summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog9394
-rw-r--r--config.h.in1770
-rwxr-xr-xconfigure20446
-rw-r--r--moduli.074
-rw-r--r--scp.0168
-rw-r--r--sftp-server.096
-rw-r--r--sftp.0386
-rw-r--r--ssh-add.0129
-rw-r--r--ssh-agent.0120
-rw-r--r--ssh-keygen.0570
-rw-r--r--ssh-keyscan.0111
-rw-r--r--ssh-keysign.052
-rw-r--r--ssh-pkcs11-helper.025
-rw-r--r--ssh.0971
-rw-r--r--ssh_config.01092
-rw-r--r--sshd.0626
-rw-r--r--sshd_config.01020
17 files changed, 37050 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 000000000..48f648d78
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,9394 @@
1commit d38f05dbdd291212bc95ea80648b72b7177e9f4e
2Author: Darren Tucker <dtucker@zip.com.au>
3Date: Mon Mar 20 13:38:27 2017 +1100
4
5 Add llabs() implementation.
6
7commit 72536316a219b7394996a74691a5d4ec197480f7
8Author: Damien Miller <djm@mindrot.org>
9Date: Mon Mar 20 12:23:04 2017 +1100
10
11 crank version numbers
12
13commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f
14Author: djm@openbsd.org <djm@openbsd.org>
15Date: Mon Mar 20 01:18:59 2017 +0000
16
17 upstream commit
18
19 openssh-7.5
20
21 Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
22
23commit db84e52fe9cfad57f22e7e23c5fbf00092385129
24Author: Damien Miller <djm@mindrot.org>
25Date: Mon Mar 20 12:07:20 2017 +1100
26
27 I'm a doofus.
28
29 Unbreak obvious syntax error.
30
31commit 89f04852db27643717c9c3a2b0dde97ae50099ee
32Author: Damien Miller <djm@mindrot.org>
33Date: Mon Mar 20 11:53:34 2017 +1100
34
35 on Cygwin, check paths from server for backslashes
36
37 Pointed out by Jann Horn of Google Project Zero
38
39commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9
40Author: Damien Miller <djm@mindrot.org>
41Date: Mon Mar 20 11:48:34 2017 +1100
42
43 Yet another synonym for ASCII: "646"
44
45 Used by NetBSD; this unbreaks mprintf() and friends there for the C
46 locale (caught by dtucker@ and his menagerie of test systems).
47
48commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b
49Author: Damien Miller <djm@mindrot.org>
50Date: Mon Mar 20 09:58:34 2017 +1100
51
52 create test mux socket in /tmp
53
54 Creating the socket in $OBJ could blow past the (quite limited)
55 path limit for Unix domain sockets. As a bandaid for bz#2660,
56 reported by Colin Watson; ok dtucker@
57
58commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163
59Author: markus@openbsd.org <markus@openbsd.org>
60Date: Wed Mar 15 07:07:39 2017 +0000
61
62 upstream commit
63
64 disallow KEXINIT before NEWKEYS; ok djm; report by
65 vegard.nossum at oracle.com
66
67 Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
68
69commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c
70Author: Darren Tucker <dtucker@zip.com.au>
71Date: Thu Mar 16 14:05:46 2017 +1100
72
73 Include includes.h for compat bits.
74
75commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad
76Author: Darren Tucker <dtucker@zip.com.au>
77Date: Thu Mar 16 13:45:17 2017 +1100
78
79 Wrap stdint.h in #ifdef HAVE_STDINT_H
80
81commit 55a1117d7342a0bf8b793250cf314bab6b482b99
82Author: Damien Miller <djm@mindrot.org>
83Date: Thu Mar 16 11:22:42 2017 +1100
84
85 Adapt Cygwin config script to privsep knob removal
86
87 Patch from Corinna Vinschen.
88
89commit 1a321bfdb91defe3c4d9cca5651724ae167e5436
90Author: deraadt@openbsd.org <deraadt@openbsd.org>
91Date: Wed Mar 15 03:52:30 2017 +0000
92
93 upstream commit
94
95 accidents happen to the best of us; ok djm
96
97 Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
98
99commit 25f837646be8c2017c914d34be71ca435dfc0e07
100Author: djm@openbsd.org <djm@openbsd.org>
101Date: Wed Mar 15 02:25:09 2017 +0000
102
103 upstream commit
104
105 fix regression in 7.4: deletion of PKCS#11-hosted keys
106 would fail unless they were specified by full physical pathname. Report and
107 fix from Jakub Jelen via bz#2682; ok dtucker@
108
109 Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
110
111commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
112Author: djm@openbsd.org <djm@openbsd.org>
113Date: Wed Mar 15 02:19:09 2017 +0000
114
115 upstream commit
116
117 Fix segfault when sshd attempts to load RSA1 keys (can
118 only happen when protocol v.1 support is enabled for the client). Reported by
119 Jakub Jelen in bz#2686; ok dtucker
120
121 Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
122
123commit 66705948c0639a7061a0d0753266da7685badfec
124Author: djm@openbsd.org <djm@openbsd.org>
125Date: Tue Mar 14 07:19:07 2017 +0000
126
127 upstream commit
128
129 Mark the sshd_config UsePrivilegeSeparation option as
130 deprecated, effectively making privsep mandatory in sandboxing mode. ok
131 markus@ deraadt@
132
133 (note: this doesn't remove the !privsep code paths, though that will
134 happen eventually).
135
136 Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
137
138commit f86586b03fe6cd8f595289bde200a94bc2c191af
139Author: Damien Miller <djm@mindrot.org>
140Date: Tue Mar 14 18:26:29 2017 +1100
141
142 Make seccomp-bpf sandbox work on Linux/X32
143
144 Allow clock_gettime syscall with X32 bit masked off. Apparently
145 this is required for at least some kernel versions. bz#2142
146 Patch mostly by Colin Watson. ok dtucker@
147
148commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6
149Author: Damien Miller <djm@mindrot.org>
150Date: Tue Mar 14 18:01:52 2017 +1100
151
152 require OpenSSL >=1.0.1
153
154commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
155Author: Damien Miller <djm@mindrot.org>
156Date: Tue Mar 14 17:48:43 2017 +1100
157
158 Remove macro trickery; no binary change
159
160 This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
161 prepending __NR_ to the syscall number parameter and just makes
162 them explicit in the macro invocations.
163
164 No binary change in stripped object file before/after.
165
166commit 5f1596e11d55539678c41f68aed358628d33d86f
167Author: Damien Miller <djm@mindrot.org>
168Date: Tue Mar 14 13:15:18 2017 +1100
169
170 support ioctls for ICA crypto card on Linux/s390
171
172 Based on patch from Eduardo Barretto; ok dtucker@
173
174commit b1b22dd0df2668b322dda174e501dccba2cf5c44
175Author: Darren Tucker <dtucker@zip.com.au>
176Date: Tue Mar 14 14:19:36 2017 +1100
177
178 Plumb conversion test into makefile.
179
180commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9
181Author: dtucker@openbsd.org <dtucker@openbsd.org>
182Date: Tue Mar 14 01:20:29 2017 +0000
183
184 upstream commit
185
186 Add unit test for convtime().
187
188 Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
189
190commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c
191Author: dtucker@openbsd.org <dtucker@openbsd.org>
192Date: Tue Mar 14 01:10:07 2017 +0000
193
194 upstream commit
195
196 Add ASSERT_LONG_* helpers.
197
198 Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
199
200commit c6774d21185220c0ba11e8fd204bf0ad1a432071
201Author: dtucker@openbsd.org <dtucker@openbsd.org>
202Date: Tue Mar 14 00:55:37 2017 +0000
203
204 upstream commit
205
206 Fix convtime() overflow test on boundary condition,
207 spotted by & ok djm.
208
209 Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
210
211commit f5746b40cfe6d767c8e128fe50c43274b31cd594
212Author: dtucker@openbsd.org <dtucker@openbsd.org>
213Date: Tue Mar 14 00:25:03 2017 +0000
214
215 upstream commit
216
217 Check for integer overflow when parsing times in
218 convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
219
220 Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
221
222commit f5907982f42a8d88a430b8a46752cbb7859ba979
223Author: Darren Tucker <dtucker@zip.com.au>
224Date: Tue Mar 14 13:38:15 2017 +1100
225
226 Add a "unit" target to run only unit tests.
227
228commit 9e96b41682aed793fadbea5ccd472f862179fb02
229Author: Damien Miller <djm@mindrot.org>
230Date: Tue Mar 14 12:24:47 2017 +1100
231
232 Fix weakness in seccomp-bpf sandbox arg inspection
233
234 Syscall arguments are passed via an array of 64-bit values in struct
235 seccomp_data, but we were only inspecting the bottom 32 bits and not
236 even those correctly for BE systems.
237
238 Fortunately, the only case argument inspection was used was in the
239 socketcall filtering so using this for sandbox escape seems
240 impossible.
241
242 ok dtucker
243
244commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275
245Author: djm@openbsd.org <djm@openbsd.org>
246Date: Sat Mar 11 23:44:16 2017 +0000
247
248 upstream commit
249
250 regress tests for loading certificates without public keys;
251 bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
252
253 Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
254
255commit 1e24552716194db8f2f620587b876158a9ef56ad
256Author: djm@openbsd.org <djm@openbsd.org>
257Date: Sat Mar 11 23:40:26 2017 +0000
258
259 upstream commit
260
261 allow ssh to use certificates accompanied by a private
262 key file but no corresponding plain *.pub public key. bz#2617 based on patch
263 from Adam Eijdenberg; ok dtucker@ markus@
264
265 Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
266
267commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
268Author: markus@openbsd.org <markus@openbsd.org>
269Date: Sat Mar 11 13:07:35 2017 +0000
270
271 upstream commit
272
273 Don't count the initial block twice when computing how
274 many bytes to discard for the work around for the attacks against CBC-mode.
275 ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
276
277 Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
278
279commit ef653dd5bd5777132d9f9ee356225f9ee3379504
280Author: dtucker@openbsd.org <dtucker@openbsd.org>
281Date: Fri Mar 10 07:18:32 2017 +0000
282
283 upstream commit
284
285 krl.c
286
287 Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
288
289commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0
290Author: Damien Miller <djm@mindrot.org>
291Date: Sun Mar 12 10:48:14 2017 +1100
292
293 sync fmt_scaled.c with OpenBSD
294
295 revision 1.13
296 date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R;
297 fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
298 using AFL against ssh_config. ok deraadt@ millert@
299 ----------------------------
300 revision 1.12
301 date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5;
302 fairly simple unsigned char casts for ctype
303 ok krw
304 ----------------------------
305 revision 1.11
306 date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2;
307 make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
308 an invalid multiplier, like the man page says it should
309
310 "looks sensible" deraadt@, ok ian@
311 ----------------------------
312 revision 1.10
313 date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4;
314 use llabs instead of the home-grown version; and some comment changes
315 ok ian@, millert@
316 ----------------------------
317
318commit 894221a63fa061e52e414ca58d47edc5fe645968
319Author: djm@openbsd.org <djm@openbsd.org>
320Date: Fri Mar 10 05:01:13 2017 +0000
321
322 upstream commit
323
324 When updating hostkeys, accept RSA keys if
325 HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
326 keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
327 nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
328 dtucker@
329
330 Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
331
332commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c
333Author: djm@openbsd.org <djm@openbsd.org>
334Date: Fri Mar 10 04:24:55 2017 +0000
335
336 upstream commit
337
338 make hostname matching really insensitive to case;
339 bz#2685, reported by Petr Cerny; ok dtucker@
340
341 Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
342
343commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f
344Author: djm@openbsd.org <djm@openbsd.org>
345Date: Fri Mar 10 03:52:48 2017 +0000
346
347 upstream commit
348
349 reword a comment to make it fit 80 columns
350
351 Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
352
353commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc
354Author: djm@openbsd.org <djm@openbsd.org>
355Date: Fri Mar 10 04:27:32 2017 +0000
356
357 upstream commit
358
359 better match sshd config parser behaviour: fatal() if
360 line is overlong, increase line buffer to match sshd's; bz#2651 reported by
361 Don Fong; ok dtucker@
362
363 Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
364
365commit db2597207e69912f2592cd86a1de8e948a9d7ffb
366Author: djm@openbsd.org <djm@openbsd.org>
367Date: Fri Mar 10 04:26:06 2017 +0000
368
369 upstream commit
370
371 ensure hostname is lower-case before hashing it;
372 bz#2591 reported by Griff Miller II; ok dtucker@
373
374 Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
375
376commit df9936936c695f85c1038bd706d62edf752aca4b
377Author: djm@openbsd.org <djm@openbsd.org>
378Date: Fri Mar 10 04:24:55 2017 +0000
379
380 upstream commit
381
382 make hostname matching really insensitive to case;
383 bz#2685, reported by Petr Cerny; ok dtucker@
384
385 Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
386
387commit 67eed24bfa7645d88fa0b883745fccb22a0e527e
388Author: dtucker@openbsd.org <dtucker@openbsd.org>
389Date: Fri Mar 10 04:11:00 2017 +0000
390
391 upstream commit
392
393 Remove old null check from config dumper. Patch from
394 jjelen at redhat.com vi bz#2687, ok djm@
395
396 Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
397
398commit 183ba55aaaecca0206184b854ad6155df237adbe
399Author: djm@openbsd.org <djm@openbsd.org>
400Date: Fri Mar 10 04:07:20 2017 +0000
401
402 upstream commit
403
404 fix regression in 7.4 server-sig-algs, where we were
405 accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
406 Goncalves; ok dtucker@
407
408 Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
409
410commit 66be4fe8c4435af5bbc82998501a142a831f1181
411Author: dtucker@openbsd.org <dtucker@openbsd.org>
412Date: Fri Mar 10 03:53:11 2017 +0000
413
414 upstream commit
415
416 Check for NULL return value from key_new. Patch from
417 jjelen at redhat.com via bz#2687, ok djm@
418
419 Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
420
421commit ec2892b5c7fea199914cb3a6afb3af38f84990bf
422Author: djm@openbsd.org <djm@openbsd.org>
423Date: Fri Mar 10 03:52:48 2017 +0000
424
425 upstream commit
426
427 reword a comment to make it fit 80 columns
428
429 Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
430
431commit 7fadbb6da3f4122de689165651eb39985e1cba85
432Author: dtucker@openbsd.org <dtucker@openbsd.org>
433Date: Fri Mar 10 03:48:57 2017 +0000
434
435 upstream commit
436
437 Check for NULL argument to sshkey_read. Patch from
438 jjelen at redhat.com via bz#2687, ok djm@
439
440 Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
441
442commit 5a06b9e019e2b0b0f65a223422935b66f3749de3
443Author: dtucker@openbsd.org <dtucker@openbsd.org>
444Date: Fri Mar 10 03:45:40 2017 +0000
445
446 upstream commit
447
448 Plug some mem leaks mostly on error paths. From jjelen
449 at redhat.com via bz#2687, ok djm@
450
451 Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
452
453commit f6edbe9febff8121f26835996b1229b5064d31b7
454Author: dtucker@openbsd.org <dtucker@openbsd.org>
455Date: Fri Mar 10 03:24:48 2017 +0000
456
457 upstream commit
458
459 Plug mem leak on GLOB_NOMATCH case. From jjelen at
460 redhat.com via bz#2687, ok djm@
461
462 Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
463
464commit 566b3a46e89a2fda2db46f04f2639e92da64a120
465Author: dtucker@openbsd.org <dtucker@openbsd.org>
466Date: Fri Mar 10 03:22:40 2017 +0000
467
468 upstream commit
469
470 Plug descriptor leaks of auth_sock. From jjelen at
471 redhat.com via bz#2687, ok djm@
472
473 Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
474
475commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2
476Author: djm@openbsd.org <djm@openbsd.org>
477Date: Fri Mar 10 03:18:24 2017 +0000
478
479 upstream commit
480
481 correctly hash hosts with a port number. Reported by Josh
482 Powers in bz#2692; ok dtucker@
483
484 Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
485
486commit 9747b9c742de409633d4753bf1a752cbd211e2d3
487Author: djm@openbsd.org <djm@openbsd.org>
488Date: Fri Mar 10 03:15:58 2017 +0000
489
490 upstream commit
491
492 don't truncate off \r\n from long stderr lines; bz#2688,
493 reported by Brian Dyson; ok dtucker@
494
495 Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
496
497commit 4a4b75adac862029a1064577eb5af299b1580cdd
498Author: dtucker@openbsd.org <dtucker@openbsd.org>
499Date: Fri Mar 10 02:59:51 2017 +0000
500
501 upstream commit
502
503 Validate digest arg in ssh_digest_final; from jjelen at
504 redhat.com via bz#2687, ok djm@
505
506 Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
507
508commit bee0167be2340d8de4bdc1ab1064ec957c85a447
509Author: Darren Tucker <dtucker@zip.com.au>
510Date: Fri Mar 10 13:40:18 2017 +1100
511
512 Check for NULL from malloc.
513
514 Part of bz#2687, from jjelen at redhat.com.
515
516commit da39b09d43b137a5a3d071b51589e3efb3701238
517Author: Darren Tucker <dtucker@zip.com.au>
518Date: Fri Mar 10 13:22:32 2017 +1100
519
520 If OSX is using launchd, remove screen no.
521
522 Check for socket with and without screen number. From Apple and Jakob
523 Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
524
525commit 8fb15311a011517eb2394bb95a467c209b8b336c
526Author: djm@openbsd.org <djm@openbsd.org>
527Date: Wed Mar 8 12:07:47 2017 +0000
528
529 upstream commit
530
531 quote [host]:port in generated ProxyJump commandline; the
532 [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
533 Tirkkonen via bugs@
534
535 Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
536
537commit 18501151cf272a15b5f2c5e777f2e0933633c513
538Author: dtucker@openbsd.org <dtucker@openbsd.org>
539Date: Mon Mar 6 02:03:20 2017 +0000
540
541 upstream commit
542
543 Check l->hosts before dereferencing; fixes potential null
544 pointer deref. ok djm@
545
546 Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
547
548commit d072370793f1a20f01ad827ba8fcd3b8f2c46165
549Author: dtucker@openbsd.org <dtucker@openbsd.org>
550Date: Mon Mar 6 00:44:51 2017 +0000
551
552 upstream commit
553
554 linenum is unsigned long so use %lu in log formats. ok
555 deraadt@
556
557 Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
558
559commit 12d3767ba4c84c32150cbe6ff6494498780f12c9
560Author: djm@openbsd.org <djm@openbsd.org>
561Date: Fri Mar 3 06:13:11 2017 +0000
562
563 upstream commit
564
565 fix ssh-keygen -H accidentally corrupting known_hosts that
566 contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
567 hostkeys_foreach() when hostname matching is in use, so we need to look for
568 the hash marker explicitly.
569
570 Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
571
572commit d7abb771bd5a941b26144ba400a34563a1afa589
573Author: djm@openbsd.org <djm@openbsd.org>
574Date: Tue Feb 28 06:10:08 2017 +0000
575
576 upstream commit
577
578 small memleak: free fd_set on connection timeout (though
579 we are heading to exit anyway). From Tom Rix in bz#2683
580
581 Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
582
583commit 78142e3ab3887e53a968d6e199bcb18daaf2436e
584Author: jmc@openbsd.org <jmc@openbsd.org>
585Date: Mon Feb 27 14:30:33 2017 +0000
586
587 upstream commit
588
589 errant dot; from klemens nanni
590
591 Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
592
593commit 8071a6924c12bb51406a9a64a4b2892675112c87
594Author: djm@openbsd.org <djm@openbsd.org>
595Date: Fri Feb 24 03:16:34 2017 +0000
596
597 upstream commit
598
599 might as well set the listener socket CLOEXEC
600
601 Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
602
603commit d5499190559ebe374bcdfa8805408646ceffad64
604Author: djm@openbsd.org <djm@openbsd.org>
605Date: Sun Feb 19 00:11:29 2017 +0000
606
607 upstream commit
608
609 add test cases for C locale; ok schwarze@
610
611 Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
612
613commit 011c8ffbb0275281a0cf330054cf21be10c43e37
614Author: djm@openbsd.org <djm@openbsd.org>
615Date: Sun Feb 19 00:10:57 2017 +0000
616
617 upstream commit
618
619 Add a common nl_langinfo(CODESET) alias for US-ASCII
620 "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
621 non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
622
623 Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
624
625commit 0c4430a19b73058a569573492f55e4c9eeaae67b
626Author: dtucker@openbsd.org <dtucker@openbsd.org>
627Date: Tue Feb 7 23:03:11 2017 +0000
628
629 upstream commit
630
631 Remove deprecated SSH1 options RSAAuthentication and
632 RhostsRSAAuthentication from regression test sshd_config.
633
634 Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
635
636commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199
637Author: dtucker@openbsd.org <dtucker@openbsd.org>
638Date: Fri Feb 17 02:32:05 2017 +0000
639
640 upstream commit
641
642 Do not show rsa1 key type in usage when compiled without
643 SSH1 support.
644
645 Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
646
647commit ecc35893715f969e98fee118481f404772de4132
648Author: dtucker@openbsd.org <dtucker@openbsd.org>
649Date: Fri Feb 17 02:31:14 2017 +0000
650
651 upstream commit
652
653 ifdef out "rsa1" from the list of supported keytypes when
654 compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@
655
656 Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
657
658commit 10577c6d96a55b877a960b2d0b75edef1b9945af
659Author: djm@openbsd.org <djm@openbsd.org>
660Date: Fri Feb 17 02:04:15 2017 +0000
661
662 upstream commit
663
664 For ProxyJump/-J, surround host name with brackets to
665 allow literal IPv6 addresses. From Dick Visser; ok dtucker@
666
667 Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
668
669commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4
670Author: jsg@openbsd.org <jsg@openbsd.org>
671Date: Wed Feb 15 23:38:31 2017 +0000
672
673 upstream commit
674
675 Fix memory leaks in match_filter_list() error paths.
676
677 ok dtucker@ markus@
678
679 Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
680
681commit 6d5a41b38b55258213ecfaae9df7a758caa752a1
682Author: djm@openbsd.org <djm@openbsd.org>
683Date: Wed Feb 15 01:46:47 2017 +0000
684
685 upstream commit
686
687 fix division by zero crash in "df" output when server
688 returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
689 dtucker@
690
691 Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
692
693commit bd5d7d239525d595ecea92765334af33a45d9d63
694Author: Darren Tucker <dtucker@zip.com.au>
695Date: Sun Feb 12 15:45:15 2017 +1100
696
697 ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
698
699 EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
700 for the benefit of OpenSSL versions prior to that.
701
702commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe
703Author: djm@openbsd.org <djm@openbsd.org>
704Date: Fri Feb 10 04:34:50 2017 +0000
705
706 upstream commit
707
708 bring back r1.34 that was backed out for problems loading
709 public keys:
710
711 translate OpenSSL error codes to something more
712 meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
713
714 with additional fix from Jakub Jelen to solve the backout.
715 bz#2525 bz#2523 re-ok dtucker@
716
717 Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
718
719commit a287c5ad1e0bf9811c7b9221979b969255076019
720Author: djm@openbsd.org <djm@openbsd.org>
721Date: Fri Feb 10 03:36:40 2017 +0000
722
723 upstream commit
724
725 Sanitise escape sequences in key comments sent to printf
726 but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
727
728 Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
729
730commit e40269be388972848aafcca7060111c70aab5b87
731Author: millert@openbsd.org <millert@openbsd.org>
732Date: Wed Feb 8 20:32:43 2017 +0000
733
734 upstream commit
735
736 Avoid printf %s NULL. From semarie@, OK djm@
737
738 Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
739
740commit 5b90709ab8704dafdb31e5651073b259d98352bc
741Author: djm@openbsd.org <djm@openbsd.org>
742Date: Mon Feb 6 09:22:51 2017 +0000
743
744 upstream commit
745
746 Restore \r\n newline sequence for server ident string. The CR
747 got lost in the flensing of SSHv1. Pointed out by Stef Bon
748
749 Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
750
751commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc
752Author: djm@openbsd.org <djm@openbsd.org>
753Date: Fri Feb 3 23:01:42 2017 +0000
754
755 upstream commit
756
757 unit test for match_filter_list() function; still want a
758 better name for this...
759
760 Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
761
762commit f1a193464a7b77646f0d0cedc929068e4a413ab4
763Author: djm@openbsd.org <djm@openbsd.org>
764Date: Fri Feb 3 23:05:57 2017 +0000
765
766 upstream commit
767
768 use ssh_packet_set_log_preamble() to include connection
769 username in packet log messages, e.g.
770
771 Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
772
773 ok markus@ bz#113
774
775 Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
776
777commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441
778Author: djm@openbsd.org <djm@openbsd.org>
779Date: Fri Feb 3 23:03:33 2017 +0000
780
781 upstream commit
782
783 add ssh_packet_set_log_preamble() to allow inclusion of a
784 preamble string in disconnect messages; ok markus@
785
786 Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
787
788commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
789Author: djm@openbsd.org <djm@openbsd.org>
790Date: Fri Feb 3 23:01:19 2017 +0000
791
792 upstream commit
793
794 support =- for removing methods from algorithms lists,
795 e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
796 it" markus@
797
798 Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
799
800commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e
801Author: djm@openbsd.org <djm@openbsd.org>
802Date: Fri Feb 3 05:05:56 2017 +0000
803
804 upstream commit
805
806 allow form-feed characters at EOL; bz#2431 ok dtucker@
807
808 Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
809
810commit 523db8540b720c4d21ab0ff6f928476c70c38aab
811Author: Damien Miller <djm@mindrot.org>
812Date: Fri Feb 3 16:01:22 2017 +1100
813
814 prefer to use ldns-config to find libldns
815
816 Should fix bz#2603 - "Build with ldns and without kerberos support
817 fails if ldns compiled with kerberos support" by including correct
818 cflags/libs
819
820 ok dtucker@
821
822commit c998bf0afa1a01257a53793eba57941182e9e0b7
823Author: dtucker@openbsd.org <dtucker@openbsd.org>
824Date: Fri Feb 3 02:56:00 2017 +0000
825
826 upstream commit
827
828 Make ssh_packet_set_rekey_limits take u32 for the number of
829 seconds until rekeying (negative values are rejected at config parse time).
830 This allows the removal of some casts and a signed vs unsigned comparison
831 warning.
832
833 rekey_time is cast to int64 for the comparison which is a no-op
834 on OpenBSD, but should also do the right thing in -portable on
835 anything still using 32bit time_t (until the system time actually
836 wraps, anyway).
837
838 some early guidance deraadt@, ok djm@
839
840 Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
841
842commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422
843Author: jsg@openbsd.org <jsg@openbsd.org>
844Date: Thu Feb 2 10:54:25 2017 +0000
845
846 upstream commit
847
848 In vasnmprintf() return an error if malloc fails and
849 don't set a function argument to the address of free'd memory.
850
851 ok djm@
852
853 Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
854
855commit 858252fb1d451ebb0969cf9749116c8f0ee42753
856Author: dtucker@openbsd.org <dtucker@openbsd.org>
857Date: Wed Feb 1 02:59:09 2017 +0000
858
859 upstream commit
860
861 Return true reason for port forwarding failures where
862 feasible rather than always "administratively prohibited". bz#2674, ok djm@
863
864 Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
865
866commit 6ba9f893838489add6ec4213c7a997b425e4a9e0
867Author: dtucker@openbsd.org <dtucker@openbsd.org>
868Date: Mon Jan 30 23:27:39 2017 +0000
869
870 upstream commit
871
872 Small correction to the known_hosts section on when it is
873 updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
874 sdf.org
875
876 Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
877
878commit c61d5ec3c11e7ff9779b6127421d9f166cf10915
879Author: Darren Tucker <dtucker@zip.com.au>
880Date: Fri Feb 3 14:10:34 2017 +1100
881
882 Remove _XOPEN_SOURCE from wide char detection.
883
884 Having _XOPEN_SOURCE unconditionally causes problems on some platforms
885 and configurations, notably Solaris 64-bit binaries. It was there for
886 the benefit of Linux put the required bits in the *-*linux* section.
887
888 Patch from yvoinov at gmail.com.
889
890commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd
891Author: djm@openbsd.org <djm@openbsd.org>
892Date: Mon Jan 30 05:22:14 2017 +0000
893
894 upstream commit
895
896 fully unbreak: some $SSH invocations did not have -F
897 specified and could pick up the ~/.ssh/config of the user running the tests
898
899 Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
900
901commit 6956e21fb26652887475fe77ea40d2efcf25908b
902Author: djm@openbsd.org <djm@openbsd.org>
903Date: Mon Jan 30 04:54:07 2017 +0000
904
905 upstream commit
906
907 partially unbreak: was not specifying hostname on some
908 $SSH invocations
909
910 Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
911
912commit 52763dd3fe0a4678dafdf7aeb32286e514130afc
913Author: djm@openbsd.org <djm@openbsd.org>
914Date: Mon Jan 30 01:03:00 2017 +0000
915
916 upstream commit
917
918 revise keys/principals command hang fix (bz#2655) to
919 consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
920 dtucker@
921
922 Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
923
924commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
925Author: djm@openbsd.org <djm@openbsd.org>
926Date: Mon Jan 30 00:38:50 2017 +0000
927
928 upstream commit
929
930 small cleanup post SSHv1 removal:
931
932 remove SSHv1-isms in commented examples
933
934 reorder token table to group deprecated and compile-time conditional tokens
935 better
936
937 fix config dumping code for some compile-time conditional options that
938 weren't being correctly skipped (SSHv1 and PKCS#11)
939
940 Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
941
942commit 4833d01591b7eb049489d9558b65f5553387ed43
943Author: djm@openbsd.org <djm@openbsd.org>
944Date: Mon Jan 30 00:34:01 2017 +0000
945
946 upstream commit
947
948 some explicit NULL tests when dumping configured
949 forwardings; from Karsten Weiss
950
951 Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
952
953commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2
954Author: djm@openbsd.org <djm@openbsd.org>
955Date: Mon Jan 30 00:32:28 2017 +0000
956
957 upstream commit
958
959 misplaced braces in test; from Karsten Weiss
960
961 Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
962
963commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb
964Author: djm@openbsd.org <djm@openbsd.org>
965Date: Mon Jan 30 00:32:03 2017 +0000
966
967 upstream commit
968
969 don't dereference authctxt before testing != NULL, it
970 causes compilers to make assumptions; from Karsten Weiss
971
972 Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
973
974commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057
975Author: djm@openbsd.org <djm@openbsd.org>
976Date: Fri Jan 6 02:51:16 2017 +0000
977
978 upstream commit
979
980 use correct ssh-add program; bz#2654, from Colin Watson
981
982 Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
983
984commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5
985Author: dtucker@openbsd.org <dtucker@openbsd.org>
986Date: Fri Jan 6 02:26:10 2017 +0000
987
988 upstream commit
989
990 Account for timeouts in the integrity tests as failures.
991
992 If the first test in a series for a given MAC happens to modify the low
993 bytes of a packet length, then ssh will time out and this will be
994 interpreted as a test failure. Patch from cjwatson at debian.org via
995 bz#2658.
996
997 Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
998
999commit dbaf599b61bd6e0f8469363a8c8e7f633b334018
1000Author: dtucker@openbsd.org <dtucker@openbsd.org>
1001Date: Fri Jan 6 02:09:25 2017 +0000
1002
1003 upstream commit
1004
1005 Make forwarding test less racy by using unix domain
1006 sockets instead of TCP ports where possible. Patch from cjwatson at
1007 debian.org via bz#2659.
1008
1009 Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
1010
1011commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6
1012Author: dtucker@openbsd.org <dtucker@openbsd.org>
1013Date: Sun Jan 29 21:35:23 2017 +0000
1014
1015 upstream commit
1016
1017 Fix typo in ~C error message for bad port forward
1018 cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
1019 bugtracker.
