_CFLAGS"
5946else
5947 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5948$as_echo "yes" >&6; }
5949 CFLAGS="$saved_CFLAGS $_define_flag"
5950fi
5951else
5952 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5953$as_echo "no" >&6; }
5954 CFLAGS="$saved_CFLAGS"
5955
5956fi
5957rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5958}
5959 {
5960 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5
5961$as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; }
5962 saved_CFLAGS="$CFLAGS"
5963 CFLAGS="$CFLAGS $WERROR -Wsign-compare"
5964 _define_flag=""
5965 test "x$_define_flag" = "x" && _define_flag="-Wsign-compare"
5966 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5967/* end confdefs.h. */
5968
5969#include <stdlib.h>
5970#include <stdio.h>
5971int main(int argc, char **argv) {
5972 /* Some math to catch -ftrapv problems in the toolchain */
5973 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5974 float l = i * 2.1;
5975 double m = l / 0.5;
5976 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5977 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5978 exit(0);
5979}
5980
5981_ACEOF
5982if ac_fn_c_try_compile "$LINENO"; then :
5983
5984if `grep -i "unrecognized option" conftest.err >/dev/null`
5985then
5986 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5987$as_echo "no" >&6; }
5988 CFLAGS="$saved_CFLAGS"
5989else
5990 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5991$as_echo "yes" >&6; }
5992 CFLAGS="$saved_CFLAGS $_define_flag"
5993fi
5994else
5995 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5996$as_echo "no" >&6; }
5997 CFLAGS="$saved_CFLAGS"
5998
5999fi
6000rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6001}
6002 {
6003 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5
6004$as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; }
6005 saved_CFLAGS="$CFLAGS"
6006 CFLAGS="$CFLAGS $WERROR -Wformat-security"
6007 _define_flag=""
6008 test "x$_define_flag" = "x" && _define_flag="-Wformat-security"
6009 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6010/* end confdefs.h. */
6011
6012#include <stdlib.h>
6013#include <stdio.h>
6014int main(int argc, char **argv) {
6015 /* Some math to catch -ftrapv problems in the toolchain */
6016 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6017 float l = i * 2.1;
6018 double m = l / 0.5;
6019 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6020 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6021 exit(0);
6022}
6023
6024_ACEOF
6025if ac_fn_c_try_compile "$LINENO"; then :
6026
6027if `grep -i "unrecognized option" conftest.err >/dev/null`
6028then
6029 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6030$as_echo "no" >&6; }
6031 CFLAGS="$saved_CFLAGS"
6032else
6033 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6034$as_echo "yes" >&6; }
6035 CFLAGS="$saved_CFLAGS $_define_flag"
6036fi
6037else
6038 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6039$as_echo "no" >&6; }
6040 CFLAGS="$saved_CFLAGS"
6041
6042fi
6043rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6044}
6045 {
6046 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5
6047$as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; }
6048 saved_CFLAGS="$CFLAGS"
6049 CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess"
6050 _define_flag=""
6051 test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess"
6052 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6053/* end confdefs.h. */
6054
6055#include <stdlib.h>
6056#include <stdio.h>
6057int main(int argc, char **argv) {
6058 /* Some math to catch -ftrapv problems in the toolchain */
6059 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6060 float l = i * 2.1;
6061 double m = l / 0.5;
6062 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6063 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6064 exit(0);
6065}
6066
6067_ACEOF
6068if ac_fn_c_try_compile "$LINENO"; then :
6069
6070if `grep -i "unrecognized option" conftest.err >/dev/null`
6071then
6072 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6073$as_echo "no" >&6; }
6074 CFLAGS="$saved_CFLAGS"
6075else
6076 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6077$as_echo "yes" >&6; }
6078 CFLAGS="$saved_CFLAGS $_define_flag"
6079fi
6080else
6081 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6082$as_echo "no" >&6; }
6083 CFLAGS="$saved_CFLAGS"
6084
6085fi
6086rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6087}
6088 {
6089 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5
6090$as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; }
6091 saved_CFLAGS="$CFLAGS"
6092 CFLAGS="$CFLAGS $WERROR -Wpointer-sign"
6093 _define_flag="-Wno-pointer-sign"
6094 test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign"
6095 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6096/* end confdefs.h. */
6097
6098#include <stdlib.h>
6099#include <stdio.h>
6100int main(int argc, char **argv) {
6101 /* Some math to catch -ftrapv problems in the toolchain */
6102 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6103 float l = i * 2.1;
6104 double m = l / 0.5;
6105 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6106 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6107 exit(0);
6108}
6109
6110_ACEOF
6111if ac_fn_c_try_compile "$LINENO"; then :
6112
6113if `grep -i "unrecognized option" conftest.err >/dev/null`
6114then
6115 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6116$as_echo "no" >&6; }
6117 CFLAGS="$saved_CFLAGS"
6118else
6119 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6120$as_echo "yes" >&6; }
6121 CFLAGS="$saved_CFLAGS $_define_flag"
6122fi
6123else
6124 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6125$as_echo "no" >&6; }
6126 CFLAGS="$saved_CFLAGS"
6127
6128fi
6129rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6130}
6131 {
6132 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5
6133$as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; }
6134 saved_CFLAGS="$CFLAGS"
6135 CFLAGS="$CFLAGS $WERROR -Wunused-result"
6136 _define_flag="-Wno-unused-result"
6137 test "x$_define_flag" = "x" && _define_flag="-Wunused-result"
6138 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6139/* end confdefs.h. */
6140
6141#include <stdlib.h>
6142#include <stdio.h>
6143int main(int argc, char **argv) {
6144 /* Some math to catch -ftrapv problems in the toolchain */
6145 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6146 float l = i * 2.1;
6147 double m = l / 0.5;
6148 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6149 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6150 exit(0);
6151}
6152
6153_ACEOF
6154if ac_fn_c_try_compile "$LINENO"; then :
6155
6156if `grep -i "unrecognized option" conftest.err >/dev/null`
6157then
6158 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6159$as_echo "no" >&6; }
6160 CFLAGS="$saved_CFLAGS"
6161else
6162 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6163$as_echo "yes" >&6; }
6164 CFLAGS="$saved_CFLAGS $_define_flag"
6165fi
6166else
6167 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6168$as_echo "no" >&6; }
6169 CFLAGS="$saved_CFLAGS"
6170
6171fi
6172rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6173}
6174 {
6175 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5
6176$as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; }
6177 saved_CFLAGS="$CFLAGS"
6178 CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing"
6179 _define_flag=""
6180 test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing"
6181 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6182/* end confdefs.h. */
6183
6184#include <stdlib.h>
6185#include <stdio.h>
6186int main(int argc, char **argv) {
6187 /* Some math to catch -ftrapv problems in the toolchain */
6188 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6189 float l = i * 2.1;
6190 double m = l / 0.5;
6191 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6192 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6193 exit(0);
6194}
6195
6196_ACEOF
6197if ac_fn_c_try_compile "$LINENO"; then :
6198
6199if `grep -i "unrecognized option" conftest.err >/dev/null`
6200then
6201 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6202$as_echo "no" >&6; }
6203 CFLAGS="$saved_CFLAGS"
6204else
6205 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6206$as_echo "yes" >&6; }
6207 CFLAGS="$saved_CFLAGS $_define_flag"
6208fi
6209else
6210 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6211$as_echo "no" >&6; }
6212 CFLAGS="$saved_CFLAGS"
6213
6214fi
6215rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6216}
6217 {
6218 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5
6219$as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; }
6220 saved_CFLAGS="$CFLAGS"
6221 CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2"
6222 _define_flag=""
6223 test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2"
6224 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6225/* end confdefs.h. */
6226
6227#include <stdlib.h>
6228#include <stdio.h>
6229int main(int argc, char **argv) {
6230 /* Some math to catch -ftrapv problems in the toolchain */
6231 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6232 float l = i * 2.1;
6233 double m = l / 0.5;
6234 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6235 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6236 exit(0);
6237}
6238
6239_ACEOF
6240if ac_fn_c_try_compile "$LINENO"; then :
6241
6242if `grep -i "unrecognized option" conftest.err >/dev/null`
6243then
6244 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6245$as_echo "no" >&6; }
6246 CFLAGS="$saved_CFLAGS"
6247else
6248 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6249$as_echo "yes" >&6; }
6250 CFLAGS="$saved_CFLAGS $_define_flag"
6251fi
6252else
6253 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6254$as_echo "no" >&6; }
6255 CFLAGS="$saved_CFLAGS"
6256
6257fi
6258rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6259}
6260 if test "x$use_toolchain_hardening" = "x1"; then
6261 {
6262 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5
6263$as_echo_n "checking if $LD supports link flag -Wl,-z,relro... " >&6; }
6264 saved_LDFLAGS="$LDFLAGS"
6265 LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro"
6266 _define_flag=""
6267 test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro"
6268 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6269/* end confdefs.h. */
6270
6271#include <stdlib.h>
6272#include <stdio.h>
6273int main(int argc, char **argv) {
6274 /* Some math to catch -ftrapv problems in the toolchain */
6275 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6276 float l = i * 2.1;
6277 double m = l / 0.5;
6278 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6279 long long p = n * o;
6280 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6281 exit(0);
6282}
6283
6284_ACEOF
6285if ac_fn_c_try_link "$LINENO"; then :
6286 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6287$as_echo "yes" >&6; }
6288 LDFLAGS="$saved_LDFLAGS $_define_flag"
6289else
6290 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6291$as_echo "no" >&6; }
6292 LDFLAGS="$saved_LDFLAGS"
6293
6294fi
6295rm -f core conftest.err conftest.$ac_objext \
6296 conftest$ac_exeext conftest.$ac_ext
6297}
6298 {
6299 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5
6300$as_echo_n "checking if $LD supports link flag -Wl,-z,now... " >&6; }
6301 saved_LDFLAGS="$LDFLAGS"
6302 LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now"
6303 _define_flag=""
6304 test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now"
6305 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6306/* end confdefs.h. */
6307
6308#include <stdlib.h>
6309#include <stdio.h>
6310int main(int argc, char **argv) {
6311 /* Some math to catch -ftrapv problems in the toolchain */
6312 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6313 float l = i * 2.1;
6314 double m = l / 0.5;
6315 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6316 long long p = n * o;
6317 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6318 exit(0);
6319}
6320
6321_ACEOF
6322if ac_fn_c_try_link "$LINENO"; then :
6323 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6324$as_echo "yes" >&6; }
6325 LDFLAGS="$saved_LDFLAGS $_define_flag"
6326else
6327 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6328$as_echo "no" >&6; }
6329 LDFLAGS="$saved_LDFLAGS"
6330
6331fi
6332rm -f core conftest.err conftest.$ac_objext \
6333 conftest$ac_exeext conftest.$ac_ext
6334}
6335 {
6336 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5
6337$as_echo_n "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; }
6338 saved_LDFLAGS="$LDFLAGS"
6339 LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack"
6340 _define_flag=""
6341 test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack"
6342 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6343/* end confdefs.h. */
6344
6345#include <stdlib.h>
6346#include <stdio.h>
6347int main(int argc, char **argv) {
6348 /* Some math to catch -ftrapv problems in the toolchain */
6349 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6350 float l = i * 2.1;
6351 double m = l / 0.5;
6352 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6353 long long p = n * o;
6354 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6355 exit(0);
6356}
6357
6358_ACEOF
6359if ac_fn_c_try_link "$LINENO"; then :
6360 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6361$as_echo "yes" >&6; }
6362 LDFLAGS="$saved_LDFLAGS $_define_flag"
6363else
6364 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6365$as_echo "no" >&6; }
6366 LDFLAGS="$saved_LDFLAGS"
6367
6368fi
6369rm -f core conftest.err conftest.$ac_objext \
6370 conftest$ac_exeext conftest.$ac_ext
6371}
6372 # NB. -ftrapv expects certain support functions to be present in
6373 # the compiler library (libgcc or similar) to detect integer operations
6374 # that can overflow. We must check that the result of enabling it
6375 # actually links. The test program compiled/linked includes a number
6376 # of integer operations that should exercise this.
6377 {
6378 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5
6379$as_echo_n "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; }
6380 saved_CFLAGS="$CFLAGS"
6381 CFLAGS="$CFLAGS $WERROR -ftrapv"
6382 _define_flag=""
6383 test "x$_define_flag" = "x" && _define_flag="-ftrapv"
6384 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6385/* end confdefs.h. */
6386
6387#include <stdlib.h>
6388#include <stdio.h>
6389int main(int argc, char **argv) {
6390 /* Some math to catch -ftrapv problems in the toolchain */
6391 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6392 float l = i * 2.1;
6393 double m = l / 0.5;
6394 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6395 long long int p = n * o;
6396 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6397 exit(0);
6398}
6399
6400_ACEOF
6401if ac_fn_c_try_link "$LINENO"; then :
6402
6403if `grep -i "unrecognized option" conftest.err >/dev/null`
6404then
6405 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6406$as_echo "no" >&6; }
6407 CFLAGS="$saved_CFLAGS"
6408else
6409 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6410$as_echo "yes" >&6; }
6411 CFLAGS="$saved_CFLAGS $_define_flag"
6412fi
6413else
6414 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6415$as_echo "no" >&6; }
6416 CFLAGS="$saved_CFLAGS"
6417
6418fi
6419rm -f core conftest.err conftest.$ac_objext \
6420 conftest$ac_exeext conftest.$ac_ext
6421}
6422 fi
6423 { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5
6424$as_echo_n "checking gcc version... " >&6; }
6425 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
6426 case $GCC_VER in
6427 1.*) no_attrib_nonnull=1 ;;
6428 2.8* | 2.9*)
6429 no_attrib_nonnull=1
6430 ;;
6431 2.*) no_attrib_nonnull=1 ;;
6432 *) ;;
6433 esac
6434 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5
6435$as_echo "$GCC_VER" >&6; }
6436
6437 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5
6438$as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; }
6439 saved_CFLAGS="$CFLAGS"
6440 CFLAGS="$CFLAGS -fno-builtin-memset"
6441 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6442/* end confdefs.h. */
6443 #include <string.h>
6444int
6445main ()
6446{
6447 char b[10]; memset(b, 0, sizeof(b));
6448 ;
6449 return 0;
6450}
6451_ACEOF
6452if ac_fn_c_try_link "$LINENO"; then :
6453 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6454$as_echo "yes" >&6; }
6455else
6456 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6457$as_echo "no" >&6; }
6458 CFLAGS="$saved_CFLAGS"
6459
6460fi
6461rm -f core conftest.err conftest.$ac_objext \
6462 conftest$ac_exeext conftest.$ac_ext
6463
6464 # -fstack-protector-all doesn't always work for some GCC versions
6465 # and/or platforms, so we test if we can. If it's not supported
6466 # on a given platform gcc will emit a warning so we use -Werror.
6467 if test "x$use_stack_protector" = "x1"; then
6468 for t in -fstack-protector-strong -fstack-protector-all \
6469 -fstack-protector; do
6470 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5
6471$as_echo_n "checking if $CC supports $t... " >&6; }
6472 saved_CFLAGS="$CFLAGS"
6473 saved_LDFLAGS="$LDFLAGS"
6474 CFLAGS="$CFLAGS $t -Werror"
6475 LDFLAGS="$LDFLAGS $t -Werror"
6476 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6477/* end confdefs.h. */
6478 #include <stdio.h>
6479int
6480main ()
6481{
6482
6483 char x[256];
6484 snprintf(x, sizeof(x), "XXX");
6485
6486 ;
6487 return 0;
6488}
6489_ACEOF
6490if ac_fn_c_try_link "$LINENO"; then :
6491 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6492$as_echo "yes" >&6; }
6493 CFLAGS="$saved_CFLAGS $t"
6494 LDFLAGS="$saved_LDFLAGS $t"
6495 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5
6496$as_echo_n "checking if $t works... " >&6; }
6497 if test "$cross_compiling" = yes; then :
6498 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5
6499$as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;}
6500 break
6501
6502else
6503 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6504/* end confdefs.h. */
6505 #include <stdio.h>
6506int
6507main ()
6508{
6509
6510 char x[256];
6511 snprintf(x, sizeof(x), "XXX");
6512
6513 ;
6514 return 0;
6515}
6516_ACEOF
6517if ac_fn_c_try_run "$LINENO"; then :
6518 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6519$as_echo "yes" >&6; }
6520 break
6521else
6522 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6523$as_echo "no" >&6; }
6524fi
6525rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
6526 conftest.$ac_objext conftest.beam conftest.$ac_ext
6527fi
6528
6529
6530else
6531 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6532$as_echo "no" >&6; }
6533
6534fi
6535rm -f core conftest.err conftest.$ac_objext \
6536 conftest$ac_exeext conftest.$ac_ext
6537 CFLAGS="$saved_CFLAGS"
6538 LDFLAGS="$saved_LDFLAGS"
6539 done
6540 fi
6541
6542 if test -z "$have_llong_max"; then
6543 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
6544 unset ac_cv_have_decl_LLONG_MAX
6545 saved_CFLAGS="$CFLAGS"
6546 CFLAGS="$CFLAGS -std=gnu99"
6547 ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
6548
6549"
6550if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
6551 have_llong_max=1
6552else
6553 CFLAGS="$saved_CFLAGS"
6554fi
6555
6556 fi
6557fi
6558
6559{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5
6560$as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; }
6561cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6562/* end confdefs.h. */
6563
6564#include <stdlib.h>
6565__attribute__((__unused__)) static void foo(void){return;}
6566int
6567main ()
6568{
6569 exit(0);
6570 ;
6571 return 0;
6572}
6573_ACEOF
6574if ac_fn_c_try_compile "$LINENO"; then :
6575 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6576$as_echo "yes" >&6; }
6577else
6578 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6579$as_echo "no" >&6; }
6580
6581$as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h
6582
6583
6584fi
6585rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6586
6587if test "x$no_attrib_nonnull" != "x1" ; then
6588
6589$as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h
6590
6591fi
6592
6593
6594# Check whether --with-rpath was given.
6595if test "${with_rpath+set}" = set; then :
6596 withval=$with_rpath;
6597 if test "x$withval" = "xno" ; then
6598 need_dash_r=""
6599 fi
6600 if test "x$withval" = "xyes" ; then
6601 need_dash_r=1
6602 fi
6603
6604
6605fi
6606
6607
6608# Allow user to specify flags
6609
6610# Check whether --with-cflags was given.
6611if test "${with_cflags+set}" = set; then :
6612 withval=$with_cflags;
6613 if test -n "$withval" && test "x$withval" != "xno" && \
6614 test "x${withval}" != "xyes"; then
6615 CFLAGS="$CFLAGS $withval"
6616 fi
6617
6618
6619fi
6620
6621
6622# Check whether --with-cppflags was given.
6623if test "${with_cppflags+set}" = set; then :
6624 withval=$with_cppflags;
6625 if test -n "$withval" && test "x$withval" != "xno" && \
6626 test "x${withval}" != "xyes"; then
6627 CPPFLAGS="$CPPFLAGS $withval"
6628 fi
6629
6630
6631fi
6632
6633
6634# Check whether --with-ldflags was given.
6635if test "${with_ldflags+set}" = set; then :
6636 withval=$with_ldflags;
6637 if test -n "$withval" && test "x$withval" != "xno" && \
6638 test "x${withval}" != "xyes"; then
6639 LDFLAGS="$LDFLAGS $withval"
6640 fi
6641
6642
6643fi
6644
6645
6646# Check whether --with-libs was given.
6647if test "${with_libs+set}" = set; then :
6648 withval=$with_libs;
6649 if test -n "$withval" && test "x$withval" != "xno" && \
6650 test "x${withval}" != "xyes"; then
6651 LIBS="$LIBS $withval"
6652 fi
6653
6654
6655fi
6656
6657
6658# Check whether --with-Werror was given.
6659if test "${with_Werror+set}" = set; then :
6660 withval=$with_Werror;
6661 if test -n "$withval" && test "x$withval" != "xno"; then
6662 werror_flags="-Werror"
6663 if test "x${withval}" != "xyes"; then
6664 werror_flags="$withval"
6665 fi
6666 fi
6667
6668
6669fi
6670
6671
6672for ac_header in \
6673 blf.h \
6674 bstring.h \
6675 crypt.h \
6676 crypto/sha2.h \
6677 dirent.h \
6678 endian.h \
6679 elf.h \
6680 err.h \
6681 features.h \
6682 fcntl.h \
6683 floatingpoint.h \
6684 getopt.h \
6685 glob.h \
6686 ia.h \
6687 iaf.h \
6688 inttypes.h \
6689 langinfo.h \
6690 limits.h \
6691 locale.h \
6692 login.h \
6693 maillock.h \
6694 ndir.h \
6695 net/if_tun.h \
6696 netdb.h \
6697 netgroup.h \
6698 pam/pam_appl.h \
6699 paths.h \
6700 poll.h \
6701 pty.h \
6702 readpassphrase.h \
6703 rpc/types.h \
6704 security/pam_appl.h \
6705 sha2.h \
6706 shadow.h \
6707 stddef.h \
6708 stdint.h \
6709 string.h \
6710 strings.h \
6711 sys/audit.h \
6712 sys/bitypes.h \
6713 sys/bsdtty.h \
6714 sys/capability.h \
6715 sys/cdefs.h \
6716 sys/dir.h \
6717 sys/mman.h \
6718 sys/ndir.h \
6719 sys/poll.h \
6720 sys/prctl.h \
6721 sys/pstat.h \
6722 sys/ptrace.h \
6723 sys/select.h \
6724 sys/stat.h \
6725 sys/stream.h \
6726 sys/stropts.h \
6727 sys/strtio.h \
6728 sys/statvfs.h \
6729 sys/sysmacros.h \
6730 sys/time.h \
6731 sys/timers.h \
6732 time.h \
6733 tmpdir.h \
6734 ttyent.h \
6735 ucred.h \
6736 unistd.h \
6737 usersec.h \
6738 util.h \
6739 utime.h \
6740 utmp.h \
6741 utmpx.h \
6742 vis.h \
6743 wchar.h \
6744
6745do :
6746 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
6747ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
6748if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
6749 cat >>confdefs.h <<_ACEOF
6750#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
6751_ACEOF
6752
6753fi
6754
6755done
6756
6757
6758# lastlog.h requires sys/time.h to be included first on Solaris
6759for ac_header in lastlog.h
6760do :
6761 ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" "
6762#ifdef HAVE_SYS_TIME_H
6763# include <sys/time.h>
6764#endif
6765
6766"
6767if test "x$ac_cv_header_lastlog_h" = xyes; then :
6768 cat >>confdefs.h <<_ACEOF
6769#define HAVE_LASTLOG_H 1
6770_ACEOF
6771
6772fi
6773
6774done
6775
6776
6777# sys/ptms.h requires sys/stream.h to be included first on Solaris
6778for ac_header in sys/ptms.h
6779do :
6780 ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" "
6781#ifdef HAVE_SYS_STREAM_H
6782# include <sys/stream.h>
6783#endif
6784
6785"
6786if test "x$ac_cv_header_sys_ptms_h" = xyes; then :
6787 cat >>confdefs.h <<_ACEOF
6788#define HAVE_SYS_PTMS_H 1
6789_ACEOF
6790
6791fi
6792
6793done
6794
6795
6796# login_cap.h requires sys/types.h on NetBSD
6797for ac_header in login_cap.h
6798do :
6799 ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "
6800#include <sys/types.h>
6801
6802"
6803if test "x$ac_cv_header_login_cap_h" = xyes; then :
6804 cat >>confdefs.h <<_ACEOF
6805#define HAVE_LOGIN_CAP_H 1
6806_ACEOF
6807
6808fi
6809
6810done
6811
6812
6813# older BSDs need sys/param.h before sys/mount.h
6814for ac_header in sys/mount.h
6815do :
6816 ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" "
6817#include <sys/param.h>
6818
6819"
6820if test "x$ac_cv_header_sys_mount_h" = xyes; then :
6821 cat >>confdefs.h <<_ACEOF
6822#define HAVE_SYS_MOUNT_H 1
6823_ACEOF
6824
6825fi
6826
6827done
6828
6829
6830# Android requires sys/socket.h to be included before sys/un.h
6831for ac_header in sys/un.h
6832do :
6833 ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" "
6834#include <sys/types.h>
6835#include <sys/socket.h>
6836
6837"
6838if test "x$ac_cv_header_sys_un_h" = xyes; then :
6839 cat >>confdefs.h <<_ACEOF
6840#define HAVE_SYS_UN_H 1
6841_ACEOF
6842
6843fi
6844
6845done
6846
6847
6848# Messages for features tested for in target-specific section
6849SIA_MSG="no"
6850SPC_MSG="no"
6851SP_MSG="no"
6852SPP_MSG="no"
6853
6854# Support for Solaris/Illumos privileges (this test is used by both
6855# the --with-solaris-privs option and --with-sandbox=solaris).
6856SOLARIS_PRIVS="no"
6857
6858# Check for some target-specific stuff
6859case "$host" in
6860*-*-aix*)
6861 # Some versions of VAC won't allow macro redefinitions at
6862 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
6863 # particularly with older versions of vac or xlc.
6864 # It also throws errors about null macro argments, but these are
6865 # not fatal.
6866 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5
6867$as_echo_n "checking if compiler allows macro redefinitions... " >&6; }
6868 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6869/* end confdefs.h. */
6870
6871#define testmacro foo
6872#define testmacro bar
6873int
6874main ()
6875{
6876 exit(0);
6877 ;
6878 return 0;
6879}
6880_ACEOF
6881if ac_fn_c_try_compile "$LINENO"; then :
6882 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6883$as_echo "yes" >&6; }
6884else
6885 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6886$as_echo "no" >&6; }
6887 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
6888 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
6889 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
6890 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
6891
6892
6893fi
6894rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6895
6896 { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5
6897$as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; }
6898 if (test -z "$blibpath"); then
6899 blibpath="/usr/lib:/lib"
6900 fi
6901 saved_LDFLAGS="$LDFLAGS"
6902 if test "$GCC" = "yes"; then
6903 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
6904 else
6905 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
6906 fi
6907 for tryflags in $flags ;do
6908 if (test -z "$blibflags"); then
6909 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
6910 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6911/* end confdefs.h. */
6912
6913int
6914main ()
6915{
6916
6917 ;
6918 return 0;
6919}
6920_ACEOF
6921if ac_fn_c_try_link "$LINENO"; then :
6922 blibflags=$tryflags
6923fi
6924rm -f core conftest.err conftest.$ac_objext \
6925 conftest$ac_exeext conftest.$ac_ext
6926 fi
6927 done
6928 if (test -z "$blibflags"); then
6929 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
6930$as_echo "not found" >&6; }
6931 as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5
6932 else
6933 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5
6934$as_echo "$blibflags" >&6; }
6935 fi
6936 LDFLAGS="$saved_LDFLAGS"
6937 ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate"
6938if test "x$ac_cv_func_authenticate" = xyes; then :
6939
6940$as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
6941
6942else
6943 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5
6944$as_echo_n "checking for authenticate in -ls... " >&6; }
6945if ${ac_cv_lib_s_authenticate+:} false; then :
6946 $as_echo_n "(cached) " >&6
6947else
6948 ac_check_lib_save_LIBS=$LIBS
6949LIBS="-ls $LIBS"
6950cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6951/* end confdefs.h. */
6952
6953/* Override any GCC internal prototype to avoid an error.
6954 Use char because int might match the return type of a GCC
6955 builtin and then its argument prototype would still apply. */
6956#ifdef __cplusplus
6957extern "C"
6958#endif
6959char authenticate ();
6960int
6961main ()
6962{
6963return authenticate ();
6964 ;
6965 return 0;
6966}
6967_ACEOF
6968if ac_fn_c_try_link "$LINENO"; then :
6969 ac_cv_lib_s_authenticate=yes
6970else
6971 ac_cv_lib_s_authenticate=no
6972fi
6973rm -f core conftest.err conftest.$ac_objext \
6974 conftest$ac_exeext conftest.$ac_ext
6975LIBS=$ac_check_lib_save_LIBS
6976fi
6977{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5
6978$as_echo "$ac_cv_lib_s_authenticate" >&6; }
6979if test "x$ac_cv_lib_s_authenticate" = xyes; then :
6980 $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
6981
6982 LIBS="$LIBS -ls"
6983
6984fi
6985
6986
6987fi
6988
6989 ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h>
6990"
6991if test "x$ac_cv_have_decl_authenticate" = xyes; then :
6992 ac_have_decl=1
6993else
6994 ac_have_decl=0
6995fi
6996
6997cat >>confdefs.h <<_ACEOF
6998#define HAVE_DECL_AUTHENTICATE $ac_have_decl
6999_ACEOF
7000ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h>
7001"
7002if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then :
7003 ac_have_decl=1
7004else
7005 ac_have_decl=0
7006fi
7007
7008cat >>confdefs.h <<_ACEOF
7009#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl
7010_ACEOF
7011ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h>
7012"
7013if test "x$ac_cv_have_decl_loginsuccess" = xyes; then :
7014 ac_have_decl=1
7015else
7016 ac_have_decl=0
7017fi
7018
7019cat >>confdefs.h <<_ACEOF
7020#define HAVE_DECL_LOGINSUCCESS $ac_have_decl
7021_ACEOF
7022ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h>
7023"
7024if test "x$ac_cv_have_decl_passwdexpired" = xyes; then :
7025 ac_have_decl=1
7026else
7027 ac_have_decl=0
7028fi
7029
7030cat >>confdefs.h <<_ACEOF
7031#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl
7032_ACEOF
7033ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h>
7034"
7035if test "x$ac_cv_have_decl_setauthdb" = xyes; then :
7036 ac_have_decl=1
7037else
7038 ac_have_decl=0
7039fi
7040
7041cat >>confdefs.h <<_ACEOF
7042#define HAVE_DECL_SETAUTHDB $ac_have_decl
7043_ACEOF
7044
7045 ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h>
7046
7047"
7048if test "x$ac_cv_have_decl_loginfailed" = xyes; then :
7049 ac_have_decl=1
7050else
7051 ac_have_decl=0
7052fi
7053
7054cat >>confdefs.h <<_ACEOF
7055#define HAVE_DECL_LOGINFAILED $ac_have_decl
7056_ACEOF
7057if test $ac_have_decl = 1; then :
7058 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5
7059$as_echo_n "checking if loginfailed takes 4 arguments... " >&6; }
7060 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7061/* end confdefs.h. */
7062 #include <usersec.h>
7063int
7064main ()
7065{
7066 (void)loginfailed("user","host","tty",0);
7067 ;
7068 return 0;
7069}
7070_ACEOF
7071if ac_fn_c_try_compile "$LINENO"; then :
7072 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7073$as_echo "yes" >&6; }
7074
7075$as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h
7076
7077else
7078 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7079$as_echo "no" >&6; }
7080
7081fi
7082rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
7083fi
7084
7085 for ac_func in getgrset setauthdb
7086do :
7087 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
7088ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
7089if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
7090 cat >>confdefs.h <<_ACEOF
7091#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
7092_ACEOF
7093
7094fi
7095done
7096
7097 ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h>
7098 #include <fcntl.h>
7099
7100"
7101if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then :
7102
7103$as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h
7104
7105fi
7106
7107 check_for_aix_broken_getaddrinfo=1
7108
7109$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
7110
7111
7112$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7113
7114
7115$as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7116
7117
7118$as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7119
7120
7121$as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
7122
7123
7124$as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
7125
7126
7127$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7128
7129
7130$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
7131
7132
7133$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h
7134
7135
7136$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
7137
7138 ;;
7139*-*-android*)
7140
7141$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
7142
7143
7144$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
7145
7146 ;;
7147*-*-cygwin*)
7148 check_for_libcrypt_later=1
7149 LIBS="$LIBS /usr/lib/textreadmode.o"
7150
7151$as_echo "#define HAVE_CYGWIN 1" >>confdefs.h
7152
7153
7154$as_echo "#define USE_PIPES 1" >>confdefs.h
7155
7156
7157$as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h
7158
7159
7160$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
7161
7162
7163$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
7164
7165
7166$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
7167
7168
7169$as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h
7170
7171
7172$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h
7173
7174 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
7175 # reasons which cause compile warnings, so we disable those warnings.
7176 {
7177 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5
7178$as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; }
7179 saved_CFLAGS="$CFLAGS"
7180 CFLAGS="$CFLAGS $WERROR -Wno-attributes"
7181 _define_flag=""
7182 test "x$_define_flag" = "x" && _define_flag="-Wno-attributes"
7183 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7184/* end confdefs.h. */
7185
7186#include <stdlib.h>
7187#include <stdio.h>
7188int main(int argc, char **argv) {
7189 /* Some math to catch -ftrapv problems in the toolchain */
7190 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
7191 float l = i * 2.1;
7192 double m = l / 0.5;
7193 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
7194 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
7195 exit(0);
7196}
7197
7198_ACEOF
7199if ac_fn_c_try_compile "$LINENO"; then :
7200
7201if `grep -i "unrecognized option" conftest.err >/dev/null`
7202then
7203 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7204$as_echo "no" >&6; }
7205 CFLAGS="$saved_CFLAGS"
7206else
7207 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7208$as_echo "yes" >&6; }
7209 CFLAGS="$saved_CFLAGS $_define_flag"
7210fi
7211else
7212 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7213$as_echo "no" >&6; }
7214 CFLAGS="$saved_CFLAGS"
7215
7216fi
7217rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
7218}
7219 ;;
7220*-*-dgux*)
7221
7222$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
7223
7224 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7225
7226 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7227
7228 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7229
7230 ;;
7231*-*-darwin*)
7232 use_pie=auto
7233 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5
7234$as_echo_n "checking if we have working getaddrinfo... " >&6; }
7235 if test "$cross_compiling" = yes; then :
7236 { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5
7237$as_echo "assume it is working" >&6; }
7238else
7239 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7240/* end confdefs.h. */
7241 #include <mach-o/dyld.h>
7242main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
7243 exit(0);
7244 else
7245 exit(1);
7246}
7247
7248_ACEOF
7249if ac_fn_c_try_run "$LINENO"; then :
7250 { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5
7251$as_echo "working" >&6; }
7252else
7253 { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5
7254$as_echo "buggy" >&6; }
7255
7256$as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
7257
7258
7259fi
7260rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
7261 conftest.$ac_objext conftest.beam conftest.$ac_ext
7262fi
7263
7264 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7265
7266 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7267
7268 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7269
7270
7271$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
7272
7273
7274cat >>confdefs.h <<_ACEOF
7275#define BIND_8_COMPAT 1
7276_ACEOF
7277
7278
7279$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
7280
7281
7282$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
7283
7284
7285$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
7286
7287
7288 ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default"
7289if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then :
7290
7291else
7292
7293$as_echo "#define AU_IPv4 0" >>confdefs.h
7294
7295 #include <bsm/audit.h>
7296
7297$as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h
7298
7299
7300fi
7301
7302
7303$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7304
7305 for ac_func in sandbox_init
7306do :
7307 ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init"
7308if test "x$ac_cv_func_sandbox_init" = xyes; then :
7309 cat >>confdefs.h <<_ACEOF
7310#define HAVE_SANDBOX_INIT 1
7311_ACEOF
7312
7313fi
7314done
7315
7316 for ac_header in sandbox.h
7317do :
7318 ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default"
7319if test "x$ac_cv_header_sandbox_h" = xyes; then :
7320 cat >>confdefs.h <<_ACEOF
7321#define HAVE_SANDBOX_H 1
7322_ACEOF
7323
7324fi
7325
7326done
7327
7328 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sandbox_apply in -lsandbox" >&5
7329$as_echo_n "checking for sandbox_apply in -lsandbox... " >&6; }
7330if ${ac_cv_lib_sandbox_sandbox_apply+:} false; then :
7331 $as_echo_n "(cached) " >&6
7332else
7333 ac_check_lib_save_LIBS=$LIBS
7334LIBS="-lsandbox $LIBS"
7335cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7336/* end confdefs.h. */
7337
7338/* Override any GCC internal prototype to avoid an error.
7339 Use char because int might match the return type of a GCC
7340 builtin and then its argument prototype would still apply. */
7341#ifdef __cplusplus
7342extern "C"
7343#endif
7344char sandbox_apply ();
7345int
7346main ()
7347{
7348return sandbox_apply ();
7349 ;
7350 return 0;
7351}
7352_ACEOF
7353if ac_fn_c_try_link "$LINENO"; then :
7354 ac_cv_lib_sandbox_sandbox_apply=yes
7355else
7356 ac_cv_lib_sandbox_sandbox_apply=no
7357fi
7358rm -f core conftest.err conftest.$ac_objext \
7359 conftest$ac_exeext conftest.$ac_ext
7360LIBS=$ac_check_lib_save_LIBS
7361fi
7362{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sandbox_sandbox_apply" >&5
7363$as_echo "$ac_cv_lib_sandbox_sandbox_apply" >&6; }
7364if test "x$ac_cv_lib_sandbox_sandbox_apply" = xyes; then :
7365
7366 SSHDLIBS="$SSHDLIBS -lsandbox"
7367
7368fi
7369
7370 ;;
7371*-*-dragonfly*)
7372 SSHDLIBS="$SSHDLIBS -lcrypt"
7373 TEST_MALLOC_OPTIONS="AFGJPRX"
7374 ;;
7375*-*-haiku*)
7376 LIBS="$LIBS -lbsd "
7377 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5
7378$as_echo_n "checking for socket in -lnetwork... " >&6; }
7379if ${ac_cv_lib_network_socket+:} false; then :
7380 $as_echo_n "(cached) " >&6
7381else
7382 ac_check_lib_save_LIBS=$LIBS
7383LIBS="-lnetwork $LIBS"
7384cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7385/* end confdefs.h. */
7386
7387/* Override any GCC internal prototype to avoid an error.
7388 Use char because int might match the return type of a GCC
7389 builtin and then its argument prototype would still apply. */
7390#ifdef __cplusplus
7391extern "C"
7392#endif
7393char socket ();
7394int
7395main ()
7396{
7397return socket ();
7398 ;
7399 return 0;
7400}
7401_ACEOF
7402if ac_fn_c_try_link "$LINENO"; then :
7403 ac_cv_lib_network_socket=yes
7404else
7405 ac_cv_lib_network_socket=no
7406fi
7407rm -f core conftest.err conftest.$ac_objext \
7408 conftest$ac_exeext conftest.$ac_ext
7409LIBS=$ac_check_lib_save_LIBS
7410fi
7411{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5
7412$as_echo "$ac_cv_lib_network_socket" >&6; }
7413if test "x$ac_cv_lib_network_socket" = xyes; then :
7414 cat >>confdefs.h <<_ACEOF
7415#define HAVE_LIBNETWORK 1
7416_ACEOF
7417
7418 LIBS="-lnetwork $LIBS"
7419
7420fi
7421
7422 $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
7423
7424 MANTYPE=man
7425 ;;
7426*-*-hpux*)
7427 # first we define all of the options common to all HP-UX releases
7428 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
7429 IPADDR_IN_DISPLAY=yes
7430 $as_echo "#define USE_PIPES 1" >>confdefs.h
7431
7432 $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
7433
7434
7435$as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h
7436
7437 $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h
7438
7439
7440$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
7441
7442 maildir="/var/mail"
7443 LIBS="$LIBS -lsec"
7444 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5
7445$as_echo_n "checking for t_error in -lxnet... " >&6; }
7446if ${ac_cv_lib_xnet_t_error+:} false; then :
7447 $as_echo_n "(cached) " >&6
7448else
7449 ac_check_lib_save_LIBS=$LIBS
7450LIBS="-lxnet $LIBS"
7451cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7452/* end confdefs.h. */
7453
7454/* Override any GCC internal prototype to avoid an error.
7455 Use char because int might match the return type of a GCC
7456 builtin and then its argument prototype would still apply. */
7457#ifdef __cplusplus
7458extern "C"
7459#endif
7460char t_error ();
7461int
7462main ()
7463{
7464return t_error ();
7465 ;
7466 return 0;
7467}
7468_ACEOF
7469if ac_fn_c_try_link "$LINENO"; then :
7470 ac_cv_lib_xnet_t_error=yes
7471else
7472 ac_cv_lib_xnet_t_error=no
7473fi
7474rm -f core conftest.err conftest.$ac_objext \
7475 conftest$ac_exeext conftest.$ac_ext
7476LIBS=$ac_check_lib_save_LIBS
7477fi
7478{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5
7479$as_echo "$ac_cv_lib_xnet_t_error" >&6; }
7480if test "x$ac_cv_lib_xnet_t_error" = xyes; then :
7481 cat >>confdefs.h <<_ACEOF
7482#define HAVE_LIBXNET 1
7483_ACEOF
7484
7485 LIBS="-lxnet $LIBS"
7486
7487else
7488 as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5
7489fi
7490
7491
7492 # next, we define all of the options specific to major releases
7493 case "$host" in
7494 *-*-hpux10*)
7495 if test -z "$GCC"; then
7496 CFLAGS="$CFLAGS -Ae"
7497 fi
7498 ;;
7499 *-*-hpux11*)
7500
7501$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
7502
7503
7504$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
7505
7506
7507$as_echo "#define USE_BTMP 1" >>confdefs.h
7508
7509 check_for_hpux_broken_getaddrinfo=1
7510 check_for_conflicting_getspnam=1
7511 ;;
7512 esac
7513
7514 # lastly, we define options specific to minor releases
7515 case "$host" in
7516 *-*-hpux10.26)
7517
7518$as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
7519
7520 disable_ptmx_check=yes
7521 LIBS="$LIBS -lsecpw"
7522 ;;
7523 esac
7524 ;;
7525*-*-irix5*)
7526 PATH="$PATH:/usr/etc"
7527
7528$as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
7529
7530 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7531
7532 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7533
7534 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7535
7536
7537$as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
7538
7539 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
7540
7541 ;;
7542*-*-irix6*)
7543 PATH="$PATH:/usr/etc"
7544
7545$as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h
7546
7547
7548$as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h
7549
7550
7551$as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h
7552
7553 ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob"
7554if test "x$ac_cv_func_jlimit_startjob" = xyes; then :
7555
7556$as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h
7557
7558fi
7559
7560 $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
7561
7562 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7563
7564 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7565
7566 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7567
7568
7569$as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
7570
7571 $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
7572
7573 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
7574
7575 ;;
7576*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
7577 check_for_libcrypt_later=1
7578 $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7579
7580 $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
7581
7582 $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7583
7584
7585$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
7586
7587
7588$as_echo "#define USE_BTMP 1" >>confdefs.h
7589
7590 ;;
7591*-*-linux*)
7592 no_dev_ptmx=1
7593 use_pie=auto
7594 check_for_libcrypt_later=1
7595 check_for_openpty_ctty_bug=1
7596
7597$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7598
7599
7600$as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
7601
7602 $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7603
7604
7605$as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h
7606
7607
7608$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
7609
7610 $as_echo "#define USE_BTMP 1" >>confdefs.h
7611
7612
7613$as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h
7614
7615 inet6_default_4in6=yes
7616 case `uname -r` in
7617 1.*|2.0.*)
7618
7619$as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h
7620
7621 ;;
7622 esac
7623 # tun(4) forwarding compat code
7624 for ac_header in linux/if_tun.h
7625do :
7626 ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default"
7627if test "x$ac_cv_header_linux_if_tun_h" = xyes; then :
7628 cat >>confdefs.h <<_ACEOF
7629#define HAVE_LINUX_IF_TUN_H 1
7630_ACEOF
7631
7632fi
7633
7634done
7635
7636 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
7637
7638$as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h
7639
7640
7641$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
7642
7643
7644$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
7645
7646 fi
7647 for ac_header in linux/seccomp.h linux/filter.h linux/audit.h
7648do :
7649 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
7650ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h>
7651"
7652if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
7653 cat >>confdefs.h <<_ACEOF
7654#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
7655_ACEOF
7656
7657fi
7658
7659done
7660
7661 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5
7662$as_echo_n "checking for seccomp architecture... " >&6; }
7663 seccomp_audit_arch=
7664 case "$host" in
7665 x86_64-*)
7666 seccomp_audit_arch=AUDIT_ARCH_X86_64
7667 ;;
7668 i*86-*)
7669 seccomp_audit_arch=AUDIT_ARCH_I386
7670 ;;
7671 arm*-*)
7672 seccomp_audit_arch=AUDIT_ARCH_ARM
7673 ;;
7674 aarch64*-*)
7675 seccomp_audit_arch=AUDIT_ARCH_AARCH64
7676 ;;
7677 s390x-*)
7678 seccomp_audit_arch=AUDIT_ARCH_S390X
7679 ;;
7680 s390-*)
7681 seccomp_audit_arch=AUDIT_ARCH_S390
7682 ;;
7683 powerpc64-*)
7684 seccomp_audit_arch=AUDIT_ARCH_PPC64
7685 ;;
7686 powerpc64le-*)
7687 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
7688 ;;
7689 mips-*)
7690 seccomp_audit_arch=AUDIT_ARCH_MIPS
7691 ;;
7692 mipsel-*)
7693 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
7694 ;;
7695 mips64-*)
7696 seccomp_audit_arch=AUDIT_ARCH_MIPS64
7697 ;;
7698 mips64el-*)
7699 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
7700 ;;
7701 esac
7702 if test "x$seccomp_audit_arch" != "x" ; then
7703 { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5
7704$as_echo "\"$seccomp_audit_arch\"" >&6; }
7705
7706cat >>confdefs.h <<_ACEOF
7707#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch
7708_ACEOF
7709
7710 else
7711 { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5
7712$as_echo "architecture not supported" >&6; }
7713 fi
7714 ;;
7715mips-sony-bsd|mips-sony-newsos4)
7716
7717$as_echo "#define NEED_SETPGRP 1" >>confdefs.h
7718
7719 SONY=1
7720 ;;
7721*-*-netbsd*)
7722 check_for_libcrypt_before=1
7723 if test "x$withval" != "xno" ; then
7724 need_dash_r=1
7725 fi
7726 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
7727
7728$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
7729
7730 ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
7731if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
7732
7733else
7734
7735$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
7736
7737fi
7738
7739
7740
7741$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
7742
7743 TEST_MALLOC_OPTIONS="AJRX"
7744
7745$as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h
7746
7747 ;;
7748*-*-freebsd*)
7749 check_for_libcrypt_later=1
7750
7751$as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h
7752
7753
7754$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
7755
7756 ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
7757if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
7758
7759else
7760
7761$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
7762
7763fi
7764
7765
7766
7767$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
7768
7769 TEST_MALLOC_OPTIONS="AJRX"
7770 # Preauth crypto occasionally uses file descriptors for crypto offload
7771 # and will crash if they cannot be opened.
7772
7773$as_echo "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h
7774
7775 ;;
7776*-*-bsdi*)
7777 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7778
7779 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7780
7781 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7782
7783 ;;
7784*-next-*)
7785 conf_lastlog_location="/usr/adm/lastlog"
7786 conf_utmp_location=/etc/utmp
7787 conf_wtmp_location=/usr/adm/wtmp
7788 maildir=/usr/spool/mail
7789
7790$as_echo "#define HAVE_NEXT 1" >>confdefs.h
7791
7792 $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
7793
7794 $as_echo "#define USE_PIPES 1" >>confdefs.h
7795
7796
7797$as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h
7798
7799 ;;
7800*-*-openbsd*)
7801 use_pie=auto
7802
7803$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h
7804
7805
7806$as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h
7807
7808
7809$as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h
7810
7811
7812$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h
7813
7814 TEST_MALLOC_OPTIONS="AFGJPRX"
7815 ;;
7816*-*-solaris*)
7817 if test "x$withval" != "xno" ; then
7818 need_dash_r=1
7819 fi
7820 $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
7821
7822 $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
7823
7824 $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7825
7826
7827$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
7828
7829 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
7830
7831 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
7832
7833$as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
7834
7835
7836$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
7837
7838
7839$as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h
7840
7841 external_path_file=/etc/default/login
7842 # hardwire lastlog location (can't detect it on some versions)
7843 conf_lastlog_location="/var/adm/lastlog"
7844 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5
7845$as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; }
7846 sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'`
7847 if test "$sol2ver" -ge 8; then
7848 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7849$as_echo "yes" >&6; }
7850 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
7851
7852
7853$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
7854
7855 else
7856 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7857$as_echo "no" >&6; }
7858 fi
7859 for ac_func in setpflags
7860do :
7861 ac_fn_c_check_func "$LINENO" "setpflags" "ac_cv_func_setpflags"
7862if test "x$ac_cv_func_setpflags" = xyes; then :
7863 cat >>confdefs.h <<_ACEOF
7864#define HAVE_SETPFLAGS 1
7865_ACEOF
7866
7867fi
7868done
7869
7870 for ac_func in setppriv
7871do :
7872 ac_fn_c_check_func "$LINENO" "setppriv" "ac_cv_func_setppriv"
7873if test "x$ac_cv_func_setppriv" = xyes; then :
7874 cat >>confdefs.h <<_ACEOF
7875#define HAVE_SETPPRIV 1
7876_ACEOF
7877
7878fi
7879done
7880
7881 for ac_func in priv_basicset
7882do :
7883 ac_fn_c_check_func "$LINENO" "priv_basicset" "ac_cv_func_priv_basicset"
7884if test "x$ac_cv_func_priv_basicset" = xyes; then :
7885 cat >>confdefs.h <<_ACEOF
7886#define HAVE_PRIV_BASICSET 1
7887_ACEOF
7888
7889fi
7890done
7891
7892 for ac_header in priv.h
7893do :
7894 ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default"
7895if test "x$ac_cv_header_priv_h" = xyes; then :
7896 cat >>confdefs.h <<_ACEOF
7897#define HAVE_PRIV_H 1
7898_ACEOF
7899
7900fi
7901
7902done
7903
7904
7905# Check whether --with-solaris-contracts was given.
7906if test "${with_solaris_contracts+set}" = set; then :
7907 withval=$with_solaris_contracts;
7908 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5
7909$as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; }
7910if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then :
7911 $as_echo_n "(cached) " >&6
7912else
7913 ac_check_lib_save_LIBS=$LIBS
7914LIBS="-lcontract $LIBS"
7915cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7916/* end confdefs.h. */
7917
7918/* Override any GCC internal prototype to avoid an error.
7919 Use char because int might match the return type of a GCC
7920 builtin and then its argument prototype would still apply. */
7921#ifdef __cplusplus
7922extern "C"
7923#endif
7924char ct_tmpl_activate ();
7925int
7926main ()
7927{
7928return ct_tmpl_activate ();
7929 ;
7930 return 0;
7931}
7932_ACEOF
7933if ac_fn_c_try_link "$LINENO"; then :
7934 ac_cv_lib_contract_ct_tmpl_activate=yes
7935else
7936 ac_cv_lib_contract_ct_tmpl_activate=no
7937fi
7938rm -f core conftest.err conftest.$ac_objext \
7939 conftest$ac_exeext conftest.$ac_ext
7940LIBS=$ac_check_lib_save_LIBS
7941fi
7942{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5
7943$as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; }
7944if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then :
7945
7946$as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h
7947
7948 LIBS="$LIBS -lcontract"
7949 SPC_MSG="yes"
7950fi
7951
7952
7953fi
7954
7955
7956# Check whether --with-solaris-projects was given.
7957if test "${with_solaris_projects+set}" = set; then :
7958 withval=$with_solaris_projects;
7959 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5
7960$as_echo_n "checking for setproject in -lproject... " >&6; }
7961if ${ac_cv_lib_project_setproject+:} false; then :
7962 $as_echo_n "(cached) " >&6
7963else
7964 ac_check_lib_save_LIBS=$LIBS
7965LIBS="-lproject $LIBS"
7966cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7967/* end confdefs.h. */
7968
7969/* Override any GCC internal prototype to avoid an error.
7970 Use char because int might match the return type of a GCC
7971 builtin and then its argument prototype would still apply. */
7972#ifdef __cplusplus
7973extern "C"
7974#endif
7975char setproject ();
7976int
7977main ()
7978{
7979return setproject ();
7980 ;
7981 return 0;
7982}
7983_ACEOF
7984if ac_fn_c_try_link "$LINENO"; then :
7985 ac_cv_lib_project_setproject=yes
7986else
7987 ac_cv_lib_project_setproject=no
7988fi
7989rm -f core conftest.err conftest.$ac_objext \
7990 conftest$ac_exeext conftest.$ac_ext
7991LIBS=$ac_check_lib_save_LIBS
7992fi
7993{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5
7994$as_echo "$ac_cv_lib_project_setproject" >&6; }
7995if test "x$ac_cv_lib_project_setproject" = xyes; then :
7996
7997$as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h
7998
7999 LIBS="$LIBS -lproject"
8000 SP_MSG="yes"
8001fi
8002
8003
8004fi
8005
8006
8007# Check whether --with-solaris-privs was given.
8008if test "${with_solaris_privs+set}" = set; then :
8009 withval=$with_solaris_privs;
8010 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Solaris/Illumos privilege support" >&5
8011$as_echo_n "checking for Solaris/Illumos privilege support... " >&6; }
8012 if test "x$ac_cv_func_setppriv" = "xyes" -a \
8013 "x$ac_cv_header_priv_h" = "xyes" ; then
8014 SOLARIS_PRIVS=yes
8015 { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5
8016$as_echo "found" >&6; }
8017
8018$as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h
8019
8020
8021$as_echo "#define USE_SOLARIS_PRIVS 1" >>confdefs.h
8022
8023 SPP_MSG="yes"
8024 else
8025 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
8026$as_echo "not found" >&6; }
8027 as_fn_error $? "*** must have support for Solaris privileges to use --with-solaris-privs" "$LINENO" 5
8028 fi
8029
8030fi
8031
8032 TEST_SHELL=$SHELL # let configure find us a capable shell
8033 ;;
8034*-*-sunos4*)
8035 CPPFLAGS="$CPPFLAGS -DSUNOS4"
8036 for ac_func in getpwanam
8037do :
8038 ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam"
8039if test "x$ac_cv_func_getpwanam" = xyes; then :
8040 cat >>confdefs.h <<_ACEOF
8041#define HAVE_GETPWANAM 1
8042_ACEOF
8043
8044fi
8045done
8046
8047 $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
8048
8049 conf_utmp_location=/etc/utmp
8050 conf_wtmp_location=/var/adm/wtmp
8051 conf_lastlog_location=/var/adm/lastlog
8052 $as_echo "#define USE_PIPES 1" >>confdefs.h
8053
8054 ;;
8055*-ncr-sysv*)
8056 LIBS="$LIBS -lc89"
8057 $as_echo "#define USE_PIPES 1" >>confdefs.h
8058
8059 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
8060
8061 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8062
8063 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8064
8065 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8066
8067 ;;
8068*-sni-sysv*)
8069 # /usr/ucblib MUST NOT be searched on ReliantUNIX
8070 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5
8071$as_echo_n "checking for dlsym in -ldl... " >&6; }
8072if ${ac_cv_lib_dl_dlsym+:} false; then :
8073 $as_echo_n "(cached) " >&6
8074else
8075 ac_check_lib_save_LIBS=$LIBS
8076LIBS="-ldl $LIBS"
8077cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8078/* end confdefs.h. */
8079
8080/* Override any GCC internal prototype to avoid an error.
8081 Use char because int might match the return type of a GCC
8082 builtin and then its argument prototype would still apply. */
8083#ifdef __cplusplus
8084extern "C"
8085#endif
8086char dlsym ();
8087int
8088main ()
8089{
8090return dlsym ();
8091 ;
8092 return 0;
8093}
8094_ACEOF
8095if ac_fn_c_try_link "$LINENO"; then :
8096 ac_cv_lib_dl_dlsym=yes
8097else
8098 ac_cv_lib_dl_dlsym=no
8099fi
8100rm -f core conftest.err conftest.$ac_objext \
8101 conftest$ac_exeext conftest.$ac_ext
8102LIBS=$ac_check_lib_save_LIBS
8103fi
8104{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5
8105$as_echo "$ac_cv_lib_dl_dlsym" >&6; }
8106if test "x$ac_cv_lib_dl_dlsym" = xyes; then :
8107 cat >>confdefs.h <<_ACEOF
8108#define HAVE_LIBDL 1
8109_ACEOF
8110
8111 LIBS="-ldl $LIBS"
8112
8113fi
8114
8115 # -lresolv needs to be at the end of LIBS or DNS lookups break
8116 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
8117$as_echo_n "checking for res_query in -lresolv... " >&6; }
8118if ${ac_cv_lib_resolv_res_query+:} false; then :
8119 $as_echo_n "(cached) " >&6
8120else
8121 ac_check_lib_save_LIBS=$LIBS
8122LIBS="-lresolv $LIBS"
8123cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8124/* end confdefs.h. */
8125
8126/* Override any GCC internal prototype to avoid an error.
8127 Use char because int might match the return type of a GCC
8128 builtin and then its argument prototype would still apply. */
8129#ifdef __cplusplus
8130extern "C"
8131#endif
8132char res_query ();
8133int
8134main ()
8135{
8136return res_query ();
8137 ;
8138 return 0;
8139}
8140_ACEOF
8141if ac_fn_c_try_link "$LINENO"; then :
8142 ac_cv_lib_resolv_res_query=yes
8143else
8144 ac_cv_lib_resolv_res_query=no
8145fi
8146rm -f core conftest.err conftest.$ac_objext \
8147 conftest$ac_exeext conftest.$ac_ext
8148LIBS=$ac_check_lib_save_LIBS
8149fi
8150{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5
8151$as_echo "$ac_cv_lib_resolv_res_query" >&6; }
8152if test "x$ac_cv_lib_resolv_res_query" = xyes; then :
8153 LIBS="$LIBS -lresolv"
8154fi
8155
8156 IPADDR_IN_DISPLAY=yes
8157 $as_echo "#define USE_PIPES 1" >>confdefs.h
8158
8159 $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
8160
8161 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8162
8163 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8164
8165 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8166
8167 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
8168
8169 external_path_file=/etc/default/login
8170 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
8171 # Attention: always take care to bind libsocket and libnsl before libc,
8172 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
8173 ;;
8174# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
8175*-*-sysv4.2*)
8176 $as_echo "#define USE_PIPES 1" >>confdefs.h
8177
8178 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8179
8180 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8181
8182 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8183
8184
8185$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
8186
8187 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
8188
8189 TEST_SHELL=$SHELL # let configure find us a capable shell
8190 ;;
8191# UnixWare 7.x, OpenUNIX 8
8192*-*-sysv5*)
8193 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
8194
8195$as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h
8196
8197 $as_echo "#define USE_PIPES 1" >>confdefs.h
8198
8199 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8200
8201 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
8202
8203 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8204
8205 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8206
8207 $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
8208
8209 TEST_SHELL=$SHELL # let configure find us a capable shell
8210 case "$host" in
8211 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
8212 maildir=/var/spool/mail
8213
8214$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h
8215
8216 $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
8217
8218 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5
8219$as_echo_n "checking for getluid in -lprot... " >&6; }
8220if ${ac_cv_lib_prot_getluid+:} false; then :
8221 $as_echo_n "(cached) " >&6
8222else
8223 ac_check_lib_save_LIBS=$LIBS
8224LIBS="-lprot $LIBS"
8225cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8226/* end confdefs.h. */
8227
8228/* Override any GCC internal prototype to avoid an error.
8229 Use char because int might match the return type of a GCC
8230 builtin and then its argument prototype would still apply. */
8231#ifdef __cplusplus
8232extern "C"
8233#endif
8234char getluid ();
8235int
8236main ()
8237{
8238return getluid ();
8239 ;
8240 return 0;
8241}
8242_ACEOF
8243if ac_fn_c_try_link "$LINENO"; then :
8244 ac_cv_lib_prot_getluid=yes
8245else
8246 ac_cv_lib_prot_getluid=no
8247fi
8248rm -f core conftest.err conftest.$ac_objext \
8249 conftest$ac_exeext conftest.$ac_ext
8250LIBS=$ac_check_lib_save_LIBS
8251fi
8252{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5
8253$as_echo "$ac_cv_lib_prot_getluid" >&6; }
8254if test "x$ac_cv_lib_prot_getluid" = xyes; then :
8255 LIBS="$LIBS -lprot"
8256 for ac_func in getluid setluid
8257do :
8258 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
8259ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
8260if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
8261 cat >>confdefs.h <<_ACEOF
8262#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
8263_ACEOF
8264
8265fi
8266done
8267
8268 $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
8269
8270 $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
8271
8272
8273fi
8274
8275 ;;
8276 *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
8277
8278 check_for_libcrypt_later=1
8279 ;;
8280 esac
8281 ;;
8282*-*-sysv*)
8283 ;;
8284# SCO UNIX and OEM versions of SCO UNIX
8285*-*-sco3.2v4*)
8286 as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5
8287 ;;
8288# SCO OpenServer 5.x
8289*-*-sco3.2v5*)
8290 if test -z "$GCC"; then
8291 CFLAGS="$CFLAGS -belf"
8292 fi
8293 LIBS="$LIBS -lprot -lx -ltinfo -lm"
8294 no_dev_ptmx=1
8295 $as_echo "#define USE_PIPES 1" >>confdefs.h
8296
8297 $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
8298
8299 $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
8300
8301 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8302
8303 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8304
8305 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
8306
8307 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8308
8309 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8310
8311 $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
8312
8313 $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
8314
8315 $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
8316
8317 for ac_func in getluid setluid
8318do :
8319 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
8320ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
8321if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
8322 cat >>confdefs.h <<_ACEOF
8323#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
8324_ACEOF
8325
8326fi
8327done
8328
8329 MANTYPE=man
8330 TEST_SHELL=$SHELL # let configure find us a capable shell
8331 SKIP_DISABLE_LASTLOG_DEFINE=yes
8332 ;;
8333*-*-unicosmk*)
8334
8335$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
8336
8337 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8338
8339 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8340
8341 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8342
8343 $as_echo "#define USE_PIPES 1" >>confdefs.h
8344
8345 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8346
8347 LDFLAGS="$LDFLAGS"
8348 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
8349 MANTYPE=cat
8350 ;;
8351*-*-unicosmp*)
8352 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8353
8354 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8355
8356 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8357
8358 $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
8359
8360 $as_echo "#define USE_PIPES 1" >>confdefs.h
8361
8362 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8363
8364 LDFLAGS="$LDFLAGS"
8365 LIBS="$LIBS -lgen -lacid -ldb"
8366 MANTYPE=cat
8367 ;;
8368*-*-unicos*)
8369 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8370
8371 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8372
8373 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8374
8375 $as_echo "#define USE_PIPES 1" >>confdefs.h
8376
8377 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8378
8379 $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
8380
8381 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
8382 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
8383 MANTYPE=cat
8384 ;;
8385*-dec-osf*)
8386 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5
8387$as_echo_n "checking for Digital Unix SIA... " >&6; }
8388 no_osfsia=""
8389
8390# Check whether --with-osfsia was given.
8391if test "${with_osfsia+set}" = set; then :
8392 withval=$with_osfsia;
8393 if test "x$withval" = "xno" ; then
8394 { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
8395$as_echo "disabled" >&6; }
8396 no_osfsia=1
8397 fi
8398
8399fi
8400
8401 if test -z "$no_osfsia" ; then
8402 if test -f /etc/sia/matrix.conf; then
8403 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
8404$as_echo "yes" >&6; }
8405
8406$as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h
8407
8408
8409$as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
8410
8411 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8412
8413 LIBS="$LIBS -lsecurity -ldb -lm -laud"
8414 SIA_MSG="yes"
8415 else
8416 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
8417$as_echo "no" >&6; }
8418
8419$as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h
8420
8421 fi
8422 fi
8423 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
8424
8425 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8426
8427 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8428
8429 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8430
8431
8432$as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h
8433
8434 ;;
8435
8436*-*-nto-qnx*)
8437 $as_echo "#define USE_PIPES 1" >>confdefs.h
8438
8439 $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
8440
8441 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
8442
8443 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
8444
8445
8446$as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h
8447
8448 enable_etc_default_login=no # has incompatible /etc/default/login
8449 case "$host" in
8450 *-*-nto-qnx6*)
8451 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8452
8453 ;;
8454 esac
8455 ;;
8456
8457*-*-ultrix*)
8458
8459$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h
8460
8461 $as_echo "#define NEED_SETPGRP 1" >>confdefs.h
8462
8463
8464$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h
8465
8466 ;;
8467
8468*-*-lynxos)
8469 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
8470
8471$as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h
8472
8473 ;;
8474esac
8475
8476{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5
8477$as_echo_n "checking compiler and flags for sanity... " >&6; }
8478if test "$cross_compiling" = yes; then :
8479 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5
8480$as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;}
8481
8482else
8483 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8484/* end confdefs.h. */
8485 #include <stdio.h>
8486int
8487main ()
8488{
8489 exit(0);
8490 ;
8491 return 0;
8492}
8493_ACEOF
8494if ac_fn_c_try_run "$LINENO"; then :
8495 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
8496$as_echo "yes" >&6; }
8497else
8498
8499 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
8500$as_echo "no" >&6; }
8501 as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5
8502
8503fi
8504rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
8505 conftest.$ac_objext conftest.beam conftest.$ac_ext
8506fi
8507
8508
8509# Checks for libraries.
8510ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
8511if test "x$ac_cv_func_setsockopt" = xyes; then :
8512
8513else
8514 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
8515$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
8516if ${ac_cv_lib_socket_setsockopt+:} false; then :
8517 $as_echo_n "(cached) " >&6
8518else
8519 ac_check_lib_save_LIBS=$LIBS
8520LIBS="-lsocket $LIBS"
8521cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8522/* end confdefs.h. */
8523
8524/* Override any GCC internal prototype to avoid an error.
8525 Use char because int might match the return type of a GCC
8526 builtin and then its argument prototype would still apply. */
8527#ifdef __cplusplus
8528extern "C"
8529#endif
8530char setsockopt ();
8531int
8532main ()
8533{
8534return setsockopt ();
8535 ;
8536 return 0;
8537}
8538_ACEOF
8539if ac_fn_c_try_link "$LINENO"; then :
8540 ac_cv_lib_socket_setsockopt=yes
8541else
8542 ac_cv_lib_socket_setsockopt=no
8543fi
8544rm -f core conftest.err conftest.$ac_objext \
8545 conftest$ac_exeext conftest.$ac_ext
8546LIBS=$ac_check_lib_save_LIBS
8547fi
8548{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
8549$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
8550if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
8551 cat >>confdefs.h <<_ACEOF
8552#define HAVE_LIBSOCKET 1
8553_ACEOF
8554
8555 LIBS="-lsocket $LIBS"
8556
8557fi
8558
8559fi
8560
8561
8562for ac_func in dirname
8563do :
8564 ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname"
8565if test "x$ac_cv_func_dirname" = xyes; then :
8566 cat >>confdefs.h <<_ACEOF
8567#define HAVE_DIRNAME 1
8568_ACEOF
8569 for ac_header in libgen.h
8570do :
8571 ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
8572if test "x$ac_cv_header_libgen_h" = xyes; then :
8573 cat >>confdefs.h <<_ACEOF
8574#define HAVE_LIBGEN_H 1
8575_ACEOF
8576
8577fi
8578
8579done
8580
8581else
8582
8583 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5
8584$as_echo_n "checking for dirname in -lgen... " >&6; }
8585if ${ac_cv_lib_gen_dirname+:} false; then :
8586 $as_echo_n "(cached) " >&6
8587else
8588 ac_check_lib_save_LIBS=$LIBS
8589LIBS="-lgen $LIBS"
8590cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8591/* end confdefs.h. */
8592
8593/* Override any GCC internal prototype to avoid an error.
8594 Use char because int might match the return type of a GCC
8595 builtin and then its argument prototype would still apply. */
8596#ifdef __cplusplus
8597extern "C"
8598#endif
8599char dirname ();
8600int
8601main ()
8602{
8603return dirname ();
8604 ;
8605 return 0;
8606}
8607_ACEOF
8608if ac_fn_c_try_link "$LINENO"; then :
8609 ac_cv_lib_gen_dirname=yes
8610else
8611 ac_cv_lib_gen_dirname=no
8612fi
8613rm -f core conftest.err conftest.$ac_objext \
8614 conftest$ac_exeext conftest.$ac_ext
8615LIBS=$ac_check_lib_save_LIBS
8616fi
8617{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5
8618$as_echo "$ac_cv_lib_gen_dirname" >&6; }
8619if test "x$ac_cv_lib_gen_dirname" = xyes; then :
8620
8621 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5
8622$as_echo_n "checking for broken dirname... " >&6; }
8623if ${ac_cv_have_broken_dirname+:} false; then :
8624 $as_echo_n "(cached) " >&6
8625else
8626
8627 save_LIBS="$LIBS"
8628 LIBS="$LIBS -lgen"
8629 if test "$cross_compiling" = yes; then :
8630 ac_cv_have_broken_dirname="no"
8631else
8632 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8633/* end confdefs.h. */
8634
8635#include <libgen.h>
8636#include <string.h>
8637
8638int main(int argc, char **argv) {
8639 char *s, buf[32];
8640
8641 strncpy(buf,"/etc", 32);
8642 s = dirname(buf);
8643 if (!s || strncmp(s, "/", 32) != 0) {
8644 exit(1);
8645 } else {
8646 exit(0);
8647 }
8648}
8649
8650_ACEOF
8651if ac_fn_c_try_run "$LINENO"; then :
8652 ac_cv_have_broken_dirname="no"
8653else
8654 ac_cv_have_broken_dirname="yes"
8655fi
8656rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
8657 conftest.$ac_objext conftest.beam conftest.$ac_ext
8658fi
8659
8660 LIBS="$save_LIBS"
8661
8662fi
8663{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5
8664$as_echo "$ac_cv_have_broken_dirname" >&6; }
8665 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
8666 LIBS="$LIBS -lgen"
8667 $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h
8668
8669 for ac_header in libgen.h
8670do :
8671 ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
8672if test "x$ac_cv_header_libgen_h" = xyes; then :
8673 cat >>confdefs.h <<_ACEOF
8674#define HAVE_LIBGEN_H 1
8675_ACEOF
8676
8677fi
8678
8679done
8680
8681 fi
8682
8683fi
8684
8685
8686fi
8687done
8688
8689
8690ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam"
8691if test "x$ac_cv_func_getspnam" = xyes; then :
8692
8693else
8694 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5
8695$as_echo_n "checking for getspnam in -lgen... " >&6; }
8696if ${ac_cv_lib_gen_getspnam+:} false; then :
8697 $as_echo_n "(cached) " >&6
8698else
8699 ac_check_lib_save_LIBS=$LIBS
8700LIBS="-lgen $LIBS"
8701cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8702/* end confdefs.h. */
8703
8704/* Override any GCC internal prototype to avoid an error.
8705 Use char because int might match the return type of a GCC
8706 builtin and then its argument prototype would still apply. */
8707#ifdef __cplusplus
8708extern "C"
8709#endif
8710char getspnam ();
8711int
8712main ()
8713{
8714return getspnam ();
8715 ;
8716 return 0;
8717}
8718_ACEOF
8719if ac_fn_c_try_link "$LINENO"; then :
8720 ac_cv_lib_gen_getspnam=yes
8721else
8722 ac_cv_lib_gen_getspnam=no
8723fi
8724rm -f core conftest.err conftest.$ac_objext \
8725 conftest$ac_exeext conftest.$ac_ext
8726LIBS=$ac_check_lib_save_LIBS
8727fi
8728{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5
8729$as_echo "$ac_cv_lib_gen_getspnam" >&6; }
8730if test "x$ac_cv_lib_gen_getspnam" = xyes; then :
8731 LIBS="$LIBS -lgen"
8732fi
8733
8734fi
8735
8736{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5
8737$as_echo_n "checking for library containing basename... " >&6; }
8738if ${ac_cv_search_basename+:} false; then :
8739 $as_echo_n "(cached) " >&6
8740else
8741 ac_func_search_save_LIBS=$LIBS
8742cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8743/* end confdefs.h. */
8744
8745/* Override any GCC internal prototype to avoid an error.