1020
1021 Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
1022
1023commit 4ba15462ca38883b8a61a1eccc093c79462d5414
1024Author: guenther@openbsd.org <guenther@openbsd.org>
1025Date: Sat Jan 21 11:32:04 2017 +0000
1026
1027 upstream commit
1028
1029 The POSIX APIs that that sockaddrs all ignore the s*_len
1030 field in the incoming socket, so userspace doesn't need to set it unless it
1031 has its own reasons for tracking the size along with the sockaddr.
1032
1033 ok phessler@ deraadt@ florian@
1034
1035 Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
1036
1037commit a1187bd3ef3e4940af849ca953a1b849dae78445
1038Author: jmc@openbsd.org <jmc@openbsd.org>
1039Date: Fri Jan 6 16:28:12 2017 +0000
1040
1041 upstream commit
1042
1043 keep the tokens list sorted;
1044
1045 Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
1046
1047commit b64077f9767634715402014f509e58decf1e140d
1048Author: djm@openbsd.org <djm@openbsd.org>
1049Date: Fri Jan 6 09:27:52 2017 +0000
1050
1051 upstream commit
1052
1053 fix previous
1054
1055 Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
1056
1057commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de
1058Author: djm@openbsd.org <djm@openbsd.org>
1059Date: Fri Jan 6 03:53:58 2017 +0000
1060
1061 upstream commit
1062
1063 show a useful error message when included config files
1064 can't be opened; bz#2653, ok dtucker@
1065
1066 Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
1067
1068commit 13bd2e2d622d01dc85d22b94520a5b243d006049
1069Author: djm@openbsd.org <djm@openbsd.org>
1070Date: Fri Jan 6 03:45:41 2017 +0000
1071
1072 upstream commit
1073
1074 sshd_config is documented to set
1075 GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
1076 bz#2637 ok dtucker
1077
1078 Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
1079
1080commit f89b928534c9e77f608806a217d39a2960cc7fd0
1081Author: djm@openbsd.org <djm@openbsd.org>
1082Date: Fri Jan 6 03:41:58 2017 +0000
1083
1084 upstream commit
1085
1086 Avoid confusing error message when attempting to use
1087 ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
1088
1089 Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
1090
1091commit 0999533014784579aa6f01c2d3a06e3e8804b680
1092Author: dtucker@openbsd.org <dtucker@openbsd.org>
1093Date: Fri Jan 6 02:34:54 2017 +0000
1094
1095 upstream commit
1096
1097 Re-add '%k' token for AuthorizedKeysCommand which was
1098 lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com.
1099
1100 Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
1101
1102commit 51045869fa084cdd016fdd721ea760417c0a3bf3
1103Author: djm@openbsd.org <djm@openbsd.org>
1104Date: Wed Jan 4 05:37:40 2017 +0000
1105
1106 upstream commit
1107
1108 unbreak Unix domain socket forwarding for root; ok
1109 markus@
1110
1111 Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
1112
1113commit 58fca12ba967ea5c768653535604e1522d177e44
1114Author: Darren Tucker <dtucker@zip.com.au>
1115Date: Mon Jan 16 09:08:32 2017 +1100
1116
1117 Remove LOGIN_PROGRAM.
1118
1119 UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org
1120
1121commit b108ce92aae0ca0376dce9513d953be60e449ae1
1122Author: djm@openbsd.org <djm@openbsd.org>
1123Date: Wed Jan 4 02:21:43 2017 +0000
1124
1125 upstream commit
1126
1127 relax PKCS#11 whitelist a bit to allow libexec as well as
1128 lib directories.
1129
1130 Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
1131
1132commit c7995f296b9222df2846f56ecf61e5ae13d7a53d
1133Author: djm@openbsd.org <djm@openbsd.org>
1134Date: Tue Jan 3 05:46:51 2017 +0000
1135
1136 upstream commit
1137
1138 check number of entries in SSH2_FXP_NAME response; avoids
1139 unreachable overflow later. Reported by Jann Horn
1140
1141 Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
1142
1143commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2
1144Author: djm@openbsd.org <djm@openbsd.org>
1145Date: Fri Dec 30 22:08:02 2016 +0000
1146
1147 upstream commit
1148
1149 fix deadlock when keys/principals command produces a lot of
1150 output and a key is matched early; bz#2655, patch from jboning AT gmail.com
1151
1152 Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
1153
1154commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f
1155Author: Darren Tucker <dtucker@zip.com.au>
1156Date: Tue Dec 20 12:16:11 2016 +1100
1157
1158 Re-add missing "Prerequisites" header and fix typo
1159
1160 Patch from HARUYAMA Seigo <haruyama at unixuser org>.
1161
1162commit c8c60f3663165edd6a52632c6ddbfabfce1ca865
1163Author: djm@openbsd.org <djm@openbsd.org>
1164Date: Mon Dec 19 22:35:23 2016 +0000
1165
1166 upstream commit
1167
1168 use standard /bin/sh equality test; from Mike Frysinger
1169
1170 Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
1171
1172commit 4a354fc231174901f2629437c2a6e924a2dd6772
1173Author: Damien Miller <djm@mindrot.org>
1174Date: Mon Dec 19 15:59:26 2016 +1100
1175
1176 crank version numbers for release
1177
1178commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9
1179Author: djm@openbsd.org <djm@openbsd.org>
1180Date: Mon Dec 19 04:55:51 2016 +0000
1181
1182 upstream commit
1183
1184 openssh-7.4
1185
1186 Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
1187
1188commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b
1189Author: djm@openbsd.org <djm@openbsd.org>
1190Date: Mon Dec 19 04:55:18 2016 +0000
1191
1192 upstream commit
1193
1194 remove testcase that depends on exact output and
1195 behaviour of snprintf(..., "%s", NULL)
1196
1197 Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
1198
1199commit eae735a82d759054f6ec7b4e887fb7a5692c66d7
1200Author: dtucker@openbsd.org <dtucker@openbsd.org>
1201Date: Mon Dec 19 03:32:57 2016 +0000
1202
1203 upstream commit
1204
1205 Use LOGNAME to get current user and fall back to whoami if
1206 not set. Mainly to benefit -portable since some platforms don't have whoami.
1207
1208 Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
1209
1210commit 0d2f88428487518eea60602bd593989013831dcf
1211Author: dtucker@openbsd.org <dtucker@openbsd.org>
1212Date: Fri Dec 16 03:51:19 2016 +0000
1213
1214 upstream commit
1215
1216 Add regression test for AllowUsers and DenyUsers. Patch from
1217 Zev Weiss <zev at bewilderbeest.net>
1218
1219 Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
1220
1221commit 3bc8180a008929f6fe98af4a56fb37d04444b417
1222Author: Darren Tucker <dtucker@zip.com.au>
1223Date: Fri Dec 16 15:02:24 2016 +1100
1224
1225 Add missing monitor.h include.
1226
1227 Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
1228
1229commit 410681f9015d76cc7b137dd90dac897f673244a0
1230Author: djm@openbsd.org <djm@openbsd.org>
1231Date: Fri Dec 16 02:48:55 2016 +0000
1232
1233 upstream commit
1234
1235 revert to rev1.2; the new bits in this test depend on changes
1236 to ssh that aren't yet committed
1237
1238 Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
1239
1240commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e
1241Author: dtucker@openbsd.org <dtucker@openbsd.org>
1242Date: Fri Dec 16 01:06:27 2016 +0000
1243
1244 upstream commit
1245
1246 Move the "stop sshd" code into its own helper function.
1247 Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
1248
1249 Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
1250
1251commit e15e7152331e3976b35475fd4e9c72897ad0f074
1252Author: djm@openbsd.org <djm@openbsd.org>
1253Date: Fri Dec 16 01:01:07 2016 +0000
1254
1255 upstream commit
1256
1257 regression test for certificates along with private key
1258 with no public half. bz#2617, mostly from Adam Eijdenberg
1259
1260 Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
1261
1262commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500
1263Author: dtucker@openbsd.org <dtucker@openbsd.org>
1264Date: Thu Dec 15 23:50:37 2016 +0000
1265
1266 upstream commit
1267
1268 Use $SUDO to read pidfile in case root's umask is
1269 restricted. From portable.
1270
1271 Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
1272
1273commit fe06b68f824f8f55670442fb31f2c03526dd326c
1274Author: dtucker@openbsd.org <dtucker@openbsd.org>
1275Date: Thu Dec 15 21:29:05 2016 +0000
1276
1277 upstream commit
1278
1279 Add missing braces in DenyUsers code. Patch from zev at
1280 bewilderbeest.net, ok deraadt@
1281
1282 Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
1283
1284commit dcc7d74242a574fd5c4afbb4224795b1644321e7
1285Author: dtucker@openbsd.org <dtucker@openbsd.org>
1286Date: Thu Dec 15 21:20:41 2016 +0000
1287
1288 upstream commit
1289
1290 Fix text in error message. Patch from zev at
1291 bewilderbeest.net.
1292
1293 Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
1294
1295commit b737e4d7433577403a31cff6614f6a1b0b5e22f4
1296Author: djm@openbsd.org <djm@openbsd.org>
1297Date: Wed Dec 14 00:36:34 2016 +0000
1298
1299 upstream commit
1300
1301 disable Unix-domain socket forwarding when privsep is
1302 disabled
1303
1304 Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
1305
1306commit 08a1e7014d65c5b59416a0e138c1f73f417496eb
1307Author: djm@openbsd.org <djm@openbsd.org>
1308Date: Fri Dec 9 03:04:29 2016 +0000
1309
1310 upstream commit
1311
1312 log connections dropped in excess of MaxStartups at
1313 verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
1314
1315 Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
1316
1317commit 10e290ec00964b2bf70faab15a10a5574bb80527
1318Author: Darren Tucker <dtucker@zip.com.au>
1319Date: Tue Dec 13 13:51:32 2016 +1100
1320
1321 Get default of TEST_SSH_UTF8 from environment.
1322
1323commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104
1324Author: Darren Tucker <dtucker@zip.com.au>
1325Date: Tue Dec 13 12:56:40 2016 +1100
1326
1327 Remove commented-out includes.
1328
1329 These commented-out includes have "Still needed?" comments. Since
1330 they've been commented out for ~13 years I assert that they're not.
1331
1332commit 25275f1c9d5f01a0877d39444e8f90521a598ea0
1333Author: Darren Tucker <dtucker@zip.com.au>
1334Date: Tue Dec 13 12:54:23 2016 +1100
1335
1336 Add prototype for strcasestr in compat library.
1337
1338commit afec07732aa2985142f3e0b9a01eb6391f523dec
1339Author: Darren Tucker <dtucker@zip.com.au>
1340Date: Tue Dec 13 10:23:03 2016 +1100
1341
1342 Add strcasestr to compat library.
1343
1344 Fixes build on (at least) Solaris 10.
1345
1346commit dda78a03af32e7994f132d923c2046e98b7c56c8
1347Author: Damien Miller <djm@mindrot.org>
1348Date: Mon Dec 12 13:57:10 2016 +1100
1349
1350 Force Turkish locales back to C/POSIX; bz#2643
1351
1352 Turkish locales are unique in their handling of the letters 'i' and
1353 'I' (yes, they are different letters) and OpenSSH isn't remotely
1354 prepared to deal with that. For now, the best we can do is to force
1355 OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
1356 encoding if possible.
1357
1358 ok dtucker@
1359
1360commit c35995048f41239fc8895aadc3374c5f75180554
1361Author: Darren Tucker <dtucker@zip.com.au>
1362Date: Fri Dec 9 12:52:02 2016 +1100
1363
1364 exit is in stdlib.h not unistd.h (that's _exit).
1365
1366commit d399a8b914aace62418c0cfa20341aa37a192f98
1367Author: Darren Tucker <dtucker@zip.com.au>
1368Date: Fri Dec 9 12:33:25 2016 +1100
1369
1370 Include <unistd.h> for exit in utf8 locale test.
1371
1372commit 47b8c99ab3221188ad3926108dd9d36da3b528ec
1373Author: Darren Tucker <dtucker@zip.com.au>
1374Date: Thu Dec 8 15:48:34 2016 +1100
1375
1376 Check for utf8 local support before testing it.
1377
1378 Check for utf8 local support and if not found, do not attempt to run the
1379 utf8 tests. Suggested by djm@
1380
1381commit 4089fc1885b3a2822204effbb02b74e3da58240d
1382Author: Darren Tucker <dtucker@zip.com.au>
1383Date: Thu Dec 8 12:57:24 2016 +1100
1384
1385 Use AC_PATH_TOOL for krb5-config.
1386
1387 This will use the host-prefixed version when cross compiling; patch from
1388 david.michael at coreos.com.
1389
1390commit b4867e0712c89b93be905220c82f0a15e6865d1e
1391Author: djm@openbsd.org <djm@openbsd.org>
1392Date: Tue Dec 6 07:48:01 2016 +0000
1393
1394 upstream commit
1395
1396 make IdentityFile successfully load and use certificates that
1397 have no corresponding bare public key. E.g. just a private id_rsa and
1398 certificate id_rsa-cert.pub (and no id_rsa.pub).
1399
1400 bz#2617 ok dtucker@
1401
1402 Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604
1403
1404commit c9792783a98881eb7ed295680013ca97a958f8ac
1405Author: Damien Miller <djm@mindrot.org>
1406Date: Fri Nov 25 14:04:21 2016 +1100
1407
1408 Add a gnome-ssh-askpass3 target for GTK+3 version
1409
1410 Based on patch from Colin Watson via bz#2640
1411
1412commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763
1413Author: Damien Miller <djm@mindrot.org>
1414Date: Fri Nov 25 14:03:53 2016 +1100
1415
1416 Make gnome-ssh-askpass2.c GTK+3-friendly
1417
1418 Patch from Colin Watson via bz#2640
1419
1420commit b9844a45c7f0162fd1b5465683879793d4cc4aaa
1421Author: djm@openbsd.org <djm@openbsd.org>
1422Date: Sun Dec 4 23:54:02 2016 +0000
1423
1424 upstream commit
1425
1426 Fix public key authentication when multiple
1427 authentication is in use. Instead of deleting and re-preparing the entire
1428 keys list, just reset the 'used' flags; the keys list is already in a good
1429 order (with already- tried keys at the back)
1430
1431 Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
1432
1433 Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
1434
1435commit f2398eb774075c687b13af5bc22009eb08889abe
1436Author: dtucker@openbsd.org <dtucker@openbsd.org>
1437Date: Sun Dec 4 22:27:25 2016 +0000
1438
1439 upstream commit
1440
1441 Unlink PidFile on SIGHUP and always recreate it when the
1442 new sshd starts. Regression tests (and possibly other things) depend on the
1443 pidfile being recreated after SIGHUP, and unlinking it means it won't contain
1444 a stale pid if sshd fails to restart. ok djm@ markus@
1445
1446 Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
1447
1448commit 85aa2efeba51a96bf6834f9accf2935d96150296
1449Author: djm@openbsd.org <djm@openbsd.org>
1450Date: Wed Nov 30 03:01:33 2016 +0000
1451
1452 upstream commit
1453
1454 test new behaviour of cert force-command restriction vs.
1455 authorized_key/ principals
1456
1457 Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
1458
1459commit 5d333131cd8519d022389cfd3236280818dae1bc
1460Author: jmc@openbsd.org <jmc@openbsd.org>
1461Date: Wed Nov 30 06:54:26 2016 +0000
1462
1463 upstream commit
1464
1465 tweak previous; while here fix up FILES and AUTHORS;
1466
1467 Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
1468
1469commit 786d5994da79151180cb14a6cf157ebbba61c0cc
1470Author: djm@openbsd.org <djm@openbsd.org>
1471Date: Wed Nov 30 03:07:37 2016 +0000
1472
1473 upstream commit
1474
1475 add a whitelist of paths from which ssh-agent will load
1476 (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
1477
1478 Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
1479
1480commit 7844f357cdd90530eec81340847783f1f1da010b
1481Author: djm@openbsd.org <djm@openbsd.org>
1482Date: Wed Nov 30 03:00:05 2016 +0000
1483
1484 upstream commit
1485
1486 Add a sshd_config DisableForwaring option that disables
1487 X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
1488 anything else we might implement in the future.
1489
1490 This, like the 'restrict' authorized_keys flag, is intended to be a
1491 simple and future-proof way of restricting an account. Suggested as
1492 a complement to 'restrict' by Jann Horn; ok markus@
1493
1494 Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
1495
1496commit fd6dcef2030d23c43f986d26979f84619c10589d
1497Author: djm@openbsd.org <djm@openbsd.org>
1498Date: Wed Nov 30 02:57:40 2016 +0000
1499
1500 upstream commit
1501
1502 When a forced-command appears in both a certificate and
1503 an authorized keys/principals command= restriction, refuse to accept the
1504 certificate unless they are identical.
1505
1506 The previous (documented) behaviour of having the certificate forced-
1507 command override the other could be a bit confused and more error-prone.
1508
1509 Pointed out by Jann Horn of Project Zero; ok dtucker@
1510
1511 Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
1512
1513commit 7fc4766ac78abae81ee75b22b7550720bfa28a33
1514Author: dtucker@openbsd.org <dtucker@openbsd.org>
1515Date: Wed Nov 30 00:28:31 2016 +0000
1516
1517 upstream commit
1518
1519 On startup, check to see if sshd is already daemonized
1520 and if so, skip the call to daemon() and do not rewrite the PidFile. This
1521 means that when sshd re-execs itself on SIGHUP the process ID will no longer
1522 change. Should address bz#2641. ok djm@ markus@.
1523
1524 Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
1525
1526commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc
1527Author: Damien Miller <djm@mindrot.org>
1528Date: Wed Nov 30 13:51:49 2016 +1100
1529
1530 factor out common PRNG reseed before privdrop
1531
1532 Add a call to RAND_poll() to ensure than more than pid+time gets
1533 stirred into child processes states. Prompted by analysis from Jann
1534 Horn at Project Zero. ok dtucker@
1535
1536commit 79e4829ec81dead1b30999e1626eca589319a47f
1537Author: dtucker@openbsd.org <dtucker@openbsd.org>
1538Date: Fri Nov 25 03:02:01 2016 +0000
1539
1540 upstream commit
1541
1542 Allow PuTTY interop tests to run unattended. bz#2639,
1543 patch from cjwatson at debian.org.
1544
1545 Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0
1546
1547commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc
1548Author: dtucker@openbsd.org <dtucker@openbsd.org>
1549Date: Fri Nov 25 02:56:49 2016 +0000
1550
1551 upstream commit
1552
1553 Reverse args to sshd-log-wrapper. Matches change in
1554 portable, where it allows sshd do be optionally run under Valgrind.
1555
1556 Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
1557
1558commit bd13017736ec2f8f9ca498fe109fb0035f322733
1559Author: dtucker@openbsd.org <dtucker@openbsd.org>
1560Date: Fri Nov 25 02:49:18 2016 +0000
1561
1562 upstream commit
1563
1564 Fix typo in trace message; from portable.
1565
1566 Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a
1567
1568commit 7da751d8b007c7f3e814fd5737c2351440d78b4c
1569Author: tb@openbsd.org <tb@openbsd.org>
1570Date: Tue Nov 1 13:43:27 2016 +0000
1571
1572 upstream commit
1573
1574 Clean up MALLOC_OPTIONS. For the unittests, move
1575 MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.
1576
1577 ok otto
1578
1579 Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
1580
1581commit 36f58e68221bced35e06d1cca8d97c48807a8b71
1582Author: tb@openbsd.org <tb@openbsd.org>
1583Date: Mon Oct 31 23:45:08 2016 +0000
1584
1585 upstream commit
1586
1587 Remove the obsolete A and P flags from MALLOC_OPTIONS.
1588
1589 ok dtucker
1590
1591 Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59
1592
1593commit b0899ee26a6630883c0f2350098b6a35e647f512
1594Author: dtucker@openbsd.org <dtucker@openbsd.org>
1595Date: Tue Nov 29 03:54:50 2016 +0000
1596
1597 upstream commit
1598
1599 Factor out code to disconnect from controlling terminal
1600 into its own function. ok djm@
1601
1602 Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
1603
1604commit 54d022026aae4f53fa74cc636e4a032d9689b64d
1605Author: djm@openbsd.org <djm@openbsd.org>
1606Date: Fri Nov 25 23:24:45 2016 +0000
1607
1608 upstream commit
1609
1610 use sshbuf_allocate() to pre-allocate the buffer used for
1611 loading keys. This avoids implicit realloc inside the buffer code, which
1612 might theoretically leave fragments of the key on the heap. This doesn't
1613 appear to happen in practice for normal sized keys, but was observed for
1614 novelty oversize ones.
1615
1616 Pointed out by Jann Horn of Project Zero; ok markus@
1617
1618 Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1
1619
1620commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e
1621Author: djm@openbsd.org <djm@openbsd.org>
1622Date: Fri Nov 25 23:22:04 2016 +0000
1623
1624 upstream commit
1625
1626 split allocation out of sshbuf_reserve() into a separate
1627 sshbuf_allocate() function; ok markus@
1628
1629 Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
1630
1631commit f0ddedee460486fa0e32fefb2950548009e5026e
1632Author: markus@openbsd.org <markus@openbsd.org>
1633Date: Wed Nov 23 23:14:15 2016 +0000
1634
1635 upstream commit
1636
1637 allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
1638 djm
1639
1640 Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
1641
1642commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a
1643Author: djm@openbsd.org <djm@openbsd.org>
1644Date: Tue Nov 8 22:04:34 2016 +0000
1645
1646 upstream commit
1647
1648 unbreak DenyUsers; reported by henning@
1649
1650 Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
1651
1652commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a
1653Author: djm@openbsd.org <djm@openbsd.org>
1654Date: Sun Nov 6 05:46:37 2016 +0000
1655
1656 upstream commit
1657
1658 Validate address ranges for AllowUser/DenyUsers at
1659 configuration load time and refuse to accept bad ones. It was previously
1660 possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
1661 these would always match.
1662
1663 Thanks to Laurence Parry for a detailed bug report. ok markus (for
1664 a previous diff version)
1665
1666 Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
1667
1668commit efb494e81d1317209256b38b49f4280897c61e69
1669Author: djm@openbsd.org <djm@openbsd.org>
1670Date: Fri Oct 28 03:33:52 2016 +0000
1671
1672 upstream commit
1673
1674 Improve pkcs11_add_provider() logging: demote some
1675 excessively verbose error()s to debug()s, include PKCS#11 provider name and
1676 slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
1677
1678 Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
1679
1680commit 5ee3fb5affd7646f141749483205ade5fc54adaf
1681Author: Darren Tucker <dtucker@zip.com.au>
1682Date: Tue Nov 1 08:12:33 2016 +1100
1683
1684 Use ptrace(PT_DENY_ATTACH, ..) on OS X.
1685
1686commit 315d2a4e674d0b7115574645cb51f968420ebb34
1687Author: Damien Miller <djm@mindrot.org>
1688Date: Fri Oct 28 14:34:07 2016 +1100
1689
1690 Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
1691
1692 ok dtucker@
1693
1694commit a9ff3950b8e80ff971b4d44bbce96df27aed28af
1695Author: Darren Tucker <dtucker@zip.com.au>
1696Date: Fri Oct 28 14:26:58 2016 +1100
1697
1698 Move OPENSSL_NO_RIPEMD160 to compat.
1699
1700 Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
1701 ripemd160 MACs.
1702
1703commit bce58885160e5db2adda3054c3b81fe770f7285a
1704Author: Darren Tucker <dtucker@zip.com.au>
1705Date: Fri Oct 28 13:52:31 2016 +1100
1706
1707 Check if RIPEMD160 is disabled in OpenSSL.
1708
1709commit d924640d4c355d1b5eca1f4cc60146a9975dbbff
1710Author: Darren Tucker <dtucker@zip.com.au>
1711Date: Fri Oct 28 13:38:19 2016 +1100
1712
1713 Skip ssh1 specfic ciphers.
1714
1715 cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try
1716 to compile them when Protocol 1 is not enabled.
1717
1718commit 79d078e7a49caef746516d9710ec369ba45feab6
1719Author: jsg@openbsd.org <jsg@openbsd.org>
1720Date: Tue Oct 25 04:08:13 2016 +0000
1721
1722 upstream commit
1723
1724 Fix logic in add_local_forward() that inverted a test
1725 when code was refactored out into bind_permitted(). This broke ssh port
1726 forwarding for non-priv ports as a non root user.
1727
1728 ok dtucker@ 'looks good' deraadt@
1729
1730 Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
1731
1732commit a903e315dee483e555c8a3a02c2946937f9b4e5d
1733Author: dtucker@openbsd.org <dtucker@openbsd.org>
1734Date: Mon Oct 24 01:09:17 2016 +0000
1735
1736 upstream commit
1737
1738 Remove dead breaks, found via opencoverage.net. ok
1739 deraadt@
1740
1741 Upstream-ID: ad9cc655829d67fad219762810770787ba913069
1742
1743commit b4e96b4c9bea4182846e4942ba2048e6d708ee54
1744Author: Darren Tucker <dtucker@zip.com.au>
1745Date: Wed Oct 26 08:43:25 2016 +1100
1746
1747 Use !=NULL instead of >0 for getdefaultproj.
1748
1749 getdefaultproj() returns a pointer so test it for NULL inequality
1750 instead of >0. Fixes compiler warning and is more correct. Patch from
1751 David Binderman.
1752
1753commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5
1754Author: dtucker@openbsd.org <dtucker@openbsd.org>
1755Date: Sun Oct 23 22:04:05 2016 +0000
1756
1757 upstream commit
1758
1759 Factor out "can bind to low ports" check into its own function. This will
1760 make it easier for Portable to support platforms with permissions models
1761 other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much"
1762 deraadt@.
1763
1764 Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
1765
1766commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894
1767Author: dtucker@openbsd.org <dtucker@openbsd.org>
1768Date: Wed Oct 19 23:21:56 2016 +0000
1769
1770 upstream commit
1771
1772 When tearing down ControlMaster connecctions, don't
1773 pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@.
1774
1775 Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
1776
1777commit 09e6a7d8354224933febc08ddcbc2010f542284e
1778Author: Darren Tucker <dtucker@zip.com.au>
1779Date: Mon Oct 24 09:06:18 2016 +1100
1780
1781 Wrap stdint.h include in ifdef.
1782
1783commit 08d9e9516e587b25127545c029e5464b2e7f2919
1784Author: Darren Tucker <dtucker@zip.com.au>
1785Date: Fri Oct 21 09:46:46 2016 +1100
1786
1787 Fix formatting.
1788
1789commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d
1790Author: Darren Tucker <dtucker@zip.com.au>
1791Date: Fri Oct 21 06:55:58 2016 +1100
1792
1793 Update links to https.
1794
1795 www.openssh.com now supports https and ftp.openbsd.org no longer
1796 supports ftp. Make all links to these https.
1797
1798commit dd4e7212a6141f37742de97795e79db51e4427ad
1799Author: Darren Tucker <dtucker@zip.com.au>
1800Date: Fri Oct 21 06:48:46 2016 +1100
1801
1802 Update host key generation examples.
1803
1804 Remove ssh1 host key generation, add ssh-keygen -A
1805
1806commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639
1807Author: Darren Tucker <dtucker@zip.com.au>
1808Date: Fri Oct 21 05:22:55 2016 +1100
1809
1810 Update links.
1811
1812 Make links to openssh.com HTTPS now that it's supported, point release
1813 notes link to the HTML release notes page, and update a couple of other
1814 links and bits of text.
1815
1816commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6
1817Author: Darren Tucker <dtucker@zip.com.au>
1818Date: Thu Oct 20 03:42:09 2016 +1100
1819
1820 Remote channels .orig and .rej files.
1821
1822 These files were incorrectly added during an OpenBSD sync.
1823
1824commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c
1825Author: dtucker@openbsd.org <dtucker@openbsd.org>
1826Date: Tue Oct 18 17:32:54 2016 +0000
1827
1828 upstream commit
1829
1830 Remove channel_input_port_forward_request(); the only caller
1831 was the recently-removed SSH1 server code so it's now dead code. ok markus@
1832
1833 Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
1834
1835commit 2c6697c443d2c9c908260eed73eb9143223e3ec9
1836Author: millert@openbsd.org <millert@openbsd.org>
1837Date: Tue Oct 18 12:41:22 2016 +0000
1838
1839 upstream commit
1840
1841 Install a signal handler for tty-generated signals and
1842 wait for the ssh child to suspend before suspending sftp. This lets ssh
1843 restore the terminal mode as needed when it is suspended at the password
1844 prompt. OK dtucker@
1845
1846 Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
1847
1848commit fd2a8f1033fa2316fff719fd5176968277560158
1849Author: jmc@openbsd.org <jmc@openbsd.org>
1850Date: Sat Oct 15 19:56:25 2016 +0000
1851
1852 upstream commit
1853
1854 various formatting fixes, specifically removing Dq;
1855
1856 Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
1857
1858commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3
1859Author: Darren Tucker <dtucker@zip.com.au>
1860Date: Wed Oct 19 03:26:09 2016 +1100
1861
1862 Import readpassphrase.c rev 1.26.
1863
1864 Author: miller@openbsd.org:
1865 Avoid generate SIGTTOU when restoring the terminal mode. If we get
1866 SIGTTOU it means the process is not in the foreground process group
1867 which, in most cases, means that the shell has taken control of the tty.
1868 Requiring the user the fg the process in this case doesn't make sense
1869 and can result in both SIGTSTP and SIGTTOU being sent which can lead to
1870 the process being suspended again immediately after being brought into
1871 the foreground.
1872
1873commit f901440cc844062c9bab0183d133f7ccc58ac3a5
1874Author: Darren Tucker <dtucker@zip.com.au>
1875Date: Wed Oct 19 03:23:16 2016 +1100
1876
1877 Import readpassphrase.c rev 1.25.
1878
1879 Wrap <readpassphrase.h> so internal calls go direct and
1880 readpassphrase is weak.
1881
1882 (DEF_WEAK is a no-op in portable.)
1883
1884commit 032147b69527e5448a511049b2d43dbcae582624
1885Author: Darren Tucker <dtucker@zip.com.au>
1886Date: Sat Oct 15 05:51:12 2016 +1100
1887
1888 Move DEF_WEAK into defines.h.
1889
1890 As well pull in more recent changes from OpenBSD these will start to
1891 arrive so put it where the definition is shared.
1892
1893commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04
1894Author: Darren Tucker <dtucker@zip.com.au>
1895Date: Sat Oct 15 04:34:46 2016 +1100
1896
1897 Remove do_pam_set_tty which is dead code.
1898
1899 The callers of do_pam_set_tty were removed in 2008, so this is now dead
1900 code. bz#2604, pointed out by jjelen at redhat.com.