8746 Use char because int might match the return type of a GCC
8747 builtin and then its argument prototype would still apply. */
8748#ifdef __cplusplus
8749extern "C"
8750#endif
8751char basename ();
8752int
8753main ()
8754{
8755return basename ();
8756 ;
8757 return 0;
8758}
8759_ACEOF
8760for ac_lib in '' gen; do
8761 if test -z "$ac_lib"; then
8762 ac_res="none required"
8763 else
8764 ac_res=-l$ac_lib
8765 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
8766 fi
8767 if ac_fn_c_try_link "$LINENO"; then :
8768 ac_cv_search_basename=$ac_res
8769fi
8770rm -f core conftest.err conftest.$ac_objext \
8771 conftest$ac_exeext
8772 if ${ac_cv_search_basename+:} false; then :
8773 break
8774fi
8775done
8776if ${ac_cv_search_basename+:} false; then :
8777
8778else
8779 ac_cv_search_basename=no
8780fi
8781rm conftest.$ac_ext
8782LIBS=$ac_func_search_save_LIBS
8783fi
8784{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5
8785$as_echo "$ac_cv_search_basename" >&6; }
8786ac_res=$ac_cv_search_basename
8787if test "$ac_res" != no; then :
8788 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
8789
8790$as_echo "#define HAVE_BASENAME 1" >>confdefs.h
8791
8792fi
8793
8794
8795
8796# Check whether --with-zlib was given.
8797if test "${with_zlib+set}" = set; then :
8798 withval=$with_zlib; if test "x$withval" = "xno" ; then
8799 as_fn_error $? "*** zlib is required ***" "$LINENO" 5
8800 elif test "x$withval" != "xyes"; then
8801 if test -d "$withval/lib"; then
8802 if test -n "${need_dash_r}"; then
8803 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
8804 else
8805 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
8806 fi
8807 else
8808 if test -n "${need_dash_r}"; then
8809 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
8810 else
8811 LDFLAGS="-L${withval} ${LDFLAGS}"
8812 fi
8813 fi
8814 if test -d "$withval/include"; then
8815 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
8816 else
8817 CPPFLAGS="-I${withval} ${CPPFLAGS}"
8818 fi
8819 fi
8820
8821fi
8822
8823
8824ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
8825if test "x$ac_cv_header_zlib_h" = xyes; then :
8826
8827else
8828 as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5
8829fi
8830
8831
8832{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5
8833$as_echo_n "checking for deflate in -lz... " >&6; }
8834if ${ac_cv_lib_z_deflate+:} false; then :
8835 $as_echo_n "(cached) " >&6
8836else
8837 ac_check_lib_save_LIBS=$LIBS
8838LIBS="-lz $LIBS"
8839cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8840/* end confdefs.h. */
8841
8842/* Override any GCC internal prototype to avoid an error.
8843 Use char because int might match the return type of a GCC
8844 builtin and then its argument prototype would still apply. */
8845#ifdef __cplusplus
8846extern "C"
8847#endif
8848char deflate ();
8849int
8850main ()
8851{
8852return deflate ();
8853 ;
8854 return 0;
8855}
8856_ACEOF
8857if ac_fn_c_try_link "$LINENO"; then :
8858 ac_cv_lib_z_deflate=yes
8859else
8860 ac_cv_lib_z_deflate=no
8861fi
8862rm -f core conftest.err conftest.$ac_objext \
8863 conftest$ac_exeext conftest.$ac_ext
8864LIBS=$ac_check_lib_save_LIBS
8865fi
8866{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5
8867$as_echo "$ac_cv_lib_z_deflate" >&6; }
8868if test "x$ac_cv_lib_z_deflate" = xyes; then :
8869 cat >>confdefs.h <<_ACEOF
8870#define HAVE_LIBZ 1
8871_ACEOF
8872
8873 LIBS="-lz $LIBS"
8874
8875else
8876
8877 saved_CPPFLAGS="$CPPFLAGS"
8878 saved_LDFLAGS="$LDFLAGS"
8879 save_LIBS="$LIBS"
8880 if test -n "${need_dash_r}"; then
8881 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
8882 else
8883 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
8884 fi
8885 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
8886 LIBS="$LIBS -lz"
8887 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8888/* end confdefs.h. */
8889
8890/* Override any GCC internal prototype to avoid an error.
8891 Use char because int might match the return type of a GCC
8892 builtin and then its argument prototype would still apply. */
8893#ifdef __cplusplus
8894extern "C"
8895#endif
8896char deflate ();
8897int
8898main ()
8899{
8900return deflate ();
8901 ;
8902 return 0;
8903}
8904_ACEOF
8905if ac_fn_c_try_link "$LINENO"; then :
8906 $as_echo "#define HAVE_LIBZ 1" >>confdefs.h
8907
8908else
8909
8910 as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5
8911
8912
8913fi
8914rm -f core conftest.err conftest.$ac_objext \
8915 conftest$ac_exeext conftest.$ac_ext
8916
8917
8918fi
8919
8920
8921
8922# Check whether --with-zlib-version-check was given.
8923if test "${with_zlib_version_check+set}" = set; then :
8924 withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then
8925 zlib_check_nonfatal=1
8926 fi
8927
8928
8929fi
8930
8931
8932{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5
8933$as_echo_n "checking for possibly buggy zlib... " >&6; }
8934if test "$cross_compiling" = yes; then :
8935 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5
8936$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
8937
8938else
8939 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8940/* end confdefs.h. */
8941
8942#include <stdio.h>
8943#include <stdlib.h>
8944#include <zlib.h>
8945
8946int
8947main ()
8948{
8949
8950 int a=0, b=0, c=0, d=0, n, v;
8951 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
8952 if (n != 3 && n != 4)
8953 exit(1);
8954 v = a*1000000 + b*10000 + c*100 + d;
8955 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
8956
8957 /* 1.1.4 is OK */
8958 if (a == 1 && b == 1 && c >= 4)
8959 exit(0);
8960
8961 /* 1.2.3 and up are OK */
8962 if (v >= 1020300)
8963 exit(0);
8964
8965 exit(2);
8966
8967 ;
8968 return 0;
8969}
8970_ACEOF
8971if ac_fn_c_try_run "$LINENO"; then :
8972 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
8973$as_echo "no" >&6; }
8974else
8975 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
8976$as_echo "yes" >&6; }
8977 if test -z "$zlib_check_nonfatal" ; then
8978 as_fn_error $? "*** zlib too old - check config.log ***
8979Your reported zlib version has known security problems. It's possible your
8980vendor has fixed these problems without changing the version number. If you
8981are sure this is the case, you can disable the check by running
8982\"./configure --without-zlib-version-check\".
8983If you are in doubt, upgrade zlib to version 1.2.3 or greater.
8984See http://www.gzip.org/zlib/ for details." "$LINENO" 5
8985 else
8986 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5
8987$as_echo "$as_me: WARNING: zlib version may have security problems" >&2;}
8988 fi
8989
8990fi
8991rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
8992 conftest.$ac_objext conftest.beam conftest.$ac_ext
8993fi
8994
8995
8996ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
8997if test "x$ac_cv_func_strcasecmp" = xyes; then :
8998
8999else
9000 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5
9001$as_echo_n "checking for strcasecmp in -lresolv... " >&6; }
9002if ${ac_cv_lib_resolv_strcasecmp+:} false; then :
9003 $as_echo_n "(cached) " >&6
9004else
9005 ac_check_lib_save_LIBS=$LIBS
9006LIBS="-lresolv $LIBS"
9007cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9008/* end confdefs.h. */
9009
9010/* Override any GCC internal prototype to avoid an error.
9011 Use char because int might match the return type of a GCC
9012 builtin and then its argument prototype would still apply. */
9013#ifdef __cplusplus
9014extern "C"
9015#endif
9016char strcasecmp ();
9017int
9018main ()
9019{
9020return strcasecmp ();
9021 ;
9022 return 0;
9023}
9024_ACEOF
9025if ac_fn_c_try_link "$LINENO"; then :
9026 ac_cv_lib_resolv_strcasecmp=yes
9027else
9028 ac_cv_lib_resolv_strcasecmp=no
9029fi
9030rm -f core conftest.err conftest.$ac_objext \
9031 conftest$ac_exeext conftest.$ac_ext
9032LIBS=$ac_check_lib_save_LIBS
9033fi
9034{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5
9035$as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; }
9036if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then :
9037 LIBS="$LIBS -lresolv"
9038fi
9039
9040
9041fi
9042
9043for ac_func in utimes
9044do :
9045 ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes"
9046if test "x$ac_cv_func_utimes" = xyes; then :
9047 cat >>confdefs.h <<_ACEOF
9048#define HAVE_UTIMES 1
9049_ACEOF
9050
9051else
9052 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5
9053$as_echo_n "checking for utimes in -lc89... " >&6; }
9054if ${ac_cv_lib_c89_utimes+:} false; then :
9055 $as_echo_n "(cached) " >&6
9056else
9057 ac_check_lib_save_LIBS=$LIBS
9058LIBS="-lc89 $LIBS"
9059cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9060/* end confdefs.h. */
9061
9062/* Override any GCC internal prototype to avoid an error.
9063 Use char because int might match the return type of a GCC
9064 builtin and then its argument prototype would still apply. */
9065#ifdef __cplusplus
9066extern "C"
9067#endif
9068char utimes ();
9069int
9070main ()
9071{
9072return utimes ();
9073 ;
9074 return 0;
9075}
9076_ACEOF
9077if ac_fn_c_try_link "$LINENO"; then :
9078 ac_cv_lib_c89_utimes=yes
9079else
9080 ac_cv_lib_c89_utimes=no
9081fi
9082rm -f core conftest.err conftest.$ac_objext \
9083 conftest$ac_exeext conftest.$ac_ext
9084LIBS=$ac_check_lib_save_LIBS
9085fi
9086{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5
9087$as_echo "$ac_cv_lib_c89_utimes" >&6; }
9088if test "x$ac_cv_lib_c89_utimes" = xyes; then :
9089 $as_echo "#define HAVE_UTIMES 1" >>confdefs.h
9090
9091 LIBS="$LIBS -lc89"
9092fi
9093
9094
9095fi
9096done
9097
9098
9099for ac_header in bsd/libutil.h libutil.h
9100do :
9101 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
9102ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
9103if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
9104 cat >>confdefs.h <<_ACEOF
9105#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
9106_ACEOF
9107
9108fi
9109
9110done
9111
9112{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5
9113$as_echo_n "checking for library containing fmt_scaled... " >&6; }
9114if ${ac_cv_search_fmt_scaled+:} false; then :
9115 $as_echo_n "(cached) " >&6
9116else
9117 ac_func_search_save_LIBS=$LIBS
9118cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9119/* end confdefs.h. */
9120
9121/* Override any GCC internal prototype to avoid an error.
9122 Use char because int might match the return type of a GCC
9123 builtin and then its argument prototype would still apply. */
9124#ifdef __cplusplus
9125extern "C"
9126#endif
9127char fmt_scaled ();
9128int
9129main ()
9130{
9131return fmt_scaled ();
9132 ;
9133 return 0;
9134}
9135_ACEOF
9136for ac_lib in '' util bsd; do
9137 if test -z "$ac_lib"; then
9138 ac_res="none required"
9139 else
9140 ac_res=-l$ac_lib
9141 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9142 fi
9143 if ac_fn_c_try_link "$LINENO"; then :
9144 ac_cv_search_fmt_scaled=$ac_res
9145fi
9146rm -f core conftest.err conftest.$ac_objext \
9147 conftest$ac_exeext
9148 if ${ac_cv_search_fmt_scaled+:} false; then :
9149 break
9150fi
9151done
9152if ${ac_cv_search_fmt_scaled+:} false; then :
9153
9154else
9155 ac_cv_search_fmt_scaled=no
9156fi
9157rm conftest.$ac_ext
9158LIBS=$ac_func_search_save_LIBS
9159fi
9160{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5
9161$as_echo "$ac_cv_search_fmt_scaled" >&6; }
9162ac_res=$ac_cv_search_fmt_scaled
9163if test "$ac_res" != no; then :
9164 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9165
9166fi
9167
9168{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5
9169$as_echo_n "checking for library containing scan_scaled... " >&6; }
9170if ${ac_cv_search_scan_scaled+:} false; then :
9171 $as_echo_n "(cached) " >&6
9172else
9173 ac_func_search_save_LIBS=$LIBS
9174cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9175/* end confdefs.h. */
9176
9177/* Override any GCC internal prototype to avoid an error.
9178 Use char because int might match the return type of a GCC
9179 builtin and then its argument prototype would still apply. */
9180#ifdef __cplusplus
9181extern "C"
9182#endif
9183char scan_scaled ();
9184int
9185main ()
9186{
9187return scan_scaled ();
9188 ;
9189 return 0;
9190}
9191_ACEOF
9192for ac_lib in '' util bsd; do
9193 if test -z "$ac_lib"; then
9194 ac_res="none required"
9195 else
9196 ac_res=-l$ac_lib
9197 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9198 fi
9199 if ac_fn_c_try_link "$LINENO"; then :
9200 ac_cv_search_scan_scaled=$ac_res
9201fi
9202rm -f core conftest.err conftest.$ac_objext \
9203 conftest$ac_exeext
9204 if ${ac_cv_search_scan_scaled+:} false; then :
9205 break
9206fi
9207done
9208if ${ac_cv_search_scan_scaled+:} false; then :
9209
9210else
9211 ac_cv_search_scan_scaled=no
9212fi
9213rm conftest.$ac_ext
9214LIBS=$ac_func_search_save_LIBS
9215fi
9216{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5
9217$as_echo "$ac_cv_search_scan_scaled" >&6; }
9218ac_res=$ac_cv_search_scan_scaled
9219if test "$ac_res" != no; then :
9220 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9221
9222fi
9223
9224{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5
9225$as_echo_n "checking for library containing login... " >&6; }
9226if ${ac_cv_search_login+:} false; then :
9227 $as_echo_n "(cached) " >&6
9228else
9229 ac_func_search_save_LIBS=$LIBS
9230cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9231/* end confdefs.h. */
9232
9233/* Override any GCC internal prototype to avoid an error.
9234 Use char because int might match the return type of a GCC
9235 builtin and then its argument prototype would still apply. */
9236#ifdef __cplusplus
9237extern "C"
9238#endif
9239char login ();
9240int
9241main ()
9242{
9243return login ();
9244 ;
9245 return 0;
9246}
9247_ACEOF
9248for ac_lib in '' util bsd; do
9249 if test -z "$ac_lib"; then
9250 ac_res="none required"
9251 else
9252 ac_res=-l$ac_lib
9253 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9254 fi
9255 if ac_fn_c_try_link "$LINENO"; then :
9256 ac_cv_search_login=$ac_res
9257fi
9258rm -f core conftest.err conftest.$ac_objext \
9259 conftest$ac_exeext
9260 if ${ac_cv_search_login+:} false; then :
9261 break
9262fi
9263done
9264if ${ac_cv_search_login+:} false; then :
9265
9266else
9267 ac_cv_search_login=no
9268fi
9269rm conftest.$ac_ext
9270LIBS=$ac_func_search_save_LIBS
9271fi
9272{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5
9273$as_echo "$ac_cv_search_login" >&6; }
9274ac_res=$ac_cv_search_login
9275if test "$ac_res" != no; then :
9276 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9277
9278fi
9279
9280{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5
9281$as_echo_n "checking for library containing logout... " >&6; }
9282if ${ac_cv_search_logout+:} false; then :
9283 $as_echo_n "(cached) " >&6
9284else
9285 ac_func_search_save_LIBS=$LIBS
9286cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9287/* end confdefs.h. */
9288
9289/* Override any GCC internal prototype to avoid an error.
9290 Use char because int might match the return type of a GCC
9291 builtin and then its argument prototype would still apply. */
9292#ifdef __cplusplus
9293extern "C"
9294#endif
9295char logout ();
9296int
9297main ()
9298{
9299return logout ();
9300 ;
9301 return 0;
9302}
9303_ACEOF
9304for ac_lib in '' util bsd; do
9305 if test -z "$ac_lib"; then
9306 ac_res="none required"
9307 else
9308 ac_res=-l$ac_lib
9309 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9310 fi
9311 if ac_fn_c_try_link "$LINENO"; then :
9312 ac_cv_search_logout=$ac_res
9313fi
9314rm -f core conftest.err conftest.$ac_objext \
9315 conftest$ac_exeext
9316 if ${ac_cv_search_logout+:} false; then :
9317 break
9318fi
9319done
9320if ${ac_cv_search_logout+:} false; then :
9321
9322else
9323 ac_cv_search_logout=no
9324fi
9325rm conftest.$ac_ext
9326LIBS=$ac_func_search_save_LIBS
9327fi
9328{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5
9329$as_echo "$ac_cv_search_logout" >&6; }
9330ac_res=$ac_cv_search_logout
9331if test "$ac_res" != no; then :
9332 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9333
9334fi
9335
9336{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5
9337$as_echo_n "checking for library containing logwtmp... " >&6; }
9338if ${ac_cv_search_logwtmp+:} false; then :
9339 $as_echo_n "(cached) " >&6
9340else
9341 ac_func_search_save_LIBS=$LIBS
9342cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9343/* end confdefs.h. */
9344
9345/* Override any GCC internal prototype to avoid an error.
9346 Use char because int might match the return type of a GCC
9347 builtin and then its argument prototype would still apply. */
9348#ifdef __cplusplus
9349extern "C"
9350#endif
9351char logwtmp ();
9352int
9353main ()
9354{
9355return logwtmp ();
9356 ;
9357 return 0;
9358}
9359_ACEOF
9360for ac_lib in '' util bsd; do
9361 if test -z "$ac_lib"; then
9362 ac_res="none required"
9363 else
9364 ac_res=-l$ac_lib
9365 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9366 fi
9367 if ac_fn_c_try_link "$LINENO"; then :
9368 ac_cv_search_logwtmp=$ac_res
9369fi
9370rm -f core conftest.err conftest.$ac_objext \
9371 conftest$ac_exeext
9372 if ${ac_cv_search_logwtmp+:} false; then :
9373 break
9374fi
9375done
9376if ${ac_cv_search_logwtmp+:} false; then :
9377
9378else
9379 ac_cv_search_logwtmp=no
9380fi
9381rm conftest.$ac_ext
9382LIBS=$ac_func_search_save_LIBS
9383fi
9384{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5
9385$as_echo "$ac_cv_search_logwtmp" >&6; }
9386ac_res=$ac_cv_search_logwtmp
9387if test "$ac_res" != no; then :
9388 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9389
9390fi
9391
9392{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5
9393$as_echo_n "checking for library containing openpty... " >&6; }
9394if ${ac_cv_search_openpty+:} false; then :
9395 $as_echo_n "(cached) " >&6
9396else
9397 ac_func_search_save_LIBS=$LIBS
9398cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9399/* end confdefs.h. */
9400
9401/* Override any GCC internal prototype to avoid an error.
9402 Use char because int might match the return type of a GCC
9403 builtin and then its argument prototype would still apply. */
9404#ifdef __cplusplus
9405extern "C"
9406#endif
9407char openpty ();
9408int
9409main ()
9410{
9411return openpty ();
9412 ;
9413 return 0;
9414}
9415_ACEOF
9416for ac_lib in '' util bsd; do
9417 if test -z "$ac_lib"; then
9418 ac_res="none required"
9419 else
9420 ac_res=-l$ac_lib
9421 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9422 fi
9423 if ac_fn_c_try_link "$LINENO"; then :
9424 ac_cv_search_openpty=$ac_res
9425fi
9426rm -f core conftest.err conftest.$ac_objext \
9427 conftest$ac_exeext
9428 if ${ac_cv_search_openpty+:} false; then :
9429 break
9430fi
9431done
9432if ${ac_cv_search_openpty+:} false; then :
9433
9434else
9435 ac_cv_search_openpty=no
9436fi
9437rm conftest.$ac_ext
9438LIBS=$ac_func_search_save_LIBS
9439fi
9440{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5
9441$as_echo "$ac_cv_search_openpty" >&6; }
9442ac_res=$ac_cv_search_openpty
9443if test "$ac_res" != no; then :
9444 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9445
9446fi
9447
9448{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5
9449$as_echo_n "checking for library containing updwtmp... " >&6; }
9450if ${ac_cv_search_updwtmp+:} false; then :
9451 $as_echo_n "(cached) " >&6
9452else
9453 ac_func_search_save_LIBS=$LIBS
9454cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9455/* end confdefs.h. */
9456
9457/* Override any GCC internal prototype to avoid an error.
9458 Use char because int might match the return type of a GCC
9459 builtin and then its argument prototype would still apply. */
9460#ifdef __cplusplus
9461extern "C"
9462#endif
9463char updwtmp ();
9464int
9465main ()
9466{
9467return updwtmp ();
9468 ;
9469 return 0;
9470}
9471_ACEOF
9472for ac_lib in '' util bsd; do
9473 if test -z "$ac_lib"; then
9474 ac_res="none required"
9475 else
9476 ac_res=-l$ac_lib
9477 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9478 fi
9479 if ac_fn_c_try_link "$LINENO"; then :
9480 ac_cv_search_updwtmp=$ac_res
9481fi
9482rm -f core conftest.err conftest.$ac_objext \
9483 conftest$ac_exeext
9484 if ${ac_cv_search_updwtmp+:} false; then :
9485 break
9486fi
9487done
9488if ${ac_cv_search_updwtmp+:} false; then :
9489
9490else
9491 ac_cv_search_updwtmp=no
9492fi
9493rm conftest.$ac_ext
9494LIBS=$ac_func_search_save_LIBS
9495fi
9496{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5
9497$as_echo "$ac_cv_search_updwtmp" >&6; }
9498ac_res=$ac_cv_search_updwtmp
9499if test "$ac_res" != no; then :
9500 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9501
9502fi
9503
9504for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp
9505do :
9506 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
9507ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
9508if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
9509 cat >>confdefs.h <<_ACEOF
9510#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
9511_ACEOF
9512
9513fi
9514done
9515
9516
9517# On some platforms, inet_ntop and gethostbyname may be found in libresolv
9518# or libnsl.
9519{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5
9520$as_echo_n "checking for library containing inet_ntop... " >&6; }
9521if ${ac_cv_search_inet_ntop+:} false; then :
9522 $as_echo_n "(cached) " >&6
9523else
9524 ac_func_search_save_LIBS=$LIBS
9525cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9526/* end confdefs.h. */
9527
9528/* Override any GCC internal prototype to avoid an error.
9529 Use char because int might match the return type of a GCC
9530 builtin and then its argument prototype would still apply. */
9531#ifdef __cplusplus
9532extern "C"
9533#endif
9534char inet_ntop ();
9535int
9536main ()
9537{
9538return inet_ntop ();
9539 ;
9540 return 0;
9541}
9542_ACEOF
9543for ac_lib in '' resolv nsl; do
9544 if test -z "$ac_lib"; then
9545 ac_res="none required"
9546 else
9547 ac_res=-l$ac_lib
9548 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9549 fi
9550 if ac_fn_c_try_link "$LINENO"; then :
9551 ac_cv_search_inet_ntop=$ac_res
9552fi
9553rm -f core conftest.err conftest.$ac_objext \
9554 conftest$ac_exeext
9555 if ${ac_cv_search_inet_ntop+:} false; then :
9556 break
9557fi
9558done
9559if ${ac_cv_search_inet_ntop+:} false; then :
9560
9561else
9562 ac_cv_search_inet_ntop=no
9563fi
9564rm conftest.$ac_ext
9565LIBS=$ac_func_search_save_LIBS
9566fi
9567{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5
9568$as_echo "$ac_cv_search_inet_ntop" >&6; }
9569ac_res=$ac_cv_search_inet_ntop
9570if test "$ac_res" != no; then :
9571 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9572
9573fi
9574
9575{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
9576$as_echo_n "checking for library containing gethostbyname... " >&6; }
9577if ${ac_cv_search_gethostbyname+:} false; then :
9578 $as_echo_n "(cached) " >&6
9579else
9580 ac_func_search_save_LIBS=$LIBS
9581cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9582/* end confdefs.h. */
9583
9584/* Override any GCC internal prototype to avoid an error.
9585 Use char because int might match the return type of a GCC
9586 builtin and then its argument prototype would still apply. */
9587#ifdef __cplusplus
9588extern "C"
9589#endif
9590char gethostbyname ();
9591int
9592main ()
9593{
9594return gethostbyname ();
9595 ;
9596 return 0;
9597}
9598_ACEOF
9599for ac_lib in '' resolv nsl; do
9600 if test -z "$ac_lib"; then
9601 ac_res="none required"
9602 else
9603 ac_res=-l$ac_lib
9604 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9605 fi
9606 if ac_fn_c_try_link "$LINENO"; then :
9607 ac_cv_search_gethostbyname=$ac_res
9608fi
9609rm -f core conftest.err conftest.$ac_objext \
9610 conftest$ac_exeext
9611 if ${ac_cv_search_gethostbyname+:} false; then :
9612 break
9613fi
9614done
9615if ${ac_cv_search_gethostbyname+:} false; then :
9616
9617else
9618 ac_cv_search_gethostbyname=no
9619fi
9620rm conftest.$ac_ext
9621LIBS=$ac_func_search_save_LIBS
9622fi
9623{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5
9624$as_echo "$ac_cv_search_gethostbyname" >&6; }
9625ac_res=$ac_cv_search_gethostbyname
9626if test "$ac_res" != no; then :
9627 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9628
9629fi
9630
9631
9632for ac_func in strftime
9633do :
9634 ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
9635if test "x$ac_cv_func_strftime" = xyes; then :
9636 cat >>confdefs.h <<_ACEOF
9637#define HAVE_STRFTIME 1
9638_ACEOF
9639
9640else
9641 # strftime is in -lintl on SCO UNIX.
9642{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5
9643$as_echo_n "checking for strftime in -lintl... " >&6; }
9644if ${ac_cv_lib_intl_strftime+:} false; then :
9645 $as_echo_n "(cached) " >&6
9646else
9647 ac_check_lib_save_LIBS=$LIBS
9648LIBS="-lintl $LIBS"
9649cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9650/* end confdefs.h. */
9651
9652/* Override any GCC internal prototype to avoid an error.
9653 Use char because int might match the return type of a GCC
9654 builtin and then its argument prototype would still apply. */
9655#ifdef __cplusplus
9656extern "C"
9657#endif
9658char strftime ();
9659int
9660main ()
9661{
9662return strftime ();
9663 ;
9664 return 0;
9665}
9666_ACEOF
9667if ac_fn_c_try_link "$LINENO"; then :
9668 ac_cv_lib_intl_strftime=yes
9669else
9670 ac_cv_lib_intl_strftime=no
9671fi
9672rm -f core conftest.err conftest.$ac_objext \
9673 conftest$ac_exeext conftest.$ac_ext
9674LIBS=$ac_check_lib_save_LIBS
9675fi
9676{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5
9677$as_echo "$ac_cv_lib_intl_strftime" >&6; }
9678if test "x$ac_cv_lib_intl_strftime" = xyes; then :
9679 $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h
9680
9681LIBS="-lintl $LIBS"
9682fi
9683
9684fi
9685done
9686
9687
9688# Check for ALTDIRFUNC glob() extension
9689{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5
9690$as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; }
9691cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9692/* end confdefs.h. */
9693
9694 #include <glob.h>
9695 #ifdef GLOB_ALTDIRFUNC
9696 FOUNDIT
9697 #endif
9698
9699_ACEOF
9700if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
9701 $EGREP "FOUNDIT" >/dev/null 2>&1; then :
9702
9703
9704$as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h
9705
9706 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9707$as_echo "yes" >&6; }
9708
9709else
9710
9711 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9712$as_echo "no" >&6; }
9713
9714
9715fi
9716rm -f conftest*
9717
9718
9719# Check for g.gl_matchc glob() extension
9720{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5
9721$as_echo_n "checking for gl_matchc field in glob_t... " >&6; }
9722cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9723/* end confdefs.h. */
9724 #include <glob.h>
9725int
9726main ()
9727{
9728 glob_t g; g.gl_matchc = 1;
9729 ;
9730 return 0;
9731}
9732_ACEOF
9733if ac_fn_c_try_compile "$LINENO"; then :
9734
9735
9736$as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h
9737
9738 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9739$as_echo "yes" >&6; }
9740
9741else
9742
9743 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9744$as_echo "no" >&6; }
9745
9746fi
9747rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
9748
9749# Check for g.gl_statv glob() extension
9750{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5
9751$as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; }
9752cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9753/* end confdefs.h. */
9754 #include <glob.h>
9755int
9756main ()
9757{
9758
9759#ifndef GLOB_KEEPSTAT
9760#error "glob does not support GLOB_KEEPSTAT extension"
9761#endif
9762glob_t g;
9763g.gl_statv = NULL;
9764
9765 ;
9766 return 0;
9767}
9768_ACEOF
9769if ac_fn_c_try_compile "$LINENO"; then :
9770
9771
9772$as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h
9773
9774 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9775$as_echo "yes" >&6; }
9776
9777else
9778
9779 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9780$as_echo "no" >&6; }
9781
9782
9783fi
9784rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
9785
9786ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h>
9787"
9788if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then :
9789 ac_have_decl=1
9790else
9791 ac_have_decl=0
9792fi
9793
9794cat >>confdefs.h <<_ACEOF
9795#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl
9796_ACEOF
9797
9798
9799ac_fn_c_check_decl "$LINENO" "VIS_ALL" "ac_cv_have_decl_VIS_ALL" "#include <vis.h>
9800"
9801if test "x$ac_cv_have_decl_VIS_ALL" = xyes; then :
9802
9803else
9804
9805$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
9806
9807fi
9808
9809
9810{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5
9811$as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; }
9812if test "$cross_compiling" = yes; then :
9813
9814 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5
9815$as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;}
9816 $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
9817
9818
9819
9820else
9821 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9822/* end confdefs.h. */
9823
9824#include <sys/types.h>
9825#include <dirent.h>
9826int
9827main ()
9828{
9829
9830 struct dirent d;
9831 exit(sizeof(d.d_name)<=sizeof(char));
9832
9833 ;
9834 return 0;
9835}
9836_ACEOF
9837if ac_fn_c_try_run "$LINENO"; then :
9838 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9839$as_echo "yes" >&6; }
9840else
9841
9842 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9843$as_echo "no" >&6; }
9844
9845$as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
9846
9847
9848fi
9849rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
9850 conftest.$ac_objext conftest.beam conftest.$ac_ext
9851fi
9852
9853
9854{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5
9855$as_echo_n "checking for /proc/pid/fd directory... " >&6; }
9856if test -d "/proc/$$/fd" ; then
9857
9858$as_echo "#define HAVE_PROC_PID 1" >>confdefs.h
9859
9860 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9861$as_echo "yes" >&6; }
9862else
9863 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9864$as_echo "no" >&6; }
9865fi
9866
9867# Check whether user wants S/Key support
9868SKEY_MSG="no"
9869
9870# Check whether --with-skey was given.
9871if test "${with_skey+set}" = set; then :
9872 withval=$with_skey;
9873 if test "x$withval" != "xno" ; then
9874
9875 if test "x$withval" != "xyes" ; then
9876 CPPFLAGS="$CPPFLAGS -I${withval}/include"
9877 LDFLAGS="$LDFLAGS -L${withval}/lib"
9878 fi
9879
9880
9881$as_echo "#define SKEY 1" >>confdefs.h
9882
9883 LIBS="-lskey $LIBS"
9884 SKEY_MSG="yes"
9885
9886 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5
9887$as_echo_n "checking for s/key support... " >&6; }
9888 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9889/* end confdefs.h. */
9890
9891#include <stdio.h>
9892#include <skey.h>
9893
9894int
9895main ()
9896{
9897
9898 char *ff = skey_keyinfo(""); ff="";
9899 exit(0);
9900
9901 ;
9902 return 0;
9903}
9904_ACEOF
9905if ac_fn_c_try_link "$LINENO"; then :
9906 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9907$as_echo "yes" >&6; }
9908else
9909
9910 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9911$as_echo "no" >&6; }
9912 as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5
9913
9914fi
9915rm -f core conftest.err conftest.$ac_objext \
9916 conftest$ac_exeext conftest.$ac_ext
9917 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5
9918$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; }
9919 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9920/* end confdefs.h. */
9921
9922#include <stdio.h>
9923#include <skey.h>
9924
9925int
9926main ()
9927{
9928
9929 (void)skeychallenge(NULL,"name","",0);
9930
9931 ;
9932 return 0;
9933}
9934_ACEOF
9935if ac_fn_c_try_compile "$LINENO"; then :
9936
9937 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9938$as_echo "yes" >&6; }
9939
9940$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h
9941
9942else
9943
9944 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9945$as_echo "no" >&6; }
9946
9947fi
9948rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
9949 fi
9950
9951
9952fi
9953
9954
9955# Check whether user wants to use ldns
9956LDNS_MSG="no"
9957
9958# Check whether --with-ldns was given.
9959if test "${with_ldns+set}" = set; then :
9960 withval=$with_ldns;
9961 if test "x$withval" != "xno" ; then
9962
9963 if test "x$withval" != "xyes" ; then
9964 CPPFLAGS="$CPPFLAGS -I${withval}/include"
9965 LDFLAGS="$LDFLAGS -L${withval}/lib"
9966 fi
9967
9968
9969$as_echo "#define HAVE_LDNS 1" >>confdefs.h
9970
9971 LIBS="-lldns $LIBS"
9972 LDNS_MSG="yes"
9973
9974 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
9975$as_echo_n "checking for ldns support... " >&6; }
9976 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9977/* end confdefs.h. */
9978
9979#include <stdio.h>
9980#include <stdlib.h>
9981#include <stdint.h>
9982#include <ldns/ldns.h>
9983int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
9984
9985
9986_ACEOF
9987if ac_fn_c_try_link "$LINENO"; then :
9988 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9989$as_echo "yes" >&6; }
9990else
9991
9992 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9993$as_echo "no" >&6; }
9994 as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5
9995
9996fi
9997rm -f core conftest.err conftest.$ac_objext \
9998 conftest$ac_exeext conftest.$ac_ext
9999 fi
10000
10001
10002fi
10003
10004
10005# Check whether user wants libedit support
10006LIBEDIT_MSG="no"
10007
10008# Check whether --with-libedit was given.
10009if test "${with_libedit+set}" = set; then :
10010 withval=$with_libedit; if test "x$withval" != "xno" ; then
10011 if test "x$withval" = "xyes" ; then
10012 if test -n "$ac_tool_prefix"; then
10013 # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
10014set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
10015{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10016$as_echo_n "checking for $ac_word... " >&6; }
10017if ${ac_cv_path_PKGCONFIG+:} false; then :
10018 $as_echo_n "(cached) " >&6
10019else
10020 case $PKGCONFIG in
10021 [\\/]* | ?:[\\/]*)
10022 ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
10023 ;;
10024 *)
10025 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10026for as_dir in $PATH
10027do
10028 IFS=$as_save_IFS
10029 test -z "$as_dir" && as_dir=.
10030 for ac_exec_ext in '' $ac_executable_extensions; do
10031 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10032 ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
10033 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10034 break 2
10035 fi
10036done
10037 done
10038IFS=$as_save_IFS
10039
10040 ;;
10041esac
10042fi
10043PKGCONFIG=$ac_cv_path_PKGCONFIG
10044if test -n "$PKGCONFIG"; then
10045 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
10046$as_echo "$PKGCONFIG" >&6; }
10047else
10048 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10049$as_echo "no" >&6; }
10050fi
10051
10052
10053fi
10054if test -z "$ac_cv_path_PKGCONFIG"; then
10055 ac_pt_PKGCONFIG=$PKGCONFIG
10056 # Extract the first word of "pkg-config", so it can be a program name with args.
10057set dummy pkg-config; ac_word=$2
10058{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10059$as_echo_n "checking for $ac_word... " >&6; }
10060if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
10061 $as_echo_n "(cached) " >&6
10062else
10063 case $ac_pt_PKGCONFIG in
10064 [\\/]* | ?:[\\/]*)
10065 ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
10066 ;;
10067 *)
10068 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10069for as_dir in $PATH
10070do
10071 IFS=$as_save_IFS
10072 test -z "$as_dir" && as_dir=.
10073 for ac_exec_ext in '' $ac_executable_extensions; do
10074 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10075 ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
10076 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10077 break 2
10078 fi
10079done
10080 done
10081IFS=$as_save_IFS
10082
10083 ;;
10084esac
10085fi
10086ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
10087if test -n "$ac_pt_PKGCONFIG"; then
10088 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
10089$as_echo "$ac_pt_PKGCONFIG" >&6; }
10090else
10091 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10092$as_echo "no" >&6; }
10093fi
10094
10095 if test "x$ac_pt_PKGCONFIG" = x; then
10096 PKGCONFIG="no"
10097 else
10098 case $cross_compiling:$ac_tool_warned in
10099yes:)
10100{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
10101$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
10102ac_tool_warned=yes ;;
10103esac
10104 PKGCONFIG=$ac_pt_PKGCONFIG
10105 fi
10106else
10107 PKGCONFIG="$ac_cv_path_PKGCONFIG"
10108fi
10109
10110 if test "x$PKGCONFIG" != "xno"; then
10111 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5
10112$as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; }
10113 if "$PKGCONFIG" libedit; then
10114 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10115$as_echo "yes" >&6; }
10116 use_pkgconfig_for_libedit=yes
10117 else
10118 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10119$as_echo "no" >&6; }
10120 fi
10121 fi
10122 else
10123 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10124 if test -n "${need_dash_r}"; then
10125 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
10126 else
10127 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
10128 fi
10129 fi
10130 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
10131 LIBEDIT=`$PKGCONFIG --libs libedit`
10132 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
10133 else
10134 LIBEDIT="-ledit -lcurses"
10135 fi
10136 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
10137 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5
10138$as_echo_n "checking for el_init in -ledit... " >&6; }
10139if ${ac_cv_lib_edit_el_init+:} false; then :
10140 $as_echo_n "(cached) " >&6
10141else
10142 ac_check_lib_save_LIBS=$LIBS
10143LIBS="-ledit $OTHERLIBS
10144 $LIBS"
10145cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10146/* end confdefs.h. */
10147
10148/* Override any GCC internal prototype to avoid an error.
10149 Use char because int might match the return type of a GCC
10150 builtin and then its argument prototype would still apply. */
10151#ifdef __cplusplus
10152extern "C"
10153#endif
10154char el_init ();
10155int
10156main ()
10157{
10158return el_init ();
10159 ;
10160 return 0;
10161}
10162_ACEOF
10163if ac_fn_c_try_link "$LINENO"; then :
10164 ac_cv_lib_edit_el_init=yes
10165else
10166 ac_cv_lib_edit_el_init=no
10167fi
10168rm -f core conftest.err conftest.$ac_objext \
10169 conftest$ac_exeext conftest.$ac_ext
10170LIBS=$ac_check_lib_save_LIBS
10171fi
10172{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5
10173$as_echo "$ac_cv_lib_edit_el_init" >&6; }
10174if test "x$ac_cv_lib_edit_el_init" = xyes; then :
10175
10176$as_echo "#define USE_LIBEDIT 1" >>confdefs.h
10177
10178 LIBEDIT_MSG="yes"
10179
10180
10181else
10182 as_fn_error $? "libedit not found" "$LINENO" 5
10183fi
10184
10185 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5
10186$as_echo_n "checking if libedit version is compatible... " >&6; }
10187 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10188/* end confdefs.h. */
10189 #include <histedit.h>
10190int
10191main ()
10192{
10193
10194 int i = H_SETSIZE;
10195 el_init("", NULL, NULL, NULL);
10196 exit(0);
10197
10198 ;
10199 return 0;
10200}
10201_ACEOF
10202if ac_fn_c_try_compile "$LINENO"; then :
10203 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10204$as_echo "yes" >&6; }
10205else
10206 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10207$as_echo "no" >&6; }
10208 as_fn_error $? "libedit version is not compatible" "$LINENO" 5
10209
10210fi
10211rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10212 fi
10213
10214fi
10215
10216
10217AUDIT_MODULE=none
10218
10219# Check whether --with-audit was given.
10220if test "${with_audit+set}" = set; then :
10221 withval=$with_audit;
10222 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5
10223$as_echo_n "checking for supported audit module... " >&6; }
10224 case "$withval" in
10225 bsm)
10226 { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5
10227$as_echo "bsm" >&6; }
10228 AUDIT_MODULE=bsm
10229 for ac_header in bsm/audit.h
10230do :
10231 ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" "
10232#ifdef HAVE_TIME_H
10233# include <time.h>
10234#endif
10235
10236
10237"
10238if test "x$ac_cv_header_bsm_audit_h" = xyes; then :
10239 cat >>confdefs.h <<_ACEOF
10240#define HAVE_BSM_AUDIT_H 1
10241_ACEOF
10242
10243else
10244 as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5
10245fi
10246
10247done
10248
10249 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5
10250$as_echo_n "checking for getaudit in -lbsm... " >&6; }
10251if ${ac_cv_lib_bsm_getaudit+:} false; then :
10252 $as_echo_n "(cached) " >&6
10253else
10254 ac_check_lib_save_LIBS=$LIBS
10255LIBS="-lbsm $LIBS"
10256cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10257/* end confdefs.h. */
10258
10259/* Override any GCC internal prototype to avoid an error.
10260 Use char because int might match the return type of a GCC
10261 builtin and then its argument prototype would still apply. */
10262#ifdef __cplusplus
10263extern "C"
10264#endif
10265char getaudit ();
10266int
10267main ()
10268{
10269return getaudit ();
10270 ;
10271 return 0;
10272}
10273_ACEOF
10274if ac_fn_c_try_link "$LINENO"; then :
10275 ac_cv_lib_bsm_getaudit=yes
10276else
10277 ac_cv_lib_bsm_getaudit=no
10278fi
10279rm -f core conftest.err conftest.$ac_objext \
10280 conftest$ac_exeext conftest.$ac_ext
10281LIBS=$ac_check_lib_save_LIBS
10282fi
10283{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5
10284$as_echo "$ac_cv_lib_bsm_getaudit" >&6; }
10285if test "x$ac_cv_lib_bsm_getaudit" = xyes; then :
10286 cat >>confdefs.h <<_ACEOF
10287#define HAVE_LIBBSM 1
10288_ACEOF
10289
10290 LIBS="-lbsm $LIBS"
10291
10292else
10293 as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5
10294fi
10295
10296 for ac_func in getaudit
10297do :
10298 ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit"
10299if test "x$ac_cv_func_getaudit" = xyes; then :
10300 cat >>confdefs.h <<_ACEOF
10301#define HAVE_GETAUDIT 1
10302_ACEOF
10303
10304else
10305 as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5
10306fi
10307done
10308
10309 # These are optional
10310 for ac_func in getaudit_addr aug_get_machine
10311do :
10312 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
10313ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
10314if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
10315 cat >>confdefs.h <<_ACEOF
10316#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
10317_ACEOF
10318
10319fi
10320done
10321
10322
10323$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h
10324
10325 if test "$sol2ver" -ge 11; then
10326 SSHDLIBS="$SSHDLIBS -lscf"
10327
10328$as_echo "#define BROKEN_BSM_API 1" >>confdefs.h
10329
10330 fi
10331 ;;
10332 linux)
10333 { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5
10334$as_echo "linux" >&6; }
10335 AUDIT_MODULE=linux
10336 for ac_header in libaudit.h
10337do :
10338 ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default"
10339if test "x$ac_cv_header_libaudit_h" = xyes; then :
10340 cat >>confdefs.h <<_ACEOF
10341#define HAVE_LIBAUDIT_H 1
10342_ACEOF
10343
10344fi
10345
10346done
10347
10348 SSHDLIBS="$SSHDLIBS -laudit"
10349
10350$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h
10351
10352 ;;
10353 debug)
10354 AUDIT_MODULE=debug
10355 { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
10356$as_echo "debug" >&6; }
10357
10358$as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h
10359
10360 ;;
10361 no)
10362 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10363$as_echo "no" >&6; }
10364 ;;
10365 *)
10366 as_fn_error $? "Unknown audit module $withval" "$LINENO" 5
10367 ;;
10368 esac
10369
10370fi
10371
10372
10373
10374# Check whether --with-pie was given.
10375if test "${with_pie+set}" = set; then :
10376 withval=$with_pie;
10377 if test "x$withval" = "xno"; then
10378 use_pie=no
10379 fi
10380 if test "x$withval" = "xyes"; then
10381 use_pie=yes
10382 fi
10383
10384
10385fi
10386
10387if test "x$use_pie" = "x"; then
10388 use_pie=no
10389fi
10390if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
10391 # Turn off automatic PIE when toolchain hardening is off.
10392 use_pie=no
10393fi
10394if test "x$use_pie" = "xauto"; then
10395 # Automatic PIE requires gcc >= 4.x
10396 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5
10397$as_echo_n "checking for gcc >= 4.x... " >&6; }
10398 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10399/* end confdefs.h. */
10400
10401#if !defined(__GNUC__) || __GNUC__ < 4
10402#error gcc is too old
10403#endif
10404
10405_ACEOF
10406if ac_fn_c_try_compile "$LINENO"; then :
10407 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10408$as_echo "yes" >&6; }
10409else
10410 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10411$as_echo "no" >&6; }
10412 use_pie=no
10413
10414fi
10415rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10416fi
10417if test "x$use_pie" != "xno"; then
10418 SAVED_CFLAGS="$CFLAGS"
10419 SAVED_LDFLAGS="$LDFLAGS"
10420 {
10421 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5
10422$as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; }
10423 saved_CFLAGS="$CFLAGS"
10424 CFLAGS="$CFLAGS $WERROR -fPIE"
10425 _define_flag=""
10426 test "x$_define_flag" = "x" && _define_flag="-fPIE"
10427 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10428/* end confdefs.h. */
10429
10430#include <stdlib.h>
10431#include <stdio.h>
10432int main(int argc, char **argv) {
10433 /* Some math to catch -ftrapv problems in the toolchain */
10434 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
10435 float l = i * 2.1;
10436 double m = l / 0.5;
10437 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
10438 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
10439 exit(0);
10440}
10441
10442_ACEOF
10443if ac_fn_c_try_compile "$LINENO"; then :
10444
10445if `grep -i "unrecognized option" conftest.err >/dev/null`
10446then
10447 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10448$as_echo "no" >&6; }
10449 CFLAGS="$saved_CFLAGS"
10450else
10451 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10452$as_echo "yes" >&6; }
10453 CFLAGS="$saved_CFLAGS $_define_flag"
10454fi
10455else
10456 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10457$as_echo "no" >&6; }
10458 CFLAGS="$saved_CFLAGS"
10459
10460fi
10461rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10462}
10463 {
10464 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5
10465$as_echo_n "checking if $LD supports link flag -pie... " >&6; }
10466 saved_LDFLAGS="$LDFLAGS"
10467 LDFLAGS="$LDFLAGS $WERROR -pie"
10468 _define_flag=""
10469 test "x$_define_flag" = "x" && _define_flag="-pie"
10470 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10471/* end confdefs.h. */
10472
10473#include <stdlib.h>
10474#include <stdio.h>
10475int main(int argc, char **argv) {
10476 /* Some math to catch -ftrapv problems in the toolchain */
10477 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
10478 float l = i * 2.1;
10479 double m = l / 0.5;
10480 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
10481 long long p = n * o;
10482 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
10483 exit(0);
10484}
10485
10486_ACEOF
10487if ac_fn_c_try_link "$LINENO"; then :
10488 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10489$as_echo "yes" >&6; }
10490 LDFLAGS="$saved_LDFLAGS $_define_flag"
10491else
10492 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10493$as_echo "no" >&6; }
10494 LDFLAGS="$saved_LDFLAGS"
10495
10496fi
10497rm -f core conftest.err conftest.$ac_objext \
10498 conftest$ac_exeext conftest.$ac_ext
10499}
10500 # We use both -fPIE and -pie or neither.
10501 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5
10502$as_echo_n "checking whether both -fPIE and -pie are supported... " >&6; }
10503 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
10504 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
10505 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10506$as_echo "yes" >&6; }
10507 else
10508 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10509$as_echo "no" >&6; }
10510 CFLAGS="$SAVED_CFLAGS"
10511 LDFLAGS="$SAVED_LDFLAGS"
10512 fi
10513fi
10514
10515for ac_func in \
10516 Blowfish_initstate \
10517 Blowfish_expandstate \
10518 Blowfish_expand0state \
10519 Blowfish_stream2word \
10520 asprintf \
10521 b64_ntop \
10522 __b64_ntop \
10523 b64_pton \
10524 __b64_pton \
10525 bcopy \
10526 bcrypt_pbkdf \
10527 bindresvport_sa \
10528 blf_enc \
10529 cap_rights_limit \
10530 clock \
10531 closefrom \
10532 dirfd \
10533 endgrent \
10534 err \
10535 errx \
10536 explicit_bzero \
10537 fchmod \
10538 fchown \
10539 freeaddrinfo \
10540 fstatfs \
10541 fstatvfs \
10542 futimes \
10543 getaddrinfo \
10544 getcwd \
10545 getgrouplist \
10546 getnameinfo \
10547 getopt \
10548 getpeereid \
10549 getpeerucred \
10550 getpgid \
10551 getpgrp \
10552 _getpty \
10553 getrlimit \
10554 getttyent \
10555 glob \
10556 group_from_gid \
10557 inet_aton \
10558 inet_ntoa \
10559 inet_ntop \
10560 innetgr \
10561 login_getcapbool \
10562 md5_crypt \
10563 memmove \
10564 memset_s \
10565 mkdtemp \
10566 ngetaddrinfo \
10567 nsleep \
10568 ogetaddrinfo \
10569 openlog_r \
10570 pledge \
10571 poll \
10572 prctl \
10573 pstat \
10574 readpassphrase \
10575 reallocarray \
10576 recvmsg \
10577 rresvport_af \
10578 sendmsg \
10579 setdtablesize \
10580 setegid \
10581 setenv \
10582 seteuid \
10583 setgroupent \
10584 setgroups \
10585 setlinebuf \
10586 setlogin \
10587 setpassent\
10588 setpcred \
10589 setproctitle \
10590 setregid \
10591 setreuid \
10592 setrlimit \
10593 setsid \
10594 setvbuf \
10595 sigaction \
10596 sigvec \
10597 snprintf \
10598 socketpair \
10599 statfs \
10600 statvfs \
10601 strcasestr \
10602 strdup \
10603 strerror \
10604 strlcat \
10605 strlcpy \
10606 strmode \
10607 strnlen \
10608 strnvis \
10609 strptime \
10610 strtonum \
10611 strtoll \
10612 strtoul \
10613 strtoull \
10614 swap32 \
10615 sysconf \
10616 tcgetpgrp \
10617 timingsafe_bcmp \
10618 truncate \
10619 unsetenv \
10620 updwtmpx \
10621 user_from_uid \
10622 usleep \
10623 vasprintf \
10624 vsnprintf \
10625 waitpid \
10626 warn \
10627
10628do :
10629 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
10630ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
10631if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
10632 cat >>confdefs.h <<_ACEOF
10633#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
10634_ACEOF
10635
10636fi
10637done
10638
10639
10640saved_CFLAGS="$CFLAGS"
10641CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
10642for ac_func in mblen mbtowc nl_langinfo wcwidth
10643do :
10644 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
10645ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
10646if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
10647 cat >>confdefs.h <<_ACEOF
10648#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
10649_ACEOF
10650
10651fi
10652done
10653
10654CFLAGS="$saved_CFLAGS"
10655
10656TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
10657{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5
10658$as_echo_n "checking for utf8 locale support... " >&6; }
10659if test "$cross_compiling" = yes; then :
10660 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
10661$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
10662
10663else
10664 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10665/* end confdefs.h. */
10666
10667#include <locale.h>
10668#include <stdlib.h>
10669
10670int
10671main ()
10672{
10673
10674 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
10675 if (loc != NULL)
10676 exit(0);
10677 exit(1);
10678
10679 ;
10680 return 0;
10681}
10682_ACEOF
10683if ac_fn_c_try_run "$LINENO"; then :
10684 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10685$as_echo "yes" >&6; }
10686else
10687 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10688$as_echo "no" >&6; }
10689 TEST_SSH_UTF8=no
10690fi
10691rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
10692 conftest.$ac_objext conftest.beam conftest.$ac_ext
10693fi
10694
10695
10696cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10697/* end confdefs.h. */
10698 #include <ctype.h>
10699int
10700main ()
10701{
10702 return (isblank('a'));
10703 ;
10704 return 0;
10705}
10706_ACEOF
10707if ac_fn_c_try_link "$LINENO"; then :
10708
10709$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h
10710
10711
10712fi
10713rm -f core conftest.err conftest.$ac_objext \
10714 conftest$ac_exeext conftest.$ac_ext
10715
10716disable_pkcs11=
10717# Check whether --enable-pkcs11 was given.
10718if test "${enable_pkcs11+set}" = set; then :
10719 enableval=$enable_pkcs11;
10720 if test "x$enableval" = "xno" ; then
10721 disable_pkcs11=1
10722 fi
10723
10724
10725fi
10726
10727
10728# PKCS11 depends on OpenSSL.
10729if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
10730 # PKCS#11 support requires dlopen() and co
10731 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
10732$as_echo_n "checking for library containing dlopen... " >&6; }
10733if ${ac_cv_search_dlopen+:} false; then :
10734 $as_echo_n "(cached) " >&6
10735else
10736 ac_func_search_save_LIBS=$LIBS
10737cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10738/* end confdefs.h. */
10739
10740/* Override any GCC internal prototype to avoid an error.
10741 Use char because int might match the return type of a GCC
10742 builtin and then its argument prototype would still apply. */
10743#ifdef __cplusplus
10744extern "C"
10745#endif
10746char dlopen ();
10747int
10748main ()
10749{
10750return dlopen ();
10751 ;
10752 return 0;
10753}
10754_ACEOF
10755for ac_lib in '' dl; do
10756 if test -z "$ac_lib"; then
10757 ac_res="none required"
10758 else
10759 ac_res=-l$ac_lib
10760 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
10761 fi
10762 if ac_fn_c_try_link "$LINENO"; then :
10763 ac_cv_search_dlopen=$ac_res
10764fi
10765rm -f core conftest.err conftest.$ac_objext \
10766 conftest$ac_exeext
10767 if ${ac_cv_search_dlopen+:} false; then :
10768 break
10769fi
10770done
10771if ${ac_cv_search_dlopen+:} false; then :
10772
10773else
10774 ac_cv_search_dlopen=no
10775fi
10776rm conftest.$ac_ext
10777LIBS=$ac_func_search_save_LIBS
10778fi
10779{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
10780$as_echo "$ac_cv_search_dlopen" >&6; }
10781ac_res=$ac_cv_search_dlopen
10782if test "$ac_res" != no; then :
10783 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
10784
10785$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h
10786
10787
10788fi
10789
10790fi
10791
10792# IRIX has a const char return value for gai_strerror()
10793for ac_func in gai_strerror
10794do :
10795 ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror"
10796if test "x$ac_cv_func_gai_strerror" = xyes; then :
10797 cat >>confdefs.h <<_ACEOF
10798#define HAVE_GAI_STRERROR 1
10799_ACEOF
10800
10801 $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h
10802
10803 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10804/* end confdefs.h. */
10805
10806#include <sys/types.h>
10807#include <sys/socket.h>
10808#include <netdb.h>
10809
10810const char *gai_strerror(int);
10811
10812int
10813main ()
10814{
10815
10816 char *str;
10817 str = gai_strerror(0);
10818
10819 ;
10820 return 0;
10821}
10822_ACEOF
10823if ac_fn_c_try_compile "$LINENO"; then :
10824
10825
10826$as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h
10827
10828fi
10829rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10830fi
10831done
10832
10833
10834{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5
10835$as_echo_n "checking for library containing nanosleep... " >&6; }
10836if ${ac_cv_search_nanosleep+:} false; then :
10837 $as_echo_n "(cached) " >&6
10838else
10839 ac_func_search_save_LIBS=$LIBS
10840cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10841/* end confdefs.h. */
10842
10843/* Override any GCC internal prototype to avoid an error.
10844 Use char because int might match the return type of a GCC
10845 builtin and then its argument prototype would still apply. */
10846#ifdef __cplusplus
10847extern "C"
10848#endif
10849char nanosleep ();
10850int
10851main ()
10852{
10853return nanosleep ();
10854 ;
10855 return 0;
10856}
10857_ACEOF
10858for ac_lib in '' rt posix4; do
10859 if test -z "$ac_lib"; then
10860 ac_res="none required"
10861 else
10862 ac_res=-l$ac_lib
10863 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
10864 fi
10865 if ac_fn_c_try_link "$LINENO"; then :
10866 ac_cv_search_nanosleep=$ac_res
10867fi
10868rm -f core conftest.err conftest.$ac_objext \
10869 conftest$ac_exeext
10870 if ${ac_cv_search_nanosleep+:} false; then :
10871 break
10872fi
10873done
10874if ${ac_cv_search_nanosleep+:} false; then :
10875
10876else
10877 ac_cv_search_nanosleep=no
10878fi
10879rm conftest.$ac_ext
10880LIBS=$ac_func_search_save_LIBS
10881fi
10882{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5
10883$as_echo "$ac_cv_search_nanosleep" >&6; }
10884ac_res=$ac_cv_search_nanosleep
10885if test "$ac_res" != no; then :
10886 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
10887
10888$as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h
10889
10890fi
10891
10892
10893{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
10894$as_echo_n "checking for library containing clock_gettime... " >&6; }
10895if ${ac_cv_search_clock_gettime+:} false; then :
10896 $as_echo_n "(cached) " >&6
10897else
10898 ac_func_search_save_LIBS=$LIBS
10899cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10900/* end confdefs.h. */
10901
10902/* Override any GCC internal prototype to avoid an error.
10903 Use char because int might match the return type of a GCC
10904 builtin and then its argument prototype would still apply. */
10905#ifdef __cplusplus
10906extern "C"
10907#endif
10908char clock_gettime ();
10909int
10910main ()
10911{
10912return clock_gettime ();
10913 ;
10914 return 0;
10915}
10916_ACEOF
10917for ac_lib in '' rt; do
10918 if test -z "$ac_lib"; then
10919 ac_res="none required"
10920 else
10921 ac_res=-l$ac_lib
10922 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
10923 fi
10924 if ac_fn_c_try_link "$LINENO"; then :
10925 ac_cv_search_clock_gettime=$ac_res
10926fi
10927rm -f core conftest.err conftest.$ac_objext \
10928 conftest$ac_exeext
10929 if ${ac_cv_search_clock_gettime+:} false; then :
10930 break
10931fi
10932done
10933if ${ac_cv_search_clock_gettime+:} false; then :
10934
10935else
10936 ac_cv_search_clock_gettime=no
10937fi
10938rm conftest.$ac_ext
10939LIBS=$ac_func_search_save_LIBS
10940fi
10941{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
10942$as_echo "$ac_cv_search_clock_gettime" >&6; }
10943ac_res=$ac_cv_search_clock_gettime
10944if test "$ac_res" != no; then :
10945 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
10946
10947$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h
10948
10949fi
10950
10951
10952ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default"
10953if test "x$ac_cv_have_decl_getrusage" = xyes; then :
10954 for ac_func in getrusage
10955do :
10956 ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage"
10957if test "x$ac_cv_func_getrusage" = xyes; then :
10958 cat >>confdefs.h <<_ACEOF
10959#define HAVE_GETRUSAGE 1
10960_ACEOF
10961
10962fi
10963done
10964
10965fi
10966
10967ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" "
10968#ifdef HAVE_STRING_H
10969# include <string.h>
10970#endif
10971
10972"
10973if test "x$ac_cv_have_decl_strsep" = xyes; then :
10974 for ac_func in strsep
10975do :
10976 ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep"
10977if test "x$ac_cv_func_strsep" = xyes; then :
10978 cat >>confdefs.h <<_ACEOF
10979#define HAVE_STRSEP 1
10980_ACEOF
10981
10982fi
10983done
10984
10985fi
10986
10987
10988ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h>
10989
10990"
10991if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then :
10992 $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h
10993
10994else
10995 for ac_func in tcsendbreak
10996do :
10997 ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak"
10998if test "x$ac_cv_func_tcsendbreak" = xyes; then :
10999 cat >>confdefs.h <<_ACEOF
11000#define HAVE_TCSENDBREAK 1
11001_ACEOF
11002
11003fi
11004done
11005
11006fi
11007
11008
11009ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h>
11010"
11011if test "x$ac_cv_have_decl_h_errno" = xyes; then :
11012 ac_have_decl=1
11013else
11014 ac_have_decl=0
11015fi
11016
11017cat >>confdefs.h <<_ACEOF
11018#define HAVE_DECL_H_ERRNO $ac_have_decl
11019_ACEOF
11020
11021
11022ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" "
11023#include <sys/types.h>
11024#include <sys/socket.h>
11025
11026"
11027if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then :
11028 ac_have_decl=1
11029else
11030 ac_have_decl=0
11031fi
11032
11033cat >>confdefs.h <<_ACEOF
11034#define HAVE_DECL_SHUT_RD $ac_have_decl
11035_ACEOF
11036
11037
11038ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" "
11039#include <sys/types.h>
11040#ifdef HAVE_SYS_STAT_H
11041# include <sys/stat.h>
11042#endif
11043#ifdef HAVE_FCNTL_H
11044# include <fcntl.h>
11045#endif
11046
11047"
11048if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then :
11049 ac_have_decl=1
11050else
11051 ac_have_decl=0
11052fi
11053
11054cat >>confdefs.h <<_ACEOF
11055#define HAVE_DECL_O_NONBLOCK $ac_have_decl
11056_ACEOF
11057
11058
11059ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" "
11060#include <sys/types.h>
11061#include <sys/uio.h>
11062#include <unistd.h>
11063
11064"
11065if test "x$ac_cv_have_decl_writev" = xyes; then :
11066 ac_have_decl=1
11067else
11068 ac_have_decl=0
11069fi
11070
11071cat >>confdefs.h <<_ACEOF
11072#define HAVE_DECL_WRITEV $ac_have_decl
11073_ACEOF
11074
11075
11076ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" "
11077#include <sys/param.h>
11078
11079"
11080if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then :
11081 ac_have_decl=1
11082else
11083 ac_have_decl=0
11084fi
11085
11086cat >>confdefs.h <<_ACEOF
11087#define HAVE_DECL_MAXSYMLINKS $ac_have_decl
11088_ACEOF
11089
11090
11091ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" "
11092#include <stddef.h>
11093
11094"
11095if test "x$ac_cv_have_decl_offsetof" = xyes; then :
11096 ac_have_decl=1
11097else
11098 ac_have_decl=0
11099fi
11100
11101cat >>confdefs.h <<_ACEOF
11102#define HAVE_DECL_OFFSETOF $ac_have_decl
11103_ACEOF
11104
11105
11106# extra bits for select(2)
11107ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" "
11108#include <sys/param.h>
11109#include <sys/types.h>
11110#ifdef HAVE_SYS_SYSMACROS_H
11111#include <sys/sysmacros.h>
11112#endif
11113#ifdef HAVE_SYS_SELECT_H
11114#include <sys/select.h>
11115#endif
11116#ifdef HAVE_SYS_TIME_H
11117#include <sys/time.h>
11118#endif
11119#ifdef HAVE_UNISTD_H
11120#include <unistd.h>
11121#endif
11122
11123"
11124if test "x$ac_cv_have_decl_howmany" = xyes; then :
11125 ac_have_decl=1
11126else
11127 ac_have_decl=0
11128fi
11129
11130cat >>confdefs.h <<_ACEOF
11131#define HAVE_DECL_HOWMANY $ac_have_decl
11132_ACEOF
11133ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" "
11134#include <sys/param.h>
11135#include <sys/types.h>
11136#ifdef HAVE_SYS_SYSMACROS_H
11137#include <sys/sysmacros.h>
11138#endif
11139#ifdef HAVE_SYS_SELECT_H
11140#include <sys/select.h>
11141#endif
11142#ifdef HAVE_SYS_TIME_H
11143#include <sys/time.h>
11144#endif
11145#ifdef HAVE_UNISTD_H
11146#include <unistd.h>
11147#endif
11148
11149"
11150if test "x$ac_cv_have_decl_NFDBITS" = xyes; then :
11151 ac_have_decl=1
11152else
11153 ac_have_decl=0
11154fi
11155
11156cat >>confdefs.h <<_ACEOF
11157#define HAVE_DECL_NFDBITS $ac_have_decl
11158_ACEOF
11159
11160ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" "
11161#include <sys/param.h>
11162#include <sys/types.h>
11163#ifdef HAVE_SYS_SELECT_H
11164#include <sys/select.h>
11165#endif
11166#ifdef HAVE_SYS_TIME_H
11167#include <sys/time.h>
11168#endif
11169#ifdef HAVE_UNISTD_H
11170#include <unistd.h>
11171#endif
11172
11173"
11174if test "x$ac_cv_type_fd_mask" = xyes; then :
11175
11176cat >>confdefs.h <<_ACEOF
11177#define HAVE_FD_MASK 1
11178_ACEOF
11179
11180
11181fi
11182
11183
11184for ac_func in setresuid
11185do :
11186 ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
11187if test "x$ac_cv_func_setresuid" = xyes; then :
11188 cat >>confdefs.h <<_ACEOF
11189#define HAVE_SETRESUID 1
11190_ACEOF
11191
11192 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5
11193$as_echo_n "checking if setresuid seems to work... " >&6; }
11194 if test "$cross_compiling" = yes; then :
11195 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
11196$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
11197
11198else
11199 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11200/* end confdefs.h. */
11201
11202#include <stdlib.h>
11203#include <errno.h>
11204
11205int
11206main ()
11207{
11208
11209 errno=0;
11210 setresuid(0,0,0);
11211 if (errno==ENOSYS)
11212 exit(1);
11213 else
11214 exit(0);
11215
11216 ;
11217 return 0;
11218}
11219_ACEOF
11220if ac_fn_c_try_run "$LINENO"; then :
11221 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11222$as_echo "yes" >&6; }
11223else
11224
11225$as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h
11226
11227 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
11228$as_echo "not implemented" >&6; }
11229fi
11230rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11231 conftest.$ac_objext conftest.beam conftest.$ac_ext
11232fi
11233
11234
11235fi
11236done
11237
11238
11239for ac_func in setresgid
11240do :
11241 ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid"
11242if test "x$ac_cv_func_setresgid" = xyes; then :
11243 cat >>confdefs.h <<_ACEOF
11244#define HAVE_SETRESGID 1
11245_ACEOF
11246
11247 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5
11248$as_echo_n "checking if setresgid seems to work... " >&6; }
11249 if test "$cross_compiling" = yes; then :
11250 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
11251$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
11252
11253else
11254 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11255/* end confdefs.h. */
11256
11257#include <stdlib.h>
11258#include <errno.h>
11259
11260int
11261main ()
11262{
11263
11264 errno=0;
11265 setresgid(0,0,0);
11266 if (errno==ENOSYS)
11267 exit(1);
11268 else
11269 exit(0);
11270
11271 ;
11272 return 0;
11273}
11274_ACEOF
11275if ac_fn_c_try_run "$LINENO"; then :
11276 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11277$as_echo "yes" >&6; }
11278else
11279
11280$as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h
11281
11282 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
11283$as_echo "not implemented" >&6; }
11284fi
11285rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11286 conftest.$ac_objext conftest.beam conftest.$ac_ext
11287fi
11288
11289
11290fi
11291done
11292
11293
11294for ac_func in realpath
11295do :
11296 ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath"
11297if test "x$ac_cv_func_realpath" = xyes; then :
11298 cat >>confdefs.h <<_ACEOF
11299#define HAVE_REALPATH 1
11300_ACEOF
11301
11302 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if realpath works with non-existent files" >&5
11303$as_echo_n "checking if realpath works with non-existent files... " >&6; }
11304 if test "$cross_compiling" = yes; then :
11305 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5
11306$as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;}
11307
11308else
11309 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11310/* end confdefs.h. */
11311
11312#include <limits.h>
11313#include <stdlib.h>
11314#include <errno.h>
11315
11316int
11317main ()
11318{
11319
11320 char buf[PATH_MAX];
11321 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
11322 if (errno == ENOENT)
11323 exit(1);
11324 exit(0);
11325
11326 ;
11327 return 0;
11328}
11329_ACEOF
11330if ac_fn_c_try_run "$LINENO"; then :
11331 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11332$as_echo "yes" >&6; }
11333else
11334
11335$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
11336
11337 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11338$as_echo "no" >&6; }
11339fi
11340rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11341 conftest.$ac_objext conftest.beam conftest.$ac_ext
11342fi
11343
11344
11345fi
11346done
11347
11348
11349for ac_func in gettimeofday time
11350do :
11351 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11352ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11353if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11354 cat >>confdefs.h <<_ACEOF
11355#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11356_ACEOF
11357
11358fi
11359done
11360
11361for ac_func in endutent getutent getutid getutline pututline setutent
11362do :
11363 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11364ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11365if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11366 cat >>confdefs.h <<_ACEOF
11367#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11368_ACEOF
11369
11370fi
11371done
11372
11373for ac_func in utmpname
11374do :
11375 ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname"
11376if test "x$ac_cv_func_utmpname" = xyes; then :
11377 cat >>confdefs.h <<_ACEOF
11378#define HAVE_UTMPNAME 1
11379_ACEOF
11380
11381fi
11382done
11383
11384for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline
11385do :
11386 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11387ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11388if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11389 cat >>confdefs.h <<_ACEOF
11390#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11391_ACEOF
11392
11393fi
11394done
11395
11396for ac_func in setutxdb setutxent utmpxname
11397do :
11398 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11399ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11400if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11401 cat >>confdefs.h <<_ACEOF
11402#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11403_ACEOF
11404
11405fi
11406done
11407
11408for ac_func in getlastlogxbyname
11409do :
11410 ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname"
11411if test "x$ac_cv_func_getlastlogxbyname" = xyes; then :
11412 cat >>confdefs.h <<_ACEOF
11413#define HAVE_GETLASTLOGXBYNAME 1
11414_ACEOF
11415
11416fi
11417done
11418
11419
11420ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon"
11421if test "x$ac_cv_func_daemon" = xyes; then :
11422
11423$as_echo "#define HAVE_DAEMON 1" >>confdefs.h
11424
11425else
11426 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5
11427$as_echo_n "checking for daemon in -lbsd... " >&6; }
11428if ${ac_cv_lib_bsd_daemon+:} false; then :
11429 $as_echo_n "(cached) " >&6
11430else
11431 ac_check_lib_save_LIBS=$LIBS
11432LIBS="-lbsd $LIBS"
11433cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11434/* end confdefs.h. */
11435
11436/* Override any GCC internal prototype to avoid an error.
11437 Use char because int might match the return type of a GCC
11438 builtin and then its argument prototype would still apply. */
11439#ifdef __cplusplus
11440extern "C"
11441#endif
11442char daemon ();
11443int
11444main ()
11445{
11446return daemon ();
11447 ;
11448 return 0;
11449}
11450_ACEOF
11451if ac_fn_c_try_link "$LINENO"; then :
11452 ac_cv_lib_bsd_daemon=yes
11453else
11454 ac_cv_lib_bsd_daemon=no
11455fi
11456rm -f core conftest.err conftest.$ac_objext \
11457 conftest$ac_exeext conftest.$ac_ext
11458LIBS=$ac_check_lib_save_LIBS
11459fi
11460{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5
11461$as_echo "$ac_cv_lib_bsd_daemon" >&6; }
11462if test "x$ac_cv_lib_bsd_daemon" = xyes; then :
11463 LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h
11464
11465fi
11466
11467
11468fi
11469
11470
11471ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize"
11472if test "x$ac_cv_func_getpagesize" = xyes; then :
11473
11474$as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
11475
11476else
11477 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5
11478$as_echo_n "checking for getpagesize in -lucb... " >&6; }
11479if ${ac_cv_lib_ucb_getpagesize+:} false; then :
11480 $as_echo_n "(cached) " >&6
11481else
11482 ac_check_lib_save_LIBS=$LIBS
11483LIBS="-lucb $LIBS"
11484cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11485/* end confdefs.h. */
11486
11487/* Override any GCC internal prototype to avoid an error.
11488 Use char because int might match the return type of a GCC
11489 builtin and then its argument prototype would still apply. */
11490#ifdef __cplusplus
11491extern "C"
11492#endif
11493char getpagesize ();
11494int
11495main ()
11496{
11497return getpagesize ();
11498 ;
11499 return 0;
11500}
11501_ACEOF
11502if ac_fn_c_try_link "$LINENO"; then :
11503 ac_cv_lib_ucb_getpagesize=yes
11504else
11505 ac_cv_lib_ucb_getpagesize=no
11506fi
11507rm -f core conftest.err conftest.$ac_objext \
11508 conftest$ac_exeext conftest.$ac_ext
11509LIBS=$ac_check_lib_save_LIBS
11510fi
11511{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5
11512$as_echo "$ac_cv_lib_ucb_getpagesize" >&6; }
11513if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then :
11514 LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
11515
11516fi
11517
11518
11519fi
11520
11521
11522# Check for broken snprintf
11523if test "x$ac_cv_func_snprintf" = "xyes" ; then
11524 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5
11525$as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; }
11526 if test "$cross_compiling" = yes; then :
11527 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
11528$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
11529
11530else
11531 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11532/* end confdefs.h. */
11533 #include <stdio.h>
11534int
11535main ()
11536{
11537
11538 char b[5];
11539 snprintf(b,5,"123456789");
11540 exit(b[4]!='\0');
11541
11542 ;
11543 return 0;
11544}
11545_ACEOF
11546if ac_fn_c_try_run "$LINENO"; then :
11547 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11548$as_echo "yes" >&6; }
11549else
11550
11551 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11552$as_echo "no" >&6; }
11553
11554$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
11555
11556 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
11557$as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
11558
11559fi
11560rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11561 conftest.$ac_objext conftest.beam conftest.$ac_ext
11562fi
11563
11564fi
11565
11566# We depend on vsnprintf returning the right thing on overflow: the
11567# number of characters it tried to create (as per SUSv3)
11568if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
11569 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5
11570$as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; }
11571 if test "$cross_compiling" = yes; then :
11572 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5
11573$as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;}
11574
11575else
11576 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11577/* end confdefs.h. */
11578
11579#include <sys/types.h>
11580#include <stdio.h>
11581#include <stdarg.h>
11582
11583int x_snprintf(char *str, size_t count, const char *fmt, ...)
11584{
11585 size_t ret;
11586 va_list ap;
11587
11588 va_start(ap, fmt);
11589 ret = vsnprintf(str, count, fmt, ap);
11590 va_end(ap);
11591 return ret;
11592}
11593
11594int
11595main ()
11596{
11597
11598char x[1];
11599if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
11600 return 1;
11601if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
11602 return 1;
11603return 0;
11604
11605 ;
11606 return 0;
11607}
11608_ACEOF
11609if ac_fn_c_try_run "$LINENO"; then :
11610 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11611$as_echo "yes" >&6; }
11612else
11613
11614 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11615$as_echo "no" >&6; }
11616
11617$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
11618
11619 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5
11620$as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;}
11621
11622fi
11623rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11624 conftest.$ac_objext conftest.beam conftest.$ac_ext
11625fi
11626
11627fi
11628
11629# On systems where [v]snprintf is broken, but is declared in stdio,
11630# check that the fmt argument is const char * or just char *.
11631# This is only useful for when BROKEN_SNPRINTF
11632{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5
11633$as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; }
11634cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11635/* end confdefs.h. */
11636
11637#include <stdio.h>
11638int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
11639
11640int
11641main ()
11642{
11643
11644 snprintf(0, 0, 0);
11645
11646 ;
11647 return 0;
11648}
11649_ACEOF
11650if ac_fn_c_try_compile "$LINENO"; then :
11651 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11652$as_echo "yes" >&6; }
11653
11654$as_echo "#define SNPRINTF_CONST const" >>confdefs.h
11655
11656else
11657 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11658$as_echo "no" >&6; }
11659 $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h
11660
11661fi
11662rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
11663
11664# Check for missing getpeereid (or equiv) support
11665NO_PEERCHECK=""
11666if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
11667 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5
11668$as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; }
11669 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11670/* end confdefs.h. */
11671
11672#include <sys/types.h>
11673#include <sys/socket.h>
11674int
11675main ()
11676{
11677int i = SO_PEERCRED;
11678 ;
11679 return 0;
11680}
11681_ACEOF
11682if ac_fn_c_try_compile "$LINENO"; then :
11683 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11684$as_echo "yes" >&6; }
11685
11686$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h
11687
11688
11689else
11690 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11691$as_echo "no" >&6; }
11692 NO_PEERCHECK=1
11693
11694fi
11695rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
11696fi
11697
11698if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
11699{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5
11700$as_echo_n "checking for (overly) strict mkstemp... " >&6; }
11701if test "$cross_compiling" = yes; then :
11702
11703 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11704$as_echo "yes" >&6; }
11705 $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
11706
11707
11708
11709else
11710 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11711/* end confdefs.h. */
11712
11713#include <stdlib.h>
11714
11715int
11716main ()
11717{
11718
11719 char template[]="conftest.mkstemp-test";
11720 if (mkstemp(template) == -1)
11721 exit(1);
11722 unlink(template);
11723 exit(0);
11724
11725 ;
11726 return 0;
11727}
11728_ACEOF
11729if ac_fn_c_try_run "$LINENO"; then :
11730
11731 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11732$as_echo "no" >&6; }
11733
11734else
11735
11736 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11737$as_echo "yes" >&6; }
11738
11739$as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
11740
11741
11742fi
11743rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11744 conftest.$ac_objext conftest.beam conftest.$ac_ext
11745fi
11746
11747fi
11748
11749if test ! -z "$check_for_openpty_ctty_bug"; then
11750 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5
11751$as_echo_n "checking if openpty correctly handles controlling tty... " >&6; }
11752 if test "$cross_compiling" = yes; then :
11753
11754 { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
11755$as_echo "cross-compiling, assuming yes" >&6; }
11756
11757
11758else
11759 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11760/* end confdefs.h. */
11761
11762#include <stdio.h>
11763#include <sys/fcntl.h>
11764#include <sys/types.h>
11765#include <sys/wait.h>
11766
11767int
11768main ()
11769{
11770
11771 pid_t pid;
11772 int fd, ptyfd, ttyfd, status;
11773
11774 pid = fork();
11775 if (pid < 0) { /* failed */
11776 exit(1);
11777 } else if (pid > 0) { /* parent */
11778 waitpid(pid, &status, 0);
11779 if (WIFEXITED(status))
11780 exit(WEXITSTATUS(status));
11781 else
11782 exit(2);
11783 } else { /* child */
11784 close(0); close(1); close(2);
11785 setsid();
11786 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
11787 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
11788 if (fd >= 0)
11789 exit(3); /* Acquired ctty: broken */
11790 else
11791 exit(0); /* Did not acquire ctty: OK */
11792 }
11793
11794 ;
11795 return 0;
11796}
11797_ACEOF
11798if ac_fn_c_try_run "$LINENO"; then :
11799
11800 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11801$as_echo "yes" >&6; }
11802
11803else
11804
11805 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11806$as_echo "no" >&6; }
11807 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
11808
11809
11810fi
11811rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11812 conftest.$ac_objext conftest.beam conftest.$ac_ext
11813fi
11814
11815fi
11816
11817if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
11818 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
11819 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
11820$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
11821 if test "$cross_compiling" = yes; then :
11822
11823 { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
11824$as_echo "cross-compiling, assuming yes" >&6; }
11825
11826
11827else
11828 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11829/* end confdefs.h. */
11830
11831#include <stdio.h>
11832#include <sys/socket.h>
11833#include <netdb.h>
11834#include <errno.h>
11835#include <netinet/in.h>
11836
11837#define TEST_PORT "2222"
11838
11839int
11840main ()
11841{
11842
11843 int err, sock;
11844 struct addrinfo *gai_ai, *ai, hints;
11845 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
11846
11847 memset(&hints, 0, sizeof(hints));
11848 hints.ai_family = PF_UNSPEC;
11849 hints.ai_socktype = SOCK_STREAM;
11850 hints.ai_flags = AI_PASSIVE;
11851
11852 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
11853 if (err != 0) {
11854 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
11855 exit(1);
11856 }
11857
11858 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
11859 if (ai->ai_family != AF_INET6)
11860 continue;
11861
11862 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
11863 sizeof(ntop), strport, sizeof(strport),
11864 NI_NUMERICHOST|NI_NUMERICSERV);
11865
11866 if (err != 0) {
11867 if (err == EAI_SYSTEM)
11868 perror("getnameinfo EAI_SYSTEM");
11869 else
11870 fprintf(stderr, "getnameinfo failed: %s\n",
11871 gai_strerror(err));
11872 exit(2);
11873 }
11874
11875 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
11876 if (sock < 0)
11877 perror("socket");
11878 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
11879 if (errno == EBADF)
11880 exit(3);
11881 }
11882 }
11883 exit(0);
11884
11885 ;
11886 return 0;
11887}
11888_ACEOF
11889if ac_fn_c_try_run "$LINENO"; then :
11890
11891 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11892$as_echo "yes" >&6; }
11893
11894else
11895
11896 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11897$as_echo "no" >&6; }
11898 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
11899
11900
11901fi
11902rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11903 conftest.$ac_objext conftest.beam conftest.$ac_ext
11904fi
11905
11906fi
11907
11908if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
11909 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
11910 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
11911$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
11912 if test "$cross_compiling" = yes; then :
11913
11914 { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5
11915$as_echo "cross-compiling, assuming no" >&6; }
11916
11917
11918else
11919 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11920/* end confdefs.h. */
11921
11922#include <stdio.h>
11923#include <sys/socket.h>
11924#include <netdb.h>
11925#include <errno.h>
11926#include <netinet/in.h>
11927
11928#define TEST_PORT "2222"
11929
11930int
11931main ()
11932{
11933
11934 int err, sock;
11935 struct addrinfo *gai_ai, *ai, hints;
11936 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
11937
11938 memset(&hints, 0, sizeof(hints));
11939 hints.ai_family = PF_UNSPEC;
11940 hints.ai_socktype = SOCK_STREAM;
11941 hints.ai_flags = AI_PASSIVE;
11942
11943 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
11944 if (err != 0) {
11945 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
11946 exit(1);
11947 }
11948
11949 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
11950 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
11951 continue;
11952
11953 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
11954 sizeof(ntop), strport, sizeof(strport),
11955 NI_NUMERICHOST|NI_NUMERICSERV);
11956
11957 if (ai->ai_family == AF_INET && err != 0) {
11958 perror("getnameinfo");
11959 exit(2);
11960 }
11961 }
11962 exit(0);
11963
11964 ;
11965 return 0;
11966}
11967_ACEOF
11968if ac_fn_c_try_run "$LINENO"; then :
11969
11970 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11971$as_echo "yes" >&6; }
11972
11973$as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h
11974
11975
11976else
11977
11978 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11979$as_echo "no" >&6; }
11980 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
11981
11982
11983fi
11984rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11985 conftest.$ac_objext conftest.beam conftest.$ac_ext
11986fi
11987
11988fi
11989
11990if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
11991 ac_fn_c_check_decl "$LINENO" "AI_NUMERICSERV" "ac_cv_have_decl_AI_NUMERICSERV" "#include <sys/types.h>
11992 #include <sys/socket.h>
11993 #include <netdb.h>
11994"
11995if test "x$ac_cv_have_decl_AI_NUMERICSERV" = xyes; then :
11996 ac_have_decl=1
11997else
11998 ac_have_decl=0
11999fi
12000
12001cat >>confdefs.h <<_ACEOF
12002#define HAVE_DECL_AI_NUMERICSERV $ac_have_decl
12003_ACEOF
12004
12005fi
12006
12007if test "x$check_for_conflicting_getspnam" = "x1"; then
12008 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5
12009$as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; }
12010 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12011/* end confdefs.h. */
12012 #include <shadow.h>
12013int
12014main ()
12015{
12016 exit(0);
12017 ;
12018 return 0;
12019}
12020_ACEOF
12021if ac_fn_c_try_compile "$LINENO"; then :
12022
12023 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12024$as_echo "no" >&6; }
12025
12026else
12027
12028 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12029$as_echo "yes" >&6; }
12030
12031$as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h
12032
12033
12034
12035fi
12036rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12037fi
12038
12039if test "x$ac_cv_func_strnvis" = "xyes"; then
12040 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strnvis" >&5
12041$as_echo_n "checking for working strnvis... " >&6; }
12042 if test "$cross_compiling" = yes; then :
12043 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming broken" >&5
12044$as_echo "$as_me: WARNING: cross compiling: assuming broken" >&2;}
12045
12046$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
12047
12048
12049else
12050 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12051/* end confdefs.h. */
12052
12053#include <signal.h>
12054#include <stdlib.h>
12055#include <string.h>
12056#include <vis.h>
12057static void sighandler(int sig) { _exit(1); }
12058
12059int
12060main ()
12061{
12062
12063 char dst[16];
12064
12065 signal(SIGSEGV, sighandler);
12066 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
12067 exit(0);
12068 exit(1)
12069
12070 ;
12071 return 0;
12072}
12073_ACEOF
12074if ac_fn_c_try_run "$LINENO"; then :
12075 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12076$as_echo "yes" >&6; }
12077else
12078 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12079$as_echo "no" >&6; }
12080
12081$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
12082
12083fi
12084rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12085 conftest.$ac_objext conftest.beam conftest.$ac_ext
12086fi
12087
12088fi
12089
12090{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5
12091$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; }
12092if ${ac_cv_func_getpgrp_void+:} false; then :
12093 $as_echo_n "(cached) " >&6
12094else
12095 # Use it with a single arg.
12096cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12097/* end confdefs.h. */
12098$ac_includes_default
12099int
12100main ()
12101{
12102getpgrp (0);
12103 ;
12104 return 0;
12105}
12106_ACEOF
12107if ac_fn_c_try_compile "$LINENO"; then :
12108 ac_cv_func_getpgrp_void=no
12109else
12110 ac_cv_func_getpgrp_void=yes
12111fi
12112rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12113
12114fi
12115{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5
12116$as_echo "$ac_cv_func_getpgrp_void" >&6; }
12117if test $ac_cv_func_getpgrp_void = yes; then
12118
12119$as_echo "#define GETPGRP_VOID 1" >>confdefs.h
12120
12121fi
12122
12123
12124# Search for OpenSSL
12125saved_CPPFLAGS="$CPPFLAGS"
12126saved_LDFLAGS="$LDFLAGS"
12127
12128# Check whether --with-ssl-dir was given.
12129if test "${with_ssl_dir+set}" = set; then :
12130 withval=$with_ssl_dir;
12131 if test "x$openssl" = "xno" ; then
12132 as_fn_error $? "cannot use --with-ssl-dir when OpenSSL disabled" "$LINENO" 5
12133 fi
12134 if test "x$withval" != "xno" ; then
12135 case "$withval" in
12136 # Relative paths
12137 ./*|../*) withval="`pwd`/$withval"
12138 esac
12139 if test -d "$withval/lib"; then
12140 if test -n "${need_dash_r}"; then
12141 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
12142 else
12143 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
12144 fi
12145 elif test -d "$withval/lib64"; then
12146 if test -n "${need_dash_r}"; then
12147 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
12148 else
12149 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
12150 fi
12151 else
12152 if test -n "${need_dash_r}"; then
12153 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
12154 else
12155 LDFLAGS="-L${withval} ${LDFLAGS}"
12156 fi
12157 fi
12158 if test -d "$withval/include"; then
12159 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
12160 else
12161 CPPFLAGS="-I${withval} ${CPPFLAGS}"
12162 fi
12163 fi
12164
12165
12166fi
12167
12168
12169
12170# Check whether --with-openssl-header-check was given.
12171if test "${with_openssl_header_check+set}" = set; then :
12172 withval=$with_openssl_header_check;
12173 if test "x$withval" = "xno" ; then
12174 openssl_check_nonfatal=1
12175 fi
12176
12177
12178fi
12179
12180
12181openssl_engine=no
12182
12183# Check whether --with-ssl-engine was given.
12184if test "${with_ssl_engine+set}" = set; then :
12185 withval=$with_ssl_engine;
12186 if test "x$withval" != "xno" ; then
12187 if test "x$openssl" = "xno" ; then
12188 as_fn_error $? "cannot use --with-ssl-engine when OpenSSL disabled" "$LINENO" 5
12189 fi
12190 openssl_engine=yes
12191 fi
12192
12193
12194fi
12195
12196
12197if test "x$openssl" = "xyes" ; then
12198 LIBS="-lcrypto $LIBS"
12199 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12200/* end confdefs.h. */
12201
12202/* Override any GCC internal prototype to avoid an error.
12203 Use char because int might match the return type of a GCC
12204 builtin and then its argument prototype would still apply. */
12205#ifdef __cplusplus
12206extern "C"
12207#endif
12208char RAND_add ();
12209int
12210main ()
12211{
12212return RAND_add ();
12213 ;
12214 return 0;
12215}
12216_ACEOF
12217if ac_fn_c_try_link "$LINENO"; then :
12218
12219$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
12220
12221else
12222
12223 if test -n "${need_dash_r}"; then
12224 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
12225 else
12226 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
12227 fi
12228 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
12229 ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
12230if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then :
12231
12232else
12233 as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5
12234fi
12235
12236
12237 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12238/* end confdefs.h. */
12239
12240/* Override any GCC internal prototype to avoid an error.
12241 Use char because int might match the return type of a GCC
12242 builtin and then its argument prototype would still apply. */
12243#ifdef __cplusplus
12244extern "C"
12245#endif
12246char RAND_add ();
12247int
12248main ()
12249{
12250return RAND_add ();
12251 ;
12252 return 0;
12253}
12254_ACEOF
12255if ac_fn_c_try_link "$LINENO"; then :
12256 $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
12257
12258else
12259
12260 as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5
12261
12262
12263fi
12264rm -f core conftest.err conftest.$ac_objext \
12265 conftest$ac_exeext conftest.$ac_ext
12266
12267
12268fi
12269rm -f core conftest.err conftest.$ac_objext \
12270 conftest$ac_exeext conftest.$ac_ext
12271
12272 # Determine OpenSSL header version
12273 { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5
12274$as_echo_n "checking OpenSSL header version... " >&6; }
12275 if test "$cross_compiling" = yes; then :
12276
12277 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
12278$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
12279
12280
12281else
12282 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12283/* end confdefs.h. */
12284
12285 #include <stdlib.h>
12286 #include <stdio.h>
12287 #include <string.h>
12288 #include <openssl/opensslv.h>
12289 #define DATA "conftest.sslincver"
12290
12291int
12292main ()
12293{
12294
12295 FILE *fd;
12296 int rc;
12297
12298 fd = fopen(DATA,"w");
12299 if(fd == NULL)
12300 exit(1);
12301
12302 if ((rc = fprintf(fd, "%08lx (%s)\n",
12303 (unsigned long)OPENSSL_VERSION_NUMBER,
12304 OPENSSL_VERSION_TEXT)) < 0)
12305 exit(1);
12306
12307 exit(0);
12308
12309 ;
12310 return 0;
12311}
12312_ACEOF
12313if ac_fn_c_try_run "$LINENO"; then :
12314
12315 ssl_header_ver=`cat conftest.sslincver`
12316 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5
12317$as_echo "$ssl_header_ver" >&6; }
12318
12319else
12320
12321 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
12322$as_echo "not found" >&6; }
12323 as_fn_error $? "OpenSSL version header not found." "$LINENO" 5
12324
12325fi
12326rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12327 conftest.$ac_objext conftest.beam conftest.$ac_ext
12328fi
12329
12330
12331 # Determine OpenSSL library version
12332 { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5
12333$as_echo_n "checking OpenSSL library version... " >&6; }
12334 if test "$cross_compiling" = yes; then :
12335
12336 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
12337$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
12338
12339
12340else
12341 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12342/* end confdefs.h. */
12343
12344 #include <stdio.h>
12345 #include <string.h>
12346 #include <openssl/opensslv.h>
12347 #include <openssl/crypto.h>
12348 #define DATA "conftest.ssllibver"
12349
12350int
12351main ()
12352{
12353
12354 FILE *fd;
12355 int rc;
12356
12357 fd = fopen(DATA,"w");
12358 if(fd == NULL)
12359 exit(1);
12360
12361 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
12362 SSLeay_version(SSLEAY_VERSION))) < 0)
12363 exit(1);
12364
12365 exit(0);
12366
12367 ;
12368 return 0;
12369}
12370_ACEOF
12371if ac_fn_c_try_run "$LINENO"; then :
12372
12373 ssl_library_ver=`cat conftest.ssllibver`
12374 # Check version is supported.
12375 case "$ssl_library_ver" in
12376 0090[0-7]*|009080[0-5]*)
12377 as_fn_error $? "OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" "$LINENO" 5
12378 ;;
12379 *) ;;
12380 esac
12381 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
12382$as_echo "$ssl_library_ver" >&6; }
12383
12384else
12385
12386 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
12387$as_echo "not found" >&6; }
12388 as_fn_error $? "OpenSSL library not found." "$LINENO" 5
12389
12390fi
12391rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12392 conftest.$ac_objext conftest.beam conftest.$ac_ext
12393fi
12394
12395
12396 # Sanity check OpenSSL headers
12397 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5
12398$as_echo_n "checking whether OpenSSL's headers match the library... " >&6; }
12399 if test "$cross_compiling" = yes; then :
12400
12401 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
12402$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
12403
12404
12405else
12406 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12407/* end confdefs.h. */
12408
12409 #include <string.h>
12410 #include <openssl/opensslv.h>
12411 #include <openssl/crypto.h>
12412
12413int
12414main ()
12415{
12416
12417 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
12418
12419 ;
12420 return 0;
12421}
12422_ACEOF
12423if ac_fn_c_try_run "$LINENO"; then :
12424
12425 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12426$as_echo "yes" >&6; }
12427
12428else
12429
12430 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12431$as_echo "no" >&6; }
12432 if test "x$openssl_check_nonfatal" = "x"; then
12433 as_fn_error $? "Your OpenSSL headers do not match your
12434 library. Check config.log for details.
12435 If you are sure your installation is consistent, you can disable the check
12436 by running \"./configure --without-openssl-header-check\".
12437 Also see contrib/findssl.sh for help identifying header/library mismatches.
12438 " "$LINENO" 5
12439 else
12440 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your
12441 library. Check config.log for details.
12442 Also see contrib/findssl.sh for help identifying header/library mismatches." >&5
12443$as_echo "$as_me: WARNING: Your OpenSSL headers do not match your
12444 library. Check config.log for details.
12445 Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;}
12446 fi
12447
12448fi
12449rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12450 conftest.$ac_objext conftest.beam conftest.$ac_ext
12451fi
12452
12453
12454 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5
12455$as_echo_n "checking if programs using OpenSSL functions will link... " >&6; }
12456 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12457/* end confdefs.h. */
12458 #include <openssl/evp.h>
12459int
12460main ()
12461{
12462 SSLeay_add_all_algorithms();
12463 ;
12464 return 0;
12465}
12466_ACEOF
12467if ac_fn_c_try_link "$LINENO"; then :
12468
12469 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12470$as_echo "yes" >&6; }
12471
12472else
12473
12474 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12475$as_echo "no" >&6; }
12476 saved_LIBS="$LIBS"
12477 LIBS="$LIBS -ldl"
12478 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5
12479$as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; }
12480 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12481/* end confdefs.h. */
12482 #include <openssl/evp.h>
12483int
12484main ()
12485{
12486 SSLeay_add_all_algorithms();
12487 ;
12488 return 0;
12489}
12490_ACEOF
12491if ac_fn_c_try_link "$LINENO"; then :
12492
12493 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12494$as_echo "yes" >&6; }
12495
12496else
12497
12498 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12499$as_echo "no" >&6; }
12500 LIBS="$saved_LIBS"
12501
12502
12503fi
12504rm -f core conftest.err conftest.$ac_objext \
12505 conftest$ac_exeext conftest.$ac_ext
12506
12507
12508fi
12509rm -f core conftest.err conftest.$ac_objext \
12510 conftest$ac_exeext conftest.$ac_ext
12511
12512 for ac_func in \
12513 BN_is_prime_ex \
12514 DSA_generate_parameters_ex \
12515 EVP_DigestInit_ex \
12516 EVP_DigestFinal_ex \
12517 EVP_MD_CTX_init \
12518 EVP_MD_CTX_cleanup \
12519 EVP_MD_CTX_copy_ex \
12520 HMAC_CTX_init \
12521 RSA_generate_key_ex \
12522 RSA_get_default_method \
12523
12524do :
12525 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
12526ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
12527if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
12528 cat >>confdefs.h <<_ACEOF
12529#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
12530_ACEOF
12531
12532fi
12533done
12534
12535
12536 if test "x$openssl_engine" = "xyes" ; then
12537 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5
12538$as_echo_n "checking for OpenSSL ENGINE support... " >&6; }
12539 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12540/* end confdefs.h. */
12541
12542 #include <openssl/engine.h>
12543
12544int
12545main ()
12546{
12547
12548 ENGINE_load_builtin_engines();
12549 ENGINE_register_all_complete();
12550
12551 ;
12552 return 0;
12553}
12554_ACEOF
12555if ac_fn_c_try_compile "$LINENO"; then :
12556 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12557$as_echo "yes" >&6; }
12558
12559$as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h
12560
12561
12562else
12563 as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5
12564
12565fi
12566rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12567 fi
12568
12569 # Check for OpenSSL without EVP_aes_{192,256}_cbc
12570 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5
12571$as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; }
12572 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12573/* end confdefs.h. */
12574
12575 #include <string.h>
12576 #include <openssl/evp.h>
12577
12578int
12579main ()
12580{
12581
12582 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
12583
12584 ;
12585 return 0;
12586}
12587_ACEOF
12588if ac_fn_c_try_link "$LINENO"; then :
12589
12590 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12591$as_echo "no" >&6; }
12592
12593else
12594
12595 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12596$as_echo "yes" >&6; }
12597
12598$as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h
12599
12600
12601
12602fi
12603rm -f core conftest.err conftest.$ac_objext \
12604 conftest$ac_exeext conftest.$ac_ext
12605
12606 # Check for OpenSSL with EVP_aes_*ctr
12607 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5
12608$as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; }
12609 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12610/* end confdefs.h. */
12611
12612 #include <string.h>
12613 #include <openssl/evp.h>
12614
12615int
12616main ()
12617{
12618
12619 exit(EVP_aes_128_ctr() == NULL ||
12620 EVP_aes_192_cbc() == NULL ||
12621 EVP_aes_256_cbc() == NULL);
12622
12623 ;
12624 return 0;
12625}
12626_ACEOF
12627if ac_fn_c_try_link "$LINENO"; then :
12628
12629 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12630$as_echo "yes" >&6; }
12631
12632$as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h
12633
12634
12635else
12636
12637 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12638$as_echo "no" >&6; }
12639
12640
12641fi
12642rm -f core conftest.err conftest.$ac_objext \
12643 conftest$ac_exeext conftest.$ac_ext
12644
12645 # Check for OpenSSL with EVP_aes_*gcm
12646 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5
12647$as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; }
12648 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12649/* end confdefs.h. */
12650
12651 #include <string.h>
12652 #include <openssl/evp.h>
12653
12654int
12655main ()
12656{
12657
12658 exit(EVP_aes_128_gcm() == NULL ||
12659 EVP_aes_256_gcm() == NULL ||
12660 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
12661 EVP_CTRL_GCM_IV_GEN == 0 ||
12662 EVP_CTRL_GCM_SET_TAG == 0 ||
12663 EVP_CTRL_GCM_GET_TAG == 0 ||
12664 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
12665
12666 ;
12667 return 0;
12668}
12669_ACEOF
12670if ac_fn_c_try_link "$LINENO"; then :
12671
12672 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12673$as_echo "yes" >&6; }
12674
12675$as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h
12676
12677
12678else
12679
12680 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12681$as_echo "no" >&6; }
12682 unsupported_algorithms="$unsupported_cipers \
12683 aes128-gcm@openssh.com \
12684 aes256-gcm@openssh.com"
12685
12686
12687fi
12688rm -f core conftest.err conftest.$ac_objext \
12689 conftest$ac_exeext conftest.$ac_ext
12690
12691 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5
12692$as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; }
12693if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
12694 $as_echo_n "(cached) " >&6
12695else
12696 ac_func_search_save_LIBS=$LIBS
12697cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12698/* end confdefs.h. */
12699
12700/* Override any GCC internal prototype to avoid an error.
12701 Use char because int might match the return type of a GCC
12702 builtin and then its argument prototype would still apply. */
12703#ifdef __cplusplus
12704extern "C"
12705#endif
12706char EVP_CIPHER_CTX_ctrl ();
12707int
12708main ()
12709{
12710return EVP_CIPHER_CTX_ctrl ();
12711 ;
12712 return 0;
12713}
12714_ACEOF
12715for ac_lib in '' crypto; do
12716 if test -z "$ac_lib"; then
12717 ac_res="none required"
12718 else
12719 ac_res=-l$ac_lib
12720 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
12721 fi
12722 if ac_fn_c_try_link "$LINENO"; then :
12723 ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res
12724fi
12725rm -f core conftest.err conftest.$ac_objext \
12726 conftest$ac_exeext
12727 if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
12728 break
12729fi
12730done
12731if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
12732
12733else
12734 ac_cv_search_EVP_CIPHER_CTX_ctrl=no
12735fi
12736rm conftest.$ac_ext
12737LIBS=$ac_func_search_save_LIBS
12738fi
12739{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5
12740$as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; }
12741ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl
12742if test "$ac_res" != no; then :
12743 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
12744
12745$as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h
12746
12747fi
12748
12749
12750 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5
12751$as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; }
12752 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12753/* end confdefs.h. */
12754
12755 #include <string.h>
12756 #include <openssl/evp.h>
12757
12758int
12759main ()
12760{
12761
12762 if(EVP_DigestUpdate(NULL, NULL,0))
12763 exit(0);
12764
12765 ;
12766 return 0;
12767}
12768_ACEOF
12769if ac_fn_c_try_link "$LINENO"; then :
12770
12771 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12772$as_echo "yes" >&6; }
12773
12774else
12775
12776 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12777$as_echo "no" >&6; }
12778
12779$as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h
12780
12781
12782
12783fi
12784rm -f core conftest.err conftest.$ac_objext \
12785 conftest$ac_exeext conftest.$ac_ext
12786
12787 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
12788 # because the system crypt() is more featureful.
12789 if test "x$check_for_libcrypt_before" = "x1"; then
12790 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
12791$as_echo_n "checking for crypt in -lcrypt... " >&6; }
12792if ${ac_cv_lib_crypt_crypt+:} false; then :
12793 $as_echo_n "(cached) " >&6
12794else
12795 ac_check_lib_save_LIBS=$LIBS
12796LIBS="-lcrypt $LIBS"
12797cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12798/* end confdefs.h. */
12799
12800/* Override any GCC internal prototype to avoid an error.
12801 Use char because int might match the return type of a GCC
12802 builtin and then its argument prototype would still apply. */
12803#ifdef __cplusplus
12804extern "C"
12805#endif
12806char crypt ();
12807int
12808main ()
12809{
12810return crypt ();
12811 ;
12812 return 0;
12813}
12814_ACEOF
12815if ac_fn_c_try_link "$LINENO"; then :
12816 ac_cv_lib_crypt_crypt=yes
12817else
12818 ac_cv_lib_crypt_crypt=no
12819fi
12820rm -f core conftest.err conftest.$ac_objext \
12821 conftest$ac_exeext conftest.$ac_ext
12822LIBS=$ac_check_lib_save_LIBS
12823fi
12824{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
12825$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
12826if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
12827 cat >>confdefs.h <<_ACEOF
12828#define HAVE_LIBCRYPT 1
12829_ACEOF
12830
12831 LIBS="-lcrypt $LIBS"
12832
12833fi
12834
12835 fi
12836
12837 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
12838 # version in OpenSSL.
12839 if test "x$check_for_libcrypt_later" = "x1"; then
12840 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
12841$as_echo_n "checking for crypt in -lcrypt... " >&6; }
12842if ${ac_cv_lib_crypt_crypt+:} false; then :
12843 $as_echo_n "(cached) " >&6
12844else
12845 ac_check_lib_save_LIBS=$LIBS
12846LIBS="-lcrypt $LIBS"
12847cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12848/* end confdefs.h. */
12849
12850/* Override any GCC internal prototype to avoid an error.
12851 Use char because int might match the return type of a GCC
12852 builtin and then its argument prototype would still apply. */
12853#ifdef __cplusplus
12854extern "C"
12855#endif
12856char crypt ();
12857int
12858main ()
12859{
12860return crypt ();
12861 ;
12862 return 0;
12863}
12864_ACEOF
12865if ac_fn_c_try_link "$LINENO"; then :
12866 ac_cv_lib_crypt_crypt=yes
12867else
12868 ac_cv_lib_crypt_crypt=no
12869fi
12870rm -f core conftest.err conftest.$ac_objext \
12871 conftest$ac_exeext conftest.$ac_ext
12872LIBS=$ac_check_lib_save_LIBS
12873fi
12874{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
12875$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
12876if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
12877 LIBS="$LIBS -lcrypt"
12878fi
12879
12880 fi
12881 for ac_func in crypt DES_crypt
12882do :
12883 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
12884ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
12885if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
12886 cat >>confdefs.h <<_ACEOF
12887#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
12888_ACEOF
12889
12890fi
12891done
12892
12893
12894 # Search for SHA256 support in libc and/or OpenSSL
12895 for ac_func in SHA256_Update EVP_sha256
12896do :
12897 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
12898ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
12899if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
12900 cat >>confdefs.h <<_ACEOF
12901#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
12902_ACEOF
12903
12904else
12905 unsupported_algorithms="$unsupported_algorithms \
12906 hmac-sha2-256 \
12907 hmac-sha2-512 \
12908 diffie-hellman-group-exchange-sha256 \
12909 hmac-sha2-256-etm@openssh.com \
12910 hmac-sha2-512-etm@openssh.com"
12911
12912
12913fi
12914done
12915
12916 # Search for RIPE-MD support in OpenSSL
12917 for ac_func in EVP_ripemd160
12918do :
12919 ac_fn_c_check_func "$LINENO" "EVP_ripemd160" "ac_cv_func_EVP_ripemd160"
12920if test "x$ac_cv_func_EVP_ripemd160" = xyes; then :
12921 cat >>confdefs.h <<_ACEOF
12922#define HAVE_EVP_RIPEMD160 1
12923_ACEOF
12924
12925else
12926 unsupported_algorithms="$unsupported_algorithms \
12927 hmac-ripemd160 \
12928 hmac-ripemd160@openssh.com \
12929 hmac-ripemd160-etm@openssh.com"
12930
12931
12932fi
12933done
12934
12935
12936 # Check complete ECC support in OpenSSL
12937 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5
12938$as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; }
12939 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12940/* end confdefs.h. */
12941
12942 #include <openssl/ec.h>
12943 #include <openssl/ecdh.h>
12944 #include <openssl/ecdsa.h>
12945 #include <openssl/evp.h>
12946 #include <openssl/objects.h>
12947 #include <openssl/opensslv.h>
12948 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
12949 # error "OpenSSL < 0.9.8g has unreliable ECC code"
12950 #endif
12951
12952int
12953main ()
12954{
12955
12956 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
12957 const EVP_MD *m = EVP_sha256(); /* We need this too */
12958
12959 ;
12960 return 0;
12961}
12962_ACEOF
12963if ac_fn_c_try_link "$LINENO"; then :
12964 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12965$as_echo "yes" >&6; }
12966 enable_nistp256=1
12967else
12968 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12969$as_echo "no" >&6; }
12970
12971fi
12972rm -f core conftest.err conftest.$ac_objext \
12973 conftest$ac_exeext conftest.$ac_ext
12974
12975 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5
12976$as_echo_n "checking whether OpenSSL has NID_secp384r1... " >&6; }
12977 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12978/* end confdefs.h. */
12979
12980 #include <openssl/ec.h>
12981 #include <openssl/ecdh.h>
12982 #include <openssl/ecdsa.h>
12983 #include <openssl/evp.h>
12984 #include <openssl/objects.h>
12985 #include <openssl/opensslv.h>
12986 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
12987 # error "OpenSSL < 0.9.8g has unreliable ECC code"
12988 #endif
12989
12990int
12991main ()
12992{
12993
12994 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
12995 const EVP_MD *m = EVP_sha384(); /* We need this too */
12996
12997 ;
12998 return 0;
12999}
13000_ACEOF
13001if ac_fn_c_try_link "$LINENO"; then :
13002 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13003$as_echo "yes" >&6; }
13004 enable_nistp384=1
13005else
13006 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13007$as_echo "no" >&6; }
13008
13009fi
13010rm -f core conftest.err conftest.$ac_objext \
13011 conftest$ac_exeext conftest.$ac_ext
13012
13013 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5
13014$as_echo_n "checking whether OpenSSL has NID_secp521r1... " >&6; }
13015 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13016/* end confdefs.h. */
13017
13018 #include <openssl/ec.h>
13019 #include <openssl/ecdh.h>
13020 #include <openssl/ecdsa.h>
13021 #include <openssl/evp.h>
13022 #include <openssl/objects.h>
13023 #include <openssl/opensslv.h>
13024 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
13025 # error "OpenSSL < 0.9.8g has unreliable ECC code"
13026 #endif
13027
13028int
13029main ()
13030{
13031
13032 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
13033 const EVP_MD *m = EVP_sha512(); /* We need this too */
13034
13035 ;
13036 return 0;
13037}
13038_ACEOF
13039if ac_fn_c_try_link "$LINENO"; then :
13040 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13041$as_echo "yes" >&6; }
13042 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5
13043$as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; }
13044 if test "$cross_compiling" = yes; then :
13045 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5
13046$as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;}
13047 enable_nistp521=1
13048
13049else
13050 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13051/* end confdefs.h. */
13052
13053 #include <openssl/ec.h>
13054 #include <openssl/ecdh.h>
13055 #include <openssl/ecdsa.h>
13056 #include <openssl/evp.h>
13057 #include <openssl/objects.h>
13058 #include <openssl/opensslv.h>
13059
13060int
13061main ()
13062{
13063
13064 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
13065 const EVP_MD *m = EVP_sha512(); /* We need this too */
13066 exit(e == NULL || m == NULL);
13067
13068 ;
13069 return 0;
13070}
13071_ACEOF
13072if ac_fn_c_try_run "$LINENO"; then :
13073 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13074$as_echo "yes" >&6; }
13075 enable_nistp521=1
13076else
13077 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13078$as_echo "no" >&6; }
13079fi
13080rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13081 conftest.$ac_objext conftest.beam conftest.$ac_ext
13082fi
13083
13084else
13085 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13086$as_echo "no" >&6; }
13087
13088fi
13089rm -f core conftest.err conftest.$ac_objext \
13090 conftest$ac_exeext conftest.$ac_ext
13091
13092 COMMENT_OUT_ECC="#no ecc#"
13093 TEST_SSH_ECC=no
13094
13095 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
13096 test x$enable_nistp521 = x1; then
13097
13098$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
13099
13100 fi
13101 if test x$enable_nistp256 = x1; then
13102
13103$as_echo "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h
13104
13105 TEST_SSH_ECC=yes
13106 COMMENT_OUT_ECC=""
13107 else
13108 unsupported_algorithms="$unsupported_algorithms \
13109 ecdsa-sha2-nistp256 \
13110 ecdh-sha2-nistp256 \
13111 ecdsa-sha2-nistp256-cert-v01@openssh.com"
13112 fi
13113 if test x$enable_nistp384 = x1; then
13114
13115$as_echo "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h
13116
13117 TEST_SSH_ECC=yes
13118 COMMENT_OUT_ECC=""
13119 else
13120 unsupported_algorithms="$unsupported_algorithms \
13121 ecdsa-sha2-nistp384 \
13122 ecdh-sha2-nistp384 \
13123 ecdsa-sha2-nistp384-cert-v01@openssh.com"
13124 fi
13125 if test x$enable_nistp521 = x1; then
13126
13127$as_echo "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h
13128
13129 TEST_SSH_ECC=yes
13130 COMMENT_OUT_ECC=""
13131 else
13132 unsupported_algorithms="$unsupported_algorithms \
13133 ecdh-sha2-nistp521 \
13134 ecdsa-sha2-nistp521 \
13135 ecdsa-sha2-nistp521-cert-v01@openssh.com"
13136 fi
13137
13138
13139
13140else
13141 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
13142$as_echo_n "checking for crypt in -lcrypt... " >&6; }
13143if ${ac_cv_lib_crypt_crypt+:} false; then :
13144 $as_echo_n "(cached) " >&6
13145else
13146 ac_check_lib_save_LIBS=$LIBS
13147LIBS="-lcrypt $LIBS"
13148cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13149/* end confdefs.h. */
13150
13151/* Override any GCC internal prototype to avoid an error.
13152 Use char because int might match the return type of a GCC
13153 builtin and then its argument prototype would still apply. */
13154#ifdef __cplusplus
13155extern "C"
13156#endif
13157char crypt ();
13158int
13159main ()
13160{
13161return crypt ();
13162 ;
13163 return 0;
13164}
13165_ACEOF
13166if ac_fn_c_try_link "$LINENO"; then :
13167 ac_cv_lib_crypt_crypt=yes
13168else
13169 ac_cv_lib_crypt_crypt=no
13170fi
13171rm -f core conftest.err conftest.$ac_objext \
13172 conftest$ac_exeext conftest.$ac_ext
13173LIBS=$ac_check_lib_save_LIBS
13174fi
13175{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
13176$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
13177if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
13178 LIBS="$LIBS -lcrypt"
13179fi
13180
13181 for ac_func in crypt
13182do :
13183 ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt"
13184if test "x$ac_cv_func_crypt" = xyes; then :
13185 cat >>confdefs.h <<_ACEOF
13186#define HAVE_CRYPT 1
13187_ACEOF
13188
13189fi
13190done
13191
13192fi
13193
13194for ac_func in \
13195 arc4random \
13196 arc4random_buf \
13197 arc4random_stir \
13198 arc4random_uniform \
13199
13200do :
13201 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
13202ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
13203if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
13204 cat >>confdefs.h <<_ACEOF
13205#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
13206_ACEOF
13207
13208fi
13209done
13210
13211
13212saved_LIBS="$LIBS"
13213{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5
13214$as_echo_n "checking for ia_openinfo in -liaf... " >&6; }
13215if ${ac_cv_lib_iaf_ia_openinfo+:} false; then :
13216 $as_echo_n "(cached) " >&6
13217else
13218 ac_check_lib_save_LIBS=$LIBS
13219LIBS="-liaf $LIBS"
13220cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13221/* end confdefs.h. */
13222
13223/* Override any GCC internal prototype to avoid an error.
13224 Use char because int might match the return type of a GCC
13225 builtin and then its argument prototype would still apply. */
13226#ifdef __cplusplus
13227extern "C"
13228#endif
13229char ia_openinfo ();
13230int
13231main ()
13232{
13233return ia_openinfo ();
13234 ;
13235 return 0;
13236}
13237_ACEOF
13238if ac_fn_c_try_link "$LINENO"; then :
13239 ac_cv_lib_iaf_ia_openinfo=yes
13240else
13241 ac_cv_lib_iaf_ia_openinfo=no
13242fi
13243rm -f core conftest.err conftest.$ac_objext \
13244 conftest$ac_exeext conftest.$ac_ext
13245LIBS=$ac_check_lib_save_LIBS
13246fi
13247{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5
13248$as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; }
13249if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then :
13250
13251 LIBS="$LIBS -liaf"
13252 for ac_func in set_id
13253do :
13254 ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id"
13255if test "x$ac_cv_func_set_id" = xyes; then :
13256 cat >>confdefs.h <<_ACEOF
13257#define HAVE_SET_ID 1
13258_ACEOF
13259 SSHDLIBS="$SSHDLIBS -liaf"
13260
13261$as_echo "#define HAVE_LIBIAF 1" >>confdefs.h
13262
13263
13264fi
13265done
13266
13267
13268fi
13269
13270LIBS="$saved_LIBS"
13271
13272### Configure cryptographic random number support
13273
13274# Check wheter OpenSSL seeds itself
13275if test "x$openssl" = "xyes" ; then
13276 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5
13277$as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; }
13278 if test "$cross_compiling" = yes; then :
13279
13280 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13281$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13282 # This is safe, since we will fatal() at runtime if
13283 # OpenSSL is not seeded correctly.
13284 OPENSSL_SEEDS_ITSELF=yes
13285
13286
13287else
13288 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13289/* end confdefs.h. */
13290
13291 #include <string.h>
13292 #include <openssl/rand.h>
13293
13294int
13295main ()
13296{
13297
13298 exit(RAND_status() == 1 ? 0 : 1);
13299
13300 ;
13301 return 0;
13302}
13303_ACEOF
13304if ac_fn_c_try_run "$LINENO"; then :
13305
13306 OPENSSL_SEEDS_ITSELF=yes
13307 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13308$as_echo "yes" >&6; }
13309
13310else
13311
13312 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13313$as_echo "no" >&6; }
13314
13315fi
13316rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13317 conftest.$ac_objext conftest.beam conftest.$ac_ext
13318fi
13319
13320fi
13321
13322# PRNGD TCP socket
13323
13324# Check whether --with-prngd-port was given.
13325if test "${with_prngd_port+set}" = set; then :
13326 withval=$with_prngd_port;
13327 case "$withval" in
13328 no)
13329 withval=""
13330 ;;
13331 [0-9]*)
13332 ;;
13333 *)
13334 as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5
13335 ;;
13336 esac
13337 if test ! -z "$withval" ; then
13338 PRNGD_PORT="$withval"
13339
13340cat >>confdefs.h <<_ACEOF
13341#define PRNGD_PORT $PRNGD_PORT
13342_ACEOF
13343
13344 fi
13345
13346
13347fi
13348
13349
13350# PRNGD Unix domain socket
13351
13352# Check whether --with-prngd-socket was given.
13353if test "${with_prngd_socket+set}" = set; then :
13354 withval=$with_prngd_socket;
13355 case "$withval" in
13356 yes)
13357 withval="/var/run/egd-pool"
13358 ;;
13359 no)
13360 withval=""
13361 ;;
13362 /*)
13363 ;;
13364 *)
13365 as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5
13366 ;;
13367 esac
13368
13369 if test ! -z "$withval" ; then
13370 if test ! -z "$PRNGD_PORT" ; then
13371 as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5
13372 fi
13373 if test ! -r "$withval" ; then
13374 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5
13375$as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
13376 fi
13377 PRNGD_SOCKET="$withval"
13378
13379cat >>confdefs.h <<_ACEOF
13380#define PRNGD_SOCKET "$PRNGD_SOCKET"
13381_ACEOF
13382
13383 fi
13384
13385else
13386
13387 # Check for existing socket only if we don't have a random device already
13388 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
13389 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5
13390$as_echo_n "checking for PRNGD/EGD socket... " >&6; }
13391 # Insert other locations here
13392 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
13393 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
13394 PRNGD_SOCKET="$sock"
13395 cat >>confdefs.h <<_ACEOF
13396#define PRNGD_SOCKET "$PRNGD_SOCKET"
13397_ACEOF
13398
13399 break;
13400 fi
13401 done
13402 if test ! -z "$PRNGD_SOCKET" ; then
13403 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5
13404$as_echo "$PRNGD_SOCKET" >&6; }
13405 else
13406 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
13407$as_echo "not found" >&6; }
13408 fi
13409 fi
13410
13411
13412fi
13413
13414
13415# Which randomness source do we use?
13416if test ! -z "$PRNGD_PORT" ; then
13417 RAND_MSG="PRNGd port $PRNGD_PORT"
13418elif test ! -z "$PRNGD_SOCKET" ; then
13419 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
13420elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
13421
13422$as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h
13423
13424 RAND_MSG="OpenSSL internal ONLY"
13425elif test "x$openssl" = "xno" ; then
13426 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5
13427$as_echo "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;}
13428else
13429 as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5
13430fi
13431
13432# Check for PAM libs
13433PAM_MSG="no"
13434
13435# Check whether --with-pam was given.
13436if test "${with_pam+set}" = set; then :
13437 withval=$with_pam;
13438 if test "x$withval" != "xno" ; then
13439 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
13440 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
13441 as_fn_error $? "PAM headers not found" "$LINENO" 5
13442 fi
13443
13444 saved_LIBS="$LIBS"
13445 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
13446$as_echo_n "checking for dlopen in -ldl... " >&6; }
13447if ${ac_cv_lib_dl_dlopen+:} false; then :
13448 $as_echo_n "(cached) " >&6
13449else
13450 ac_check_lib_save_LIBS=$LIBS
13451LIBS="-ldl $LIBS"
13452cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13453/* end confdefs.h. */
13454
13455/* Override any GCC internal prototype to avoid an error.
13456 Use char because int might match the return type of a GCC
13457 builtin and then its argument prototype would still apply. */
13458#ifdef __cplusplus
13459extern "C"
13460#endif
13461char dlopen ();
13462int
13463main ()
13464{
13465return dlopen ();
13466 ;
13467 return 0;
13468}
13469_ACEOF
13470if ac_fn_c_try_link "$LINENO"; then :
13471 ac_cv_lib_dl_dlopen=yes
13472else
13473 ac_cv_lib_dl_dlopen=no
13474fi
13475rm -f core conftest.err conftest.$ac_objext \
13476 conftest$ac_exeext conftest.$ac_ext
13477LIBS=$ac_check_lib_save_LIBS
13478fi
13479{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
13480$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
13481if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
13482 cat >>confdefs.h <<_ACEOF
13483#define HAVE_LIBDL 1
13484_ACEOF
13485
13486 LIBS="-ldl $LIBS"
13487
13488fi
13489
13490 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5
13491$as_echo_n "checking for pam_set_item in -lpam... " >&6; }
13492if ${ac_cv_lib_pam_pam_set_item+:} false; then :
13493 $as_echo_n "(cached) " >&6
13494else
13495 ac_check_lib_save_LIBS=$LIBS
13496LIBS="-lpam $LIBS"
13497cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13498/* end confdefs.h. */
13499
13500/* Override any GCC internal prototype to avoid an error.
13501 Use char because int might match the return type of a GCC
13502 builtin and then its argument prototype would still apply. */
13503#ifdef __cplusplus
13504extern "C"
13505#endif
13506char pam_set_item ();
13507int
13508main ()
13509{
13510return pam_set_item ();
13511 ;
13512 return 0;
13513}
13514_ACEOF
13515if ac_fn_c_try_link "$LINENO"; then :
13516 ac_cv_lib_pam_pam_set_item=yes
13517else
13518 ac_cv_lib_pam_pam_set_item=no
13519fi
13520rm -f core conftest.err conftest.$ac_objext \
13521 conftest$ac_exeext conftest.$ac_ext
13522LIBS=$ac_check_lib_save_LIBS
13523fi
13524{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5
13525$as_echo "$ac_cv_lib_pam_pam_set_item" >&6; }
13526if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then :
13527 cat >>confdefs.h <<_ACEOF
13528#define HAVE_LIBPAM 1
13529_ACEOF
13530
13531 LIBS="-lpam $LIBS"
13532
13533else
13534 as_fn_error $? "*** libpam missing" "$LINENO" 5
13535fi
13536
13537 for ac_func in pam_getenvlist
13538do :
13539 ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist"
13540if test "x$ac_cv_func_pam_getenvlist" = xyes; then :
13541 cat >>confdefs.h <<_ACEOF
13542#define HAVE_PAM_GETENVLIST 1
13543_ACEOF
13544
13545fi
13546done
13547
13548 for ac_func in pam_putenv
13549do :
13550 ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv"
13551if test "x$ac_cv_func_pam_putenv" = xyes; then :
13552 cat >>confdefs.h <<_ACEOF
13553#define HAVE_PAM_PUTENV 1
13554_ACEOF
13555
13556fi
13557done
13558
13559 LIBS="$saved_LIBS"
13560
13561 PAM_MSG="yes"
13562
13563 SSHDLIBS="$SSHDLIBS -lpam"
13564
13565$as_echo "#define USE_PAM 1" >>confdefs.h
13566
13567
13568 if test $ac_cv_lib_dl_dlopen = yes; then
13569 case "$LIBS" in
13570 *-ldl*)
13571 # libdl already in LIBS
13572 ;;
13573 *)
13574 SSHDLIBS="$SSHDLIBS -ldl"
13575 ;;
13576 esac
13577 fi
13578 fi
13579
13580
13581fi
13582
13583
13584
13585# Check whether --with-pam-service was given.
13586if test "${with_pam_service+set}" = set; then :
13587 withval=$with_pam_service;
13588 if test "x$withval" != "xno" && \
13589 test "x$withval" != "xyes" ; then
13590
13591cat >>confdefs.h <<_ACEOF
13592#define SSHD_PAM_SERVICE "$withval"
13593_ACEOF
13594
13595 fi
13596
13597
13598fi
13599
13600
13601# Check for older PAM
13602if test "x$PAM_MSG" = "xyes" ; then
13603 # Check PAM strerror arguments (old PAM)
13604 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5
13605$as_echo_n "checking whether pam_strerror takes only one argument... " >&6; }
13606 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13607/* end confdefs.h. */
13608
13609#include <stdlib.h>
13610#if defined(HAVE_SECURITY_PAM_APPL_H)
13611#include <security/pam_appl.h>
13612#elif defined (HAVE_PAM_PAM_APPL_H)
13613#include <pam/pam_appl.h>
13614#endif
13615
13616int
13617main ()
13618{
13619
13620(void)pam_strerror((pam_handle_t *)NULL, -1);
13621
13622 ;
13623 return 0;
13624}
13625_ACEOF
13626if ac_fn_c_try_compile "$LINENO"; then :
13627 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13628$as_echo "no" >&6; }
13629else
13630
13631
13632$as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h
13633
13634 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13635$as_echo "yes" >&6; }
13636 PAM_MSG="yes (old library)"
13637
13638
13639fi
13640rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
13641fi
13642
13643case "$host" in
13644*-*-cygwin*)
13645 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
13646 ;;
13647*)
13648 SSH_PRIVSEP_USER=sshd
13649 ;;
13650esac
13651
13652# Check whether --with-privsep-user was given.
13653if test "${with_privsep_user+set}" = set; then :
13654 withval=$with_privsep_user;
13655 if test -n "$withval" && test "x$withval" != "xno" && \
13656 test "x${withval}" != "xyes"; then
13657 SSH_PRIVSEP_USER=$withval
13658 fi
13659
13660
13661fi
13662
13663if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
13664
13665cat >>confdefs.h <<_ACEOF
13666#define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER
13667_ACEOF
13668
13669else
13670
13671cat >>confdefs.h <<_ACEOF
13672#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER"
13673_ACEOF
13674
13675fi
13676
13677
13678if test "x$have_linux_no_new_privs" = "x1" ; then
13679ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" "
13680 #include <sys/types.h>
13681 #include <linux/seccomp.h>
13682
13683"
13684if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then :
13685 have_seccomp_filter=1
13686fi
13687
13688fi
13689if test "x$have_seccomp_filter" = "x1" ; then
13690{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
13691$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
13692cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13693/* end confdefs.h. */
13694
13695 #include <errno.h>
13696 #include <elf.h>
13697 #include <linux/audit.h>
13698 #include <linux/seccomp.h>
13699 #include <stdlib.h>
13700 #include <sys/prctl.h>
13701
13702int
13703main ()
13704{
13705 int i = $seccomp_audit_arch;
13706 errno = 0;
13707 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
13708 exit(errno == EFAULT ? 0 : 1);
13709 ;
13710 return 0;
13711}
13712_ACEOF
13713if ac_fn_c_try_link "$LINENO"; then :
13714 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13715$as_echo "yes" >&6; }
13716else
13717
13718 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13719$as_echo "no" >&6; }
13720 # Disable seccomp filter as a target
13721 have_seccomp_filter=0
13722
13723
13724fi
13725rm -f core conftest.err conftest.$ac_objext \
13726 conftest$ac_exeext conftest.$ac_ext
13727fi
13728
13729# Decide which sandbox style to use
13730sandbox_arg=""
13731
13732# Check whether --with-sandbox was given.
13733if test "${with_sandbox+set}" = set; then :
13734 withval=$with_sandbox;
13735 if test "x$withval" = "xyes" ; then
13736 sandbox_arg=""
13737 else
13738 sandbox_arg="$withval"
13739 fi
13740
13741
13742fi
13743
13744
13745# Some platforms (seems to be the ones that have a kernel poll(2)-type
13746# function with which they implement select(2)) use an extra file descriptor
13747# when calling select(2), which means we can't use the rlimit sandbox.
13748{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5
13749$as_echo_n "checking if select works with descriptor rlimit... " >&6; }
13750if test "$cross_compiling" = yes; then :
13751 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13752$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13753
13754else
13755 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13756/* end confdefs.h. */
13757
13758#include <sys/types.h>
13759#ifdef HAVE_SYS_TIME_H
13760# include <sys/time.h>
13761#endif
13762#include <sys/resource.h>
13763#ifdef HAVE_SYS_SELECT_H
13764# include <sys/select.h>
13765#endif
13766#include <errno.h>
13767#include <fcntl.h>
13768#include <stdlib.h>
13769
13770int
13771main ()
13772{
13773
13774 struct rlimit rl_zero;
13775 int fd, r;
13776 fd_set fds;
13777 struct timeval tv;
13778
13779 fd = open("/dev/null", O_RDONLY);
13780 FD_ZERO(&fds);
13781 FD_SET(fd, &fds);
13782 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
13783 setrlimit(RLIMIT_FSIZE, &rl_zero);
13784 setrlimit(RLIMIT_NOFILE, &rl_zero);
13785 tv.tv_sec = 1;
13786 tv.tv_usec = 0;
13787 r = select(fd+1, &fds, NULL, NULL, &tv);
13788 exit (r == -1 ? 1 : 0);
13789
13790 ;
13791 return 0;
13792}
13793_ACEOF
13794if ac_fn_c_try_run "$LINENO"; then :
13795 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13796$as_echo "yes" >&6; }
13797 select_works_with_rlimit=yes
13798else
13799 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13800$as_echo "no" >&6; }
13801 select_works_with_rlimit=no
13802fi
13803rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13804 conftest.$ac_objext conftest.beam conftest.$ac_ext
13805fi
13806
13807
13808{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5
13809$as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; }
13810if test "$cross_compiling" = yes; then :
13811 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13812$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13813
13814else
13815 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13816/* end confdefs.h. */
13817
13818#include <sys/types.h>
13819#ifdef HAVE_SYS_TIME_H
13820# include <sys/time.h>
13821#endif
13822#include <sys/resource.h>
13823#include <errno.h>
13824#include <stdlib.h>
13825
13826int
13827main ()
13828{
13829
13830 struct rlimit rl_zero;
13831 int fd, r;
13832 fd_set fds;
13833
13834 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
13835 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
13836 exit (r == -1 ? 1 : 0);
13837
13838 ;
13839 return 0;
13840}
13841_ACEOF
13842if ac_fn_c_try_run "$LINENO"; then :
13843 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13844$as_echo "yes" >&6; }
13845 rlimit_nofile_zero_works=yes
13846else
13847 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13848$as_echo "no" >&6; }
13849 rlimit_nofile_zero_works=no
13850fi
13851rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13852 conftest.$ac_objext conftest.beam conftest.$ac_ext
13853fi
13854
13855
13856{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5
13857$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; }
13858if test "$cross_compiling" = yes; then :
13859 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13860$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13861
13862else
13863 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13864/* end confdefs.h. */
13865
13866#include <sys/types.h>
13867#include <sys/resource.h>
13868#include <stdlib.h>
13869
13870int
13871main ()
13872{
13873
13874 struct rlimit rl_zero;
13875
13876 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
13877 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
13878
13879 ;
13880 return 0;
13881}
13882_ACEOF
13883if ac_fn_c_try_run "$LINENO"; then :
13884 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13885$as_echo "yes" >&6; }
13886else
13887 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13888$as_echo "no" >&6; }
13889
13890$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h
13891
13892fi
13893rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13894 conftest.$ac_objext conftest.beam conftest.$ac_ext
13895fi
13896
13897
13898if test "x$sandbox_arg" = "xpledge" || \
13899 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
13900 test "x$ac_cv_func_pledge" != "xyes" && \
13901 as_fn_error $? "pledge sandbox requires pledge(2) support" "$LINENO" 5
13902 SANDBOX_STYLE="pledge"
13903
13904$as_echo "#define SANDBOX_PLEDGE 1" >>confdefs.h
13905
13906elif test "x$sandbox_arg" = "xsystrace" || \
13907 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
13908 test "x$have_systr_policy_kill" != "x1" && \
13909 as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
13910 SANDBOX_STYLE="systrace"
13911
13912$as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
13913
13914elif test "x$sandbox_arg" = "xdarwin" || \
13915 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
13916 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
13917 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
13918 "x$ac_cv_header_sandbox_h" != "xyes" && \
13919 as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
13920 SANDBOX_STYLE="darwin"
13921
13922$as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
13923
13924elif test "x$sandbox_arg" = "xseccomp_filter" || \
13925 ( test -z "$sandbox_arg" && \
13926 test "x$have_seccomp_filter" = "x1" && \
13927 test "x$ac_cv_header_elf_h" = "xyes" && \
13928 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
13929 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
13930 test "x$seccomp_audit_arch" != "x" && \
13931 test "x$have_linux_no_new_privs" = "x1" && \
13932 test "x$ac_cv_func_prctl" = "xyes" ) ; then
13933 test "x$seccomp_audit_arch" = "x" && \
13934 as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5
13935 test "x$have_linux_no_new_privs" != "x1" && \
13936 as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5
13937 test "x$have_seccomp_filter" != "x1" && \
13938 as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
13939 test "x$ac_cv_func_prctl" != "xyes" && \
13940 as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
13941 SANDBOX_STYLE="seccomp_filter"
13942
13943$as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
13944
13945elif test "x$sandbox_arg" = "xcapsicum" || \
13946 ( test -z "$sandbox_arg" && \
13947 test "x$ac_cv_header_sys_capability_h" = "xyes" && \
13948 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
13949 test "x$ac_cv_header_sys_capability_h" != "xyes" && \
13950 as_fn_error $? "capsicum sandbox requires sys/capability.h header" "$LINENO" 5
13951 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
13952 as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5
13953 SANDBOX_STYLE="capsicum"
13954
13955$as_echo "#define SANDBOX_CAPSICUM 1" >>confdefs.h
13956
13957elif test "x$sandbox_arg" = "xrlimit" || \
13958 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
13959 test "x$select_works_with_rlimit" = "xyes" && \
13960 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
13961 test "x$ac_cv_func_setrlimit" != "xyes" && \
13962 as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
13963 test "x$select_works_with_rlimit" != "xyes" && \
13964 as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5
13965 SANDBOX_STYLE="rlimit"
13966
13967$as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
13968
13969elif test "x$sandbox_arg" = "xsolaris" || \
13970 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
13971 SANDBOX_STYLE="solaris"
13972
13973$as_echo "#define SANDBOX_SOLARIS 1" >>confdefs.h
13974
13975elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
13976 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
13977 SANDBOX_STYLE="none"
13978
13979$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
13980
13981else
13982 as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
13983fi
13984
13985# Cheap hack to ensure NEWS-OS libraries are arranged right.
13986if test ! -z "$SONY" ; then
13987 LIBS="$LIBS -liberty";
13988fi
13989
13990# Check for long long datatypes
13991ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default"
13992if test "x$ac_cv_type_long_long" = xyes; then :
13993
13994cat >>confdefs.h <<_ACEOF
13995#define HAVE_LONG_LONG 1
13996_ACEOF
13997
13998
13999fi
14000ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default"
14001if test "x$ac_cv_type_unsigned_long_long" = xyes; then :
14002
14003cat >>confdefs.h <<_ACEOF
14004#define HAVE_UNSIGNED_LONG_LONG 1
14005_ACEOF
14006
14007
14008fi
14009ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default"
14010if test "x$ac_cv_type_long_double" = xyes; then :
14011
14012cat >>confdefs.h <<_ACEOF
14013#define HAVE_LONG_DOUBLE 1
14014_ACEOF
14015
14016
14017fi
14018
14019
14020# Check datatype sizes
14021# The cast to long int works around a bug in the HP C Compiler
14022# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14023# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14024# This bug is HP SR number 8606223364.
14025{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5
14026$as_echo_n "checking size of short int... " >&6; }
14027if ${ac_cv_sizeof_short_int+:} false; then :
14028 $as_echo_n "(cached) " >&6
14029else
14030 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then :
14031
14032else
14033 if test "$ac_cv_type_short_int" = yes; then
14034 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14035$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14036as_fn_error 77 "cannot compute sizeof (short int)
14037See \`config.log' for more details" "$LINENO" 5; }
14038 else
14039 ac_cv_sizeof_short_int=0
14040 fi
14041fi
14042
14043fi
14044{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5
14045$as_echo "$ac_cv_sizeof_short_int" >&6; }
14046
14047
14048
14049cat >>confdefs.h <<_ACEOF
14050#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int
14051_ACEOF
14052
14053
14054# The cast to long int works around a bug in the HP C Compiler
14055# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14056# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14057# This bug is HP SR number 8606223364.
14058{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
14059$as_echo_n "checking size of int... " >&6; }
14060if ${ac_cv_sizeof_int+:} false; then :
14061 $as_echo_n "(cached) " >&6
14062else
14063 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
14064
14065else
14066 if test "$ac_cv_type_int" = yes; then
14067 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14068$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14069as_fn_error 77 "cannot compute sizeof (int)
14070See \`config.log' for more details" "$LINENO" 5; }
14071 else
14072 ac_cv_sizeof_int=0
14073 fi
14074fi
14075
14076fi
14077{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
14078$as_echo "$ac_cv_sizeof_int" >&6; }
14079
14080
14081
14082cat >>confdefs.h <<_ACEOF
14083#define SIZEOF_INT $ac_cv_sizeof_int
14084_ACEOF
14085
14086
14087# The cast to long int works around a bug in the HP C Compiler
14088# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14089# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14090# This bug is HP SR number 8606223364.
14091{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
14092$as_echo_n "checking size of long int... " >&6; }
14093if ${ac_cv_sizeof_long_int+:} false; then :
14094 $as_echo_n "(cached) " >&6
14095else
14096 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then :
14097
14098else
14099 if test "$ac_cv_type_long_int" = yes; then
14100 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14101$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14102as_fn_error 77 "cannot compute sizeof (long int)
14103See \`config.log' for more details" "$LINENO" 5; }
14104 else
14105 ac_cv_sizeof_long_int=0
14106 fi
14107fi
14108
14109fi
14110{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
14111$as_echo "$ac_cv_sizeof_long_int" >&6; }
14112
14113
14114
14115cat >>confdefs.h <<_ACEOF
14116#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
14117_ACEOF
14118
14119
14120# The cast to long int works around a bug in the HP C Compiler
14121# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14122# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14123# This bug is HP SR number 8606223364.
14124{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5
14125$as_echo_n "checking size of long long int... " >&6; }
14126if ${ac_cv_sizeof_long_long_int+:} false; then :
14127 $as_echo_n "(cached) " >&6
14128else
14129 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then :
14130
14131else
14132 if test "$ac_cv_type_long_long_int" = yes; then
14133 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14134$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14135as_fn_error 77 "cannot compute sizeof (long long int)
14136See \`config.log' for more details" "$LINENO" 5; }
14137 else
14138 ac_cv_sizeof_long_long_int=0
14139 fi
14140fi
14141
14142fi
14143{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5
14144$as_echo "$ac_cv_sizeof_long_long_int" >&6; }
14145
14146
14147
14148cat >>confdefs.h <<_ACEOF
14149#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int
14150_ACEOF
14151
14152
14153
14154# Sanity check long long for some platforms (AIX)
14155if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
14156 ac_cv_sizeof_long_long_int=0
14157fi
14158
14159# compute LLONG_MIN and LLONG_MAX if we don't know them.
14160if test -z "$have_llong_max"; then
14161 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5
14162$as_echo_n "checking for max value of long long... " >&6; }
14163 if test "$cross_compiling" = yes; then :
14164
14165 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
14166$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
14167
14168
14169else
14170 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14171/* end confdefs.h. */
14172
14173#include <stdio.h>
14174/* Why is this so damn hard? */
14175#ifdef __GNUC__
14176# undef __GNUC__
14177#endif
14178#define __USE_ISOC99
14179#include <limits.h>
14180#define DATA "conftest.llminmax"
14181#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
14182
14183/*
14184 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
14185 * we do this the hard way.