1901
1902commit ca04de83f210959ad2ed870a30ba1732c3ae00e3
1903Author: Damien Miller <djm@mindrot.org>
1904Date: Thu Oct 13 18:53:43 2016 +1100
1905
1906 unbreak principals-command test
1907
1908 Undo inconsistetly updated variable name.
1909
1910commit 1723ec92eb485ce06b4cbf49712d21975d873909
1911Author: djm@openbsd.org <djm@openbsd.org>
1912Date: Tue Oct 11 21:49:54 2016 +0000
1913
1914 upstream commit
1915
1916 fix the KEX fuzzer - the previous method of obtaining the
1917 packet contents was broken. This now uses the new per-packet input hook, so
1918 it sees exact post-decrypt packets and doesn't have to pass packet integrity
1919 checks. ok markus@
1920
1921 Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
1922
1923commit 09f997893f109799cddbfce6d7e67f787045cbb2
1924Author: natano@openbsd.org <natano@openbsd.org>
1925Date: Thu Oct 6 09:31:38 2016 +0000
1926
1927 upstream commit
1928
1929 Move USER out of the way to unbreak the BUILDUSER
1930 mechanism. ok tb
1931
1932 Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
1933
1934commit 3049a012c482a7016f674db168f23fd524edce27
1935Author: bluhm@openbsd.org <bluhm@openbsd.org>
1936Date: Fri Sep 30 11:55:20 2016 +0000
1937
1938 upstream commit
1939
1940 In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
1941 environment can change it. OK djm@
1942
1943 Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
1944
1945commit 39af7b444db28c1cb01b7ea468a4f574a44f375b
1946Author: djm@openbsd.org <djm@openbsd.org>
1947Date: Tue Oct 11 21:47:45 2016 +0000
1948
1949 upstream commit
1950
1951 Add a per-packet input hook that is called with the
1952 decrypted packet contents. This will be used for fuzzing; ok markus@
1953
1954 Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
1955
1956commit ec165c392ca54317dbe3064a8c200de6531e89ad
1957Author: markus@openbsd.org <markus@openbsd.org>
1958Date: Mon Oct 10 19:28:48 2016 +0000
1959
1960 upstream commit
1961
1962 Unregister the KEXINIT handler after message has been
1963 received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
1964 allocation of up to 128MB -- until the connection is closed. Reported by
1965 shilei-c at 360.cn
1966
1967 Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
1968
1969commit 29d40319392e6e19deeca9d45468aa1119846e50
1970Author: Darren Tucker <dtucker@zip.com.au>
1971Date: Thu Oct 13 04:07:20 2016 +1100
1972
1973 Import rev 1.24 from OpenBSD.
1974
1975 revision 1.24
1976 date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4;
1977 most obvious unsigned char casts for ctype
1978 ok jca krw ingo
1979
1980commit 12069e56221de207ed666c2449dedb431a2a7ca2
1981Author: Darren Tucker <dtucker@zip.com.au>
1982Date: Thu Oct 13 04:04:44 2016 +1100
1983
1984 Import rev 1.23 from OpenBSD. Fixes bz#2619.
1985
1986 revision 1.23
1987 date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
1988 Defer installing signal handlers until echo is disabled so that we
1989 get suspended normally when not the foreground process. Fix potential
1990 infinite loop when restoring terminal settings if process is in the
1991 background when restore occurs. OK miod@
1992
1993commit 7508d83eff89af069760b4cc587305588a64e415
1994Author: Darren Tucker <dtucker@zip.com.au>
1995Date: Thu Oct 13 03:53:51 2016 +1100
1996
1997 If we don't have TCSASOFT, define it to zero.
1998
1999 This makes it a no-op when we use it below, which allows us to re-sync
2000 those lines with the upstream and make future updates easier.
2001
2002commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377
2003Author: jmc@openbsd.org <jmc@openbsd.org>
2004Date: Fri Oct 7 14:41:52 2016 +0000
2005
2006 upstream commit
2007
2008 tidy up the formatting in this file. more specifically,
2009 replace .Dq, which looks appalling, with .Cm, where appropriate;
2010
2011 Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738
2012
2013commit a571dbcc7b7b25371174569b13df5159bc4c6c7a
2014Author: djm@openbsd.org <djm@openbsd.org>
2015Date: Tue Oct 4 21:34:40 2016 +0000
2016
2017 upstream commit
2018
2019 add a comment about implicitly-expected checks to
2020 sshkey_ec_validate_public()
2021
2022 Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
2023
2024commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00
2025Author: djm@openbsd.org <djm@openbsd.org>
2026Date: Fri Sep 30 20:24:46 2016 +0000
2027
2028 upstream commit
2029
2030 fix some -Wpointer-sign warnings in the new mux proxy; ok
2031 markus@
2032
2033 Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
2034
2035commit ca71c36645fc26fcd739a8cfdc702cec85607761
2036Author: bluhm@openbsd.org <bluhm@openbsd.org>
2037Date: Wed Sep 28 20:09:52 2016 +0000
2038
2039 upstream commit
2040
2041 Add a makefile rule to create the ssh library when
2042 regress needs it. This allows to run the ssh regression tests without doing
2043 a "make build" before. Discussed with dtucker@ and djm@; OK djm@
2044
2045 Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025
2046
2047commit ce44c970f913d2a047903dba8670554ac42fc479
2048Author: bluhm@openbsd.org <bluhm@openbsd.org>
2049Date: Mon Sep 26 21:34:38 2016 +0000
2050
2051 upstream commit
2052
2053 Allow to run ssh regression tests as root. If the user
2054 is already root, the test should not expect that SUDO is set. If ssh needs
2055 another user, use sudo or doas to switch from root if necessary. OK dtucker@
2056
2057 Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2
2058
2059commit 8d0578478586e283e751ca51e7b0690631da139a
2060Author: markus@openbsd.org <markus@openbsd.org>
2061Date: Fri Sep 30 09:19:13 2016 +0000
2062
2063 upstream commit
2064
2065 ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
2066 client speaks the ssh-packet protocol directly over unix-domain socket. - mux
2067 server acts as a proxy, translates channel IDs and relays to the server. - no
2068 filedescriptor passing necessary. - combined with unix-domain forwarding it's
2069 even possible to run mux client and server on different machines. feedback
2070 & ok djm@
2071
2072 Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
2073
2074commit b7689155f3f5c4999846c07a852b1c7a43b09cec
2075Author: djm@openbsd.org <djm@openbsd.org>
2076Date: Wed Sep 28 21:44:52 2016 +0000
2077
2078 upstream commit
2079
2080 put back some pre-auth zlib bits that I shouldn't have
2081 removed - they are still used by the client. Spotted by naddy@
2082
2083 Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2
2084
2085commit 4577adead6a7d600c8e764619d99477a08192c8f
2086Author: djm@openbsd.org <djm@openbsd.org>
2087Date: Wed Sep 28 20:32:42 2016 +0000
2088
2089 upstream commit
2090
2091 restore pre-auth compression support in the client -- the
2092 previous commit was intended to remove it from the server only.
2093
2094 remove a few server-side pre-auth compression bits that escaped
2095
2096 adjust wording of Compression directive in sshd_config(5)
2097
2098 pointed out by naddy@ ok markus@
2099
2100 Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
2101
2102commit 80d1c963b4dc84ffd11d09617b39c4bffda08956
2103Author: jmc@openbsd.org <jmc@openbsd.org>
2104Date: Wed Sep 28 17:59:22 2016 +0000
2105
2106 upstream commit
2107
2108 use a separate TOKENS section, as we've done for
2109 sshd_config(5); help/ok djm
2110
2111 Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d
2112
2113commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455
2114Author: Damien Miller <djm@mindrot.org>
2115Date: Thu Sep 29 03:19:23 2016 +1000
2116
2117 Remove portability support for mmap
2118
2119 We no longer need to wrap/replace mmap for portability now that
2120 pre-auth compression has been removed from OpenSSH.
2121
2122commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f
2123Author: djm@openbsd.org <djm@openbsd.org>
2124Date: Wed Sep 28 16:33:06 2016 +0000
2125
2126 upstream commit
2127
2128 Remove support for pre-authentication compression. Doing
2129 compression early in the protocol probably seemed reasonable in the 1990s,
2130 but today it's clearly a bad idea in terms of both cryptography (cf. multiple
2131 compression oracle attacks in TLS) and attack surface.
2132
2133 Moreover, to support it across privilege-separation zlib needed
2134 the assistance of a complex shared-memory manager that made the
2135 required attack surface considerably larger.
2136
2137 Prompted by Guido Vranken pointing out a compiler-elided security
2138 check in the shared memory manager found by Stack
2139 (http://css.csail.mit.edu/stack/); ok deraadt@ markus@
2140
2141 NB. pre-auth authentication has been disabled by default in sshd
2142 for >10 years.
2143
2144 Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
2145
2146commit 27c3a9c2aede2184856b5de1e6eca414bb751c38
2147Author: djm@openbsd.org <djm@openbsd.org>
2148Date: Mon Sep 26 21:16:11 2016 +0000
2149
2150 upstream commit
2151
2152 Avoid a theoretical signed integer overflow should
2153 BN_num_bytes() ever violate its manpage and return a negative value. Improve
2154 order of tests to avoid confusing increasingly pedantic compilers.
2155
2156 Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
2157 unstable optimisation analyser output. ok deraadt@
2158
2159 Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
2160
2161commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be
2162Author: Damien Miller <djm@mindrot.org>
2163Date: Wed Sep 28 07:40:33 2016 +1000
2164
2165 fix mdoc2man.awk formatting for top-level lists
2166
2167 Reported by Glenn Golden
2168 Diagnosis and fix from Ingo Schwarze
2169
2170commit b97739dc21570209ed9d4e7beee0c669ed23b097
2171Author: djm@openbsd.org <djm@openbsd.org>
2172Date: Thu Sep 22 21:15:41 2016 +0000
2173
2174 upstream commit
2175
2176 missing bit from previous commit
2177
2178 Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37
2179
2180commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb
2181Author: jmc@openbsd.org <jmc@openbsd.org>
2182Date: Thu Sep 22 19:19:01 2016 +0000
2183
2184 upstream commit
2185
2186 organise the token stuff into a separate section; ok
2187 markus for an earlier version of the diff ok/tweaks djm
2188
2189 Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8
2190
2191commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b
2192Author: djm@openbsd.org <djm@openbsd.org>
2193Date: Thu Sep 22 17:55:13 2016 +0000
2194
2195 upstream commit
2196
2197 mention curve25519-sha256 KEX
2198
2199 Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf
2200
2201commit 0493766d5676c7ca358824ea8d3c90f6047953df
2202Author: djm@openbsd.org <djm@openbsd.org>
2203Date: Thu Sep 22 17:52:53 2016 +0000
2204
2205 upstream commit
2206
2207 support plain curve25519-sha256 KEX algorithm now that it
2208 is approaching standardisation (same algorithm is currently supported as
2209 curve25519-sha256@libssh.org)
2210
2211 Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2
2212
2213commit f31c654b30a6f02ce0b8ea8ab81791b675489628
2214Author: dtucker@openbsd.org <dtucker@openbsd.org>
2215Date: Thu Sep 22 02:29:57 2016 +0000
2216
2217 upstream commit
2218
2219 If ssh receives a PACKET_DISCONNECT during userauth it
2220 will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
2221 session being authenticated. Check for this and exit if necessary. ok djm@
2222
2223 Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
2224
2225commit 1622649b7a829fc8dc313042a43a974f0f3e8a99
2226Author: djm@openbsd.org <djm@openbsd.org>
2227Date: Wed Sep 21 19:53:12 2016 +0000
2228
2229 upstream commit
2230
2231 correctly return errors from kex_send_ext_info(). Fix from
2232 Sami Farin via https://github.com/openssh/openssh-portable/pull/50
2233
2234 Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c
2235
2236commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb
2237Author: djm@openbsd.org <djm@openbsd.org>
2238Date: Wed Sep 21 17:44:20 2016 +0000
2239
2240 upstream commit
2241
2242 cast uint64_t for printf
2243
2244 Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1
2245
2246commit 5f63ab474f58834feca4f35c498be03b7dd38a16
2247Author: djm@openbsd.org <djm@openbsd.org>
2248Date: Wed Sep 21 17:03:54 2016 +0000
2249
2250 upstream commit
2251
2252 disable tests for affirmative negated match after backout of
2253 match change
2254
2255 Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd
2256
2257commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0
2258Author: djm@openbsd.org <djm@openbsd.org>
2259Date: Wed Sep 21 16:55:42 2016 +0000
2260
2261 upstream commit
2262
2263 Revert two recent changes to negated address matching. The
2264 new behaviour offers unintuitive surprises. We'll find a better way to deal
2265 with single negated matches.
2266
2267 match.c 1.31:
2268 > fix matching for pattern lists that contain a single negated match,
2269 > e.g. "Host !example"
2270 >
2271 > report and patch from Robin Becker. bz#1918 ok dtucker@
2272
2273 addrmatch.c 1.11:
2274 > fix negated address matching where the address list consists of a
2275 > single negated match, e.g. "Match addr !192.20.0.1"
2276 >
2277 > Report and patch from Jakub Jelen. bz#2397 ok dtucker@
2278
2279 Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6
2280
2281commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844
2282Author: djm@openbsd.org <djm@openbsd.org>
2283Date: Wed Sep 21 01:35:12 2016 +0000
2284
2285 upstream commit
2286
2287 test all the AuthorizedPrincipalsCommand % expansions
2288
2289 Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3
2290
2291commit bfa9d969ab6235d4938ce069d4db7e5825c56a19
2292Author: djm@openbsd.org <djm@openbsd.org>
2293Date: Wed Sep 21 01:34:45 2016 +0000
2294
2295 upstream commit
2296
2297 add a way for principals command to get see key ID and serial
2298 too
2299
2300 Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb
2301
2302commit 920585b826af1c639e4ed78b2eba01fd2337b127
2303Author: djm@openbsd.org <djm@openbsd.org>
2304Date: Fri Sep 16 06:09:31 2016 +0000
2305
2306 upstream commit
2307
2308 add a note on kexfuzz' limitations
2309
2310 Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec
2311
2312commit 0445ff184080b196e12321998b4ce80b0f33f8d1
2313Author: djm@openbsd.org <djm@openbsd.org>
2314Date: Fri Sep 16 01:01:41 2016 +0000
2315
2316 upstream commit
2317
2318 fix for newer modp DH groups
2319 (diffie-hellman-group14-sha256 etc)
2320
2321 Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68
2322
2323commit 28652bca29046f62c7045e933e6b931de1d16737
2324Author: markus@openbsd.org <markus@openbsd.org>
2325Date: Mon Sep 19 19:02:19 2016 +0000
2326
2327 upstream commit
2328
2329 move inbound NEWKEYS handling to kex layer; otherwise
2330 early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed
2331 with & ok djm@
2332
2333 Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f
2334
2335commit 492710894acfcc2f173d14d1d45bd2e688df605d
2336Author: natano@openbsd.org <natano@openbsd.org>
2337Date: Mon Sep 19 07:52:42 2016 +0000
2338
2339 upstream commit
2340
2341 Replace two more arc4random() loops with
2342 arc4random_buf().
2343
2344 tweaks and ok dtucker
2345 ok deraadt
2346
2347 Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4
2348
2349commit 1036356324fecc13099ac6e986b549f6219327d7
2350Author: tedu@openbsd.org <tedu@openbsd.org>
2351Date: Sat Sep 17 18:00:27 2016 +0000
2352
2353 upstream commit
2354
2355 replace two arc4random loops with arc4random_buf ok
2356 deraadt natano
2357
2358 Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48
2359
2360commit 00df97ff68a49a756d4b977cd02283690f5dfa34
2361Author: djm@openbsd.org <djm@openbsd.org>
2362Date: Wed Sep 14 20:11:26 2016 +0000
2363
2364 upstream commit
2365
2366 take fingerprint of correct key for
2367 AuthorizedPrincipalsCommand
2368
2369 Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38
2370
2371commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6
2372Author: djm@openbsd.org <djm@openbsd.org>
2373Date: Wed Sep 14 05:42:25 2016 +0000
2374
2375 upstream commit
2376
2377 add %-escapes to AuthorizedPrincipalsCommand to match those
2378 supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a
2379 few more to provide access to the certificate's CA key; 'looks ok' dtucker@
2380
2381 Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb
2382
2383commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda
2384Author: dtucker@openbsd.org <dtucker@openbsd.org>
2385Date: Wed Sep 14 00:45:31 2016 +0000
2386
2387 upstream commit
2388
2389 Improve test coverage of ssh-keygen -T a bit.
2390
2391 Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72
2392
2393commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b
2394Author: dtucker@openbsd.org <dtucker@openbsd.org>
2395Date: Mon Sep 12 02:25:46 2016 +0000
2396
2397 upstream commit
2398
2399 Add testcase for ssh-keygen -j, -J and -K options for
2400 moduli screening. Does not currently test generation as that is extremely
2401 slow.
2402
2403 Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062
2404
2405commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2
2406Author: djm@openbsd.org <djm@openbsd.org>
2407Date: Tue Aug 23 08:17:04 2016 +0000
2408
2409 upstream commit
2410
2411 add tests for addr_match_list()
2412
2413 Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e
2414
2415commit 445e218878035b59c704c18406e8aeaff4c8aa25
2416Author: djm@openbsd.org <djm@openbsd.org>
2417Date: Mon Sep 12 23:39:34 2016 +0000
2418
2419 upstream commit
2420
2421 handle certs in rsa_hash_alg_from_ident(), saving an
2422 unnecessary special case elsewhere.
2423
2424 Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4
2425
2426commit 130f5df4fa37cace8c079dccb690e5cafbf00751
2427Author: djm@openbsd.org <djm@openbsd.org>
2428Date: Mon Sep 12 23:31:27 2016 +0000
2429
2430 upstream commit
2431
2432 list all supported signature algorithms in the
2433 server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly)
2434 Ron Frederick; ok markus@
2435
2436 Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd
2437
2438commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd
2439Author: Darren Tucker <dtucker@zip.com.au>
2440Date: Mon Sep 12 14:43:58 2016 +1000
2441
2442 Remove no-op brackets to resync with upstream.
2443
2444commit 7050896e7395866278c19c2ff080c26152619d1d
2445Author: Darren Tucker <dtucker@zip.com.au>
2446Date: Mon Sep 12 13:57:28 2016 +1000
2447
2448 Resync ssh-keygen -W error message with upstream.
2449
2450commit 43cceff82cc20413cce58ba3375e19684e62cec4
2451Author: Darren Tucker <dtucker@zip.com.au>
2452Date: Mon Sep 12 13:55:37 2016 +1000
2453
2454 Move ssh-keygen -W handling code to match upstream
2455
2456commit af48d541360b1d7737b35740a4b1ca34e1652cd9
2457Author: Darren Tucker <dtucker@zip.com.au>
2458Date: Mon Sep 12 13:52:17 2016 +1000
2459
2460 Move ssh-keygen -T handling code to match upstream.
2461
2462commit d8c3cfbb018825c6c86547165ddaf11924901c49
2463Author: Darren Tucker <dtucker@zip.com.au>
2464Date: Mon Sep 12 13:30:50 2016 +1000
2465
2466 Move -M handling code to match upstream.
2467
2468commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364
2469Author: dtucker@openbsd.org <dtucker@openbsd.org>
2470Date: Mon Sep 12 03:29:16 2016 +0000
2471
2472 upstream commit
2473
2474 Spaces->tabs.
2475
2476 Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7
2477
2478commit 11e5e644536821ceb3bb4dd8487fbf0588522887
2479Author: dtucker@openbsd.org <dtucker@openbsd.org>
2480Date: Mon Sep 12 03:25:20 2016 +0000
2481
2482 upstream commit
2483
2484 Style whitespace fix. Also happens to remove a no-op
2485 diff with portable.
2486
2487 Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3
2488
2489commit 9136ec134c97a8aff2917760c03134f52945ff3c
2490Author: deraadt@openbsd.org <deraadt@openbsd.org>
2491Date: Mon Sep 12 01:22:38 2016 +0000
2492
2493 upstream commit
2494
2495 Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
2496 use those definitions rather than pulling <sys/param.h> and unknown namespace
2497 pollution. ok djm markus dtucker
2498
2499 Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2500
2501commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7
2502Author: jmc@openbsd.org <jmc@openbsd.org>
2503Date: Wed Sep 7 18:39:24 2016 +0000
2504
2505 upstream commit
2506
2507 sort; from matthew martin
2508
2509 Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7
2510
2511commit 06ce56b05def9460aecc7cdb40e861a346214793
2512Author: markus@openbsd.org <markus@openbsd.org>
2513Date: Tue Sep 6 09:22:56 2016 +0000
2514
2515 upstream commit
2516
2517 ssh_set_newkeys: print correct block counters on
2518 rekeying; ok djm@
2519
2520 Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e
2521
2522commit e5e8d9114ac6837a038f4952994ca95a97fafe8d
2523Author: markus@openbsd.org <markus@openbsd.org>
2524Date: Tue Sep 6 09:14:05 2016 +0000
2525
2526 upstream commit
2527
2528 update ext_info_c every time we receive a kexinit msg;
2529 fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis &
2530 Mancha; ok djm@
2531
2532 Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856
2533
2534commit da95318dbedbaa1335323dba370975c2f251afd8
2535Author: djm@openbsd.org <djm@openbsd.org>
2536Date: Mon Sep 5 14:02:42 2016 +0000
2537
2538 upstream commit
2539
2540 remove 3des-cbc from the client's default proposal;
2541 64-bit block ciphers are not safe in 2016 and we don't want to wait until
2542 attacks like sweet32 are extended to SSH.
2543
2544 As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may
2545 cause problems connecting to older devices using the defaults, but
2546 it's highly likely that such devices already need explicit
2547 configuration for KEX and hostkeys anyway.
2548
2549 ok deraadt, markus, dtucker
2550
2551 Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f
2552
2553commit b33ad6d997d36edfea65e243cd12ccd01f413549
2554Author: djm@openbsd.org <djm@openbsd.org>
2555Date: Mon Sep 5 13:57:31 2016 +0000
2556
2557 upstream commit
2558
2559 enforce expected request flow for GSSAPI calls; thanks to
2560 Jakub Jelen for testing; ok markus@
2561
2562 Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9
2563
2564commit 0bb2980260fb24e5e0b51adac471395781b66261
2565Author: Darren Tucker <dtucker@zip.com.au>
2566Date: Mon Sep 12 11:07:00 2016 +1000
2567
2568 Restore ssh-keygen's -J and -j option handling.
2569
2570 These were incorrectly removed in the 1d9a2e28 sync commit.
2571
2572commit 775f8a23f2353f5869003c57a213d14b28e0736e
2573Author: Damien Miller <djm@mindrot.org>
2574Date: Wed Aug 31 10:48:07 2016 +1000
2575
2576 tighten PAM monitor calls
2577
2578 only allow kbd-interactive ones when that authentication method is
2579 enabled. Prompted by Solar Designer
2580
2581commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4
2582Author: djm@openbsd.org <djm@openbsd.org>
2583Date: Tue Aug 30 07:50:21 2016 +0000
2584
2585 upstream commit
2586
2587 restrict monitor auth calls to be allowed only when their
2588 respective authentication methods are enabled in the configuration.
2589
2590 prompted by Solar Designer; ok markus dtucker
2591
2592 Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553
2593
2594commit b38b95f5bcc52278feb839afda2987933f68ff96
2595Author: Damien Miller <djm@mindrot.org>
2596Date: Mon Aug 29 11:47:07 2016 +1000
2597
2598 Tighten monitor state-machine flow for PAM calls
2599
2600 (attack surface reduction)
2601
2602commit dc664d1bd0fc91b24406a3e9575b81c285b8342b
2603Author: djm@openbsd.org <djm@openbsd.org>
2604Date: Sun Aug 28 22:28:12 2016 +0000
2605
2606 upstream commit
2607
2608 fix uninitialised optlen in getsockopt() call; harmless
2609 on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok
2610 deraadt@
2611
2612 Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965
2613
2614commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7
2615Author: guenther@openbsd.org <guenther@openbsd.org>
2616Date: Sat Aug 27 04:05:12 2016 +0000
2617
2618 upstream commit
2619
2620 Pull in <sys/time.h> for struct timeval
2621
2622 ok deraadt@
2623
2624 Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6
2625
2626commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538
2627Author: guenther@openbsd.org <guenther@openbsd.org>
2628Date: Sat Aug 27 04:04:56 2016 +0000
2629
2630 upstream commit
2631
2632 Pull in <stdlib.h> for NULL
2633
2634 ok deraadt@
2635
2636 Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043
2637
2638commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36
2639Author: djm@openbsd.org <djm@openbsd.org>
2640Date: Thu Aug 25 23:57:54 2016 +0000
2641
2642 upstream commit
2643
2644 add a sIgnore opcode that silently ignores options and
2645 use it to suppress noisy deprecation warnings for the Protocol directive.
2646
2647 req henning, ok markus
2648
2649 Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0
2650
2651commit a94c60306643ae904add6e8ed219e4be3494255c
2652Author: djm@openbsd.org <djm@openbsd.org>
2653Date: Thu Aug 25 23:56:51 2016 +0000
2654
2655 upstream commit
2656
2657 remove superfluous NOTREACHED comment
2658
2659 Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c
2660
2661commit fc041c47144ce28cf71353124a8a5d183cd6a251
2662Author: otto@openbsd.org <otto@openbsd.org>
2663Date: Tue Aug 23 16:21:45 2016 +0000
2664
2665 upstream commit
2666
2667 fix previous, a condition was modified incorrectly; ok
2668 markus@ deraadt@
2669
2670 Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453
2671
2672commit 23555eb13a9b0550371a16dcf8beaab7a5806a64
2673Author: djm@openbsd.org <djm@openbsd.org>
2674Date: Tue Aug 23 08:17:42 2016 +0000
2675
2676 upstream commit
2677
2678 downgrade an error() to a debug2() to match similar cases
2679 in addr_match_list()
2680
2681 Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c
2682
2683commit a39627134f6d90e7009eeb14e9582ecbc7a99192
2684Author: djm@openbsd.org <djm@openbsd.org>
2685Date: Tue Aug 23 06:36:23 2016 +0000
2686
2687 upstream commit
2688
2689 remove Protocol directive from client/server configs that
2690 causes spammy deprecation warnings
2691
2692 hardcode SSH_PROTOCOLS=2, since that's all we support on the server
2693 now (the client still may support both, so it could get confused)
2694
2695 Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181
2696
2697commit 6ee4f1c01ee31e65245881d49d4bccf014956066
2698Author: Damien Miller <djm@mindrot.org>
2699Date: Tue Aug 23 16:33:48 2016 +1000
2700
2701 hook match and utf8 unittests up to Makefile
2702
2703commit 114efe2bc0dd2842d997940a833f115e6fc04854
2704Author: djm@openbsd.org <djm@openbsd.org>
2705Date: Fri Aug 19 06:44:13 2016 +0000
2706
2707 upstream commit
2708
2709 add tests for matching functions
2710
2711 Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c
2712
2713commit 857568d2ac81c14bcfd625b27536c1e28c992b3c
2714Author: Damien Miller <djm@mindrot.org>
2715Date: Tue Aug 23 14:32:37 2016 +1000
2716
2717 removing UseLogin bits from configure.ac
2718
2719commit cc182d01cef8ca35a1d25ea9bf4e2ff72e588208
2720Author: djm@openbsd.org <djm@openbsd.org>
2721Date: Tue Aug 23 03:24:10 2016 +0000
2722
2723 upstream commit
2724
2725 fix negated address matching where the address list
2726 consists of a single negated match, e.g. "Match addr !192.20.0.1"
2727
2728 Report and patch from Jakub Jelen. bz#2397 ok dtucker@
2729
2730 Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8
2731
2732commit 4067ec8a4c64ccf16250c35ff577b4422767da64
2733Author: djm@openbsd.org <djm@openbsd.org>
2734Date: Tue Aug 23 03:22:49 2016 +0000
2735
2736 upstream commit
2737
2738 fix matching for pattern lists that contain a single
2739 negated match, e.g. "Host !example"
2740
2741 report and patch from Robin Becker. bz#1918 ok dtucker@
2742
2743 Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea
2744
2745commit 83b581862a1dbb06fc859959f829dde2654aef3c
2746Author: djm@openbsd.org <djm@openbsd.org>
2747Date: Fri Aug 19 03:18:06 2016 +0000
2748
2749 upstream commit
2750
2751 remove UseLogin option and support for having /bin/login
2752 manage login sessions; ok deraadt markus dtucker
2753
2754 Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
2755
2756commit ffe6549c2f7a999cc5264b873a60322e91862581
2757Author: naddy@openbsd.org <naddy@openbsd.org>
2758Date: Mon Aug 15 12:32:04 2016 +0000
2759
2760 upstream commit
2761
2762 Catch up with the SSH1 code removal and delete all
2763 mention of protocol 1 particularities, key files and formats, command line
2764 options, and configuration keywords from the server documentation and
2765 examples. ok jmc@
2766
2767 Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f
2768
2769commit c38ea634893a1975dbbec798fb968c9488013f4a
2770Author: naddy@openbsd.org <naddy@openbsd.org>
2771Date: Mon Aug 15 12:27:56 2016 +0000
2772
2773 upstream commit
2774
2775 Remove more SSH1 server code: * Drop sshd's -k option. *
2776 Retire configuration keywords that only apply to protocol 1, as well as the
2777 "protocol" keyword. * Remove some related vestiges of protocol 1 support.
2778
2779 ok markus@
2780
2781 Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d
2782
2783commit 33ba55d9e358c07f069e579bfab80eccaaad52cb
2784Author: Darren Tucker <dtucker@zip.com.au>
2785Date: Wed Aug 17 16:26:04 2016 +1000
2786
2787 Only check for prctl once.
2788
2789commit 976ba8a8fd66a969bf658280c1e5adf694cc2fc6
2790Author: Darren Tucker <dtucker@zip.com.au>
2791Date: Wed Aug 17 15:33:10 2016 +1000
2792
2793 Fix typo.
2794
2795commit 9abf84c25ff4448891edcde60533a6e7b2870de1
2796Author: Darren Tucker <dtucker@zip.com.au>
2797Date: Wed Aug 17 14:25:43 2016 +1000
2798
2799 Correct LDFLAGS for clang example.
2800
2801 --with-ldflags isn't used until after the -ftrapv test, so mention
2802 LDFLAGS instead for now.
2803
2804commit 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21
2805Author: Darren Tucker <dtucker@zip.com.au>
2806Date: Wed Aug 17 14:08:42 2016 +1000
2807
2808 Remove obsolete CVS $Id from source files.
2809
2810 Since -portable switched to git the CVS $Id tags are no longer being
2811 updated and are becoming increasingly misleading. Remove them.
2812
2813commit adab758242121181700e48b4f6c60d6b660411fe
2814Author: Darren Tucker <dtucker@zip.com.au>
2815Date: Wed Aug 17 13:40:58 2016 +1000
2816
2817 Remove now-obsolete CVS $Id tags from text files.
2818
2819 Since -portable switched to git, the CVS $Id tags are no longer being
2820 updated and are becoming increasingly misleading. Remove them.
2821
2822commit 560c0068541315002ec4c1c00a560bbd30f2d671
2823Author: Darren Tucker <dtucker@zip.com.au>
2824Date: Wed Aug 17 13:38:30 2016 +1000
2825
2826 Add a section for compiler specifics.
2827
2828 Add a section for compiler specifics and document the runtime requirements
2829 for clang's integer sanitization.
2830
2831commit a8fc0f42e1eda2fa3393d1ea5e61322d5e07a9cd
2832Author: Darren Tucker <dtucker@zip.com.au>
2833Date: Wed Aug 17 13:35:43 2016 +1000
2834
2835 Test multiplying two long long ints.
2836
2837 When using clang with -ftrapv or -sanitize=integer the tests would pass
2838 but linking would fail with "undefined reference to __mulodi4".
2839 Explicitly test for this before enabling -trapv.
2840
2841commit a1cc637e7e11778eb727559634a6ef1c19c619f6
2842Author: Damien Miller <djm@mindrot.org>
2843Date: Tue Aug 16 14:47:34 2016 +1000
2844
2845 add a --with-login-program configure argument
2846
2847 Saves messing around with LOGIN_PROGRAM env var, which come
2848 packaging environments make hard to do during configure phase.
2849
2850commit 8bd81e1596ab1bab355146cb65e82fb96ade3b23
2851Author: Damien Miller <djm@mindrot.org>
2852Date: Tue Aug 16 13:30:56 2016 +1000
2853
2854 add --with-pam-service to specify PAM service name
2855
2856 Saves messing around with CFLAGS to do it.
2857
2858commit 74433a19bb6f4cef607680fa4d1d7d81ca3826aa
2859Author: Damien Miller <djm@mindrot.org>
2860Date: Tue Aug 16 13:28:23 2016 +1000
2861
2862 fix false positives when compiled with msan
2863
2864 Our explicit_bzero successfully confused clang -fsanitize-memory
2865 in to thinking that memset is never called to initialise memory.
2866 Ensure that it is called in a way that the compiler recognises.
2867
2868commit 6cb6dcffe1a2204ba9006de20f73255c268fcb6b
2869Author: markus@openbsd.org <markus@openbsd.org>
2870Date: Sat Aug 13 17:47:40 2016 +0000
2871
2872 upstream commit
2873
2874 remove ssh1 server code; ok djm@
2875
2876 Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2877
2878commit 42d47adc5ad1187f22c726cbc52e71d6b1767ca2
2879Author: jca@openbsd.org <jca@openbsd.org>
2880Date: Fri Aug 12 19:19:04 2016 +0000
2881
2882 upstream commit
2883
2884 Use 2001:db8::/32, the official IPv6 subnet for
2885 configuration examples.