14186 */
14187static int
14188fprint_ll(FILE *f, long long n)
14189{
14190 unsigned int i;
14191 int l[sizeof(long long) * 8];
14192
14193 if (n < 0)
14194 if (fprintf(f, "-") < 0)
14195 return -1;
14196 for (i = 0; n != 0; i++) {
14197 l[i] = my_abs(n % 10);
14198 n /= 10;
14199 }
14200 do {
14201 if (fprintf(f, "%d", l[--i]) < 0)
14202 return -1;
14203 } while (i != 0);
14204 if (fprintf(f, " ") < 0)
14205 return -1;
14206 return 0;
14207}
14208
14209int
14210main ()
14211{
14212
14213 FILE *f;
14214 long long i, llmin, llmax = 0;
14215
14216 if((f = fopen(DATA,"w")) == NULL)
14217 exit(1);
14218
14219#if defined(LLONG_MIN) && defined(LLONG_MAX)
14220 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
14221 llmin = LLONG_MIN;
14222 llmax = LLONG_MAX;
14223#else
14224 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
14225 /* This will work on one's complement and two's complement */
14226 for (i = 1; i > llmax; i <<= 1, i++)
14227 llmax = i;
14228 llmin = llmax + 1LL; /* wrap */
14229#endif
14230
14231 /* Sanity check */
14232 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
14233 || llmax - 1 > llmax || llmin == llmax || llmin == 0
14234 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
14235 fprintf(f, "unknown unknown\n");
14236 exit(2);
14237 }
14238
14239 if (fprint_ll(f, llmin) < 0)
14240 exit(3);
14241 if (fprint_ll(f, llmax) < 0)
14242 exit(4);
14243 if (fclose(f) < 0)
14244 exit(5);
14245 exit(0);
14246
14247 ;
14248 return 0;
14249}
14250_ACEOF
14251if ac_fn_c_try_run "$LINENO"; then :
14252
14253 llong_min=`$AWK '{print $1}' conftest.llminmax`
14254 llong_max=`$AWK '{print $2}' conftest.llminmax`
14255
14256 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5
14257$as_echo "$llong_max" >&6; }
14258
14259cat >>confdefs.h <<_ACEOF
14260#define LLONG_MAX ${llong_max}LL
14261_ACEOF
14262
14263 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5
14264$as_echo_n "checking for min value of long long... " >&6; }
14265 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5
14266$as_echo "$llong_min" >&6; }
14267
14268cat >>confdefs.h <<_ACEOF
14269#define LLONG_MIN ${llong_min}LL
14270_ACEOF
14271
14272
14273else
14274
14275 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
14276$as_echo "not found" >&6; }
14277
14278fi
14279rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
14280 conftest.$ac_objext conftest.beam conftest.$ac_ext
14281fi
14282
14283fi
14284
14285
14286# More checks for data types
14287{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5
14288$as_echo_n "checking for u_int type... " >&6; }
14289if ${ac_cv_have_u_int+:} false; then :
14290 $as_echo_n "(cached) " >&6
14291else
14292
14293 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14294/* end confdefs.h. */
14295 #include <sys/types.h>
14296int
14297main ()
14298{
14299 u_int a; a = 1;
14300 ;
14301 return 0;
14302}
14303_ACEOF
14304if ac_fn_c_try_compile "$LINENO"; then :
14305 ac_cv_have_u_int="yes"
14306else
14307 ac_cv_have_u_int="no"
14308
14309fi
14310rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14311
14312fi
14313{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5
14314$as_echo "$ac_cv_have_u_int" >&6; }
14315if test "x$ac_cv_have_u_int" = "xyes" ; then
14316
14317$as_echo "#define HAVE_U_INT 1" >>confdefs.h
14318
14319 have_u_int=1
14320fi
14321
14322{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5
14323$as_echo_n "checking for intXX_t types... " >&6; }
14324if ${ac_cv_have_intxx_t+:} false; then :
14325 $as_echo_n "(cached) " >&6
14326else
14327
14328 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14329/* end confdefs.h. */
14330 #include <sys/types.h>
14331int
14332main ()
14333{
14334 int8_t a; int16_t b; int32_t c; a = b = c = 1;
14335 ;
14336 return 0;
14337}
14338_ACEOF
14339if ac_fn_c_try_compile "$LINENO"; then :
14340 ac_cv_have_intxx_t="yes"
14341else
14342 ac_cv_have_intxx_t="no"
14343
14344fi
14345rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14346
14347fi
14348{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5
14349$as_echo "$ac_cv_have_intxx_t" >&6; }
14350if test "x$ac_cv_have_intxx_t" = "xyes" ; then
14351
14352$as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
14353
14354 have_intxx_t=1
14355fi
14356
14357if (test -z "$have_intxx_t" && \
14358 test "x$ac_cv_header_stdint_h" = "xyes")
14359then
14360 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5
14361$as_echo_n "checking for intXX_t types in stdint.h... " >&6; }
14362 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14363/* end confdefs.h. */
14364 #include <stdint.h>
14365int
14366main ()
14367{
14368 int8_t a; int16_t b; int32_t c; a = b = c = 1;
14369 ;
14370 return 0;
14371}
14372_ACEOF
14373if ac_fn_c_try_compile "$LINENO"; then :
14374
14375 $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
14376
14377 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14378$as_echo "yes" >&6; }
14379
14380else
14381 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14382$as_echo "no" >&6; }
14383
14384fi
14385rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14386fi
14387
14388{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5
14389$as_echo_n "checking for int64_t type... " >&6; }
14390if ${ac_cv_have_int64_t+:} false; then :
14391 $as_echo_n "(cached) " >&6
14392else
14393
14394 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14395/* end confdefs.h. */
14396
14397#include <sys/types.h>
14398#ifdef HAVE_STDINT_H
14399# include <stdint.h>
14400#endif
14401#include <sys/socket.h>
14402#ifdef HAVE_SYS_BITYPES_H
14403# include <sys/bitypes.h>
14404#endif
14405
14406int
14407main ()
14408{
14409
14410int64_t a; a = 1;
14411
14412 ;
14413 return 0;
14414}
14415_ACEOF
14416if ac_fn_c_try_compile "$LINENO"; then :
14417 ac_cv_have_int64_t="yes"
14418else
14419 ac_cv_have_int64_t="no"
14420
14421fi
14422rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14423
14424fi
14425{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5
14426$as_echo "$ac_cv_have_int64_t" >&6; }
14427if test "x$ac_cv_have_int64_t" = "xyes" ; then
14428
14429$as_echo "#define HAVE_INT64_T 1" >>confdefs.h
14430
14431fi
14432
14433{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5
14434$as_echo_n "checking for u_intXX_t types... " >&6; }
14435if ${ac_cv_have_u_intxx_t+:} false; then :
14436 $as_echo_n "(cached) " >&6
14437else
14438
14439 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14440/* end confdefs.h. */
14441 #include <sys/types.h>
14442int
14443main ()
14444{
14445 u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
14446 ;
14447 return 0;
14448}
14449_ACEOF
14450if ac_fn_c_try_compile "$LINENO"; then :
14451 ac_cv_have_u_intxx_t="yes"
14452else
14453 ac_cv_have_u_intxx_t="no"
14454
14455fi
14456rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14457
14458fi
14459{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5
14460$as_echo "$ac_cv_have_u_intxx_t" >&6; }
14461if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
14462
14463$as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
14464
14465 have_u_intxx_t=1
14466fi
14467
14468if test -z "$have_u_intxx_t" ; then
14469 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5
14470$as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; }
14471 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14472/* end confdefs.h. */
14473 #include <sys/socket.h>
14474int
14475main ()
14476{
14477 u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
14478 ;
14479 return 0;
14480}
14481_ACEOF
14482if ac_fn_c_try_compile "$LINENO"; then :
14483
14484 $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
14485
14486 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14487$as_echo "yes" >&6; }
14488
14489else
14490 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14491$as_echo "no" >&6; }
14492
14493fi
14494rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14495fi
14496
14497{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5
14498$as_echo_n "checking for u_int64_t types... " >&6; }
14499if ${ac_cv_have_u_int64_t+:} false; then :
14500 $as_echo_n "(cached) " >&6
14501else
14502
14503 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14504/* end confdefs.h. */
14505 #include <sys/types.h>
14506int
14507main ()
14508{
14509 u_int64_t a; a = 1;
14510 ;
14511 return 0;
14512}
14513_ACEOF
14514if ac_fn_c_try_compile "$LINENO"; then :
14515 ac_cv_have_u_int64_t="yes"
14516else
14517 ac_cv_have_u_int64_t="no"
14518
14519fi
14520rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14521
14522fi
14523{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5
14524$as_echo "$ac_cv_have_u_int64_t" >&6; }
14525if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
14526
14527$as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
14528
14529 have_u_int64_t=1
14530fi
14531
14532if (test -z "$have_u_int64_t" && \
14533 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
14534then
14535 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5
14536$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; }
14537 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14538/* end confdefs.h. */
14539 #include <sys/bitypes.h>
14540int
14541main ()
14542{
14543 u_int64_t a; a = 1
14544 ;
14545 return 0;
14546}
14547_ACEOF
14548if ac_fn_c_try_compile "$LINENO"; then :
14549
14550 $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
14551
14552 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14553$as_echo "yes" >&6; }
14554
14555else
14556 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14557$as_echo "no" >&6; }
14558
14559fi
14560rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14561fi
14562
14563if test -z "$have_u_intxx_t" ; then
14564 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5
14565$as_echo_n "checking for uintXX_t types... " >&6; }
14566if ${ac_cv_have_uintxx_t+:} false; then :
14567 $as_echo_n "(cached) " >&6
14568else
14569
14570 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14571/* end confdefs.h. */
14572
14573#include <sys/types.h>
14574
14575int
14576main ()
14577{
14578
14579 uint8_t a;
14580 uint16_t b;
14581 uint32_t c;
14582 a = b = c = 1;
14583
14584 ;
14585 return 0;
14586}
14587_ACEOF
14588if ac_fn_c_try_compile "$LINENO"; then :
14589 ac_cv_have_uintxx_t="yes"
14590else
14591 ac_cv_have_uintxx_t="no"
14592
14593fi
14594rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14595
14596fi
14597{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5
14598$as_echo "$ac_cv_have_uintxx_t" >&6; }
14599 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
14600
14601$as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
14602
14603 fi
14604fi
14605
14606if (test -z "$have_uintxx_t" && \
14607 test "x$ac_cv_header_stdint_h" = "xyes")
14608then
14609 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5
14610$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; }
14611 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14612/* end confdefs.h. */
14613 #include <stdint.h>
14614int
14615main ()
14616{
14617 uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
14618 ;
14619 return 0;
14620}
14621_ACEOF
14622if ac_fn_c_try_compile "$LINENO"; then :
14623
14624 $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
14625
14626 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14627$as_echo "yes" >&6; }
14628
14629else
14630 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14631$as_echo "no" >&6; }
14632
14633fi
14634rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14635fi
14636
14637if (test -z "$have_uintxx_t" && \
14638 test "x$ac_cv_header_inttypes_h" = "xyes")
14639then
14640 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5
14641$as_echo_n "checking for uintXX_t types in inttypes.h... " >&6; }
14642 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14643/* end confdefs.h. */
14644 #include <inttypes.h>
14645int
14646main ()
14647{
14648 uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
14649 ;
14650 return 0;
14651}
14652_ACEOF
14653if ac_fn_c_try_compile "$LINENO"; then :
14654
14655 $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
14656
14657 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14658$as_echo "yes" >&6; }
14659
14660else
14661 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14662$as_echo "no" >&6; }
14663
14664fi
14665rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14666fi
14667
14668if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
14669 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
14670then
14671 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
14672$as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; }
14673 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14674/* end confdefs.h. */
14675
14676#include <sys/bitypes.h>
14677
14678int
14679main ()
14680{
14681
14682 int8_t a; int16_t b; int32_t c;
14683 u_int8_t e; u_int16_t f; u_int32_t g;
14684 a = b = c = e = f = g = 1;
14685
14686 ;
14687 return 0;
14688}
14689_ACEOF
14690if ac_fn_c_try_compile "$LINENO"; then :
14691
14692 $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
14693
14694 $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
14695
14696 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14697$as_echo "yes" >&6; }
14698
14699else
14700 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14701$as_echo "no" >&6; }
14702
14703fi
14704rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14705fi
14706
14707
14708{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5
14709$as_echo_n "checking for u_char... " >&6; }
14710if ${ac_cv_have_u_char+:} false; then :
14711 $as_echo_n "(cached) " >&6
14712else
14713
14714 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14715/* end confdefs.h. */
14716 #include <sys/types.h>
14717int
14718main ()
14719{
14720 u_char foo; foo = 125;
14721 ;
14722 return 0;
14723}
14724_ACEOF
14725if ac_fn_c_try_compile "$LINENO"; then :
14726 ac_cv_have_u_char="yes"
14727else
14728 ac_cv_have_u_char="no"
14729
14730fi
14731rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14732
14733fi
14734{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5
14735$as_echo "$ac_cv_have_u_char" >&6; }
14736if test "x$ac_cv_have_u_char" = "xyes" ; then
14737
14738$as_echo "#define HAVE_U_CHAR 1" >>confdefs.h
14739
14740fi
14741
14742ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "
14743#include <sys/types.h>
14744#include <stdint.h>
14745
14746"
14747if test "x$ac_cv_type_intmax_t" = xyes; then :
14748
14749cat >>confdefs.h <<_ACEOF
14750#define HAVE_INTMAX_T 1
14751_ACEOF
14752
14753
14754fi
14755ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "
14756#include <sys/types.h>
14757#include <stdint.h>
14758
14759"
14760if test "x$ac_cv_type_uintmax_t" = xyes; then :
14761
14762cat >>confdefs.h <<_ACEOF
14763#define HAVE_UINTMAX_T 1
14764_ACEOF
14765
14766
14767fi
14768
14769
14770
14771 ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
14772#include <sys/socket.h>
14773"
14774if test "x$ac_cv_type_socklen_t" = xyes; then :
14775
14776else
14777
14778 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
14779$as_echo_n "checking for socklen_t equivalent... " >&6; }
14780 if ${curl_cv_socklen_t_equiv+:} false; then :
14781 $as_echo_n "(cached) " >&6
14782else
14783
14784 # Systems have either "struct sockaddr *" or
14785 # "void *" as the second argument to getpeername
14786 curl_cv_socklen_t_equiv=
14787 for arg2 in "struct sockaddr" void; do
14788 for t in int size_t unsigned long "unsigned long"; do
14789 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14790/* end confdefs.h. */
14791
14792 #include <sys/types.h>
14793 #include <sys/socket.h>
14794
14795 int getpeername (int, $arg2 *, $t *);
14796
14797int
14798main ()
14799{
14800
14801 $t len;
14802 getpeername(0,0,&len);
14803
14804 ;
14805 return 0;
14806}
14807_ACEOF
14808if ac_fn_c_try_compile "$LINENO"; then :
14809
14810 curl_cv_socklen_t_equiv="$t"
14811 break
14812
14813fi
14814rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14815 done
14816 done
14817
14818 if test "x$curl_cv_socklen_t_equiv" = x; then
14819 as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
14820 fi
14821
14822fi
14823
14824 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5
14825$as_echo "$curl_cv_socklen_t_equiv" >&6; }
14826
14827cat >>confdefs.h <<_ACEOF
14828#define socklen_t $curl_cv_socklen_t_equiv
14829_ACEOF
14830
14831fi
14832
14833
14834
14835ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h>
14836"
14837if test "x$ac_cv_type_sig_atomic_t" = xyes; then :
14838
14839cat >>confdefs.h <<_ACEOF
14840#define HAVE_SIG_ATOMIC_T 1
14841_ACEOF
14842
14843
14844fi
14845
14846ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" "
14847#include <sys/types.h>
14848#ifdef HAVE_SYS_BITYPES_H
14849#include <sys/bitypes.h>
14850#endif
14851#ifdef HAVE_SYS_STATFS_H
14852#include <sys/statfs.h>
14853#endif
14854#ifdef HAVE_SYS_STATVFS_H
14855#include <sys/statvfs.h>
14856#endif
14857
14858"
14859if test "x$ac_cv_type_fsblkcnt_t" = xyes; then :
14860
14861cat >>confdefs.h <<_ACEOF
14862#define HAVE_FSBLKCNT_T 1
14863_ACEOF
14864
14865
14866fi
14867ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" "
14868#include <sys/types.h>
14869#ifdef HAVE_SYS_BITYPES_H
14870#include <sys/bitypes.h>
14871#endif
14872#ifdef HAVE_SYS_STATFS_H
14873#include <sys/statfs.h>
14874#endif
14875#ifdef HAVE_SYS_STATVFS_H
14876#include <sys/statvfs.h>
14877#endif
14878
14879"
14880if test "x$ac_cv_type_fsfilcnt_t" = xyes; then :
14881
14882cat >>confdefs.h <<_ACEOF
14883#define HAVE_FSFILCNT_T 1
14884_ACEOF
14885
14886
14887fi
14888
14889
14890ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h>
14891#include <netinet/in.h>
14892"
14893if test "x$ac_cv_type_in_addr_t" = xyes; then :
14894
14895cat >>confdefs.h <<_ACEOF
14896#define HAVE_IN_ADDR_T 1
14897_ACEOF
14898
14899
14900fi
14901ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h>
14902#include <netinet/in.h>
14903"
14904if test "x$ac_cv_type_in_port_t" = xyes; then :
14905
14906cat >>confdefs.h <<_ACEOF
14907#define HAVE_IN_PORT_T 1
14908_ACEOF
14909
14910
14911fi
14912
14913
14914{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
14915$as_echo_n "checking for size_t... " >&6; }
14916if ${ac_cv_have_size_t+:} false; then :
14917 $as_echo_n "(cached) " >&6
14918else
14919
14920 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14921/* end confdefs.h. */
14922 #include <sys/types.h>
14923int
14924main ()
14925{
14926 size_t foo; foo = 1235;
14927 ;
14928 return 0;
14929}
14930_ACEOF
14931if ac_fn_c_try_compile "$LINENO"; then :
14932 ac_cv_have_size_t="yes"
14933else
14934 ac_cv_have_size_t="no"
14935
14936fi
14937rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14938
14939fi
14940{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5
14941$as_echo "$ac_cv_have_size_t" >&6; }
14942if test "x$ac_cv_have_size_t" = "xyes" ; then
14943
14944$as_echo "#define HAVE_SIZE_T 1" >>confdefs.h
14945
14946fi
14947
14948{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5
14949$as_echo_n "checking for ssize_t... " >&6; }
14950if ${ac_cv_have_ssize_t+:} false; then :
14951 $as_echo_n "(cached) " >&6
14952else
14953
14954 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14955/* end confdefs.h. */
14956 #include <sys/types.h>
14957int
14958main ()
14959{
14960 ssize_t foo; foo = 1235;
14961 ;
14962 return 0;
14963}
14964_ACEOF
14965if ac_fn_c_try_compile "$LINENO"; then :
14966 ac_cv_have_ssize_t="yes"
14967else
14968 ac_cv_have_ssize_t="no"
14969
14970fi
14971rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14972
14973fi
14974{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5
14975$as_echo "$ac_cv_have_ssize_t" >&6; }
14976if test "x$ac_cv_have_ssize_t" = "xyes" ; then
14977
14978$as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h
14979
14980fi
14981
14982{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5
14983$as_echo_n "checking for clock_t... " >&6; }
14984if ${ac_cv_have_clock_t+:} false; then :
14985 $as_echo_n "(cached) " >&6
14986else
14987
14988 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14989/* end confdefs.h. */
14990 #include <time.h>
14991int
14992main ()
14993{
14994 clock_t foo; foo = 1235;
14995 ;
14996 return 0;
14997}
14998_ACEOF
14999if ac_fn_c_try_compile "$LINENO"; then :
15000 ac_cv_have_clock_t="yes"
15001else
15002 ac_cv_have_clock_t="no"
15003
15004fi
15005rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15006
15007fi
15008{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5
15009$as_echo "$ac_cv_have_clock_t" >&6; }
15010if test "x$ac_cv_have_clock_t" = "xyes" ; then
15011
15012$as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h
15013
15014fi
15015
15016{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5
15017$as_echo_n "checking for sa_family_t... " >&6; }
15018if ${ac_cv_have_sa_family_t+:} false; then :
15019 $as_echo_n "(cached) " >&6
15020else
15021
15022 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15023/* end confdefs.h. */
15024
15025#include <sys/types.h>
15026#include <sys/socket.h>
15027
15028int
15029main ()
15030{
15031 sa_family_t foo; foo = 1235;
15032 ;
15033 return 0;
15034}
15035_ACEOF
15036if ac_fn_c_try_compile "$LINENO"; then :
15037 ac_cv_have_sa_family_t="yes"
15038else
15039 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15040/* end confdefs.h. */
15041
15042#include <sys/types.h>
15043#include <sys/socket.h>
15044#include <netinet/in.h>
15045
15046int
15047main ()
15048{
15049 sa_family_t foo; foo = 1235;
15050 ;
15051 return 0;
15052}
15053_ACEOF
15054if ac_fn_c_try_compile "$LINENO"; then :
15055 ac_cv_have_sa_family_t="yes"
15056else
15057 ac_cv_have_sa_family_t="no"
15058
15059fi
15060rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15061
15062fi
15063rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15064
15065fi
15066{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5
15067$as_echo "$ac_cv_have_sa_family_t" >&6; }
15068if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
15069
15070$as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h
15071
15072fi
15073
15074{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5
15075$as_echo_n "checking for pid_t... " >&6; }
15076if ${ac_cv_have_pid_t+:} false; then :
15077 $as_echo_n "(cached) " >&6
15078else
15079
15080 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15081/* end confdefs.h. */
15082 #include <sys/types.h>
15083int
15084main ()
15085{
15086 pid_t foo; foo = 1235;
15087 ;
15088 return 0;
15089}
15090_ACEOF
15091if ac_fn_c_try_compile "$LINENO"; then :
15092 ac_cv_have_pid_t="yes"
15093else
15094 ac_cv_have_pid_t="no"
15095
15096fi
15097rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15098
15099fi
15100{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5
15101$as_echo "$ac_cv_have_pid_t" >&6; }
15102if test "x$ac_cv_have_pid_t" = "xyes" ; then
15103
15104$as_echo "#define HAVE_PID_T 1" >>confdefs.h
15105
15106fi
15107
15108{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5
15109$as_echo_n "checking for mode_t... " >&6; }
15110if ${ac_cv_have_mode_t+:} false; then :
15111 $as_echo_n "(cached) " >&6
15112else
15113
15114 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15115/* end confdefs.h. */
15116 #include <sys/types.h>
15117int
15118main ()
15119{
15120 mode_t foo; foo = 1235;
15121 ;
15122 return 0;
15123}
15124_ACEOF
15125if ac_fn_c_try_compile "$LINENO"; then :
15126 ac_cv_have_mode_t="yes"
15127else
15128 ac_cv_have_mode_t="no"
15129
15130fi
15131rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15132
15133fi
15134{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5
15135$as_echo "$ac_cv_have_mode_t" >&6; }
15136if test "x$ac_cv_have_mode_t" = "xyes" ; then
15137
15138$as_echo "#define HAVE_MODE_T 1" >>confdefs.h
15139
15140fi
15141
15142
15143{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5
15144$as_echo_n "checking for struct sockaddr_storage... " >&6; }
15145if ${ac_cv_have_struct_sockaddr_storage+:} false; then :
15146 $as_echo_n "(cached) " >&6
15147else
15148
15149 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15150/* end confdefs.h. */
15151
15152#include <sys/types.h>
15153#include <sys/socket.h>
15154
15155int
15156main ()
15157{
15158 struct sockaddr_storage s;
15159 ;
15160 return 0;
15161}
15162_ACEOF
15163if ac_fn_c_try_compile "$LINENO"; then :
15164 ac_cv_have_struct_sockaddr_storage="yes"
15165else
15166 ac_cv_have_struct_sockaddr_storage="no"
15167
15168fi
15169rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15170
15171fi
15172{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5
15173$as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; }
15174if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
15175
15176$as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h
15177
15178fi
15179
15180{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5
15181$as_echo_n "checking for struct sockaddr_in6... " >&6; }
15182if ${ac_cv_have_struct_sockaddr_in6+:} false; then :
15183 $as_echo_n "(cached) " >&6
15184else
15185
15186 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15187/* end confdefs.h. */
15188
15189#include <sys/types.h>
15190#include <netinet/in.h>
15191
15192int
15193main ()
15194{
15195 struct sockaddr_in6 s; s.sin6_family = 0;
15196 ;
15197 return 0;
15198}
15199_ACEOF
15200if ac_fn_c_try_compile "$LINENO"; then :
15201 ac_cv_have_struct_sockaddr_in6="yes"
15202else
15203 ac_cv_have_struct_sockaddr_in6="no"
15204
15205fi
15206rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15207
15208fi
15209{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5
15210$as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; }
15211if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
15212
15213$as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h
15214
15215fi
15216
15217{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5
15218$as_echo_n "checking for struct in6_addr... " >&6; }
15219if ${ac_cv_have_struct_in6_addr+:} false; then :
15220 $as_echo_n "(cached) " >&6
15221else
15222
15223 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15224/* end confdefs.h. */
15225
15226#include <sys/types.h>
15227#include <netinet/in.h>
15228
15229int
15230main ()
15231{
15232 struct in6_addr s; s.s6_addr[0] = 0;
15233 ;
15234 return 0;
15235}
15236_ACEOF
15237if ac_fn_c_try_compile "$LINENO"; then :
15238 ac_cv_have_struct_in6_addr="yes"
15239else
15240 ac_cv_have_struct_in6_addr="no"
15241
15242fi
15243rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15244
15245fi
15246{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5
15247$as_echo "$ac_cv_have_struct_in6_addr" >&6; }
15248if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
15249
15250$as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h
15251
15252
15253 ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" "
15254#ifdef HAVE_SYS_TYPES_H
15255#include <sys/types.h>
15256#endif
15257#include <netinet/in.h>
15258
15259"
15260if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then :
15261
15262cat >>confdefs.h <<_ACEOF
15263#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
15264_ACEOF
15265
15266
15267fi
15268
15269fi
15270
15271{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5
15272$as_echo_n "checking for struct addrinfo... " >&6; }
15273if ${ac_cv_have_struct_addrinfo+:} false; then :
15274 $as_echo_n "(cached) " >&6
15275else
15276
15277 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15278/* end confdefs.h. */
15279
15280#include <sys/types.h>
15281#include <sys/socket.h>
15282#include <netdb.h>
15283
15284int
15285main ()
15286{
15287 struct addrinfo s; s.ai_flags = AI_PASSIVE;
15288 ;
15289 return 0;
15290}
15291_ACEOF
15292if ac_fn_c_try_compile "$LINENO"; then :
15293 ac_cv_have_struct_addrinfo="yes"
15294else
15295 ac_cv_have_struct_addrinfo="no"
15296
15297fi
15298rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15299
15300fi
15301{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5
15302$as_echo "$ac_cv_have_struct_addrinfo" >&6; }
15303if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
15304
15305$as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h
15306
15307fi
15308
15309{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5
15310$as_echo_n "checking for struct timeval... " >&6; }
15311if ${ac_cv_have_struct_timeval+:} false; then :
15312 $as_echo_n "(cached) " >&6
15313else
15314
15315 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15316/* end confdefs.h. */
15317 #include <sys/time.h>
15318int
15319main ()
15320{
15321 struct timeval tv; tv.tv_sec = 1;
15322 ;
15323 return 0;
15324}
15325_ACEOF
15326if ac_fn_c_try_compile "$LINENO"; then :
15327 ac_cv_have_struct_timeval="yes"
15328else
15329 ac_cv_have_struct_timeval="no"
15330
15331fi
15332rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15333
15334fi
15335{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5
15336$as_echo "$ac_cv_have_struct_timeval" >&6; }
15337if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
15338
15339$as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h
15340
15341 have_struct_timeval=1
15342fi
15343
15344ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default"
15345if test "x$ac_cv_type_struct_timespec" = xyes; then :
15346
15347cat >>confdefs.h <<_ACEOF
15348#define HAVE_STRUCT_TIMESPEC 1
15349_ACEOF
15350
15351
15352fi
15353
15354
15355# We need int64_t or else certian parts of the compile will fail.
15356if test "x$ac_cv_have_int64_t" = "xno" && \
15357 test "x$ac_cv_sizeof_long_int" != "x8" && \
15358 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
15359 echo "OpenSSH requires int64_t support. Contact your vendor or install"
15360 echo "an alternative compiler (I.E., GCC) before continuing."
15361 echo ""
15362 exit 1;
15363else
15364 if test "$cross_compiling" = yes; then :
15365 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
15366$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
15367
15368else
15369 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15370/* end confdefs.h. */
15371
15372#include <stdio.h>
15373#include <string.h>
15374#ifdef HAVE_SNPRINTF
15375main()
15376{
15377 char buf[50];
15378 char expected_out[50];
15379 int mazsize = 50 ;
15380#if (SIZEOF_LONG_INT == 8)
15381 long int num = 0x7fffffffffffffff;
15382#else
15383 long long num = 0x7fffffffffffffffll;
15384#endif
15385 strcpy(expected_out, "9223372036854775807");
15386 snprintf(buf, mazsize, "%lld", num);
15387 if(strcmp(buf, expected_out) != 0)
15388 exit(1);
15389 exit(0);
15390}
15391#else
15392main() { exit(0); }
15393#endif
15394
15395_ACEOF
15396if ac_fn_c_try_run "$LINENO"; then :
15397 true
15398else
15399 $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
15400
15401fi
15402rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
15403 conftest.$ac_objext conftest.beam conftest.$ac_ext
15404fi
15405
15406fi
15407
15408
15409# look for field 'ut_host' in header 'utmp.h'
15410 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15411 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
15412 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5
15413$as_echo_n "checking for ut_host field in utmp.h... " >&6; }
15414 if eval \${$ossh_varname+:} false; then :
15415 $as_echo_n "(cached) " >&6
15416else
15417
15418 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15419/* end confdefs.h. */
15420#include <utmp.h>
15421
15422_ACEOF
15423if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15424 $EGREP "ut_host" >/dev/null 2>&1; then :
15425 eval "$ossh_varname=yes"
15426else
15427 eval "$ossh_varname=no"
15428fi
15429rm -f conftest*
15430
15431fi
15432
15433 ossh_result=`eval 'echo $'"$ossh_varname"`
15434 if test -n "`echo $ossh_varname`"; then
15435 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15436$as_echo "$ossh_result" >&6; }
15437 if test "x$ossh_result" = "xyes"; then
15438
15439$as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h
15440
15441 fi
15442 else
15443 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15444$as_echo "no" >&6; }
15445 fi
15446
15447
15448# look for field 'ut_host' in header 'utmpx.h'
15449 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15450 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
15451 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5
15452$as_echo_n "checking for ut_host field in utmpx.h... " >&6; }
15453 if eval \${$ossh_varname+:} false; then :
15454 $as_echo_n "(cached) " >&6
15455else
15456
15457 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15458/* end confdefs.h. */
15459#include <utmpx.h>
15460
15461_ACEOF
15462if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15463 $EGREP "ut_host" >/dev/null 2>&1; then :
15464 eval "$ossh_varname=yes"
15465else
15466 eval "$ossh_varname=no"
15467fi
15468rm -f conftest*
15469
15470fi
15471
15472 ossh_result=`eval 'echo $'"$ossh_varname"`
15473 if test -n "`echo $ossh_varname`"; then
15474 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15475$as_echo "$ossh_result" >&6; }
15476 if test "x$ossh_result" = "xyes"; then
15477
15478$as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h
15479
15480 fi
15481 else
15482 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15483$as_echo "no" >&6; }
15484 fi
15485
15486
15487# look for field 'syslen' in header 'utmpx.h'
15488 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15489 ossh_varname="ossh_cv_$ossh_safe""_has_"syslen
15490 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5
15491$as_echo_n "checking for syslen field in utmpx.h... " >&6; }
15492 if eval \${$ossh_varname+:} false; then :
15493 $as_echo_n "(cached) " >&6
15494else
15495
15496 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15497/* end confdefs.h. */
15498#include <utmpx.h>
15499
15500_ACEOF
15501if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15502 $EGREP "syslen" >/dev/null 2>&1; then :
15503 eval "$ossh_varname=yes"
15504else
15505 eval "$ossh_varname=no"
15506fi
15507rm -f conftest*
15508
15509fi
15510
15511 ossh_result=`eval 'echo $'"$ossh_varname"`
15512 if test -n "`echo $ossh_varname`"; then
15513 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15514$as_echo "$ossh_result" >&6; }
15515 if test "x$ossh_result" = "xyes"; then
15516
15517$as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h
15518
15519 fi
15520 else
15521 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15522$as_echo "no" >&6; }
15523 fi
15524
15525
15526# look for field 'ut_pid' in header 'utmp.h'
15527 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15528 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid
15529 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5
15530$as_echo_n "checking for ut_pid field in utmp.h... " >&6; }
15531 if eval \${$ossh_varname+:} false; then :
15532 $as_echo_n "(cached) " >&6
15533else
15534
15535 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15536/* end confdefs.h. */
15537#include <utmp.h>
15538
15539_ACEOF
15540if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15541 $EGREP "ut_pid" >/dev/null 2>&1; then :
15542 eval "$ossh_varname=yes"
15543else
15544 eval "$ossh_varname=no"
15545fi
15546rm -f conftest*
15547
15548fi
15549
15550 ossh_result=`eval 'echo $'"$ossh_varname"`
15551 if test -n "`echo $ossh_varname`"; then
15552 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15553$as_echo "$ossh_result" >&6; }
15554 if test "x$ossh_result" = "xyes"; then
15555
15556$as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h
15557
15558 fi
15559 else
15560 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15561$as_echo "no" >&6; }
15562 fi
15563
15564
15565# look for field 'ut_type' in header 'utmp.h'
15566 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15567 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
15568 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5
15569$as_echo_n "checking for ut_type field in utmp.h... " >&6; }
15570 if eval \${$ossh_varname+:} false; then :
15571 $as_echo_n "(cached) " >&6
15572else
15573
15574 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15575/* end confdefs.h. */
15576#include <utmp.h>
15577
15578_ACEOF
15579if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15580 $EGREP "ut_type" >/dev/null 2>&1; then :
15581 eval "$ossh_varname=yes"
15582else
15583 eval "$ossh_varname=no"
15584fi
15585rm -f conftest*
15586
15587fi
15588
15589 ossh_result=`eval 'echo $'"$ossh_varname"`
15590 if test -n "`echo $ossh_varname`"; then
15591 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15592$as_echo "$ossh_result" >&6; }
15593 if test "x$ossh_result" = "xyes"; then
15594
15595$as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h
15596
15597 fi
15598 else
15599 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15600$as_echo "no" >&6; }
15601 fi
15602
15603
15604# look for field 'ut_type' in header 'utmpx.h'
15605 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15606 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
15607 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5
15608$as_echo_n "checking for ut_type field in utmpx.h... " >&6; }
15609 if eval \${$ossh_varname+:} false; then :
15610 $as_echo_n "(cached) " >&6
15611else
15612
15613 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15614/* end confdefs.h. */
15615#include <utmpx.h>
15616
15617_ACEOF
15618if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15619 $EGREP "ut_type" >/dev/null 2>&1; then :
15620 eval "$ossh_varname=yes"
15621else
15622 eval "$ossh_varname=no"
15623fi
15624rm -f conftest*
15625
15626fi
15627
15628 ossh_result=`eval 'echo $'"$ossh_varname"`
15629 if test -n "`echo $ossh_varname`"; then
15630 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15631$as_echo "$ossh_result" >&6; }
15632 if test "x$ossh_result" = "xyes"; then
15633
15634$as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h
15635
15636 fi
15637 else
15638 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15639$as_echo "no" >&6; }
15640 fi
15641
15642
15643# look for field 'ut_tv' in header 'utmp.h'
15644 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15645 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
15646 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5
15647$as_echo_n "checking for ut_tv field in utmp.h... " >&6; }
15648 if eval \${$ossh_varname+:} false; then :
15649 $as_echo_n "(cached) " >&6
15650else
15651
15652 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15653/* end confdefs.h. */
15654#include <utmp.h>
15655
15656_ACEOF
15657if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15658 $EGREP "ut_tv" >/dev/null 2>&1; then :
15659 eval "$ossh_varname=yes"
15660else
15661 eval "$ossh_varname=no"
15662fi
15663rm -f conftest*
15664
15665fi
15666
15667 ossh_result=`eval 'echo $'"$ossh_varname"`
15668 if test -n "`echo $ossh_varname`"; then
15669 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15670$as_echo "$ossh_result" >&6; }
15671 if test "x$ossh_result" = "xyes"; then
15672
15673$as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h
15674
15675 fi
15676 else
15677 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15678$as_echo "no" >&6; }
15679 fi
15680
15681
15682# look for field 'ut_id' in header 'utmp.h'
15683 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15684 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
15685 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5
15686$as_echo_n "checking for ut_id field in utmp.h... " >&6; }
15687 if eval \${$ossh_varname+:} false; then :
15688 $as_echo_n "(cached) " >&6
15689else
15690
15691 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15692/* end confdefs.h. */
15693#include <utmp.h>
15694
15695_ACEOF
15696if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15697 $EGREP "ut_id" >/dev/null 2>&1; then :
15698 eval "$ossh_varname=yes"
15699else
15700 eval "$ossh_varname=no"
15701fi
15702rm -f conftest*
15703
15704fi
15705
15706 ossh_result=`eval 'echo $'"$ossh_varname"`
15707 if test -n "`echo $ossh_varname`"; then
15708 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15709$as_echo "$ossh_result" >&6; }
15710 if test "x$ossh_result" = "xyes"; then
15711
15712$as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h
15713
15714 fi
15715 else
15716 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15717$as_echo "no" >&6; }
15718 fi
15719
15720
15721# look for field 'ut_id' in header 'utmpx.h'
15722 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15723 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
15724 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5
15725$as_echo_n "checking for ut_id field in utmpx.h... " >&6; }
15726 if eval \${$ossh_varname+:} false; then :
15727 $as_echo_n "(cached) " >&6
15728else
15729
15730 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15731/* end confdefs.h. */
15732#include <utmpx.h>
15733
15734_ACEOF
15735if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15736 $EGREP "ut_id" >/dev/null 2>&1; then :
15737 eval "$ossh_varname=yes"
15738else
15739 eval "$ossh_varname=no"
15740fi
15741rm -f conftest*
15742
15743fi
15744
15745 ossh_result=`eval 'echo $'"$ossh_varname"`
15746 if test -n "`echo $ossh_varname`"; then
15747 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15748$as_echo "$ossh_result" >&6; }
15749 if test "x$ossh_result" = "xyes"; then
15750
15751$as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h
15752
15753 fi
15754 else
15755 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15756$as_echo "no" >&6; }
15757 fi
15758
15759
15760# look for field 'ut_addr' in header 'utmp.h'
15761 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15762 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
15763 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5
15764$as_echo_n "checking for ut_addr field in utmp.h... " >&6; }
15765 if eval \${$ossh_varname+:} false; then :
15766 $as_echo_n "(cached) " >&6
15767else
15768
15769 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15770/* end confdefs.h. */
15771#include <utmp.h>
15772
15773_ACEOF
15774if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15775 $EGREP "ut_addr" >/dev/null 2>&1; then :
15776 eval "$ossh_varname=yes"
15777else
15778 eval "$ossh_varname=no"
15779fi
15780rm -f conftest*
15781
15782fi
15783
15784 ossh_result=`eval 'echo $'"$ossh_varname"`
15785 if test -n "`echo $ossh_varname`"; then
15786 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15787$as_echo "$ossh_result" >&6; }
15788 if test "x$ossh_result" = "xyes"; then
15789
15790$as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h
15791
15792 fi
15793 else
15794 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15795$as_echo "no" >&6; }
15796 fi
15797
15798
15799# look for field 'ut_addr' in header 'utmpx.h'
15800 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15801 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
15802 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5
15803$as_echo_n "checking for ut_addr field in utmpx.h... " >&6; }
15804 if eval \${$ossh_varname+:} false; then :
15805 $as_echo_n "(cached) " >&6
15806else
15807
15808 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15809/* end confdefs.h. */
15810#include <utmpx.h>
15811
15812_ACEOF
15813if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15814 $EGREP "ut_addr" >/dev/null 2>&1; then :
15815 eval "$ossh_varname=yes"
15816else
15817 eval "$ossh_varname=no"
15818fi
15819rm -f conftest*
15820
15821fi
15822
15823 ossh_result=`eval 'echo $'"$ossh_varname"`
15824 if test -n "`echo $ossh_varname`"; then
15825 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15826$as_echo "$ossh_result" >&6; }
15827 if test "x$ossh_result" = "xyes"; then
15828
15829$as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h
15830
15831 fi
15832 else
15833 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15834$as_echo "no" >&6; }
15835 fi
15836
15837
15838# look for field 'ut_addr_v6' in header 'utmp.h'
15839 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15840 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
15841 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5
15842$as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; }
15843 if eval \${$ossh_varname+:} false; then :
15844 $as_echo_n "(cached) " >&6
15845else
15846
15847 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15848/* end confdefs.h. */
15849#include <utmp.h>
15850
15851_ACEOF
15852if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15853 $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
15854 eval "$ossh_varname=yes"
15855else
15856 eval "$ossh_varname=no"
15857fi
15858rm -f conftest*
15859
15860fi
15861
15862 ossh_result=`eval 'echo $'"$ossh_varname"`
15863 if test -n "`echo $ossh_varname`"; then
15864 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15865$as_echo "$ossh_result" >&6; }
15866 if test "x$ossh_result" = "xyes"; then
15867
15868$as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h
15869
15870 fi
15871 else
15872 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15873$as_echo "no" >&6; }
15874 fi
15875
15876
15877# look for field 'ut_addr_v6' in header 'utmpx.h'
15878 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15879 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
15880 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5
15881$as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; }
15882 if eval \${$ossh_varname+:} false; then :
15883 $as_echo_n "(cached) " >&6
15884else
15885
15886 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15887/* end confdefs.h. */
15888#include <utmpx.h>
15889
15890_ACEOF
15891if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15892 $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
15893 eval "$ossh_varname=yes"
15894else
15895 eval "$ossh_varname=no"
15896fi
15897rm -f conftest*
15898
15899fi
15900
15901 ossh_result=`eval 'echo $'"$ossh_varname"`
15902 if test -n "`echo $ossh_varname`"; then
15903 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15904$as_echo "$ossh_result" >&6; }
15905 if test "x$ossh_result" = "xyes"; then
15906
15907$as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h
15908
15909 fi
15910 else
15911 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15912$as_echo "no" >&6; }
15913 fi
15914
15915
15916# look for field 'ut_exit' in header 'utmp.h'
15917 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15918 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit
15919 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5
15920$as_echo_n "checking for ut_exit field in utmp.h... " >&6; }
15921 if eval \${$ossh_varname+:} false; then :
15922 $as_echo_n "(cached) " >&6
15923else
15924
15925 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15926/* end confdefs.h. */
15927#include <utmp.h>
15928
15929_ACEOF
15930if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15931 $EGREP "ut_exit" >/dev/null 2>&1; then :
15932 eval "$ossh_varname=yes"
15933else
15934 eval "$ossh_varname=no"
15935fi
15936rm -f conftest*
15937
15938fi
15939
15940 ossh_result=`eval 'echo $'"$ossh_varname"`
15941 if test -n "`echo $ossh_varname`"; then
15942 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15943$as_echo "$ossh_result" >&6; }
15944 if test "x$ossh_result" = "xyes"; then
15945
15946$as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h
15947
15948 fi
15949 else
15950 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15951$as_echo "no" >&6; }
15952 fi
15953
15954
15955# look for field 'ut_time' in header 'utmp.h'
15956 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15957 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
15958 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5
15959$as_echo_n "checking for ut_time field in utmp.h... " >&6; }
15960 if eval \${$ossh_varname+:} false; then :
15961 $as_echo_n "(cached) " >&6
15962else
15963
15964 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15965/* end confdefs.h. */
15966#include <utmp.h>
15967
15968_ACEOF
15969if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15970 $EGREP "ut_time" >/dev/null 2>&1; then :
15971 eval "$ossh_varname=yes"
15972else
15973 eval "$ossh_varname=no"
15974fi
15975rm -f conftest*
15976
15977fi
15978
15979 ossh_result=`eval 'echo $'"$ossh_varname"`
15980 if test -n "`echo $ossh_varname`"; then
15981 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15982$as_echo "$ossh_result" >&6; }
15983 if test "x$ossh_result" = "xyes"; then
15984
15985$as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h
15986
15987 fi
15988 else
15989 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15990$as_echo "no" >&6; }
15991 fi
15992
15993
15994# look for field 'ut_time' in header 'utmpx.h'
15995 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15996 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
15997 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5
15998$as_echo_n "checking for ut_time field in utmpx.h... " >&6; }
15999 if eval \${$ossh_varname+:} false; then :
16000 $as_echo_n "(cached) " >&6
16001else
16002
16003 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16004/* end confdefs.h. */
16005#include <utmpx.h>
16006
16007_ACEOF
16008if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16009 $EGREP "ut_time" >/dev/null 2>&1; then :
16010 eval "$ossh_varname=yes"
16011else
16012 eval "$ossh_varname=no"
16013fi
16014rm -f conftest*
16015
16016fi
16017
16018 ossh_result=`eval 'echo $'"$ossh_varname"`
16019 if test -n "`echo $ossh_varname`"; then
16020 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16021$as_echo "$ossh_result" >&6; }
16022 if test "x$ossh_result" = "xyes"; then
16023
16024$as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h
16025
16026 fi
16027 else
16028 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16029$as_echo "no" >&6; }
16030 fi
16031
16032
16033# look for field 'ut_tv' in header 'utmpx.h'
16034 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
16035 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
16036 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5
16037$as_echo_n "checking for ut_tv field in utmpx.h... " >&6; }
16038 if eval \${$ossh_varname+:} false; then :
16039 $as_echo_n "(cached) " >&6
16040else
16041
16042 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16043/* end confdefs.h. */
16044#include <utmpx.h>
16045
16046_ACEOF
16047if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16048 $EGREP "ut_tv" >/dev/null 2>&1; then :
16049 eval "$ossh_varname=yes"
16050else
16051 eval "$ossh_varname=no"
16052fi
16053rm -f conftest*
16054
16055fi
16056
16057 ossh_result=`eval 'echo $'"$ossh_varname"`
16058 if test -n "`echo $ossh_varname`"; then
16059 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16060$as_echo "$ossh_result" >&6; }
16061 if test "x$ossh_result" = "xyes"; then
16062
16063$as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h
16064
16065 fi
16066 else
16067 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16068$as_echo "no" >&6; }
16069 fi
16070
16071
16072ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default"
16073if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then :
16074
16075cat >>confdefs.h <<_ACEOF
16076#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
16077_ACEOF
16078
16079
16080fi
16081
16082ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" "
16083#include <sys/types.h>
16084#include <pwd.h>
16085
16086"
16087if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then :
16088
16089cat >>confdefs.h <<_ACEOF
16090#define HAVE_STRUCT_PASSWD_PW_GECOS 1
16091_ACEOF
16092
16093
16094fi
16095ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" "
16096#include <sys/types.h>
16097#include <pwd.h>
16098
16099"
16100if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then :
16101
16102cat >>confdefs.h <<_ACEOF
16103#define HAVE_STRUCT_PASSWD_PW_CLASS 1
16104_ACEOF
16105
16106
16107fi
16108ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" "
16109#include <sys/types.h>
16110#include <pwd.h>
16111
16112"
16113if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then :
16114
16115cat >>confdefs.h <<_ACEOF
16116#define HAVE_STRUCT_PASSWD_PW_CHANGE 1
16117_ACEOF
16118
16119
16120fi
16121ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" "
16122#include <sys/types.h>
16123#include <pwd.h>
16124
16125"
16126if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then :
16127
16128cat >>confdefs.h <<_ACEOF
16129#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1
16130_ACEOF
16131
16132
16133fi
16134
16135
16136ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" "
16137#include <stdio.h>
16138#if HAVE_SYS_TYPES_H
16139# include <sys/types.h>
16140#endif
16141#include <netinet/in.h>
16142#include <arpa/nameser.h>
16143#include <resolv.h>
16144
16145"
16146if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then :
16147
16148else
16149
16150$as_echo "#define __res_state state" >>confdefs.h
16151
16152fi
16153
16154
16155{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5
16156$as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; }
16157if ${ac_cv_have_ss_family_in_struct_ss+:} false; then :
16158 $as_echo_n "(cached) " >&6
16159else
16160
16161 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16162/* end confdefs.h. */
16163
16164#include <sys/types.h>
16165#include <sys/socket.h>
16166
16167int
16168main ()
16169{
16170 struct sockaddr_storage s; s.ss_family = 1;
16171 ;
16172 return 0;
16173}
16174_ACEOF
16175if ac_fn_c_try_compile "$LINENO"; then :
16176 ac_cv_have_ss_family_in_struct_ss="yes"
16177else
16178 ac_cv_have_ss_family_in_struct_ss="no"
16179fi
16180rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16181
16182fi
16183{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5
16184$as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; }
16185if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
16186
16187$as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h
16188
16189fi
16190
16191{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5
16192$as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; }
16193if ${ac_cv_have___ss_family_in_struct_ss+:} false; then :
16194 $as_echo_n "(cached) " >&6
16195else
16196
16197 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16198/* end confdefs.h. */
16199
16200#include <sys/types.h>
16201#include <sys/socket.h>
16202
16203int
16204main ()
16205{
16206 struct sockaddr_storage s; s.__ss_family = 1;
16207 ;
16208 return 0;
16209}
16210_ACEOF
16211if ac_fn_c_try_compile "$LINENO"; then :
16212 ac_cv_have___ss_family_in_struct_ss="yes"
16213else
16214 ac_cv_have___ss_family_in_struct_ss="no"
16215
16216fi
16217rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16218
16219fi
16220{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5
16221$as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; }
16222if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
16223
16224$as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h
16225
16226fi
16227
16228{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5
16229$as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; }
16230if ${ac_cv_have_accrights_in_msghdr+:} false; then :
16231 $as_echo_n "(cached) " >&6
16232else
16233
16234 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16235/* end confdefs.h. */
16236
16237#include <sys/types.h>
16238#include <sys/socket.h>
16239#include <sys/uio.h>
16240
16241int
16242main ()
16243{
16244
16245#ifdef msg_accrights
16246#error "msg_accrights is a macro"
16247exit(1);
16248#endif
16249struct msghdr m;
16250m.msg_accrights = 0;
16251exit(0);
16252
16253 ;
16254 return 0;
16255}
16256_ACEOF
16257if ac_fn_c_try_compile "$LINENO"; then :
16258 ac_cv_have_accrights_in_msghdr="yes"
16259else
16260 ac_cv_have_accrights_in_msghdr="no"
16261
16262fi
16263rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16264
16265fi
16266{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5
16267$as_echo "$ac_cv_have_accrights_in_msghdr" >&6; }
16268if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
16269
16270$as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h
16271
16272fi
16273
16274{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5
16275$as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; }
16276cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16277/* end confdefs.h. */
16278
16279#include <sys/param.h>
16280#include <sys/stat.h>
16281#ifdef HAVE_SYS_TIME_H
16282# include <sys/time.h>
16283#endif
16284#ifdef HAVE_SYS_MOUNT_H
16285#include <sys/mount.h>
16286#endif
16287#ifdef HAVE_SYS_STATVFS_H
16288#include <sys/statvfs.h>
16289#endif
16290
16291int
16292main ()
16293{
16294 struct statvfs s; s.f_fsid = 0;
16295 ;
16296 return 0;
16297}
16298_ACEOF
16299if ac_fn_c_try_compile "$LINENO"; then :
16300 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16301$as_echo "yes" >&6; }
16302else
16303 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16304$as_echo "no" >&6; }
16305
16306 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5
16307$as_echo_n "checking if fsid_t has member val... " >&6; }
16308 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16309/* end confdefs.h. */
16310
16311#include <sys/types.h>
16312#include <sys/statvfs.h>
16313
16314int
16315main ()
16316{
16317 fsid_t t; t.val[0] = 0;
16318 ;
16319 return 0;
16320}
16321_ACEOF
16322if ac_fn_c_try_compile "$LINENO"; then :
16323 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16324$as_echo "yes" >&6; }
16325
16326$as_echo "#define FSID_HAS_VAL 1" >>confdefs.h
16327
16328else
16329 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16330$as_echo "no" >&6; }
16331fi
16332rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16333
16334 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5
16335$as_echo_n "checking if f_fsid has member __val... " >&6; }
16336 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16337/* end confdefs.h. */
16338
16339#include <sys/types.h>
16340#include <sys/statvfs.h>
16341
16342int
16343main ()
16344{
16345 fsid_t t; t.__val[0] = 0;
16346 ;
16347 return 0;
16348}
16349_ACEOF
16350if ac_fn_c_try_compile "$LINENO"; then :
16351 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16352$as_echo "yes" >&6; }
16353
16354$as_echo "#define FSID_HAS___VAL 1" >>confdefs.h
16355
16356else
16357 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16358$as_echo "no" >&6; }
16359fi
16360rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16361
16362fi
16363rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16364
16365{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5
16366$as_echo_n "checking for msg_control field in struct msghdr... " >&6; }
16367if ${ac_cv_have_control_in_msghdr+:} false; then :
16368 $as_echo_n "(cached) " >&6
16369else
16370
16371 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16372/* end confdefs.h. */
16373
16374#include <sys/types.h>
16375#include <sys/socket.h>
16376#include <sys/uio.h>
16377
16378int
16379main ()
16380{
16381
16382#ifdef msg_control
16383#error "msg_control is a macro"
16384exit(1);
16385#endif
16386struct msghdr m;
16387m.msg_control = 0;
16388exit(0);
16389
16390 ;
16391 return 0;
16392}
16393_ACEOF
16394if ac_fn_c_try_compile "$LINENO"; then :
16395 ac_cv_have_control_in_msghdr="yes"
16396else
16397 ac_cv_have_control_in_msghdr="no"
16398
16399fi
16400rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16401
16402fi
16403{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5
16404$as_echo "$ac_cv_have_control_in_msghdr" >&6; }
16405if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
16406
16407$as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h
16408
16409fi
16410
16411{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5
16412$as_echo_n "checking if libc defines __progname... " >&6; }
16413if ${ac_cv_libc_defines___progname+:} false; then :
16414 $as_echo_n "(cached) " >&6
16415else
16416
16417 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16418/* end confdefs.h. */
16419
16420int
16421main ()
16422{
16423 extern char *__progname; printf("%s", __progname);
16424 ;
16425 return 0;
16426}
16427_ACEOF
16428if ac_fn_c_try_link "$LINENO"; then :
16429 ac_cv_libc_defines___progname="yes"
16430else
16431 ac_cv_libc_defines___progname="no"
16432
16433fi
16434rm -f core conftest.err conftest.$ac_objext \
16435 conftest$ac_exeext conftest.$ac_ext
16436
16437fi
16438{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5
16439$as_echo "$ac_cv_libc_defines___progname" >&6; }
16440if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
16441
16442$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h
16443
16444fi
16445
16446{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5
16447$as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; }
16448if ${ac_cv_cc_implements___FUNCTION__+:} false; then :
16449 $as_echo_n "(cached) " >&6
16450else
16451
16452 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16453/* end confdefs.h. */
16454 #include <stdio.h>
16455int
16456main ()
16457{
16458 printf("%s", __FUNCTION__);
16459 ;
16460 return 0;
16461}
16462_ACEOF
16463if ac_fn_c_try_link "$LINENO"; then :
16464 ac_cv_cc_implements___FUNCTION__="yes"
16465else
16466 ac_cv_cc_implements___FUNCTION__="no"
16467
16468fi
16469rm -f core conftest.err conftest.$ac_objext \
16470 conftest$ac_exeext conftest.$ac_ext
16471
16472fi
16473{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5
16474$as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; }
16475if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
16476
16477$as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h
16478
16479fi
16480
16481{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5
16482$as_echo_n "checking whether $CC implements __func__... " >&6; }
16483if ${ac_cv_cc_implements___func__+:} false; then :
16484 $as_echo_n "(cached) " >&6
16485else
16486
16487 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16488/* end confdefs.h. */
16489 #include <stdio.h>
16490int
16491main ()
16492{
16493 printf("%s", __func__);
16494 ;
16495 return 0;
16496}
16497_ACEOF
16498if ac_fn_c_try_link "$LINENO"; then :
16499 ac_cv_cc_implements___func__="yes"
16500else
16501 ac_cv_cc_implements___func__="no"
16502
16503fi
16504rm -f core conftest.err conftest.$ac_objext \
16505 conftest$ac_exeext conftest.$ac_ext
16506
16507fi
16508{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5
16509$as_echo "$ac_cv_cc_implements___func__" >&6; }
16510if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
16511
16512$as_echo "#define HAVE___func__ 1" >>confdefs.h
16513
16514fi
16515
16516{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5
16517$as_echo_n "checking whether va_copy exists... " >&6; }
16518if ${ac_cv_have_va_copy+:} false; then :
16519 $as_echo_n "(cached) " >&6
16520else
16521
16522 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16523/* end confdefs.h. */
16524
16525#include <stdarg.h>
16526va_list x,y;
16527
16528int
16529main ()
16530{
16531 va_copy(x,y);
16532 ;
16533 return 0;
16534}
16535_ACEOF
16536if ac_fn_c_try_link "$LINENO"; then :
16537 ac_cv_have_va_copy="yes"
16538else
16539 ac_cv_have_va_copy="no"
16540
16541fi
16542rm -f core conftest.err conftest.$ac_objext \
16543 conftest$ac_exeext conftest.$ac_ext
16544
16545fi
16546{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5
16547$as_echo "$ac_cv_have_va_copy" >&6; }
16548if test "x$ac_cv_have_va_copy" = "xyes" ; then
16549
16550$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h
16551
16552fi
16553
16554{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5
16555$as_echo_n "checking whether __va_copy exists... " >&6; }
16556if ${ac_cv_have___va_copy+:} false; then :
16557 $as_echo_n "(cached) " >&6
16558else
16559
16560 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16561/* end confdefs.h. */
16562
16563#include <stdarg.h>
16564va_list x,y;
16565
16566int
16567main ()
16568{
16569 __va_copy(x,y);
16570 ;
16571 return 0;
16572}
16573_ACEOF
16574if ac_fn_c_try_link "$LINENO"; then :
16575 ac_cv_have___va_copy="yes"
16576else
16577 ac_cv_have___va_copy="no"
16578
16579fi
16580rm -f core conftest.err conftest.$ac_objext \
16581 conftest$ac_exeext conftest.$ac_ext
16582
16583fi
16584{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5
16585$as_echo "$ac_cv_have___va_copy" >&6; }
16586if test "x$ac_cv_have___va_copy" = "xyes" ; then
16587
16588$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h
16589
16590fi
16591
16592{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5
16593$as_echo_n "checking whether getopt has optreset support... " >&6; }
16594if ${ac_cv_have_getopt_optreset+:} false; then :
16595 $as_echo_n "(cached) " >&6
16596else
16597
16598 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16599/* end confdefs.h. */
16600 #include <getopt.h>
16601int
16602main ()
16603{
16604 extern int optreset; optreset = 0;
16605 ;
16606 return 0;
16607}
16608_ACEOF
16609if ac_fn_c_try_link "$LINENO"; then :
16610 ac_cv_have_getopt_optreset="yes"
16611else
16612 ac_cv_have_getopt_optreset="no"
16613
16614fi
16615rm -f core conftest.err conftest.$ac_objext \
16616 conftest$ac_exeext conftest.$ac_ext
16617
16618fi
16619{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5
16620$as_echo "$ac_cv_have_getopt_optreset" >&6; }
16621if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
16622
16623$as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h
16624
16625fi
16626
16627{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5
16628$as_echo_n "checking if libc defines sys_errlist... " >&6; }
16629if ${ac_cv_libc_defines_sys_errlist+:} false; then :
16630 $as_echo_n "(cached) " >&6
16631else
16632
16633 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16634/* end confdefs.h. */
16635
16636int
16637main ()
16638{
16639 extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);
16640 ;
16641 return 0;
16642}
16643_ACEOF
16644if ac_fn_c_try_link "$LINENO"; then :
16645 ac_cv_libc_defines_sys_errlist="yes"
16646else
16647 ac_cv_libc_defines_sys_errlist="no"
16648
16649fi
16650rm -f core conftest.err conftest.$ac_objext \
16651 conftest$ac_exeext conftest.$ac_ext
16652
16653fi
16654{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5
16655$as_echo "$ac_cv_libc_defines_sys_errlist" >&6; }
16656if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
16657
16658$as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h
16659
16660fi
16661
16662
16663{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5
16664$as_echo_n "checking if libc defines sys_nerr... " >&6; }
16665if ${ac_cv_libc_defines_sys_nerr+:} false; then :
16666 $as_echo_n "(cached) " >&6
16667else
16668
16669 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16670/* end confdefs.h. */
16671
16672int
16673main ()
16674{
16675 extern int sys_nerr; printf("%i", sys_nerr);
16676 ;
16677 return 0;
16678}
16679_ACEOF
16680if ac_fn_c_try_link "$LINENO"; then :
16681 ac_cv_libc_defines_sys_nerr="yes"
16682else
16683 ac_cv_libc_defines_sys_nerr="no"
16684
16685fi
16686rm -f core conftest.err conftest.$ac_objext \
16687 conftest$ac_exeext conftest.$ac_ext
16688
16689fi
16690{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5
16691$as_echo "$ac_cv_libc_defines_sys_nerr" >&6; }
16692if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
16693
16694$as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h
16695
16696fi
16697
16698# Check libraries needed by DNS fingerprint support
16699{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5
16700$as_echo_n "checking for library containing getrrsetbyname... " >&6; }
16701if ${ac_cv_search_getrrsetbyname+:} false; then :
16702 $as_echo_n "(cached) " >&6
16703else
16704 ac_func_search_save_LIBS=$LIBS
16705cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16706/* end confdefs.h. */
16707
16708/* Override any GCC internal prototype to avoid an error.
16709 Use char because int might match the return type of a GCC
16710 builtin and then its argument prototype would still apply. */
16711#ifdef __cplusplus
16712extern "C"
16713#endif
16714char getrrsetbyname ();
16715int
16716main ()
16717{
16718return getrrsetbyname ();
16719 ;
16720 return 0;
16721}
16722_ACEOF
16723for ac_lib in '' resolv; do
16724 if test -z "$ac_lib"; then
16725 ac_res="none required"
16726 else
16727 ac_res=-l$ac_lib
16728 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
16729 fi
16730 if ac_fn_c_try_link "$LINENO"; then :
16731 ac_cv_search_getrrsetbyname=$ac_res
16732fi
16733rm -f core conftest.err conftest.$ac_objext \
16734 conftest$ac_exeext
16735 if ${ac_cv_search_getrrsetbyname+:} false; then :
16736 break
16737fi
16738done
16739if ${ac_cv_search_getrrsetbyname+:} false; then :
16740
16741else
16742 ac_cv_search_getrrsetbyname=no
16743fi
16744rm conftest.$ac_ext
16745LIBS=$ac_func_search_save_LIBS
16746fi
16747{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5
16748$as_echo "$ac_cv_search_getrrsetbyname" >&6; }
16749ac_res=$ac_cv_search_getrrsetbyname
16750if test "$ac_res" != no; then :
16751 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
16752
16753$as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h
16754
16755else
16756
16757 # Needed by our getrrsetbyname()
16758 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5
16759$as_echo_n "checking for library containing res_query... " >&6; }
16760if ${ac_cv_search_res_query+:} false; then :
16761 $as_echo_n "(cached) " >&6
16762else
16763 ac_func_search_save_LIBS=$LIBS
16764cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16765/* end confdefs.h. */
16766
16767/* Override any GCC internal prototype to avoid an error.
16768 Use char because int might match the return type of a GCC
16769 builtin and then its argument prototype would still apply. */
16770#ifdef __cplusplus
16771extern "C"
16772#endif
16773char res_query ();
16774int
16775main ()
16776{
16777return res_query ();
16778 ;
16779 return 0;
16780}
16781_ACEOF
16782for ac_lib in '' resolv; do
16783 if test -z "$ac_lib"; then
16784 ac_res="none required"
16785 else
16786 ac_res=-l$ac_lib
16787 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
16788 fi
16789 if ac_fn_c_try_link "$LINENO"; then :
16790 ac_cv_search_res_query=$ac_res
16791fi
16792rm -f core conftest.err conftest.$ac_objext \
16793 conftest$ac_exeext
16794 if ${ac_cv_search_res_query+:} false; then :
16795 break
16796fi
16797done
16798if ${ac_cv_search_res_query+:} false; then :
16799
16800else
16801 ac_cv_search_res_query=no
16802fi
16803rm conftest.$ac_ext
16804LIBS=$ac_func_search_save_LIBS
16805fi
16806{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5
16807$as_echo "$ac_cv_search_res_query" >&6; }
16808ac_res=$ac_cv_search_res_query
16809if test "$ac_res" != no; then :
16810 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
16811
16812fi
16813
16814 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
16815$as_echo_n "checking for library containing dn_expand... " >&6; }
16816if ${ac_cv_search_dn_expand+:} false; then :
16817 $as_echo_n "(cached) " >&6
16818else
16819 ac_func_search_save_LIBS=$LIBS
16820cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16821/* end confdefs.h. */
16822
16823/* Override any GCC internal prototype to avoid an error.
16824 Use char because int might match the return type of a GCC
16825 builtin and then its argument prototype would still apply. */
16826#ifdef __cplusplus
16827extern "C"
16828#endif
16829char dn_expand ();
16830int
16831main ()
16832{
16833return dn_expand ();
16834 ;
16835 return 0;
16836}
16837_ACEOF
16838for ac_lib in '' resolv; do
16839 if test -z "$ac_lib"; then
16840 ac_res="none required"
16841 else
16842 ac_res=-l$ac_lib
16843 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
16844 fi
16845 if ac_fn_c_try_link "$LINENO"; then :
16846 ac_cv_search_dn_expand=$ac_res
16847fi
16848rm -f core conftest.err conftest.$ac_objext \
16849 conftest$ac_exeext
16850 if ${ac_cv_search_dn_expand+:} false; then :
16851 break
16852fi
16853done
16854if ${ac_cv_search_dn_expand+:} false; then :
16855
16856else
16857 ac_cv_search_dn_expand=no
16858fi
16859rm conftest.$ac_ext
16860LIBS=$ac_func_search_save_LIBS
16861fi
16862{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
16863$as_echo "$ac_cv_search_dn_expand" >&6; }
16864ac_res=$ac_cv_search_dn_expand
16865if test "$ac_res" != no; then :
16866 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
16867
16868fi
16869
16870 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5
16871$as_echo_n "checking if res_query will link... " >&6; }
16872 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16873/* end confdefs.h. */
16874
16875#include <sys/types.h>
16876#include <netinet/in.h>
16877#include <arpa/nameser.h>
16878#include <netdb.h>
16879#include <resolv.h>
16880
16881int
16882main ()
16883{
16884
16885 res_query (0, 0, 0, 0, 0);
16886
16887 ;
16888 return 0;
16889}
16890_ACEOF
16891if ac_fn_c_try_link "$LINENO"; then :
16892 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16893$as_echo "yes" >&6; }
16894else
16895 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16896$as_echo "no" >&6; }
16897 saved_LIBS="$LIBS"
16898 LIBS="$LIBS -lresolv"
16899 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
16900$as_echo_n "checking for res_query in -lresolv... " >&6; }
16901 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16902/* end confdefs.h. */
16903
16904#include <sys/types.h>
16905#include <netinet/in.h>
16906#include <arpa/nameser.h>
16907#include <netdb.h>
16908#include <resolv.h>
16909
16910int
16911main ()
16912{
16913
16914 res_query (0, 0, 0, 0, 0);
16915
16916 ;
16917 return 0;
16918}
16919_ACEOF
16920if ac_fn_c_try_link "$LINENO"; then :
16921 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16922$as_echo "yes" >&6; }
16923else
16924 LIBS="$saved_LIBS"
16925 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16926$as_echo "no" >&6; }
16927fi
16928rm -f core conftest.err conftest.$ac_objext \
16929 conftest$ac_exeext conftest.$ac_ext
16930
16931fi
16932rm -f core conftest.err conftest.$ac_objext \
16933 conftest$ac_exeext conftest.$ac_ext
16934 for ac_func in _getshort _getlong
16935do :
16936 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
16937ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
16938if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
16939 cat >>confdefs.h <<_ACEOF
16940#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
16941_ACEOF
16942
16943fi
16944done
16945
16946 ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h>
16947 #include <arpa/nameser.h>
16948"
16949if test "x$ac_cv_have_decl__getshort" = xyes; then :
16950 ac_have_decl=1
16951else
16952 ac_have_decl=0
16953fi
16954
16955cat >>confdefs.h <<_ACEOF
16956#define HAVE_DECL__GETSHORT $ac_have_decl
16957_ACEOF
16958ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h>
16959 #include <arpa/nameser.h>
16960"
16961if test "x$ac_cv_have_decl__getlong" = xyes; then :
16962 ac_have_decl=1
16963else
16964 ac_have_decl=0
16965fi
16966
16967cat >>confdefs.h <<_ACEOF
16968#define HAVE_DECL__GETLONG $ac_have_decl
16969_ACEOF
16970
16971 ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h>
16972"
16973if test "x$ac_cv_member_HEADER_ad" = xyes; then :
16974
16975$as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h
16976
16977fi
16978
16979
16980fi
16981
16982
16983{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5
16984$as_echo_n "checking if struct __res_state _res is an extern... " >&6; }
16985cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16986/* end confdefs.h. */
16987
16988#include <stdio.h>
16989#if HAVE_SYS_TYPES_H
16990# include <sys/types.h>
16991#endif
16992#include <netinet/in.h>
16993#include <arpa/nameser.h>
16994#include <resolv.h>
16995extern struct __res_state _res;
16996
16997int
16998main ()
16999{
17000
17001struct __res_state *volatile p = &_res; /* force resolution of _res */
17002return 0;
17003
17004 ;
17005 return 0;
17006}
17007_ACEOF
17008if ac_fn_c_try_link "$LINENO"; then :
17009 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17010$as_echo "yes" >&6; }
17011
17012$as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h
17013
17014
17015else
17016 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17017$as_echo "no" >&6; }
17018
17019fi
17020rm -f core conftest.err conftest.$ac_objext \
17021 conftest$ac_exeext conftest.$ac_ext
17022
17023# Check whether user wants SELinux support
17024SELINUX_MSG="no"
17025LIBSELINUX=""
17026
17027# Check whether --with-selinux was given.
17028if test "${with_selinux+set}" = set; then :
17029 withval=$with_selinux; if test "x$withval" != "xno" ; then
17030 save_LIBS="$LIBS"
17031
17032$as_echo "#define WITH_SELINUX 1" >>confdefs.h
17033
17034 SELINUX_MSG="yes"
17035 ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default"
17036if test "x$ac_cv_header_selinux_selinux_h" = xyes; then :
17037
17038else
17039 as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5
17040fi
17041
17042
17043 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5
17044$as_echo_n "checking for setexeccon in -lselinux... " >&6; }
17045if ${ac_cv_lib_selinux_setexeccon+:} false; then :
17046 $as_echo_n "(cached) " >&6
17047else
17048 ac_check_lib_save_LIBS=$LIBS
17049LIBS="-lselinux $LIBS"
17050cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17051/* end confdefs.h. */
17052
17053/* Override any GCC internal prototype to avoid an error.
17054 Use char because int might match the return type of a GCC
17055 builtin and then its argument prototype would still apply. */
17056#ifdef __cplusplus
17057extern "C"
17058#endif
17059char setexeccon ();
17060int
17061main ()
17062{
17063return setexeccon ();
17064 ;
17065 return 0;
17066}
17067_ACEOF
17068if ac_fn_c_try_link "$LINENO"; then :
17069 ac_cv_lib_selinux_setexeccon=yes
17070else
17071 ac_cv_lib_selinux_setexeccon=no
17072fi
17073rm -f core conftest.err conftest.$ac_objext \
17074 conftest$ac_exeext conftest.$ac_ext
17075LIBS=$ac_check_lib_save_LIBS
17076fi
17077{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5
17078$as_echo "$ac_cv_lib_selinux_setexeccon" >&6; }
17079if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then :
17080 LIBSELINUX="-lselinux"
17081 LIBS="$LIBS -lselinux"
17082
17083else
17084 as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5
17085fi
17086
17087 SSHLIBS="$SSHLIBS $LIBSELINUX"
17088 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
17089 for ac_func in getseuserbyname get_default_context_with_level
17090do :
17091 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
17092ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
17093if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
17094 cat >>confdefs.h <<_ACEOF
17095#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
17096_ACEOF
17097
17098fi
17099done
17100
17101 LIBS="$save_LIBS"
17102 fi
17103
17104fi
17105
17106
17107
17108
17109# Check whether user wants Kerberos 5 support
17110KRB5_MSG="no"
17111
17112# Check whether --with-kerberos5 was given.
17113if test "${with_kerberos5+set}" = set; then :
17114 withval=$with_kerberos5; if test "x$withval" != "xno" ; then
17115 if test "x$withval" = "xyes" ; then
17116 KRB5ROOT="/usr/local"
17117 else
17118 KRB5ROOT=${withval}
17119 fi
17120
17121
17122$as_echo "#define KRB5 1" >>confdefs.h
17123
17124 KRB5_MSG="yes"
17125
17126 if test -n "$ac_tool_prefix"; then
17127 # Extract the first word of "${ac_tool_prefix}krb5-config", so it can be a program name with args.
17128set dummy ${ac_tool_prefix}krb5-config; ac_word=$2
17129{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17130$as_echo_n "checking for $ac_word... " >&6; }
17131if ${ac_cv_path_KRB5CONF+:} false; then :
17132 $as_echo_n "(cached) " >&6
17133else
17134 case $KRB5CONF in
17135 [\\/]* | ?:[\\/]*)
17136 ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path.
17137 ;;
17138 *)
17139 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17140as_dummy="$KRB5ROOT/bin:$PATH"
17141for as_dir in $as_dummy
17142do
17143 IFS=$as_save_IFS
17144 test -z "$as_dir" && as_dir=.
17145 for ac_exec_ext in '' $ac_executable_extensions; do
17146 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
17147 ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext"
17148 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17149 break 2
17150 fi
17151done
17152 done
17153IFS=$as_save_IFS
17154
17155 ;;
17156esac
17157fi
17158KRB5CONF=$ac_cv_path_KRB5CONF
17159if test -n "$KRB5CONF"; then
17160 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5
17161$as_echo "$KRB5CONF" >&6; }
17162else
17163 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17164$as_echo "no" >&6; }
17165fi
17166
17167
17168fi
17169if test -z "$ac_cv_path_KRB5CONF"; then
17170 ac_pt_KRB5CONF=$KRB5CONF
17171 # Extract the first word of "krb5-config", so it can be a program name with args.
17172set dummy krb5-config; ac_word=$2
17173{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17174$as_echo_n "checking for $ac_word... " >&6; }
17175if ${ac_cv_path_ac_pt_KRB5CONF+:} false; then :
17176 $as_echo_n "(cached) " >&6
17177else
17178 case $ac_pt_KRB5CONF in
17179 [\\/]* | ?:[\\/]*)
17180 ac_cv_path_ac_pt_KRB5CONF="$ac_pt_KRB5CONF" # Let the user override the test with a path.
17181 ;;
17182 *)
17183 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17184as_dummy="$KRB5ROOT/bin:$PATH"
17185for as_dir in $as_dummy
17186do
17187 IFS=$as_save_IFS
17188 test -z "$as_dir" && as_dir=.
17189 for ac_exec_ext in '' $ac_executable_extensions; do
17190 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
17191 ac_cv_path_ac_pt_KRB5CONF="$as_dir/$ac_word$ac_exec_ext"
17192 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17193 break 2
17194 fi
17195done
17196 done
17197IFS=$as_save_IFS
17198
17199 ;;
17200esac
17201fi
17202ac_pt_KRB5CONF=$ac_cv_path_ac_pt_KRB5CONF
17203if test -n "$ac_pt_KRB5CONF"; then
17204 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_KRB5CONF" >&5
17205$as_echo "$ac_pt_KRB5CONF" >&6; }
17206else
17207 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17208$as_echo "no" >&6; }
17209fi
17210
17211 if test "x$ac_pt_KRB5CONF" = x; then
17212 KRB5CONF="$KRB5ROOT/bin/krb5-config"
17213 else
17214 case $cross_compiling:$ac_tool_warned in
17215yes:)
17216{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
17217$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
17218ac_tool_warned=yes ;;
17219esac
17220 KRB5CONF=$ac_pt_KRB5CONF
17221 fi
17222else
17223 KRB5CONF="$ac_cv_path_KRB5CONF"
17224fi
17225
17226 if test -x $KRB5CONF ; then
17227 K5CFLAGS="`$KRB5CONF --cflags`"
17228 K5LIBS="`$KRB5CONF --libs`"
17229 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
17230
17231 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5
17232$as_echo_n "checking for gssapi support... " >&6; }
17233 if $KRB5CONF | grep gssapi >/dev/null ; then
17234 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17235$as_echo "yes" >&6; }
17236
17237$as_echo "#define GSSAPI 1" >>confdefs.h
17238
17239 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
17240 GSSLIBS="`$KRB5CONF --libs gssapi`"
17241 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
17242 else
17243 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17244$as_echo "no" >&6; }
17245 fi
17246 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
17247$as_echo_n "checking whether we are using Heimdal... " >&6; }
17248 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17249/* end confdefs.h. */
17250 #include <krb5.h>
17251
17252int
17253main ()
17254{
17255 char *tmp = heimdal_version;
17256 ;
17257 return 0;
17258}
17259_ACEOF
17260if ac_fn_c_try_compile "$LINENO"; then :
17261 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17262$as_echo "yes" >&6; }
17263
17264$as_echo "#define HEIMDAL 1" >>confdefs.h
17265
17266else
17267 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17268$as_echo "no" >&6; }
17269
17270fi
17271rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
17272 else
17273 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
17274 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
17275 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
17276$as_echo_n "checking whether we are using Heimdal... " >&6; }
17277 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17278/* end confdefs.h. */
17279 #include <krb5.h>
17280
17281int
17282main ()
17283{
17284 char *tmp = heimdal_version;
17285 ;
17286 return 0;
17287}
17288_ACEOF
17289if ac_fn_c_try_compile "$LINENO"; then :
17290 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17291$as_echo "yes" >&6; }
17292 $as_echo "#define HEIMDAL 1" >>confdefs.h
17293
17294 K5LIBS="-lkrb5"
17295 K5LIBS="$K5LIBS -lcom_err -lasn1"
17296 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5
17297$as_echo_n "checking for net_write in -lroken... " >&6; }
17298if ${ac_cv_lib_roken_net_write+:} false; then :
17299 $as_echo_n "(cached) " >&6
17300else
17301 ac_check_lib_save_LIBS=$LIBS
17302LIBS="-lroken $LIBS"
17303cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17304/* end confdefs.h. */
17305
17306/* Override any GCC internal prototype to avoid an error.
17307 Use char because int might match the return type of a GCC
17308 builtin and then its argument prototype would still apply. */
17309#ifdef __cplusplus
17310extern "C"
17311#endif
17312char net_write ();
17313int
17314main ()
17315{
17316return net_write ();
17317 ;
17318 return 0;
17319}
17320_ACEOF
17321if ac_fn_c_try_link "$LINENO"; then :
17322 ac_cv_lib_roken_net_write=yes
17323else
17324 ac_cv_lib_roken_net_write=no
17325fi
17326rm -f core conftest.err conftest.$ac_objext \
17327 conftest$ac_exeext conftest.$ac_ext
17328LIBS=$ac_check_lib_save_LIBS
17329fi
17330{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5
17331$as_echo "$ac_cv_lib_roken_net_write" >&6; }
17332if test "x$ac_cv_lib_roken_net_write" = xyes; then :
17333 K5LIBS="$K5LIBS -lroken"
17334fi
17335
17336 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
17337$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
17338if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then :
17339 $as_echo_n "(cached) " >&6
17340else
17341 ac_check_lib_save_LIBS=$LIBS
17342LIBS="-ldes $LIBS"
17343cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17344/* end confdefs.h. */
17345
17346/* Override any GCC internal prototype to avoid an error.
17347 Use char because int might match the return type of a GCC
17348 builtin and then its argument prototype would still apply. */
17349#ifdef __cplusplus
17350extern "C"
17351#endif
17352char des_cbc_encrypt ();
17353int
17354main ()
17355{
17356return des_cbc_encrypt ();
17357 ;
17358 return 0;
17359}
17360_ACEOF
17361if ac_fn_c_try_link "$LINENO"; then :
17362 ac_cv_lib_des_des_cbc_encrypt=yes
17363else
17364 ac_cv_lib_des_des_cbc_encrypt=no
17365fi
17366rm -f core conftest.err conftest.$ac_objext \
17367 conftest$ac_exeext conftest.$ac_ext
17368LIBS=$ac_check_lib_save_LIBS
17369fi
17370{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
17371$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
17372if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then :
17373 K5LIBS="$K5LIBS -ldes"
17374fi
17375
17376
17377else
17378 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17379$as_echo "no" >&6; }
17380 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
17381
17382fi
17383rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
17384 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
17385$as_echo_n "checking for library containing dn_expand... " >&6; }
17386if ${ac_cv_search_dn_expand+:} false; then :
17387 $as_echo_n "(cached) " >&6
17388else
17389 ac_func_search_save_LIBS=$LIBS
17390cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17391/* end confdefs.h. */
17392
17393/* Override any GCC internal prototype to avoid an error.
17394 Use char because int might match the return type of a GCC
17395 builtin and then its argument prototype would still apply. */
17396#ifdef __cplusplus
17397extern "C"
17398#endif
17399char dn_expand ();
17400int
17401main ()
17402{
17403return dn_expand ();
17404 ;
17405 return 0;
17406}
17407_ACEOF
17408for ac_lib in '' resolv; do
17409 if test -z "$ac_lib"; then
17410 ac_res="none required"
17411 else
17412 ac_res=-l$ac_lib
17413 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
17414 fi
17415 if ac_fn_c_try_link "$LINENO"; then :
17416 ac_cv_search_dn_expand=$ac_res
17417fi
17418rm -f core conftest.err conftest.$ac_objext \
17419 conftest$ac_exeext
17420 if ${ac_cv_search_dn_expand+:} false; then :
17421 break
17422fi
17423done
17424if ${ac_cv_search_dn_expand+:} false; then :
17425
17426else
17427 ac_cv_search_dn_expand=no
17428fi
17429rm conftest.$ac_ext
17430LIBS=$ac_func_search_save_LIBS
17431fi
17432{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
17433$as_echo "$ac_cv_search_dn_expand" >&6; }
17434ac_res=$ac_cv_search_dn_expand
17435if test "$ac_res" != no; then :
17436 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
17437
17438fi
17439
17440
17441 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5
17442$as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; }
17443if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then :
17444 $as_echo_n "(cached) " >&6
17445else
17446 ac_check_lib_save_LIBS=$LIBS
17447LIBS="-lgssapi_krb5 $LIBS"
17448cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17449/* end confdefs.h. */
17450
17451/* Override any GCC internal prototype to avoid an error.
17452 Use char because int might match the return type of a GCC
17453 builtin and then its argument prototype would still apply. */
17454#ifdef __cplusplus
17455extern "C"
17456#endif
17457char gss_init_sec_context ();
17458int
17459main ()
17460{
17461return gss_init_sec_context ();
17462 ;
17463 return 0;
17464}
17465_ACEOF
17466if ac_fn_c_try_link "$LINENO"; then :
17467 ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
17468else
17469 ac_cv_lib_gssapi_krb5_gss_init_sec_context=no
17470fi
17471rm -f core conftest.err conftest.$ac_objext \
17472 conftest$ac_exeext conftest.$ac_ext
17473LIBS=$ac_check_lib_save_LIBS
17474fi
17475{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
17476$as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; }
17477if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then :
17478 $as_echo "#define GSSAPI 1" >>confdefs.h
17479
17480 GSSLIBS="-lgssapi_krb5"
17481else
17482 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5
17483$as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; }
17484if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then :
17485 $as_echo_n "(cached) " >&6
17486else
17487 ac_check_lib_save_LIBS=$LIBS
17488LIBS="-lgssapi $LIBS"
17489cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17490/* end confdefs.h. */
17491
17492/* Override any GCC internal prototype to avoid an error.
17493 Use char because int might match the return type of a GCC
17494 builtin and then its argument prototype would still apply. */
17495#ifdef __cplusplus
17496extern "C"
17497#endif
17498char gss_init_sec_context ();
17499int
17500main ()
17501{
17502return gss_init_sec_context ();
17503 ;
17504 return 0;
17505}
17506_ACEOF
17507if ac_fn_c_try_link "$LINENO"; then :
17508 ac_cv_lib_gssapi_gss_init_sec_context=yes
17509else
17510 ac_cv_lib_gssapi_gss_init_sec_context=no
17511fi
17512rm -f core conftest.err conftest.$ac_objext \
17513 conftest$ac_exeext conftest.$ac_ext
17514LIBS=$ac_check_lib_save_LIBS
17515fi
17516{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
17517$as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; }
17518if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then :
17519 $as_echo "#define GSSAPI 1" >>confdefs.h
17520
17521 GSSLIBS="-lgssapi"
17522else
17523 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5
17524$as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; }
17525if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then :
17526 $as_echo_n "(cached) " >&6
17527else
17528 ac_check_lib_save_LIBS=$LIBS
17529LIBS="-lgss $LIBS"
17530cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17531/* end confdefs.h. */
17532
17533/* Override any GCC internal prototype to avoid an error.
17534 Use char because int might match the return type of a GCC
17535 builtin and then its argument prototype would still apply. */
17536#ifdef __cplusplus
17537extern "C"
17538#endif
17539char gss_init_sec_context ();
17540int
17541main ()
17542{
17543return gss_init_sec_context ();
17544 ;
17545 return 0;
17546}
17547_ACEOF
17548if ac_fn_c_try_link "$LINENO"; then :
17549 ac_cv_lib_gss_gss_init_sec_context=yes
17550else
17551 ac_cv_lib_gss_gss_init_sec_context=no
17552fi
17553rm -f core conftest.err conftest.$ac_objext \
17554 conftest$ac_exeext conftest.$ac_ext
17555LIBS=$ac_check_lib_save_LIBS
17556fi
17557{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5
17558$as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; }
17559if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then :
17560 $as_echo "#define GSSAPI 1" >>confdefs.h
17561
17562 GSSLIBS="-lgss"
17563else
17564 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
17565$as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;}
17566fi
17567
17568
17569fi
17570
17571
17572fi
17573
17574
17575 ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
17576if test "x$ac_cv_header_gssapi_h" = xyes; then :
17577
17578else
17579 unset ac_cv_header_gssapi_h
17580 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
17581 for ac_header in gssapi.h
17582do :
17583 ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
17584if test "x$ac_cv_header_gssapi_h" = xyes; then :
17585 cat >>confdefs.h <<_ACEOF
17586#define HAVE_GSSAPI_H 1
17587_ACEOF
17588
17589else
17590 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5
17591$as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;}
17592
17593fi
17594
17595done
17596
17597
17598
17599fi
17600
17601
17602
17603 oldCPP="$CPPFLAGS"
17604 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
17605 ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default"
17606if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then :
17607
17608else
17609 CPPFLAGS="$oldCPP"
17610fi
17611
17612
17613
17614 fi
17615 if test ! -z "$need_dash_r" ; then
17616 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
17617 fi
17618 if test ! -z "$blibpath" ; then
17619 blibpath="$blibpath:${KRB5ROOT}/lib"
17620 fi
17621
17622 for ac_header in gssapi.h gssapi/gssapi.h
17623do :
17624 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
17625ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
17626if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
17627 cat >>confdefs.h <<_ACEOF
17628#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
17629_ACEOF
17630
17631fi
17632
17633done
17634
17635 for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h
17636do :
17637 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
17638ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
17639if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
17640 cat >>confdefs.h <<_ACEOF
17641#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
17642_ACEOF
17643
17644fi
17645
17646done
17647
17648 for ac_header in gssapi_generic.h gssapi/gssapi_generic.h
17649do :
17650 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
17651ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
17652if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
17653 cat >>confdefs.h <<_ACEOF
17654#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
17655_ACEOF
17656
17657fi
17658
17659done
17660
17661
17662 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5
17663$as_echo_n "checking for library containing k_hasafs... " >&6; }
17664if ${ac_cv_search_k_hasafs+:} false; then :
17665 $as_echo_n "(cached) " >&6
17666else
17667 ac_func_search_save_LIBS=$LIBS
17668cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17669/* end confdefs.h. */
17670
17671/* Override any GCC internal prototype to avoid an error.
17672 Use char because int might match the return type of a GCC
17673 builtin and then its argument prototype would still apply. */
17674#ifdef __cplusplus
17675extern "C"
17676#endif
17677char k_hasafs ();
17678int
17679main ()
17680{
17681return k_hasafs ();
17682 ;
17683 return 0;
17684}
17685_ACEOF
17686for ac_lib in '' kafs; do
17687 if test -z "$ac_lib"; then
17688 ac_res="none required"
17689 else
17690 ac_res=-l$ac_lib
17691 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
17692 fi
17693 if ac_fn_c_try_link "$LINENO"; then :
17694 ac_cv_search_k_hasafs=$ac_res
17695fi
17696rm -f core conftest.err conftest.$ac_objext \
17697 conftest$ac_exeext
17698 if ${ac_cv_search_k_hasafs+:} false; then :
17699 break
17700fi
17701done
17702if ${ac_cv_search_k_hasafs+:} false; then :
17703
17704else
17705 ac_cv_search_k_hasafs=no
17706fi
17707rm conftest.$ac_ext
17708LIBS=$ac_func_search_save_LIBS
17709fi
17710{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5
17711$as_echo "$ac_cv_search_k_hasafs" >&6; }
17712ac_res=$ac_cv_search_k_hasafs
17713if test "$ac_res" != no; then :
17714 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
17715
17716$as_echo "#define USE_AFS 1" >>confdefs.h
17717
17718fi
17719
17720
17721 ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" "
17722#ifdef HAVE_GSSAPI_H
17723# include <gssapi.h>
17724#elif defined(HAVE_GSSAPI_GSSAPI_H)
17725# include <gssapi/gssapi.h>
17726#endif
17727
17728#ifdef HAVE_GSSAPI_GENERIC_H
17729# include <gssapi_generic.h>
17730#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
17731# include <gssapi/gssapi_generic.h>
17732#endif
17733
17734"
17735if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then :
17736 ac_have_decl=1
17737else
17738 ac_have_decl=0
17739fi
17740
17741cat >>confdefs.h <<_ACEOF
17742#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl
17743_ACEOF
17744
17745 saved_LIBS="$LIBS"
17746 LIBS="$LIBS $K5LIBS"
17747 for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message
17748do :
17749 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
17750ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
17751if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
17752 cat >>confdefs.h <<_ACEOF
17753#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
17754_ACEOF
17755
17756fi
17757done
17758
17759 LIBS="$saved_LIBS"
17760
17761 fi
17762
17763
17764fi
17765
17766
17767
17768
17769# Looking for programs, paths and files
17770
17771PRIVSEP_PATH=/var/empty
17772
17773# Check whether --with-privsep-path was given.
17774if test "${with_privsep_path+set}" = set; then :
17775 withval=$with_privsep_path;
17776 if test -n "$withval" && test "x$withval" != "xno" && \
17777 test "x${withval}" != "xyes"; then
17778 PRIVSEP_PATH=$withval
17779 fi
17780
17781
17782fi
17783
17784
17785
17786
17787# Check whether --with-xauth was given.
17788if test "${with_xauth+set}" = set; then :
17789 withval=$with_xauth;
17790 if test -n "$withval" && test "x$withval" != "xno" && \
17791 test "x${withval}" != "xyes"; then
17792 xauth_path=$withval
17793 fi
17794
17795else
17796
17797 TestPath="$PATH"
17798 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
17799 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
17800 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
17801 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
17802 # Extract the first word of "xauth", so it can be a program name with args.
17803set dummy xauth; ac_word=$2
17804{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17805$as_echo_n "checking for $ac_word... " >&6; }
17806if ${ac_cv_path_xauth_path+:} false; then :
17807 $as_echo_n "(cached) " >&6
17808else
17809 case $xauth_path in
17810 [\\/]* | ?:[\\/]*)
17811 ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path.
17812 ;;
17813 *)
17814 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17815for as_dir in $TestPath
17816do
17817 IFS=$as_save_IFS
17818 test -z "$as_dir" && as_dir=.
17819 for ac_exec_ext in '' $ac_executable_extensions; do
17820 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
17821 ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext"
17822 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17823 break 2
17824 fi
17825done
17826 done
17827IFS=$as_save_IFS
17828
17829 ;;
17830esac
17831fi
17832xauth_path=$ac_cv_path_xauth_path
17833if test -n "$xauth_path"; then
17834 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5
17835$as_echo "$xauth_path" >&6; }
17836else
17837 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17838$as_echo "no" >&6; }
17839fi
17840
17841
17842 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
17843 xauth_path="/usr/openwin/bin/xauth"
17844 fi
17845
17846
17847fi
17848
17849
17850STRIP_OPT=-s
17851# Check whether --enable-strip was given.
17852if test "${enable_strip+set}" = set; then :
17853 enableval=$enable_strip;
17854 if test "x$enableval" = "xno" ; then
17855 STRIP_OPT=
17856 fi
17857
17858
17859fi
17860
17861
17862
17863if test -z "$xauth_path" ; then
17864 XAUTH_PATH="undefined"
17865
17866else
17867
17868cat >>confdefs.h <<_ACEOF
17869#define XAUTH_PATH "$xauth_path"
17870_ACEOF
17871
17872 XAUTH_PATH=$xauth_path
17873
17874fi
17875
17876# Check for mail directory
17877
17878# Check whether --with-maildir was given.
17879if test "${with_maildir+set}" = set; then :
17880 withval=$with_maildir;
17881 if test "X$withval" != X && test "x$withval" != xno && \
17882 test "x${withval}" != xyes; then
17883
17884cat >>confdefs.h <<_ACEOF
17885#define MAIL_DIRECTORY "$withval"
17886_ACEOF
17887
17888 fi
17889
17890else
17891
17892 if test "X$maildir" != "X"; then
17893 cat >>confdefs.h <<_ACEOF
17894#define MAIL_DIRECTORY "$maildir"
17895_ACEOF
17896
17897 else
17898 { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5
17899$as_echo_n "checking Discovering system mail directory... " >&6; }
17900 if test "$cross_compiling" = yes; then :
17901
17902 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5
17903$as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;}
17904
17905
17906else
17907 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17908/* end confdefs.h. */
17909
17910#include <stdio.h>
17911#include <string.h>
17912#ifdef HAVE_PATHS_H
17913#include <paths.h>
17914#endif
17915#ifdef HAVE_MAILLOCK_H
17916#include <maillock.h>
17917#endif
17918#define DATA "conftest.maildir"
17919
17920int
17921main ()
17922{
17923
17924 FILE *fd;
17925 int rc;
17926
17927 fd = fopen(DATA,"w");
17928 if(fd == NULL)
17929 exit(1);
17930
17931#if defined (_PATH_MAILDIR)
17932 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
17933 exit(1);
17934#elif defined (MAILDIR)
17935 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
17936 exit(1);
17937#elif defined (_PATH_MAIL)
17938 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
17939 exit(1);
17940#else
17941 exit (2);
17942#endif
17943
17944 exit(0);
17945
17946 ;
17947 return 0;
17948}
17949_ACEOF
17950if ac_fn_c_try_run "$LINENO"; then :
17951
17952 maildir_what=`awk -F: '{print $1}' conftest.maildir`
17953 maildir=`awk -F: '{print $2}' conftest.maildir \
17954 | sed 's|/$||'`
17955 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5
17956$as_echo "Using: $maildir from $maildir_what" >&6; }
17957 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
17958 cat >>confdefs.h <<_ACEOF
17959#define MAIL_DIRECTORY "$maildir"
17960_ACEOF
17961
17962 fi
17963
17964else
17965
17966 if test "X$ac_status" = "X2";then
17967# our test program didn't find it. Default to /var/spool/mail
17968 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5
17969$as_echo "Using: default value of /var/spool/mail" >&6; }
17970 cat >>confdefs.h <<_ACEOF
17971#define MAIL_DIRECTORY "/var/spool/mail"
17972_ACEOF
17973
17974 else
17975 { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5
17976$as_echo "*** not found ***" >&6; }
17977 fi
17978
17979fi
17980rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
17981 conftest.$ac_objext conftest.beam conftest.$ac_ext
17982fi
17983
17984 fi
17985
17986
17987fi
17988 # maildir
17989
17990if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
17991 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5
17992$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;}
17993 disable_ptmx_check=yes
17994fi
17995if test -z "$no_dev_ptmx" ; then
17996 if test "x$disable_ptmx_check" != "xyes" ; then
17997 as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh`
17998{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5
17999$as_echo_n "checking for \"/dev/ptmx\"... " >&6; }
18000if eval \${$as_ac_File+:} false; then :
18001 $as_echo_n "(cached) " >&6
18002else
18003 test "$cross_compiling" = yes &&
18004 as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
18005if test -r ""/dev/ptmx""; then
18006 eval "$as_ac_File=yes"
18007else
18008 eval "$as_ac_File=no"
18009fi
18010fi
18011eval ac_res=\$$as_ac_File
18012 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
18013$as_echo "$ac_res" >&6; }
18014if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
18015
18016
18017cat >>confdefs.h <<_ACEOF
18018#define HAVE_DEV_PTMX 1
18019_ACEOF
18020
18021 have_dev_ptmx=1
18022
18023
18024fi
18025
18026 fi
18027fi
18028
18029if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
18030 as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh`
18031{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5
18032$as_echo_n "checking for \"/dev/ptc\"... " >&6; }
18033if eval \${$as_ac_File+:} false; then :
18034 $as_echo_n "(cached) " >&6
18035else
18036 test "$cross_compiling" = yes &&
18037 as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
18038if test -r ""/dev/ptc""; then
18039 eval "$as_ac_File=yes"
18040else
18041 eval "$as_ac_File=no"
18042fi
18043fi
18044eval ac_res=\$$as_ac_File
18045 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
18046$as_echo "$ac_res" >&6; }
18047if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
18048
18049
18050cat >>confdefs.h <<_ACEOF
18051#define HAVE_DEV_PTS_AND_PTC 1
18052_ACEOF
18053
18054 have_dev_ptc=1
18055
18056
18057fi
18058
18059else
18060 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5
18061$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;}
18062fi
18063
18064# Options from here on. Some of these are preset by platform above
18065
18066# Check whether --with-mantype was given.
18067if test "${with_mantype+set}" = set; then :
18068 withval=$with_mantype;
18069 case "$withval" in
18070 man|cat|doc)
18071 MANTYPE=$withval
18072 ;;
18073 *)
18074 as_fn_error $? "invalid man type: $withval" "$LINENO" 5
18075 ;;
18076 esac
18077
18078
18079fi
18080
18081if test -z "$MANTYPE"; then
18082 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
18083 for ac_prog in nroff awf
18084do
18085 # Extract the first word of "$ac_prog", so it can be a program name with args.
18086set dummy $ac_prog; ac_word=$2
18087{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
18088$as_echo_n "checking for $ac_word... " >&6; }
18089if ${ac_cv_path_NROFF+:} false; then :
18090 $as_echo_n "(cached) " >&6
18091else
18092 case $NROFF in
18093 [\\/]* | ?:[\\/]*)
18094 ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
18095 ;;
18096 *)
18097 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
18098for as_dir in $TestPath
18099do
18100 IFS=$as_save_IFS
18101 test -z "$as_dir" && as_dir=.
18102 for ac_exec_ext in '' $ac_executable_extensions; do
18103 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
18104 ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
18105 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
18106 break 2
18107 fi
18108done
18109 done
18110IFS=$as_save_IFS
18111
18112 ;;
18113esac
18114fi
18115NROFF=$ac_cv_path_NROFF
18116if test -n "$NROFF"; then
18117 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
18118$as_echo "$NROFF" >&6; }
18119else
18120 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18121$as_echo "no" >&6; }
18122fi
18123
18124
18125 test -n "$NROFF" && break
18126done
18127test -n "$NROFF" || NROFF="/bin/false"
18128
18129 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
18130 MANTYPE=doc
18131 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
18132 MANTYPE=man
18133 else
18134 MANTYPE=cat
18135 fi
18136fi
18137
18138if test "$MANTYPE" = "doc"; then
18139 mansubdir=man;
18140else
18141 mansubdir=$MANTYPE;
18142fi
18143
18144
18145# Check whether to enable MD5 passwords
18146MD5_MSG="no"
18147
18148# Check whether --with-md5-passwords was given.
18149if test "${with_md5_passwords+set}" = set; then :
18150 withval=$with_md5_passwords;
18151 if test "x$withval" != "xno" ; then
18152
18153$as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h
18154
18155 MD5_MSG="yes"
18156 fi
18157
18158
18159fi
18160
18161
18162# Whether to disable shadow password support
18163
18164# Check whether --with-shadow was given.
18165if test "${with_shadow+set}" = set; then :
18166 withval=$with_shadow;
18167 if test "x$withval" = "xno" ; then
18168 $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
18169
18170 disable_shadow=yes
18171 fi
18172
18173
18174fi
18175
18176
18177if test -z "$disable_shadow" ; then
18178 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5
18179$as_echo_n "checking if the systems has expire shadow information... " >&6; }
18180 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18181/* end confdefs.h. */
18182
18183#include <sys/types.h>
18184#include <shadow.h>
18185struct spwd sp;
18186
18187int
18188main ()
18189{
18190 sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0;
18191 ;
18192 return 0;
18193}
18194_ACEOF
18195if ac_fn_c_try_compile "$LINENO"; then :
18196 sp_expire_available=yes
18197fi
18198rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18199
18200 if test "x$sp_expire_available" = "xyes" ; then
18201 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18202$as_echo "yes" >&6; }
18203
18204$as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h
18205
18206 else
18207 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18208$as_echo "no" >&6; }
18209 fi
18210fi
18211
18212# Use ip address instead of hostname in $DISPLAY
18213if test ! -z "$IPADDR_IN_DISPLAY" ; then
18214 DISPLAY_HACK_MSG="yes"
18215
18216$as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
18217
18218else
18219 DISPLAY_HACK_MSG="no"
18220
18221# Check whether --with-ipaddr-display was given.
18222if test "${with_ipaddr_display+set}" = set; then :
18223 withval=$with_ipaddr_display;
18224 if test "x$withval" != "xno" ; then
18225 $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
18226
18227 DISPLAY_HACK_MSG="yes"
18228 fi
18229
18230
18231fi
18232
18233fi
18234
18235# check for /etc/default/login and use it if present.
18236# Check whether --enable-etc-default-login was given.
18237if test "${enable_etc_default_login+set}" = set; then :
18238 enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then
18239 { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5
18240$as_echo "$as_me: /etc/default/login handling disabled" >&6;}
18241 etc_default_login=no
18242 else
18243 etc_default_login=yes
18244 fi
18245else
18246 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
18247 then
18248 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5
18249$as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;}
18250 etc_default_login=no
18251 else
18252 etc_default_login=yes
18253 fi
18254
18255fi
18256
18257
18258if test "x$etc_default_login" != "xno"; then
18259 as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh`
18260{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5
18261$as_echo_n "checking for \"/etc/default/login\"... " >&6; }
18262if eval \${$as_ac_File+:} false; then :
18263 $as_echo_n "(cached) " >&6
18264else
18265 test "$cross_compiling" = yes &&
18266 as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
18267if test -r ""/etc/default/login""; then
18268 eval "$as_ac_File=yes"
18269else
18270 eval "$as_ac_File=no"
18271fi
18272fi
18273eval ac_res=\$$as_ac_File
18274 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
18275$as_echo "$ac_res" >&6; }
18276if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
18277 external_path_file=/etc/default/login
18278fi
18279
18280 if test "x$external_path_file" = "x/etc/default/login"; then
18281
18282$as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h
18283
18284 fi
18285fi
18286
18287if test $ac_cv_func_login_getcapbool = "yes" && \
18288 test $ac_cv_header_login_cap_h = "yes" ; then
18289 external_path_file=/etc/login.conf
18290fi
18291
18292# Whether to mess with the default path
18293SERVER_PATH_MSG="(default)"
18294
18295# Check whether --with-default-path was given.
18296if test "${with_default_path+set}" = set; then :
18297 withval=$with_default_path;
18298 if test "x$external_path_file" = "x/etc/login.conf" ; then
18299 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
18300--with-default-path=PATH has no effect on this system.
18301Edit /etc/login.conf instead." >&5
18302$as_echo "$as_me: WARNING:
18303--with-default-path=PATH has no effect on this system.
18304Edit /etc/login.conf instead." >&2;}
18305 elif test "x$withval" != "xno" ; then
18306 if test ! -z "$external_path_file" ; then
18307 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
18308--with-default-path=PATH will only be used if PATH is not defined in
18309$external_path_file ." >&5
18310$as_echo "$as_me: WARNING:
18311--with-default-path=PATH will only be used if PATH is not defined in
18312$external_path_file ." >&2;}
18313 fi
18314 user_path="$withval"
18315 SERVER_PATH_MSG="$withval"
18316 fi
18317
18318else
18319 if test "x$external_path_file" = "x/etc/login.conf" ; then
18320 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
18321$as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;}
18322 else
18323 if test ! -z "$external_path_file" ; then
18324 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
18325If PATH is defined in $external_path_file, ensure the path to scp is included,
18326otherwise scp will not work." >&5
18327$as_echo "$as_me: WARNING:
18328If PATH is defined in $external_path_file, ensure the path to scp is included,
18329otherwise scp will not work." >&2;}
18330 fi
18331 if test "$cross_compiling" = yes; then :
18332 user_path="/usr/bin:/bin:/usr/sbin:/sbin"
18333
18334else
18335 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18336/* end confdefs.h. */
18337
18338/* find out what STDPATH is */
18339#include <stdio.h>
18340#ifdef HAVE_PATHS_H
18341# include <paths.h>
18342#endif
18343#ifndef _PATH_STDPATH
18344# ifdef _PATH_USERPATH /* Irix */
18345# define _PATH_STDPATH _PATH_USERPATH
18346# else
18347# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
18348# endif
18349#endif
18350#include <sys/types.h>
18351#include <sys/stat.h>
18352#include <fcntl.h>
18353#define DATA "conftest.stdpath"
18354
18355int
18356main ()
18357{
18358
18359 FILE *fd;
18360 int rc;
18361
18362 fd = fopen(DATA,"w");
18363 if(fd == NULL)
18364 exit(1);
18365
18366 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
18367 exit(1);
18368
18369 exit(0);
18370
18371 ;
18372 return 0;
18373}
18374_ACEOF
18375if ac_fn_c_try_run "$LINENO"; then :
18376 user_path=`cat conftest.stdpath`
18377else
18378 user_path="/usr/bin:/bin:/usr/sbin:/sbin"
18379fi
18380rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
18381 conftest.$ac_objext conftest.beam conftest.$ac_ext
18382fi
18383
18384# make sure $bindir is in USER_PATH so scp will work
18385 t_bindir="${bindir}"
18386 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
18387 t_bindir=`eval echo ${t_bindir}`
18388 case $t_bindir in
18389 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
18390 esac
18391 case $t_bindir in
18392 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
18393 esac
18394 done
18395 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
18396 if test $? -ne 0 ; then
18397 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
18398 if test $? -ne 0 ; then
18399 user_path=$user_path:$t_bindir
18400 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5
18401$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; }
18402 fi
18403 fi
18404 fi
18405
18406fi
18407
18408if test "x$external_path_file" != "x/etc/login.conf" ; then
18409
18410cat >>confdefs.h <<_ACEOF
18411#define USER_PATH "$user_path"
18412_ACEOF
18413
18414
18415fi
18416
18417# Set superuser path separately to user path
18418
18419# Check whether --with-superuser-path was given.
18420if test "${with_superuser_path+set}" = set; then :
18421 withval=$with_superuser_path;
18422 if test -n "$withval" && test "x$withval" != "xno" && \
18423 test "x${withval}" != "xyes"; then
18424
18425cat >>confdefs.h <<_ACEOF
18426#define SUPERUSER_PATH "$withval"
18427_ACEOF
18428
18429 superuser_path=$withval
18430 fi
18431
18432
18433fi
18434
18435
18436
18437{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
18438$as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; }
18439IPV4_IN6_HACK_MSG="no"
18440
18441# Check whether --with-4in6 was given.
18442if test "${with_4in6+set}" = set; then :
18443 withval=$with_4in6;
18444 if test "x$withval" != "xno" ; then
18445 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18446$as_echo "yes" >&6; }
18447
18448$as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
18449
18450 IPV4_IN6_HACK_MSG="yes"
18451 else
18452 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18453$as_echo "no" >&6; }
18454 fi
18455
18456else
18457
18458 if test "x$inet6_default_4in6" = "xyes"; then
18459 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5
18460$as_echo "yes (default)" >&6; }
18461 $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
18462
18463 IPV4_IN6_HACK_MSG="yes"
18464 else
18465 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5
18466$as_echo "no (default)" >&6; }
18467 fi
18468
18469
18470fi
18471
18472
18473# Whether to enable BSD auth support
18474BSD_AUTH_MSG=no
18475
18476# Check whether --with-bsd-auth was given.
18477if test "${with_bsd_auth+set}" = set; then :
18478 withval=$with_bsd_auth;
18479 if test "x$withval" != "xno" ; then
18480
18481$as_echo "#define BSD_AUTH 1" >>confdefs.h
18482
18483 BSD_AUTH_MSG=yes
18484 fi
18485
18486
18487fi
18488
18489
18490# Where to place sshd.pid
18491piddir=/var/run
18492# make sure the directory exists
18493if test ! -d $piddir ; then
18494 piddir=`eval echo ${sysconfdir}`
18495 case $piddir in
18496 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
18497 esac
18498fi
18499
18500
18501# Check whether --with-pid-dir was given.
18502if test "${with_pid_dir+set}" = set; then :
18503 withval=$with_pid_dir;
18504 if test -n "$withval" && test "x$withval" != "xno" && \
18505 test "x${withval}" != "xyes"; then
18506 piddir=$withval
18507 if test ! -d $piddir ; then
18508 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5
18509$as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
18510 fi
18511 fi
18512
18513
18514fi
18515
18516
18517
18518cat >>confdefs.h <<_ACEOF
18519#define _PATH_SSH_PIDDIR "$piddir"
18520_ACEOF
18521
18522
18523
18524# Check whether --enable-lastlog was given.
18525if test "${enable_lastlog+set}" = set; then :
18526 enableval=$enable_lastlog;
18527 if test "x$enableval" = "xno" ; then
18528 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
18529
18530 fi
18531
18532
18533fi
18534
18535# Check whether --enable-utmp was given.
18536if test "${enable_utmp+set}" = set; then :
18537 enableval=$enable_utmp;
18538 if test "x$enableval" = "xno" ; then
18539 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
18540
18541 fi
18542
18543
18544fi
18545
18546# Check whether --enable-utmpx was given.
18547if test "${enable_utmpx+set}" = set; then :
18548 enableval=$enable_utmpx;
18549 if test "x$enableval" = "xno" ; then
18550
18551$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h
18552
18553 fi
18554
18555
18556fi
18557
18558# Check whether --enable-wtmp was given.
18559if test "${enable_wtmp+set}" = set; then :
18560 enableval=$enable_wtmp;
18561 if test "x$enableval" = "xno" ; then
18562 $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
18563
18564 fi
18565
18566
18567fi
18568
18569# Check whether --enable-wtmpx was given.
18570if test "${enable_wtmpx+set}" = set; then :
18571 enableval=$enable_wtmpx;
18572 if test "x$enableval" = "xno" ; then
18573
18574$as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
18575
18576 fi
18577
18578
18579fi
18580
18581# Check whether --enable-libutil was given.
18582if test "${enable_libutil+set}" = set; then :
18583 enableval=$enable_libutil;
18584 if test "x$enableval" = "xno" ; then
18585 $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
18586
18587 fi
18588
18589
18590fi
18591
18592# Check whether --enable-pututline was given.
18593if test "${enable_pututline+set}" = set; then :
18594 enableval=$enable_pututline;
18595 if test "x$enableval" = "xno" ; then
18596
18597$as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h
18598
18599 fi
18600
18601
18602fi
18603
18604# Check whether --enable-pututxline was given.
18605if test "${enable_pututxline+set}" = set; then :
18606 enableval=$enable_pututxline;
18607 if test "x$enableval" = "xno" ; then
18608
18609$as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h
18610
18611 fi
18612
18613
18614fi
18615
18616
18617# Check whether --with-lastlog was given.
18618if test "${with_lastlog+set}" = set; then :
18619 withval=$with_lastlog;
18620 if test "x$withval" = "xno" ; then
18621 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
18622
18623 elif test -n "$withval" && test "x${withval}" != "xyes"; then
18624 conf_lastlog_location=$withval
18625 fi
18626
18627
18628fi
18629
18630
18631
18632{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5
18633$as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; }
18634cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18635/* end confdefs.h. */
18636
18637#include <sys/types.h>
18638#include <utmp.h>
18639#ifdef HAVE_LASTLOG_H
18640# include <lastlog.h>
18641#endif
18642#ifdef HAVE_PATHS_H
18643# include <paths.h>
18644#endif
18645#ifdef HAVE_LOGIN_H
18646# include <login.h>
18647#endif
18648
18649int
18650main ()
18651{
18652 char *lastlog = LASTLOG_FILE;
18653 ;
18654 return 0;
18655}
18656_ACEOF
18657if ac_fn_c_try_compile "$LINENO"; then :
18658 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18659$as_echo "yes" >&6; }
18660else
18661
18662 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18663$as_echo "no" >&6; }
18664 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5
18665$as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; }
18666 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18667/* end confdefs.h. */
18668
18669#include <sys/types.h>
18670#include <utmp.h>
18671#ifdef HAVE_LASTLOG_H
18672# include <lastlog.h>
18673#endif
18674#ifdef HAVE_PATHS_H
18675# include <paths.h>
18676#endif
18677
18678int
18679main ()
18680{
18681 char *lastlog = _PATH_LASTLOG;
18682 ;
18683 return 0;
18684}
18685_ACEOF
18686if ac_fn_c_try_compile "$LINENO"; then :
18687 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18688$as_echo "yes" >&6; }
18689else
18690
18691 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18692$as_echo "no" >&6; }
18693 system_lastlog_path=no
18694
18695fi
18696rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18697
18698fi
18699rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18700
18701if test -z "$conf_lastlog_location"; then
18702 if test x"$system_lastlog_path" = x"no" ; then
18703 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
18704 if (test -d "$f" || test -f "$f") ; then
18705 conf_lastlog_location=$f
18706 fi
18707 done
18708 if test -z "$conf_lastlog_location"; then
18709 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5
18710$as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
18711 fi
18712 fi
18713fi
18714
18715if test -n "$conf_lastlog_location"; then
18716
18717cat >>confdefs.h <<_ACEOF
18718#define CONF_LASTLOG_FILE "$conf_lastlog_location"
18719_ACEOF
18720
18721fi
18722
18723{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5
18724$as_echo_n "checking if your system defines UTMP_FILE... " >&6; }
18725cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18726/* end confdefs.h. */
18727
18728#include <sys/types.h>
18729#include <utmp.h>
18730#ifdef HAVE_PATHS_H
18731# include <paths.h>
18732#endif
18733
18734int
18735main ()
18736{
18737 char *utmp = UTMP_FILE;
18738 ;
18739 return 0;
18740}
18741_ACEOF
18742if ac_fn_c_try_compile "$LINENO"; then :
18743 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18744$as_echo "yes" >&6; }
18745else
18746 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18747$as_echo "no" >&6; }
18748 system_utmp_path=no
18749
18750fi
18751rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18752if test -z "$conf_utmp_location"; then
18753 if test x"$system_utmp_path" = x"no" ; then
18754 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
18755 if test -f $f ; then
18756 conf_utmp_location=$f
18757 fi
18758 done
18759 if test -z "$conf_utmp_location"; then
18760 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
18761
18762 fi
18763 fi
18764fi
18765if test -n "$conf_utmp_location"; then
18766
18767cat >>confdefs.h <<_ACEOF
18768#define CONF_UTMP_FILE "$conf_utmp_location"
18769_ACEOF
18770
18771fi
18772
18773{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5
18774$as_echo_n "checking if your system defines WTMP_FILE... " >&6; }
18775cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18776/* end confdefs.h. */
18777
18778#include <sys/types.h>
18779#include <utmp.h>
18780#ifdef HAVE_PATHS_H
18781# include <paths.h>
18782#endif
18783
18784int
18785main ()
18786{
18787 char *wtmp = WTMP_FILE;
18788 ;
18789 return 0;
18790}
18791_ACEOF
18792if ac_fn_c_try_compile "$LINENO"; then :
18793 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18794$as_echo "yes" >&6; }
18795else
18796 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18797$as_echo "no" >&6; }
18798 system_wtmp_path=no
18799
18800fi
18801rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18802if test -z "$conf_wtmp_location"; then
18803 if test x"$system_wtmp_path" = x"no" ; then
18804 for f in /usr/adm/wtmp /var/log/wtmp; do
18805 if test -f $f ; then
18806 conf_wtmp_location=$f
18807 fi
18808 done
18809 if test -z "$conf_wtmp_location"; then
18810 $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
18811
18812 fi
18813 fi
18814fi
18815if test -n "$conf_wtmp_location"; then
18816
18817cat >>confdefs.h <<_ACEOF
18818#define CONF_WTMP_FILE "$conf_wtmp_location"
18819_ACEOF
18820
18821fi
18822
18823{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5
18824$as_echo_n "checking if your system defines WTMPX_FILE... " >&6; }
18825cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18826/* end confdefs.h. */
18827
18828#include <sys/types.h>
18829#include <utmp.h>
18830#ifdef HAVE_UTMPX_H
18831#include <utmpx.h>
18832#endif
18833#ifdef HAVE_PATHS_H
18834# include <paths.h>
18835#endif
18836
18837int
18838main ()
18839{
18840 char *wtmpx = WTMPX_FILE;
18841 ;
18842 return 0;
18843}
18844_ACEOF
18845if ac_fn_c_try_compile "$LINENO"; then :
18846 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18847$as_echo "yes" >&6; }
18848else
18849 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18850$as_echo "no" >&6; }
18851 system_wtmpx_path=no
18852
18853fi
18854rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18855if test -z "$conf_wtmpx_location"; then
18856 if test x"$system_wtmpx_path" = x"no" ; then
18857 $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
18858
18859 fi
18860else
18861
18862cat >>confdefs.h <<_ACEOF
18863#define CONF_WTMPX_FILE "$conf_wtmpx_location"
18864_ACEOF
18865
18866fi
18867
18868
18869if test ! -z "$blibpath" ; then
18870 LDFLAGS="$LDFLAGS $blibflags$blibpath"
18871 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5
18872$as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;}
18873fi
18874
18875ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" "
18876#ifdef HAVE_SYS_TYPES_H
18877#include <sys/types.h>
18878#endif
18879#ifdef HAVE_UTMP_H
18880#include <utmp.h>
18881#endif
18882#ifdef HAVE_UTMPX_H
18883#include <utmpx.h>
18884#endif
18885#ifdef HAVE_LASTLOG_H
18886#include <lastlog.h>
18887#endif
18888
18889"
18890if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then :
18891
18892else
18893
18894 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
18895 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
18896
18897 fi
18898
18899fi
18900
18901
18902ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" "
18903#ifdef HAVE_SYS_TYPES_H
18904#include <sys/types.h>
18905#endif
18906#ifdef HAVE_UTMP_H
18907#include <utmp.h>
18908#endif
18909#ifdef HAVE_UTMPX_H
18910#include <utmpx.h>
18911#endif
18912#ifdef HAVE_LASTLOG_H
18913#include <lastlog.h>
18914#endif
18915
18916"
18917if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then :
18918
18919else
18920
18921 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
18922
18923 $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
18924
18925
18926fi
18927
18928
18929CFLAGS="$CFLAGS $werror_flags"
18930
18931if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
18932 TEST_SSH_IPV6=no
18933else
18934 TEST_SSH_IPV6=yes
18935fi
18936ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default"
18937if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then :
18938 TEST_SSH_IPV6=no
18939fi
18940
18941TEST_SSH_IPV6=$TEST_SSH_IPV6
18942
18943TEST_SSH_UTF8=$TEST_SSH_UTF8
18944
18945TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS
18946
18947UNSUPPORTED_ALGORITHMS=$unsupported_algorithms
18948
18949
18950
18951ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh"
18952
18953cat >confcache <<\_ACEOF
18954# This file is a shell script that caches the results of configure
18955# tests run on this system so they can be shared between configure
18956# scripts and configure runs, see configure's option --config-cache.
18957# It is not useful on other systems. If it contains results you don't
18958# want to keep, you may remove or edit it.
18959#
18960# config.status only pays attention to the cache file if you give it
18961# the --recheck option to rerun configure.
18962#
18963# `ac_cv_env_foo' variables (set or unset) will be overridden when
18964# loading this file, other *unset* `ac_cv_foo' will be assigned the
18965# following values.
18966
18967_ACEOF
18968
18969# The following way of writing the cache mishandles newlines in values,
18970# but we know of no workaround that is simple, portable, and efficient.
18971# So, we kill variables containing newlines.
18972# Ultrix sh set writes to stderr and can't be redirected directly,
18973# and sets the high bit in the cache file unless we assign to the vars.
18974(
18975 for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
18976 eval ac_val=\$$ac_var
18977 case $ac_val in #(
18978 *${as_nl}*)
18979 case $ac_var in #(
18980 *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
18981$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
18982 esac
18983 case $ac_var in #(
18984 _ | IFS | as_nl) ;; #(
18985 BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
18986 *) { eval $ac_var=; unset $ac_var;} ;;
18987 esac ;;
18988 esac
18989 done
18990
18991 (set) 2>&1 |
18992 case $as_nl`(ac_space=' '; set) 2>&1` in #(
18993 *${as_nl}ac_space=\ *)
18994 # `set' does not quote correctly, so add quotes: double-quote
18995 # substitution turns \\\\ into \\, and sed turns \\ into \.
18996 sed -n \
18997 "s/'/'\\\\''/g;
18998 s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
18999 ;; #(
19000 *)
19001 # `set' quotes correctly as required by POSIX, so do not add quotes.
19002 sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
19003 ;;
19004 esac |
19005 sort
19006) |
19007 sed '
19008 /^ac_cv_env_/b end
19009 t clear
19010 :clear
19011 s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
19012 t end
19013 s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
19014 :end' >>confcache
19015if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
19016 if test -w "$cache_file"; then
19017 if test "x$cache_file" != "x/dev/null"; then
19018 { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
19019$as_echo "$as_me: updating cache $cache_file" >&6;}
19020 if test ! -f "$cache_file" || test -h "$cache_file"; then
19021 cat confcache >"$cache_file"
19022 else
19023 case $cache_file in #(
19024 */* | ?:*)
19025 mv -f confcache "$cache_file"$$ &&
19026 mv -f "$cache_file"$$ "$cache_file" ;; #(
19027 *)
19028 mv -f confcache "$cache_file" ;;
19029 esac
19030 fi
19031 fi
19032 else
19033 { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
19034$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
19035 fi
19036fi
19037rm -f confcache
19038
19039test "x$prefix" = xNONE && prefix=$ac_default_prefix
19040# Let make expand exec_prefix.
19041test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
19042
19043DEFS=-DHAVE_CONFIG_H
19044
19045ac_libobjs=
19046ac_ltlibobjs=
19047U=
19048for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
19049 # 1. Remove the extension, and $U if already installed.
19050 ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
19051 ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
19052 # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
19053 # will be set to the directory where LIBOBJS objects are built.
19054 as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
19055 as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
19056done
19057LIBOBJS=$ac_libobjs
19058
19059LTLIBOBJS=$ac_ltlibobjs
19060
19061
19062
19063
19064: "${CONFIG_STATUS=./config.status}"
19065ac_write_fail=0
19066ac_clean_files_save=$ac_clean_files
19067ac_clean_files="$ac_clean_files $CONFIG_STATUS"
19068{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
19069$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
19070as_write_fail=0
19071cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
19072#! $SHELL
19073# Generated by $as_me.
19074# Run this file to recreate the current configuration.
19075# Compiler output produced by configure, useful for debugging
19076# configure, is in config.log if it exists.
19077
19078debug=false
19079ac_cs_recheck=false
19080ac_cs_silent=false
19081
19082SHELL=\${CONFIG_SHELL-$SHELL}
19083export SHELL
19084_ASEOF
19085cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
19086## -------------------- ##
19087## M4sh Initialization. ##
19088## -------------------- ##
19089
19090# Be more Bourne compatible
19091DUALCASE=1; export DUALCASE # for MKS sh
19092if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
19093 emulate sh
19094 NULLCMD=:
19095 # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
19096 # is contrary to our usage. Disable this feature.
19097 alias -g '${1+"$@"}'='"$@"'
19098 setopt NO_GLOB_SUBST
19099else
19100 case `(set -o) 2>/dev/null` in #(
19101 *posix*) :
19102 set -o posix ;; #(
19103 *) :
19104 ;;
19105esac
19106fi
19107
19108
19109as_nl='
19110'
19111export as_nl
19112# Printing a long string crashes Solaris 7 /usr/bin/printf.
19113as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
19114as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
19115as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
19116# Prefer a ksh shell builtin over an external printf program on Solaris,
19117# but without wasting forks for bash or zsh.
19118if test -z "$BASH_VERSION$ZSH_VERSION" \
19119 && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
19120 as_echo='print -r --'
19121 as_echo_n='print -rn --'
19122elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
19123 as_echo='printf %s\n'
19124 as_echo_n='printf %s'
19125else
19126 if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
19127 as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
19128 as_echo_n='/usr/ucb/echo -n'
19129 else
19130 as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
19131 as_echo_n_body='eval
19132 arg=$1;
19133 case $arg in #(
19134 *"$as_nl"*)
19135 expr "X$arg" : "X\\(.*\\)$as_nl";
19136 arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
19137 esac;
19138 expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
19139 '
19140 export as_echo_n_body
19141 as_echo_n='sh -c $as_echo_n_body as_echo'
19142 fi
19143 export as_echo_body
19144 as_echo='sh -c $as_echo_body as_echo'
19145fi
19146
19147# The user is always right.
19148if test "${PATH_SEPARATOR+set}" != set; then
19149 PATH_SEPARATOR=:
19150 (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
19151 (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
19152 PATH_SEPARATOR=';'
19153 }
19154fi
19155
19156
19157# IFS
19158# We need space, tab and new line, in precisely that order. Quoting is
19159# there to prevent editors from complaining about space-tab.
19160# (If _AS_PATH_WALK were called with IFS unset, it would disable word
19161# splitting by setting IFS to empty value.)
19162IFS=" "" $as_nl"
19163
19164# Find who we are. Look in the path if we contain no directory separator.
19165as_myself=
19166case $0 in #((
19167 *[\\/]* ) as_myself=$0 ;;
19168 *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
19169for as_dir in $PATH
19170do
19171 IFS=$as_save_IFS
19172 test -z "$as_dir" && as_dir=.
19173 test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
19174 done
19175IFS=$as_save_IFS
19176
19177 ;;
19178esac
19179# We did not find ourselves, most probably we were run as `sh COMMAND'
19180# in which case we are not to be found in the path.
19181if test "x$as_myself" = x; then
19182 as_myself=$0
19183fi
19184if test ! -f "$as_myself"; then
19185 $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
19186 exit 1
19187fi
19188
19189# Unset variables that we do not need and which cause bugs (e.g. in
19190# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
19191# suppresses any "Segmentation fault" message there. '((' could
19192# trigger a bug in pdksh 5.2.14.
19193for as_var in BASH_ENV ENV MAIL MAILPATH
19194do eval test x\${$as_var+set} = xset \
19195 && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
19196done
19197PS1='$ '
19198PS2='> '
19199PS4='+ '
19200
19201# NLS nuisances.
19202LC_ALL=C
19203export LC_ALL
19204LANGUAGE=C
19205export LANGUAGE
19206
19207# CDPATH.
19208(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
19209
19210
19211# as_fn_error STATUS ERROR [LINENO LOG_FD]
19212# ----------------------------------------
19213# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
19214# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
19215# script with STATUS, using 1 if that was 0.
19216as_fn_error ()
19217{
19218 as_status=$1; test $as_status -eq 0 && as_status=1
19219 if test "$4"; then
19220 as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
19221 $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
19222 fi
19223 $as_echo "$as_me: error: $2" >&2
19224 as_fn_exit $as_status
19225} # as_fn_error
19226
19227
19228# as_fn_set_status STATUS
19229# -----------------------
19230# Set $? to STATUS, without forking.
19231as_fn_set_status ()
19232{
19233 return $1
19234} # as_fn_set_status
19235
19236# as_fn_exit STATUS
19237# -----------------
19238# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
19239as_fn_exit ()
19240{
19241 set +e
19242 as_fn_set_status $1
19243 exit $1
19244} # as_fn_exit
19245
19246# as_fn_unset VAR
19247# ---------------
19248# Portably unset VAR.
19249as_fn_unset ()
19250{
19251 { eval $1=; unset $1;}
19252}
19253as_unset=as_fn_unset
19254# as_fn_append VAR VALUE
19255# ----------------------
19256# Append the text in VALUE to the end of the definition contained in VAR. Take
19257# advantage of any shell optimizations that allow amortized linear growth over
19258# repeated appends, instead of the typical quadratic growth present in naive
19259# implementations.
19260if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
19261 eval 'as_fn_append ()
19262 {
19263 eval $1+=\$2
19264 }'
19265else
19266 as_fn_append ()
19267 {
19268 eval $1=\$$1\$2
19269 }
19270fi # as_fn_append
19271
19272# as_fn_arith ARG...
19273# ------------------
19274# Perform arithmetic evaluation on the ARGs, and store the result in the
19275# global $as_val. Take advantage of shells that can avoid forks. The arguments
19276# must be portable across $(()) and expr.
19277if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
19278 eval 'as_fn_arith ()
19279 {
19280 as_val=$(( $* ))
19281 }'
19282else
19283 as_fn_arith ()
19284 {
19285 as_val=`expr "$@" || test $? -eq 1`
19286 }
19287fi # as_fn_arith
19288
19289
19290if expr a : '\(a\)' >/dev/null 2>&1 &&
19291 test "X`expr 00001 : '.*\(...\)'`" = X001; then
19292 as_expr=expr
19293else
19294 as_expr=false
19295fi
19296
19297if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
19298 as_basename=basename
19299else
19300 as_basename=false
19301fi
19302
19303if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
19304 as_dirname=dirname
19305else
19306 as_dirname=false
19307fi
19308
19309as_me=`$as_basename -- "$0" ||
19310$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
19311 X"$0" : 'X\(//\)$' \| \
19312 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
19313$as_echo X/"$0" |
19314 sed '/^.*\/\([^/][^/]*\)\/*$/{
19315 s//\1/
19316 q
19317 }
19318 /^X\/\(\/\/\)$/{
19319 s//\1/
19320 q
19321 }
19322 /^X\/\(\/\).*/{
19323 s//\1/
19324 q
19325 }
19326 s/.*/./; q'`
19327
19328# Avoid depending upon Character Ranges.
19329as_cr_letters='abcdefghijklmnopqrstuvwxyz'
19330as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
19331as_cr_Letters=$as_cr_letters$as_cr_LETTERS
19332as_cr_digits='0123456789'
19333as_cr_alnum=$as_cr_Letters$as_cr_digits
19334
19335ECHO_C= ECHO_N= ECHO_T=
19336case `echo -n x` in #(((((
19337-n*)
19338 case `echo 'xy\c'` in
19339 *c*) ECHO_T=' ';; # ECHO_T is single tab character.
19340 xy) ECHO_C='\c';;
19341 *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
19342 ECHO_T=' ';;
19343 esac;;
19344*)
19345 ECHO_N='-n';;
19346esac
19347
19348rm -f conf$$ conf$$.exe conf$$.file
19349if test -d conf$$.dir; then
19350 rm -f conf$$.dir/conf$$.file
19351else
19352 rm -f conf$$.dir
19353 mkdir conf$$.dir 2>/dev/null
19354fi
19355if (echo >conf$$.file) 2>/dev/null; then
19356 if ln -s conf$$.file conf$$ 2>/dev/null; then
19357 as_ln_s='ln -s'
19358 # ... but there are two gotchas:
19359 # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
19360 # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
19361 # In both cases, we have to default to `cp -pR'.
19362 ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
19363 as_ln_s='cp -pR'
19364 elif ln conf$$.file conf$$ 2>/dev/null; then
19365 as_ln_s=ln
19366 else
19367 as_ln_s='cp -pR'
19368 fi
19369else
19370 as_ln_s='cp -pR'
19371fi
19372rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
19373rmdir conf$$.dir 2>/dev/null
19374
19375
19376# as_fn_mkdir_p
19377# -------------
19378# Create "$as_dir" as a directory, including parents if necessary.
19379as_fn_mkdir_p ()
19380{
19381
19382 case $as_dir in #(
19383 -*) as_dir=./$as_dir;;
19384 esac
19385 test -d "$as_dir" || eval $as_mkdir_p || {
19386 as_dirs=
19387 while :; do
19388 case $as_dir in #(
19389 *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
19390 *) as_qdir=$as_dir;;
19391 esac
19392 as_dirs="'$as_qdir' $as_dirs"
19393 as_dir=`$as_dirname -- "$as_dir" ||
19394$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
19395 X"$as_dir" : 'X\(//\)[^/]' \| \
19396 X"$as_dir" : 'X\(//\)$' \| \
19397 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
19398$as_echo X"$as_dir" |
19399 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
19400 s//\1/
19401 q
19402 }
19403 /^X\(\/\/\)[^/].*/{
19404 s//\1/
19405 q
19406 }
19407 /^X\(\/\/\)$/{
19408 s//\1/
19409 q
19410 }
19411 /^X\(\/\).*/{
19412 s//\1/
19413 q
19414 }
19415 s/.*/./; q'`
19416 test -d "$as_dir" && break
19417 done
19418 test -z "$as_dirs" || eval "mkdir $as_dirs"
19419 } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
19420
19421
19422} # as_fn_mkdir_p
19423if mkdir -p . 2>/dev/null; then
19424 as_mkdir_p='mkdir -p "$as_dir"'
19425else
19426 test -d ./-p && rmdir ./-p
19427 as_mkdir_p=false
19428fi
19429
19430
19431# as_fn_executable_p FILE
19432# -----------------------
19433# Test if FILE is an executable regular file.
19434as_fn_executable_p ()
19435{
19436 test -f "$1" && test -x "$1"
19437} # as_fn_executable_p
19438as_test_x='test -x'
19439as_executable_p=as_fn_executable_p
19440
19441# Sed expression to map a string onto a valid CPP name.
19442as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
19443
19444# Sed expression to map a string onto a valid variable name.
19445as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
19446
19447
19448exec 6>&1
19449## ----------------------------------- ##
19450## Main body of $CONFIG_STATUS script. ##
19451## ----------------------------------- ##
19452_ASEOF
19453test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
19454
19455cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19456# Save the log message, to keep $0 and so on meaningful, and to
19457# report actual input values of CONFIG_FILES etc. instead of their
19458# values after options handling.
19459ac_log="
19460This file was extended by OpenSSH $as_me Portable, which was
19461generated by GNU Autoconf 2.69. Invocation command line was
19462
19463 CONFIG_FILES = $CONFIG_FILES
19464 CONFIG_HEADERS = $CONFIG_HEADERS
19465 CONFIG_LINKS = $CONFIG_LINKS
19466 CONFIG_COMMANDS = $CONFIG_COMMANDS
19467 $ $0 $@
19468
19469on `(hostname || uname -n) 2>/dev/null | sed 1q`
19470"
19471
19472_ACEOF
19473
19474case $ac_config_files in *"
19475"*) set x $ac_config_files; shift; ac_config_files=$*;;
19476esac
19477
19478case $ac_config_headers in *"
19479"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
19480esac
19481
19482
19483cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19484# Files that config.status was made for.
19485config_files="$ac_config_files"
19486config_headers="$ac_config_headers"
19487
19488_ACEOF
19489
19490cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19491ac_cs_usage="\
19492\`$as_me' instantiates files and other configuration actions
19493from templates according to the current configuration. Unless the files
19494and actions are specified as TAGs, all are instantiated by default.
19495
19496Usage: $0 [OPTION]... [TAG]...
19497
19498 -h, --help print this help, then exit
19499 -V, --version print version number and configuration settings, then exit
19500 --config print configuration, then exit
19501 -q, --quiet, --silent
19502 do not print progress messages
19503 -d, --debug don't remove temporary files
19504 --recheck update $as_me by reconfiguring in the same conditions
19505 --file=FILE[:TEMPLATE]
19506 instantiate the configuration file FILE
19507 --header=FILE[:TEMPLATE]
19508 instantiate the configuration header FILE
19509
19510Configuration files:
19511$config_files
19512
19513Configuration headers:
19514$config_headers
19515
19516Report bugs to <openssh-unix-dev@mindrot.org>."
19517
19518_ACEOF
19519cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19520ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
19521ac_cs_version="\\
19522OpenSSH config.status Portable
19523configured by $0, generated by GNU Autoconf 2.69,
19524 with options \\"\$ac_cs_config\\"
19525
19526Copyright (C) 2012 Free Software Foundation, Inc.
19527This config.status script is free software; the Free Software Foundation
19528gives unlimited permission to copy, distribute and modify it."
19529
19530ac_pwd='$ac_pwd'
19531srcdir='$srcdir'
19532INSTALL='$INSTALL'
19533AWK='$AWK'
19534test -n "\$AWK" || AWK=awk
19535_ACEOF
19536
19537cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19538# The default lists apply if the user does not specify any file.
19539ac_need_defaults=:
19540while test $# != 0
19541do
19542 case $1 in
19543 --*=?*)
19544 ac_option=`expr "X$1" : 'X\([^=]*\)='`
19545 ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
19546 ac_shift=:
19547 ;;
19548 --*=)
19549 ac_option=`expr "X$1" : 'X\([^=]*\)='`
19550 ac_optarg=
19551 ac_shift=:
19552 ;;
19553 *)
19554 ac_option=$1
19555 ac_optarg=$2
19556 ac_shift=shift
19557 ;;
19558 esac
19559
19560 case $ac_option in
19561 # Handling of the options.
19562 -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
19563 ac_cs_recheck=: ;;
19564 --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
19565 $as_echo "$ac_cs_version"; exit ;;
19566 --config | --confi | --conf | --con | --co | --c )
19567 $as_echo "$ac_cs_config"; exit ;;
19568 --debug | --debu | --deb | --de | --d | -d )
19569 debug=: ;;
19570 --file | --fil | --fi | --f )
19571 $ac_shift
19572 case $ac_optarg in
19573 *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
19574 '') as_fn_error $? "missing file argument" ;;
19575 esac
19576 as_fn_append CONFIG_FILES " '$ac_optarg'"
19577 ac_need_defaults=false;;
19578 --header | --heade | --head | --hea )
19579 $ac_shift
19580 case $ac_optarg in
19581 *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
19582 esac
19583 as_fn_append CONFIG_HEADERS " '$ac_optarg'"
19584 ac_need_defaults=false;;
19585 --he | --h)
19586 # Conflict between --help and --header
19587 as_fn_error $? "ambiguous option: \`$1'
19588Try \`$0 --help' for more information.";;
19589 --help | --hel | -h )
19590 $as_echo "$ac_cs_usage"; exit ;;
19591 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
19592 | -silent | --silent | --silen | --sile | --sil | --si | --s)
19593 ac_cs_silent=: ;;
19594
19595 # This is an error.
19596 -*) as_fn_error $? "unrecognized option: \`$1'
19597Try \`$0 --help' for more information." ;;
19598
19599 *) as_fn_append ac_config_targets " $1"
19600 ac_need_defaults=false ;;
19601
19602 esac
19603 shift
19604done
19605
19606ac_configure_extra_args=
19607
19608if $ac_cs_silent; then
19609 exec 6>/dev/null
19610 ac_configure_extra_args="$ac_configure_extra_args --silent"
19611fi
19612
19613_ACEOF
19614cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19615if \$ac_cs_recheck; then
19616 set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
19617 shift
19618 \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
19619 CONFIG_SHELL='$SHELL'
19620 export CONFIG_SHELL
19621 exec "\$@"
19622fi
19623
19624_ACEOF
19625cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19626exec 5>>config.log
19627{
19628 echo
19629 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
19630## Running $as_me. ##
19631_ASBOX
19632 $as_echo "$ac_log"
19633} >&5
19634
19635_ACEOF
19636cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19637_ACEOF
19638
19639cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19640
19641# Handling of arguments.
19642for ac_config_target in $ac_config_targets
19643do
19644 case $ac_config_target in
19645 "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
19646 "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
19647 "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;;
19648 "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;;
19649 "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;;
19650 "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;;
19651 "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;;
19652 "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;;
19653
19654 *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
19655 esac
19656done
19657
19658
19659# If the user did not use the arguments to specify the items to instantiate,
19660# then the envvar interface is used. Set only those that are not.
19661# We use the long form for the default assignment because of an extremely
19662# bizarre bug on SunOS 4.1.3.
19663if $ac_need_defaults; then
19664 test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
19665 test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
19666fi
19667
19668# Have a temporary directory for convenience. Make it in the build tree
19669# simply because there is no reason against having it here, and in addition,
19670# creating and moving files from /tmp can sometimes cause problems.
19671# Hook for its removal unless debugging.
19672# Note that there is a small window in which the directory will not be cleaned:
19673# after its creation but before its name has been assigned to `$tmp'.
19674$debug ||
19675{
19676 tmp= ac_tmp=
19677 trap 'exit_status=$?
19678 : "${ac_tmp:=$tmp}"
19679 { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
19680' 0
19681 trap 'as_fn_exit 1' 1 2 13 15
19682}
19683# Create a (secure) tmp directory for tmp files.
19684
19685{
19686 tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
19687 test -d "$tmp"
19688} ||
19689{
19690 tmp=./conf$$-$RANDOM
19691 (umask 077 && mkdir "$tmp")
19692} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
19693ac_tmp=$tmp
19694
19695# Set up the scripts for CONFIG_FILES section.
19696# No need to generate them if there are no CONFIG_FILES.
19697# This happens for instance with `./config.status config.h'.
19698if test -n "$CONFIG_FILES"; then
19699
19700
19701ac_cr=`echo X | tr X '\015'`
19702# On cygwin, bash can eat \r inside `` if the user requested igncr.
19703# But we know of no other shell where ac_cr would be empty at this
19704# point, so we can use a bashism as a fallback.