2886
2887 This makes the IPv6 example consistent with IPv4, and removes a dubious
2888 mention of a 6bone subnet.
2889
2890 ok sthen@ millert@
2891
2892 Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634
2893
2894commit b61f53c0c3b43c28e013d3b3696d64d1c0204821
2895Author: dtucker@openbsd.org <dtucker@openbsd.org>
2896Date: Thu Aug 11 01:42:11 2016 +0000
2897
2898 upstream commit
2899
2900 Update moduli file.
2901
2902 Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8
2903
2904commit f217d9bd42d306f69f56335231036b44502d8191
2905Author: Darren Tucker <dtucker@zip.com.au>
2906Date: Thu Aug 11 11:42:48 2016 +1000
2907
2908 Import updated moduli.
2909
2910commit 67dca60fbb4923b7a11c1645b90a5ca57c03d8be
2911Author: dtucker@openbsd.org <dtucker@openbsd.org>
2912Date: Mon Aug 8 22:40:57 2016 +0000
2913
2914 upstream commit
2915
2916 Improve error message for overlong ControlPath. ok markus@
2917 djm@
2918
2919 Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5
2920
2921commit 4706c1d8c15cd5565b59512853c2da9bd4ca26c9
2922Author: djm@openbsd.org <djm@openbsd.org>
2923Date: Wed Aug 3 05:41:57 2016 +0000
2924
2925 upstream commit
2926
2927 small refactor of cipher.c: make ciphercontext opaque to
2928 callers feedback and ok markus@
2929
2930 Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f
2931
2932commit e600348a7afd6325cc5cd783cb424065cbc20434
2933Author: dtucker@openbsd.org <dtucker@openbsd.org>
2934Date: Wed Aug 3 04:23:55 2016 +0000
2935
2936 upstream commit
2937
2938 Fix bug introduced in rev 1.467 which causes
2939 "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1
2940 and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol
2941 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de,
2942 ok deraadt@
2943
2944 Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc
2945
2946commit d7e7348e72f9b203189e3fffb75605afecba4fda
2947Author: djm@openbsd.org <djm@openbsd.org>
2948Date: Wed Jul 27 23:18:12 2016 +0000
2949
2950 upstream commit
2951
2952 better bounds check on iovcnt (we only ever use fixed,
2953 positive values)
2954
2955 Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee
2956
2957commit 5faa52d295f764562ed6dd75c4a4ce9134ae71e3
2958Author: Darren Tucker <dtucker@zip.com.au>
2959Date: Tue Aug 2 15:22:40 2016 +1000
2960
2961 Use tabs consistently inside "case $host".
2962
2963commit 20e5e8ba9c5d868d897896190542213a60fffbd2
2964Author: Darren Tucker <dtucker@zip.com.au>
2965Date: Tue Aug 2 12:16:34 2016 +1000
2966
2967 Explicitly test for broken strnvis.
2968
2969 NetBSD added an strnvis and unfortunately made it incompatible with the
2970 existing one in OpenBSD and Linux's libbsd (the former having existed
2971 for over ten years). Despite this incompatibility being reported during
2972 development (see http://gnats.netbsd.org/44977) they still shipped it.
2973 Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2974 implementation. Try to detect this mess, and assume the only safe option
2975 if we're cross compiling.
2976
2977 OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag);
2978 NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag);
2979
2980 ok djm@
2981
2982commit b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c
2983Author: Damien Miller <djm@mindrot.org>
2984Date: Tue Aug 2 11:06:23 2016 +1000
2985
2986 update recommended autoconf version
2987
2988commit 23902e31dfd18c6d7bb41ccd73de3b5358a377da
2989Author: Damien Miller <djm@mindrot.org>
2990Date: Tue Aug 2 10:48:04 2016 +1000
2991
2992 update config.guess and config.sub to current
2993
2994 upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e
2995
2996commit dd1031b78b83083615b68d7163c44f4408635be2
2997Author: Darren Tucker <dtucker@zip.com.au>
2998Date: Tue Aug 2 10:01:52 2016 +1000
2999
3000 Replace spaces with tabs.
3001
3002 Mechanically replace spaces with tabs in compat files not synced with
3003 OpenBSD.
3004
3005commit c20dccb5614c5714f4155dda01bcdebf97cfae7e
3006Author: Darren Tucker <dtucker@zip.com.au>
3007Date: Tue Aug 2 09:44:25 2016 +1000
3008
3009 Strip trailing whitespace.
3010
3011 Mechanically strip trailing whitespace on files not synced with OpenBSD
3012 (or in the case of bsd-snprint.c, rsync).
3013
3014commit 30f9bd1c0963c23bfba8468dfd26aa17609ba42f
3015Author: Darren Tucker <dtucker@zip.com.au>
3016Date: Tue Aug 2 09:06:27 2016 +1000
3017
3018 Repair $OpenBSD markers.
3019
3020commit 9715d4ad4b53877ec23dc8681dd7a405de9419a6
3021Author: Darren Tucker <dtucker@zip.com.au>
3022Date: Tue Aug 2 09:02:42 2016 +1000
3023
3024 Repair $OpenBSD marker.
3025
3026commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c
3027Author: Tim Rice <tim@multitalents.net>
3028Date: Mon Aug 1 14:31:52 2016 -0700
3029
3030 modified: configure.ac opensshd.init.in
3031 Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
3032 Spotted by Jean-Pierre Radley
3033
3034commit 99522ba7ec6963a05c04a156bf20e3ba3605987c
3035Author: Damien Miller <djm@mindrot.org>
3036Date: Thu Jul 28 08:54:27 2016 +1000
3037
3038 define _OPENBSD_SOURCE for reallocarray on NetBSD
3039
3040 Report by and debugged with Hisashi T Fujinaka, dtucker nailed
3041 the problem (lack of prototype causing return type confusion).
3042
3043commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187
3044Author: Damien Miller <djm@mindrot.org>
3045Date: Wed Jul 27 08:25:42 2016 +1000
3046
3047 KNF
3048
3049commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331
3050Author: Damien Miller <djm@mindrot.org>
3051Date: Wed Jul 27 08:25:23 2016 +1000
3052
3053 Linux auditing also needs packet.h
3054
3055commit 393bd381a45884b589baa9aed4394f1d250255ca
3056Author: Damien Miller <djm@mindrot.org>
3057Date: Wed Jul 27 08:18:05 2016 +1000
3058
3059 fix auditing on Linux
3060
3061 get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
3062
3063commit 80e766fb089de4f3c92b1600eb99e9495e37c992
3064Author: Damien Miller <djm@mindrot.org>
3065Date: Sun Jul 24 21:50:13 2016 +1000
3066
3067 crank version numbers
3068
3069commit b1a478792d458f2e938a302e64bab2b520edc1b3
3070Author: djm@openbsd.org <djm@openbsd.org>
3071Date: Sun Jul 24 11:45:36 2016 +0000
3072
3073 upstream commit
3074
3075 openssh-7.3
3076
3077 Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
3078
3079commit 353766e0881f069aeca30275ab706cd60a1a8fdd
3080Author: Darren Tucker <dtucker@zip.com.au>
3081Date: Sat Jul 23 16:14:42 2016 +1000
3082
3083 Move Cygwin IPPORT_RESERVED overrride to defines.h
3084
3085 Patch from vinschen at redhat.com.
3086
3087commit 368dd977ae07afb93f4ecea23615128c95ab2b32
3088Author: djm@openbsd.org <djm@openbsd.org>
3089Date: Sat Jul 23 02:54:08 2016 +0000
3090
3091 upstream commit
3092
3093 fix pledge violation with ssh -f; reported by Valentin
3094 Kozamernik ok dtucker@
3095
3096 Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
3097
3098commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e
3099Author: djm@openbsd.org <djm@openbsd.org>
3100Date: Fri Jul 22 07:00:46 2016 +0000
3101
3102 upstream commit
3103
3104 improve wording; suggested by jmc@
3105
3106 Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
3107
3108commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8
3109Author: dtucker@openbsd.org <dtucker@openbsd.org>
3110Date: Fri Jul 22 05:46:11 2016 +0000
3111
3112 upstream commit
3113
3114 Lower loglevel for "Authenticated with partial success"
3115 message similar to other similar level. bz#2599, patch from cgallek at
3116 gmail.com, ok markus@
3117
3118 Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
3119
3120commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6
3121Author: Damien Miller <djm@mindrot.org>
3122Date: Fri Jul 22 14:06:36 2016 +1000
3123
3124 retry waitpid on EINTR failure
3125
3126 patch from Jakub Jelen on bz#2581; ok dtucker@
3127
3128commit da88a70a89c800e74ea8e5661ffa127a3cc79a92
3129Author: djm@openbsd.org <djm@openbsd.org>
3130Date: Fri Jul 22 03:47:36 2016 +0000
3131
3132 upstream commit
3133
3134 constify a few functions' arguments; patch from Jakub
3135 Jelen bz#2581
3136
3137 Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
3138
3139commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf
3140Author: djm@openbsd.org <djm@openbsd.org>
3141Date: Fri Jul 22 03:39:13 2016 +0000
3142
3143 upstream commit
3144
3145 move debug("%p", key) to before key is free'd; probable
3146 undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
3147
3148 Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
3149
3150commit 286f5a77c3bfec1e8892ca268087ac885ac871bf
3151Author: djm@openbsd.org <djm@openbsd.org>
3152Date: Fri Jul 22 03:35:11 2016 +0000
3153
3154 upstream commit
3155
3156 reverse the order in which -J/JumpHost proxies are visited to
3157 be more intuitive and document
3158
3159 reported by and manpage bits naddy@
3160
3161 Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
3162
3163commit fcd135c9df440bcd2d5870405ad3311743d78d97
3164Author: dtucker@openbsd.org <dtucker@openbsd.org>
3165Date: Thu Jul 21 01:39:35 2016 +0000
3166
3167 upstream commit
3168
3169 Skip passwords longer than 1k in length so clients can't
3170 easily DoS sshd by sending very long passwords, causing it to spend CPU
3171 hashing them. feedback djm@, ok markus@.
3172
3173 Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
3174 360.cn and coredump at autistici.org
3175
3176 Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
3177
3178commit 324583e8fb3935690be58790425793df619c6d4d
3179Author: naddy@openbsd.org <naddy@openbsd.org>
3180Date: Wed Jul 20 10:45:27 2016 +0000
3181
3182 upstream commit
3183
3184 Do not clobber the global jump_host variables when
3185 parsing an inactive configuration. ok djm@
3186
3187 Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
3188
3189commit 32d921c323b989d28405e78d0a8923d12913d737
3190Author: jmc@openbsd.org <jmc@openbsd.org>
3191Date: Tue Jul 19 12:59:16 2016 +0000
3192
3193 upstream commit
3194
3195 tweak previous;
3196
3197 Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
3198
3199commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
3200Author: dtucker@openbsd.org <dtucker@openbsd.org>
3201Date: Tue Jul 19 11:38:53 2016 +0000
3202
3203 upstream commit
3204
3205 Allow wildcard for PermitOpen hosts as well as ports.
3206 bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
3207 markus@
3208
3209 Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
3210
3211commit b98a2a8348e907b3d71caafd80f0be8fdd075943
3212Author: markus@openbsd.org <markus@openbsd.org>
3213Date: Mon Jul 18 11:35:33 2016 +0000
3214
3215 upstream commit
3216
3217 Reduce timing attack against obsolete CBC modes by always
3218 computing the MAC over a fixed size of data. Reported by Jean Paul
3219 Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
3220
3221 Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
3222
3223commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc
3224Author: Darren Tucker <dtucker@zip.com.au>
3225Date: Thu Jul 21 14:17:31 2016 +1000
3226
3227 Search users for one with a valid salt.
3228
3229 If the root account is locked (eg password "!!" or "*LK*") keep looking
3230 until we find a user with a valid salt to use for crypting passwords of
3231 invalid users. ok djm@
3232
3233commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782
3234Author: Darren Tucker <dtucker@zip.com.au>
3235Date: Mon Jul 18 17:22:49 2016 +1000
3236
3237 Explicitly specify source files for regress tools.
3238
3239 Since adding $(REGRESSLIBS), $? is wrong because it includes only the
3240 changed source files. $< seems like it'd be right however it doesn't
3241 seem to work on some non-GNU makes, so do what works everywhere.
3242
3243commit eac1bbd06872c273f16ac0f9976b0aef026b701b
3244Author: Darren Tucker <dtucker@zip.com.au>
3245Date: Mon Jul 18 17:12:22 2016 +1000
3246
3247 Conditionally include err.h.
3248
3249commit 0a454147568746c503f669e1ba861f76a2e7a585
3250Author: Darren Tucker <dtucker@zip.com.au>
3251Date: Mon Jul 18 16:26:26 2016 +1000
3252
3253 Remove local implementation of err, errx.
3254
3255 We now have a shared implementation in libopenbsd-compat.
3256
3257commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1
3258Author: djm@openbsd.org <djm@openbsd.org>
3259Date: Mon Jul 18 06:08:01 2016 +0000
3260
3261 upstream commit
3262
3263 Add some unsigned overflow checks for extra_pad. None of
3264 these are reachable with the amount of padding that we use internally.
3265 bz#2566, pointed out by Torben Hansen. ok markus@
3266
3267 Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
3268
3269commit c71ba790c304545464bb494de974cdf0f4b5cf1e
3270Author: Darren Tucker <dtucker@zip.com.au>
3271Date: Mon Jul 18 15:43:25 2016 +1000
3272
3273 Add dependency on libs for unit tests.
3274
3275 Makes "./configure && make tests" work again. ok djm@
3276
3277commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8
3278Author: Darren Tucker <dtucker@zip.com.au>
3279Date: Mon Jul 18 13:47:39 2016 +1000
3280
3281 Correct location for kexfuzz in clean target.
3282
3283commit 01558b7b07af43da774d3a11a5c51fa9c310849d
3284Author: Darren Tucker <dtucker@zip.com.au>
3285Date: Mon Jul 18 09:33:25 2016 +1000
3286
3287 Handle PAM_MAXTRIES from modules.
3288
3289 bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
3290 password and keyboard-interative authentication methods. Should prevent
3291 "sshd ignoring max retries" warnings in the log. ok djm@
3292
3293 It probably won't trigger with keyboard-interactive in the default
3294 configuration because the retry counter is stored in module-private
3295 storage which goes away with the sshd PAM process (see bz#688). On the
3296 other hand, those cases probably won't log a warning either.
3297
3298commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc
3299Author: djm@openbsd.org <djm@openbsd.org>
3300Date: Sun Jul 17 04:20:16 2016 +0000
3301
3302 upstream commit
3303
3304 support UTF-8 characters in ssh(1) banners using
3305 schwarze@'s safe fmprintf printer; bz#2058
3306
3307 feedback schwarze@ ok dtucker@
3308
3309 Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
3310
3311commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7
3312Author: jmc@openbsd.org <jmc@openbsd.org>
3313Date: Sat Jul 16 06:57:55 2016 +0000
3314
3315 upstream commit
3316
3317 - add proxyjump to the options list - formatting fixes -
3318 update usage()
3319
3320 ok djm
3321
3322 Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
3323
3324commit af1f084857621f14bd9391aba8033d35886c2455
3325Author: dtucker@openbsd.org <dtucker@openbsd.org>
3326Date: Fri Jul 15 05:01:58 2016 +0000
3327
3328 upstream commit
3329
3330 Reduce the syslog level of some relatively common protocol
3331 events from LOG_CRIT by replacing fatal() calls with logdie(). Part of
3332 bz#2585, ok djm@
3333
3334 Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5
3335
3336commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f
3337Author: Damien Miller <djm@mindrot.org>
3338Date: Fri Jul 15 19:14:48 2016 +1000
3339
3340 missing openssl/dh.h
3341
3342commit 4a984fd342effe5f0aad874a0d538c4322d973c0
3343Author: Damien Miller <djm@mindrot.org>
3344Date: Fri Jul 15 18:47:07 2016 +1000
3345
3346 cast to avoid type warning in error message
3347
3348commit 5abfb15ced985c340359ae7fb65a625ed3692b3e
3349Author: Darren Tucker <dtucker@zip.com.au>
3350Date: Fri Jul 15 14:48:30 2016 +1000
3351
3352 Move VA_COPY macro into compat header.
3353
3354 Some AIX compilers unconditionally undefine va_copy but don't set it back
3355 to an internal function, causing link errors. In some compat code we
3356 already use VA_COPY instead so move the two existing instances into the
3357 shared header and use for sshbuf-getput-basic.c too. Should fix building
3358 with at lease some versions of AIX's compiler. bz#2589, ok djm@
3359
3360commit 832b7443b7a8e181c95898bc5d73497b7190decd
3361Author: Damien Miller <djm@mindrot.org>
3362Date: Fri Jul 15 14:45:34 2016 +1000
3363
3364 disable ciphers not supported by OpenSSL
3365
3366 bz#2466 ok dtucker@
3367
3368commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8
3369Author: Damien Miller <djm@mindrot.org>
3370Date: Fri Jul 15 13:54:31 2016 +1000
3371
3372 add a --disable-pkcs11 knob
3373
3374commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9
3375Author: Damien Miller <djm@mindrot.org>
3376Date: Fri Jul 15 13:44:38 2016 +1000
3377
3378 fix newline escaping for unsupported_algorithms
3379
3380 The hmac-ripemd160 was incorrect and could lead to broken
3381 Makefiles on systems that lacked support for it, but I made
3382 all the others consistent too.
3383
3384commit ed877ef653847d056bb433975d731b7a1132a979
3385Author: djm@openbsd.org <djm@openbsd.org>
3386Date: Fri Jul 15 00:24:30 2016 +0000
3387
3388 upstream commit
3389
3390 Add a ProxyJump ssh_config(5) option and corresponding -J
3391 ssh(1) command-line flag to allow simplified indirection through a SSH
3392 bastion or "jump host".
3393
3394 These options construct a proxy command that connects to the
3395 specified jump host(s) (more than one may be specified) and uses
3396 port-forwarding to establish a connection to the next destination.
3397
3398 This codifies the safest way of indirecting connections through SSH
3399 servers and makes it easy to use.
3400
3401 ok markus@
3402
3403 Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
3404
3405commit 5c02dd126206a26785379e80f2d3848e4470b711
3406Author: Darren Tucker <dtucker@zip.com.au>
3407Date: Fri Jul 15 12:56:39 2016 +1000
3408
3409 Map umac_ctx struct name too.
3410
3411 Prevents size mismatch linker warnings on Solaris 11.
3412
3413commit 283b97ff33ea2c641161950849931bd578de6946
3414Author: Darren Tucker <dtucker@zip.com.au>
3415Date: Fri Jul 15 13:49:44 2016 +1000
3416
3417 Mitigate timing of disallowed users PAM logins.
3418
3419 When sshd decides to not allow a login (eg PermitRootLogin=no) and
3420 it's using PAM, it sends a fake password to PAM so that the timing for
3421 the failure is not noticeably different whether or not the password
3422 is correct. This behaviour can be detected by sending a very long
3423 password string which is slower to hash than the fake password.
3424
3425 Mitigate by constructing an invalid password that is the same length
3426 as the one from the client and thus takes the same time to hash.
3427 Diff from djm@
3428
3429commit 9286875a73b2de7736b5e50692739d314cd8d9dc
3430Author: Darren Tucker <dtucker@zip.com.au>
3431Date: Fri Jul 15 13:32:45 2016 +1000
3432
3433 Determine appropriate salt for invalid users.
3434
3435 When sshd is processing a non-PAM login for a non-existent user it uses
3436 the string from the fakepw structure as the salt for crypt(3)ing the
3437 password supplied by the client. That string has a Blowfish prefix, so on
3438 systems that don't understand that crypt will fail fast due to an invalid
3439 salt, and even on those that do it may have significantly different timing
3440 from the hash methods used for real accounts (eg sha512). This allows
3441 user enumeration by, eg, sending large password strings. This was noted
3442 by EddieEzra.Harari at verint.com (CVE-2016-6210).
3443
3444 To mitigate, use the same hash algorithm that root uses for hashing
3445 passwords for users that do not exist on the system. ok djm@
3446
3447commit a162dd5e58ca5b224d7500abe35e1ef32b5de071
3448Author: Darren Tucker <dtucker@zip.com.au>
3449Date: Thu Jul 14 21:19:59 2016 +1000
3450
3451 OpenSSL 1.1.x not currently supported.
3452
3453commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb
3454Author: Darren Tucker <dtucker@zip.com.au>
3455Date: Thu Jul 14 12:25:24 2016 +1000
3456
3457 Check for VIS_ALL.
3458
3459 If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
3460
3461commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0
3462Author: dtucker@openbsd.org <dtucker@openbsd.org>
3463Date: Thu Jul 14 01:24:21 2016 +0000
3464
3465 upstream commit
3466
3467 Correct equal in test.
3468
3469 Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a
3470
3471commit 372807c2065c8572fdc6478b25cc5ac363743073
3472Author: tb@openbsd.org <tb@openbsd.org>
3473Date: Mon Jul 11 21:38:13 2016 +0000
3474
3475 upstream commit
3476
3477 Add missing "recvfd" pledge promise: Raf Czlonka reported
3478 ssh coredumps when Control* keywords were set in ssh_config. This patch also
3479 fixes similar problems with scp and sftp.
3480
3481 ok deraadt, looks good to millert
3482
3483 Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
3484
3485commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd
3486Author: tedu@openbsd.org <tedu@openbsd.org>
3487Date: Mon Jul 11 03:19:44 2016 +0000
3488
3489 upstream commit
3490
3491 obsolete note about fascistloggin is obsolete. ok djm
3492 dtucker
3493
3494 Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
3495
3496commit a2333584170a565adf4f209586772ef8053b10b8
3497Author: Darren Tucker <dtucker@zip.com.au>
3498Date: Thu Jul 14 10:59:09 2016 +1000
3499
3500 Add compat code for missing wcwidth.
3501
3502 If we don't have wcwidth force fallback implementations of nl_langinfo
3503 and mbtowc. Based on advice from Ingo Schwarze.
3504
3505commit 8aaec7050614494014c47510b7e94daf6e644c62
3506Author: Damien Miller <djm@mindrot.org>
3507Date: Thu Jul 14 09:48:48 2016 +1000
3508
3509 fix missing include for systems with err.h
3510
3511commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243
3512Author: Darren Tucker <dtucker@zip.com.au>
3513Date: Wed Jul 13 14:42:35 2016 +1000
3514
3515 Move err.h replacements into compat lib.
3516
3517 Move implementations of err.h replacement functions into their own file
3518 in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
3519
3520commit f3f2cc8386868f51440c45210098f65f9787449a
3521Author: Darren Tucker <dtucker@zip.com.au>
3522Date: Mon Jul 11 17:23:38 2016 +1000
3523
3524 Check for wchar.h and langinfo.h
3525
3526 Wrap includes in the appropriate #ifdefs.
3527
3528commit b9c50614eba9d90939b2b119b6e1b7e03b462278
3529Author: Damien Miller <djm@mindrot.org>
3530Date: Fri Jul 8 13:59:13 2016 +1000
3531
3532 whitelist more architectures for seccomp-bpf
3533
3534 bz#2590 - testing and patch from Jakub Jelen
3535
3536commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
3537Author: guenther@openbsd.org <guenther@openbsd.org>
3538Date: Mon Jul 4 18:01:44 2016 +0000
3539
3540 upstream commit
3541
3542 DEBUGLIBS has been broken since the gcc4 switch, so delete
3543 it. CFLAGS contains -g by default anyway
3544
3545 problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
3546 ok millert@ kettenis@ deraadt@
3547
3548 Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
3549
3550commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
3551Author: djm@openbsd.org <djm@openbsd.org>
3552Date: Fri Jul 8 03:44:42 2016 +0000
3553
3554 upstream commit
3555
3556 Improve crypto ordering for Encrypt-then-MAC (EtM) mode
3557 MAC algorithms.
3558
3559 Previously we were computing the MAC, decrypting the packet and then
3560 checking the MAC. This gave rise to the possibility of creating a
3561 side-channel oracle in the decryption step, though no such oracle has
3562 been identified.
3563
3564 This adds a mac_check() function that computes and checks the MAC in
3565 one pass, and uses it to advance MAC checking for EtM algorithms to
3566 before payload decryption.
3567
3568 Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
3569 Martin Albrecht. feedback and ok markus@
3570
3571 Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
3572
3573commit 71f5598f06941f645a451948c4a5125c83828e1c
3574Author: guenther@openbsd.org <guenther@openbsd.org>
3575Date: Mon Jul 4 18:01:44 2016 +0000
3576
3577 upstream commit
3578
3579 DEBUGLIBS has been broken since the gcc4 switch, so
3580 delete it. CFLAGS contains -g by default anyway
3581
3582 problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
3583 ok millert@ kettenis@ deraadt@
3584
3585 Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
3586
3587commit e683fc6f1c8c7295648dbda679df8307786ec1ce
3588Author: dtucker@openbsd.org <dtucker@openbsd.org>
3589Date: Thu Jun 30 05:17:05 2016 +0000
3590
3591 upstream commit
3592
3593 Explicitly check for 100% completion to avoid potential
3594 floating point rounding error, which could cause progressmeter to report 99%
3595 on completion. While there invert the test so the 100% case is clearer. with
3596 & ok djm@
3597
3598 Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
3599
3600commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
3601Author: jmc@openbsd.org <jmc@openbsd.org>
3602Date: Wed Jun 29 17:14:28 2016 +0000
3603
3604 upstream commit
3605
3606 sort the -o list;
3607
3608 Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
3609
3610commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af
3611Author: djm@openbsd.org <djm@openbsd.org>
3612Date: Thu Jun 23 05:17:51 2016 +0000
3613
3614 upstream commit
3615
3616 fix AuthenticationMethods during configuration re-parse;
3617 reported by Juan Francisco Cantero Hurtado
3618
3619 Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
3620
3621commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e
3622Author: djm@openbsd.org <djm@openbsd.org>
3623Date: Sun Jun 19 07:48:02 2016 +0000
3624
3625 upstream commit
3626
3627 revert 1.34; causes problems loading public keys
3628
3629 reported by semarie@
3630
3631 Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
3632
3633commit ad23a75509f4320d43f628c50f0817e3ad12bfa7
3634Author: jmc@openbsd.org <jmc@openbsd.org>
3635Date: Fri Jun 17 06:33:30 2016 +0000
3636
3637 upstream commit
3638
3639 grammar fix;
3640
3641 Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
3642
3643commit 5e28b1a2a3757548b40018cc2493540a17c82e27
3644Author: djm@openbsd.org <djm@openbsd.org>
3645Date: Fri Jun 17 05:06:23 2016 +0000
3646
3647 upstream commit
3648
3649 translate OpenSSL error codes to something more
3650 meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
3651
3652 Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
3653
3654commit b64faeb5eda7eff8210c754d00464f9fe9d23de5
3655Author: djm@openbsd.org <djm@openbsd.org>
3656Date: Fri Jun 17 05:03:40 2016 +0000
3657
3658 upstream commit
3659
3660 ban AuthenticationMethods="" and accept
3661 AuthenticationMethods=any for the default behaviour of not requiring multiple
3662 authentication
3663
3664 bz#2398 from Jakub Jelen; ok dtucker@
3665
3666 Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
3667
3668commit 9816fc5daee5ca924dd5c4781825afbaab728877
3669Author: dtucker@openbsd.org <dtucker@openbsd.org>
3670Date: Thu Jun 16 11:00:17 2016 +0000
3671
3672 upstream commit
3673
3674 Include stdarg.h for va_copy as per man page.
3675
3676 Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
3677
3678commit b6cf84b51bc0f5889db48bf29a0c771954ade283
3679Author: jmc@openbsd.org <jmc@openbsd.org>
3680Date: Thu Jun 16 06:10:45 2016 +0000
3681
3682 upstream commit
3683
3684 keys stored in openssh format can have comments too; diff
3685 from yonas yanfa, tweaked a bit;
3686
3687 ok djm
3688
3689 Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
3690
3691commit aa37768f17d01974b6bfa481e5e83841b6c76f86
3692Author: Darren Tucker <dtucker@zip.com.au>
3693Date: Mon Jun 20 15:55:34 2016 +1000
3694
3695 get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX
3696
3697 Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
3698 change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
3699 Fixes build on AIX.
3700
3701commit 009891afc8df37bc2101e15d1e0b6433cfb90549
3702Author: Darren Tucker <dtucker@zip.com.au>
3703Date: Fri Jun 17 14:34:09 2016 +1000
3704
3705 Remove duplicate code from PAM. ok djm@
3706
3707commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba
3708Author: dtucker@openbsd.org <dtucker@openbsd.org>
3709Date: Wed Jun 15 00:40:40 2016 +0000
3710
3711 upstream commit
3712
3713 Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
3714 about forward and reverse DNS not matching. We haven't supported IP-based
3715 auth methods for a very long time so it's now misleading. part of bz#2585,
3716 ok markus@
3717
3718 Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
3719
3720commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd
3721Author: Darren Tucker <dtucker@zip.com.au>
3722Date: Wed Jun 15 11:22:38 2016 +1000
3723
3724 Move platform_disable_tracing into its own file.
3725
3726 Prevents link errors resolving the extern "options" when platform.o
3727 gets linked into ssh-agent when building --with-pam.
3728
3729commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070
3730Author: Darren Tucker <dtucker@zip.com.au>
3731Date: Tue Jun 14 13:55:12 2016 +1000
3732
3733 Track skipped upstream commit IDs.
3734
3735 There are a small number of "upstream" commits that do not correspond to
3736 a file in -portable. This file tracks those so that we can reconcile
3737 OpenBSD and Portable to ensure that no commits are accidentally missed.
3738
3739 If you add something to .skipped-commit-ids please also add an upstream
3740 ID line in the following format when you commit it.
3741
3742 Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
3743 Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
3744 Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
3745 Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
3746 Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
3747 Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
3748 Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
3749 Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
3750 Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
3751 Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
3752
3753commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f
3754Author: Darren Tucker <dtucker@zip.com.au>
3755Date: Tue Jun 14 13:51:01 2016 +1000
3756
3757 Remove now-defunct .cvsignore files. ok djm
3758
3759commit 68777faf271efb2713960605c748f6c8a4b26d55
3760Author: dtucker@openbsd.org <dtucker@openbsd.org>
3761Date: Wed Jun 8 02:13:01 2016 +0000
3762
3763 upstream commit
3764
3765 Back out rev 1.28 "Check min and max sizes sent by the
3766 client" change. It caused "key_verify failed for server_host_key" in clients
3767 that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
3768 ok djm@
3769
3770 Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
3771
3772commit a86ec4d0737ac5879223e7cd9d68c448df46e169
3773Author: Darren Tucker <dtucker@zip.com.au>
3774Date: Tue Jun 14 10:48:27 2016 +1000
3775
3776 Use Solaris setpflags(__PROC_PROTECT, ...).
3777
3778 Where possible, use Solaris setpflags to disable process tracing on
3779 ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
3780 at oracle.com, ok djm.
3781
3782commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573
3783Author: Darren Tucker <dtucker@zip.com.au>
3784Date: Tue Jun 14 10:43:53 2016 +1000
3785
3786 Shorten prctl code a tiny bit.
3787
3788commit 0fb7f5985351fbbcd2613d8485482c538e5123be
3789Author: Darren Tucker <dtucker@zip.com.au>
3790Date: Thu Jun 9 16:23:07 2016 +1000
3791
3792 Move prctl PR_SET_DUMPABLE into platform.c.
3793
3794 This should make it easier to add additional platform support such as
3795 Solaris (bz#2584).
3796
3797commit e6508898c3cd838324ecfe1abd0eb8cf802e7106
3798Author: dtucker@openbsd.org <dtucker@openbsd.org>
3799Date: Fri Jun 3 04:10:41 2016 +0000
3800
3801 upstream commit
3802
3803 Add a test for ssh(1)'s config file parsing.
3804
3805 Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
3806
3807commit ab0a536066dfa32def0bd7272c096ebb5eb25b11
3808Author: dtucker@openbsd.org <dtucker@openbsd.org>
3809Date: Fri Jun 3 03:47:59 2016 +0000
3810
3811 upstream commit
3812
3813 Add 'sshd' to the test ID as I'm about to add a similar
3814 set for ssh.
3815
3816 Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
3817
3818commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb
3819Author: schwarze@openbsd.org <schwarze@openbsd.org>
3820Date: Mon May 30 12:14:08 2016 +0000
3821
3822 upstream commit
3823
3824 stricter malloc.conf(5) options for utf8 tests
3825
3826 Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
3827
3828commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc
3829Author: schwarze@openbsd.org <schwarze@openbsd.org>
3830Date: Mon May 30 12:05:56 2016 +0000
3831
3832 upstream commit
3833
3834 Fix two rare edge cases: 1. If vasprintf() returns < 0,
3835 do not access a NULL pointer in snmprintf(), and do not free() the pointer
3836 returned from vasprintf() because on some systems other than OpenBSD, it
3837 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
3838 rather than -1 and NULL.
3839
3840 Besides, free(dst) is pointless after failure (not a bug).
3841
3842 One half OK martijn@, the other half OK deraadt@;
3843 committing quickly before people get hurt.
3844
3845 Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
3846
3847commit 016881eb33a7948028848c90f4c7ac42e3af0e87
3848Author: schwarze@openbsd.org <schwarze@openbsd.org>
3849Date: Thu May 26 19:14:25 2016 +0000
3850
3851 upstream commit
3852
3853 test the new utf8 module
3854
3855 Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
3856
3857commit d4219028bdef448e089376f3afe81ef6079da264
3858Author: dtucker@openbsd.org <dtucker@openbsd.org>
3859Date: Tue May 3 15:30:46 2016 +0000
3860
3861 upstream commit
3862
3863 Set umask to prevent "Bad owner or permissions" errors.
3864
3865 Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
3866
3867commit 07d5608bb237e9b3fe86a2aeaa429392230faebf
3868Author: djm@openbsd.org <djm@openbsd.org>
3869Date: Tue May 3 14:41:04 2016 +0000
3870
3871 upstream commit
3872
3873 support doas
3874
3875 Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
3876
3877commit 01cabf10adc7676cba5f40536a34d3b246edb73f
3878Author: djm@openbsd.org <djm@openbsd.org>
3879Date: Tue May 3 13:48:33 2016 +0000
3880
3881 upstream commit
3882
3883 unit tests for sshbuf_dup_string()
3884
3885 Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
3886
3887commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372
3888Author: jmc@openbsd.org <jmc@openbsd.org>
3889Date: Fri Jun 3 06:44:12 2016 +0000
3890
3891 upstream commit
3892
3893 tweak previous;
3894
3895 Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
3896
3897commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4
3898Author: dtucker@openbsd.org <dtucker@openbsd.org>
3899Date: Fri Jun 3 04:09:38 2016 +0000
3900
3901 upstream commit
3902
3903 Allow ExitOnForwardFailure and ClearAllForwardings to be
3904 overridden when using ssh -W (but still default to yes in that case).
3905 bz#2577, ok djm@.
3906
3907 Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
3908
3909commit 8543ff3f5020fe659839b15f05b8c522bde6cee5
3910Author: dtucker@openbsd.org <dtucker@openbsd.org>
3911Date: Fri Jun 3 03:14:41 2016 +0000
3912
3913 upstream commit
3914
3915 Move the host and port used by ssh -W into the Options
3916 struct. This will make future changes a bit easier. ok djm@
3917
3918 Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
3919
3920commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368
3921Author: dtucker@openbsd.org <dtucker@openbsd.org>
3922Date: Wed Jun 1 04:19:49 2016 +0000
3923
3924 upstream commit
3925
3926 Check min and max sizes sent by the client against what
3927 we support before passing them to the monitor. ok djm@
3928
3929 Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
3930
3931commit 564cd2a8926ccb1dca43a535073540935b5e0373
3932Author: dtucker@openbsd.org <dtucker@openbsd.org>
3933Date: Tue May 31 23:46:14 2016 +0000
3934
3935 upstream commit
3936
3937 Ensure that the client's proposed DH-GEX max value is at
3938 least as big as the minimum the server will accept. ok djm@
3939
3940 Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
3941
3942commit df820722e40309c9b3f360ea4ed47a584ed74333
3943Author: Darren Tucker <dtucker@zip.com.au>
3944Date: Mon Jun 6 11:36:13 2016 +1000
3945
3946 Add compat bits to utf8.c.
3947
3948commit 05c6574652571becfe9d924226c967a3f4b3f879
3949Author: Darren Tucker <dtucker@zip.com.au>
3950Date: Mon Jun 6 11:33:43 2016 +1000
3951
3952 Fix utf->utf8 typo.
3953
3954commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce
3955Author: schwarze@openbsd.org <schwarze@openbsd.org>
3956Date: Mon May 30 18:34:41 2016 +0000
3957
3958 upstream commit
3959
3960 Backout rev. 1.43 for now.
3961
3962 The function update_progress_meter() calls refresh_progress_meter()
3963 which calls snmprintf() which calls malloc(); but update_progress_meter()
3964 acts as the SIGALRM signal handler.
3965
3966 "malloc(): error: recursive call" reported by sobrado@.
3967
3968 Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
3969
3970commit cd9e1eabeb4137182200035ab6fa4522f8d24044
3971Author: schwarze@openbsd.org <schwarze@openbsd.org>
3972Date: Mon May 30 12:57:21 2016 +0000
3973
3974 upstream commit
3975
3976 Even when only writing an unescaped character, the dst
3977 buffer may need to grow, or it would be overrun; issue found by tb@ with
3978 malloc.conf(5) 'C'.
3979
3980 While here, reserve an additional byte for the terminating NUL
3981 up front such that we don't have to realloc() later just for that.
3982
3983 OK tb@
3984
3985 Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
3986
3987commit ac284a355f8065eaef2a16f446f3c44cdd17371d
3988Author: schwarze@openbsd.org <schwarze@openbsd.org>
3989Date: Mon May 30 12:05:56 2016 +0000
3990
3991 upstream commit
3992
3993 Fix two rare edge cases: 1. If vasprintf() returns < 0,
3994 do not access a NULL pointer in snmprintf(), and do not free() the pointer
3995 returned from vasprintf() because on some systems other than OpenBSD, it
3996 might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
3997 rather than -1 and NULL.
3998
3999 Besides, free(dst) is pointless after failure (not a bug).
4000
4001 One half OK martijn@, the other half OK deraadt@;
4002 committing quickly before people get hurt.
4003
4004 Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
4005
4006commit 0e059cdf5fd86297546c63fa8607c24059118832
4007Author: schwarze@openbsd.org <schwarze@openbsd.org>
4008Date: Wed May 25 23:48:45 2016 +0000
4009
4010 upstream commit
4011
4012 To prevent screwing up terminal settings when printing to
4013 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
4014 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
4015 character sets, abort printing of the current string in these cases. In
4016 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
4017 sanitize data received from the remote host; * sanitize filenames, usernames,
4018 and similar data even locally; * take character display widths into account
4019 for the progressmeter.
4020
4021 This is believed to be sufficient to keep the local terminal safe
4022 on OpenBSD, but bad things can still happen on other systems with
4023 state-dependent locales because many places in the code print
4024 unencoded ASCII characters into the output stream.
4025
4026 Using feedback from djm@ and martijn@,
4027 various aspects discussed with many others.
4028
4029 deraadt@ says it should go in now, i probably already hesitated too long
4030
4031 Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
4032
4033commit 8c02e3639acefe1e447e293dbe23a0917abd3734
4034Author: dtucker@openbsd.org <dtucker@openbsd.org>
4035Date: Tue May 24 04:43:45 2016 +0000
4036
4037 upstream commit
4038
4039 KNF compression proposal and simplify the client side a
4040 little. ok djm@
4041
4042 Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
4043
4044commit 7ec4946fb686813eb5f8c57397e465f5485159f4
4045Author: dtucker@openbsd.org <dtucker@openbsd.org>
4046Date: Tue May 24 02:31:57 2016 +0000
4047
4048 upstream commit
4049
4050 Back out 'plug memleak'.
4051
4052 Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
4053
4054commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5
4055Author: djm@openbsd.org <djm@openbsd.org>
4056Date: Mon May 23 23:30:50 2016 +0000
4057
4058 upstream commit
4059
4060 prefer agent-hosted keys to keys from PKCS#11; ok markus
4061
4062 Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4
4063
4064commit a0cb7778fbc9b43458f7072eb68dd858766384d1
4065Author: dtucker@openbsd.org <dtucker@openbsd.org>
4066Date: Mon May 23 00:17:27 2016 +0000
4067
4068 upstream commit
4069
4070 Plug mem leak in filter_proposal. ok djm@
4071
4072 Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34
4073
4074commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743
4075Author: Darren Tucker <dtucker@zip.com.au>
4076Date: Fri Jun 3 16:03:44 2016 +1000
4077
4078 Update vis.h and vis.c from OpenBSD.
4079
4080 This will be needed for the upcoming utf8 changes.
4081
4082commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77
4083Author: Tim Rice <tim@multitalents.net>
4084Date: Tue May 31 11:13:22 2016 -0700
4085
4086 modified: configure.ac
4087 whitspace clean up. No code changes.
4088
4089commit 604a037d84e41e31f0aec9075df0b8740c130200
4090Author: Damien Miller <djm@mindrot.org>
4091Date: Tue May 31 16:45:28 2016 +1000
4092
4093 whitespace at EOL
4094
4095commit 18424200160ff5c923113e0a37ebe21ab7bcd17c
4096Author: Darren Tucker <dtucker@zip.com.au>
4097Date: Mon May 30 19:35:28 2016 +1000
4098
4099 Add missing ssh-host-config --name option
4100
4101 Patch from vinschen@redhat.com.
4102
4103commit 39c0cecaa188a37a2e134795caa68e03f3ced592
4104Author: Darren Tucker <dtucker@zip.com.au>
4105Date: Fri May 20 10:01:58 2016 +1000
4106
4107 Fix comment about sshpam_const and AIX.
4108
4109 From mschwager via github.
4110
4111commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30
4112Author: Damien Miller <djm@mindrot.org>
4113Date: Fri May 20 09:56:53 2016 +1000
4114
4115 Deny lstat syscalls in seccomp sandbox
4116
4117 Avoids sandbox violations for some krb/gssapi libraries.
4118
4119commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0
4120Author: djm@openbsd.org <djm@openbsd.org>
4121Date: Thu May 19 07:45:32 2016 +0000
4122
4123 upstream commit
4124
4125 fix type of ed25519 values
4126
4127 Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0
4128
4129commit 75e21688f523799c9e0cc6601d76a9c5ca79f787
4130Author: markus@openbsd.org <markus@openbsd.org>
4131Date: Wed May 4 14:32:26 2016 +0000
4132
4133 upstream commit
4134
4135 add IdentityAgent; noticed & ok jmc@
4136
4137 Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a
4138
4139commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b
4140Author: markus@openbsd.org <markus@openbsd.org>
4141Date: Wed May 4 14:29:58 2016 +0000
4142
4143 upstream commit
4144
4145 allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@
4146
4147 Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac
4148
4149commit 0516454151ae722fc8256c3c56115c6baf24c5b0
4150Author: markus@openbsd.org <markus@openbsd.org>
4151Date: Wed May 4 14:22:33 2016 +0000
4152
4153 upstream commit
4154
4155 move SSH_MSG_NONE, so we don't have to include ssh1.h;
4156 ok deraadt@
4157
4158 Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
4159
4160commit 332ff3d770631e7513fea38cf0d3689f673f0e3f
4161Author: Damien Miller <djm@mindrot.org>
4162Date: Tue May 10 09:51:06 2016 +1000
4163
4164 initialise salen in binresvport_sa
4165
4166 avoids failures with UsePrivilegedPort=yes
4167
4168 patch from Juan Gallego
4169
4170commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804
4171Author: markus@openbsd.org <markus@openbsd.org>
4172Date: Wed May 4 14:04:40 2016 +0000
4173
4174 upstream commit
4175
4176 missing const in prototypes (ssh1)
4177
4178 Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05
4179
4180commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28
4181Author: dtucker@openbsd.org <dtucker@openbsd.org>
4182Date: Wed May 4 14:00:09 2016 +0000
4183
4184 upstream commit
4185
4186 Fix inverted logic for updating StreamLocalBindMask which
4187 would cause the server to set an invalid mask. ok djm@
4188
4189 Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587
4190
4191commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81
4192Author: markus@openbsd.org <markus@openbsd.org>
4193Date: Wed May 4 12:21:53 2016 +0000
4194
4195 upstream commit
4196
4197 IdentityAgent for specifying specific agent sockets; ok
4198 djm@
4199
4200 Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1
4201
4202commit 910e59bba09ac309d78ce61e356da35292212935
4203Author: djm@openbsd.org <djm@openbsd.org>
4204Date: Wed May 4 12:16:39 2016 +0000
4205
4206 upstream commit
4207
4208 fix junk characters after quotes
4209
4210 Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578
4211
4212commit 9283884e647b8be50ccd2997537af0065672107d
4213Author: jmc@openbsd.org <jmc@openbsd.org>
4214Date: Tue May 3 18:38:12 2016 +0000
4215
4216 upstream commit
4217
4218 correct article;
4219
4220 Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
4221
4222commit cfefbcea1057c2623e76c579174a4107a0b6e6cd
4223Author: djm@openbsd.org <djm@openbsd.org>
4224Date: Tue May 3 15:57:39 2016 +0000
4225
4226 upstream commit
4227
4228 fix overriding of StreamLocalBindMask and
4229 StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes
4230
4231 Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2
4232
4233commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549
4234Author: djm@openbsd.org <djm@openbsd.org>
4235Date: Tue May 3 15:25:06 2016 +0000
4236
4237 upstream commit
4238
4239 don't forget to include StreamLocalBindUnlink in the
4240 config dump output
4241
4242 Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb
4243
4244commit cdcd941994dc430f50d0a4e6a712d32b66e6199e
4245Author: djm@openbsd.org <djm@openbsd.org>
4246Date: Tue May 3 14:54:08 2016 +0000
4247
4248 upstream commit
4249
4250 make nethack^wrandomart fingerprint flag more readily
4251 searchable pointed out by Matt Johnston
4252
4253 Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
4254
4255commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d
4256Author: djm@openbsd.org <djm@openbsd.org>
4257Date: Tue May 3 13:10:24 2016 +0000
4258
4259 upstream commit
4260
4261 clarify ordering of subkeys; pointed out by ietf-ssh AT
4262 stbuehler.de
4263
4264 Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463
4265
4266commit cca3b4395807bfb7aaeb83d2838f5c062ce30566
4267Author: dtucker@openbsd.org <dtucker@openbsd.org>
4268Date: Tue May 3 12:15:49 2016 +0000
4269
4270 upstream commit
4271
4272 Use a subshell for constructing key types to work around
4273 different sed behaviours for -portable.
4274
4275 Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d
4276
4277commit fa58208c6502dcce3e0daac0ca991ee657daf1f5
4278Author: djm@openbsd.org <djm@openbsd.org>
4279Date: Tue May 3 10:27:59 2016 +0000
4280
4281 upstream commit
4282
4283 correct some typos and remove a long-stale XXX note.
4284
4285 add specification for ed25519 certificates
4286
4287 mention no host certificate options/extensions are currently defined
4288
4289 pointed out by Simon Tatham
4290
4291 Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a
4292
4293commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04
4294Author: djm@openbsd.org <djm@openbsd.org>
4295Date: Tue May 3 10:24:27 2016 +0000
4296
4297 upstream commit
4298
4299 add ed25519 keys that are supported but missing from this
4300 documents; from Peter Moody
4301
4302 Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b
4303
4304commit 7f3d76319a69dab2efe3a520a8fef5b97e923636
4305Author: dtucker@openbsd.org <dtucker@openbsd.org>
4306Date: Tue May 3 09:03:49 2016 +0000
4307
4308 upstream commit
4309
4310 Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch
4311 from Simon Tatham, ok markus@
4312
4313 Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8
4314
4315commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62
4316Author: djm@openbsd.org <djm@openbsd.org>
4317Date: Mon May 2 14:10:58 2016 +0000
4318
4319 upstream commit
4320
4321 unbreak config parsing on reexec from previous commit
4322
4323 Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab
4324
4325commit 67f1459efd2e85bf03d032539283fa8107218936
4326Author: djm@openbsd.org <djm@openbsd.org>
4327Date: Mon May 2 09:52:00 2016 +0000
4328
4329 upstream commit
4330
4331 unit and regress tests for SHA256/512; ok markus
4332
4333 Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6
4334
4335commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7
4336Author: djm@openbsd.org <djm@openbsd.org>
4337Date: Mon May 2 10:26:04 2016 +0000
4338
4339 upstream commit
4340
4341 add support for additional fixed DH groups from
4342 draft-ietf-curdle-ssh-kex-sha2-03
4343
4344 diffie-hellman-group14-sha256 (2K group)
4345 diffie-hellman-group16-sha512 (4K group)
4346 diffie-hellman-group18-sha512 (8K group)
4347
4348 based on patch from Mark D. Baushke and Darren Tucker
4349 ok markus@
4350
4351 Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
4352
4353commit 57464e3934ba53ad8590ee3ccd840f693407fc1e
4354Author: djm@openbsd.org <djm@openbsd.org>
4355Date: Mon May 2 09:36:42 2016 +0000
4356
4357 upstream commit
4358
4359 support SHA256 and SHA512 RSA signatures in certificates;
4360 ok markus@
4361
4362 Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a
4363
4364commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e
4365Author: djm@openbsd.org <djm@openbsd.org>
4366Date: Mon May 2 08:49:03 2016 +0000
4367
4368 upstream commit
4369
4370 fix signed/unsigned errors reported by clang-3.7; add
4371 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
4372 better safety checking; feedback and ok markus@
4373
4374 Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
4375
4376commit d2d6bf864e52af8491a60dd507f85b74361f5da3
4377Author: djm@openbsd.org <djm@openbsd.org>
4378Date: Fri Apr 29 08:07:53 2016 +0000
4379
4380 upstream commit
4381
4382 close ControlPersist background process stderr when not
4383 in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
4384
4385 Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
4386
4387commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8
4388Author: djm@openbsd.org <djm@openbsd.org>
4389Date: Thu Apr 28 14:30:21 2016 +0000
4390
4391 upstream commit
4392
4393 fix comment
4394
4395 Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15
4396
4397commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6
4398Author: jmc@openbsd.org <jmc@openbsd.org>
4399Date: Wed Apr 27 13:53:48 2016 +0000
4400
4401 upstream commit
4402
4403 cidr permitted for {allow,deny}users; from lars nooden ok djm
4404
4405 Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11
4406
4407commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22
4408Author: djm@openbsd.org <djm@openbsd.org>
4409Date: Thu Apr 21 06:08:02 2016 +0000
4410
4411 upstream commit
4412
4413 make argument == NULL tests more consistent
4414
4415 Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d
4416
4417commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3
4418Author: jmc@openbsd.org <jmc@openbsd.org>
4419Date: Sun Apr 17 14:34:46 2016 +0000
4420
4421 upstream commit
4422
4423 tweak previous;
4424
4425 Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f
4426
4427commit 0f839e5969efa3bda615991be8a9d9311554c573
4428Author: djm@openbsd.org <djm@openbsd.org>
4429Date: Fri Apr 15 02:57:10 2016 +0000
4430
4431 upstream commit
4432
4433 missing bit of Include regress
4434
4435 Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f
4436
4437commit 12e4ac46aed681da55c2bba3cd11dfcab23591be
4438Author: djm@openbsd.org <djm@openbsd.org>
4439Date: Fri Apr 15 02:55:53 2016 +0000
4440
4441 upstream commit
4442
4443 remove redundant CLEANFILES section
4444
4445 Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587
4446
4447commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c
4448Author: djm@openbsd.org <djm@openbsd.org>
4449Date: Fri Apr 15 00:48:01 2016 +0000
4450
4451 upstream commit
4452
4453 sync CLEANFILES with portable, sort
4454
4455 Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed
4456
4457commit 35f22dad263cce5c61d933ae439998cb965b8748
4458Author: djm@openbsd.org <djm@openbsd.org>
4459Date: Fri Apr 15 00:31:10 2016 +0000
4460
4461 upstream commit
4462
4463 regression test for ssh_config Include directive
4464
4465 Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e
4466
4467commit 6b8a1a87005818d4700ce8b42faef746e82c1f51
4468Author: djm@openbsd.org <djm@openbsd.org>
4469Date: Thu Apr 14 23:57:17 2016 +0000
4470
4471 upstream commit
4472
4473 unbreak test for recent ssh de-duplicated forwarding
4474 change
4475
4476 Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3
4477
4478commit 076787702418985a2cc6808212dc28ce7afc01f0
4479Author: djm@openbsd.org <djm@openbsd.org>
4480Date: Thu Apr 14 23:21:42 2016 +0000
4481
4482 upstream commit
4483
4484 add test knob and warning for StrictModes
4485
4486 Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682
4487
4488commit dc7990be865450574c7940c9880567f5d2555b37
4489Author: djm@openbsd.org <djm@openbsd.org>
4490Date: Fri Apr 15 00:30:19 2016 +0000
4491
4492 upstream commit
4493
4494 Include directive for ssh_config(5); feedback & ok markus@
4495
4496 Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff
4497
4498commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755
4499Author: Damien Miller <djm@mindrot.org>
4500Date: Wed Apr 13 10:39:57 2016 +1000
4501
4502 ignore PAM environment vars when UseLogin=yes
4503
4504 If PAM is configured to read user-specified environment variables
4505 and UseLogin=yes in sshd_config, then a hostile local user may
4506 attack /bin/login via LD_PRELOAD or similar environment variables
4507 set via PAM.
4508
4509 CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
4510
4511commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9
4512Author: djm@openbsd.org <djm@openbsd.org>
4513Date: Sat Apr 9 12:39:30 2016 +0000
4514
4515 upstream commit
4516
4517 make private key loading functions consistently handle NULL
4518 key pointer arguments; ok markus@
4519
4520 Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761
4521
4522commit 5f41f030e2feb5295657285aa8c6602c7810bc4b
4523Author: Darren Tucker <dtucker@zip.com.au>
4524Date: Fri Apr 8 21:14:13 2016 +1000
4525
4526 Remove NO_IPPORT_RESERVED_CONCEPT
4527
4528 Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have
4529 the same effect without causing problems syncing patches with OpenBSD.
4530 Resync the two affected functions with OpenBSD. ok djm, sanity checked
4531 by Corinna.
4532
4533commit 34a01b2cf737d946ddb140618e28c3048ab7a229
4534Author: djm@openbsd.org <djm@openbsd.org>
4535Date: Fri Apr 8 08:19:17 2016 +0000
4536
4537 upstream commit
4538
4539 whitespace at EOL
4540
4541 Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
4542
4543commit 90ee563fa6b54c59896c6c332c5188f866c5e75f
4544Author: djm@openbsd.org <djm@openbsd.org>
4545Date: Fri Apr 8 06:35:54 2016 +0000
4546
4547 upstream commit
4548
4549 We accidentally send an empty string and a zero uint32 with
4550 every direct-streamlocal@openssh.com channel open, in contravention of our
4551 own spec.
4552
4553 Fixing this is too hard wrt existing versions that expect these
4554 fields to be present and fatal() if they aren't, so document them
4555 as "reserved" fields in the PROTOCOL spec as though we always
4556 intended this and let us never speak of it again.
4557
4558 bz#2529, reported by Ron Frederick
4559
4560 Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
4561
4562commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558
4563Author: djm@openbsd.org <djm@openbsd.org>
4564Date: Wed Apr 6 06:42:17 2016 +0000
4565
4566 upstream commit
4567
4568 don't record duplicate LocalForward and RemoteForward
4569 entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
4570 where the same forwards are added on the second pass through the
4571 configuration file. bz#2562; ok dtucker@
4572
4573 Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
4574
4575commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8
4576Author: krw@openbsd.org <krw@openbsd.org>
4577Date: Sat Apr 2 14:37:42 2016 +0000
4578
4579 upstream commit
4580
4581 Another use for fcntl() and thus of the superfluous 3rd
4582 parameter is when sanitising standard fd's before calling daemon().
4583
4584 Use a tweaked version of the ssh(1) function in all three places
4585 found using fcntl() this way.
4586
4587 ok jca@ beck@
4588
4589 Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
4590
4591commit b3413534aa9d71a941005df2760d1eec2c2b0854
4592Author: Darren Tucker <dtucker@zip.com.au>
4593Date: Mon Apr 4 11:09:21 2016 +1000
4594
4595 Tidy up openssl header test.
4596
4597commit 815bcac0b94bb448de5acdd6ba925b8725240b4f
4598Author: Darren Tucker <dtucker@zip.com.au>
4599Date: Mon Apr 4 11:07:59 2016 +1000
4600
4601 Fix configure-time warnings for openssl test.
4602
4603commit 95687f5831ae680f7959446d8ae4b52452ee05dd
4604Author: djm@openbsd.org <djm@openbsd.org>
4605Date: Fri Apr 1 02:34:10 2016 +0000
4606
4607 upstream commit
4608
4609 whitespace at EOL
4610
4611 Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
4612
4613commit fdfbf4580de09d84a974211715e14f88a5704b8e
4614Author: dtucker@openbsd.org <dtucker@openbsd.org>
4615Date: Thu Mar 31 05:24:06 2016 +0000
4616
4617 upstream commit
4618
4619 Remove fallback from moduli to "primes" file that was
4620 deprecated in 2001 and fix log messages referring to primes file. Based on
4621 patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@
4622
4623 Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
4624
4625commit 0235a5fa67fcac51adb564cba69011a535f86f6b
4626Author: djm@openbsd.org <djm@openbsd.org>
4627Date: Thu Mar 17 17:19:43 2016 +0000
4628
4629 upstream commit
4630
4631 UseDNS affects ssh hostname processing in authorized_keys,
4632 not known_hosts; bz#2554 reported by jjelen AT redhat.com
4633
4634 Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
4635
4636commit 8c4739338f5e379d05b19d6e544540114965f07e
4637Author: Darren Tucker <dtucker@zip.com.au>
4638Date: Tue Mar 15 09:24:43 2016 +1100
4639
4640 Don't call Solaris setproject() with UsePAM=yes.
4641
4642 When Solaris Projects are enabled along with PAM setting the project
4643 is PAM's responsiblity. bz#2425, based on patch from
4644 brent.paulson at gmail.com.
4645
4646commit cff26f373c58457a32cb263e212cfff53fca987b
4647Author: Damien Miller <djm@mindrot.org>
4648Date: Tue Mar 15 04:30:21 2016 +1100
4649
4650 remove slogin from *.spec
4651
4652commit c38905ba391434834da86abfc988a2b8b9b62477
4653Author: djm@openbsd.org <djm@openbsd.org>
4654Date: Mon Mar 14 16:20:54 2016 +0000
4655
4656 upstream commit
4657
4658 unbreak authentication using lone certificate keys in
4659 ssh-agent: when attempting pubkey auth with a certificate, if no separate
4660 private key is found among the keys then try with the certificate key itself.
4661
4662 bz#2550 reported by Peter Moody
4663
4664 Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
4665
4666commit 4b4bfb01cd40b9ddb948e6026ddd287cc303d871
4667Author: djm@openbsd.org <djm@openbsd.org>
4668Date: Thu Mar 10 11:47:57 2016 +0000
4669
4670 upstream commit
4671
4672 sanitise characters destined for xauth reported by
4673 github.com/tintinweb feedback and ok deraadt and markus
4674
4675 Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
4676
4677commit 732b463d37221722b1206f43aa59563766a6a968
4678Author: Darren Tucker <dtucker@zip.com.au>
4679Date: Mon Mar 14 16:04:23 2016 +1100
4680
4681 Pass supported malloc options to connect-privsep.
4682
4683 This allows us to activate only the supported options during the malloc
4684 option portion of the connect-privsep test.
4685
4686commit d29c5b9b3e9f27394ca97a364ed4bb4a55a59744
4687Author: Darren Tucker <dtucker@zip.com.au>
4688Date: Mon Mar 14 09:30:58 2016 +1100
4689
4690 Remove leftover roaming.h file.
4691
4692 Pointed out by des at des.no.
4693
4694commit 8ff20ec95f4377021ed5e9b2331320f5c5a34cea
4695Author: Darren Tucker <dtucker@zip.com.au>
4696Date: Mon Mar 14 09:24:03 2016 +1100
4697
4698 Quote variables that may contain whitespace.
4699
4700 The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to
4701 survive paths containing whitespace. bz#2551, from Corinna Vinschen via
4702 Philip Hands.
4703
4704commit 627824480c01f0b24541842c7206ab9009644d02
4705Author: Darren Tucker <dtucker@zip.com.au>
4706Date: Fri Mar 11 14:47:41 2016 +1100
4707
4708 Include priv.h for priv_set_t.
4709
4710 From alex at cooperi.net.
4711
4712commit e960051f9a264f682c4d2fefbeecffcfc66b0ddf
4713Author: Darren Tucker <dtucker@zip.com.au>
4714Date: Wed Mar 9 13:14:18 2016 +1100
4715
4716 Wrap stdint.h inside #ifdef HAVE_STDINT_H.
4717
4718commit 2c48bd344d2c4b5e08dae9aea5ff44fc19a5e363
4719Author: Darren Tucker <dtucker@zip.com.au>
4720Date: Wed Mar 9 12:46:50 2016 +1100
4721
4722 Add compat to monotime_double().
4723
4724 Apply all of the portability changes in monotime() to monotime() double.
4725 Fixes build on at least older FreeBSD systems.
4726
4727commit 7b40ef6c2eef40c339f6ea8920cb8a44838e10c9
4728Author: Damien Miller <djm@mindrot.org>
4729Date: Tue Mar 8 14:12:58 2016 -0800
4730
4731 make a regress-binaries target
4732
4733 Easier to build all the regression/unit test binaries in one pass
4734 than going through all of ${REGRESS_BINARIES}
4735
4736commit c425494d6b6181beb54a1b3763ef9e944fd3c214
4737Author: Damien Miller <djm@mindrot.org>
4738Date: Tue Mar 8 14:03:54 2016 -0800
4739
4740 unbreak kexfuzz for -Werror without __bounded__
4741
4742commit 3ed9218c336607846563daea5d5ab4f701f4e042
4743Author: Damien Miller <djm@mindrot.org>
4744Date: Tue Mar 8 14:01:29 2016 -0800
4745
4746 unbreak PAM after canohost refactor
4747
4748commit 885fb2a44ff694f01e4f6470f803629e11f62961
4749Author: Darren Tucker <dtucker@zip.com.au>
4750Date: Tue Mar 8 11:58:43 2016 +1100
4751
4752 auth_get_canonical_hostname in portable code.
4753
4754 "refactor canohost.c" replaced get_canonical_hostname, this makes the
4755 same change to some portable-specific code.
4756
4757commit 95767262caa6692eff1e1565be1f5cb297949a89
4758Author: djm@openbsd.org <djm@openbsd.org>
4759Date: Mon Mar 7 19:02:43 2016 +0000
4760
4761 upstream commit
4762
4763 refactor canohost.c: move functions that cache results closer
4764 to the places that use them (authn and session code). After this, no state is
4765 cached in canohost.c
4766
4767 feedback and ok markus@
4768
4769 Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
4770
4771commit af0bb38ffd1f2c4f9f43b0029be2efe922815255
4772Author: Damien Miller <djm@mindrot.org>
4773Date: Fri Mar 4 15:11:55 2016 +1100
4774
4775 hook unittests/misc/kexfuzz into build
4776
4777commit 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248
4778Author: dtucker@openbsd.org <dtucker@openbsd.org>
4779Date: Fri Mar 4 02:48:06 2016 +0000
4780
4781 upstream commit
4782
4783 Filter debug messages out of log before picking the last
4784 two lines. Should prevent problems if any more debug output is added late in
4785 the connection.