19705if test "x$ac_cr" = x; then
19706 eval ac_cr=\$\'\\r\'
19707fi
19708ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
19709if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
19710 ac_cs_awk_cr='\\r'
19711else
19712 ac_cs_awk_cr=$ac_cr
19713fi
19714
19715echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
19716_ACEOF
19717
19718
19719{
19720 echo "cat >conf$$subs.awk <<_ACEOF" &&
19721 echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
19722 echo "_ACEOF"
19723} >conf$$subs.sh ||
19724 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
19725ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
19726ac_delim='%!_!# '
19727for ac_last_try in false false false false false :; do
19728 . ./conf$$subs.sh ||
19729 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
19730
19731 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
19732 if test $ac_delim_n = $ac_delim_num; then
19733 break
19734 elif $ac_last_try; then
19735 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
19736 else
19737 ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
19738 fi
19739done
19740rm -f conf$$subs.sh
19741
19742cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19743cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
19744_ACEOF
19745sed -n '
19746h
19747s/^/S["/; s/!.*/"]=/
19748p
19749g
19750s/^[^!]*!//
19751:repl
19752t repl
19753s/'"$ac_delim"'$//
19754t delim
19755:nl
19756h
19757s/\(.\{148\}\)..*/\1/
19758t more1
19759s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
19760p
19761n
19762b repl
19763:more1
19764s/["\\]/\\&/g; s/^/"/; s/$/"\\/
19765p
19766g
19767s/.\{148\}//
19768t nl
19769:delim
19770h
19771s/\(.\{148\}\)..*/\1/
19772t more2
19773s/["\\]/\\&/g; s/^/"/; s/$/"/
19774p
19775b
19776:more2
19777s/["\\]/\\&/g; s/^/"/; s/$/"\\/
19778p
19779g
19780s/.\{148\}//
19781t delim
19782' <conf$$subs.awk | sed '
19783/^[^""]/{
19784 N
19785 s/\n//
19786}
19787' >>$CONFIG_STATUS || ac_write_fail=1
19788rm -f conf$$subs.awk
19789cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19790_ACAWK
19791cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
19792 for (key in S) S_is_set[key] = 1
19793 FS = ""
19794
19795}
19796{
19797 line = $ 0
19798 nfields = split(line, field, "@")
19799 substed = 0
19800 len = length(field[1])
19801 for (i = 2; i < nfields; i++) {
19802 key = field[i]
19803 keylen = length(key)
19804 if (S_is_set[key]) {
19805 value = S[key]
19806 line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
19807 len += length(value) + length(field[++i])
19808 substed = 1
19809 } else
19810 len += 1 + keylen
19811 }
19812
19813 print line
19814}
19815
19816_ACAWK
19817_ACEOF
19818cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19819if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
19820 sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
19821else
19822 cat
19823fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
19824 || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
19825_ACEOF
19826
19827# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
19828# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
19829# trailing colons and then remove the whole line if VPATH becomes empty
19830# (actually we leave an empty line to preserve line numbers).
19831if test "x$srcdir" = x.; then
19832 ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
19833h
19834s///
19835s/^/:/
19836s/[ ]*$/:/
19837s/:\$(srcdir):/:/g
19838s/:\${srcdir}:/:/g
19839s/:@srcdir@:/:/g
19840s/^:*//
19841s/:*$//
19842x
19843s/\(=[ ]*\).*/\1/
19844G
19845s/\n//
19846s/^[^=]*=[ ]*$//
19847}'
19848fi
19849
19850cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19851fi # test -n "$CONFIG_FILES"
19852
19853# Set up the scripts for CONFIG_HEADERS section.
19854# No need to generate them if there are no CONFIG_HEADERS.
19855# This happens for instance with `./config.status Makefile'.
19856if test -n "$CONFIG_HEADERS"; then
19857cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
19858BEGIN {
19859_ACEOF
19860
19861# Transform confdefs.h into an awk script `defines.awk', embedded as
19862# here-document in config.status, that substitutes the proper values into
19863# config.h.in to produce config.h.
19864
19865# Create a delimiter string that does not exist in confdefs.h, to ease
19866# handling of long lines.
19867ac_delim='%!_!# '
19868for ac_last_try in false false :; do
19869 ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
19870 if test -z "$ac_tt"; then
19871 break
19872 elif $ac_last_try; then
19873 as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
19874 else
19875 ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
19876 fi
19877done
19878
19879# For the awk script, D is an array of macro values keyed by name,
19880# likewise P contains macro parameters if any. Preserve backslash
19881# newline sequences.
19882
19883ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
19884sed -n '
19885s/.\{148\}/&'"$ac_delim"'/g
19886t rset
19887:rset
19888s/^[ ]*#[ ]*define[ ][ ]*/ /
19889t def
19890d
19891:def
19892s/\\$//
19893t bsnl
19894s/["\\]/\\&/g
19895s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
19896D["\1"]=" \3"/p
19897s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
19898d
19899:bsnl
19900s/["\\]/\\&/g
19901s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
19902D["\1"]=" \3\\\\\\n"\\/p
19903t cont
19904s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
19905t cont
19906d
19907:cont
19908n
19909s/.\{148\}/&'"$ac_delim"'/g
19910t clear
19911:clear
19912s/\\$//
19913t bsnlc
19914s/["\\]/\\&/g; s/^/"/; s/$/"/p
19915d
19916:bsnlc
19917s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
19918b cont
19919' <confdefs.h | sed '
19920s/'"$ac_delim"'/"\\\
19921"/g' >>$CONFIG_STATUS || ac_write_fail=1
19922
19923cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19924 for (key in D) D_is_set[key] = 1
19925 FS = ""
19926}
19927/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
19928 line = \$ 0
19929 split(line, arg, " ")
19930 if (arg[1] == "#") {
19931 defundef = arg[2]
19932 mac1 = arg[3]
19933 } else {
19934 defundef = substr(arg[1], 2)
19935 mac1 = arg[2]
19936 }
19937 split(mac1, mac2, "(") #)
19938 macro = mac2[1]
19939 prefix = substr(line, 1, index(line, defundef) - 1)
19940 if (D_is_set[macro]) {
19941 # Preserve the white space surrounding the "#".
19942 print prefix "define", macro P[macro] D[macro]
19943 next
19944 } else {
19945 # Replace #undef with comments. This is necessary, for example,
19946 # in the case of _POSIX_SOURCE, which is predefined and required
19947 # on some systems where configure will not decide to define it.
19948 if (defundef == "undef") {
19949 print "/*", prefix defundef, macro, "*/"
19950 next
19951 }
19952 }
19953}
19954{ print }
19955_ACAWK
19956_ACEOF
19957cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19958 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
19959fi # test -n "$CONFIG_HEADERS"
19960
19961
19962eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
19963shift
19964for ac_tag
19965do
19966 case $ac_tag in
19967 :[FHLC]) ac_mode=$ac_tag; continue;;
19968 esac
19969 case $ac_mode$ac_tag in
19970 :[FHL]*:*);;
19971 :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
19972 :[FH]-) ac_tag=-:-;;
19973 :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
19974 esac
19975 ac_save_IFS=$IFS
19976 IFS=:
19977 set x $ac_tag
19978 IFS=$ac_save_IFS
19979 shift
19980 ac_file=$1
19981 shift
19982
19983 case $ac_mode in
19984 :L) ac_source=$1;;
19985 :[FH])
19986 ac_file_inputs=
19987 for ac_f
19988 do
19989 case $ac_f in
19990 -) ac_f="$ac_tmp/stdin";;
19991 *) # Look for the file first in the build tree, then in the source tree
19992 # (if the path is not absolute). The absolute path cannot be DOS-style,
19993 # because $ac_f cannot contain `:'.
19994 test -f "$ac_f" ||
19995 case $ac_f in
19996 [\\/$]*) false;;
19997 *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
19998 esac ||
19999 as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
20000 esac
20001 case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
20002 as_fn_append ac_file_inputs " '$ac_f'"
20003 done
20004
20005 # Let's still pretend it is `configure' which instantiates (i.e., don't
20006 # use $as_me), people would be surprised to read:
20007 # /* config.h. Generated by config.status. */
20008 configure_input='Generated from '`
20009 $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
20010 `' by configure.'
20011 if test x"$ac_file" != x-; then
20012 configure_input="$ac_file. $configure_input"
20013 { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
20014$as_echo "$as_me: creating $ac_file" >&6;}
20015 fi
20016 # Neutralize special characters interpreted by sed in replacement strings.
20017 case $configure_input in #(
20018 *\&* | *\|* | *\\* )
20019 ac_sed_conf_input=`$as_echo "$configure_input" |
20020 sed 's/[\\\\&|]/\\\\&/g'`;; #(
20021 *) ac_sed_conf_input=$configure_input;;
20022 esac
20023
20024 case $ac_tag in
20025 *:-:* | *:-) cat >"$ac_tmp/stdin" \
20026 || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
20027 esac
20028 ;;
20029 esac
20030
20031 ac_dir=`$as_dirname -- "$ac_file" ||
20032$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
20033 X"$ac_file" : 'X\(//\)[^/]' \| \
20034 X"$ac_file" : 'X\(//\)$' \| \
20035 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
20036$as_echo X"$ac_file" |
20037 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
20038 s//\1/
20039 q
20040 }
20041 /^X\(\/\/\)[^/].*/{
20042 s//\1/
20043 q
20044 }
20045 /^X\(\/\/\)$/{
20046 s//\1/
20047 q
20048 }
20049 /^X\(\/\).*/{
20050 s//\1/
20051 q
20052 }
20053 s/.*/./; q'`
20054 as_dir="$ac_dir"; as_fn_mkdir_p
20055 ac_builddir=.
20056
20057case "$ac_dir" in
20058.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
20059*)
20060 ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
20061 # A ".." for each directory in $ac_dir_suffix.
20062 ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
20063 case $ac_top_builddir_sub in
20064 "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
20065 *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
20066 esac ;;
20067esac
20068ac_abs_top_builddir=$ac_pwd
20069ac_abs_builddir=$ac_pwd$ac_dir_suffix
20070# for backward compatibility:
20071ac_top_builddir=$ac_top_build_prefix
20072
20073case $srcdir in
20074 .) # We are building in place.
20075 ac_srcdir=.
20076 ac_top_srcdir=$ac_top_builddir_sub
20077 ac_abs_top_srcdir=$ac_pwd ;;
20078 [\\/]* | ?:[\\/]* ) # Absolute name.
20079 ac_srcdir=$srcdir$ac_dir_suffix;
20080 ac_top_srcdir=$srcdir
20081 ac_abs_top_srcdir=$srcdir ;;
20082 *) # Relative name.
20083 ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
20084 ac_top_srcdir=$ac_top_build_prefix$srcdir
20085 ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
20086esac
20087ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
20088
20089
20090 case $ac_mode in
20091 :F)
20092 #
20093 # CONFIG_FILE
20094 #
20095
20096 case $INSTALL in
20097 [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
20098 *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
20099 esac
20100_ACEOF
20101
20102cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
20103# If the template does not know about datarootdir, expand it.
20104# FIXME: This hack should be removed a few years after 2.60.
20105ac_datarootdir_hack=; ac_datarootdir_seen=
20106ac_sed_dataroot='
20107/datarootdir/ {
20108 p
20109 q
20110}
20111/@datadir@/p
20112/@docdir@/p
20113/@infodir@/p
20114/@localedir@/p
20115/@mandir@/p'
20116case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
20117*datarootdir*) ac_datarootdir_seen=yes;;
20118*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
20119 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
20120$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
20121_ACEOF
20122cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
20123 ac_datarootdir_hack='
20124 s&@datadir@&$datadir&g
20125 s&@docdir@&$docdir&g
20126 s&@infodir@&$infodir&g
20127 s&@localedir@&$localedir&g
20128 s&@mandir@&$mandir&g
20129 s&\\\${datarootdir}&$datarootdir&g' ;;
20130esac
20131_ACEOF
20132
20133# Neutralize VPATH when `$srcdir' = `.'.
20134# Shell code in configure.ac might set extrasub.
20135# FIXME: do we really want to maintain this feature?
20136cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
20137ac_sed_extra="$ac_vpsub
20138$extrasub
20139_ACEOF
20140cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
20141:t
20142/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
20143s|@configure_input@|$ac_sed_conf_input|;t t
20144s&@top_builddir@&$ac_top_builddir_sub&;t t
20145s&@top_build_prefix@&$ac_top_build_prefix&;t t
20146s&@srcdir@&$ac_srcdir&;t t
20147s&@abs_srcdir@&$ac_abs_srcdir&;t t
20148s&@top_srcdir@&$ac_top_srcdir&;t t
20149s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
20150s&@builddir@&$ac_builddir&;t t
20151s&@abs_builddir@&$ac_abs_builddir&;t t
20152s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
20153s&@INSTALL@&$ac_INSTALL&;t t
20154$ac_datarootdir_hack
20155"
20156eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
20157 >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20158
20159test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
20160 { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
20161 { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
20162 "$ac_tmp/out"`; test -z "$ac_out"; } &&
20163 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
20164which seems to be undefined. Please make sure it is defined" >&5
20165$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
20166which seems to be undefined. Please make sure it is defined" >&2;}
20167
20168 rm -f "$ac_tmp/stdin"
20169 case $ac_file in
20170 -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
20171 *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
20172 esac \
20173 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20174 ;;
20175 :H)
20176 #
20177 # CONFIG_HEADER
20178 #
20179 if test x"$ac_file" != x-; then
20180 {
20181 $as_echo "/* $configure_input */" \
20182 && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
20183 } >"$ac_tmp/config.h" \
20184 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20185 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
20186 { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
20187$as_echo "$as_me: $ac_file is unchanged" >&6;}
20188 else
20189 rm -f "$ac_file"
20190 mv "$ac_tmp/config.h" "$ac_file" \
20191 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20192 fi
20193 else
20194 $as_echo "/* $configure_input */" \
20195 && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
20196 || as_fn_error $? "could not create -" "$LINENO" 5
20197 fi
20198 ;;
20199
20200
20201 esac
20202
20203done # for ac_tag
20204
20205
20206as_fn_exit 0
20207_ACEOF
20208ac_clean_files=$ac_clean_files_save
20209
20210test $ac_write_fail = 0 ||
20211 as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
20212
20213
20214# configure is writing to config.log, and then calls config.status.
20215# config.status does its own redirection, appending to config.log.
20216# Unfortunately, on DOS this fails, as config.log is still kept open
20217# by configure, so config.status won't be able to write to it; its
20218# output is simply discarded. So we exec the FD to /dev/null,
20219# effectively closing config.log, so it can be properly (re)opened and
20220# appended to by config.status. When coming back to configure, we
20221# need to make the FD available again.
20222if test "$no_create" != yes; then
20223 ac_cs_success=:
20224 ac_config_status_args=
20225 test "$silent" = yes &&
20226 ac_config_status_args="$ac_config_status_args --quiet"
20227 exec 5>/dev/null
20228 $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
20229 exec 5>>config.log
20230 # Use ||, not &&, to avoid exiting from the if with $? = 1, which
20231 # would make configure fail if this is the last instruction.
20232 $ac_cs_success || as_fn_exit 1
20233fi
20234if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
20235 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
20236$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
20237fi
20238
20239
20240# Print summary of options
20241
20242# Someone please show me a better way :)
20243A=`eval echo ${prefix}` ; A=`eval echo ${A}`
20244B=`eval echo ${bindir}` ; B=`eval echo ${B}`
20245C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
20246D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
20247E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
20248F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
20249G=`eval echo ${piddir}` ; G=`eval echo ${G}`
20250H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
20251I=`eval echo ${user_path}` ; I=`eval echo ${I}`
20252J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
20253
20254echo ""
20255echo "OpenSSH has been configured with the following options:"
20256echo " User binaries: $B"
20257echo " System binaries: $C"
20258echo " Configuration files: $D"
20259echo " Askpass program: $E"
20260echo " Manual pages: $F"
20261echo " PID file: $G"
20262echo " Privilege separation chroot path: $H"
20263if test "x$external_path_file" = "x/etc/login.conf" ; then
20264echo " At runtime, sshd will use the path defined in $external_path_file"
20265echo " Make sure the path to scp is present, otherwise scp will not work"
20266else
20267echo " sshd default user PATH: $I"
20268 if test ! -z "$external_path_file"; then
20269echo " (If PATH is set in $external_path_file it will be used instead. If"
20270echo " used, ensure the path to scp is present, otherwise scp will not work.)"
20271 fi
20272fi
20273if test ! -z "$superuser_path" ; then
20274echo " sshd superuser user PATH: $J"
20275fi
20276echo " Manpage format: $MANTYPE"
20277echo " PAM support: $PAM_MSG"
20278echo " OSF SIA support: $SIA_MSG"
20279echo " KerberosV support: $KRB5_MSG"
20280echo " SELinux support: $SELINUX_MSG"
20281echo " Smartcard support: $SCARD_MSG"
20282echo " S/KEY support: $SKEY_MSG"
20283echo " MD5 password support: $MD5_MSG"
20284echo " libedit support: $LIBEDIT_MSG"
20285echo " Solaris process contract support: $SPC_MSG"
20286echo " Solaris project support: $SP_MSG"
20287echo " Solaris privilege support: $SPP_MSG"
20288echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
20289echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
20290echo " BSD Auth support: $BSD_AUTH_MSG"
20291echo " Random number source: $RAND_MSG"
20292echo " Privsep sandbox style: $SANDBOX_STYLE"
20293
20294echo ""
20295
20296echo " Host: ${host}"
20297echo " Compiler: ${CC}"
20298echo " Compiler flags: ${CFLAGS}"
20299echo "Preprocessor flags: ${CPPFLAGS}"
20300echo " Linker flags: ${LDFLAGS}"
20301echo " Libraries: ${LIBS}"
20302if test ! -z "${SSHDLIBS}"; then
20303echo " +for sshd: ${SSHDLIBS}"
20304fi
20305if test ! -z "${SSHLIBS}"; then
20306echo " +for ssh: ${SSHLIBS}"
20307fi
20308
20309echo ""
20310
20311if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
20312 echo "SVR4 style packages are supported with \"make package\""
20313 echo ""
20314fi
20315
20316if test "x$PAM_MSG" = "xyes" ; then
20317 echo "PAM is enabled. You may need to install a PAM control file "
20318 echo "for sshd, otherwise password authentication may fail. "
20319 echo "Example PAM control files can be found in the contrib/ "
20320 echo "subdirectory"
20321 echo ""
20322fi
20323
20324if test ! -z "$NO_PEERCHECK" ; then
20325 echo "WARNING: the operating system that you are using does not"
20326 echo "appear to support getpeereid(), getpeerucred() or the"
20327 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
20328 echo "enforce security checks to prevent unauthorised connections to"
20329 echo "ssh-agent. Their absence increases the risk that a malicious"
20330 echo "user can connect to your agent."
20331 echo ""
20332fi
20333
20334if test "$AUDIT_MODULE" = "bsm" ; then
20335 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
20336 echo "See the Solaris section in README.platform for details."
20337fi
diff --git a/moduli.0 b/moduli.0
new file mode 100644
index 000000000..dd762af85
--- /dev/null
+++ b/moduli.0
@@ -0,0 +1,74 @@
1MODULI(5) File Formats Manual MODULI(5)
2
3NAME
4 moduli M-bM-^@M-^S Diffie-Hellman moduli
5
6DESCRIPTION
7 The /etc/moduli file contains prime numbers and generators for use by
8 sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
9
10 New moduli may be generated with ssh-keygen(1) using a two-step process.
11 An initial candidate generation pass, using ssh-keygen -G, calculates
12 numbers that are likely to be useful. A second primality testing pass,
13 using ssh-keygen -T, provides a high degree of assurance that the numbers
14 are prime and are safe for use in Diffie-Hellman operations by sshd(8).
15 This moduli format is used as the output from each pass.
16
17 The file consists of newline-separated records, one per modulus,
18 containing seven space-separated fields. These fields are as follows:
19
20 timestamp The time that the modulus was last processed as
21 YYYYMMDDHHMMSS.
22
23 type Decimal number specifying the internal structure of
24 the prime modulus. Supported types are:
25
26 0 Unknown, not tested.
27 2 "Safe" prime; (p-1)/2 is also prime.
28 4 Sophie Germain; 2p+1 is also prime.
29
30 Moduli candidates initially produced by ssh-keygen(1)
31 are Sophie Germain primes (type 4). Further primality
32 testing with ssh-keygen(1) produces safe prime moduli
33 (type 2) that are ready for use in sshd(8). Other
34 types are not used by OpenSSH.
35
36 tests Decimal number indicating the type of primality tests
37 that the number has been subjected to represented as a
38 bitmask of the following values:
39
40 0x00 Not tested.
41 0x01 Composite number M-bM-^@M-^S not prime.
42 0x02 Sieve of Eratosthenes.
43 0x04 Probabilistic Miller-Rabin primality tests.
44
45 The ssh-keygen(1) moduli candidate generation uses the
46 Sieve of Eratosthenes (flag 0x02). Subsequent
47 ssh-keygen(1) primality tests are Miller-Rabin tests
48 (flag 0x04).
49
50 trials Decimal number indicating the number of primality
51 trials that have been performed on the modulus.
52
53 size Decimal number indicating the size of the prime in
54 bits.
55
56 generator The recommended generator for use with this modulus
57 (hexadecimal).
58
59 modulus The modulus itself in hexadecimal.
60
61 When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
62 the size of the modulus required to produce enough Diffie-Hellman output
63 to sufficiently key the selected symmetric cipher. sshd(8) then randomly
64 selects a modulus from /etc/moduli that best meets the size requirement.
65
66SEE ALSO
67 ssh-keygen(1), sshd(8)
68
69STANDARDS
70 M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
71 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
72 2006.
73
74OpenBSD 6.0 September 26, 2012 OpenBSD 6.0
diff --git a/scp.0 b/scp.0
new file mode 100644
index 000000000..46a084698
--- /dev/null
+++ b/scp.0
@@ -0,0 +1,168 @@
1SCP(1) General Commands Manual SCP(1)
2
3NAME
4 scp M-bM-^@M-^S secure copy (remote file copy program)
5
6SYNOPSIS
7 scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
8 [-l limit] [-o ssh_option] [-P port] [-S program]
9 [[user@]host1:]file1 ... [[user@]host2:]file2
10
11DESCRIPTION
12 scp copies files between hosts on a network. It uses ssh(1) for data
13 transfer, and uses the same authentication and provides the same security
14 as ssh(1). scp will ask for passwords or passphrases if they are needed
15 for authentication.
16
17 File names may contain a user and host specification to indicate that the
18 file is to be copied to/from that host. Local file names can be made
19 explicit using absolute or relative pathnames to avoid scp treating file
20 names containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. Copies between two remote hosts
21 are also permitted.
22
23 The options are as follows:
24
25 -1 Forces scp to use protocol 1.
26
27 -2 Forces scp to use protocol 2.
28
29 -3 Copies between two remote hosts are transferred through the local
30 host. Without this option the data is copied directly between
31 the two remote hosts. Note that this option disables the
32 progress meter.
33
34 -4 Forces scp to use IPv4 addresses only.
35
36 -6 Forces scp to use IPv6 addresses only.
37
38 -B Selects batch mode (prevents asking for passwords or
39 passphrases).
40
41 -C Compression enable. Passes the -C flag to ssh(1) to enable
42 compression.
43
44 -c cipher
45 Selects the cipher to use for encrypting the data transfer. This
46 option is directly passed to ssh(1).
47
48 -F ssh_config
49 Specifies an alternative per-user configuration file for ssh.
50 This option is directly passed to ssh(1).
51
52 -i identity_file
53 Selects the file from which the identity (private key) for public
54 key authentication is read. This option is directly passed to
55 ssh(1).
56
57 -l limit
58 Limits the used bandwidth, specified in Kbit/s.
59
60 -o ssh_option
61 Can be used to pass options to ssh in the format used in
62 ssh_config(5). This is useful for specifying options for which
63 there is no separate scp command-line flag. For full details of
64 the options listed below, and their possible values, see
65 ssh_config(5).
66
67 AddressFamily
68 BatchMode
69 BindAddress
70 CanonicalDomains
71 CanonicalizeFallbackLocal
72 CanonicalizeHostname
73 CanonicalizeMaxDots
74 CanonicalizePermittedCNAMEs
75 CertificateFile
76 ChallengeResponseAuthentication
77 CheckHostIP
78 Cipher
79 Ciphers
80 Compression
81 CompressionLevel
82 ConnectionAttempts
83 ConnectTimeout
84 ControlMaster
85 ControlPath
86 ControlPersist
87 GlobalKnownHostsFile
88 GSSAPIAuthentication
89 GSSAPIDelegateCredentials
90 HashKnownHosts
91 Host
92 HostbasedAuthentication
93 HostbasedKeyTypes
94 HostKeyAlgorithms
95 HostKeyAlias
96 HostName
97 IdentitiesOnly
98 IdentityAgent
99 IdentityFile
100 IPQoS
101 KbdInteractiveAuthentication
102 KbdInteractiveDevices
103 KexAlgorithms
104 LogLevel
105 MACs
106 NoHostAuthenticationForLocalhost
107 NumberOfPasswordPrompts
108 PasswordAuthentication
109 PKCS11Provider
110 Port
111 PreferredAuthentications
112 Protocol
113 ProxyCommand
114 ProxyJump
115 PubkeyAcceptedKeyTypes
116 PubkeyAuthentication
117 RekeyLimit
118 RhostsRSAAuthentication
119 RSAAuthentication
120 SendEnv
121 ServerAliveInterval
122 ServerAliveCountMax
123 StrictHostKeyChecking
124 TCPKeepAlive
125 UpdateHostKeys
126 UsePrivilegedPort
127 User
128 UserKnownHostsFile
129 VerifyHostKeyDNS
130
131 -P port
132 Specifies the port to connect to on the remote host. Note that
133 this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already
134 reserved for preserving the times and modes of the file.
135
136 -p Preserves modification times, access times, and modes from the
137 original file.
138
139 -q Quiet mode: disables the progress meter as well as warning and
140 diagnostic messages from ssh(1).
141
142 -r Recursively copy entire directories. Note that scp follows
143 symbolic links encountered in the tree traversal.
144
145 -S program
146 Name of program to use for the encrypted connection. The program
147 must understand ssh(1) options.
148
149 -v Verbose mode. Causes scp and ssh(1) to print debugging messages
150 about their progress. This is helpful in debugging connection,
151 authentication, and configuration problems.
152
153EXIT STATUS
154 The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs.
155
156SEE ALSO
157 sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5),
158 sshd(8)
159
160HISTORY
161 scp is based on the rcp program in BSD source code from the Regents of
162 the University of California.
163
164AUTHORS
165 Timo Rinne <tri@iki.fi>
166 Tatu Ylonen <ylo@cs.hut.fi>
167
168OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/sftp-server.0 b/sftp-server.0
new file mode 100644
index 000000000..20d477d49
--- /dev/null
+++ b/sftp-server.0
@@ -0,0 +1,96 @@
1SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8)
2
3NAME
4 sftp-server M-bM-^@M-^S SFTP server subsystem
5
6SYNOPSIS
7 sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
8 [-P blacklisted_requests] [-p whitelisted_requests]
9 [-u umask]
10 sftp-server -Q protocol_feature
11
12DESCRIPTION
13 sftp-server is a program that speaks the server side of SFTP protocol to
14 stdout and expects client requests from stdin. sftp-server is not
15 intended to be called directly, but from sshd(8) using the Subsystem
16 option.
17
18 Command-line flags to sftp-server should be specified in the Subsystem
19 declaration. See sshd_config(5) for more information.
20
21 Valid options are:
22
23 -d start_directory
24 specifies an alternate starting directory for users. The
25 pathname may contain the following tokens that are expanded at
26 runtime: %% is replaced by a literal '%', %d is replaced by the
27 home directory of the user being authenticated, and %u is
28 replaced by the username of that user. The default is to use the
29 user's home directory. This option is useful in conjunction with
30 the sshd_config(5) ChrootDirectory option.
31
32 -e Causes sftp-server to print logging information to stderr instead
33 of syslog for debugging.
34
35 -f log_facility
36 Specifies the facility code that is used when logging messages
37 from sftp-server. The possible values are: DAEMON, USER, AUTH,
38 LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
39 The default is AUTH.
40
41 -h Displays sftp-server usage information.
42
43 -l log_level
44 Specifies which messages will be logged by sftp-server. The
45 possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
46 DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
47 that sftp-server performs on behalf of the client. DEBUG and
48 DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
49 levels of debugging output. The default is ERROR.
50
51 -P blacklisted_requests
52 Specify a comma-separated list of SFTP protocol requests that are
53 banned by the server. sftp-server will reply to any blacklisted
54 request with a failure. The -Q flag can be used to determine the
55 supported request types. If both a blacklist and a whitelist are
56 specified, then the blacklist is applied before the whitelist.
57
58 -p whitelisted_requests
59 Specify a comma-separated list of SFTP protocol requests that are
60 permitted by the server. All request types that are not on the
61 whitelist will be logged and replied to with a failure message.
62
63 Care must be taken when using this feature to ensure that
64 requests made implicitly by SFTP clients are permitted.
65
66 -Q protocol_feature
67 Query protocol features supported by sftp-server. At present the
68 only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used
69 for black or whitelisting (flags -P and -p respectively).
70
71 -R Places this instance of sftp-server into a read-only mode.
72 Attempts to open files for writing, as well as other operations
73 that change the state of the filesystem, will be denied.
74
75 -u umask
76 Sets an explicit umask(2) to be applied to newly-created files
77 and directories, instead of the user's default mask.
78
79 On some systems, sftp-server must be able to access /dev/log for logging
80 to work, and use of sftp-server in a chroot configuration therefore
81 requires that syslogd(8) establish a logging socket inside the chroot
82 directory.
83
84SEE ALSO
85 sftp(1), ssh(1), sshd_config(5), sshd(8)
86
87 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
88 filexfer-02.txt, October 2001, work in progress material.
89
90HISTORY
91 sftp-server first appeared in OpenBSD 2.8.
92
93AUTHORS
94 Markus Friedl <markus@openbsd.org>
95
96OpenBSD 6.0 December 11, 2014 OpenBSD 6.0
diff --git a/sftp.0 b/sftp.0
new file mode 100644
index 000000000..2e0c274d9
--- /dev/null
+++ b/sftp.0
@@ -0,0 +1,386 @@
1SFTP(1) General Commands Manual SFTP(1)
2
3NAME
4 sftp M-bM-^@M-^S secure file transfer program
5
6SYNOPSIS
7 sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
8 [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
9 [-o ssh_option] [-P port] [-R num_requests] [-S program]
10 [-s subsystem | sftp_server] host
11 sftp [user@]host[:file ...]
12 sftp [user@]host[:dir[/]]
13 sftp -b batchfile [user@]host
14
15DESCRIPTION
16 sftp is an interactive file transfer program, similar to ftp(1), which
17 performs all operations over an encrypted ssh(1) transport. It may also
18 use many features of ssh, such as public key authentication and
19 compression. sftp connects and logs into the specified host, then enters
20 an interactive command mode.
21
22 The second usage format will retrieve files automatically if a non-
23 interactive authentication method is used; otherwise it will do so after
24 successful interactive authentication.
25
26 The third usage format allows sftp to start in a remote directory.
27
28 The final usage format allows for automated sessions using the -b option.
29 In such cases, it is necessary to configure non-interactive
30 authentication to obviate the need to enter a password at connection time
31 (see sshd(8) and ssh-keygen(1) for details).
32
33 Since some usage formats use colon characters to delimit host names from
34 path names, IPv6 addresses must be enclosed in square brackets to avoid
35 ambiguity.
36
37 The options are as follows:
38
39 -1 Specify the use of protocol version 1.
40
41 -2 Specify the use of protocol version 2.
42
43 -4 Forces sftp to use IPv4 addresses only.
44
45 -6 Forces sftp to use IPv6 addresses only.
46
47 -a Attempt to continue interrupted transfers rather than overwriting
48 existing partial or complete copies of files. If the partial
49 contents differ from those being transferred, then the resultant
50 file is likely to be corrupt.
51
52 -B buffer_size
53 Specify the size of the buffer that sftp uses when transferring
54 files. Larger buffers require fewer round trips at the cost of
55 higher memory consumption. The default is 32768 bytes.
56
57 -b batchfile
58 Batch mode reads a series of commands from an input batchfile
59 instead of stdin. Since it lacks user interaction it should be
60 used in conjunction with non-interactive authentication. A
61 batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp
62 will abort if any of the following commands fail: get, put,
63 reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod,
64 chown, chgrp, lpwd, df, symlink, and lmkdir. Termination on
65 error can be suppressed on a command by command basis by
66 prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, -rm
67 /tmp/blah*).
68
69 -C Enables compression (via ssh's -C flag).
70
71 -c cipher
72 Selects the cipher to use for encrypting the data transfers.
73 This option is directly passed to ssh(1).
74
75 -D sftp_server_path
76 Connect directly to a local sftp server (rather than via ssh(1)).
77 This option may be useful in debugging the client and server.
78
79 -F ssh_config
80 Specifies an alternative per-user configuration file for ssh(1).
81 This option is directly passed to ssh(1).
82
83 -f Requests that files be flushed to disk immediately after
84 transfer. When uploading files, this feature is only enabled if
85 the server implements the "fsync@openssh.com" extension.
86
87 -i identity_file
88 Selects the file from which the identity (private key) for public
89 key authentication is read. This option is directly passed to
90 ssh(1).
91
92 -l limit
93 Limits the used bandwidth, specified in Kbit/s.
94
95 -o ssh_option
96 Can be used to pass options to ssh in the format used in
97 ssh_config(5). This is useful for specifying options for which
98 there is no separate sftp command-line flag. For example, to
99 specify an alternate port use: sftp -oPort=24. For full details
100 of the options listed below, and their possible values, see
101 ssh_config(5).
102
103 AddressFamily
104 BatchMode
105 BindAddress
106 CanonicalDomains
107 CanonicalizeFallbackLocal
108 CanonicalizeHostname
109 CanonicalizeMaxDots
110 CanonicalizePermittedCNAMEs
111 CertificateFile
112 ChallengeResponseAuthentication
113 CheckHostIP
114 Cipher
115 Ciphers
116 Compression
117 CompressionLevel
118 ConnectionAttempts
119 ConnectTimeout
120 ControlMaster
121 ControlPath
122 ControlPersist
123 GlobalKnownHostsFile
124 GSSAPIAuthentication
125 GSSAPIDelegateCredentials
126 HashKnownHosts
127 Host
128 HostbasedAuthentication
129 HostbasedKeyTypes
130 HostKeyAlgorithms
131 HostKeyAlias
132 HostName
133 IdentitiesOnly
134 IdentityAgent
135 IdentityFile
136 IPQoS
137 KbdInteractiveAuthentication
138 KbdInteractiveDevices
139 KexAlgorithms
140 LogLevel
141 MACs
142 NoHostAuthenticationForLocalhost
143 NumberOfPasswordPrompts
144 PasswordAuthentication
145 PKCS11Provider
146 Port
147 PreferredAuthentications
148 Protocol
149 ProxyCommand
150 ProxyJump
151 PubkeyAuthentication
152 RekeyLimit
153 RhostsRSAAuthentication
154 RSAAuthentication
155 SendEnv
156 ServerAliveInterval
157 ServerAliveCountMax
158 StrictHostKeyChecking
159 TCPKeepAlive
160 UpdateHostKeys
161 UsePrivilegedPort
162 User
163 UserKnownHostsFile
164 VerifyHostKeyDNS
165
166 -P port
167 Specifies the port to connect to on the remote host.
168
169 -p Preserves modification times, access times, and modes from the
170 original files transferred.
171
172 -q Quiet mode: disables the progress meter as well as warning and
173 diagnostic messages from ssh(1).
174
175 -R num_requests
176 Specify how many requests may be outstanding at any one time.
177 Increasing this may slightly improve file transfer speed but will
178 increase memory usage. The default is 64 outstanding requests.
179
180 -r Recursively copy entire directories when uploading and
181 downloading. Note that sftp does not follow symbolic links
182 encountered in the tree traversal.
183
184 -S program
185 Name of the program to use for the encrypted connection. The
186 program must understand ssh(1) options.
187
188 -s subsystem | sftp_server
189 Specifies the SSH2 subsystem or the path for an sftp server on
190 the remote host. A path is useful for using sftp over protocol
191 version 1, or when the remote sshd(8) does not have an sftp
192 subsystem configured.
193
194 -v Raise logging level. This option is also passed to ssh.
195
196INTERACTIVE COMMANDS
197 Once in interactive mode, sftp understands a set of commands similar to
198 those of ftp(1). Commands are case insensitive. Pathnames that contain
199 spaces must be enclosed in quotes. Any special characters contained
200 within pathnames that are recognized by glob(3) must be escaped with
201 backslashes (M-bM-^@M-^X\M-bM-^@M-^Y).
202
203 bye Quit sftp.
204
205 cd path
206 Change remote directory to path.
207
208 chgrp grp path
209 Change group of file path to grp. path may contain glob(3)
210 characters and may match multiple files. grp must be a numeric
211 GID.
212
213 chmod mode path
214 Change permissions of file path to mode. path may contain
215 glob(3) characters and may match multiple files.
216
217 chown own path
218 Change owner of file path to own. path may contain glob(3)
219 characters and may match multiple files. own must be a numeric
220 UID.
221
222 df [-hi] [path]
223 Display usage information for the filesystem holding the current
224 directory (or path if specified). If the -h flag is specified,
225 the capacity information will be displayed using "human-readable"
226 suffixes. The -i flag requests display of inode information in
227 addition to capacity information. This command is only supported
228 on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension.
229
230 exit Quit sftp.
231
232 get [-afPpr] remote-path [local-path]
233 Retrieve the remote-path and store it on the local machine. If
234 the local path name is not specified, it is given the same name
235 it has on the remote machine. remote-path may contain glob(3)
236 characters and may match multiple files. If it does and
237 local-path is specified, then local-path must specify a
238 directory.
239
240 If the -a flag is specified, then attempt to resume partial
241 transfers of existing files. Note that resumption assumes that
242 any partial copy of the local file matches the remote copy. If
243 the remote file contents differ from the partial local copy then
244 the resultant file is likely to be corrupt.
245
246 If the -f flag is specified, then fsync(2) will be called after
247 the file transfer has completed to flush the file to disk.
248
249 If either the -P or -p flag is specified, then full file
250 permissions and access times are copied too.
251
252 If the -r flag is specified then directories will be copied
253 recursively. Note that sftp does not follow symbolic links when
254 performing recursive transfers.
255
256 help Display help text.
257
258 lcd path
259 Change local directory to path.
260
261 lls [ls-options [path]]
262 Display local directory listing of either path or current
263 directory if path is not specified. ls-options may contain any
264 flags supported by the local system's ls(1) command. path may
265 contain glob(3) characters and may match multiple files.
266
267 lmkdir path
268 Create local directory specified by path.
269
270 ln [-s] oldpath newpath
271 Create a link from oldpath to newpath. If the -s flag is
272 specified the created link is a symbolic link, otherwise it is a
273 hard link.
274
275 lpwd Print local working directory.
276
277 ls [-1afhlnrSt] [path]
278 Display a remote directory listing of either path or the current
279 directory if path is not specified. path may contain glob(3)
280 characters and may match multiple files.
281
282 The following flags are recognized and alter the behaviour of ls
283 accordingly:
284
285 -1 Produce single columnar output.
286
287 -a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y).
288
289 -f Do not sort the listing. The default sort order is
290 lexicographical.
291
292 -h When used with a long format option, use unit suffixes:
293 Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
294 and Exabyte in order to reduce the number of digits to
295 four or fewer using powers of 2 for sizes (K=1024,
296 M=1048576, etc.).
297
298 -l Display additional details including permissions and
299 ownership information.
300
301 -n Produce a long listing with user and group information
302 presented numerically.
303
304 -r Reverse the sort order of the listing.
305
306 -S Sort the listing by file size.
307
308 -t Sort the listing by last modification time.
309
310 lumask umask
311 Set local umask to umask.
312
313 mkdir path
314 Create remote directory specified by path.
315
316 progress
317 Toggle display of progress meter.
318
319 put [-afPpr] local-path [remote-path]
320 Upload local-path and store it on the remote machine. If the
321 remote path name is not specified, it is given the same name it
322 has on the local machine. local-path may contain glob(3)
323 characters and may match multiple files. If it does and
324 remote-path is specified, then remote-path must specify a
325 directory.
326
327 If the -a flag is specified, then attempt to resume partial
328 transfers of existing files. Note that resumption assumes that
329 any partial copy of the remote file matches the local copy. If
330 the local file contents differ from the remote local copy then
331 the resultant file is likely to be corrupt.
332
333 If the -f flag is specified, then a request will be sent to the
334 server to call fsync(2) after the file has been transferred.
335 Note that this is only supported by servers that implement the
336 "fsync@openssh.com" extension.
337
338 If either the -P or -p flag is specified, then full file
339 permissions and access times are copied too.
340
341 If the -r flag is specified then directories will be copied
342 recursively. Note that sftp does not follow symbolic links when
343 performing recursive transfers.
344
345 pwd Display remote working directory.
346
347 quit Quit sftp.
348
349 reget [-Ppr] remote-path [local-path]
350 Resume download of remote-path. Equivalent to get with the -a
351 flag set.
352
353 reput [-Ppr] [local-path] remote-path
354 Resume upload of [local-path]. Equivalent to put with the -a
355 flag set.
356
357 rename oldpath newpath
358 Rename remote file from oldpath to newpath.
359
360 rm path
361 Delete remote file specified by path.
362
363 rmdir path
364 Remove remote directory specified by path.
365
366 symlink oldpath newpath
367 Create a symbolic link from oldpath to newpath.
368
369 version
370 Display the sftp protocol version.
371
372 !command
373 Execute command in local shell.
374
375 ! Escape to local shell.
376
377 ? Synonym for help.
378
379SEE ALSO
380 ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3),
381 ssh_config(5), sftp-server(8), sshd(8)
382
383 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
384 filexfer-00.txt, January 2001, work in progress material.
385
386OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/ssh-add.0 b/ssh-add.0
new file mode 100644
index 000000000..706bfe661
--- /dev/null
+++ b/ssh-add.0
@@ -0,0 +1,129 @@
1SSH-ADD(1) General Commands Manual SSH-ADD(1)
2
3NAME
4 ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
5
6SYNOPSIS
7 ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
8 ssh-add -s pkcs11
9 ssh-add -e pkcs11
10
11DESCRIPTION
12 ssh-add adds private key identities to the authentication agent,
13 ssh-agent(1). When run without arguments, it adds the files
14 ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
15 ~/.ssh/identity. After loading a private key, ssh-add will try to load
16 corresponding certificate information from the filename obtained by
17 appending -cert.pub to the name of the private key file. Alternative
18 file names can be given on the command line.
19
20 If any file requires a passphrase, ssh-add asks for the passphrase from
21 the user. The passphrase is read from the user's tty. ssh-add retries
22 the last passphrase if multiple identity files are given.
23
24 The authentication agent must be running and the SSH_AUTH_SOCK
25 environment variable must contain the name of its socket for ssh-add to
26 work.
27
28 The options are as follows:
29
30 -c Indicates that added identities should be subject to confirmation
31 before being used for authentication. Confirmation is performed
32 by ssh-askpass(1). Successful confirmation is signaled by a zero
33 exit status from ssh-askpass(1), rather than text entered into
34 the requester.
35
36 -D Deletes all identities from the agent.
37
38 -d Instead of adding identities, removes identities from the agent.
39 If ssh-add has been run without arguments, the keys for the
40 default identities and their corresponding certificates will be
41 removed. Otherwise, the argument list will be interpreted as a
42 list of paths to public key files to specify keys and
43 certificates to be removed from the agent. If no public key is
44 found at a given path, ssh-add will append .pub and retry.
45
46 -E fingerprint_hash
47 Specifies the hash algorithm used when displaying key
48 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
49 default is M-bM-^@M-^\sha256M-bM-^@M-^].
50
51 -e pkcs11
52 Remove keys provided by the PKCS#11 shared library pkcs11.
53
54 -k When loading keys into or deleting keys from the agent, process
55 plain private keys only and skip certificates.
56
57 -L Lists public key parameters of all identities currently
58 represented by the agent.
59
60 -l Lists fingerprints of all identities currently represented by the
61 agent.
62
63 -s pkcs11
64 Add keys provided by the PKCS#11 shared library pkcs11.
65
66 -t life
67 Set a maximum lifetime when adding identities to an agent. The
68 lifetime may be specified in seconds or in a time format
69 specified in sshd_config(5).
70
71 -X Unlock the agent.
72
73 -x Lock the agent with a password.
74
75ENVIRONMENT
76 DISPLAY and SSH_ASKPASS
77 If ssh-add needs a passphrase, it will read the passphrase from
78 the current terminal if it was run from a terminal. If ssh-add
79 does not have a terminal associated with it but DISPLAY and
80 SSH_ASKPASS are set, it will execute the program specified by
81 SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to
82 read the passphrase. This is particularly useful when calling
83 ssh-add from a .xsession or related script. (Note that on some
84 machines it may be necessary to redirect the input from /dev/null
85 to make this work.)
86
87 SSH_AUTH_SOCK
88 Identifies the path of a UNIX-domain socket used to communicate
89 with the agent.
90
91FILES
92 ~/.ssh/identity
93 Contains the protocol version 1 RSA authentication identity of
94 the user.
95
96 ~/.ssh/id_dsa
97 Contains the protocol version 2 DSA authentication identity of
98 the user.
99
100 ~/.ssh/id_ecdsa
101 Contains the protocol version 2 ECDSA authentication identity of
102 the user.
103
104 ~/.ssh/id_ed25519
105 Contains the protocol version 2 Ed25519 authentication identity
106 of the user.
107
108 ~/.ssh/id_rsa
109 Contains the protocol version 2 RSA authentication identity of
110 the user.
111
112 Identity files should not be readable by anyone but the user. Note that
113 ssh-add ignores identity files if they are accessible by others.
114
115EXIT STATUS
116 Exit status is 0 on success, 1 if the specified command fails, and 2 if
117 ssh-add is unable to contact the authentication agent.
118
119SEE ALSO
120 ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
121
122AUTHORS
123 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
124 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
125 de Raadt and Dug Song removed many bugs, re-added newer features and
126 created OpenSSH. Markus Friedl contributed the support for SSH protocol
127 versions 1.5 and 2.0.
128
129OpenBSD 6.0 March 30, 2015 OpenBSD 6.0
diff --git a/ssh-agent.0 b/ssh-agent.0
new file mode 100644
index 000000000..bb3c8d605
--- /dev/null
+++ b/ssh-agent.0
@@ -0,0 +1,120 @@
1SSH-AGENT(1) General Commands Manual SSH-AGENT(1)
2
3NAME
4 ssh-agent M-bM-^@M-^S authentication agent
5
6SYNOPSIS
7 ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
8 [-P pkcs11_whitelist] [-t life] [command [arg ...]]
9 ssh-agent [-c | -s] -k
10
11DESCRIPTION
12 ssh-agent is a program to hold private keys used for public key
13 authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
14 in the beginning of an X-session or a login session, and all other
15 windows or programs are started as clients to the ssh-agent program.
16 Through use of environment variables the agent can be located and
17 automatically used for authentication when logging in to other machines
18 using ssh(1).
19
20 The agent initially does not have any private keys. Keys are added using
21 ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1).
22 Multiple identities may be stored in ssh-agent concurrently and ssh(1)
23 will automatically use them if present. ssh-add(1) is also used to
24 remove keys from ssh-agent and to query the keys that are held in one.
25
26 The options are as follows:
27
28 -a bind_address
29 Bind the agent to the UNIX-domain socket bind_address. The
30 default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.
31
32 -c Generate C-shell commands on stdout. This is the default if
33 SHELL looks like it's a csh style of shell.
34
35 -D Foreground mode. When this option is specified ssh-agent will
36 not fork.
37
38 -d Debug mode. When this option is specified ssh-agent will not
39 fork and will write debug information to standard error.
40
41 -E fingerprint_hash
42 Specifies the hash algorithm used when displaying key
43 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
44 default is M-bM-^@M-^\sha256M-bM-^@M-^].
45
46 -k Kill the current agent (given by the SSH_AGENT_PID environment
47 variable).
48
49 -P pkcs11_whitelist
50 Specify a pattern-list of acceptable paths for PKCS#11 shared
51 libraries that may be added using the -s option to ssh-add(1).
52 The default is to allow loading PKCS#11 libraries from
53 M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^]. PKCS#11 libraries that do not
54 match the whitelist will be refused. See PATTERNS in
55 ssh_config(5) for a description of pattern-list syntax.
56
57 -s Generate Bourne shell commands on stdout. This is the default if
58 SHELL does not look like it's a csh style of shell.
59
60 -t life
61 Set a default value for the maximum lifetime of identities added
62 to the agent. The lifetime may be specified in seconds or in a
63 time format specified in sshd_config(5). A lifetime specified
64 for an identity with ssh-add(1) overrides this value. Without
65 this option the default maximum lifetime is forever.
66
67 If a command line is given, this is executed as a subprocess of the
68 agent. When the command dies, so does the agent.
69
70 The idea is that the agent is run in the user's local PC, laptop, or
71 terminal. Authentication data need not be stored on any other machine,
72 and authentication passphrases never go over the network. However, the
73 connection to the agent is forwarded over SSH remote logins, and the user
74 can thus use the privileges given by the identities anywhere in the
75 network in a secure way.
76
77 There are two main ways to get an agent set up: The first is that the
78 agent starts a new subcommand into which some environment variables are
79 exported, eg ssh-agent xterm &. The second is that the agent prints the
80 needed shell commands (either sh(1) or csh(1) syntax can be generated)
81 which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
82 Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
83 csh(1) and derivatives.
84
85 Later ssh(1) looks at these variables and uses them to establish a
86 connection to the agent.
87
88 The agent will never send a private key over its request channel.
89 Instead, operations that require a private key will be performed by the
90 agent, and the result will be returned to the requester. This way,
91 private keys are not exposed to clients using the agent.
92
93 A UNIX-domain socket is created and the name of this socket is stored in
94 the SSH_AUTH_SOCK environment variable. The socket is made accessible
95 only to the current user. This method is easily abused by root or
96 another instance of the same user.
97
98 The SSH_AGENT_PID environment variable holds the agent's process ID.
99
100 The agent exits automatically when the command given on the command line
101 terminates.
102
103FILES
104 $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
105 UNIX-domain sockets used to contain the connection to the
106 authentication agent. These sockets should only be readable by
107 the owner. The sockets should get automatically removed when the
108 agent exits.
109
110SEE ALSO
111 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
112
113AUTHORS
114 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
115 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
116 de Raadt and Dug Song removed many bugs, re-added newer features and
117 created OpenSSH. Markus Friedl contributed the support for SSH protocol
118 versions 1.5 and 2.0.
119
120OpenBSD 6.0 November 30, 2016 OpenBSD 6.0
diff --git a/ssh-keygen.0 b/ssh-keygen.0
new file mode 100644
index 000000000..569297da4
--- /dev/null
+++ b/ssh-keygen.0
@@ -0,0 +1,570 @@
1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1)
2
3NAME
4 ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
5
6SYNOPSIS
7 ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
8 [-N new_passphrase] [-C comment] [-f output_keyfile]
9 ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
10 ssh-keygen -i [-m key_format] [-f input_keyfile]
11 ssh-keygen -e [-m key_format] [-f input_keyfile]
12 ssh-keygen -y [-f input_keyfile]
13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
14 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
15 ssh-keygen -B [-f input_keyfile]
16 ssh-keygen -D pkcs11
17 ssh-keygen -F hostname [-f known_hosts_file] [-l]
18 ssh-keygen -H [-f known_hosts_file]
19 ssh-keygen -R hostname [-f known_hosts_file]
20 ssh-keygen -r hostname [-f input_keyfile] [-g]
21 ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
22 ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
23 [-j start_line] [-K checkpt] [-W generator]
24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
25 [-O option] [-V validity_interval] [-z serial_number] file ...
26 ssh-keygen -L [-f input_keyfile]
27 ssh-keygen -A
28 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
29 file ...
30 ssh-keygen -Q -f krl_file file ...
31
32DESCRIPTION
33 ssh-keygen generates, manages and converts authentication keys for
34 ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1
35 and 2. Protocol 1 should not be used and is only offered to support
36 legacy devices. It suffers from a number of cryptographic weaknesses and
37 doesn't support many of the advanced features available for protocol 2.
38
39 The type of key to be generated is specified with the -t option. If
40 invoked without any arguments, ssh-keygen will generate an RSA key for
41 use in SSH protocol 2 connections.
42
43 ssh-keygen is also used to generate groups for use in Diffie-Hellman
44 group exchange (DH-GEX). See the MODULI GENERATION section for details.
45
46 Finally, ssh-keygen can be used to generate and update Key Revocation
47 Lists, and to test whether given keys have been revoked by one. See the
48 KEY REVOCATION LISTS section for details.
49
50 Normally each user wishing to use SSH with public key authentication runs
51 this once to create the authentication key in ~/.ssh/identity,
52 ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
53 Additionally, the system administrator may use this to generate host
54 keys, as seen in /etc/rc.
55
56 Normally this program generates the key and asks for a file in which to
57 store the private key. The public key is stored in a file with the same
58 name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
59 passphrase may be empty to indicate no passphrase (host keys must have an
60 empty passphrase), or it may be a string of arbitrary length. A
61 passphrase is similar to a password, except it can be a phrase with a
62 series of words, punctuation, numbers, whitespace, or any string of
63 characters you want. Good passphrases are 10-30 characters long, are not
64 simple sentences or otherwise easily guessable (English prose has only
65 1-2 bits of entropy per character, and provides very bad passphrases),
66 and contain a mix of upper and lowercase letters, numbers, and non-
67 alphanumeric characters. The passphrase can be changed later by using
68 the -p option.
69
70 There is no way to recover a lost passphrase. If the passphrase is lost
71 or forgotten, a new key must be generated and the corresponding public
72 key copied to other machines.
73
74 For RSA1 keys and keys stored in the newer OpenSSH format, there is also
75 a comment field in the key file that is only for convenience to the user
76 to help identify the key. The comment can tell what the key is for, or
77 whatever is useful. The comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the
78 key is created, but can be changed using the -c option.
79
80 After a key is generated, instructions below detail where the keys should
81 be placed to be activated.
82
83 The options are as follows:
84
85 -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
86 which host keys do not exist, generate the host keys with the
87 default key file path, an empty passphrase, default bits for the
88 key type, and default comment. This is used by /etc/rc to
89 generate new host keys.
90
91 -a rounds
92 When saving a new-format private key (i.e. an ed25519 key or any
93 SSH protocol 2 key when the -o flag is set), this option
94 specifies the number of KDF (key derivation function) rounds
95 used. Higher numbers result in slower passphrase verification
96 and increased resistance to brute-force password cracking (should
97 the keys be stolen).
98
99 When screening DH-GEX candidates ( using the -T command). This
100 option specifies the number of primality tests to perform.
101
102 -B Show the bubblebabble digest of specified private or public key
103 file.
104
105 -b bits
106 Specifies the number of bits in the key to create. For RSA keys,
107 the minimum size is 1024 bits and the default is 2048 bits.
108 Generally, 2048 bits is considered sufficient. DSA keys must be
109 exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
110 the -b flag determines the key length by selecting from one of
111 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
112 use bit lengths other than these three values for ECDSA keys will
113 fail. Ed25519 keys have a fixed length and the -b flag will be
114 ignored.
115
116 -C comment
117 Provides a new comment.
118
119 -c Requests changing the comment in the private and public key
120 files. This operation is only supported for RSA1 keys and keys
121 stored in the newer OpenSSH format. The program will prompt for
122 the file containing the private keys, for the passphrase if the
123 key has one, and for the new comment.
124
125 -D pkcs11
126 Download the RSA public keys provided by the PKCS#11 shared
127 library pkcs11. When used in combination with -s, this option
128 indicates that a CA key resides in a PKCS#11 token (see the
129 CERTIFICATES section for details).
130
131 -E fingerprint_hash
132 Specifies the hash algorithm used when displaying key
133 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
134 default is M-bM-^@M-^\sha256M-bM-^@M-^].
135
136 -e This option will read a private or public OpenSSH key file and
137 print to stdout the key in one of the formats specified by the -m
138 option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option
139 allows exporting OpenSSH keys for use by other programs,
140 including several commercial SSH implementations.
141
142 -F hostname
143 Search for the specified hostname in a known_hosts file, listing
144 any occurrences found. This option is useful to find hashed host
145 names or addresses and may also be used in conjunction with the
146 -H option to print found keys in a hashed format.
147
148 -f filename
149 Specifies the filename of the key file.
150
151 -G output_file
152 Generate candidate primes for DH-GEX. These primes must be
153 screened for safety (using the -T option) before use.
154
155 -g Use generic DNS format when printing fingerprint resource records
156 using the -r command.
157
158 -H Hash a known_hosts file. This replaces all hostnames and
159 addresses with hashed representations within the specified file;
160 the original content is moved to a file with a .old suffix.
161 These hashes may be used normally by ssh and sshd, but they do
162 not reveal identifying information should the file's contents be
163 disclosed. This option will not modify existing hashed hostnames
164 and is therefore safe to use on files that mix hashed and non-
165 hashed names.
166
167 -h When signing a key, create a host certificate instead of a user
168 certificate. Please see the CERTIFICATES section for details.
169
170 -I certificate_identity
171 Specify the key identity when signing a public key. Please see
172 the CERTIFICATES section for details.
173
174 -i This option will read an unencrypted private (or public) key file
175 in the format specified by the -m option and print an OpenSSH
176 compatible private (or public) key to stdout. This option allows
177 importing keys from other software, including several commercial
178 SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^].
179
180 -J num_lines
181 Exit after screening the specified number of lines while
182 performing DH candidate screening using the -T option.
183
184 -j start_line
185 Start screening at the specified line number while performing DH
186 candidate screening using the -T option.
187
188 -K checkpt
189 Write the last line processed to the file checkpt while
190 performing DH candidate screening using the -T option. This will
191 be used to skip lines in the input file that have already been
192 processed if the job is restarted.
193
194 -k Generate a KRL file. In this mode, ssh-keygen will generate a
195 KRL file at the location specified via the -f flag that revokes
196 every key or certificate presented on the command line.
197 Keys/certificates to be revoked may be specified by public key
198 file or using the format described in the KEY REVOCATION LISTS
199 section.
200
201 -L Prints the contents of one or more certificates.
202
203 -l Show fingerprint of specified public key file. Private RSA1 keys
204 are also supported. For RSA and DSA keys ssh-keygen tries to
205 find the matching public key file and prints its fingerprint. If
206 combined with -v, a visual ASCII art representation of the key is
207 supplied with the fingerprint.
208
209 -M memory
210 Specify the amount of memory to use (in megabytes) when
211 generating candidate moduli for DH-GEX.
212
213 -m key_format
214 Specify a key format for the -i (import) or -e (export)
215 conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^]
216 (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public
217 key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is
218 M-bM-^@M-^\RFC4716M-bM-^@M-^].
219
220 -N new_passphrase
221 Provides the new passphrase.
222
223 -n principals
224 Specify one or more principals (user or host names) to be
225 included in a certificate when signing a key. Multiple
226 principals may be specified, separated by commas. Please see the
227 CERTIFICATES section for details.
228
229 -O option
230 Specify a certificate option when signing a key. This option may
231 be specified multiple times. Please see the CERTIFICATES section
232 for details. The options that are valid for user certificates
233 are:
234
235 clear Clear all enabled permissions. This is useful for
236 clearing the default set of permissions so permissions
237 may be added individually.
238
239 force-command=command
240 Forces the execution of command instead of any shell or
241 command specified by the user when the certificate is
242 used for authentication.
243
244 no-agent-forwarding
245 Disable ssh-agent(1) forwarding (permitted by default).
246
247 no-port-forwarding
248 Disable port forwarding (permitted by default).
249
250 no-pty Disable PTY allocation (permitted by default).
251
252 no-user-rc
253 Disable execution of ~/.ssh/rc by sshd(8) (permitted by
254 default).
255
256 no-x11-forwarding
257 Disable X11 forwarding (permitted by default).
258
259 permit-agent-forwarding
260 Allows ssh-agent(1) forwarding.
261
262 permit-port-forwarding
263 Allows port forwarding.
264
265 permit-pty
266 Allows PTY allocation.
267
268 permit-user-rc
269 Allows execution of ~/.ssh/rc by sshd(8).
270
271 permit-x11-forwarding
272 Allows X11 forwarding.
273
274 source-address=address_list
275 Restrict the source addresses from which the certificate
276 is considered valid. The address_list is a comma-
277 separated list of one or more address/netmask pairs in
278 CIDR format.
279
280 At present, no options are valid for host keys.
281
282 -o Causes ssh-keygen to save private keys using the new OpenSSH
283 format rather than the more compatible PEM format. The new
284 format has increased resistance to brute-force password cracking
285 but is not supported by versions of OpenSSH prior to 6.5.
286 Ed25519 keys always use the new private key format.
287
288 -P passphrase
289 Provides the (old) passphrase.
290
291 -p Requests changing the passphrase of a private key file instead of
292 creating a new private key. The program will prompt for the file
293 containing the private key, for the old passphrase, and twice for
294 the new passphrase.
295
296 -Q Test whether keys have been revoked in a KRL.
297
298 -q Silence ssh-keygen.
299
300 -R hostname
301 Removes all keys belonging to hostname from a known_hosts file.
302 This option is useful to delete hashed hosts (see the -H option
303 above).
304
305 -r hostname
306 Print the SSHFP fingerprint resource record named hostname for
307 the specified public key file.
308
309 -S start
310 Specify start point (in hex) when generating candidate moduli for
311 DH-GEX.
312
313 -s ca_key
314 Certify (sign) a public key using the specified CA key. Please
315 see the CERTIFICATES section for details.
316
317 When generating a KRL, -s specifies a path to a CA public key
318 file used to revoke certificates directly by key ID or serial
319 number. See the KEY REVOCATION LISTS section for details.
320
321 -T output_file
322 Test DH group exchange candidate primes (generated using the -G
323 option) for safety.
324
325 -t dsa | ecdsa | ed25519 | rsa | rsa1
326 Specifies the type of key to create. The possible values are
327 M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
328 M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
329
330 -u Update a KRL. When specified with -k, keys listed via the
331 command line are added to the existing KRL rather than a new KRL
332 being created.
333
334 -V validity_interval
335 Specify a validity interval when signing a certificate. A
336 validity interval may consist of a single time, indicating that
337 the certificate is valid beginning now and expiring at that time,
338 or may consist of two times separated by a colon to indicate an
339 explicit time interval. The start time may be specified as a
340 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a
341 relative time (to the current time) consisting of a minus sign
342 followed by a relative time in the format described in the TIME
343 FORMATS section of sshd_config(5). The end time may be specified
344 as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
345 starting with a plus character.
346
347 For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day
348 from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks
349 from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM,
350 January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^]
351 (valid from yesterday to midnight, January 1st, 2011).
352
353 -v Verbose mode. Causes ssh-keygen to print debugging messages
354 about its progress. This is helpful for debugging moduli
355 generation. Multiple -v options increase the verbosity. The
356 maximum is 3.
357
358 -W generator
359 Specify desired generator when testing candidate moduli for DH-
360 GEX.
361
362 -y This option will read a private OpenSSH format file and print an
363 OpenSSH public key to stdout.
364
365 -z serial_number
366 Specifies a serial number to be embedded in the certificate to
367 distinguish this certificate from others from the same CA. The
368 default serial number is zero.
369
370 When generating a KRL, the -z flag is used to specify a KRL
371 version number.
372
373MODULI GENERATION
374 ssh-keygen may be used to generate groups for the Diffie-Hellman Group
375 Exchange (DH-GEX) protocol. Generating these groups is a two-step
376 process: first, candidate primes are generated using a fast, but memory
377 intensive process. These candidate primes are then tested for
378 suitability (a CPU-intensive process).
379
380 Generation of primes is performed using the -G option. The desired
381 length of the primes may be specified by the -b option. For example:
382
383 # ssh-keygen -G moduli-2048.candidates -b 2048
384
385 By default, the search for primes begins at a random point in the desired
386 length range. This may be overridden using the -S option, which
387 specifies a different start point (in hex).
388
389 Once a set of candidates have been generated, they must be screened for
390 suitability. This may be performed using the -T option. In this mode
391 ssh-keygen will read candidates from standard input (or a file specified
392 using the -f option). For example:
393
394 # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
395
396 By default, each candidate will be subjected to 100 primality tests.
397 This may be overridden using the -a option. The DH generator value will
398 be chosen automatically for the prime under consideration. If a specific
399 generator is desired, it may be requested using the -W option. Valid
400 generator values are 2, 3, and 5.
401
402 Screened DH groups may be installed in /etc/moduli. It is important that
403 this file contains moduli of a range of bit lengths and that both ends of
404 a connection share common moduli.
405
406CERTIFICATES
407 ssh-keygen supports signing of keys to produce certificates that may be
408 used for user or host authentication. Certificates consist of a public
409 key, some identity information, zero or more principal (user or host)
410 names and a set of options that are signed by a Certification Authority
411 (CA) key. Clients or servers may then trust only the CA key and verify
412 its signature on a certificate rather than trusting many user/host keys.
413 Note that OpenSSH certificates are a different, and much simpler, format
414 to the X.509 certificates used in ssl(8).
415
416 ssh-keygen supports two types of certificates: user and host. User
417 certificates authenticate users to servers, whereas host certificates
418 authenticate server hosts to users. To generate a user certificate:
419
420 $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
421
422 The resultant certificate will be placed in /path/to/user_key-cert.pub.
423 A host certificate requires the -h option:
424
425 $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
426
427 The host certificate will be output to /path/to/host_key-cert.pub.
428
429 It is possible to sign using a CA key stored in a PKCS#11 token by
430 providing the token library using -D and identifying the CA key by
431 providing its public half as an argument to -s:
432
433 $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
434
435 In all cases, key_id is a "key identifier" that is logged by the server
436 when the certificate is used for authentication.
437
438 Certificates may be limited to be valid for a set of principal
439 (user/host) names. By default, generated certificates are valid for all
440 users or hosts. To generate a certificate for a specified set of
441 principals:
442
443 $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
444 $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
445
446 Additional limitations on the validity and use of user certificates may
447 be specified through certificate options. A certificate option may
448 disable features of the SSH session, may be valid only when presented
449 from particular source addresses or may force the use of a specific
450 command. For a list of valid certificate options, see the documentation
451 for the -O option above.
452
453 Finally, certificates may be defined with a validity lifetime. The -V
454 option allows specification of certificate start and end times. A
455 certificate that is presented at a time outside this range will not be
456 considered valid. By default, certificates are valid from UNIX Epoch to
457 the distant future.
458
459 For certificates to be used for user or host authentication, the CA
460 public key must be trusted by sshd(8) or ssh(1). Please refer to those
461 manual pages for details.
462
463KEY REVOCATION LISTS
464 ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
465 These binary files specify keys or certificates to be revoked using a
466 compact format, taking as little as one bit per certificate if they are
467 being revoked by serial number.
468
469 KRLs may be generated using the -k flag. This option reads one or more
470 files from the command line and generates a new KRL. The files may
471 either contain a KRL specification (see below) or public keys, listed one
472 per line. Plain public keys are revoked by listing their hash or
473 contents in the KRL and certificates revoked by serial number or key ID
474 (if the serial is zero or not available).
475
476 Revoking keys using a KRL specification offers explicit control over the
477 types of record used to revoke keys and may be used to directly revoke
478 certificates by serial number or key ID without having the complete
479 original certificate on hand. A KRL specification consists of lines
480 containing one of the following directives followed by a colon and some
481 directive-specific information.
482
483 serial: serial_number[-serial_number]
484 Revokes a certificate with the specified serial number. Serial
485 numbers are 64-bit values, not including zero and may be
486 expressed in decimal, hex or octal. If two serial numbers are
487 specified separated by a hyphen, then the range of serial numbers
488 including and between each is revoked. The CA key must have been
489 specified on the ssh-keygen command line using the -s option.
490
491 id: key_id
492 Revokes a certificate with the specified key ID string. The CA
493 key must have been specified on the ssh-keygen command line using
494 the -s option.
495
496 key: public_key
497 Revokes the specified key. If a certificate is listed, then it
498 is revoked as a plain public key.
499
500 sha1: public_key
501 Revokes the specified key by its SHA1 hash.
502
503 KRLs may be updated using the -u flag in addition to -k. When this
504 option is specified, keys listed via the command line are merged into the
505 KRL, adding to those already there.
506
507 It is also possible, given a KRL, to test whether it revokes a particular
508 key (or keys). The -Q flag will query an existing KRL, testing each key
509 specified on the command line. If any key listed on the command line has
510 been revoked (or an error encountered) then ssh-keygen will exit with a
511 non-zero exit status. A zero exit status will only be returned if no key
512 was revoked.
513
514FILES
515 ~/.ssh/identity
516 Contains the protocol version 1 RSA authentication identity of
517 the user. This file should not be readable by anyone but the
518 user. It is possible to specify a passphrase when generating the
519 key; that passphrase will be used to encrypt the private part of
520 this file using 3DES. This file is not automatically accessed by
521 ssh-keygen but it is offered as the default file for the private
522 key. ssh(1) will read this file when a login attempt is made.
523
524 ~/.ssh/identity.pub
525 Contains the protocol version 1 RSA public key for
526 authentication. The contents of this file should be added to
527 ~/.ssh/authorized_keys on all machines where the user wishes to
528 log in using RSA authentication. There is no need to keep the
529 contents of this file secret.
530
531 ~/.ssh/id_dsa
532 ~/.ssh/id_ecdsa
533 ~/.ssh/id_ed25519
534 ~/.ssh/id_rsa
535 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
536 authentication identity of the user. This file should not be
537 readable by anyone but the user. It is possible to specify a
538 passphrase when generating the key; that passphrase will be used
539 to encrypt the private part of this file using 128-bit AES. This
540 file is not automatically accessed by ssh-keygen but it is
541 offered as the default file for the private key. ssh(1) will
542 read this file when a login attempt is made.
543
544 ~/.ssh/id_dsa.pub
545 ~/.ssh/id_ecdsa.pub
546 ~/.ssh/id_ed25519.pub
547 ~/.ssh/id_rsa.pub
548 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
549 key for authentication. The contents of this file should be
550 added to ~/.ssh/authorized_keys on all machines where the user
551 wishes to log in using public key authentication. There is no
552 need to keep the contents of this file secret.
553
554 /etc/moduli
555 Contains Diffie-Hellman groups used for DH-GEX. The file format
556 is described in moduli(5).
557
558SEE ALSO
559 ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
560
561 The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
562
563AUTHORS
564 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
565 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
566 de Raadt and Dug Song removed many bugs, re-added newer features and
567 created OpenSSH. Markus Friedl contributed the support for SSH protocol
568 versions 1.5 and 2.0.
569
570OpenBSD 6.0 June 16, 2016 OpenBSD 6.0
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
new file mode 100644
index 000000000..e9d9f0d8b
--- /dev/null
+++ b/ssh-keyscan.0
@@ -0,0 +1,111 @@
1SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1)
2
3NAME
4 ssh-keyscan M-bM-^@M-^S gather ssh public keys
5
6SYNOPSIS
7 ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type]
8 [host | addrlist namelist] ...