4786
4787 Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
4788
4789commit 0892edaa3ce623381d3a7635544cbc69b31cf9cb
4790Author: djm@openbsd.org <djm@openbsd.org>
4791Date: Fri Mar 4 02:30:36 2016 +0000
4792
4793 upstream commit
4794
4795 add KEX fuzzer harness; ok deraadt@
4796
4797 Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1
4798
4799commit ae2562c47d41b68dbb00240fd6dd60bed205367a
4800Author: dtucker@openbsd.org <dtucker@openbsd.org>
4801Date: Thu Mar 3 00:46:53 2016 +0000
4802
4803 upstream commit
4804
4805 Look back 3 lines for possible error messages. Changes
4806 to the code mean that "Bad packet length" errors are 3 lines back instead of
4807 the previous two, which meant we didn't skip some offsets that we intended
4808 to.
4809
4810 Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
4811
4812commit 988e429d903acfb298bfddfd75e7994327adfed0
4813Author: djm@openbsd.org <djm@openbsd.org>
4814Date: Fri Mar 4 03:35:44 2016 +0000
4815
4816 upstream commit
4817
4818 fix ClientAliveInterval when a time-based RekeyLimit is
4819 set; previously keepalive packets were not being sent. bz#2252 report and
4820 analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@
4821
4822 Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
4823
4824commit 8ef04d7a94bcdb8b0085fdd2a79a844b7d40792d
4825Author: dtucker@openbsd.org <dtucker@openbsd.org>
4826Date: Wed Mar 2 22:43:52 2016 +0000
4827
4828 upstream commit
4829
4830 Improve accuracy of reported transfer speeds by waiting
4831 for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
4832
4833 Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
4834
4835commit b8d4eafe29684fe4f5bb587f7eab948e6ed62723
4836Author: dtucker@openbsd.org <dtucker@openbsd.org>
4837Date: Wed Mar 2 22:42:40 2016 +0000
4838
4839 upstream commit
4840
4841 Improve precision of progressmeter for sftp and scp by
4842 storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@
4843
4844 Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
4845
4846commit 18f64b969c70ed00e74b9d8e50359dbe698ce4c0
4847Author: jca@openbsd.org <jca@openbsd.org>
4848Date: Mon Feb 29 20:22:36 2016 +0000
4849
4850 upstream commit
4851
4852 Print ssize_t with %zd; ok deraadt@ mmcc@
4853
4854 Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd
4855
4856commit 6e7f68ce38130c794ec1fb8d2a6091fbe982628d
4857Author: djm@openbsd.org <djm@openbsd.org>
4858Date: Sun Feb 28 22:27:00 2016 +0000
4859
4860 upstream commit
4861
4862 rearrange DH public value tests to be a little more clear
4863
4864 rearrange DH private value generation to explain rationale more
4865 clearly and include an extra sanity check.
4866
4867 ok deraadt
4868
4869 Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
4870
4871commit 2ed17aa34008bdfc8db674315adc425a0712be11
4872Author: Darren Tucker <dtucker@zip.com.au>
4873Date: Tue Mar 1 15:24:20 2016 +1100
4874
4875 Import updated moduli file from OpenBSD.
4876
4877 Note that 1.5k bit groups have been removed.
4878
4879commit 72b061d4ba0f909501c595d709ea76e06b01e5c9
4880Author: Darren Tucker <dtucker@zip.com.au>
4881Date: Fri Feb 26 14:40:04 2016 +1100
4882
4883 Add a note about using xlc on AIX.
4884
4885commit fd4e4f2416baa2e6565ea49d52aade296bad3e28
4886Author: Darren Tucker <dtucker@zip.com.au>
4887Date: Wed Feb 24 10:44:25 2016 +1100
4888
4889 Skip PrintLastLog in config dump mode.
4890
4891 When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the
4892 config dump since it'll be reported as UNKNOWN.
4893
4894commit 99135c764fa250801da5ec3b8d06cbd0111caae8
4895Author: Damien Miller <djm@mindrot.org>
4896Date: Tue Feb 23 20:17:23 2016 +1100
4897
4898 update spec/README versions ahead of release
4899
4900commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5
4901Author: Damien Miller <djm@mindrot.org>
4902Date: Tue Feb 23 20:16:53 2016 +1100
4903
4904 put back portable patchlevel to p1
4905
4906commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f
4907Author: djm@openbsd.org <djm@openbsd.org>
4908Date: Tue Feb 23 09:14:34 2016 +0000
4909
4910 upstream commit
4911
4912 openssh-7.2
4913
4914 Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78
4915
4916commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf
4917Author: Damien Miller <djm@mindrot.org>
4918Date: Tue Feb 23 16:12:13 2016 +1100
4919
4920 Disable tests where fs perms are incorrect
4921
4922 Some tests have strict requirements on the filesystem permissions
4923 for certain files and directories. This adds a regress/check-perm
4924 tool that copies the relevant logic from sshd to exactly test
4925 the paths in question. This lets us skip tests when the local
4926 filesystem doesn't conform to our expectations rather than
4927 continuing and failing the test run.
4928
4929 ok dtucker@
4930
4931commit 39f303b1f36d934d8410b05625f25c7bcb75db4d
4932Author: Damien Miller <djm@mindrot.org>
4933Date: Tue Feb 23 12:56:59 2016 +1100
4934
4935 fix sandbox on OSX Lion
4936
4937 sshd was failing with:
4938
4939 ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw
4940 image not found [preauth]
4941
4942 caused by chroot before sandboxing. Avoid by explicitly linking libsandbox
4943 to sshd. Spotted by Darren.
4944
4945commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4
4946Author: djm@openbsd.org <djm@openbsd.org>
4947Date: Tue Feb 23 01:34:14 2016 +0000
4948
4949 upstream commit
4950
4951 fix spurious error message when incorrect passphrase
4952 entered for keys; reported by espie@ ok deraadt@
4953
4954 Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
4955
4956commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc
4957Author: sobrado@openbsd.org <sobrado@openbsd.org>
4958Date: Sat Feb 20 23:06:23 2016 +0000
4959
4960 upstream commit
4961
4962 set ssh(1) protocol version to 2 only.
4963
4964 ok djm@
4965
4966 Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10
4967
4968commit 9262e07826ba5eebf8423f7ac9e47ec488c47869
4969Author: sobrado@openbsd.org <sobrado@openbsd.org>
4970Date: Sat Feb 20 23:02:39 2016 +0000
4971
4972 upstream commit
4973
4974 add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to
4975 IdentityFile.
4976
4977 ok djm@
4978
4979 Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf
4980
4981commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5
4982Author: sobrado@openbsd.org <sobrado@openbsd.org>
4983Date: Sat Feb 20 23:01:46 2016 +0000
4984
4985 upstream commit
4986
4987 AddressFamily defaults to any.
4988
4989 ok djm@
4990
4991 Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c
4992
4993commit 907091acb188b1057d50c2158f74c3ecf1c2302b
4994Author: Darren Tucker <dtucker@zip.com.au>
4995Date: Fri Feb 19 09:05:39 2016 +1100
4996
4997 Make Solaris privs code build on older systems.
4998
4999 Not all systems with Solaris privs have priv_basicset so factor that
5000 out and provide backward compatibility code. Similarly, not all have
5001 PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from
5002 alex at cooperi.net and djm@ with help from carson at taltos.org and
5003 wieland at purdue.edu.
5004
5005commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59
5006Author: djm@openbsd.org <djm@openbsd.org>
5007Date: Wed Feb 17 22:20:14 2016 +0000
5008
5009 upstream commit
5010
5011 rekey refactor broke SSH1; spotted by Tom G. Christensen
5012
5013 Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243
5014
5015commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca
5016Author: djm@openbsd.org <djm@openbsd.org>
5017Date: Wed Feb 17 08:57:34 2016 +0000
5018
5019 upstream commit
5020
5021 rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly
5022 in *KeyTypes options yet. Remove them from the lists of algorithms for now.
5023 committing on behalf of markus@ ok djm@
5024
5025 Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
5026
5027commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b
5028Author: jmc@openbsd.org <jmc@openbsd.org>
5029Date: Wed Feb 17 07:38:19 2016 +0000
5030
5031 upstream commit
5032
5033 since these pages now clearly tell folks to avoid v1,
5034 normalise the docs from a v2 perspective (i.e. stop pointing out which bits
5035 are v2 only);
5036
5037 ok/tweaks djm ok markus
5038
5039 Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
5040
5041commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d
5042Author: djm@openbsd.org <djm@openbsd.org>
5043Date: Wed Feb 17 05:29:04 2016 +0000
5044
5045 upstream commit
5046
5047 make sandboxed privilege separation the default, not just
5048 for new installs; "absolutely" deraadt@
5049
5050 Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b
5051
5052commit eb3f7337a651aa01d5dec019025e6cdc124ed081
5053Author: jmc@openbsd.org <jmc@openbsd.org>
5054Date: Tue Feb 16 07:47:54 2016 +0000
5055
5056 upstream commit
5057
5058 no need to state that protocol 2 is the default twice;
5059
5060 Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb
5061
5062commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005
5063Author: djm@openbsd.org <djm@openbsd.org>
5064Date: Tue Feb 16 05:11:04 2016 +0000
5065
5066 upstream commit
5067
5068 Replace list of ciphers and MACs adjacent to -1/-2 flag
5069 descriptions in ssh(1) with a strong recommendation not to use protocol 1.
5070 Add a similar warning to the Protocol option descriptions in ssh_config(5)
5071 and sshd_config(5);
5072
5073 prompted by and ok mmcc@
5074
5075 Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
5076
5077commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2
5078Author: djm@openbsd.org <djm@openbsd.org>
5079Date: Tue Feb 16 03:37:48 2016 +0000
5080
5081 upstream commit
5082
5083 add a "Close session" log entry (at loglevel=verbose) to
5084 correspond to the existing "Starting session" one. Also include the session
5085 id number to make multiplexed sessions more apparent.
5086
5087 feedback and ok dtucker@
5088
5089 Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c
5090
5091commit 624fd395b559820705171f460dd33d67743d13d6
5092Author: djm@openbsd.org <djm@openbsd.org>
5093Date: Wed Feb 17 02:24:17 2016 +0000
5094
5095 upstream commit
5096
5097 include bad $SSH_CONNECTION in failure output
5098
5099 Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529
5100
5101commit 60d860e54b4f199e5e89963b1c086981309753cb
5102Author: Darren Tucker <dtucker@zip.com.au>
5103Date: Wed Feb 17 13:37:09 2016 +1100
5104
5105 Rollback addition of va_start.
5106
5107 va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however
5108 it has the wrong number of args and it's not usable in non-variadic
5109 functions anyway so it breaks things (for example Solaris 2.6 as
5110 reported by Tom G. Christensen).i ok djm@
5111
5112commit 2fee909c3cee2472a98b26eb82696297b81e0d38
5113Author: Darren Tucker <dtucker@zip.com.au>
5114Date: Wed Feb 17 09:48:15 2016 +1100
5115
5116 Look for gethostbyname in libresolv and libnsl.
5117
5118 Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
5119
5120commit 5ac712d81a84396aab441a272ec429af5b738302
5121Author: Damien Miller <djm@mindrot.org>
5122Date: Tue Feb 16 10:45:02 2016 +1100
5123
5124 make existing ssh_malloc_init only for __OpenBSD__
5125
5126commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec
5127Author: djm@openbsd.org <djm@openbsd.org>
5128Date: Mon Feb 15 23:32:37 2016 +0000
5129
5130 upstream commit
5131
5132 memleak of algorithm name in mm_answer_sign; reported by
5133 Jakub Jelen
5134
5135 Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08
5136
5137commit ffb1e7e896139a42ceb78676f637658f44612411
5138Author: dtucker@openbsd.org <dtucker@openbsd.org>
5139Date: Mon Feb 15 09:47:49 2016 +0000
5140
5141 upstream commit
5142
5143 Add a function to enable security-related malloc_options.
5144 With and ok deraadt@, something similar has been in the snaps for a while.
5145
5146 Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
5147
5148commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c
5149Author: Damien Miller <djm@mindrot.org>
5150Date: Tue Feb 16 10:34:39 2016 +1100
5151
5152 sync ssh-copy-id with upstream 783ef08b0a75
5153
5154commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd
5155Author: djm@openbsd.org <djm@openbsd.org>
5156Date: Fri Feb 12 00:20:30 2016 +0000
5157
5158 upstream commit
5159
5160 avoid fatal() for PKCS11 tokens that present empty key IDs
5161 bz#1773, ok markus@
5162
5163 Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
5164
5165commit e4c918a6c721410792b287c9fd21356a1bed5805
5166Author: djm@openbsd.org <djm@openbsd.org>
5167Date: Thu Feb 11 02:56:32 2016 +0000
5168
5169 upstream commit
5170
5171 sync crypto algorithm lists in ssh_config(5) and
5172 sshd_config(5) with current reality. bz#2527
5173
5174 Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6
5175
5176commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517
5177Author: djm@openbsd.org <djm@openbsd.org>
5178Date: Thu Feb 11 02:21:34 2016 +0000
5179
5180 upstream commit
5181
5182 fix regression in openssh-6.8 sftp client: existing
5183 destination directories would incorrectly terminate recursive uploads;
5184 bz#2528
5185
5186 Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18
5187
5188commit 714e367226ded4dc3897078be48b961637350b05
5189Author: djm@openbsd.org <djm@openbsd.org>
5190Date: Tue Feb 9 05:30:04 2016 +0000
5191
5192 upstream commit
5193
5194 turn off more old crypto in the client: hmac-md5, ripemd,
5195 truncated HMACs, RC4, blowfish. ok markus@ dtucker@
5196
5197 Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e
5198
5199commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3
5200Author: djm@openbsd.org <djm@openbsd.org>
5201Date: Mon Feb 8 23:40:12 2016 +0000
5202
5203 upstream commit
5204
5205 don't attempt to percent_expand() already-canonicalised
5206 addresses, avoiding unnecessary failures when attempting to connect to scoped
5207 IPv6 addresses (that naturally contain '%' characters)
5208
5209 Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
5210
5211commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a
5212Author: djm@openbsd.org <djm@openbsd.org>
5213Date: Mon Feb 8 10:57:07 2016 +0000
5214
5215 upstream commit
5216
5217 refactor activation of rekeying
5218
5219 This makes automatic rekeying internal to the packet code (previously
5220 the server and client loops needed to assist). In doing to it makes
5221 application of rekey limits more accurate by accounting for packets
5222 about to be sent as well as packets queued during rekeying events
5223 themselves.
5224
5225 Based on a patch from dtucker@ which was in turn based on a patch
5226 Aleksander Adamowski in bz#2521; ok markus@
5227
5228 Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
5229
5230commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d
5231Author: naddy@openbsd.org <naddy@openbsd.org>
5232Date: Fri Feb 5 13:28:19 2016 +0000
5233
5234 upstream commit
5235
5236 Only check errno if read() has returned an error. EOF is
5237 not an error. This fixes a problem where the mux master would sporadically
5238 fail to notice that the client had exited. ok mikeb@ djm@
5239
5240 Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53
5241
5242commit 56d7dac790693ce420d225119283bc355cff9185
5243Author: jsg@openbsd.org <jsg@openbsd.org>
5244Date: Fri Feb 5 04:31:21 2016 +0000
5245
5246 upstream commit
5247
5248 avoid an uninitialised value when NumberOfPasswordPrompts
5249 is 0 ok markus@ djm@
5250
5251 Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b
5252
5253commit deae7d52d59c5019c528f977360d87fdda15d20b
5254Author: djm@openbsd.org <djm@openbsd.org>
5255Date: Fri Feb 5 03:07:06 2016 +0000
5256
5257 upstream commit
5258
5259 mention internal DH-GEX fallback groups; bz#2302
5260
5261 Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e
5262
5263commit cac3b6665f884d46192c0dc98a64112e8b11a766
5264Author: djm@openbsd.org <djm@openbsd.org>
5265Date: Fri Feb 5 02:37:56 2016 +0000
5266
5267 upstream commit
5268
5269 better description for MaxSessions; bz#2531
5270
5271 Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da
5272
5273commit 5ef4b0fdcc7a239577a754829b50022b91ab4712
5274Author: Damien Miller <djm@mindrot.org>
5275Date: Wed Jan 27 17:45:56 2016 +1100
5276
5277 avoid FreeBSD RCS Id in comment
5278
5279 Change old $FreeBSD version string in comment so it doesn't
5280 become an RCS ident downstream; requested by des AT des.no
5281
5282commit 696d12683c90d20a0a9c5f4275fc916b7011fb04
5283Author: djm@openbsd.org <djm@openbsd.org>
5284Date: Thu Feb 4 23:43:48 2016 +0000
5285
5286 upstream commit
5287
5288 printf argument casts to avoid warnings on strict
5289 compilers
5290
5291 Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c
5292
5293commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a
5294Author: millert@openbsd.org <millert@openbsd.org>
5295Date: Mon Feb 1 21:18:17 2016 +0000
5296
5297 upstream commit
5298
5299 Avoid ugly "DISPLAY "(null)" invalid; disabling X11
5300 forwarding" message when DISPLAY is not set. This could also result in a
5301 crash on systems with a printf that doesn't handle NULL. OK djm@
5302
5303 Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
5304
5305commit 537f88ec7bcf40bd444ac5584c707c5588c55c43
5306Author: dtucker@openbsd.org <dtucker@openbsd.org>
5307Date: Fri Jan 29 05:18:15 2016 +0000
5308
5309 upstream commit
5310
5311 Add regression test for RekeyLimit parsing of >32bit values
5312 (4G and 8G).
5313
5314 Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328
5315
5316commit 4c6cb8330460f94e6c7ae28a364236d4188156a3
5317Author: dtucker@openbsd.org <dtucker@openbsd.org>
5318Date: Fri Jan 29 23:04:46 2016 +0000
5319
5320 upstream commit
5321
5322 Remove leftover roaming dead code. ok djm markus.
5323
5324 Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be
5325
5326commit 28136471809806d6246ef41e4341467a39fe2f91
5327Author: djm@openbsd.org <djm@openbsd.org>
5328Date: Fri Jan 29 05:46:01 2016 +0000
5329
5330 upstream commit
5331
5332 include packet type of non-data packets in debug3 output;
5333 ok markus dtucker
5334
5335 Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41
5336
5337commit 6fd6e28daccafaa35f02741036abe64534c361a1
5338Author: dtucker@openbsd.org <dtucker@openbsd.org>
5339Date: Fri Jan 29 03:31:03 2016 +0000
5340
5341 upstream commit
5342
5343 Revert "account for packets buffered but not yet
5344 processed" change as it breaks for very small RekeyLimit values due to
5345 continuous rekeying. ok djm@
5346
5347 Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19
5348
5349commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb
5350Author: dtucker@openbsd.org <dtucker@openbsd.org>
5351Date: Fri Jan 29 02:54:45 2016 +0000
5352
5353 upstream commit
5354
5355 Allow RekeyLimits in excess of 4G up to 2**63 bits
5356 (limited by the return type of scan_scaled). Part of bz#2521, ok djm.
5357
5358 Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
5359
5360commit c0060a65296f01d4634f274eee184c0e93ba0f23
5361Author: dtucker@openbsd.org <dtucker@openbsd.org>
5362Date: Fri Jan 29 02:42:46 2016 +0000
5363
5364 upstream commit
5365
5366 Account for packets buffered but not yet processed when
5367 computing whether or not it is time to perform rekeying. bz#2521, based
5368 loosely on a patch from olo at fb.com, ok djm@
5369
5370 Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c
5371
5372commit 44cf930e670488c85c9efeb373fa5f4b455692ac
5373Author: djm@openbsd.org <djm@openbsd.org>
5374Date: Wed Jan 27 06:44:58 2016 +0000
5375
5376 upstream commit
5377
5378 change old $FreeBSD version string in comment so it doesn't
5379 become an RCS ident downstream; requested by des AT des.no
5380
5381 Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722
5382
5383commit ebacd377769ac07d1bf3c75169644336056b7060
5384Author: djm@openbsd.org <djm@openbsd.org>
5385Date: Wed Jan 27 00:53:12 2016 +0000
5386
5387 upstream commit
5388
5389 make the debug messages a bit more useful here
5390
5391 Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64
5392
5393commit 458abc2934e82034c5c281336d8dc0f910aecad3
5394Author: jsg@openbsd.org <jsg@openbsd.org>
5395Date: Sat Jan 23 05:31:35 2016 +0000
5396
5397 upstream commit
5398
5399 Zero a stack buffer with explicit_bzero() instead of
5400 memset() when returning from client_loop() for consistency with
5401 buffer_free()/sshbuf_free().
5402
5403 ok dtucker@ deraadt@ djm@
5404
5405 Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66
5406
5407commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0
5408Author: dtucker@openbsd.org <dtucker@openbsd.org>
5409Date: Wed Jan 20 09:22:39 2016 +0000
5410
5411 upstream commit
5412
5413 Include sys/time.h for gettimeofday. From sortie at
5414 maxsi.org.
5415
5416 Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b
5417
5418commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a
5419Author: markus@openbsd.org <markus@openbsd.org>
5420Date: Thu Jan 14 22:56:56 2016 +0000
5421
5422 upstream commit
5423
5424 fd leaks; report Qualys Security Advisory team; ok
5425 deraadt@
5426
5427 Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
5428
5429commit a306863831c57ec5fad918687cc5d289ee8e2635
5430Author: markus@openbsd.org <markus@openbsd.org>
5431Date: Thu Jan 14 16:17:39 2016 +0000
5432
5433 upstream commit
5434
5435 remove roaming support; ok djm@
5436
5437 Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
5438
5439commit 6ef49e83e30688504552ac10875feabd5521565f
5440Author: deraadt@openbsd.org <deraadt@openbsd.org>
5441Date: Thu Jan 14 14:34:34 2016 +0000
5442
5443 upstream commit
5444
5445 Disable experimental client-side roaming support. Server
5446 side was disabled/gutted for years already, but this aspect was surprisingly
5447 forgotten. Thanks for report from Qualys
5448
5449 Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
5450
5451commit 8d7b523b96d3be180572d9d338cedaafc0570f60
5452Author: Damien Miller <djm@mindrot.org>
5453Date: Thu Jan 14 11:08:19 2016 +1100
5454
5455 bump version numbers
5456
5457commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca
5458Author: Damien Miller <djm@mindrot.org>
5459Date: Thu Jan 14 11:04:04 2016 +1100
5460
5461 openssh-7.1p2
5462
5463commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5
5464Author: Damien Miller <djm@mindrot.org>
5465Date: Fri Jan 15 01:30:36 2016 +1100
5466
5467 forcibly disable roaming support in the client
5468
5469commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
5470Author: djm@openbsd.org <djm@openbsd.org>
5471Date: Wed Jan 13 23:04:47 2016 +0000
5472
5473 upstream commit
5474
5475 eliminate fallback from untrusted X11 forwarding to trusted
5476 forwarding when the X server disables the SECURITY extension; Reported by
5477 Thomas Hoger; ok deraadt@
5478
5479 Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
5480
5481commit 9a728cc918fad67c8a9a71201088b1e150340ba4
5482Author: djm@openbsd.org <djm@openbsd.org>
5483Date: Tue Jan 12 23:42:54 2016 +0000
5484
5485 upstream commit
5486
5487 use explicit_bzero() more liberally in the buffer code; ok
5488 deraadt
5489
5490 Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
5491
5492commit 4626cbaf78767fc8e9c86dd04785386c59ae0839
5493Author: Damien Miller <djm@mindrot.org>
5494Date: Fri Jan 8 14:24:56 2016 +1100
5495
5496 Support Illumos/Solaris fine-grained privileges
5497
5498 Includes a pre-auth privsep sandbox and several pledge()
5499 emulations. bz#2511, patch by Alex Wilson.
5500
5501 ok dtucker@
5502
5503commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d
5504Author: djm@openbsd.org <djm@openbsd.org>
5505Date: Thu Dec 31 00:33:52 2015 +0000
5506
5507 upstream commit
5508
5509 fix three bugs in KRL code related to (unused) signature
5510 support: verification length was being incorrectly calculated, multiple
5511 signatures were being incorrectly processed and a NULL dereference that
5512 occurred when signatures were verified. Reported by Carl Jackson
5513
5514 Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b
5515
5516commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a
5517Author: djm@openbsd.org <djm@openbsd.org>
5518Date: Wed Dec 30 23:46:14 2015 +0000
5519
5520 upstream commit
5521
5522 unused prototype
5523
5524 Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97
5525
5526commit 6213f0e180e54122bb1ba928e11c784e2b4e5380
5527Author: guenther@openbsd.org <guenther@openbsd.org>
5528Date: Sat Dec 26 20:51:35 2015 +0000
5529
5530 upstream commit
5531
5532 Use pread/pwrite instead separate lseek+read/write for
5533 lastlog. Cast to off_t before multiplication to avoid truncation on ILP32
5534
5535 ok kettenis@ mmcc@
5536
5537 Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf
5538
5539commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f
5540Author: semarie@openbsd.org <semarie@openbsd.org>
5541Date: Sat Dec 26 07:46:03 2015 +0000
5542
5543 upstream commit
5544
5545 adjust pledge promises for ControlMaster: when using
5546 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.
5547
5548 problem found by halex@
5549
5550 ok halex@
5551
5552 Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
5553
5554commit 271df8185d9689b3fb0523f58514481b858f6843
5555Author: djm@openbsd.org <djm@openbsd.org>
5556Date: Sun Dec 13 22:42:23 2015 +0000
5557
5558 upstream commit
5559
5560 unbreak connections with peers that set
5561 first_kex_follows; fix from Matt Johnston va bz#2515
5562
5563 Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
5564
5565commit 43849a47c5f8687699eafbcb5604f6b9c395179f
5566Author: doug@openbsd.org <doug@openbsd.org>
5567Date: Fri Dec 11 17:41:37 2015 +0000
5568
5569 upstream commit
5570
5571 Add "id" to ssh-agent pledge for subprocess support.
5572
5573 Found the hard way by Jan Johansson when using ssh-agent with X. Also,
5574 rearranged proc/exec and retval to match other pledge calls in the tree.
5575
5576 ok djm@
5577
5578 Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
5579
5580commit 52d7078421844b2f88329f5be3de370b0a938636
5581Author: mmcc@openbsd.org <mmcc@openbsd.org>
5582Date: Fri Dec 11 04:21:11 2015 +0000
5583
5584 upstream commit
5585
5586 Remove NULL-checks before sshbuf_free().
5587
5588 ok djm@
5589
5590 Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
5591
5592commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7
5593Author: djm@openbsd.org <djm@openbsd.org>
5594Date: Fri Dec 11 03:24:25 2015 +0000
5595
5596 upstream commit
5597
5598 include remote port number in a few more messages; makes
5599 tying log messages together into a session a bit easier; bz#2503 ok dtucker@
5600
5601 Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e
5602
5603commit 6091c362e89079397e68744ae30df121b0a72c07
5604Author: djm@openbsd.org <djm@openbsd.org>
5605Date: Fri Dec 11 03:20:09 2015 +0000
5606
5607 upstream commit
5608
5609 don't try to load SSHv1 private key when compiled without
5610 SSHv1 support. From Iain Morgan bz#2505
5611
5612 Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7
5613
5614commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352
5615Author: djm@openbsd.org <djm@openbsd.org>
5616Date: Fri Dec 11 03:19:09 2015 +0000
5617
5618 upstream commit
5619
5620 use SSH_MAX_PUBKEY_BYTES consistently as buffer size when
5621 reading key files. Increase it to match the size of the buffers already being
5622 used.
5623
5624 Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
5625
5626commit 89540b6de025b80404a0cb8418c06377f3f98848
5627Author: mmcc@openbsd.org <mmcc@openbsd.org>
5628Date: Fri Dec 11 02:31:47 2015 +0000
5629
5630 upstream commit
5631
5632 Remove NULL-checks before sshkey_free().
5633
5634 ok djm@
5635
5636 Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
5637
5638commit 79394ed6d74572c2d2643d73937dad33727fc240
5639Author: dtucker@openbsd.org <dtucker@openbsd.org>
5640Date: Fri Dec 11 02:29:03 2015 +0000
5641
5642 upstream commit
5643
5644 fflush stdout so that output is seen even when running in
5645 debug mode when output may otherwise not be flushed. Patch from dustin at
5646 null-ptr.net.
5647
5648 Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
5649
5650commit ee607cccb6636eb543282ba90e0677b0604d8b7a
5651Author: Darren Tucker <dtucker@zip.com.au>
5652Date: Tue Dec 15 15:23:49 2015 +1100
5653
5654 Increase robustness of redhat/openssh.spec
5655
5656 - remove configure --with-rsh, because this option isn't supported anymore
5657 - replace last occurrence of BuildPreReq by BuildRequires
5658 - update grep statement to query the krb5 include directory
5659
5660 Patch from CarstenGrohmann via github, ok djm.
5661
5662commit b5fa0cd73555b991a543145603658d7088ec6b60
5663Author: Darren Tucker <dtucker@zip.com.au>
5664Date: Tue Dec 15 15:10:32 2015 +1100
5665
5666 Allow --without-ssl-engine with --without-openssl
5667
5668 Patch from Mike Frysinger via github.
5669
5670commit c1d7e546f6029024f3257cc25c92f2bddf163125
5671Author: Darren Tucker <dtucker@zip.com.au>
5672Date: Tue Dec 15 14:27:09 2015 +1100
5673
5674 Include openssl crypto.h for SSLeay.
5675
5676 Patch from doughdemon via github.
5677
5678commit c6f5f01651526e88c00d988ce59d71f481ebac62
5679Author: Darren Tucker <dtucker@zip.com.au>
5680Date: Tue Dec 15 13:59:12 2015 +1100
5681
5682 Add sys/time.h for gettimeofday.
5683
5684 Should allow it it compile with MUSL libc. Based on patch from
5685 doughdemon via github.
5686
5687commit 39736be06c7498ef57d6970f2d85cf066ae57c82
5688Author: djm@openbsd.org <djm@openbsd.org>
5689Date: Fri Dec 11 02:20:28 2015 +0000
5690
5691 upstream commit
5692
5693 correct error messages; from Tomas Kuthan bz#2507
5694
5695 Upstream-ID: 7454a0affeab772398052954c79300aa82077093
5696
5697commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6
5698Author: mmcc@openbsd.org <mmcc@openbsd.org>
5699Date: Fri Dec 11 00:20:04 2015 +0000
5700
5701 upstream commit
5702
5703 Pass (char *)NULL rather than (char *)0 to execl and
5704 execlp.
5705
5706 ok dtucker@
5707
5708 Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492
5709
5710commit d59ce08811bf94111c2f442184cf7d1257ffae24
5711Author: mmcc@openbsd.org <mmcc@openbsd.org>
5712Date: Thu Dec 10 17:08:40 2015 +0000
5713
5714 upstream commit
5715
5716 Remove NULL-checks before free().
5717
5718 ok dtucker@
5719
5720 Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
5721
5722commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71
5723Author: mmcc@openbsd.org <mmcc@openbsd.org>
5724Date: Thu Dec 10 07:01:35 2015 +0000
5725
5726 upstream commit
5727
5728 Fix a couple "the the" typos. ok dtucker@
5729
5730 Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72
5731
5732commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e
5733Author: markus@openbsd.org <markus@openbsd.org>
5734Date: Mon Dec 7 20:04:09 2015 +0000
5735
5736 upstream commit
5737
5738 stricter encoding type checks for ssh-rsa; ok djm@
5739
5740 Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650
5741
5742commit d86a3ba7af160c13496102aed861ae48a4297072
5743Author: Damien Miller <djm@mindrot.org>
5744Date: Wed Dec 9 09:18:45 2015 +1100
5745
5746 Don't set IPV6_V6ONLY on OpenBSD
5747
5748 It isn't necessary and runs afoul of pledge(2) restrictions.
5749
5750commit da98c11d03d819a15429d8fff9688acd7505439f
5751Author: djm@openbsd.org <djm@openbsd.org>
5752Date: Mon Dec 7 02:20:46 2015 +0000
5753
5754 upstream commit
5755
5756 basic unit tests for rsa-sha2-* signature types
5757
5758 Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c
5759
5760commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0
5761Author: markus@openbsd.org <markus@openbsd.org>
5762Date: Sat Dec 5 20:53:21 2015 +0000
5763
5764 upstream commit
5765
5766 prefer rsa-sha2-512 over -256 for hostkeys, too; noticed
5767 by naddy@
5768
5769 Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe
5770
5771commit 8b56e59714d87181505e4678f0d6d39955caf10e
5772Author: tobias@openbsd.org <tobias@openbsd.org>
5773Date: Fri Dec 4 21:51:06 2015 +0000
5774
5775 upstream commit
5776
5777 Properly handle invalid %-format by calling fatal.
5778
5779 ok deraadt, djm
5780
5781 Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac
5782
5783commit 76c9fbbe35aabc1db977fb78e827644345e9442e
5784Author: markus@openbsd.org <markus@openbsd.org>
5785Date: Fri Dec 4 16:41:28 2015 +0000
5786
5787 upstream commit
5788
5789 implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
5790 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
5791 draft-ssh-ext-info-04.txt; with & ok djm@
5792
5793 Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
5794
5795commit 6064a8b8295cb5a17b5ebcfade53053377714f40
5796Author: djm@openbsd.org <djm@openbsd.org>
5797Date: Fri Dec 4 00:24:55 2015 +0000
5798
5799 upstream commit
5800
5801 clean up agent_fd handling; properly initialise it to -1
5802 and make tests consistent
5803
5804 ok markus@
5805
5806 Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707
5807
5808commit b91926a97620f3e51761c271ba57aa5db790f48d
5809Author: semarie@openbsd.org <semarie@openbsd.org>
5810Date: Thu Dec 3 17:00:18 2015 +0000
5811
5812 upstream commit
5813
5814 pledges ssh client: - mux client: which is used when
5815 ControlMaster is in use. will end with "stdio proc tty" (proc is to
5816 permit sending SIGWINCH to mux master on window resize)
5817
5818 - client loop: several levels of pledging depending of your used options
5819
5820 ok deraadt@
5821
5822 Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
5823
5824commit bcce47466bbc974636f588b5e4a9a18ae386f64a
5825Author: doug@openbsd.org <doug@openbsd.org>
5826Date: Wed Dec 2 08:30:50 2015 +0000
5827
5828 upstream commit
5829
5830 Add "cpath" to the ssh-agent pledge so the cleanup
5831 handler can unlink().
5832
5833 ok djm@
5834
5835 Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d
5836
5837commit a90d001543f46716b6590c6dcc681d5f5322f8cf
5838Author: djm@openbsd.org <djm@openbsd.org>
5839Date: Wed Dec 2 08:00:58 2015 +0000
5840
5841 upstream commit
5842
5843 ssh-agent pledge needs proc for askpass; spotted by todd@
5844
5845 Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a
5846
5847commit d952162b3c158a8f23220587bb6c8fcda75da551
5848Author: djm@openbsd.org <djm@openbsd.org>
5849Date: Tue Dec 1 23:29:24 2015 +0000
5850
5851 upstream commit
5852
5853 basic pledge() for ssh-agent, more refinement needed
5854
5855 Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
5856
5857commit f0191d7c8e76e30551084b79341886d9bb38e453
5858Author: Damien Miller <djm@mindrot.org>
5859Date: Mon Nov 30 10:53:25 2015 +1100
5860
5861 Revert "stub for pledge(2) for systems that lack it"
5862
5863 This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c.
5864
5865 dtucker beat me to it :/
5866
5867commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676
5868Author: Damien Miller <djm@mindrot.org>
5869Date: Mon Nov 30 10:37:03 2015 +1100
5870
5871 revert 7d4c7513: bring back S/Key prototypes
5872
5873 (but leave RCSID changes)
5874
5875commit 14c887c8393adde2d9fd437d498be30f8c98535c
5876Author: Damien Miller <djm@mindrot.org>
5877Date: Mon Nov 30 09:45:29 2015 +1100
5878
5879 stub for pledge(2) for systems that lack it
5880
5881commit 452c0b6af5d14c37553e30059bf74456012493f3
5882Author: djm@openbsd.org <djm@openbsd.org>
5883Date: Sun Nov 29 22:18:37 2015 +0000
5884
5885 upstream commit
5886
5887 pledge, better fatal() messages; feedback deraadt@
5888
5889 Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f
5890
5891commit 6da413c085dba37127687b2617a415602505729b
5892Author: deraadt@openbsd.org <deraadt@openbsd.org>
5893Date: Sat Nov 28 06:50:52 2015 +0000
5894
5895 upstream commit
5896
5897 do not leak temp file if there is no known_hosts file
5898 from craig leres, ok djm
5899
5900 Upstream-ID: c820497fd5574844c782e79405c55860f170e426
5901
5902commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16
5903Author: Darren Tucker <dtucker@zip.com.au>
5904Date: Mon Nov 30 07:23:53 2015 +1100
5905
5906 Add a null implementation of pledge.
5907
5908 Fixes builds on almost everything.
5909
5910commit b1d6b3971ef256a08692efc409fc9ada719111cc
5911Author: djm@openbsd.org <djm@openbsd.org>
5912Date: Sat Nov 28 06:41:03 2015 +0000
5913
5914 upstream commit
5915
5916 don't include port number in tcpip-forward replies for
5917 requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok
5918 markus
5919
5920 Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a
5921
5922commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65
5923Author: deraadt@openbsd.org <deraadt@openbsd.org>
5924Date: Fri Nov 27 00:49:31 2015 +0000
5925
5926 upstream commit
5927
5928 pledge "stdio rpath wpath cpath fattr tty proc exec"
5929 except for the -p option (which sadly has insane semantics...) ok semarie
5930 dtucker
5931
5932 Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
5933
5934commit 4d90625b229cf6b3551d81550a9861897509a65f
5935Author: halex@openbsd.org <halex@openbsd.org>
5936Date: Fri Nov 20 23:04:01 2015 +0000
5937
5938 upstream commit
5939
5940 allow comment change for all supported formats
5941
5942 ok djm@
5943
5944 Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
5945
5946commit 8ca915fc761519dd1f7766a550ec597a81db5646
5947Author: djm@openbsd.org <djm@openbsd.org>
5948Date: Fri Nov 20 01:45:29 2015 +0000
5949
5950 upstream commit
5951
5952 add cast to make -Werror clean
5953
5954 Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d
5955
5956commit ac9473580dcd401f8281305af98635cdaae9bf96
5957Author: Damien Miller <djm@mindrot.org>
5958Date: Fri Nov 20 12:35:41 2015 +1100
5959
5960 fix multiple authentication using S/Key w/ privsep
5961
5962 bz#2502, patch from Kevin Korb and feandil_
5963
5964commit 88b6fcdeb87a2fb76767854d9eb15006662dca57
5965Author: djm@openbsd.org <djm@openbsd.org>
5966Date: Thu Nov 19 08:23:27 2015 +0000
5967
5968 upstream commit
5969
5970 ban ConnectionAttempts=0, it makes no sense and would cause
5971 ssh_connect_direct() to print an uninitialised stack variable; bz#2500
5972 reported by dvw AT phas.ubc.ca
5973
5974 Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
5975
5976commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7
5977Author: djm@openbsd.org <djm@openbsd.org>
5978Date: Thu Nov 19 01:12:32 2015 +0000
5979
5980 upstream commit
5981
5982 trailing whitespace
5983
5984 Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
5985
5986commit f96516d052dbe38561f6b92b0e4365d8e24bb686
5987Author: djm@openbsd.org <djm@openbsd.org>
5988Date: Thu Nov 19 01:09:38 2015 +0000
5989
5990 upstream commit
5991
5992 print host certificate contents at debug level
5993
5994 Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d
5995
5996commit 499cf36fecd6040e30e2912dd25655bc574739a7
5997Author: djm@openbsd.org <djm@openbsd.org>
5998Date: Thu Nov 19 01:08:55 2015 +0000
5999
6000 upstream commit
6001
6002 move the certificate validity formatting code to
6003 sshkey.[ch]
6004
6005 Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
6006
6007commit bcb7bc77bbb1535d1008c7714085556f3065d99d
6008Author: djm@openbsd.org <djm@openbsd.org>
6009Date: Wed Nov 18 08:37:28 2015 +0000
6010
6011 upstream commit
6012
6013 fix "ssh-keygen -l" of private key, broken in support for
6014 multiple plain keys on stdin
6015
6016 Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
6017
6018commit 259adb6179e23195c8f6913635ea71040d1ccd63
6019Author: millert@openbsd.org <millert@openbsd.org>
6020Date: Mon Nov 16 23:47:52 2015 +0000
6021
6022 upstream commit
6023
6024 Replace remaining calls to index(3) with strchr(3). OK
6025 jca@ krw@
6026
6027 Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
6028
6029commit c56a255162c2166884539c0a1f7511575325b477
6030Author: djm@openbsd.org <djm@openbsd.org>
6031Date: Mon Nov 16 22:53:07 2015 +0000
6032
6033 upstream commit
6034
6035 Allow fingerprinting from standard input "ssh-keygen -lf
6036 -"
6037
6038 Support fingerprinting multiple plain keys in a file and authorized_keys
6039 files too (bz#1319)
6040
6041 ok markus@
6042
6043 Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
6044
6045commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204
6046Author: djm@openbsd.org <djm@openbsd.org>
6047Date: Mon Nov 16 22:51:05 2015 +0000
6048
6049 upstream commit
6050
6051 always call privsep_preauth_child() regardless of whether
6052 sshd was started by root; it does important priming before sandboxing and
6053 failing to call it could result in sandbox violations later; ok markus@
6054
6055 Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
6056
6057commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f
6058Author: djm@openbsd.org <djm@openbsd.org>
6059Date: Mon Nov 16 22:50:01 2015 +0000
6060
6061 upstream commit
6062
6063 improve sshkey_read() semantics; only update *cpp when a
6064 key is successfully read; ok markus@
6065
6066 Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
6067
6068commit db6f8dc5dd5655b59368efd074994d4568bc3556
6069Author: logan@openbsd.org <logan@openbsd.org>
6070Date: Mon Nov 16 06:13:04 2015 +0000
6071
6072 upstream commit
6073
6074 1) Use xcalloc() instead of xmalloc() to check for
6075 potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size
6076 just before the for loop. (suggested by djm@)
6077
6078 OK djm@
6079
6080 Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
6081
6082commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0
6083Author: djm@openbsd.org <djm@openbsd.org>
6084Date: Mon Nov 16 00:30:02 2015 +0000
6085
6086 upstream commit
6087
6088 Add a new authorized_keys option "restrict" that
6089 includes all current and future key restrictions (no-*-forwarding, etc). Also
6090 add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
6091 This simplifies the task of setting up restricted keys and ensures they are
6092 maximally-restricted, regardless of any permissions we might implement in the
6093 future.
6094
6095 Example:
6096
6097 restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
6098
6099 Idea from Jann Horn; ok markus@
6100
6101 Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
6102
6103commit e41a071f7bda6af1fb3f081bed0151235fa61f15
6104Author: jmc@openbsd.org <jmc@openbsd.org>
6105Date: Sun Nov 15 23:58:04 2015 +0000
6106
6107 upstream commit
6108
6109 correct section number for ssh-agent;
6110
6111 Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6
6112
6113commit 1a11670286acddcc19f5eff0966c380831fc4638
6114Author: jmc@openbsd.org <jmc@openbsd.org>
6115Date: Sun Nov 15 23:54:15 2015 +0000
6116
6117 upstream commit
6118
6119 do not confuse mandoc by presenting "Dd";
6120
6121 Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
6122
6123commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b
6124Author: jcs@openbsd.org <jcs@openbsd.org>
6125Date: Sun Nov 15 22:26:49 2015 +0000
6126
6127 upstream commit
6128
6129 Add an AddKeysToAgent client option which can be set to
6130 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
6131 private key that is used during authentication will be added to ssh-agent if
6132 it is running (with confirmation enabled if set to 'confirm').
6133
6134 Initial version from Joachim Schipper many years ago.
6135
6136 ok markus@
6137
6138 Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
6139
6140commit d87063d9baf5479b6e813d47dfb694a97df6f6f5
6141Author: djm@openbsd.org <djm@openbsd.org>
6142Date: Fri Nov 13 04:39:35 2015 +0000
6143
6144 upstream commit
6145
6146 send SSH2_MSG_UNIMPLEMENTED replies to unexpected
6147 messages during KEX; bz#2949, ok dtucker@
6148
6149 Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786
6150
6151commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc
6152Author: djm@openbsd.org <djm@openbsd.org>
6153Date: Fri Nov 13 04:38:06 2015 +0000
6154
6155 upstream commit
6156
6157 Support "none" as an argument for sshd_config
6158 ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
6159 global default. bz#2486 ok dtucker@
6160
6161 Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
6162
6163commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe
6164Author: djm@openbsd.org <djm@openbsd.org>
6165Date: Fri Nov 13 04:34:15 2015 +0000
6166
6167 upstream commit
6168
6169 support multiple certificates (one per line) and
6170 reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
6171
6172 Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
6173
6174commit b6b9108f5b561c83612cb97ece4134eb59fde071
6175Author: djm@openbsd.org <djm@openbsd.org>
6176Date: Fri Nov 13 02:57:46 2015 +0000
6177
6178 upstream commit
6179
6180 list a couple more options usable in Match blocks;
6181 bz#2489
6182
6183 Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
6184
6185commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb
6186Author: djm@openbsd.org <djm@openbsd.org>
6187Date: Wed Nov 11 04:56:39 2015 +0000
6188
6189 upstream commit
6190
6191 improve PEEK/POKE macros: better casts, don't multiply
6192 evaluate arguments; ok deraadt@
6193
6194 Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
6195
6196commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec
6197Author: djm@openbsd.org <djm@openbsd.org>
6198Date: Wed Nov 11 01:48:01 2015 +0000
6199
6200 upstream commit
6201
6202 remove prototypes for long-gone s/key support; ok
6203 dtucker@
6204
6205 Upstream-ID: db5bed3c57118af986490ab23d399df807359a79
6206
6207commit 07889c75926c040b8e095949c724e66af26441cb
6208Author: Damien Miller <djm@mindrot.org>
6209Date: Sat Nov 14 18:44:49 2015 +1100
6210
6211 read back from libcrypto RAND when privdropping
6212
6213 makes certain libcrypto implementations cache a /dev/urandom fd
6214 in preparation of sandboxing. Based on patch by Greg Hartman.
6215
6216commit 1560596f44c01bb0cef977816410950ed17b8ecd
6217Author: Darren Tucker <dtucker@zip.com.au>
6218Date: Tue Nov 10 11:14:47 2015 +1100
6219
6220 Fix compiler warnings in the openssl header check.
6221
6222 Noted by Austin English.
6223
6224commit e72a8575ffe1d8adff42c9abe9ca36938acc036b
6225Author: jmc@openbsd.org <jmc@openbsd.org>
6226Date: Sun Nov 8 23:24:03 2015 +0000
6227
6228 upstream commit
6229
6230 -c before -H, in SYNOPSIS and usage();
6231
6232 Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
6233
6234commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485
6235Author: djm@openbsd.org <djm@openbsd.org>
6236Date: Sun Nov 8 22:30:20 2015 +0000
6237
6238 upstream commit
6239
6240 Add "ssh-keyscan -c ..." flag to allow fetching
6241 certificates instead of plain keys; ok markus@
6242
6243 Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
6244
6245commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346
6246Author: jmc@openbsd.org <jmc@openbsd.org>
6247Date: Sun Nov 8 22:08:38 2015 +0000
6248
6249 upstream commit
6250
6251 remove slogin links; ok deraadt markus djm
6252
6253 Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
6254
6255commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0
6256Author: djm@openbsd.org <djm@openbsd.org>
6257Date: Sun Nov 8 21:59:11 2015 +0000
6258
6259 upstream commit
6260
6261 fix OOB read in packet code caused by missing return
6262 statement found by Ben Hawkes; ok markus@ deraadt@
6263
6264 Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
6265
6266commit 5e288923a303ca672b686908320bc5368ebec6e6
6267Author: mmcc@openbsd.org <mmcc@openbsd.org>
6268Date: Fri Nov 6 00:31:41 2015 +0000
6269
6270 upstream commit
6271
6272 1. rlogin and rsh are long gone 2. protocol version isn't
6273 of core relevance here, and v1 is going away
6274
6275 ok markus@, deraadt@
6276
6277 Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8
6278
6279commit 8b29008bbe97f33381d9b4b93fcfa304168d0286
6280Author: jmc@openbsd.org <jmc@openbsd.org>
6281Date: Thu Nov 5 09:48:05 2015 +0000
6282
6283 upstream commit
6284
6285 "commandline" -> "command line", since there are so few
6286 examples of the former in the pages, so many of the latter, and in some of
6287 these pages we had multiple spellings;
6288
6289 prompted by tj
6290
6291 Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
6292
6293commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e
6294Author: Darren Tucker <dtucker@zip.com.au>
6295Date: Thu Oct 29 20:57:34 2015 +1100
6296
6297 (re)wrap SYS_sendsyslog in ifdef.
6298
6299 Replace ifdef that went missing in commit
6300 c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older
6301 OpenBSDs.
6302
6303commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff
6304Author: djm@openbsd.org <djm@openbsd.org>
6305Date: Thu Oct 29 08:05:17 2015 +0000
6306
6307 upstream commit
6308
6309 regress test for "PubkeyAcceptedKeyTypes +..." inside a
6310 Match block
6311
6312 Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
6313
6314commit abd9dbc3c0d8c8c7561347cfa22166156e78c077
6315Author: dtucker@openbsd.org <dtucker@openbsd.org>
6316Date: Mon Oct 26 02:50:58 2015 +0000
6317
6318 upstream commit
6319
6320 Fix typo certopt->certopts in shell variable. This would
6321 cause the test to hang at a host key prompt if you have an A or CNAME for
6322 "proxy" in your local domain.
6323
6324 Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
6325
6326commit ed08510d38aef930a061ae30d10f2a9cf233bafa
6327Author: djm@openbsd.org <djm@openbsd.org>
6328Date: Thu Oct 29 08:05:01 2015 +0000
6329
6330 upstream commit
6331
6332 Fix "PubkeyAcceptedKeyTypes +..." inside a Match block;
6333 ok dtucker@
6334
6335 Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
6336
6337commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5
6338Author: djm@openbsd.org <djm@openbsd.org>
6339Date: Tue Oct 27 08:54:52 2015 +0000
6340
6341 upstream commit
6342
6343 fix execv arguments in a way less likely to cause grief
6344 for -portable; ok dtucker@
6345
6346 Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
6347
6348commit 63d188175accea83305e89fafa011136ff3d96ad
6349Author: djm@openbsd.org <djm@openbsd.org>
6350Date: Tue Oct 27 01:44:45 2015 +0000
6351
6352 upstream commit
6353
6354 log certificate serial in verbose() messages to match the
6355 main auth success/fail message; ok dtucker@
6356
6357 Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
6358
6359commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f
6360Author: djm@openbsd.org <djm@openbsd.org>
6361Date: Tue Oct 27 00:49:53 2015 +0000
6362
6363 upstream commit
6364
6365 avoid de-const warning & shrink; ok dtucker@
6366
6367 Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
6368
6369commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e
6370Author: dtucker@openbsd.org <dtucker@openbsd.org>
6371Date: Sun Oct 25 23:42:00 2015 +0000
6372
6373 upstream commit
6374
6375 Expand tildes in filenames passed to -i before checking
6376 whether or not the identity file exists. This means that if the shell
6377 doesn't do the expansion (eg because the option and filename were given as a
6378 single argument) then we'll still add the key. bz#2481, ok markus@
6379
6380 Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
6381
6382commit 97e184e508dd33c37860c732c0eca3fc57698b40
6383Author: dtucker@openbsd.org <dtucker@openbsd.org>
6384Date: Sun Oct 25 23:14:03 2015 +0000
6385
6386 upstream commit
6387
6388 Do not prepend "exec" to the shell command run by "Match
6389 exec" in a config file. It's an unnecessary optimization from repurposed
6390 ProxyCommand code and prevents some things working with some shells.
6391 bz#2471, pointed out by res at qoxp.net. ok markus@
6392
6393 Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
6394
6395commit 8db134e7f457bcb069ec72bc4ee722e2af557c69
6396Author: Darren Tucker <dtucker@zip.com.au>
6397Date: Thu Oct 29 10:48:23 2015 +1100
6398
6399 Prevent name collisions with system glob (bz#2463)
6400
6401 Move glob.h from includes.h to the only caller (sftp) and override the
6402 names for the symbols. This prevents name collisions with the system glob
6403 in the case where something other than ssh uses it (eg kerberos). With
6404 jjelen at redhat.com, ok djm@
6405
6406commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5
6407Author: dtucker@openbsd.org <dtucker@openbsd.org>
6408Date: Fri Oct 23 02:22:01 2015 +0000
6409
6410 upstream commit
6411
6412 Update expected group sizes to match recent code changes.
6413
6414 Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794
6415
6416commit 9ada37d36003a77902e90a3214981e417457cf13
6417Author: djm@openbsd.org <djm@openbsd.org>
6418Date: Sat Oct 24 22:56:19 2015 +0000
6419
6420 upstream commit
6421
6422 fix keyscan output for multiple hosts/addrs on one line
6423 when host hashing or a non standard port is in use; bz#2479 ok dtucker@
6424
6425 Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
6426
6427commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319
6428Author: djm@openbsd.org <djm@openbsd.org>
6429Date: Sat Oct 24 22:52:22 2015 +0000
6430
6431 upstream commit
6432
6433 skip "Could not chdir to home directory" message when
6434 chrooted
6435
6436 patch from Christian Hesse in bz#2485 ok dtucker@
6437
6438 Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
6439
6440commit a820a8618ec44735dabc688fab96fba38ad66bb2
6441Author: sthen@openbsd.org <sthen@openbsd.org>
6442Date: Sat Oct 24 08:34:09 2015 +0000
6443
6444 upstream commit
6445
6446 Handle the split of tun(4) "link0" into tap(4) in ssh
6447 tun-forwarding. Adapted from portable (using separate devices for this is the
6448 normal case in most OS). ok djm@
6449
6450 Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39
6451
6452commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b
6453Author: gsoares@openbsd.org <gsoares@openbsd.org>
6454Date: Wed Oct 21 11:33:03 2015 +0000
6455
6456 upstream commit
6457
6458 fix memory leak in error path ok djm@
6459
6460 Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35
6461
6462commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5
6463Author: mmcc@openbsd.org <mmcc@openbsd.org>
6464Date: Tue Oct 20 23:24:25 2015 +0000
6465
6466 upstream commit
6467
6468 Compare pointers to NULL rather than 0.
6469
6470 ok djm@
6471
6472 Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8
6473
6474commit f98a09cacff7baad8748c9aa217afd155a4d493f
6475Author: mmcc@openbsd.org <mmcc@openbsd.org>
6476Date: Tue Oct 20 03:36:35 2015 +0000
6477
6478 upstream commit
6479
6480 Replace a function-local allocation with stack memory.
6481
6482 ok djm@
6483
6484 Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
6485
6486commit ac908c1eeacccfa85659594d92428659320fd57e
6487Author: Damien Miller <djm@mindrot.org>
6488Date: Thu Oct 22 09:35:24 2015 +1100
6489
6490 turn off PrintLastLog when --disable-lastlog
6491
6492 bz#2278 from Brent Paulson
6493
6494commit b56deb847f4a0115a8bf488bf6ee8524658162fd
6495Author: djm@openbsd.org <djm@openbsd.org>
6496Date: Fri Oct 16 22:32:22 2015 +0000
6497
6498 upstream commit
6499
6500 increase the minimum modulus that we will send or accept in
6501 diffie-hellman-group-exchange to 2048 bits; ok markus@
6502
6503 Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
6504
6505commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9
6506Author: djm@openbsd.org <djm@openbsd.org>
6507Date: Fri Oct 16 18:40:49 2015 +0000
6508
6509 upstream commit
6510
6511 better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
6512 hostname canonicalisation - treat them as already canonical and remove the
6513 trailing '.' before matching ssh_config; ok markus@
6514
6515 Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a
6516
6517commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7
6518Author: mmcc@openbsd.org <mmcc@openbsd.org>
6519Date: Fri Oct 16 17:07:24 2015 +0000
6520
6521 upstream commit
6522
6523 0 -> NULL when comparing with a char*.
6524
6525 ok dtucker@, djm@.
6526
6527 Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
6528
6529commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2
6530Author: djm@openbsd.org <djm@openbsd.org>
6531Date: Thu Oct 15 23:51:40 2015 +0000
6532
6533 upstream commit
6534
6535 fix some signed/unsigned integer type mismatches in
6536 format strings; reported by Nicholas Lemonias
6537
6538 Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
6539
6540commit 1a2663a15d356bb188196b6414b4c50dc12fd42b
6541Author: djm@openbsd.org <djm@openbsd.org>
6542Date: Thu Oct 15 23:08:23 2015 +0000
6543
6544 upstream commit
6545
6546 argument to sshkey_from_private() and sshkey_demote()
6547 can't be NULL
6548
6549 Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
6550
6551commit 0f754e29dd3760fc0b172c1220f18b753fb0957e
6552Author: Damien Miller <djm@mindrot.org>
6553Date: Fri Oct 16 10:53:14 2015 +1100
6554
6555 need va_copy before va_start
6556
6557 reported by Nicholas Lemonias
6558
6559commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd
6560Author: Damien Miller <djm@mindrot.org>
6561Date: Thu Oct 15 15:48:28 2015 -0700
6562
6563 fix compilation on systems without SYMLOOP_MAX
6564
6565commit fafe1d84a210fb3dae7744f268059cc583db8c12
6566Author: Damien Miller <djm@mindrot.org>
6567Date: Wed Oct 14 09:22:15 2015 -0700
6568
6569 s/SANDBOX_TAME/SANDBOX_PLEDGE/g
6570
6571commit 8f22911027ff6c17d7226d232ccd20727f389310
6572Author: Damien Miller <djm@mindrot.org>
6573Date: Wed Oct 14 08:28:19 2015 +1100
6574
6575 upstream commit
6576
6577 revision 1.20
6578 date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
6579 In rev 1.15 the sizeof argument was fixed in a strlcat() call but
6580 the truncation check immediately following it was not updated to
6581 match. Not an issue in practice since the buffers are the same
6582 size. OK deraadt@
6583
6584commit 23fa695bb735f54f04d46123662609edb6c76767
6585Author: Damien Miller <djm@mindrot.org>
6586Date: Wed Oct 14 08:27:51 2015 +1100
6587
6588 upstream commit
6589
6590 revision 1.19
6591 date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
6592 Move to the <limits.h> universe.
6593 review by millert, binary checking process with doug, concept with guenther
6594
6595commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b
6596Author: Damien Miller <djm@mindrot.org>
6597Date: Wed Oct 14 08:27:08 2015 +1100
6598
6599 upstream commit
6600
6601 revision 1.18
6602 date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
6603 Revert last commit due to changed semantics found by make release.
6604
6605commit c39ad23b06e9aecc3ff788e92f787a08472905b1
6606Author: Damien Miller <djm@mindrot.org>
6607Date: Wed Oct 14 08:26:24 2015 +1100
6608
6609 upstream commit
6610
6611 revision 1.17
6612 date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
6613 Better POSIX compliance in realpath(3).
6614
6615 millert@ made changes to realpath.c based on FreeBSD's version. I merged
6616 Todd's changes into dl_realpath.c.
6617
6618 ok millert@, guenther@
6619
6620commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4
6621Author: Damien Miller <djm@mindrot.org>
6622Date: Wed Oct 14 08:25:55 2015 +1100
6623
6624 upstream commit
6625
6626 revision 1.16
6627 date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1;
6628 - Add comments regarding copies of these files also in libexec/ld.so
6629 okay guenther@
6630
6631commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410
6632Author: Damien Miller <djm@mindrot.org>
6633Date: Wed Oct 14 08:25:32 2015 +1100
6634
6635 upstream commit
6636
6637 revision 1.15
6638 date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2;
6639 specify the bounds of the dst to strlcat (both values were static and
6640 equal, but it is more correct)
6641 from Michal Mazurek
6642
6643commit 7365fe5b4859de2305e40ea132da3823830fa710
6644Author: Damien Miller <djm@mindrot.org>
6645Date: Wed Oct 14 08:25:09 2015 +1100
6646
6647 upstream commit
6648
6649 revision 1.14
6650 date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
6651 Recent Single Unix will malloc memory if the second argument of realpath()
6652 is NULL, and third-party software is starting to rely upon this.
6653 Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
6654 tweaks from nicm@ and yours truly.