9
10DESCRIPTION
11 ssh-keyscan is a utility for gathering the public ssh host keys of a
12 number of hosts. It was designed to aid in building and verifying
13 ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable
14 for use by shell and perl scripts.
15
16 ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
17 possible in parallel, so it is very efficient. The keys from a domain of
18 1,000 hosts can be collected in tens of seconds, even when some of those
19 hosts are down or do not run ssh. For scanning, one does not need login
20 access to the machines that are being scanned, nor does the scanning
21 process involve any encryption.
22
23 The options are as follows:
24
25 -4 Forces ssh-keyscan to use IPv4 addresses only.
26
27 -6 Forces ssh-keyscan to use IPv6 addresses only.
28
29 -c Request certificates from target hosts instead of plain keys.
30
31 -f file
32 Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line.
33 If - is supplied instead of a filename, ssh-keyscan will read
34 hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from the standard input.
35
36 -H Hash all hostnames and addresses in the output. Hashed names may
37 be used normally by ssh and sshd, but they do not reveal
38 identifying information should the file's contents be disclosed.
39
40 -p port
41 Port to connect to on the remote host.
42
43 -T timeout
44 Set the timeout for connection attempts. If timeout seconds have
45 elapsed since a connection was initiated to a host or since the
46 last time anything was read from that host, then the connection
47 is closed and the host in question considered unavailable.
48 Default is 5 seconds.
49
50 -t type
51 Specifies the type of the key to fetch from the scanned hosts.
52 The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
53 M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
54 values may be specified by separating them with commas. The
55 default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
56
57 -v Verbose mode. Causes ssh-keyscan to print debugging messages
58 about its progress.
59
60SECURITY
61 If an ssh_known_hosts file is constructed using ssh-keyscan without
62 verifying the keys, users will be vulnerable to man in the middle
63 attacks. On the other hand, if the security model allows such a risk,
64 ssh-keyscan can help in the detection of tampered keyfiles or man in the
65 middle attacks which have begun after the ssh_known_hosts file was
66 created.
67
68FILES
69 Input format:
70
71 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
72
73 Output format for RSA1 keys:
74
75 host-or-namelist bits exponent modulus
76
77 Output format for RSA, DSA, ECDSA, and Ed25519 keys:
78
79 host-or-namelist keytype base64-encoded-key
80
81 Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
82 M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
83
84 /etc/ssh/ssh_known_hosts
85
86EXAMPLES
87 Print the rsa host key for machine hostname:
88
89 $ ssh-keyscan hostname
90
91 Find all hosts from the file ssh_hosts which have new or different keys
92 from those in the sorted file ssh_known_hosts:
93
94 $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
95 sort -u - ssh_known_hosts | diff ssh_known_hosts -
96
97SEE ALSO
98 ssh(1), sshd(8)
99
100AUTHORS
101 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
102 Davison <wayned@users.sourceforge.net> added support for protocol version
103 2.
104
105BUGS
106 It generates "Connection closed by remote host" messages on the consoles
107 of all the machines it scans if the server is older than version 2.9.
108 This is because it opens a connection to the ssh port, reads the public
109 key, and drops the connection as soon as it gets the key.
110
111OpenBSD 6.0 November 8, 2015 OpenBSD 6.0
diff --git a/ssh-keysign.0 b/ssh-keysign.0
new file mode 100644
index 000000000..34a451d62
--- /dev/null
+++ b/ssh-keysign.0
@@ -0,0 +1,52 @@
1SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8)
2
3NAME
4 ssh-keysign M-bM-^@M-^S ssh helper program for host-based authentication
5
6SYNOPSIS
7 ssh-keysign
8
9DESCRIPTION
10 ssh-keysign is used by ssh(1) to access the local host keys and generate
11 the digital signature required during host-based authentication.
12
13 ssh-keysign is disabled by default and can only be enabled in the global
14 client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
15 to M-bM-^@M-^\yesM-bM-^@M-^].
16
17 ssh-keysign is not intended to be invoked by the user, but from ssh(1).
18 See ssh(1) and sshd(8) for more information about host-based
19 authentication.
20
21FILES
22 /etc/ssh/ssh_config
23 Controls whether ssh-keysign is enabled.
24
25 /etc/ssh/ssh_host_dsa_key
26 /etc/ssh/ssh_host_ecdsa_key
27 /etc/ssh/ssh_host_ed25519_key
28 /etc/ssh/ssh_host_rsa_key
29 These files contain the private parts of the host keys used to
30 generate the digital signature. They should be owned by root,
31 readable only by root, and not accessible to others. Since they
32 are readable only by root, ssh-keysign must be set-uid root if
33 host-based authentication is used.
34
35 /etc/ssh/ssh_host_dsa_key-cert.pub
36 /etc/ssh/ssh_host_ecdsa_key-cert.pub
37 /etc/ssh/ssh_host_ed25519_key-cert.pub
38 /etc/ssh/ssh_host_rsa_key-cert.pub
39 If these files exist they are assumed to contain public
40 certificate information corresponding with the private keys
41 above.
42
43SEE ALSO
44 ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
45
46HISTORY
47 ssh-keysign first appeared in OpenBSD 3.2.
48
49AUTHORS
50 Markus Friedl <markus@openbsd.org>
51
52OpenBSD 6.0 February 17, 2016 OpenBSD 6.0
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0
new file mode 100644
index 000000000..1b58361a6
--- /dev/null
+++ b/ssh-pkcs11-helper.0
@@ -0,0 +1,25 @@
1SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8)
2
3NAME
4 ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support
5
6SYNOPSIS
7 ssh-pkcs11-helper
8
9DESCRIPTION
10 ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a
11 PKCS#11 token.
12
13 ssh-pkcs11-helper is not intended to be invoked by the user, but from
14 ssh-agent(1).
15
16SEE ALSO
17 ssh(1), ssh-add(1), ssh-agent(1)
18
19HISTORY
20 ssh-pkcs11-helper first appeared in OpenBSD 4.7.
21
22AUTHORS
23 Markus Friedl <markus@openbsd.org>
24
25OpenBSD 6.0 July 16, 2013 OpenBSD 6.0
diff --git a/ssh.0 b/ssh.0
new file mode 100644
index 000000000..67ce809bb
--- /dev/null
+++ b/ssh.0
@@ -0,0 +1,971 @@
1SSH(1) General Commands Manual SSH(1)
2
3NAME
4 ssh M-bM-^@M-^S OpenSSH SSH client (remote login program)
5
6SYNOPSIS
7 ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
8 [-D [bind_address:]port] [-E log_file] [-e escape_char]
9 [-F configfile] [-I pkcs11] [-i identity_file]
10 [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
11 [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
12 [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
13 [user@]hostname [command]
14
15DESCRIPTION
16 ssh (SSH client) is a program for logging into a remote machine and for
17 executing commands on a remote machine. It is intended to provide secure
18 encrypted communications between two untrusted hosts over an insecure
19 network. X11 connections, arbitrary TCP ports and UNIX-domain sockets
20 can also be forwarded over the secure channel.
21
22 ssh connects and logs into the specified hostname (with optional user
23 name). The user must prove his/her identity to the remote machine using
24 one of several methods (see below).
25
26 If command is specified, it is executed on the remote host instead of a
27 login shell.
28
29 The options are as follows:
30
31 -1 Forces ssh to try protocol version 1 only.
32
33 -2 Forces ssh to try protocol version 2 only.
34
35 -4 Forces ssh to use IPv4 addresses only.
36
37 -6 Forces ssh to use IPv6 addresses only.
38
39 -A Enables forwarding of the authentication agent connection. This
40 can also be specified on a per-host basis in a configuration
41 file.
42
43 Agent forwarding should be enabled with caution. Users with the
44 ability to bypass file permissions on the remote host (for the
45 agent's UNIX-domain socket) can access the local agent through
46 the forwarded connection. An attacker cannot obtain key material
47 from the agent, however they can perform operations on the keys
48 that enable them to authenticate using the identities loaded into
49 the agent.
50
51 -a Disables forwarding of the authentication agent connection.
52
53 -b bind_address
54 Use bind_address on the local machine as the source address of
55 the connection. Only useful on systems with more than one
56 address.
57
58 -C Requests compression of all data (including stdin, stdout,
59 stderr, and data for forwarded X11, TCP and UNIX-domain
60 connections). The compression algorithm is the same used by
61 gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the
62 CompressionLevel option for protocol version 1. Compression is
63 desirable on modem lines and other slow connections, but will
64 only slow down things on fast networks. The default value can be
65 set on a host-by-host basis in the configuration files; see the
66 Compression option.
67
68 -c cipher_spec
69 Selects the cipher specification for encrypting the session.
70
71 Protocol version 1 allows specification of a single cipher. The
72 supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol
73 version 2, cipher_spec is a comma-separated list of ciphers
74 listed in order of preference. See the Ciphers keyword in
75 ssh_config(5) for more information.
76
77 -D [bind_address:]port
78 Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.
79 This works by allocating a socket to listen to port on the local
80 side, optionally bound to the specified bind_address. Whenever a
81 connection is made to this port, the connection is forwarded over
82 the secure channel, and the application protocol is then used to
83 determine where to connect to from the remote machine. Currently
84 the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
85 as a SOCKS server. Only root can forward privileged ports.
86 Dynamic port forwardings can also be specified in the
87 configuration file.
88
89 IPv6 addresses can be specified by enclosing the address in
90 square brackets. Only the superuser can forward privileged
91 ports. By default, the local port is bound in accordance with
92 the GatewayPorts setting. However, an explicit bind_address may
93 be used to bind the connection to a specific address. The
94 bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be
95 bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates
96 that the port should be available from all interfaces.
97
98 -E log_file
99 Append debug logs to log_file instead of standard error.
100
101 -e escape_char
102 Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y).
103 The escape character is only recognized at the beginning of a
104 line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the
105 connection; followed by control-Z suspends the connection; and
106 followed by itself sends the escape character once. Setting the
107 character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session
108 fully transparent.
109
110 -F configfile
111 Specifies an alternative per-user configuration file. If a
112 configuration file is given on the command line, the system-wide
113 configuration file (/etc/ssh/ssh_config) will be ignored. The
114 default for the per-user configuration file is ~/.ssh/config.
115
116 -f Requests ssh to go to background just before command execution.
117 This is useful if ssh is going to ask for passwords or
118 passphrases, but the user wants it in the background. This
119 implies -n. The recommended way to start X11 programs at a
120 remote site is with something like ssh -f host xterm.
121
122 If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^],
123 then a client started with -f will wait for all remote port
124 forwards to be successfully established before placing itself in
125 the background.
126
127 -G Causes ssh to print its configuration after evaluating Host and
128 Match blocks and exit.
129
130 -g Allows remote hosts to connect to local forwarded ports. If used
131 on a multiplexed connection, then this option must be specified
132 on the master process.
133
134 -I pkcs11
135 Specify the PKCS#11 shared library ssh should use to communicate
136 with a PKCS#11 token providing the user's private RSA key.
137
138 -i identity_file
139 Selects a file from which the identity (private key) for public
140 key authentication is read. The default is ~/.ssh/identity for
141 protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
142 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
143 Identity files may also be specified on a per-host basis in the
144 configuration file. It is possible to have multiple -i options
145 (and multiple identities specified in configuration files). If
146 no certificates have been explicitly specified by the
147 CertificateFile directive, ssh will also try to load certificate
148 information from the filename obtained by appending -cert.pub to
149 identity filenames.
150
151 -J [user@]host[:port]
152 Connect to the target host by first making a ssh connection to
153 the jump host and then establishing a TCP forwarding to the
154 ultimate destination from there. Multiple jump hops may be
155 specified separated by comma characters. This is a shortcut to
156 specify a ProxyJump configuration directive.
157
158 -K Enables GSSAPI-based authentication and forwarding (delegation)
159 of GSSAPI credentials to the server.
160
161 -k Disables forwarding (delegation) of GSSAPI credentials to the
162 server.
163
164 -L [bind_address:]port:host:hostport
165 -L [bind_address:]port:remote_socket
166 -L local_socket:host:hostport
167 -L local_socket:remote_socket
168 Specifies that connections to the given TCP port or Unix socket
169 on the local (client) host are to be forwarded to the given host
170 and port, or Unix socket, on the remote side. This works by
171 allocating a socket to listen to either a TCP port on the local
172 side, optionally bound to the specified bind_address, or to a
173 Unix socket. Whenever a connection is made to the local port or
174 socket, the connection is forwarded over the secure channel, and
175 a connection is made to either host port hostport, or the Unix
176 socket remote_socket, from the remote machine.
177
178 Port forwardings can also be specified in the configuration file.
179 Only the superuser can forward privileged ports. IPv6 addresses
180 can be specified by enclosing the address in square brackets.
181
182 By default, the local port is bound in accordance with the
183 GatewayPorts setting. However, an explicit bind_address may be
184 used to bind the connection to a specific address. The
185 bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be
186 bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates
187 that the port should be available from all interfaces.
188
189 -l login_name
190 Specifies the user to log in as on the remote machine. This also
191 may be specified on a per-host basis in the configuration file.
192
193 -M Places the ssh client into M-bM-^@M-^\masterM-bM-^@M-^] mode for connection sharing.
194 Multiple -M options places ssh into M-bM-^@M-^\masterM-bM-^@M-^] mode with
195 confirmation required before slave connections are accepted.
196 Refer to the description of ControlMaster in ssh_config(5) for
197 details.
198
199 -m mac_spec
200 A comma-separated list of MAC (message authentication code)
201 algorithms, specified in order of preference. See the MACs
202 keyword for more information.
203
204 -N Do not execute a remote command. This is useful for just
205 forwarding ports.
206
207 -n Redirects stdin from /dev/null (actually, prevents reading from
208 stdin). This must be used when ssh is run in the background. A
209 common trick is to use this to run X11 programs on a remote
210 machine. For example, ssh -n shadows.cs.hut.fi emacs & will
211 start an emacs on shadows.cs.hut.fi, and the X11 connection will
212 be automatically forwarded over an encrypted channel. The ssh
213 program will be put in the background. (This does not work if
214 ssh needs to ask for a password or passphrase; see also the -f
215 option.)
216
217 -O ctl_cmd
218 Control an active connection multiplexing master process. When
219 the -O option is specified, the ctl_cmd argument is interpreted
220 and passed to the master process. Valid commands are: M-bM-^@M-^\checkM-bM-^@M-^]
221 (check that the master process is running), M-bM-^@M-^\forwardM-bM-^@M-^] (request
222 forwardings without command execution), M-bM-^@M-^\cancelM-bM-^@M-^] (cancel
223 forwardings), M-bM-^@M-^\exitM-bM-^@M-^] (request the master to exit), and M-bM-^@M-^\stopM-bM-^@M-^]
224 (request the master to stop accepting further multiplexing
225 requests).
226
227 -o option
228 Can be used to give options in the format used in the
229 configuration file. This is useful for specifying options for
230 which there is no separate command-line flag. For full details
231 of the options listed below, and their possible values, see
232 ssh_config(5).
233
234 AddKeysToAgent
235 AddressFamily
236 BatchMode
237 BindAddress
238 CanonicalDomains
239 CanonicalizeFallbackLocal
240 CanonicalizeHostname
241 CanonicalizeMaxDots
242 CanonicalizePermittedCNAMEs
243 CertificateFile
244 ChallengeResponseAuthentication
245 CheckHostIP
246 Cipher
247 Ciphers
248 ClearAllForwardings
249 Compression
250 CompressionLevel
251 ConnectionAttempts
252 ConnectTimeout
253 ControlMaster
254 ControlPath
255 ControlPersist
256 DynamicForward
257 EscapeChar
258 ExitOnForwardFailure
259 FingerprintHash
260 ForwardAgent
261 ForwardX11
262 ForwardX11Timeout
263 ForwardX11Trusted
264 GatewayPorts
265 GlobalKnownHostsFile
266 GSSAPIAuthentication
267 GSSAPIDelegateCredentials
268 HashKnownHosts
269 Host
270 HostbasedAuthentication
271 HostbasedKeyTypes
272 HostKeyAlgorithms
273 HostKeyAlias
274 HostName
275 IdentitiesOnly
276 IdentityAgent
277 IdentityFile
278 Include
279 IPQoS
280 KbdInteractiveAuthentication
281 KbdInteractiveDevices
282 KexAlgorithms
283 LocalCommand
284 LocalForward
285 LogLevel
286 MACs
287 Match
288 NoHostAuthenticationForLocalhost
289 NumberOfPasswordPrompts
290 PasswordAuthentication
291 PermitLocalCommand
292 PKCS11Provider
293 Port
294 PreferredAuthentications
295 Protocol
296 ProxyCommand
297 ProxyJump
298 ProxyUseFdpass
299 PubkeyAcceptedKeyTypes
300 PubkeyAuthentication
301 RekeyLimit
302 RemoteForward
303 RequestTTY
304 RhostsRSAAuthentication
305 RSAAuthentication
306 SendEnv
307 ServerAliveInterval
308 ServerAliveCountMax
309 StreamLocalBindMask
310 StreamLocalBindUnlink
311 StrictHostKeyChecking
312 TCPKeepAlive
313 Tunnel
314 TunnelDevice
315 UpdateHostKeys
316 UsePrivilegedPort
317 User
318 UserKnownHostsFile
319 VerifyHostKeyDNS
320 VisualHostKey
321 XAuthLocation
322
323 -p port
324 Port to connect to on the remote host. This can be specified on
325 a per-host basis in the configuration file.
326
327 -Q query_option
328 Queries ssh for the algorithms supported for the specified
329 version 2. The available features are: cipher (supported
330 symmetric ciphers), cipher-auth (supported symmetric ciphers that
331 support authenticated encryption), mac (supported message
332 integrity codes), kex (key exchange algorithms), key (key types),
333 key-cert (certificate key types), key-plain (non-certificate key
334 types), and protocol-version (supported SSH protocol versions).
335
336 -q Quiet mode. Causes most warning and diagnostic messages to be
337 suppressed.
338
339 -R [bind_address:]port:host:hostport
340 -R [bind_address:]port:local_socket
341 -R remote_socket:host:hostport
342 -R remote_socket:local_socket
343 Specifies that connections to the given TCP port or Unix socket
344 on the remote (server) host are to be forwarded to the given host
345 and port, or Unix socket, on the local side. This works by
346 allocating a socket to listen to either a TCP port or to a Unix
347 socket on the remote side. Whenever a connection is made to this
348 port or Unix socket, the connection is forwarded over the secure
349 channel, and a connection is made to either host port hostport,
350 or local_socket, from the local machine.
351
352 Port forwardings can also be specified in the configuration file.
353 Privileged ports can be forwarded only when logging in as root on
354 the remote machine. IPv6 addresses can be specified by enclosing
355 the address in square brackets.
356
357 By default, TCP listening sockets on the server will be bound to
358 the loopback interface only. This may be overridden by
359 specifying a bind_address. An empty bind_address, or the address
360 M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all
361 interfaces. Specifying a remote bind_address will only succeed
362 if the server's GatewayPorts option is enabled (see
363 sshd_config(5)).
364
365 If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically
366 allocated on the server and reported to the client at run time.
367 When used together with -O forward the allocated port will be
368 printed to the standard output.
369
370 -S ctl_path
371 Specifies the location of a control socket for connection
372 sharing, or the string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing.
373 Refer to the description of ControlPath and ControlMaster in
374 ssh_config(5) for details.
375
376 -s May be used to request invocation of a subsystem on the remote
377 system. Subsystems facilitate the use of SSH as a secure
378 transport for other applications (e.g. sftp(1)). The subsystem
379 is specified as the remote command.
380
381 -T Disable pseudo-terminal allocation.
382
383 -t Force pseudo-terminal allocation. This can be used to execute
384 arbitrary screen-based programs on a remote machine, which can be
385 very useful, e.g. when implementing menu services. Multiple -t
386 options force tty allocation, even if ssh has no local tty.
387
388 -V Display the version number and exit.
389
390 -v Verbose mode. Causes ssh to print debugging messages about its
391 progress. This is helpful in debugging connection,
392 authentication, and configuration problems. Multiple -v options
393 increase the verbosity. The maximum is 3.
394
395 -W host:port
396 Requests that standard input and output on the client be
397 forwarded to host on port over the secure channel. Implies -N,
398 -T, ExitOnForwardFailure and ClearAllForwardings, though these
399 can be overridden in the configuration file or using -o command
400 line options.
401
402 -w local_tun[:remote_tun]
403 Requests tunnel device forwarding with the specified tun(4)
404 devices between the client (local_tun) and the server
405 (remote_tun).
406
407 The devices may be specified by numerical ID or the keyword
408 M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If
409 remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the
410 Tunnel and TunnelDevice directives in ssh_config(5). If the
411 Tunnel directive is unset, it is set to the default tunnel mode,
412 which is M-bM-^@M-^\point-to-pointM-bM-^@M-^].
413
414 -X Enables X11 forwarding. This can also be specified on a per-host
415 basis in a configuration file.
416
417 X11 forwarding should be enabled with caution. Users with the
418 ability to bypass file permissions on the remote host (for the
419 user's X authorization database) can access the local X11 display
420 through the forwarded connection. An attacker may then be able
421 to perform activities such as keystroke monitoring.
422
423 For this reason, X11 forwarding is subjected to X11 SECURITY
424 extension restrictions by default. Please refer to the ssh -Y
425 option and the ForwardX11Trusted directive in ssh_config(5) for
426 more information.
427
428 -x Disables X11 forwarding.
429
430 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
431 subjected to the X11 SECURITY extension controls.
432
433 -y Send log information using the syslog(3) system module. By
434 default this information is sent to stderr.
435
436 ssh may additionally obtain configuration data from a per-user
437 configuration file and a system-wide configuration file. The file format
438 and configuration options are described in ssh_config(5).
439
440AUTHENTICATION
441 The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to
442 use protocol 2 only, though this can be changed via the Protocol option
443 in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should
444 not be used and is only offered to support legacy devices. It suffers
445 from a number of cryptographic weaknesses and doesn't support many of the
446 advanced features available for protocol 2.
447
448 The methods available for authentication are: GSSAPI-based
449 authentication, host-based authentication, public key authentication,
450 challenge-response authentication, and password authentication.
451 Authentication methods are tried in the order specified above, though
452 PreferredAuthentications can be used to change the default order.
453
454 Host-based authentication works as follows: If the machine the user logs
455 in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
456 machine, and the user names are the same on both sides, or if the files
457 ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
458 machine and contain a line containing the name of the client machine and
459 the name of the user on that machine, the user is considered for login.
460 Additionally, the server must be able to verify the client's host key
461 (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
462 below) for login to be permitted. This authentication method closes
463 security holes due to IP spoofing, DNS spoofing, and routing spoofing.
464 [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
465 rlogin/rsh protocol in general, are inherently insecure and should be
466 disabled if security is desired.]
467
468 Public key authentication works as follows: The scheme is based on
469 public-key cryptography, using cryptosystems where encryption and
470 decryption are done using separate keys, and it is unfeasible to derive
471 the decryption key from the encryption key. The idea is that each user
472 creates a public/private key pair for authentication purposes. The
473 server knows the public key, and only the user knows the private key.
474 ssh implements public key authentication protocol automatically, using
475 one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of
476 ssl(8) contains a brief discussion of the DSA and RSA algorithms.
477
478 The file ~/.ssh/authorized_keys lists the public keys that are permitted
479 for logging in. When the user logs in, the ssh program tells the server
480 which key pair it would like to use for authentication. The client
481 proves that it has access to the private key and the server checks that
482 the corresponding public key is authorized to accept the account.
483
484 The user creates his/her key pair by running ssh-keygen(1). This stores
485 the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA),
486 ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa
487 (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),
488 ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
489 ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
490 home directory. The user should then copy the public key to
491 ~/.ssh/authorized_keys in his/her home directory on the remote machine.
492 The authorized_keys file corresponds to the conventional ~/.rhosts file,
493 and has one key per line, though the lines can be very long. After this,
494 the user can log in without giving the password.
495
496 A variation on public key authentication is available in the form of
497 certificate authentication: instead of a set of public/private keys,
498 signed certificates are used. This has the advantage that a single
499 trusted certification authority can be used in place of many
500 public/private keys. See the CERTIFICATES section of ssh-keygen(1) for
501 more information.
502
503 The most convenient way to use public key or certificate authentication
504 may be with an authentication agent. See ssh-agent(1) and (optionally)
505 the AddKeysToAgent directive in ssh_config(5) for more information.
506
507 Challenge-response authentication works as follows: The server sends an
508 arbitrary "challenge" text, and prompts for a response. Examples of
509 challenge-response authentication include BSD Authentication (see
510 login.conf(5)) and PAM (some non-OpenBSD systems).
511
512 Finally, if other authentication methods fail, ssh prompts the user for a
513 password. The password is sent to the remote host for checking; however,
514 since all communications are encrypted, the password cannot be seen by
515 someone listening on the network.
516
517 ssh automatically maintains and checks a database containing
518 identification for all hosts it has ever been used with. Host keys are
519 stored in ~/.ssh/known_hosts in the user's home directory. Additionally,
520 the file /etc/ssh/ssh_known_hosts is automatically checked for known
521 hosts. Any new hosts are automatically added to the user's file. If a
522 host's identification ever changes, ssh warns about this and disables
523 password authentication to prevent server spoofing or man-in-the-middle
524 attacks, which could otherwise be used to circumvent the encryption. The
525 StrictHostKeyChecking option can be used to control logins to machines
526 whose host key is not known or has changed.
527
528 When the user's identity has been accepted by the server, the server
529 either executes the given command in a non-interactive session or, if no
530 command has been specified, logs into the machine and gives the user a
531 normal shell as an interactive session. All communication with the
532 remote command or shell will be automatically encrypted.
533
534 If an interactive session is requested ssh by default will only request a
535 pseudo-terminal (pty) for interactive sessions when the client has one.
536 The flags -T and -t can be used to override this behaviour.
537
538 If a pseudo-terminal has been allocated the user may use the escape
539 characters noted below.
540
541 If no pseudo-terminal has been allocated, the session is transparent and
542 can be used to reliably transfer binary data. On most systems, setting
543 the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent
544 even if a tty is used.
545
546 The session terminates when the command or shell on the remote machine
547 exits and all X11 and TCP connections have been closed.
548
549ESCAPE CHARACTERS
550 When a pseudo-terminal has been requested, ssh supports a number of
551 functions through the use of an escape character.
552
553 A single tilde character can be sent as ~~ or by following the tilde by a
554 character other than those described below. The escape character must
555 always follow a newline to be interpreted as special. The escape
556 character can be changed in configuration files using the EscapeChar
557 configuration directive or on the command line by the -e option.
558
559 The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are:
560
561 ~. Disconnect.
562
563 ~^Z Background ssh.
564
565 ~# List forwarded connections.
566
567 ~& Background ssh at logout when waiting for forwarded connection /
568 X11 sessions to terminate.
569
570 ~? Display a list of escape characters.
571
572 ~B Send a BREAK to the remote system (only useful if the peer
573 supports it).
574
575 ~C Open command line. Currently this allows the addition of port
576 forwardings using the -L, -R and -D options (see above). It also
577 allows the cancellation of existing port-forwardings with
578 -KL[bind_address:]port for local, -KR[bind_address:]port for
579 remote and -KD[bind_address:]port for dynamic port-forwardings.
580 !command allows the user to execute a local command if the
581 PermitLocalCommand option is enabled in ssh_config(5). Basic
582 help is available, using the -h option.
583
584 ~R Request rekeying of the connection (only useful if the peer
585 supports it).
586
587 ~V Decrease the verbosity (LogLevel) when errors are being written
588 to stderr.
589
590 ~v Increase the verbosity (LogLevel) when errors are being written
591 to stderr.
592
593TCP FORWARDING
594 Forwarding of arbitrary TCP connections over the secure channel can be
595 specified either on the command line or in a configuration file. One
596 possible application of TCP forwarding is a secure connection to a mail
597 server; another is going through firewalls.
598
599 In the example below, we look at encrypting communication between an IRC
600 client and server, even though the IRC server does not directly support
601 encrypted communications. This works as follows: the user connects to
602 the remote host using ssh, specifying a port to be used to forward
603 connections to the remote server. After that it is possible to start the
604 service which is to be encrypted on the client machine, connecting to the
605 same local port, and ssh will encrypt and forward the connection.
606
607 The following example tunnels an IRC session from client machine
608 M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]:
609
610 $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
611 $ irc -c '#users' -p 1234 pinky 127.0.0.1
612
613 This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining
614 channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234. It doesn't matter
615 which port is used, as long as it's greater than 1023 (remember, only
616 root can open sockets on privileged ports) and doesn't conflict with any
617 ports already in use. The connection is forwarded to port 6667 on the
618 remote server, since that's the standard port for IRC services.
619
620 The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is
621 specified to allow an amount of time (10 seconds, in the example) to
622 start the service which is to be tunnelled. If no connections are made
623 within the time specified, ssh will exit.
624
625X11 FORWARDING
626 If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the
627 -X, -x, and -Y options above) and the user is using X11 (the DISPLAY
628 environment variable is set), the connection to the X11 display is
629 automatically forwarded to the remote side in such a way that any X11
630 programs started from the shell (or command) will go through the
631 encrypted channel, and the connection to the real X server will be made
632 from the local machine. The user should not manually set DISPLAY.
633 Forwarding of X11 connections can be configured on the command line or in
634 configuration files.
635
636 The DISPLAY value set by ssh will point to the server machine, but with a
637 display number greater than zero. This is normal, and happens because
638 ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the
639 connections over the encrypted channel.
640
641 ssh will also automatically set up Xauthority data on the server machine.
642 For this purpose, it will generate a random authorization cookie, store
643 it in Xauthority on the server, and verify that any forwarded connections
644 carry this cookie and replace it by the real cookie when the connection
645 is opened. The real authentication cookie is never sent to the server
646 machine (and no cookies are sent in the plain).
647
648 If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of
649 the -A and -a options above) and the user is using an authentication
650 agent, the connection to the agent is automatically forwarded to the
651 remote side.
652
653VERIFYING HOST KEYS
654 When connecting to a server for the first time, a fingerprint of the
655 server's public key is presented to the user (unless the option
656 StrictHostKeyChecking has been disabled). Fingerprints can be determined
657 using ssh-keygen(1):
658
659 $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
660
661 If the fingerprint is already known, it can be matched and the key can be
662 accepted or rejected. If only legacy (MD5) fingerprints for the server
663 are available, the ssh-keygen(1) -E option may be used to downgrade the
664 fingerprint algorithm to match.
665
666 Because of the difficulty of comparing host keys just by looking at
667 fingerprint strings, there is also support to compare host keys visually,
668 using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small
669 ASCII graphic gets displayed on every login to a server, no matter if the
670 session itself is interactive or not. By learning the pattern a known
671 server produces, a user can easily find out that the host key has changed
672 when a completely different pattern is displayed. Because these patterns
673 are not unambiguous however, a pattern that looks similar to the pattern
674 remembered only gives a good probability that the host key is the same,
675 not guaranteed proof.
676
677 To get a listing of the fingerprints along with their random art for all
678 known hosts, the following command line can be used:
679
680 $ ssh-keygen -lv -f ~/.ssh/known_hosts
681
682 If the fingerprint is unknown, an alternative method of verification is
683 available: SSH fingerprints verified by DNS. An additional resource
684 record (RR), SSHFP, is added to a zonefile and the connecting client is
685 able to match the fingerprint with that of the key presented.
686
687 In this example, we are connecting a client to a server,
688 M-bM-^@M-^\host.example.comM-bM-^@M-^]. The SSHFP resource records should first be added to
689 the zonefile for host.example.com:
690
691 $ ssh-keygen -r host.example.com.
692
693 The output lines will have to be added to the zonefile. To check that
694 the zone is answering fingerprint queries:
695
696 $ dig -t SSHFP host.example.com
697
698 Finally the client connects:
699
700 $ ssh -o "VerifyHostKeyDNS ask" host.example.com
701 [...]
702 Matching host key fingerprint found in DNS.
703 Are you sure you want to continue connecting (yes/no)?
704
705 See the VerifyHostKeyDNS option in ssh_config(5) for more information.
706
707SSH-BASED VIRTUAL PRIVATE NETWORKS
708 ssh contains support for Virtual Private Network (VPN) tunnelling using
709 the tun(4) network pseudo-device, allowing two networks to be joined
710 securely. The sshd_config(5) configuration option PermitTunnel controls
711 whether the server supports this, and at what level (layer 2 or 3
712 traffic).
713
714 The following example would connect client network 10.0.50.0/24 with
715 remote network 10.0.99.0/24 using a point-to-point connection from
716 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway
717 to the remote network, at 192.168.1.15, allows it.
718
719 On the client:
720
721 # ssh -f -w 0:1 192.168.1.15 true
722 # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
723 # route add 10.0.99.0/24 10.1.1.2
724
725 On the server:
726
727 # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
728 # route add 10.0.50.0/24 10.1.1.1
729
730 Client access may be more finely tuned via the /root/.ssh/authorized_keys
731 file (see below) and the PermitRootLogin server option. The following
732 entry would permit connections on tun(4) device 1 from user M-bM-^@M-^\janeM-bM-^@M-^] and on
733 tun device 2 from user M-bM-^@M-^\johnM-bM-^@M-^], if PermitRootLogin is set to
734 M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^]:
735
736 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
737 tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
738
739 Since an SSH-based setup entails a fair amount of overhead, it may be
740 more suited to temporary setups, such as for wireless VPNs. More
741 permanent VPNs are better provided by tools such as ipsecctl(8) and
742 isakmpd(8).
743
744ENVIRONMENT
745 ssh will normally set the following environment variables:
746
747 DISPLAY The DISPLAY variable indicates the location of the
748 X11 server. It is automatically set by ssh to
749 point to a value of the form M-bM-^@M-^\hostname:nM-bM-^@M-^], where
750 M-bM-^@M-^\hostnameM-bM-^@M-^] indicates the host where the shell runs,
751 and M-bM-^@M-^XnM-bM-^@M-^Y is an integer M-bM-^IM-% 1. ssh uses this special
752 value to forward X11 connections over the secure
753 channel. The user should normally not set DISPLAY
754 explicitly, as that will render the X11 connection
755 insecure (and will require the user to manually
756 copy any required authorization cookies).
757
758 HOME Set to the path of the user's home directory.
759
760 LOGNAME Synonym for USER; set for compatibility with
761 systems that use this variable.
762
763 MAIL Set to the path of the user's mailbox.
764
765 PATH Set to the default PATH, as specified when
766 compiling ssh.
767
768 SSH_ASKPASS If ssh needs a passphrase, it will read the
769 passphrase from the current terminal if it was run
770 from a terminal. If ssh does not have a terminal
771 associated with it but DISPLAY and SSH_ASKPASS are
772 set, it will execute the program specified by
773 SSH_ASKPASS and open an X11 window to read the
774 passphrase. This is particularly useful when
775 calling ssh from a .xsession or related script.
776 (Note that on some machines it may be necessary to
777 redirect the input from /dev/null to make this
778 work.)
779
780 SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to
781 communicate with the agent.
782
783 SSH_CONNECTION Identifies the client and server ends of the
784 connection. The variable contains four space-
785 separated values: client IP address, client port
786 number, server IP address, and server port number.
787
788 SSH_ORIGINAL_COMMAND This variable contains the original command line if
789 a forced command is executed. It can be used to
790 extract the original arguments.
791
792 SSH_TTY This is set to the name of the tty (path to the
793 device) associated with the current shell or
794 command. If the current session has no tty, this
795 variable is not set.
796
797 TZ This variable is set to indicate the present time
798 zone if it was set when the daemon was started
799 (i.e. the daemon passes the value on to new
800 connections).
801
802 USER Set to the name of the user logging in.
803
804 Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
805 M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are
806 allowed to change their environment. For more information, see the
807 PermitUserEnvironment option in sshd_config(5).
808
809FILES
810 ~/.rhosts
811 This file is used for host-based authentication (see above). On
812 some machines this file may need to be world-readable if the
813 user's home directory is on an NFS partition, because sshd(8)
814 reads it as root. Additionally, this file must be owned by the
815 user, and must not have write permissions for anyone else. The
816 recommended permission for most machines is read/write for the
817 user, and not accessible by others.
818
819 ~/.shosts
820 This file is used in exactly the same way as .rhosts, but allows
821 host-based authentication without permitting login with
822 rlogin/rsh.
823
824 ~/.ssh/
825 This directory is the default location for all user-specific
826 configuration and authentication information. There is no
827 general requirement to keep the entire contents of this directory
828 secret, but the recommended permissions are read/write/execute
829 for the user, and not accessible by others.
830
831 ~/.ssh/authorized_keys
832 Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
833 for logging in as this user. The format of this file is
834 described in the sshd(8) manual page. This file is not highly
835 sensitive, but the recommended permissions are read/write for the
836 user, and not accessible by others.
837
838 ~/.ssh/config
839 This is the per-user configuration file. The file format and
840 configuration options are described in ssh_config(5). Because of
841 the potential for abuse, this file must have strict permissions:
842 read/write for the user, and not writable by others.
843
844 ~/.ssh/environment
845 Contains additional definitions for environment variables; see
846 ENVIRONMENT, above.
847
848 ~/.ssh/identity
849 ~/.ssh/id_dsa
850 ~/.ssh/id_ecdsa
851 ~/.ssh/id_ed25519
852 ~/.ssh/id_rsa
853 Contains the private key for authentication. These files contain
854 sensitive data and should be readable by the user but not
855 accessible by others (read/write/execute). ssh will simply
856 ignore a private key file if it is accessible by others. It is
857 possible to specify a passphrase when generating the key which
858 will be used to encrypt the sensitive part of this file using
859 3DES.
860
861 ~/.ssh/identity.pub
862 ~/.ssh/id_dsa.pub
863 ~/.ssh/id_ecdsa.pub
864 ~/.ssh/id_ed25519.pub
865 ~/.ssh/id_rsa.pub
866 Contains the public key for authentication. These files are not
867 sensitive and can (but need not) be readable by anyone.
868
869 ~/.ssh/known_hosts
870 Contains a list of host keys for all hosts the user has logged
871 into that are not already in the systemwide list of known host
872 keys. See sshd(8) for further details of the format of this
873 file.
874
875 ~/.ssh/rc
876 Commands in this file are executed by ssh when the user logs in,
877 just before the user's shell (or command) is started. See the
878 sshd(8) manual page for more information.
879
880 /etc/hosts.equiv
881 This file is for host-based authentication (see above). It
882 should only be writable by root.
883
884 /etc/shosts.equiv
885 This file is used in exactly the same way as hosts.equiv, but
886 allows host-based authentication without permitting login with
887 rlogin/rsh.
888
889 /etc/ssh/ssh_config
890 Systemwide configuration file. The file format and configuration
891 options are described in ssh_config(5).
892
893 /etc/ssh/ssh_host_key
894 /etc/ssh/ssh_host_dsa_key
895 /etc/ssh/ssh_host_ecdsa_key
896 /etc/ssh/ssh_host_ed25519_key
897 /etc/ssh/ssh_host_rsa_key
898 These files contain the private parts of the host keys and are
899 used for host-based authentication.
900
901 /etc/ssh/ssh_known_hosts
902 Systemwide list of known host keys. This file should be prepared
903 by the system administrator to contain the public host keys of
904 all machines in the organization. It should be world-readable.
905 See sshd(8) for further details of the format of this file.
906
907 /etc/ssh/sshrc
908 Commands in this file are executed by ssh when the user logs in,
909 just before the user's shell (or command) is started. See the
910 sshd(8) manual page for more information.
911
912EXIT STATUS
913 ssh exits with the exit status of the remote command or with 255 if an
914 error occurred.
915
916SEE ALSO
917 scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1),
918 tun(4), ssh_config(5), ssh-keysign(8), sshd(8)
919
920STANDARDS
921 S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned
922 Numbers, RFC 4250, January 2006.
923
924 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture,
925 RFC 4251, January 2006.
926
927 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,
928 RFC 4252, January 2006.
929
930 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer
931 Protocol, RFC 4253, January 2006.
932
933 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC
934 4254, January 2006.
935
936 J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell
937 (SSH) Key Fingerprints, RFC 4255, January 2006.
938
939 F. Cusack and M. Forssen, Generic Message Exchange Authentication for the
940 Secure Shell Protocol (SSH), RFC 4256, January 2006.
941
942 J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break
943 Extension, RFC 4335, January 2006.
944
945 M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport
946 Layer Encryption Modes, RFC 4344, January 2006.
947
948 B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport
949 Layer Protocol, RFC 4345, January 2006.
950
951 M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
952 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
953
954 J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File
955 Format, RFC 4716, November 2006.
956
957 D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the
958 Secure Shell Transport Layer, RFC 5656, December 2009.
959
960 A. Perrig and D. Song, Hash Visualization: a New Technique to improve
961 Real-World Security, 1999, International Workshop on Cryptographic
962 Techniques and E-Commerce (CrypTEC '99).
963
964AUTHORS
965 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
966 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
967 de Raadt and Dug Song removed many bugs, re-added newer features and
968 created OpenSSH. Markus Friedl contributed the support for SSH protocol
969 versions 1.5 and 2.0.
970
971OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/ssh_config.0 b/ssh_config.0
new file mode 100644
index 000000000..4ca9a5ff8
--- /dev/null
+++ b/ssh_config.0
@@ -0,0 +1,1077 @@
1SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5)
2
3NAME
4 ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files
5
6SYNOPSIS
7 ~/.ssh/config
8 /etc/ssh/ssh_config
9
10DESCRIPTION
11 ssh(1) obtains configuration data from the following sources in the
12 following order:
13
14 1. command-line options
15 2. user's configuration file (~/.ssh/config)
16 3. system-wide configuration file (/etc/ssh/ssh_config)
17
18 For each parameter, the first obtained value will be used. The
19 configuration files contain sections separated by Host specifications,
20 and that section is only applied for hosts that match one of the patterns
21 given in the specification. The matched host name is usually the one
22 given on the command line (see the CanonicalizeHostname option for
23 exceptions).
24
25 Since the first obtained value for each parameter is used, more host-
26 specific declarations should be given near the beginning of the file, and
27 general defaults at the end.
28
29 The file contains keyword-argument pairs, one per line. Lines starting
30 with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may
31 optionally be enclosed in double quotes (") in order to represent
32 arguments containing spaces. Configuration options may be separated by
33 whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format
34 is useful to avoid the need to quote whitespace when specifying
35 configuration options using the ssh, scp, and sftp -o option.
36
37 The possible keywords and their meanings are as follows (note that
38 keywords are case-insensitive and arguments are case-sensitive):
39
40 Host Restricts the following declarations (up to the next Host or
41 Match keyword) to be only for those hosts that match one of the
42 patterns given after the keyword. If more than one pattern is
43 provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y
44 as a pattern can be used to provide global defaults for all
45 hosts. The host is usually the hostname argument given on the
46 command line (see the CanonicalizeHostname keyword for
47 exceptions).
48
49 A pattern entry may be negated by prefixing it with an
50 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the
51 Host entry is ignored, regardless of whether any other patterns
52 on the line match. Negated matches are therefore useful to
53 provide exceptions for wildcard matches.
54
55 See PATTERNS for more information on patterns.
56
57 Match Restricts the following declarations (up to the next Host or
58 Match keyword) to be used only when the conditions following the
59 Match keyword are satisfied. Match conditions are specified
60 using one or more criteria or the single token all which always
61 matches. The available criteria keywords are: canonical, exec,
62 host, originalhost, user, and localuser. The all criteria must
63 appear alone or immediately after canonical. Other criteria may
64 be combined arbitrarily. All criteria but all and canonical
65 require an argument. Criteria may be negated by prepending an
66 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y).
67
68 The canonical keyword matches only when the configuration file is
69 being re-parsed after hostname canonicalization (see the
70 CanonicalizeHostname option.) This may be useful to specify
71 conditions that work with canonical host names only. The exec
72 keyword executes the specified command under the user's shell.
73 If the command returns a zero exit status then the condition is
74 considered true. Commands containing whitespace characters must
75 be quoted. Arguments to exec accept the tokens described in the
76 TOKENS section.
77
78 The other keywords' criteria must be single entries or comma-
79 separated lists and may use the wildcard and negation operators
80 described in the PATTERNS section. The criteria for the host
81 keyword are matched against the target hostname, after any
82 substitution by the Hostname or CanonicalizeHostname options.
83 The originalhost keyword matches against the hostname as it was
84 specified on the command-line. The user keyword matches against
85 the target username on the remote host. The localuser keyword
86 matches against the name of the local user running ssh(1) (this
87 keyword may be useful in system-wide ssh_config files).
88
89 AddKeysToAgent
90 Specifies whether keys should be automatically added to a running
91 ssh-agent(1). If this option is set to yes and a key is loaded
92 from a file, the key and its passphrase are added to the agent
93 with the default lifetime, as if by ssh-add(1). If this option
94 is set to ask, ssh(1) will require confirmation using the
95 SSH_ASKPASS program before adding a key (see ssh-add(1) for
96 details). If this option is set to confirm, each use of the key
97 must be confirmed, as if the -c option was specified to
98 ssh-add(1). If this option is set to no, no keys are added to
99 the agent. The argument must be yes, confirm, ask, or no (the
100 default).
101
102 AddressFamily
103 Specifies which address family to use when connecting. Valid
104 arguments are any (the default), inet (use IPv4 only), or inet6
105 (use IPv6 only).
106
107 BatchMode
108 If set to yes, passphrase/password querying will be disabled.
109 This option is useful in scripts and other batch jobs where no
110 user is present to supply the password. The argument must be yes
111 or no (the default).
112
113 BindAddress
114 Use the specified address on the local machine as the source
115 address of the connection. Only useful on systems with more than
116 one address. Note that this option does not work if
117 UsePrivilegedPort is set to yes.
118
119 CanonicalDomains
120 When CanonicalizeHostname is enabled, this option specifies the
121 list of domain suffixes in which to search for the specified
122 destination host.
123
124 CanonicalizeFallbackLocal
125 Specifies whether to fail with an error when hostname
126 canonicalization fails. The default, yes, will attempt to look
127 up the unqualified hostname using the system resolver's search
128 rules. A value of no will cause ssh(1) to fail instantly if
129 CanonicalizeHostname is enabled and the target hostname cannot be
130 found in any of the domains specified by CanonicalDomains.
131
132 CanonicalizeHostname
133 Controls whether explicit hostname canonicalization is performed.
134 The default, no, is not to perform any name rewriting and let the
135 system resolver handle all hostname lookups. If set to yes then,
136 for connections that do not use a ProxyCommand, ssh(1) will
137 attempt to canonicalize the hostname specified on the command
138 line using the CanonicalDomains suffixes and
139 CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is
140 set to always, then canonicalization is applied to proxied
141 connections too.
142
143 If this option is enabled, then the configuration files are
144 processed again using the new target name to pick up any new
145 configuration in matching Host and Match stanzas.
146
147 CanonicalizeMaxDots
148 Specifies the maximum number of dot characters in a hostname
149 before canonicalization is disabled. The default, 1, allows a
150 single dot (i.e. hostname.subdomain).
151
152 CanonicalizePermittedCNAMEs
153 Specifies rules to determine whether CNAMEs should be followed
154 when canonicalizing hostnames. The rules consist of one or more
155 arguments of source_domain_list:target_domain_list, where
156 source_domain_list is a pattern-list of domains that may follow
157 CNAMEs in canonicalization, and target_domain_list is a pattern-
158 list of domains that they may resolve to.
159
160 For example, "*.a.example.com:*.b.example.com,*.c.example.com"
161 will allow hostnames matching "*.a.example.com" to be
162 canonicalized to names in the "*.b.example.com" or
163 "*.c.example.com" domains.
164
165 CertificateFile
166 Specifies a file from which the user's certificate is read. A
167 corresponding private key must be provided separately in order to
168 use this certificate either from an IdentityFile directive or -i
169 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider.
170
171 Arguments to CertificateFile may use the tilde syntax to refer to
172 a user's home directory or the tokens described in the TOKENS
173 section.
174
175 It is possible to have multiple certificate files specified in
176 configuration files; these certificates will be tried in
177 sequence. Multiple CertificateFile directives will add to the
178 list of certificates used for authentication.
179
180 ChallengeResponseAuthentication
181 Specifies whether to use challenge-response authentication. The
182 argument to this keyword must be yes (the default) or no.
183
184 CheckHostIP
185 If set to yes (the default), ssh(1) will additionally check the
186 host IP address in the known_hosts file. This allows it to
187 detect if a host key changed due to DNS spoofing and will add
188 addresses of destination hosts to ~/.ssh/known_hosts in the
189 process, regardless of the setting of StrictHostKeyChecking. If
190 the option is set to no, the check will not be executed.
191
192 Cipher Specifies the cipher to use for encrypting the session in
193 protocol version 1. Currently, blowfish, 3des (the default), and
194 des are supported, though des is only supported in the ssh(1)
195 client for interoperability with legacy protocol 1
196 implementations; its use is strongly discouraged due to
197 cryptographic weaknesses.
198
199 Ciphers
200 Specifies the ciphers allowed for protocol version 2 in order of
201 preference. Multiple ciphers must be comma-separated. If the
202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
203 ciphers will be appended to the default set instead of replacing
204 them.
205
206 The supported ciphers are:
207
208 3des-cbc
209 aes128-cbc
210 aes192-cbc
211 aes256-cbc
212 aes128-ctr
213 aes192-ctr
214 aes256-ctr
215 aes128-gcm@openssh.com
216 aes256-gcm@openssh.com
217 arcfour
218 arcfour128
219 arcfour256
220 blowfish-cbc
221 cast128-cbc
222 chacha20-poly1305@openssh.com
223
224 The default is:
225
226 chacha20-poly1305@openssh.com,
227 aes128-ctr,aes192-ctr,aes256-ctr,
228 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
229 aes128-cbc,aes192-cbc,aes256-cbc
230
231 The list of available ciphers may also be obtained using "ssh -Q
232 cipher".
233
234 ClearAllForwardings
235 Specifies that all local, remote, and dynamic port forwardings
236 specified in the configuration files or on the command line be
237 cleared. This option is primarily useful when used from the
238 ssh(1) command line to clear port forwardings set in
239 configuration files, and is automatically set by scp(1) and
240 sftp(1). The argument must be yes or no (the default).
241
242 Compression
243 Specifies whether to use compression. The argument must be yes
244 or no (the default).
245
246 CompressionLevel
247 Specifies the compression level to use if compression is enabled.
248 The argument must be an integer from 1 (fast) to 9 (slow, best).
249 The default level is 6, which is good for most applications. The
250 meaning of the values is the same as in gzip(1). Note that this
251 option applies to protocol version 1 only.
252
253 ConnectionAttempts
254 Specifies the number of tries (one per second) to make before
255 exiting. The argument must be an integer. This may be useful in
256 scripts if the connection sometimes fails. The default is 1.
257
258 ConnectTimeout
259 Specifies the timeout (in seconds) used when connecting to the
260 SSH server, instead of using the default system TCP timeout.
261 This value is used only when the target is down or really
262 unreachable, not when it refuses the connection.
263
264 ControlMaster
265 Enables the sharing of multiple sessions over a single network
266 connection. When set to yes, ssh(1) will listen for connections
267 on a control socket specified using the ControlPath argument.
268 Additional sessions can connect to this socket using the same
269 ControlPath with ControlMaster set to no (the default). These
270 sessions will try to reuse the master instance's network
271 connection rather than initiating new ones, but will fall back to
272 connecting normally if the control socket does not exist, or is
273 not listening.
274
275 Setting this to ask will cause ssh(1) to listen for control
276 connections, but require confirmation using ssh-askpass(1). If
277 the ControlPath cannot be opened, ssh(1) will continue without
278 connecting to a master instance.
279
280 X11 and ssh-agent(1) forwarding is supported over these
281 multiplexed connections, however the display and agent forwarded
282 will be the one belonging to the master connection i.e. it is not
283 possible to forward multiple displays or agents.
284
285 Two additional options allow for opportunistic multiplexing: try
286 to use a master connection but fall back to creating a new one if
287 one does not already exist. These options are: auto and autoask.
288 The latter requires confirmation like the ask option.
289
290 ControlPath
291 Specify the path to the control socket used for connection
292 sharing as described in the ControlMaster section above or the
293 string none to disable connection sharing. Arguments to
294 ControlPath may use the tilde syntax to refer to a user's home
295 directory or the tokens described in the TOKENS section. It is
296 recommended that any ControlPath used for opportunistic
297 connection sharing include at least %h, %p, and %r (or
298 alternatively %C) and be placed in a directory that is not
299 writable by other users. This ensures that shared connections
300 are uniquely identified.
301
302 ControlPersist
303 When used in conjunction with ControlMaster, specifies that the
304 master connection should remain open in the background (waiting
305 for future client connections) after the initial client
306 connection has been closed. If set to no, then the master
307 connection will not be placed into the background, and will close
308 as soon as the initial client connection is closed. If set to
309 yes or 0, then the master connection will remain in the
310 background indefinitely (until killed or closed via a mechanism
311 such as the "ssh -O exit"). If set to a time in seconds, or a
312 time in any of the formats documented in sshd_config(5), then the
313 backgrounded master connection will automatically terminate after
314 it has remained idle (with no client connections) for the
315 specified time.
316
317 DynamicForward
318 Specifies that a TCP port on the local machine be forwarded over
319 the secure channel, and the application protocol is then used to
320 determine where to connect to from the remote machine.
321
322 The argument must be [bind_address:]port. IPv6 addresses can be
323 specified by enclosing addresses in square brackets. By default,
324 the local port is bound in accordance with the GatewayPorts
325 setting. However, an explicit bind_address may be used to bind
326 the connection to a specific address. The bind_address of
327 localhost indicates that the listening port be bound for local
328 use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port
329 should be available from all interfaces.
330
331 Currently the SOCKS4 and SOCKS5 protocols are supported, and
332 ssh(1) will act as a SOCKS server. Multiple forwardings may be
333 specified, and additional forwardings can be given on the command
334 line. Only the superuser can forward privileged ports.
335
336 EnableSSHKeysign
337 Setting this option to yes in the global client configuration
338 file /etc/ssh/ssh_config enables the use of the helper program
339 ssh-keysign(8) during HostbasedAuthentication. The argument must
340 be yes or no (the default). This option should be placed in the
341 non-hostspecific section. See ssh-keysign(8) for more
342 information.
343
344 EscapeChar
345 Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character
346 can also be set on the command line. The argument should be a
347 single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable
348 the escape character entirely (making the connection transparent
349 for binary data).
350
351 ExitOnForwardFailure
352 Specifies whether ssh(1) should terminate the connection if it
353 cannot set up all requested dynamic, tunnel, local, and remote
354 port forwardings, (e.g. if either end is unable to bind and
355 listen on a specified port). Note that ExitOnForwardFailure does
356 not apply to connections made over port forwardings and will not,
357 for example, cause ssh(1) to exit if TCP connections to the
358 ultimate forwarding destination fail. The argument must be yes
359 or no (the default).
360
361 FingerprintHash
362 Specifies the hash algorithm used when displaying key
363 fingerprints. Valid options are: md5 and sha256 (the default).
364
365 ForwardAgent
366 Specifies whether the connection to the authentication agent (if
367 any) will be forwarded to the remote machine. The argument must
368 be yes or no (the default).
369
370 Agent forwarding should be enabled with caution. Users with the
371 ability to bypass file permissions on the remote host (for the
372 agent's Unix-domain socket) can access the local agent through
373 the forwarded connection. An attacker cannot obtain key material
374 from the agent, however they can perform operations on the keys
375 that enable them to authenticate using the identities loaded into
376 the agent.
377
378 ForwardX11
379 Specifies whether X11 connections will be automatically
380 redirected over the secure channel and DISPLAY set. The argument
381 must be yes or no (the default).
382
383 X11 forwarding should be enabled with caution. Users with the
384 ability to bypass file permissions on the remote host (for the
385 user's X11 authorization database) can access the local X11
386 display through the forwarded connection. An attacker may then
387 be able to perform activities such as keystroke monitoring if the
388 ForwardX11Trusted option is also enabled.
389
390 ForwardX11Timeout
391 Specify a timeout for untrusted X11 forwarding using the format
392 described in the TIME FORMATS section of sshd_config(5). X11
393 connections received by ssh(1) after this time will be refused.
394 The default is to disable untrusted X11 forwarding after twenty
395 minutes has elapsed.
396
397 ForwardX11Trusted
398 If this option is set to yes, remote X11 clients will have full
399 access to the original X11 display.
400
401 If this option is set to no (the default), remote X11 clients
402 will be considered untrusted and prevented from stealing or
403 tampering with data belonging to trusted X11 clients.
404 Furthermore, the xauth(1) token used for the session will be set
405 to expire after 20 minutes. Remote clients will be refused
406 access after this time.
407
408 See the X11 SECURITY extension specification for full details on
409 the restrictions imposed on untrusted clients.
410
411 GatewayPorts
412 Specifies whether remote hosts are allowed to connect to local
413 forwarded ports. By default, ssh(1) binds local port forwardings
414 to the loopback address. This prevents other remote hosts from
415 connecting to forwarded ports. GatewayPorts can be used to
416 specify that ssh should bind local port forwardings to the
417 wildcard address, thus allowing remote hosts to connect to
418 forwarded ports. The argument must be yes or no (the default).
419
420 GlobalKnownHostsFile
421 Specifies one or more files to use for the global host key
422 database, separated by whitespace. The default is
423 /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2.
424
425 GSSAPIAuthentication
426 Specifies whether user authentication based on GSSAPI is allowed.
427 The default is no.
428
429 GSSAPIDelegateCredentials
430 Forward (delegate) credentials to the server. The default is no.
431
432 HashKnownHosts
433 Indicates that ssh(1) should hash host names and addresses when
434 they are added to ~/.ssh/known_hosts. These hashed names may be
435 used normally by ssh(1) and sshd(8), but they do not reveal
436 identifying information should the file's contents be disclosed.
437 The default is no. Note that existing names and addresses in
438 known hosts files will not be converted automatically, but may be
439 manually hashed using ssh-keygen(1).
440
441 HostbasedAuthentication
442 Specifies whether to try rhosts based authentication with public
443 key authentication. The argument must be yes or no (the
444 default).
445
446 HostbasedKeyTypes
447 Specifies the key types that will be used for hostbased
448 authentication as a comma-separated pattern list. Alternately if
449 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
450 specified key types will be appended to the default set instead
451 of replacing them. The default for this option is:
452
453 ecdsa-sha2-nistp256-cert-v01@openssh.com,
454 ecdsa-sha2-nistp384-cert-v01@openssh.com,
455 ecdsa-sha2-nistp521-cert-v01@openssh.com,
456 ssh-ed25519-cert-v01@openssh.com,
457 ssh-rsa-cert-v01@openssh.com,
458 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
459 ssh-ed25519,ssh-rsa
460
461 The -Q option of ssh(1) may be used to list supported key types.
462
463 HostKeyAlgorithms
464 Specifies the host key algorithms that the client wants to use in
465 order of preference. Alternately if the specified value begins
466 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
467 appended to the default set instead of replacing them. The
468 default for this option is:
469
470 ecdsa-sha2-nistp256-cert-v01@openssh.com,
471 ecdsa-sha2-nistp384-cert-v01@openssh.com,
472 ecdsa-sha2-nistp521-cert-v01@openssh.com,
473 ssh-ed25519-cert-v01@openssh.com,
474 ssh-rsa-cert-v01@openssh.com,
475 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
476 ssh-ed25519,ssh-rsa
477
478 If hostkeys are known for the destination host then this default
479 is modified to prefer their algorithms.
480
481 The list of available key types may also be obtained using "ssh
482 -Q key".
483
484 HostKeyAlias
485 Specifies an alias that should be used instead of the real host
486 name when looking up or saving the host key in the host key
487 database files. This option is useful for tunneling SSH
488 connections or for multiple servers running on a single host.
489
490 HostName
491 Specifies the real host name to log into. This can be used to
492 specify nicknames or abbreviations for hosts. Arguments to
493 HostName accept the tokens described in the TOKENS section.
494 Numeric IP addresses are also permitted (both on the command line
495 and in HostName specifications). The default is the name given
496 on the command line.
497
498 IdentitiesOnly
499 Specifies that ssh(1) should only use the authentication identity
500 and certificate files explicitly configured in the ssh_config
501 files or passed on the ssh(1) command-line, even if ssh-agent(1)
502 or a PKCS11Provider offers more identities. The argument to this
503 keyword must be yes or no (the default). This option is intended
504 for situations where ssh-agent offers many different identities.
505
506 IdentityAgent
507 Specifies the UNIX-domain socket used to communicate with the
508 authentication agent.
509
510 This option overrides the SSH_AUTH_SOCK environment variable and
511 can be used to select a specific agent. Setting the socket name
512 to none disables the use of an authentication agent. If the
513 string "SSH_AUTH_SOCK" is specified, the location of the socket
514 will be read from the SSH_AUTH_SOCK environment variable.
515
516 Arguments to IdentityAgent may use the tilde syntax to refer to a
517 user's home directory or the tokens described in the TOKENS
518 section.
519
520 IdentityFile
521 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
522 authentication identity is read. The default is ~/.ssh/identity
523 for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
524 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
525 Additionally, any identities represented by the authentication
526 agent will be used for authentication unless IdentitiesOnly is
527 set. If no certificates have been explicitly specified by
528 CertificateFile, ssh(1) will try to load certificate information
529 from the filename obtained by appending -cert.pub to the path of
530 a specified IdentityFile.
531
532 Arguments to IdentityFile may use the tilde syntax to refer to a
533 user's home directory or the tokens described in the TOKENS
534 section.
535
536 It is possible to have multiple identity files specified in
537 configuration files; all these identities will be tried in
538 sequence. Multiple IdentityFile directives will add to the list
539 of identities tried (this behaviour differs from that of other
540 configuration directives).
541
542 IdentityFile may be used in conjunction with IdentitiesOnly to
543 select which identities in an agent are offered during
544 authentication. IdentityFile may also be used in conjunction
545 with CertificateFile in order to provide any certificate also
546 needed for authentication with the identity.
547
548 IgnoreUnknown
549 Specifies a pattern-list of unknown options to be ignored if they
550 are encountered in configuration parsing. This may be used to
551 suppress errors if ssh_config contains options that are
552 unrecognised by ssh(1). It is recommended that IgnoreUnknown be
553 listed early in the configuration file as it will not be applied
554 to unknown options that appear before it.
555
556 Include
557 Include the specified configuration file(s). Multiple pathnames
558 may be specified and each pathname may contain glob(3) wildcards
559 and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user
560 home directories. Files without absolute paths are assumed to be
561 in ~/.ssh if included in a user configuration file or /etc/ssh if
562 included from the system configuration file. Include directive
563 may appear inside a Match or Host block to perform conditional
564 inclusion.
565
566 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
567 Accepted values are af11, af12, af13, af21, af22, af23, af31,
568 af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6,
569 cs7, ef, lowdelay, throughput, reliability, or a numeric value.
570 This option may take one or two arguments, separated by
571 whitespace. If one argument is specified, it is used as the
572 packet class unconditionally. If two values are specified, the
573 first is automatically selected for interactive sessions and the
574 second for non-interactive sessions. The default is lowdelay for
575 interactive sessions and throughput for non-interactive sessions.
576
577 KbdInteractiveAuthentication
578 Specifies whether to use keyboard-interactive authentication.
579 The argument to this keyword must be yes (the default) or no.
580
581 KbdInteractiveDevices
582 Specifies the list of methods to use in keyboard-interactive
583 authentication. Multiple method names must be comma-separated.
584 The default is to use the server specified list. The methods
585 available vary depending on what the server supports. For an
586 OpenSSH server, it may be zero or more of: bsdauth, pam, and
587 skey.
588
589 KexAlgorithms
590 Specifies the available KEX (Key Exchange) algorithms. Multiple
591 algorithms must be comma-separated. Alternately if the specified
592 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
593 will be appended to the default set instead of replacing them.
594 The default is:
595
596 curve25519-sha256,curve25519-sha256@libssh.org,
597 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
598 diffie-hellman-group-exchange-sha256,
599 diffie-hellman-group-exchange-sha1,
600 diffie-hellman-group14-sha1
601
602 The list of available key exchange algorithms may also be
603 obtained using "ssh -Q kex".
604
605 LocalCommand
606 Specifies a command to execute on the local machine after
607 successfully connecting to the server. The command string
608 extends to the end of the line, and is executed with the user's
609 shell. Arguments to LocalCommand accept the tokens described in
610 the TOKENS section.
611
612 The command is run synchronously and does not have access to the
613 session of the ssh(1) that spawned it. It should not be used for
614 interactive commands.
615
616 This directive is ignored unless PermitLocalCommand has been
617 enabled.
618
619 LocalForward
620 Specifies that a TCP port on the local machine be forwarded over
621 the secure channel to the specified host and port from the remote
622 machine. The first argument must be [bind_address:]port and the
623 second argument must be host:hostport. IPv6 addresses can be
624 specified by enclosing addresses in square brackets. Multiple
625 forwardings may be specified, and additional forwardings can be
626 given on the command line. Only the superuser can forward
627 privileged ports. By default, the local port is bound in
628 accordance with the GatewayPorts setting. However, an explicit
629 bind_address may be used to bind the connection to a specific
630 address. The bind_address of localhost indicates that the
631 listening port be bound for local use only, while an empty
632 address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from
633 all interfaces.
634
635 LogLevel
636 Gives the verbosity level that is used when logging messages from
637 ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO,
638 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
639 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
640 higher levels of verbose output.
641
642 MACs Specifies the MAC (message authentication code) algorithms in
643 order of preference. The MAC algorithm is used for data
644 integrity protection. Multiple algorithms must be comma-
645 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
646 then the specified algorithms will be appended to the default set
647 instead of replacing them.
648
649 The algorithms that contain "-etm" calculate the MAC after
650 encryption (encrypt-then-mac). These are considered safer and
651 their use recommended.
652
653 The default is:
654
655 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
656 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
657 hmac-sha1-etm@openssh.com,
658 umac-64@openssh.com,umac-128@openssh.com,
659 hmac-sha2-256,hmac-sha2-512,hmac-sha1
660
661 The list of available MAC algorithms may also be obtained using
662 "ssh -Q mac".
663
664 NoHostAuthenticationForLocalhost
665 This option can be used if the home directory is shared across
666 machines. In this case localhost will refer to a different
667 machine on each of the machines and the user will get many
668 warnings about changed host keys. However, this option disables
669 host authentication for localhost. The argument to this keyword
670 must be yes or no. (the default).
671
672 NumberOfPasswordPrompts
673 Specifies the number of password prompts before giving up. The
674 argument to this keyword must be an integer. The default is 3.
675
676 PasswordAuthentication
677 Specifies whether to use password authentication. The argument
678 to this keyword must be yes (the default) or no.
679
680 PermitLocalCommand
681 Allow local command execution via the LocalCommand option or
682 using the !command escape sequence in ssh(1). The argument must
683 be yes or no (the default).
684
685 PKCS11Provider
686 Specifies which PKCS#11 provider to use. The argument to this
687 keyword is the PKCS#11 shared library ssh(1) should use to
688 communicate with a PKCS#11 token providing the user's private RSA
689 key.
690
691 Port Specifies the port number to connect on the remote host. The
692 default is 22.
693
694 PreferredAuthentications
695 Specifies the order in which the client should try authentication
696 methods. This allows a client to prefer one method (e.g.
697 keyboard-interactive) over another method (e.g. password). The
698 default is:
699
700 gssapi-with-mic,hostbased,publickey,
701 keyboard-interactive,password
702
703 Protocol
704 Specifies the protocol versions ssh(1) should support in order of
705 preference. The possible values are 1 and 2. Multiple versions
706 must be comma-separated. When this option is set to 2,1 ssh will
707 try version 2 and fall back to version 1 if version 2 is not
708 available. The default is version 2. Protocol 1 suffers from a
709 number of cryptographic weaknesses and should not be used. It is
710 only offered to support legacy devices.
711
712 ProxyCommand
713 Specifies the command to use to connect to the server. The
714 command string extends to the end of the line, and is executed
715 using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering
716 shell process.
717
718 Arguments to ProxyCommand accept the tokens described in the
719 TOKENS section. The command can be basically anything, and
720 should read from its standard input and write to its standard
721 output. It should eventually connect an sshd(8) server running
722 on some machine, or execute sshd -i somewhere. Host key
723 management will be done using the HostName of the host being
724 connected (defaulting to the name typed by the user). Setting
725 the command to none disables this option entirely. Note that
726 CheckHostIP is not available for connects with a proxy command.
727
728 This directive is useful in conjunction with nc(1) and its proxy
729 support. For example, the following directive would connect via
730 an HTTP proxy at 192.0.2.0:
731
732 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
733
734 ProxyJump
735 Specifies one or more jump proxies as [user@]host[:port].
736 Multiple proxies may be separated by comma characters and will be
737 visited sequentially. Setting this option will cause ssh(1) to
738 connect to the target host by first making a ssh(1) connection to
739 the specified ProxyJump host and then establishing a TCP
740 forwarding to the ultimate target from there.
741
742 Note that this option will compete with the ProxyCommand option -
743 whichever is specified first will prevent later instances of the
744 other from taking effect.
745
746 ProxyUseFdpass
747 Specifies that ProxyCommand will pass a connected file descriptor
748 back to ssh(1) instead of continuing to execute and pass data.
749 The default is no.
750
751 PubkeyAcceptedKeyTypes
752 Specifies the key types that will be used for public key
753 authentication as a comma-separated pattern list. Alternately if
754 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key
755 types after it will be appended to the default instead of
756 replacing it. The default for this option is:
757
758 ecdsa-sha2-nistp256-cert-v01@openssh.com,
759 ecdsa-sha2-nistp384-cert-v01@openssh.com,
760 ecdsa-sha2-nistp521-cert-v01@openssh.com,
761 ssh-ed25519-cert-v01@openssh.com,
762 ssh-rsa-cert-v01@openssh.com,
763 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
764 ssh-ed25519,ssh-rsa
765
766 The list of available key types may also be obtained using "ssh
767 -Q key".
768
769 PubkeyAuthentication
770 Specifies whether to try public key authentication. The argument
771 to this keyword must be yes (the default) or no.
772
773 RekeyLimit
774 Specifies the maximum amount of data that may be transmitted
775 before the session key is renegotiated, optionally followed a
776 maximum amount of time that may pass before the session key is
777 renegotiated. The first argument is specified in bytes and may
778 have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes,
779 Megabytes, or Gigabytes, respectively. The default is between
780 M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second
781 value is specified in seconds and may use any of the units
782 documented in the TIME FORMATS section of sshd_config(5). The
783 default value for RekeyLimit is default none, which means that
784 rekeying is performed after the cipher's default amount of data
785 has been sent or received and no time based rekeying is done.
786
787 RemoteForward
788 Specifies that a TCP port on the remote machine be forwarded over
789 the secure channel to the specified host and port from the local
790 machine. The first argument must be [bind_address:]port and the
791 second argument must be host:hostport. IPv6 addresses can be
792 specified by enclosing addresses in square brackets. Multiple
793 forwardings may be specified, and additional forwardings can be
794 given on the command line. Privileged ports can be forwarded
795 only when logging in as root on the remote machine.
796
797 If the port argument is 0, the listen port will be dynamically
798 allocated on the server and reported to the client at run time.
799
800 If the bind_address is not specified, the default is to only bind
801 to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty
802 string, then the forwarding is requested to listen on all
803 interfaces. Specifying a remote bind_address will only succeed
804 if the server's GatewayPorts option is enabled (see
805 sshd_config(5)).
806
807 RequestTTY
808 Specifies whether to request a pseudo-tty for the session. The
809 argument may be one of: no (never request a TTY), yes (always
810 request a TTY when standard input is a TTY), force (always
811 request a TTY) or auto (request a TTY when opening a login
812 session). This option mirrors the -t and -T flags for ssh(1).
813
814 RevokedHostKeys
815 Specifies revoked host public keys. Keys listed in this file
816 will be refused for host authentication. Note that if this file
817 does not exist or is not readable, then host authentication will
818 be refused for all hosts. Keys may be specified as a text file,
819 listing one public key per line, or as an OpenSSH Key Revocation
820 List (KRL) as generated by ssh-keygen(1). For more information
821 on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).
822
823 RhostsRSAAuthentication
824 Specifies whether to try rhosts based authentication with RSA
825 host authentication. The argument must be yes or no (the
826 default). This option applies to protocol version 1 only and
827 requires ssh(1) to be setuid root.
828
829 RSAAuthentication
830 Specifies whether to try RSA authentication. The argument to
831 this keyword must be yes (the default) or no. RSA authentication
832 will only be attempted if the identity file exists, or an
833 authentication agent is running. Note that this option applies
834 to protocol version 1 only.
835
836 SendEnv
837 Specifies what variables from the local environ(7) should be sent
838 to the server. The server must also support it, and the server
839 must be configured to accept these environment variables. Note
840 that the TERM environment variable is always sent whenever a
841 pseudo-terminal is requested as it is required by the protocol.
842 Refer to AcceptEnv in sshd_config(5) for how to configure the
843 server. Variables are specified by name, which may contain
844 wildcard characters. Multiple environment variables may be
845 separated by whitespace or spread across multiple SendEnv
846 directives. The default is not to send any environment
847 variables.
848
849 See PATTERNS for more information on patterns.
850
851 ServerAliveCountMax
852 Sets the number of server alive messages (see below) which may be
853 sent without ssh(1) receiving any messages back from the server.
854 If this threshold is reached while server alive messages are
855 being sent, ssh will disconnect from the server, terminating the
856 session. It is important to note that the use of server alive
857 messages is very different from TCPKeepAlive (below). The server
858 alive messages are sent through the encrypted channel and
859 therefore will not be spoofable. The TCP keepalive option
860 enabled by TCPKeepAlive is spoofable. The server alive mechanism
861 is valuable when the client or server depend on knowing when a
862 connection has become inactive.
863
864 The default value is 3. If, for example, ServerAliveInterval
865 (see below) is set to 15 and ServerAliveCountMax is left at the
866 default, if the server becomes unresponsive, ssh will disconnect
867 after approximately 45 seconds.
868
869 ServerAliveInterval
870 Sets a timeout interval in seconds after which if no data has
871 been received from the server, ssh(1) will send a message through
872 the encrypted channel to request a response from the server. The
873 default is 0, indicating that these messages will not be sent to
874 the server.
875
876 StreamLocalBindMask
877 Sets the octal file creation mode mask (umask) used when creating
878 a Unix-domain socket file for local or remote port forwarding.
879 This option is only used for port forwarding to a Unix-domain
880 socket file.
881
882 The default value is 0177, which creates a Unix-domain socket
883 file that is readable and writable only by the owner. Note that
884 not all operating systems honor the file mode on Unix-domain
885 socket files.
886
887 StreamLocalBindUnlink
888 Specifies whether to remove an existing Unix-domain socket file
889 for local or remote port forwarding before creating a new one.
890 If the socket file already exists and StreamLocalBindUnlink is
891 not enabled, ssh will be unable to forward the port to the Unix-
892 domain socket file. This option is only used for port forwarding
893 to a Unix-domain socket file.
894
895 The argument must be yes or no (the default).
896
897 StrictHostKeyChecking
898 If this flag is set to yes, ssh(1) will never automatically add
899 host keys to the ~/.ssh/known_hosts file, and refuses to connect
900 to hosts whose host key has changed. This provides maximum
901 protection against trojan horse attacks, though it can be
902 annoying when the /etc/ssh/ssh_known_hosts file is poorly
903 maintained or when connections to new hosts are frequently made.
904 This option forces the user to manually add all new hosts. If
905 this flag is set to no, ssh will automatically add new host keys
906 to the user known hosts files. If this flag is set to ask (the
907 default), new host keys will be added to the user known host
908 files only after the user has confirmed that is what they really
909 want to do, and ssh will refuse to connect to hosts whose host
910 key has changed. The host keys of known hosts will be verified
911 automatically in all cases.
912
913 TCPKeepAlive
914 Specifies whether the system should send TCP keepalive messages
915 to the other side. If they are sent, death of the connection or
916 crash of one of the machines will be properly noticed. However,
917 this means that connections will die if the route is down
918 temporarily, and some people find it annoying.
919
920 The default is yes (to send TCP keepalive messages), and the
921 client will notice if the network goes down or the remote host
922 dies. This is important in scripts, and many users want it too.
923
924 To disable TCP keepalive messages, the value should be set to no.
925
926 Tunnel Request tun(4) device forwarding between the client and the
927 server. The argument must be yes, point-to-point (layer 3),
928 ethernet (layer 2), or no (the default). Specifying yes requests
929 the default tunnel mode, which is point-to-point.
930
931 TunnelDevice
932 Specifies the tun(4) devices to open on the client (local_tun)
933 and the server (remote_tun).
934
935 The argument must be local_tun[:remote_tun]. The devices may be
936 specified by numerical ID or the keyword any, which uses the next
937 available tunnel device. If remote_tun is not specified, it
938 defaults to any. The default is any:any.
939
940 UpdateHostKeys
941 Specifies whether ssh(1) should accept notifications of
942 additional hostkeys from the server sent after authentication has
943 completed and add them to UserKnownHostsFile. The argument must
944 be yes, no (the default) or ask. Enabling this option allows
945 learning alternate hostkeys for a server and supports graceful
946 key rotation by allowing a server to send replacement public keys
947 before old ones are removed. Additional hostkeys are only
948 accepted if the key used to authenticate the host was already
949 trusted or explicitly accepted by the user. If UpdateHostKeys is
950 set to ask, then the user is asked to confirm the modifications
951 to the known_hosts file. Confirmation is currently incompatible
952 with ControlPersist, and will be disabled if it is enabled.
953
954 Presently, only sshd(8) from OpenSSH 6.8 and greater support the
955 "hostkeys@openssh.com" protocol extension used to inform the
956 client of all the server's hostkeys.
957
958 UsePrivilegedPort
959 Specifies whether to use a privileged port for outgoing
960 connections. The argument must be yes or no (the default). If
961 set to yes, ssh(1) must be setuid root. Note that this option
962 must be set to yes for RhostsRSAAuthentication with older
963 servers.
964
965 User Specifies the user to log in as. This can be useful when a
966 different user name is used on different machines. This saves
967 the trouble of having to remember to give the user name on the
968 command line.
969
970 UserKnownHostsFile
971 Specifies one or more files to use for the user host key
972 database, separated by whitespace. The default is
973 ~/.ssh/known_hosts, ~/.ssh/known_hosts2.
974
975 VerifyHostKeyDNS
976 Specifies whether to verify the remote key using DNS and SSHFP
977 resource records. If this option is set to yes, the client will
978 implicitly trust keys that match a secure fingerprint from DNS.
979 Insecure fingerprints will be handled as if this option was set
980 to ask. If this option is set to ask, information on fingerprint
981 match will be displayed, but the user will still need to confirm
982 new host keys according to the StrictHostKeyChecking option. The
983 default is no.
984
985 See also VERIFYING HOST KEYS in ssh(1).
986
987 VisualHostKey
988 If this flag is set to yes, an ASCII art representation of the
989 remote host key fingerprint is printed in addition to the
990 fingerprint string at login and for unknown host keys. If this
991 flag is set to no (the default), no fingerprint strings are
992 printed at login and only the fingerprint string will be printed
993 for unknown host keys.
994
995 XAuthLocation
996 Specifies the full pathname of the xauth(1) program. The default
997 is /usr/X11R6/bin/xauth.
998
999PATTERNS
1000 A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a
1001 wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that
1002 matches exactly one character). For example, to specify a set of
1003 declarations for any host in the ".co.uk" set of domains, the following
1004 pattern could be used:
1005
1006 Host *.co.uk
1007
1008 The following pattern would match any host in the 192.168.0.[0-9] network
1009 range:
1010
1011 Host 192.168.0.?
1012
1013 A pattern-list is a comma-separated list of patterns. Patterns within
1014 pattern-lists may be negated by preceding them with an exclamation mark
1015 (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an
1016 organization except from the "dialup" pool, the following entry (in
1017 authorized_keys) could be used:
1018
1019 from="!*.dialup.example.com,*.example.com"
1020
1021TOKENS
1022 Arguments to some keywords can make use of tokens, which are expanded at
1023 runtime:
1024
1025 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y.
1026 %C Shorthand for %l%h%p%r.
1027 %d Local user's home directory.
1028 %h The remote hostname.
1029 %i The local user ID.
1030 %L The local hostname.
1031 %l The local hostname, including the domain name.
1032 %n The original remote hostname, as given on the command line.
1033 %p The remote port.
1034 %r The remote username.
1035 %u The local username.
1036
1037 Match exec accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u.
1038
1039 CertificateFile accepts the tokens %%, %d, %h, %l, %r, and %u.
1040
1041 ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and
1042 %u.
1043
1044 HostName accepts the tokens %% and %h.
1045
1046 IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %l, %r, and
1047 %u.
1048
1049 LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
1050
1051 ProxyCommand accepts the tokens %%, %h, %p, and %r.
1052
1053FILES
1054 ~/.ssh/config
1055 This is the per-user configuration file. The format of this file
1056 is described above. This file is used by the SSH client.
1057 Because of the potential for abuse, this file must have strict
1058 permissions: read/write for the user, and not accessible by
1059 others.
1060
1061 /etc/ssh/ssh_config
1062 Systemwide configuration file. This file provides defaults for
1063 those values that are not specified in the user's configuration
1064 file, and for those users who do not have a configuration file.
1065 This file must be world-readable.
1066
1067SEE ALSO
1068 ssh(1)
1069
1070AUTHORS
1071 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1072 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1073 de Raadt and Dug Song removed many bugs, re-added newer features and
1074 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1075 versions 1.5 and 2.0.
1076
1077OpenBSD 6.0 October 15, 2016 OpenBSD 6.0
diff --git a/sshd.0 b/sshd.0
new file mode 100644
index 000000000..089244c93
--- /dev/null
+++ b/sshd.0
@@ -0,0 +1,626 @@
1SSHD(8) System Manager's Manual SSHD(8)
2
3NAME
4 sshd M-bM-^@M-^S OpenSSH SSH daemon
5
6SYNOPSIS
7 sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file]
8 [-E log_file] [-f config_file] [-g login_grace_time]
9 [-h host_key_file] [-o option] [-p port] [-u len]
10
11DESCRIPTION
12 sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
13 programs replace rlogin and rsh, and provide secure encrypted
14 communications between two untrusted hosts over an insecure network.
15
16 sshd listens for connections from clients. It is normally started at
17 boot from /etc/rc. It forks a new daemon for each incoming connection.
18 The forked daemons handle key exchange, encryption, authentication,
19 command execution, and data exchange.
20
21 sshd can be configured using command-line options or a configuration file
22 (by default sshd_config(5)); command-line options override values
23 specified in the configuration file. sshd rereads its configuration file
24 when it receives a hangup signal, SIGHUP, by executing itself with the
25 name and options it was started with, e.g. /usr/sbin/sshd.
26
27 The options are as follows:
28
29 -4 Forces sshd to use IPv4 addresses only.
30
31 -6 Forces sshd to use IPv6 addresses only.
32
33 -C connection_spec
34 Specify the connection parameters to use for the -T extended test
35 mode. If provided, any Match directives in the configuration
36 file that would apply to the specified user, host, and address
37 will be set before the configuration is written to standard
38 output. The connection parameters are supplied as keyword=value
39 pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and
40 M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order,
41 either with multiple -C options or as a comma-separated list.
42
43 -c host_certificate_file
44 Specifies a path to a certificate file to identify sshd during
45 key exchange. The certificate file must match a host key file
46 specified using the -h option or the HostKey configuration
47 directive.
48
49 -D When this option is specified, sshd will not detach and does not
50 become a daemon. This allows easy monitoring of sshd.
51
52 -d Debug mode. The server sends verbose debug output to standard
53 error, and does not put itself in the background. The server
54 also will not fork and will only process one connection. This
55 option is only intended for debugging for the server. Multiple
56 -d options increase the debugging level. Maximum is 3.
57
58 -E log_file
59 Append debug logs to log_file instead of the system log.
60
61 -e Write debug logs to standard error instead of the system log.
62
63 -f config_file
64 Specifies the name of the configuration file. The default is
65 /etc/ssh/sshd_config. sshd refuses to start if there is no
66 configuration file.
67
68 -g login_grace_time
69 Gives the grace time for clients to authenticate themselves
70 (default 120 seconds). If the client fails to authenticate the
71 user within this many seconds, the server disconnects and exits.
72 A value of zero indicates no limit.
73
74 -h host_key_file
75 Specifies a file from which a host key is read. This option must
76 be given if sshd is not run as root (as the normal host key files
77 are normally not readable by anyone but root). The default is
78 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
79 /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It
80 is possible to have multiple host key files for the different
81 host key algorithms.
82
83 -i Specifies that sshd is being run from inetd(8).
84
85 -o option
86 Can be used to give options in the format used in the
87 configuration file. This is useful for specifying options for
88 which there is no separate command-line flag. For full details
89 of the options, and their values, see sshd_config(5).
90
91 -p port
92 Specifies the port on which the server listens for connections
93 (default 22). Multiple port options are permitted. Ports
94 specified in the configuration file with the Port option are
95 ignored when a command-line port is specified. Ports specified
96 using the ListenAddress option override command-line ports.
97
98 -q Quiet mode. Nothing is sent to the system log. Normally the
99 beginning, authentication, and termination of each connection is
100 logged.
101
102 -T Extended test mode. Check the validity of the configuration
103 file, output the effective configuration to stdout and then exit.
104 Optionally, Match rules may be applied by specifying the
105 connection parameters using one or more -C options.
106
107 -t Test mode. Only check the validity of the configuration file and
108 sanity of the keys. This is useful for updating sshd reliably as
109 configuration options may change.
110
111 -u len This option is used to specify the size of the field in the utmp
112 structure that holds the remote host name. If the resolved host
113 name is longer than len, the dotted decimal value will be used
114 instead. This allows hosts with very long host names that
115 overflow this field to still be uniquely identified. Specifying
116 -u0 indicates that only dotted decimal addresses should be put
117 into the utmp file. -u0 may also be used to prevent sshd from
118 making DNS requests unless the authentication mechanism or
119 configuration requires it. Authentication mechanisms that may
120 require DNS include HostbasedAuthentication and using a
121 from="pattern-list" option in a key file. Configuration options
122 that require DNS include using a USER@HOST pattern in AllowUsers
123 or DenyUsers.
124
125AUTHENTICATION
126 The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a
127 host-specific key, used to identify the host. Whenever a client
128 connects, the daemon responds with its public host key. The client
129 compares the host key against its own database to verify that it has not
130 changed. Forward security is provided through a Diffie-Hellman key
131 agreement. This key agreement results in a shared session key. The rest
132 of the session is encrypted using a symmetric cipher, currently 128-bit
133 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
134 client selects the encryption algorithm to use from those offered by the
135 server. Additionally, session integrity is provided through a
136 cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64,
137 umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512).
138
139 Finally, the server and the client enter an authentication dialog. The
140 client tries to authenticate itself using host-based authentication,
141 public key authentication, challenge-response authentication, or password
142 authentication.
143
144 Regardless of the authentication type, the account is checked to ensure
145 that it is accessible. An account is not accessible if it is locked,
146 listed in DenyUsers or its group is listed in DenyGroups . The
147 definition of a locked account is system dependant. Some platforms have
148 their own account database (eg AIX) and some modify the passwd field (
149 M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on
150 Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most
151 Linuxes). If there is a requirement to disable password authentication
152 for the account while allowing still public-key, then the passwd field
153 should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ).
154
155 If the client successfully authenticates itself, a dialog for preparing
156 the session is entered. At this time the client may request things like
157 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP
158 connections, or forwarding the authentication agent connection over the
159 secure channel.
160
161 After this, the client either requests a shell or execution of a command.
162 The sides then enter session mode. In this mode, either side may send
163 data at any time, and such data is forwarded to/from the shell or command
164 on the server side, and the user terminal in the client side.
165
166 When the user program terminates and all forwarded X11 and other
167 connections have been closed, the server sends command exit status to the
168 client, and both sides exit.
169
170LOGIN PROCESS
171 When a user successfully logs in, sshd does the following:
172
173 1. If the login is on a tty, and no command has been specified,
174 prints last login time and /etc/motd (unless prevented in the
175 configuration file or by ~/.hushlogin; see the FILES section).
176
177 2. If the login is on a tty, records login time.
178
179 3. Checks /etc/nologin; if it exists, prints contents and quits
180 (unless root).
181
182 4. Changes to run with normal user privileges.
183
184 5. Sets up basic environment.
185
186 6. Reads the file ~/.ssh/environment, if it exists, and users are
187 allowed to change their environment. See the
188 PermitUserEnvironment option in sshd_config(5).
189
190 7. Changes to user's home directory.
191
192 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option
193 is set, runs it; else if /etc/ssh/sshrc exists, runs it;
194 otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11
195 authentication protocol and cookie in standard input. See
196 SSHRC, below.
197
198 9. Runs user's shell or command. All commands are run under the
199 user's login shell as specified in the system password
200 database.
201
202SSHRC
203 If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
204 files but before starting the user's shell or command. It must not
205 produce any output on stdout; stderr must be used instead. If X11
206 forwarding is in use, it will receive the "proto cookie" pair in its
207 standard input (and DISPLAY in its environment). The script must call
208 xauth(1) because sshd will not run xauth automatically to add X11
209 cookies.
210
211 The primary purpose of this file is to run any initialization routines
212 which may be needed before the user's home directory becomes accessible;
213 AFS is a particular example of such an environment.
214
215 This file will probably contain some initialization code followed by
216 something similar to:
217
218 if read proto cookie && [ -n "$DISPLAY" ]; then
219 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
220 # X11UseLocalhost=yes
221 echo add unix:`echo $DISPLAY |
222 cut -c11-` $proto $cookie
223 else
224 # X11UseLocalhost=no
225 echo add $DISPLAY $proto $cookie
226 fi | xauth -q -
227 fi
228
229 If this file does not exist, /etc/ssh/sshrc is run, and if that does not
230 exist either, xauth is used to add the cookie.
231
232AUTHORIZED_KEYS FILE FORMAT
233 AuthorizedKeysFile specifies the files containing public keys for public
234 key authentication; if this option is not specified, the default is
235 ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the
236 file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
237 ignored as comments). Public keys consist of the following space-
238 separated fields: options, keytype, base64-encoded key, comment. The
239 options field is optional. The keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
240 M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
241 M-bM-^@M-^\ssh-rsaM-bM-^@M-^]; the comment field is not used for anything (but may be
242 convenient for the user to identify the key).
243
244 Note that lines in this file can be several hundred bytes long (because
245 of the size of the public key encoding) up to a limit of 8 kilobytes,
246 which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits.
247 You don't want to type them in; instead, copy the id_dsa.pub,
248 id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it.
249
250 sshd enforces a minimum RSA key modulus size of 768 bits.
251
252 The options (if present) consist of comma-separated option
253 specifications. No spaces are permitted, except within double quotes.
254 The following option specifications are supported (note that option
255 keywords are case-insensitive):
256
257 agent-forwarding
258 Enable authentication agent forwarding previously disabled by the
259 restrict option.
260
261 cert-authority
262 Specifies that the listed key is a certification authority (CA)
263 that is trusted to validate signed certificates for user
264 authentication.
265
266 Certificates may encode access restrictions similar to these key
267 options. If both certificate restrictions and key options are
268 present, the most restrictive union of the two is applied.
269
270 command="command"
271 Specifies that the command is executed whenever this key is used
272 for authentication. The command supplied by the user (if any) is
273 ignored. The command is run on a pty if the client requests a
274 pty; otherwise it is run without a tty. If an 8-bit clean
275 channel is required, one must not request a pty or should specify
276 no-pty. A quote may be included in the command by quoting it
277 with a backslash.
278
279 This option might be useful to restrict certain public keys to
280 perform just a specific operation. An example might be a key
281 that permits remote backups but nothing else. Note that the
282 client may specify TCP and/or X11 forwarding unless they are
283 explicitly prohibited, e.g. using the restrict key option.
284
285 The command originally supplied by the client is available in the
286 SSH_ORIGINAL_COMMAND environment variable. Note that this option
287 applies to shell, command or subsystem execution. Also note that
288 this command may be superseded by a sshd_config(5) ForceCommand
289 directive.
290
291 If a command is specified and a forced-command is embedded in a
292 certificate used for authentication, then the certificate will be
293 accepted only if the two commands are identical.
294
295 environment="NAME=value"
296 Specifies that the string is to be added to the environment when
297 logging in using this key. Environment variables set this way
298 override other default environment values. Multiple options of
299 this type are permitted. Environment processing is disabled by
300 default and is controlled via the PermitUserEnvironment option.
301
302 from="pattern-list"
303 Specifies that in addition to public key authentication, either
304 the canonical name of the remote host or its IP address must be
305 present in the comma-separated list of patterns. See PATTERNS in
306 ssh_config(5) for more information on patterns.
307
308 In addition to the wildcard matching that may be applied to
309 hostnames or addresses, a from stanza may match IP addresses
310 using CIDR address/masklen notation.
311
312 The purpose of this option is to optionally increase security:
313 public key authentication by itself does not trust the network or
314 name servers or anything (but the key); however, if somebody
315 somehow steals the key, the key permits an intruder to log in
316 from anywhere in the world. This additional option makes using a
317 stolen key more difficult (name servers and/or routers would have
318 to be compromised in addition to just the key).
319
320 no-agent-forwarding
321 Forbids authentication agent forwarding when this key is used for
322 authentication.
323
324 no-port-forwarding
325 Forbids TCP forwarding when this key is used for authentication.
326 Any port forward requests by the client will return an error.
327 This might be used, e.g. in connection with the command option.
328
329 no-pty Prevents tty allocation (a request to allocate a pty will fail).
330
331 no-user-rc
332 Disables execution of ~/.ssh/rc.
333
334 no-X11-forwarding
335 Forbids X11 forwarding when this key is used for authentication.
336 Any X11 forward requests by the client will return an error.
337
338 permitopen="host:port"
339 Limit local port forwarding with ssh(1) -L such that it may only
340 connect to the specified host and port. IPv6 addresses can be
341 specified by enclosing the address in square brackets. Multiple
342 permitopen options may be applied separated by commas. No
343 pattern matching is performed on the specified hostnames, they
344 must be literal domains or addresses. A port specification of *
345 matches any port.
346
347 port-forwarding
348 Enable port forwarding previously disabled by the restrict
349
350 principals="principals"
351 On a cert-authority line, specifies allowed principals for
352 certificate authentication as a comma-separated list. At least
353 one name from the list must appear in the certificate's list of
354 principals for the certificate to be accepted. This option is
355 ignored for keys that are not marked as trusted certificate
356 signers using the cert-authority option.
357
358 pty Permits tty allocation previously disabled by the restrict
359 option.
360
361 restrict
362 Enable all restrictions, i.e. disable port, agent and X11
363 forwarding, as well as disabling PTY allocation and execution of
364 ~/.ssh/rc. If any future restriction capabilities are added to
365 authorized_keys files they will be included in this set.
366
367 tunnel="n"
368 Force a tun(4) device on the server. Without this option, the
369 next available device will be used if the client requests a
370 tunnel.
371
372 user-rc
373 Enables execution of ~/.ssh/rc previously disabled by the
374 restrict option.
375
376 X11-forwarding
377 Permits X11 forwarding previously disabled by the restrict
378 option.
379
380 An example authorized_keys file:
381
382 # Comments allowed at start of line
383 ssh-rsa AAAAB3Nza...LiPk== user@example.net
384 from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
385 AAAAB2...19Q== john@example.net
386 command="dump /home",no-pty,no-port-forwarding ssh-dss
387 AAAAC3...51R== example.net
388 permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
389 AAAAB5...21S==
390 tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
391 jane@example.net
392 restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
393 user@example.net
394 restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
395 user@example.net
396
397SSH_KNOWN_HOSTS FILE FORMAT
398 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
399 public keys for all known hosts. The global file should be prepared by
400 the administrator (optional), and the per-user file is maintained
401 automatically: whenever the user connects from an unknown host, its key
402 is added to the per-user file.
403
404 Each line in these files contains the following fields: markers
405 (optional), hostnames, keytype, base64-encoded key, comment. The fields
406 are separated by spaces.
407
408 The marker is optional, but if it is present then it must be one of
409 M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification
410 authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on
411 the line is revoked and must not ever be accepted. Only one marker
412 should be used on a key line.
413
414 Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as
415 wildcards); each pattern in turn is matched against the canonical host
416 name (when authenticating a client) or against the user-supplied name
417 (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to
418 indicate negation: if the host name matches a negated pattern, it is not
419 accepted (by that line) even if it matched another pattern on the line.
420 A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y
421 brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number.
422
423 Alternately, hostnames may be stored in a hashed form which hides host
424 names and addresses should the file's contents be disclosed. Hashed
425 hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may
426 appear on a single line and none of the above negation or wildcard
427 operators may be applied.
428
429 The keytype and base64-encoded key are taken directly from the host key;
430 they can be obtained, for example, from /etc/ssh/ssh_host_rsa_key.pub.
431 The optional comment field continues to the end of the line, and is not
432 used.
433
434 Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments.
435
436 When performing host authentication, authentication is accepted if any
437 matching line has the proper key; either one that matches exactly or, if
438 the server has presented a certificate for authentication, the key of the
439 certification authority that signed the certificate. For a key to be
440 trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^]
441 marker described above.
442
443 The known hosts file also provides a facility to mark keys as revoked,
444 for example when it is known that the associated private key has been
445 stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at
446 the beginning of the key line, and are never accepted for authentication
447 or as certification authorities, but instead will produce a warning from
448 ssh(1) when they are encountered.
449
450 It is permissible (but not recommended) to have several lines or
451 different host keys for the same names. This will inevitably happen when
452 short forms of host names from different domains are put in the file. It
453 is possible that the files contain conflicting information;
454 authentication is accepted if valid information can be found from either
455 file.
456
457 Note that the lines in these files are typically hundreds of characters
458 long, and you definitely don't want to type in the host keys by hand.
459 Rather, generate them by a script, ssh-keyscan(1) or by taking, for
460 example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the
461 front. ssh-keygen(1) also offers some basic automated editing for
462 ~/.ssh/known_hosts including removing hosts matching a host name and
463 converting all host names to their hashed representations.
464
465 An example ssh_known_hosts file:
466
467 # Comments allowed at start of line
468 closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net
469 cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
470 # A hashed hostname
471 |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
472 AAAA1234.....=
473 # A revoked key
474 @revoked * ssh-rsa AAAAB5W...
475 # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
476 @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
477
478FILES
479 ~/.hushlogin
480 This file is used to suppress printing the last login time and
481 /etc/motd, if PrintLastLog and PrintMotd, respectively, are
482 enabled. It does not suppress printing of the banner specified
483 by Banner.
484
485 ~/.rhosts
486 This file is used for host-based authentication (see ssh(1) for
487 more information). On some machines this file may need to be
488 world-readable if the user's home directory is on an NFS
489 partition, because sshd reads it as root. Additionally, this
490 file must be owned by the user, and must not have write
491 permissions for anyone else. The recommended permission for most
492 machines is read/write for the user, and not accessible by
493 others.
494
495 ~/.shosts
496 This file is used in exactly the same way as .rhosts, but allows
497 host-based authentication without permitting login with
498 rlogin/rsh.
499
500 ~/.ssh/
501 This directory is the default location for all user-specific
502 configuration and authentication information. There is no
503 general requirement to keep the entire contents of this directory
504 secret, but the recommended permissions are read/write/execute
505 for the user, and not accessible by others.
506
507 ~/.ssh/authorized_keys
508 Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
509 for logging in as this user. The format of this file is
510 described above. The content of the file is not highly
511 sensitive, but the recommended permissions are read/write for the
512 user, and not accessible by others.
513
514 If this file, the ~/.ssh directory, or the user's home directory
515 are writable by other users, then the file could be modified or
516 replaced by unauthorized users. In this case, sshd will not
517 allow it to be used unless the StrictModes option has been set to
518 M-bM-^@M-^\noM-bM-^@M-^].
519
520 ~/.ssh/environment
521 This file is read into the environment at login (if it exists).
522 It can only contain empty lines, comment lines (that start with
523 M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
524 should be writable only by the user; it need not be readable by
525 anyone else. Environment processing is disabled by default and
526 is controlled via the PermitUserEnvironment option.
527
528 ~/.ssh/known_hosts
529 Contains a list of host keys for all hosts the user has logged
530 into that are not already in the systemwide list of known host
531 keys. The format of this file is described above. This file
532 should be writable only by root/the owner and can, but need not
533 be, world-readable.
534
535 ~/.ssh/rc
536 Contains initialization routines to be run before the user's home
537 directory becomes accessible. This file should be writable only
538 by the user, and need not be readable by anyone else.
539
540 /etc/hosts.equiv
541 This file is for host-based authentication (see ssh(1)). It
542 should only be writable by root.
543
544 /etc/moduli
545 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
546 Exchange" key exchange method. The file format is described in
547 moduli(5). If no usable groups are found in this file then fixed
548 internal groups will be used.
549
550 /etc/motd
551 See motd(5).
552
553 /etc/nologin
554 If this file exists, sshd refuses to let anyone except root log
555 in. The contents of the file are displayed to anyone trying to
556 log in, and non-root connections are refused. The file should be
557 world-readable.
558
559 /etc/shosts.equiv
560 This file is used in exactly the same way as hosts.equiv, but
561 allows host-based authentication without permitting login with
562 rlogin/rsh.
563
564 /etc/ssh/ssh_host_dsa_key
565 /etc/ssh/ssh_host_ecdsa_key
566 /etc/ssh/ssh_host_ed25519_key
567 /etc/ssh/ssh_host_rsa_key
568 These files contain the private parts of the host keys. These
569 files should only be owned by root, readable only by root, and
570 not accessible to others. Note that sshd does not start if these
571 files are group/world-accessible.
572
573 /etc/ssh/ssh_host_dsa_key.pub
574 /etc/ssh/ssh_host_ecdsa_key.pub
575 /etc/ssh/ssh_host_ed25519_key.pub
576 /etc/ssh/ssh_host_rsa_key.pub
577 These files contain the public parts of the host keys. These
578 files should be world-readable but writable only by root. Their
579 contents should match the respective private parts. These files
580 are not really used for anything; they are provided for the
581 convenience of the user so their contents can be copied to known
582 hosts files. These files are created using ssh-keygen(1).
583
584 /etc/ssh/ssh_known_hosts
585 Systemwide list of known host keys. This file should be prepared
586 by the system administrator to contain the public host keys of
587 all machines in the organization. The format of this file is
588 described above. This file should be writable only by root/the
589 owner and should be world-readable.
590
591 /etc/ssh/sshd_config
592 Contains configuration data for sshd. The file format and
593 configuration options are described in sshd_config(5).
594
595 /etc/ssh/sshrc
596 Similar to ~/.ssh/rc, it can be used to specify machine-specific
597 login-time initializations globally. This file should be
598 writable only by root, and should be world-readable.
599
600 /var/empty
601 chroot(2) directory used by sshd during privilege separation in
602 the pre-authentication phase. The directory should not contain
603 any files and must be owned by root and not group or world-
604 writable.
605
606 /var/run/sshd.pid
607 Contains the process ID of the sshd listening for connections (if
608 there are several daemons running concurrently for different
609 ports, this contains the process ID of the one started last).
610 The content of this file is not sensitive; it can be world-
611 readable.
612
613SEE ALSO
614 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
615 ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5),
616 inetd(8), sftp-server(8)
617
618AUTHORS
619 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
620 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
621 de Raadt and Dug Song removed many bugs, re-added newer features and
622 created OpenSSH. Markus Friedl contributed the support for SSH protocol
623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
624 for privilege separation.
625
626OpenBSD 6.0 November 30, 2016 OpenBSD 6.0
diff --git a/sshd_config.0 b/sshd_config.0
new file mode 100644
index 000000000..022c05226
--- /dev/null
+++ b/sshd_config.0
@@ -0,0 +1,1019 @@
1SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5)
2
3NAME
4 sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file
5
6SYNOPSIS
7 /etc/ssh/sshd_config
8
9DESCRIPTION
10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
11 specified with -f on the command line). The file contains keyword-
12 argument pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines
13 are interpreted as comments. Arguments may optionally be enclosed in
14 double quotes (") in order to represent arguments containing spaces.
15
16 The possible keywords and their meanings are as follows (note that
17 keywords are case-insensitive and arguments are case-sensitive):
18
19 AcceptEnv
20 Specifies what environment variables sent by the client will be
21 copied into the session's environ(7). See SendEnv in
22 ssh_config(5) for how to configure the client. The TERM
23 environment variable is always sent whenever the client requests
24 a pseudo-terminal as it is required by the protocol. Variables
25 are specified by name, which may contain the wildcard characters
26 M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be separated by
27 whitespace or spread across multiple AcceptEnv directives. Be
28 warned that some environment variables could be used to bypass
29 restricted user environments. For this reason, care should be
30 taken in the use of this directive. The default is not to accept
31 any environment variables.
32
33 AddressFamily
34 Specifies which address family should be used by sshd(8). Valid
35 arguments are any (the default), inet (use IPv4 only), or inet6
36 (use IPv6 only).
37
38 AllowAgentForwarding
39 Specifies whether ssh-agent(1) forwarding is permitted. The
40 default is yes. Note that disabling agent forwarding does not
41 improve security unless users are also denied shell access, as
42 they can always install their own forwarders.
43
44 AllowGroups
45 This keyword can be followed by a list of group name patterns,
46 separated by spaces. If specified, login is allowed only for
47 users whose primary group or supplementary group list matches one
48 of the patterns. Only group names are valid; a numerical group
49 ID is not recognized. By default, login is allowed for all
50 groups. The allow/deny directives are processed in the following
51 order: DenyUsers, AllowUsers, DenyGroups, and finally
52 AllowGroups.
53
54 See PATTERNS in ssh_config(5) for more information on patterns.
55
56 AllowStreamLocalForwarding
57 Specifies whether StreamLocal (Unix-domain socket) forwarding is
58 permitted. The available options are yes (the default) or all to
59 allow StreamLocal forwarding, no to prevent all StreamLocal
60 forwarding, local to allow local (from the perspective of ssh(1))
61 forwarding only or remote to allow remote forwarding only. Note
62 that disabling StreamLocal forwarding does not improve security
63 unless users are also denied shell access, as they can always
64 install their own forwarders.
65
66 AllowTcpForwarding
67 Specifies whether TCP forwarding is permitted. The available
68 options are yes (the default) or all to allow TCP forwarding, no
69 to prevent all TCP forwarding, local to allow local (from the
70 perspective of ssh(1)) forwarding only or remote to allow remote
71 forwarding only. Note that disabling TCP forwarding does not
72 improve security unless users are also denied shell access, as
73 they can always install their own forwarders.
74
75 AllowUsers
76 This keyword can be followed by a list of user name patterns,
77 separated by spaces. If specified, login is allowed only for
78 user names that match one of the patterns. Only user names are
79 valid; a numerical user ID is not recognized. By default, login
80 is allowed for all users. If the pattern takes the form
81 USER@HOST then USER and HOST are separately checked, restricting
82 logins to particular users from particular hosts. HOST criteria
83 may additionally contain addresses to match in CIDR
84 address/masklen format. The allow/deny directives are processed
85 in the following order: DenyUsers, AllowUsers, DenyGroups, and
86 finally AllowGroups.
87
88 See PATTERNS in ssh_config(5) for more information on patterns.
89
90 AuthenticationMethods
91 Specifies the authentication methods that must be successfully
92 completed for a user to be granted access. This option must be
93 followed by one or more comma-separated lists of authentication
94 method names, or by the single string any to indicate the default
95 behaviour of accepting any single authentication method. If the
96 default is overridden, then successful authentication requires
97 completion of every method in at least one of these lists.
98
99 For example, "publickey,password publickey,keyboard-interactive"
100 would require the user to complete public key authentication,
101 followed by either password or keyboard interactive
102 authentication. Only methods that are next in one or more lists
103 are offered at each stage, so for this example it would not be
104 possible to attempt password or keyboard-interactive
105 authentication before public key.
106
107 For keyboard interactive authentication it is also possible to
108 restrict authentication to a specific device by appending a colon
109 followed by the device identifier bsdauth, pam, or skey,
110 depending on the server configuration. For example,
111 "keyboard-interactive:bsdauth" would restrict keyboard
112 interactive authentication to the bsdauth device.
113
114 If the publickey method is listed more than once, sshd(8)
115 verifies that keys that have been used successfully are not
116 reused for subsequent authentications. For example,
117 "publickey,publickey" requires successful authentication using
118 two different public keys.
119
120 Note that each authentication method listed should also be
121 explicitly enabled in the configuration.
122
123 AuthorizedKeysCommand
124 Specifies a program to be used to look up the user's public keys.
125 The program must be owned by root, not writable by group or
126 others and specified by an absolute path. Arguments to
127 AuthorizedKeysCommand accept the tokens described in the TOKENS
128 section. If no arguments are specified then the username of the
129 target user is used.
130
131 The program should produce on standard output zero or more lines
132 of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a
133 key supplied by AuthorizedKeysCommand does not successfully
134 authenticate and authorize the user then public key
135 authentication continues using the usual AuthorizedKeysFile
136 files. By default, no AuthorizedKeysCommand is run.
137
138 AuthorizedKeysCommandUser
139 Specifies the user under whose account the AuthorizedKeysCommand
140 is run. It is recommended to use a dedicated user that has no
141 other role on the host than running authorized keys commands. If
142 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser
143 is not, then sshd(8) will refuse to start.
144
145 AuthorizedKeysFile
146 Specifies the file that contains the public keys used for user
147 authentication. The format is described in the AUTHORIZED_KEYS
148 FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile
149 accept the tokens described in the TOKENS section. After
150 expansion, AuthorizedKeysFile is taken to be an absolute path or
151 one relative to the user's home directory. Multiple files may be
152 listed, separated by whitespace. Alternately this option may be
153 set to none to skip checking for user keys in files. The default
154 is ".ssh/authorized_keys .ssh/authorized_keys2".
155
156 AuthorizedPrincipalsCommand
157 Specifies a program to be used to generate the list of allowed
158 certificate principals as per AuthorizedPrincipalsFile. The
159 program must be owned by root, not writable by group or others
160 and specified by an absolute path. Arguments to
161 AuthorizedPrincipalsCommand accept the tokens described in the
162 TOKENS section. If no arguments are specified then the username
163 of the target user is used.
164
165 The program should produce on standard output zero or more lines
166 of AuthorizedPrincipalsFile output. If either
167 AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is
168 specified, then certificates offered by the client for
169 authentication must contain a principal that is listed. By
170 default, no AuthorizedPrincipalsCommand is run.
171
172 AuthorizedPrincipalsCommandUser
173 Specifies the user under whose account the
174 AuthorizedPrincipalsCommand is run. It is recommended to use a
175 dedicated user that has no other role on the host than running
176 authorized principals commands. If AuthorizedPrincipalsCommand
177 is specified but AuthorizedPrincipalsCommandUser is not, then
178 sshd(8) will refuse to start.
179
180 AuthorizedPrincipalsFile
181 Specifies a file that lists principal names that are accepted for
182 certificate authentication. When using certificates signed by a
183 key listed in TrustedUserCAKeys, this file lists names, one of
184 which must appear in the certificate for it to be accepted for
185 authentication. Names are listed one per line preceded by key
186 options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
187 Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored.
188
189 Arguments to AuthorizedPrincipalsFile accept the tokens described
190 in the TOKENS section. After expansion, AuthorizedPrincipalsFile
191 is taken to be an absolute path or one relative to the user's
192 home directory. The default is none, i.e. not to use a
193 principals file M-bM-^@M-^S in this case, the username of the user must
194 appear in a certificate's principals list for it to be accepted.
195
196 Note that AuthorizedPrincipalsFile is only used when
197 authentication proceeds using a CA listed in TrustedUserCAKeys
198 and is not consulted for certification authorities trusted via
199 ~/.ssh/authorized_keys, though the principals= key option offers
200 a similar facility (see sshd(8) for details).
201
202 Banner The contents of the specified file are sent to the remote user
203 before authentication is allowed. If the argument is none then
204 no banner is displayed. By default, no banner is displayed.
205
206 ChallengeResponseAuthentication
207 Specifies whether challenge-response authentication is allowed
208 (e.g. via PAM or through authentication styles supported in
209 login.conf(5)) The default is yes.
210
211 ChrootDirectory
212 Specifies the pathname of a directory to chroot(2) to after
213 authentication. At session startup sshd(8) checks that all
214 components of the pathname are root-owned directories which are
215 not writable by any other user or group. After the chroot,
216 sshd(8) changes the working directory to the user's home
217 directory. Arguments to ChrootDirectory accept the tokens
218 described in the TOKENS section.
219
220 The ChrootDirectory must contain the necessary files and
221 directories to support the user's session. For an interactive
222 session this requires at least a shell, typically sh(1), and
223 basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4),
224 stderr(4), and tty(4) devices. For file transfer sessions using
225 SFTP no additional configuration of the environment is necessary
226 if the in-process sftp-server is used, though sessions which use
227 logging may require /dev/log inside the chroot directory on some
228 operating systems (see sftp-server(8) for details).
229
230 For safety, it is very important that the directory hierarchy be
231 prevented from modification by other processes on the system
232 (especially those outside the jail). Misconfiguration can lead
233 to unsafe environments which sshd(8) cannot detect.
234
235 The default is none, indicating not to chroot(2).
236
237 Ciphers
238 Specifies the ciphers allowed. Multiple ciphers must be comma-
239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
240 then the specified ciphers will be appended to the default set
241 instead of replacing them.
242
243 The supported ciphers are:
244
245 3des-cbc
246 aes128-cbc
247 aes192-cbc
248 aes256-cbc
249 aes128-ctr
250 aes192-ctr
251 aes256-ctr
252 aes128-gcm@openssh.com
253 aes256-gcm@openssh.com
254 arcfour
255 arcfour128
256 arcfour256
257 blowfish-cbc
258 cast128-cbc
259 chacha20-poly1305@openssh.com
260
261 The default is:
262
263 chacha20-poly1305@openssh.com,
264 aes128-ctr,aes192-ctr,aes256-ctr,
265 aes128-gcm@openssh.com,aes256-gcm@openssh.com
266
267 The list of available ciphers may also be obtained using "ssh -Q
268 cipher".
269
270 ClientAliveCountMax
271 Sets the number of client alive messages which may be sent
272 without sshd(8) receiving any messages back from the client. If
273 this threshold is reached while client alive messages are being
274 sent, sshd will disconnect the client, terminating the session.
275 It is important to note that the use of client alive messages is
276 very different from TCPKeepAlive. The client alive messages are
277 sent through the encrypted channel and therefore will not be
278 spoofable. The TCP keepalive option enabled by TCPKeepAlive is
279 spoofable. The client alive mechanism is valuable when the
280 client or server depend on knowing when a connection has become
281 inactive.
282
283 The default value is 3. If ClientAliveInterval is set to 15, and
284 ClientAliveCountMax is left at the default, unresponsive SSH
285 clients will be disconnected after approximately 45 seconds.
286
287 ClientAliveInterval
288 Sets a timeout interval in seconds after which if no data has
289 been received from the client, sshd(8) will send a message
290 through the encrypted channel to request a response from the
291 client. The default is 0, indicating that these messages will
292 not be sent to the client.
293
294 Compression
295 Specifies whether compression is enabled after the user has
296 authenticated successfully. The argument must be yes, delayed (a
297 legacy synonym for yes) or no. The default is yes.
298
299 DenyGroups
300 This keyword can be followed by a list of group name patterns,
301 separated by spaces. Login is disallowed for users whose primary
302 group or supplementary group list matches one of the patterns.
303 Only group names are valid; a numerical group ID is not
304 recognized. By default, login is allowed for all groups. The
305 allow/deny directives are processed in the following order:
306 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
307
308 See PATTERNS in ssh_config(5) for more information on patterns.
309
310 DenyUsers
311 This keyword can be followed by a list of user name patterns,
312 separated by spaces. Login is disallowed for user names that
313 match one of the patterns. Only user names are valid; a
314 numerical user ID is not recognized. By default, login is
315 allowed for all users. If the pattern takes the form USER@HOST
316 then USER and HOST are separately checked, restricting logins to
317 particular users from particular hosts. HOST criteria may
318 additionally contain addresses to match in CIDR address/masklen
319 format. The allow/deny directives are processed in the following
320 order: DenyUsers, AllowUsers, DenyGroups, and finally
321 AllowGroups.
322
323 See PATTERNS in ssh_config(5) for more information on patterns.
324
325 DisableForwarding
326 Disables all forwarding features, including X11, ssh-agent(1),
327 TCP and StreamLocal. This option overrides all other forwarding-
328 related options and may simplify restricted configurations.
329
330 FingerprintHash
331 Specifies the hash algorithm used when logging key fingerprints.
332 Valid options are: md5 and sha256. The default is sha256.
333
334 ForceCommand
335 Forces the execution of the command specified by ForceCommand,
336 ignoring any command supplied by the client and ~/.ssh/rc if
337 present. The command is invoked by using the user's login shell
338 with the -c option. This applies to shell, command, or subsystem
339 execution. It is most useful inside a Match block. The command
340 originally supplied by the client is available in the
341 SSH_ORIGINAL_COMMAND environment variable. Specifying a command
342 of internal-sftp will force the use of an in-process SFTP server
343 that requires no support files when used with ChrootDirectory.
344 The default is none.
345
346 GatewayPorts
347 Specifies whether remote hosts are allowed to connect to ports
348 forwarded for the client. By default, sshd(8) binds remote port
349 forwardings to the loopback address. This prevents other remote
350 hosts from connecting to forwarded ports. GatewayPorts can be
351 used to specify that sshd should allow remote port forwardings to
352 bind to non-loopback addresses, thus allowing other hosts to
353 connect. The argument may be no to force remote port forwardings
354 to be available to the local host only, yes to force remote port
355 forwardings to bind to the wildcard address, or clientspecified
356 to allow the client to select the address to which the forwarding
357 is bound. The default is no.
358
359 GSSAPIAuthentication
360 Specifies whether user authentication based on GSSAPI is allowed.
361 The default is no.
362
363 GSSAPICleanupCredentials
364 Specifies whether to automatically destroy the user's credentials
365 cache on logout. The default is yes.
366
367 GSSAPIStrictAcceptorCheck
368 Determines whether to be strict about the identity of the GSSAPI
369 acceptor a client authenticates against. If set to yes then the
370 client must authenticate against the host service on the current
371 hostname. If set to no then the client may authenticate against
372 any service key stored in the machine's default store. This
373 facility is provided to assist with operation on multi homed
374 machines. The default is yes.
375
376 HostbasedAcceptedKeyTypes
377 Specifies the key types that will be accepted for hostbased
378 authentication as a comma-separated pattern list. Alternately if
379 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
380 specified key types will be appended to the default set instead
381 of replacing them. The default for this option is:
382
383 ecdsa-sha2-nistp256-cert-v01@openssh.com,
384 ecdsa-sha2-nistp384-cert-v01@openssh.com,
385 ecdsa-sha2-nistp521-cert-v01@openssh.com,
386 ssh-ed25519-cert-v01@openssh.com,
387 ssh-rsa-cert-v01@openssh.com,
388 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
389 ssh-ed25519,ssh-rsa
390
391 The list of available key types may also be obtained using "ssh
392 -Q key".
393
394 HostbasedAuthentication
395 Specifies whether rhosts or /etc/hosts.equiv authentication
396 together with successful public key client host authentication is
397 allowed (host-based authentication). The default is no.
398
399 HostbasedUsesNameFromPacketOnly
400 Specifies whether or not the server will attempt to perform a
401 reverse name lookup when matching the name in the ~/.shosts,
402 ~/.rhosts, and /etc/hosts.equiv files during
403 HostbasedAuthentication. A setting of yes means that sshd(8)
404 uses the name supplied by the client rather than attempting to
405 resolve the name from the TCP connection itself. The default is
406 no.
407
408 HostCertificate
409 Specifies a file containing a public host certificate. The
410 certificate's public key must match a private host key already
411 specified by HostKey. The default behaviour of sshd(8) is not to
412 load any certificates.
413
414 HostKey
415 Specifies a file containing a private host key used by SSH. The
416 defaults are /etc/ssh/ssh_host_dsa_key,
417 /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and
418 /etc/ssh/ssh_host_rsa_key.
419
420 Note that sshd(8) will refuse to use a file if it is group/world-
421 accessible and that the HostKeyAlgorithms option restricts which
422 of the keys are actually used by sshd(8).
423
424 It is possible to have multiple host key files. It is also
425 possible to specify public host key files instead. In this case
426 operations on the private key will be delegated to an
427 ssh-agent(1).
428
429 HostKeyAgent
430 Identifies the UNIX-domain socket used to communicate with an
431 agent that has access to the private host keys. If the string
432 "SSH_AUTH_SOCK" is specified, the location of the socket will be
433 read from the SSH_AUTH_SOCK environment variable.
434
435 HostKeyAlgorithms
436 Specifies the host key algorithms that the server offers. The
437 default for this option is:
438
439 ecdsa-sha2-nistp256-cert-v01@openssh.com,
440 ecdsa-sha2-nistp384-cert-v01@openssh.com,
441 ecdsa-sha2-nistp521-cert-v01@openssh.com,
442 ssh-ed25519-cert-v01@openssh.com,
443 ssh-rsa-cert-v01@openssh.com,
444 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
445 ssh-ed25519,ssh-rsa
446
447 The list of available key types may also be obtained using "ssh
448 -Q key".
449
450 IgnoreRhosts
451 Specifies that .rhosts and .shosts files will not be used in
452 HostbasedAuthentication.
453
454 /etc/hosts.equiv and /etc/shosts.equiv are still used. The
455 default is yes.
456
457 IgnoreUserKnownHosts
458 Specifies whether sshd(8) should ignore the user's
459 ~/.ssh/known_hosts during HostbasedAuthentication. The default
460 is no.
461
462 IPQoS Specifies the IPv4 type-of-service or DSCP class for the
463 connection. Accepted values are af11, af12, af13, af21, af22,
464 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3,
465 cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, or a
466 numeric value. This option may take one or two arguments,
467 separated by whitespace. If one argument is specified, it is
468 used as the packet class unconditionally. If two values are
469 specified, the first is automatically selected for interactive
470 sessions and the second for non-interactive sessions. The
471 default is lowdelay for interactive sessions and throughput for
472 non-interactive sessions.
473
474 KbdInteractiveAuthentication
475 Specifies whether to allow keyboard-interactive authentication.
476 The argument to this keyword must be yes or no. The default is
477 to use whatever value ChallengeResponseAuthentication is set to
478 (by default yes).
479
480 KerberosAuthentication
481 Specifies whether the password provided by the user for
482 PasswordAuthentication will be validated through the Kerberos
483 KDC. To use this option, the server needs a Kerberos servtab
484 which allows the verification of the KDC's identity. The default
485 is no.
486
487 KerberosGetAFSToken
488 If AFS is active and the user has a Kerberos 5 TGT, attempt to
489 acquire an AFS token before accessing the user's home directory.
490 The default is no.
491
492 KerberosOrLocalPasswd
493 If password authentication through Kerberos fails then the
494 password will be validated via any additional local mechanism
495 such as /etc/passwd. The default is yes.
496
497 KerberosTicketCleanup
498 Specifies whether to automatically destroy the user's ticket
499 cache file on logout. The default is yes.
500
501 KexAlgorithms
502 Specifies the available KEX (Key Exchange) algorithms. Multiple
503 algorithms must be comma-separated. Alternately if the specified
504 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
505 will be appended to the default set instead of replacing them.
506 The supported algorithms are:
507
508 curve25519-sha256
509 curve25519-sha256@libssh.org
510 diffie-hellman-group1-sha1
511 diffie-hellman-group14-sha1
512 diffie-hellman-group-exchange-sha1
513 diffie-hellman-group-exchange-sha256
514 ecdh-sha2-nistp256
515 ecdh-sha2-nistp384
516 ecdh-sha2-nistp521
517
518 The default is:
519
520 curve25519-sha256,curve25519-sha256@libssh.org,
521 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
522 diffie-hellman-group-exchange-sha256,
523 diffie-hellman-group14-sha1
524
525 The list of available key exchange algorithms may also be
526 obtained using "ssh -Q kex".
527
528 ListenAddress
529 Specifies the local addresses sshd(8) should listen on. The
530 following forms may be used:
531
532 ListenAddress host|IPv4_addr|IPv6_addr
533 ListenAddress host|IPv4_addr:port
534 ListenAddress [host|IPv6_addr]:port
535
536 If port is not specified, sshd will listen on the address and all
537 Port options specified. The default is to listen on all local
538 addresses. Multiple ListenAddress options are permitted.
539
540 LoginGraceTime
541 The server disconnects after this time if the user has not
542 successfully logged in. If the value is 0, there is no time
543 limit. The default is 120 seconds.
544
545 LogLevel
546 Gives the verbosity level that is used when logging messages from
547 sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
548 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
549 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
550 higher levels of debugging output. Logging with a DEBUG level
551 violates the privacy of users and is not recommended.
552
553 MACs Specifies the available MAC (message authentication code)
554 algorithms. The MAC algorithm is used for data integrity
555 protection. Multiple algorithms must be comma-separated. If the
556 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
557 algorithms will be appended to the default set instead of
558 replacing them.
559
560 The algorithms that contain "-etm" calculate the MAC after
561 encryption (encrypt-then-mac). These are considered safer and
562 their use recommended. The supported MACs are:
563
564 hmac-md5
565 hmac-md5-96
566 hmac-ripemd160
567 hmac-sha1
568 hmac-sha1-96
569 hmac-sha2-256
570 hmac-sha2-512
571 umac-64@openssh.com
572 umac-128@openssh.com
573 hmac-md5-etm@openssh.com
574 hmac-md5-96-etm@openssh.com
575 hmac-ripemd160-etm@openssh.com
576 hmac-sha1-etm@openssh.com
577 hmac-sha1-96-etm@openssh.com
578 hmac-sha2-256-etm@openssh.com
579 hmac-sha2-512-etm@openssh.com
580 umac-64-etm@openssh.com
581 umac-128-etm@openssh.com
582
583 The default is:
584
585 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
586 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
587 hmac-sha1-etm@openssh.com,
588 umac-64@openssh.com,umac-128@openssh.com,
589 hmac-sha2-256,hmac-sha2-512,hmac-sha1
590
591 The list of available MAC algorithms may also be obtained using
592 "ssh -Q mac".
593
594 Match Introduces a conditional block. If all of the criteria on the
595 Match line are satisfied, the keywords on the following lines
596 override those set in the global section of the config file,
597 until either another Match line or the end of the file. If a
598 keyword appears in multiple Match blocks that are satisfied, only
599 the first instance of the keyword is applied.
600
601 The arguments to Match are one or more criteria-pattern pairs or
602 the single token All which matches all criteria. The available
603 criteria are User, Group, Host, LocalAddress, LocalPort, and
604 Address. The match patterns may consist of single entries or
605 comma-separated lists and may use the wildcard and negation
606 operators described in the PATTERNS section of ssh_config(5).
607
608 The patterns in an Address criteria may additionally contain
609 addresses to match in CIDR address/masklen format, such as
610 192.0.2.0/24 or 2001:db8::/32. Note that the mask length
611 provided must be consistent with the address - it is an error to
612 specify a mask length that is too long for the address or one
613 with bits set in this host portion of the address. For example,
614 192.0.2.0/33 and 192.0.2.0/8, respectively.
615
616 Only a subset of keywords may be used on the lines following a
617 Match keyword. Available keywords are AcceptEnv,
618 AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding,
619 AllowTcpForwarding, AllowUsers, AuthenticationMethods,
620 AuthorizedKeysCommand, AuthorizedKeysCommandUser,
621 AuthorizedKeysFile, AuthorizedPrincipalsCommand,
622 AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile,
623 Banner, ChrootDirectory, ClientAliveCountMax,
624 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
625 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
626 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS,
627 KbdInteractiveAuthentication, KerberosAuthentication,
628 MaxAuthTries, MaxSessions, PasswordAuthentication,
629 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY,
630 PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes,
631 PubkeyAuthentication, RekeyLimit, RevokedKeys,
632 StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys,
633 X11DisplayOffset, X11Forwarding and X11UseLocalHost.
634
635 MaxAuthTries
636 Specifies the maximum number of authentication attempts permitted
637 per connection. Once the number of failures reaches half this
638 value, additional failures are logged. The default is 6.
639
640 MaxSessions
641 Specifies the maximum number of open shell, login or subsystem
642 (e.g. sftp) sessions permitted per network connection. Multiple
643 sessions may be established by clients that support connection
644 multiplexing. Setting MaxSessions to 1 will effectively disable
645 session multiplexing, whereas setting it to 0 will prevent all
646 shell, login and subsystem sessions while still permitting
647 forwarding. The default is 10.
648
649 MaxStartups
650 Specifies the maximum number of concurrent unauthenticated
651 connections to the SSH daemon. Additional connections will be
652 dropped until authentication succeeds or the LoginGraceTime
653 expires for a connection. The default is 10:30:100.
654
655 Alternatively, random early drop can be enabled by specifying the
656 three colon separated values start:rate:full (e.g. "10:30:60").
657 sshd(8) will refuse connection attempts with a probability of
658 rate/100 (30%) if there are currently start (10) unauthenticated
659 connections. The probability increases linearly and all
660 connection attempts are refused if the number of unauthenticated
661 connections reaches full (60).
662
663 PasswordAuthentication
664 Specifies whether password authentication is allowed. The
665 default is yes.
666
667 PermitEmptyPasswords
668 When password authentication is allowed, it specifies whether the
669 server allows login to accounts with empty password strings. The
670 default is no.
671
672 PermitOpen
673 Specifies the destinations to which TCP port forwarding is
674 permitted. The forwarding specification must be one of the
675 following forms:
676
677 PermitOpen host:port
678 PermitOpen IPv4_addr:port
679 PermitOpen [IPv6_addr]:port
680
681 Multiple forwards may be specified by separating them with
682 whitespace. An argument of any can be used to remove all
683 restrictions and permit any forwarding requests. An argument of
684 none can be used to prohibit all forwarding requests. The
685 wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or
686 ports, respectively. By default all port forwarding requests are
687 permitted.
688
689 PermitRootLogin
690 Specifies whether root can log in using ssh(1). The argument
691 must be yes, prohibit-password, without-password,
692 forced-commands-only, or no. The default is prohibit-password.
693
694 If this option is set to prohibit-password or without-password,
695 password and keyboard-interactive authentication are disabled for
696 root.
697
698 If this option is set to forced-commands-only, root login with
699 public key authentication will be allowed, but only if the
700 command option has been specified (which may be useful for taking
701 remote backups even if root login is normally not allowed). All
702 other authentication methods are disabled for root.
703
704 If this option is set to no, root is not allowed to log in.
705
706 PermitTTY
707 Specifies whether pty(4) allocation is permitted. The default is
708 yes.
709
710 PermitTunnel
711 Specifies whether tun(4) device forwarding is allowed. The
712 argument must be yes, point-to-point (layer 3), ethernet (layer
713 2), or no. Specifying yes permits both point-to-point and
714 ethernet. The default is no.
715
716 Independent of this setting, the permissions of the selected
717 tun(4) device must allow access to the user.
718
719 PermitUserEnvironment
720 Specifies whether ~/.ssh/environment and environment= options in
721 ~/.ssh/authorized_keys are processed by sshd(8). The default is
722 no. Enabling environment processing may enable users to bypass
723 access restrictions in some configurations using mechanisms such
724 as LD_PRELOAD.
725
726 PermitUserRC
727 Specifies whether any ~/.ssh/rc file is executed. The default is
728 yes.
729
730 PidFile
731 Specifies the file that contains the process ID of the SSH
732 daemon, or none to not write one. The default is
733 /var/run/sshd.pid.
734
735 Port Specifies the port number that sshd(8) listens on. The default
736 is 22. Multiple options of this type are permitted. See also
737 ListenAddress.
738
739 PrintLastLog
740 Specifies whether sshd(8) should print the date and time of the
741 last user login when a user logs in interactively. The default
742 is yes.
743
744 PrintMotd
745 Specifies whether sshd(8) should print /etc/motd when a user logs
746 in interactively. (On some systems it is also printed by the
747 shell, /etc/profile, or equivalent.) The default is yes.
748
749 PubkeyAcceptedKeyTypes
750 Specifies the key types that will be accepted for public key
751 authentication as a comma-separated pattern list. Alternately if
752 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
753 specified key types will be appended to the default set instead
754 of replacing them. The default for this option is:
755
756 ecdsa-sha2-nistp256-cert-v01@openssh.com,
757 ecdsa-sha2-nistp384-cert-v01@openssh.com,
758 ecdsa-sha2-nistp521-cert-v01@openssh.com,
759 ssh-ed25519-cert-v01@openssh.com,
760 ssh-rsa-cert-v01@openssh.com,
761 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
762 ssh-ed25519,ssh-rsa
763
764 The list of available key types may also be obtained using "ssh
765 -Q key".
766
767 PubkeyAuthentication
768 Specifies whether public key authentication is allowed. The
769 default is yes.
770
771 RekeyLimit
772 Specifies the maximum amount of data that may be transmitted
773 before the session key is renegotiated, optionally followed a
774 maximum amount of time that may pass before the session key is
775 renegotiated. The first argument is specified in bytes and may
776 have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes,
777 Megabytes, or Gigabytes, respectively. The default is between
778 M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second
779 value is specified in seconds and may use any of the units
780 documented in the TIME FORMATS section. The default value for
781 RekeyLimit is default none, which means that rekeying is
782 performed after the cipher's default amount of data has been sent
783 or received and no time based rekeying is done.
784
785 RevokedKeys
786 Specifies revoked public keys file, or none to not use one. Keys
787 listed in this file will be refused for public key
788 authentication. Note that if this file is not readable, then
789 public key authentication will be refused for all users. Keys
790 may be specified as a text file, listing one public key per line,
791 or as an OpenSSH Key Revocation List (KRL) as generated by
792 ssh-keygen(1). For more information on KRLs, see the KEY
793 REVOCATION LISTS section in ssh-keygen(1).
794
795 StreamLocalBindMask
796 Sets the octal file creation mode mask (umask) used when creating
797 a Unix-domain socket file for local or remote port forwarding.
798 This option is only used for port forwarding to a Unix-domain
799 socket file.
800
801 The default value is 0177, which creates a Unix-domain socket
802 file that is readable and writable only by the owner. Note that
803 not all operating systems honor the file mode on Unix-domain
804 socket files.
805
806 StreamLocalBindUnlink
807 Specifies whether to remove an existing Unix-domain socket file
808 for local or remote port forwarding before creating a new one.
809 If the socket file already exists and StreamLocalBindUnlink is
810 not enabled, sshd will be unable to forward the port to the Unix-
811 domain socket file. This option is only used for port forwarding
812 to a Unix-domain socket file.
813
814 The argument must be yes or no. The default is no.
815
816 StrictModes
817 Specifies whether sshd(8) should check file modes and ownership
818 of the user's files and home directory before accepting login.
819 This is normally desirable because novices sometimes accidentally
820 leave their directory or files world-writable. The default is
821 yes. Note that this does not apply to ChrootDirectory, whose
822 permissions and ownership are checked unconditionally.
823
824 Subsystem
825 Configures an external subsystem (e.g. file transfer daemon).
826 Arguments should be a subsystem name and a command (with optional
827 arguments) to execute upon subsystem request.
828
829 The command sftp-server implements the SFTP file transfer
830 subsystem.
831
832 Alternately the name internal-sftp implements an in-process SFTP
833 server. This may simplify configurations using ChrootDirectory
834 to force a different filesystem root on clients.
835
836 By default no subsystems are defined.
837
838 SyslogFacility
839 Gives the facility code that is used when logging messages from
840 sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
841 LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
842 default is AUTH.
843
844 TCPKeepAlive
845 Specifies whether the system should send TCP keepalive messages
846 to the other side. If they are sent, death of the connection or
847 crash of one of the machines will be properly noticed. However,
848 this means that connections will die if the route is down
849 temporarily, and some people find it annoying. On the other
850 hand, if TCP keepalives are not sent, sessions may hang
851 indefinitely on the server, leaving "ghost" users and consuming
852 server resources.
853
854 The default is yes (to send TCP keepalive messages), and the
855 server will notice if the network goes down or the client host
856 crashes. This avoids infinitely hanging sessions.
857
858 To disable TCP keepalive messages, the value should be set to no.
859
860 TrustedUserCAKeys
861 Specifies a file containing public keys of certificate
862 authorities that are trusted to sign user certificates for
863 authentication, or none to not use one. Keys are listed one per
864 line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If
865 a certificate is presented for authentication and has its signing
866 CA key listed in this file, then it may be used for
867 authentication for any user listed in the certificate's
868 principals list. Note that certificates that lack a list of
869 principals will not be permitted for authentication using
870 TrustedUserCAKeys. For more details on certificates, see the
871 CERTIFICATES section in ssh-keygen(1).
872
873 UseDNS Specifies whether sshd(8) should look up the remote host name,
874 and to check that the resolved host name for the remote IP
875 address maps back to the very same IP address.
876
877 If this option is set to no (the default) then only addresses and
878 not host names may be used in ~/.ssh/authorized_keys from and
879 sshd_config Match Host directives.
880
881 UsePAM Enables the Pluggable Authentication Module interface. If set to
882 yes this will enable PAM authentication using
883 ChallengeResponseAuthentication and PasswordAuthentication in
884 addition to PAM account and session module processing for all
885 authentication types.
886
887 Because PAM challenge-response authentication usually serves an
888 equivalent role to password authentication, you should disable
889 either PasswordAuthentication or ChallengeResponseAuthentication.
890
891 If UsePAM is enabled, you will not be able to run sshd(8) as a
892 non-root user. The default is no.
893
894 UsePrivilegeSeparation
895 Specifies whether sshd(8) separates privileges by creating an
896 unprivileged child process to deal with incoming network traffic.
897 After successful authentication, another process will be created
898 that has the privilege of the authenticated user. The goal of
899 privilege separation is to prevent privilege escalation by
900 containing any corruption within the unprivileged processes. The
901 argument must be yes, no, or sandbox. If UsePrivilegeSeparation
902 is set to sandbox then the pre-authentication unprivileged
903 process is subject to additional restrictions. The default is
904 sandbox.
905
906 VersionAddendum
907 Optionally specifies additional text to append to the SSH
908 protocol banner sent by the server upon connection. The default
909 is none.
910
911 X11DisplayOffset
912 Specifies the first display number available for sshd(8)'s X11
913 forwarding. This prevents sshd from interfering with real X11
914 servers. The default is 10.
915
916 X11Forwarding
917 Specifies whether X11 forwarding is permitted. The argument must
918 be yes or no. The default is no.
919
920 When X11 forwarding is enabled, there may be additional exposure
921 to the server and to client displays if the sshd(8) proxy display
922 is configured to listen on the wildcard address (see
923 X11UseLocalhost), though this is not the default. Additionally,
924 the authentication spoofing and authentication data verification
925 and substitution occur on the client side. The security risk of
926 using X11 forwarding is that the client's X11 display server may
927 be exposed to attack when the SSH client requests forwarding (see
928 the warnings for ForwardX11 in ssh_config(5)). A system
929 administrator may have a stance in which they want to protect
930 clients that may expose themselves to attack by unwittingly
931 requesting X11 forwarding, which can warrant a no setting.
932
933 Note that disabling X11 forwarding does not prevent users from
934 forwarding X11 traffic, as users can always install their own
935 forwarders.
936
937 X11UseLocalhost
938 Specifies whether sshd(8) should bind the X11 forwarding server
939 to the loopback address or to the wildcard address. By default,
940 sshd binds the forwarding server to the loopback address and sets
941 the hostname part of the DISPLAY environment variable to
942 localhost. This prevents remote hosts from connecting to the
943 proxy display. However, some older X11 clients may not function
944 with this configuration. X11UseLocalhost may be set to no to
945 specify that the forwarding server should be bound to the
946 wildcard address. The argument must be yes or no. The default
947 is yes.
948
949 XAuthLocation
950 Specifies the full pathname of the xauth(1) program, or none to
951 not use one. The default is /usr/X11R6/bin/xauth.
952
953TIME FORMATS
954 sshd(8) command-line arguments and configuration file options that
955 specify time may be expressed using a sequence of the form:
956 time[qualifier], where time is a positive integer value and qualifier is
957 one of the following:
958
959 M-bM-^_M-(noneM-bM-^_M-) seconds
960 s | S seconds
961 m | M minutes
962 h | H hours
963 d | D days
964 w | W weeks
965
966 Each member of the sequence is added together to calculate the total time
967 value.
968
969 Time format examples:
970
971 600 600 seconds (10 minutes)
972 10m 10 minutes
973 1h30m 1 hour 30 minutes (90 minutes)
974
975TOKENS
976 Arguments to some keywords can make use of tokens, which are expanded at
977 runtime:
978
979 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y.
980 %F The fingerprint of the CA key.
981 %f The fingerprint of the key or certificate.
982 %h The home directory of the user.
983 %i The key ID in the certificate.
984 %K The base64-encoded CA key.
985 %k The base64-encoded key or certificate for authentication.
986 %s The serial number of the certificate.
987 %T The type of the CA key.
988 %t The key or certificate type.
989 %u The username.
990
991 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %t, and %u.
992
993 AuthorizedKeysFile accepts the tokens %%, %h, and %u.
994
995 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %K, %k, %h,
996 %i, %s, %T, %t, and %u.
997
998 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u.
999
1000 ChrootDirectory accepts the tokens %%, %h, and %u.
1001
1002FILES
1003 /etc/ssh/sshd_config
1004 Contains configuration data for sshd(8). This file should be
1005 writable by root only, but it is recommended (though not
1006 necessary) that it be world-readable.
1007
1008SEE ALSO
1009 sftp-server(8), sshd(8)
1010
1011AUTHORS
1012 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1013 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1014 de Raadt and Dug Song removed many bugs, re-added newer features and
1015 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1016 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1017 for privilege separation.
1018
1019OpenBSD 6.0 November 30, 2016 OpenBSD 6.0
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 05:59:29 +0000