6655
6656commit e679c09cd1951f963793aa3d9748d1c3fdcf808f
6657Author: djm@openbsd.org <djm@openbsd.org>
6658Date: Tue Oct 13 16:15:21 2015 +0000
6659
6660 upstream commit
6661
6662 apply PubkeyAcceptedKeyTypes filtering earlier, so all
6663 skipped keys are noted before pubkey authentication starts. ok dtucker@
6664
6665 Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
6666
6667commit 179c353f564ec7ada64b87730b25fb41107babd7
6668Author: djm@openbsd.org <djm@openbsd.org>
6669Date: Tue Oct 13 00:21:27 2015 +0000
6670
6671 upstream commit
6672
6673 free the correct IV length, don't assume it's always the
6674 cipher blocksize; ok dtucker@
6675
6676 Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298
6677
6678commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3
6679Author: deraadt@openbsd.org <deraadt@openbsd.org>
6680Date: Fri Oct 9 01:37:08 2015 +0000
6681
6682 upstream commit
6683
6684 Change all tame callers to namechange to pledge(2).
6685
6686 Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
6687
6688commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73
6689Author: Damien Miller <djm@mindrot.org>
6690Date: Thu Oct 8 04:30:48 2015 +1100
6691
6692 hook tame(2) sandbox up to build
6693
6694 OpenBSD only for now
6695
6696commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6
6697Author: djm@openbsd.org <djm@openbsd.org>
6698Date: Wed Oct 7 15:59:12 2015 +0000
6699
6700 upstream commit
6701
6702 include PubkeyAcceptedKeyTypes in ssh -G config dump
6703
6704 Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
6705
6706commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e
6707Author: sobrado@openbsd.org <sobrado@openbsd.org>
6708Date: Wed Oct 7 14:45:30 2015 +0000
6709
6710 upstream commit
6711
6712 UsePrivilegeSeparation defaults to sandbox now.
6713
6714 ok djm@
6715
6716 Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
6717
6718commit 2905d6f99c837bb699b6ebc61711b19acd030709
6719Author: djm@openbsd.org <djm@openbsd.org>
6720Date: Wed Oct 7 00:54:06 2015 +0000
6721
6722 upstream commit
6723
6724 don't try to change tun device flags if they are already
6725 what we need; makes it possible to use tun/tap networking as non- root user
6726 if device permissions and interface flags are pre-established; based on patch
6727 by Ossi Herrala
6728
6729 Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
6730
6731commit 0dc74512bdb105b048883f07de538b37e5e024d4
6732Author: Damien Miller <djm@mindrot.org>
6733Date: Mon Oct 5 18:33:05 2015 -0700
6734
6735 unbreak merge botch
6736
6737commit fdd020e86439afa7f537e2429d29d4b744c94331
6738Author: djm@openbsd.org <djm@openbsd.org>
6739Date: Tue Oct 6 01:20:59 2015 +0000
6740
6741 upstream commit
6742
6743 adapt to recent sshkey_parse_private_fileblob() API
6744 change
6745
6746 Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
6747
6748commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5
6749Author: djm@openbsd.org <djm@openbsd.org>
6750Date: Thu Sep 24 07:15:39 2015 +0000
6751
6752 upstream commit
6753
6754 fix command-line option to match what was actually
6755 committed
6756
6757 Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
6758
6759commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd
6760Author: djm@openbsd.org <djm@openbsd.org>
6761Date: Thu Sep 24 06:16:53 2015 +0000
6762
6763 upstream commit
6764
6765 regress test for CertificateFile; patch from Meghana Bhat
6766 via bz#2436
6767
6768 Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
6769
6770commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad
6771Author: djm@openbsd.org <djm@openbsd.org>
6772Date: Mon Oct 5 17:11:21 2015 +0000
6773
6774 upstream commit
6775
6776 some more bzero->explicit_bzero, from Michael McConville
6777
6778 Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
6779
6780commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011
6781Author: deraadt@openbsd.org <deraadt@openbsd.org>
6782Date: Fri Oct 2 15:52:55 2015 +0000
6783
6784 upstream commit
6785
6786 fix email
6787
6788 Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
6789
6790commit b19e1b4ab11884c4f62aee9f8ab53127a4732658
6791Author: deraadt@openbsd.org <deraadt@openbsd.org>
6792Date: Fri Oct 2 01:39:52 2015 +0000
6793
6794 upstream commit
6795
6796 a sandbox using tame ok djm
6797
6798 Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
6799
6800commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac
6801Author: deraadt@openbsd.org <deraadt@openbsd.org>
6802Date: Fri Oct 2 01:39:26 2015 +0000
6803
6804 upstream commit
6805
6806 re-order system calls in order of risk, ok i'll be
6807 honest, ordered this way they look like tame... ok djm
6808
6809 Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
6810
6811commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546
6812Author: jmc@openbsd.org <jmc@openbsd.org>
6813Date: Fri Sep 25 18:19:54 2015 +0000
6814
6815 upstream commit
6816
6817 some certificatefile tweaks; ok djm
6818
6819 Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
6820
6821commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8
6822Author: djm@openbsd.org <djm@openbsd.org>
6823Date: Thu Sep 24 06:15:11 2015 +0000
6824
6825 upstream commit
6826
6827 add ssh_config CertificateFile option to explicitly list
6828 a certificate; patch from Meghana Bhat on bz#2436; ok markus@
6829
6830 Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
6831
6832commit e3cbb06ade83c72b640a53728d362bbefa0008e2
6833Author: sobrado@openbsd.org <sobrado@openbsd.org>
6834Date: Tue Sep 22 08:33:23 2015 +0000
6835
6836 upstream commit
6837
6838 fix two typos.
6839
6840 Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709
6841
6842commit 8408218c1ca88cb17d15278174a24a94a6f65fe1
6843Author: djm@openbsd.org <djm@openbsd.org>
6844Date: Mon Sep 21 04:31:00 2015 +0000
6845
6846 upstream commit
6847
6848 fix possible hang on closed output; bz#2469 reported by Tomas
6849 Kuthan ok markus@
6850
6851 Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3
6852
6853commit 0097248f90a00865082e8c146b905a6555cc146f
6854Author: djm@openbsd.org <djm@openbsd.org>
6855Date: Fri Sep 11 04:55:01 2015 +0000
6856
6857 upstream commit
6858
6859 skip if running as root; many systems (inc OpenBSD) allow
6860 root to ptrace arbitrary processes
6861
6862 Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038
6863
6864commit 9c06c814aff925e11a5cc592c06929c258a014f6
6865Author: djm@openbsd.org <djm@openbsd.org>
6866Date: Fri Sep 11 03:44:21 2015 +0000
6867
6868 upstream commit
6869
6870 try all supported key types here; bz#2455 reported by
6871 Jakub Jelen
6872
6873 Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba
6874
6875commit 3c019a936b43f3e2773f3edbde7c114d73caaa4c
6876Author: tim@openbsd.org <tim@openbsd.org>
6877Date: Sun Sep 13 14:39:16 2015 +0000
6878
6879 upstream commit
6880
6881 - Fix error message: passphrase needs to be at least 5
6882 characters, not 4. - Remove unused function argument. - Remove two
6883 unnecessary variables.
6884
6885 OK djm@
6886
6887 Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30
6888
6889commit 2681cdb6e0de7c1af549dac37a9531af202b4434
6890Author: tim@openbsd.org <tim@openbsd.org>
6891Date: Sun Sep 13 13:48:19 2015 +0000
6892
6893 upstream commit
6894
6895 When adding keys to the agent, don't ignore the comment
6896 of keys for which the user is prompted for a passphrase.
6897
6898 Tweak and OK djm@
6899
6900 Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec
6901
6902commit 14692f7b8251cdda847e648a82735eef8a4d2a33
6903Author: guenther@openbsd.org <guenther@openbsd.org>
6904Date: Fri Sep 11 08:50:04 2015 +0000
6905
6906 upstream commit
6907
6908 Use explicit_bzero() when zeroing before free()
6909
6910 from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
6911 ok millert@ djm@
6912
6913 Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
6914
6915commit 846f6fa4cfa8483a9195971dbdd162220f199d85
6916Author: jmc@openbsd.org <jmc@openbsd.org>
6917Date: Fri Sep 11 06:55:46 2015 +0000
6918
6919 upstream commit
6920
6921 sync -Q in usage() to SYNOPSIS; since it's drastically
6922 shorter, i've reformatted the block to sync with the man (80 cols) and saved
6923 a line;
6924
6925 Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd
6926
6927commit 95923e0520a8647417ee6dcdff44694703dfeef0
6928Author: jmc@openbsd.org <jmc@openbsd.org>
6929Date: Fri Sep 11 06:51:39 2015 +0000
6930
6931 upstream commit
6932
6933 tweak previous;
6934
6935 Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6
6936
6937commit 86ac462f833b05d8ed9de9c50ccb295d7faa79ff
6938Author: dtucker@openbsd.org <dtucker@openbsd.org>
6939Date: Fri Sep 11 05:27:02 2015 +0000
6940
6941 upstream commit
6942
6943 Update usage to match man page.
6944
6945 Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675
6946
6947commit 674b3b68c1d36b2562324927cd03857b565e05e8
6948Author: djm@openbsd.org <djm@openbsd.org>
6949Date: Fri Sep 11 03:47:28 2015 +0000
6950
6951 upstream commit
6952
6953 expand %i in ControlPath to UID; bz#2449
6954
6955 patch from Christian Hesse w/ feedback from dtucker@
6956
6957 Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925
6958
6959commit c0f55db7ee00c8202b05cb4b9ad4ce72cc45df41
6960Author: djm@openbsd.org <djm@openbsd.org>
6961Date: Fri Sep 11 03:42:32 2015 +0000
6962
6963 upstream commit
6964
6965 mention -Q key-plain and -Q key-cert; bz#2455 pointed out
6966 by Jakub Jelen
6967
6968 Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896
6969
6970commit cfffbdb10fdf0f02d3f4232232eef7ec3876c383
6971Author: Darren Tucker <dtucker@zip.com.au>
6972Date: Mon Sep 14 16:24:21 2015 +1000
6973
6974 Use ssh-keygen -A when generating host keys.
6975
6976 Use ssh-keygen -A instead of per-keytype invocations when generating host
6977 keys. Add tests when doing host-key-force since we can't use ssh-keygen -A
6978 since it can't specify alternate locations. bz#2459, ok djm@
6979
6980commit 366bada1e9e124654aac55b72b6ccf878755b0dc
6981Author: Darren Tucker <dtucker@zip.com.au>
6982Date: Fri Sep 11 13:29:22 2015 +1000
6983
6984 Correct default value for --with-ssh1.
6985
6986 bz#2457, from konto-mindrot.org at walimnieto.com.
6987
6988commit 2bca8a43e7dd9b04d7070824ffebb823c72587b2
6989Author: djm@openbsd.org <djm@openbsd.org>
6990Date: Fri Sep 11 03:13:36 2015 +0000
6991
6992 upstream commit
6993
6994 more clarity on what AuthorizedKeysFile=none does; based
6995 on diff by Thiebaud Weksteen
6996
6997 Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704
6998
6999commit 61942ea4a01e6db4fdf37ad61de81312ffe310e9
7000Author: djm@openbsd.org <djm@openbsd.org>
7001Date: Wed Sep 9 00:52:44 2015 +0000
7002
7003 upstream commit
7004
7005 openssh_RSA_verify return type is int, so don't make it
7006 size_t within the function itself with only negative numbers or zero assigned
7007 to it. bz#2460
7008
7009 Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55
7010
7011commit 4f7cc2f8cc861a21e6dbd7f6c25652afb38b9b96
7012Author: dtucker@openbsd.org <dtucker@openbsd.org>
7013Date: Fri Sep 4 08:21:47 2015 +0000
7014
7015 upstream commit
7016
7017 Plug minor memory leaks when options are used more than
7018 once. bz#2182, patch from Tiago Cunha, ok deraadt djm
7019
7020 Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e
7021
7022commit 7ad8b287c8453a3e61dbc0d34d467632b8b06fc8
7023Author: Darren Tucker <dtucker@zip.com.au>
7024Date: Fri Sep 11 13:11:02 2015 +1000
7025
7026 Force resolution of _res for correct detection.
7027
7028 bz#2259, from sconeu at yahoo.com.
7029
7030commit 26ad18247213ff72b4438abe7fc660c958810fa2
7031Author: Damien Miller <djm@mindrot.org>
7032Date: Thu Sep 10 10:57:41 2015 +1000
7033
7034 allow getrandom syscall; from Felix von Leitner
7035
7036commit 5245bc1e6b129a10a928f73f11c3aa32656c44b4
7037Author: jmc@openbsd.org <jmc@openbsd.org>
7038Date: Fri Sep 4 06:40:45 2015 +0000
7039
7040 upstream commit
7041
7042 full stop belongs outside the brackets, not inside;
7043
7044 Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a
7045
7046commit a85768a9321d74b41219eeb3c9be9f1702cbf6a5
7047Author: djm@openbsd.org <djm@openbsd.org>
7048Date: Fri Sep 4 04:56:09 2015 +0000
7049
7050 upstream commit
7051
7052 add a debug2() right before DNS resolution; it's a place
7053 where ssh could previously silently hang for a while. bz#2433
7054
7055 Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0
7056
7057commit 46152af8d27aa34d5d26ed1c371dc8aa142d4730
7058Author: djm@openbsd.org <djm@openbsd.org>
7059Date: Fri Sep 4 04:55:24 2015 +0000
7060
7061 upstream commit
7062
7063 correct function name in error messages
7064
7065 Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e
7066
7067commit a954cdb799a4d83c2d40fbf3e7b9f187fbfd72fc
7068Author: djm@openbsd.org <djm@openbsd.org>
7069Date: Fri Sep 4 04:47:50 2015 +0000
7070
7071 upstream commit
7072
7073 better document ExitOnForwardFailure; bz#2444, ok
7074 dtucker@
7075
7076 Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2
7077
7078commit f54d8ac2474b6fc3afa081cf759b48a6c89d3319
7079Author: djm@openbsd.org <djm@openbsd.org>
7080Date: Fri Sep 4 04:44:08 2015 +0000
7081
7082 upstream commit
7083
7084 don't record hostbased authentication hostkeys as user
7085 keys in test for multiple authentication with the same key
7086
7087 Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc
7088
7089commit ac3451dd65f27ecf85dc045c46d49e2bbcb8dddd
7090Author: djm@openbsd.org <djm@openbsd.org>
7091Date: Fri Sep 4 03:57:38 2015 +0000
7092
7093 upstream commit
7094
7095 remove extra newline in nethack-mode hostkey; from
7096 Christian Hesse bz#2686
7097
7098 Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92
7099
7100commit 9e3ed9ebb1a7e47c155c28399ddf09b306ea05df
7101Author: djm@openbsd.org <djm@openbsd.org>
7102Date: Fri Sep 4 04:23:10 2015 +0000
7103
7104 upstream commit
7105
7106 trim junk from end of file; bz#2455 from Jakub Jelen
7107
7108 Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6
7109
7110commit f3a3ea180afff080bab82087ee0b60db9fd84f6c
7111Author: jsg@openbsd.org <jsg@openbsd.org>
7112Date: Wed Sep 2 07:51:12 2015 +0000
7113
7114 upstream commit
7115
7116 Fix occurrences of "r = func() != 0" which result in the
7117 wrong error codes being returned due to != having higher precedence than =.
7118
7119 ok deraadt@ markus@
7120
7121 Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
7122
7123commit f498a98cf83feeb7ea01c15cd1c98b3111361f3a
7124Author: Damien Miller <djm@mindrot.org>
7125Date: Thu Sep 3 09:11:22 2015 +1000
7126
7127 don't check for yp_match; ok tim@
7128
7129commit 9690b78b7848b0b376980a61d51b1613e187ddb5
7130Author: djm@openbsd.org <djm@openbsd.org>
7131Date: Fri Aug 21 23:57:48 2015 +0000
7132
7133 upstream commit
7134
7135 Improve printing of KEX offers and decisions
7136
7137 The debug output now labels the client and server offers and the
7138 negotiated options. ok markus@
7139
7140 Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb
7141
7142commit 60a92470e21340e1a3fc10f9c7140d8e1519dc55
7143Author: djm@openbsd.org <djm@openbsd.org>
7144Date: Fri Aug 21 23:53:08 2015 +0000
7145
7146 upstream commit
7147
7148 Fix printing (ssh -G ...) of HostKeyAlgorithms=+...
7149 Reported by Bryan Drewery
7150
7151 Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293
7152
7153commit 6310f60fffca2d1e464168e7d1f7e3b6b0268897
7154Author: djm@openbsd.org <djm@openbsd.org>
7155Date: Fri Aug 21 23:52:30 2015 +0000
7156
7157 upstream commit
7158
7159 Fix expansion of HostkeyAlgorithms=+...
7160
7161 Reported by Bryan Drewery
7162
7163 Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d
7164
7165commit e774e5ea56237fd626a8161f9005023dff3e76c9
7166Author: deraadt@openbsd.org <deraadt@openbsd.org>
7167Date: Fri Aug 21 23:29:31 2015 +0000
7168
7169 upstream commit
7170
7171 Improve size == 0, count == 0 checking in mm_zalloc,
7172 which is "array" like. Discussed with tedu, millert, otto.... and ok djm
7173
7174 Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29
7175
7176commit 189de02d9ad6f3645417c0ddf359b923aae5f926
7177Author: Damien Miller <djm@mindrot.org>
7178Date: Fri Aug 21 15:45:02 2015 +1000
7179
7180 expose POLLHUP and POLLNVAL for netcat.c
7181
7182commit e91346dc2bbf460246df2ab591b7613908c1b0ad
7183Author: Damien Miller <djm@mindrot.org>
7184Date: Fri Aug 21 14:49:03 2015 +1000
7185
7186 we don't use Github for issues/pull-requests
7187
7188commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23
7189Author: Damien Miller <djm@mindrot.org>
7190Date: Fri Aug 21 14:43:55 2015 +1000
7191
7192 fix URL for connect.c
7193
7194commit d026a8d3da0f8186598442997c7d0a28e7275414
7195Author: Damien Miller <djm@mindrot.org>
7196Date: Fri Aug 21 13:47:10 2015 +1000
7197
7198 update version numbers for 7.1
7199
7200commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed
7201Author: djm@openbsd.org <djm@openbsd.org>
7202Date: Fri Aug 21 03:45:26 2015 +0000
7203
7204 upstream commit
7205
7206 openssh-7.1
7207
7208 Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
7209
7210commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf
7211Author: djm@openbsd.org <djm@openbsd.org>
7212Date: Fri Aug 21 03:42:19 2015 +0000
7213
7214 upstream commit
7215
7216 fix inverted logic that broke PermitRootLogin; reported
7217 by Mantas Mikulenas; ok markus@
7218
7219 Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
7220
7221commit ce445b0ed927e45bd5bdce8f836eb353998dd65c
7222Author: deraadt@openbsd.org <deraadt@openbsd.org>
7223Date: Thu Aug 20 22:32:42 2015 +0000
7224
7225 upstream commit
7226
7227 Do not cast result of malloc/calloc/realloc* if stdlib.h
7228 is in scope ok krw millert
7229
7230 Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
7231
7232commit 05291e5288704d1a98bacda269eb5a0153599146
7233Author: naddy@openbsd.org <naddy@openbsd.org>
7234Date: Thu Aug 20 19:20:06 2015 +0000
7235
7236 upstream commit
7237
7238 In the certificates section, be consistent about using
7239 "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@
7240
7241 Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
7242
7243commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4
7244Author: djm@openbsd.org <djm@openbsd.org>
7245Date: Wed Aug 19 23:21:42 2015 +0000
7246
7247 upstream commit
7248
7249 Better compat matching for WinSCP, add compat matching
7250 for FuTTY (fork of PuTTY); ok markus@ deraadt@
7251
7252 Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
7253
7254commit ec6eda16ebab771aa3dfc90629b41953b999cb1e
7255Author: djm@openbsd.org <djm@openbsd.org>
7256Date: Wed Aug 19 23:19:01 2015 +0000
7257
7258 upstream commit
7259
7260 fix double-free() in error path of DSA key generation
7261 reported by Mateusz Kocielski; ok markus@
7262
7263 Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
7264
7265commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b
7266Author: djm@openbsd.org <djm@openbsd.org>
7267Date: Wed Aug 19 23:18:26 2015 +0000
7268
7269 upstream commit
7270
7271 fix free() of uninitialised pointer reported by Mateusz
7272 Kocielski; ok markus@
7273
7274 Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
7275
7276commit c837643b93509a3ef538cb6624b678c5fe32ff79
7277Author: djm@openbsd.org <djm@openbsd.org>
7278Date: Wed Aug 19 23:17:51 2015 +0000
7279
7280 upstream commit
7281
7282 fixed unlink([uninitialised memory]) reported by Mateusz
7283 Kocielski; ok markus@
7284
7285 Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
7286
7287commit 1f8d3d629cd553031021068eb9c646a5f1e50994
7288Author: jmc@openbsd.org <jmc@openbsd.org>
7289Date: Fri Aug 14 15:32:41 2015 +0000
7290
7291 upstream commit
7292
7293 match myproposal.h order; from brian conway (i snuck in a
7294 tweak while here)
7295
7296 ok dtucker
7297
7298 Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
7299
7300commit 1dc8d93ce69d6565747eb44446ed117187621b26
7301Author: deraadt@openbsd.org <deraadt@openbsd.org>
7302Date: Thu Aug 6 14:53:21 2015 +0000
7303
7304 upstream commit
7305
7306 add prohibit-password as a synonymn for without-password,
7307 since the without-password is causing too many questions. Harden it to ban
7308 all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
7309 djm, ok markus
7310
7311 Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
7312
7313commit 90a95a4745a531b62b81ce3b025e892bdc434de5
7314Author: Damien Miller <djm@mindrot.org>
7315Date: Tue Aug 11 13:53:41 2015 +1000
7316
7317 update version in README
7318
7319commit 318c37743534b58124f1bab37a8a0087a3a9bd2f
7320Author: Damien Miller <djm@mindrot.org>
7321Date: Tue Aug 11 13:53:09 2015 +1000
7322
7323 update versions in *.spec
7324
7325commit 5e75f5198769056089fb06c4d738ab0e5abc66f7
7326Author: Damien Miller <djm@mindrot.org>
7327Date: Tue Aug 11 13:34:12 2015 +1000
7328
7329 set sshpam_ctxt to NULL after free
7330
7331 Avoids use-after-free in monitor when privsep child is compromised.
7332 Reported by Moritz Jodeit; ok dtucker@
7333
7334commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
7335Author: Damien Miller <djm@mindrot.org>
7336Date: Tue Aug 11 13:33:24 2015 +1000
7337
7338 Don't resend username to PAM; it already has it.
7339
7340 Pointed out by Moritz Jodeit; ok dtucker@
7341
7342commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca
7343Author: Darren Tucker <dtucker@zip.com.au>
7344Date: Mon Jul 27 12:14:25 2015 +1000
7345
7346 Import updated moduli file from OpenBSD.
7347
7348commit 55b263fb7cfeacb81aaf1c2036e0394c881637da
7349Author: Damien Miller <djm@mindrot.org>
7350Date: Mon Aug 10 11:13:44 2015 +1000
7351
7352 let principals-command.sh work for noexec /var/run
7353
7354commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897
7355Author: Damien Miller <djm@mindrot.org>
7356Date: Thu Aug 6 11:43:42 2015 +1000
7357
7358 work around echo -n / sed behaviour in tests
7359
7360commit d85dad81778c1aa8106acd46930b25fdf0d15b2a
7361Author: djm@openbsd.org <djm@openbsd.org>
7362Date: Wed Aug 5 05:27:33 2015 +0000
7363
7364 upstream commit
7365
7366 adjust for RSA minimum modulus switch; ok deraadt@
7367
7368 Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
7369
7370commit 57e8e229bad5fe6056b5f1199665f5f7008192c6
7371Author: djm@openbsd.org <djm@openbsd.org>
7372Date: Tue Aug 4 05:23:06 2015 +0000
7373
7374 upstream commit
7375
7376 backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this
7377 release; problems spotted by sthen@ ok deraadt@ markus@
7378
7379 Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
7380
7381commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a
7382Author: djm@openbsd.org <djm@openbsd.org>
7383Date: Sun Aug 2 09:56:42 2015 +0000
7384
7385 upstream commit
7386
7387 openssh 7.0; ok deraadt@
7388
7389 Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
7390
7391commit 3d5728a0f6874ce4efb16913a12963595070f3a9
7392Author: chris@openbsd.org <chris@openbsd.org>
7393Date: Fri Jul 31 15:38:09 2015 +0000
7394
7395 upstream commit
7396
7397 Allow PermitRootLogin to be overridden by config
7398
7399 ok markus@ deeradt@
7400
7401 Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
7402
7403commit 6f941396b6835ad18018845f515b0c4fe20be21a
7404Author: djm@openbsd.org <djm@openbsd.org>
7405Date: Thu Jul 30 23:09:15 2015 +0000
7406
7407 upstream commit
7408
7409 fix pty permissions; patch from Nikolay Edigaryev; ok
7410 deraadt
7411
7412 Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
7413
7414commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0
7415Author: deraadt@openbsd.org <deraadt@openbsd.org>
7416Date: Thu Jul 30 19:23:02 2015 +0000
7417
7418 upstream commit
7419
7420 change default: PermitRootLogin without-password matching
7421 install script changes coming as well ok djm markus
7422
7423 Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
7424
7425commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c
7426Author: Damien Miller <djm@mindrot.org>
7427Date: Thu Jul 30 12:31:39 2015 +1000
7428
7429 downgrade OOM adjustment logging: verbose -> debug
7430
7431commit f9eca249d4961f28ae4b09186d7dc91de74b5895
7432Author: djm@openbsd.org <djm@openbsd.org>
7433Date: Thu Jul 30 00:01:34 2015 +0000
7434
7435 upstream commit
7436
7437 Allow ssh_config and sshd_config kex parameters options be
7438 prefixed by a '+' to indicate that the specified items be appended to the
7439 default rather than replacing it.
7440
7441 approach suggested by dtucker@, feedback dlg@, ok markus@
7442
7443 Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
7444
7445commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163
7446Author: djm@openbsd.org <djm@openbsd.org>
7447Date: Wed Jul 29 08:34:54 2015 +0000
7448
7449 upstream commit
7450
7451 fix bug in previous; was printing incorrect string for
7452 failed host key algorithms negotiation
7453
7454 Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
7455
7456commit f319912b0d0e1675b8bb051ed8213792c788bcb2
7457Author: djm@openbsd.org <djm@openbsd.org>
7458Date: Wed Jul 29 04:43:06 2015 +0000
7459
7460 upstream commit
7461
7462 include the peer's offer when logging a failure to
7463 negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@
7464
7465 Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
7466
7467commit b6ea0e573042eb85d84defb19227c89eb74cf05a
7468Author: djm@openbsd.org <djm@openbsd.org>
7469Date: Tue Jul 28 23:20:42 2015 +0000
7470
7471 upstream commit
7472
7473 add Cisco to the list of clients that choke on the
7474 hostkeys update extension. Pointed out by Howard Kash
7475
7476 Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
7477
7478commit 3f628c7b537291c1019ce86af90756fb4e66d0fd
7479Author: guenther@openbsd.org <guenther@openbsd.org>
7480Date: Mon Jul 27 16:29:23 2015 +0000
7481
7482 upstream commit
7483
7484 Permit kbind(2) use in the sandbox now, to ease testing
7485 of ld.so work using it
7486
7487 reminded by miod@, ok deraadt@
7488
7489 Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
7490
7491commit ebe27ebe520098bbc0fe58945a87ce8490121edb
7492Author: millert@openbsd.org <millert@openbsd.org>
7493Date: Mon Jul 20 18:44:12 2015 +0000
7494
7495 upstream commit
7496
7497 Move .Pp before .Bl, not after to quiet mandoc -Tlint.
7498 Noticed by jmc@
7499
7500 Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
7501
7502commit d5d91d0da819611167782c66ab629159169d94d4
7503Author: millert@openbsd.org <millert@openbsd.org>
7504Date: Mon Jul 20 18:42:35 2015 +0000
7505
7506 upstream commit
7507
7508 Sync usage with SYNOPSIS
7509
7510 Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
7511
7512commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743
7513Author: millert@openbsd.org <millert@openbsd.org>
7514Date: Mon Jul 20 15:39:52 2015 +0000
7515
7516 upstream commit
7517
7518 Better desciption of Unix domain socket forwarding.
7519 bz#2423; ok jmc@
7520
7521 Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
7522
7523commit d56fd1828074a4031b18b8faa0bf949669eb18a0
7524Author: Damien Miller <djm@mindrot.org>
7525Date: Mon Jul 20 11:19:51 2015 +1000
7526
7527 make realpath.c compile -Wsign-compare clean
7528
7529commit c63c9a691dca26bb7648827f5a13668832948929
7530Author: djm@openbsd.org <djm@openbsd.org>
7531Date: Mon Jul 20 00:30:01 2015 +0000
7532
7533 upstream commit
7534
7535 mention that the default of UseDNS=no implies that
7536 hostnames cannot be used for host matching in sshd_config and
7537 authorized_keys; bz#2045, ok dtucker@
7538
7539 Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
7540
7541commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76
7542Author: djm@openbsd.org <djm@openbsd.org>
7543Date: Sat Jul 18 08:02:17 2015 +0000
7544
7545 upstream commit
7546
7547 don't ignore PKCS#11 hosted keys that return empty
7548 CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
7549
7550 Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
7551
7552commit b15fd989c8c62074397160147a8d5bc34b3f3c63
7553Author: djm@openbsd.org <djm@openbsd.org>
7554Date: Sat Jul 18 08:00:21 2015 +0000
7555
7556 upstream commit
7557
7558 skip uninitialised PKCS#11 slots; patch from Jakub Jelen
7559 in bz#2427 ok markus@
7560
7561 Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
7562
7563commit 5b64f85bb811246c59ebab70aed331f26ba37b18
7564Author: djm@openbsd.org <djm@openbsd.org>
7565Date: Sat Jul 18 07:57:14 2015 +0000
7566
7567 upstream commit
7568
7569 only query each keyboard-interactive device once per
7570 authentication request regardless of how many times it is listed; ok markus@
7571
7572 Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
7573
7574commit cd7324d0667794eb5c236d8a4e0f236251babc2d
7575Author: djm@openbsd.org <djm@openbsd.org>
7576Date: Fri Jul 17 03:34:27 2015 +0000
7577
7578 upstream commit
7579
7580 remove -u flag to diff (only used for error output) to make
7581 things easier for -portable
7582
7583 Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
7584
7585commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a
7586Author: djm@openbsd.org <djm@openbsd.org>
7587Date: Fri Jul 17 03:09:19 2015 +0000
7588
7589 upstream commit
7590
7591 direct-streamlocal@openssh.com Unix domain foward
7592 messages do not contain a "reserved for future use" field and in fact,
7593 serverloop.c checks that there isn't one. Remove erroneous mention from
7594 PROTOCOL description. bz#2421 from Daniel Black
7595
7596 Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
7597
7598commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52
7599Author: djm@openbsd.org <djm@openbsd.org>
7600Date: Fri Jul 17 03:04:27 2015 +0000
7601
7602 upstream commit
7603
7604 describe magic for setting up Unix domain socket fowards
7605 via the mux channel; bz#2422 patch from Daniel Black
7606
7607 Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861
7608
7609commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc
7610Author: Darren Tucker <dtucker@zip.com.au>
7611Date: Fri Jul 17 12:52:34 2015 +1000
7612
7613 Check if realpath works on nonexistent files.
7614
7615 On some platforms the native realpath doesn't work with non-existent
7616 files (this is actually specified in some versions of POSIX), however
7617 the sftp spec says its realpath with "canonicalize any given path name".
7618 On those platforms, use realpath from the compat library.
7619
7620 In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
7621 the realpath symbol to the checked version, so redefine ours to
7622 something else so we pick up the compat version we want.
7623
7624 bz#2428, ok djm@
7625
7626commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0
7627Author: djm@openbsd.org <djm@openbsd.org>
7628Date: Fri Jul 17 02:47:45 2015 +0000
7629
7630 upstream commit
7631
7632 fix incorrect test for SSH1 keys when compiled without SSH1
7633 support
7634
7635 Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
7636
7637commit df56a8035d429b2184ee94aaa7e580c1ff67f73a
7638Author: djm@openbsd.org <djm@openbsd.org>
7639Date: Wed Jul 15 08:00:11 2015 +0000
7640
7641 upstream commit
7642
7643 fix NULL-deref when SSH1 reenabled
7644
7645 Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
7646
7647commit 41e38c4d49dd60908484e6703316651333f16b93
7648Author: djm@openbsd.org <djm@openbsd.org>
7649Date: Wed Jul 15 07:19:50 2015 +0000
7650
7651 upstream commit
7652
7653 regen RSA1 test keys; the last batch was missing their
7654 private parts
7655
7656 Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
7657
7658commit 5bf0933184cb622ca3f96d224bf3299fd2285acc
7659Author: markus@openbsd.org <markus@openbsd.org>
7660Date: Fri Jul 10 06:23:25 2015 +0000
7661
7662 upstream commit
7663
7664 Adapt tests, now that DSA if off by default; use
7665 PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA.
7666
7667 Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c
7668
7669commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc
7670Author: markus@openbsd.org <markus@openbsd.org>
7671Date: Tue Jul 7 14:54:16 2015 +0000
7672
7673 upstream commit
7674
7675 regen test data after mktestdata.sh changes
7676
7677 Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
7678
7679commit 7c8c174c69f681d4910fa41c37646763692b28e2
7680Author: markus@openbsd.org <markus@openbsd.org>
7681Date: Tue Jul 7 14:53:30 2015 +0000
7682
7683 upstream commit
7684
7685 adapt tests to new minimum RSA size and default FP format
7686
7687 Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
7688
7689commit 6a977a4b68747ade189e43d302f33403fd4a47ac
7690Author: djm@openbsd.org <djm@openbsd.org>
7691Date: Fri Jul 3 04:39:23 2015 +0000
7692
7693 upstream commit
7694
7695 legacy v00 certificates are gone; adapt and don't try to
7696 test them; "sure" markus@ dtucker@
7697
7698 Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
7699
7700commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385
7701Author: djm@openbsd.org <djm@openbsd.org>
7702Date: Wed Jul 1 23:11:18 2015 +0000
7703
7704 upstream commit
7705
7706 don't expect SSH v.1 in unittests
7707
7708 Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
7709
7710commit 3c099845798a817cdde513c39074ec2063781f18
7711Author: djm@openbsd.org <djm@openbsd.org>
7712Date: Mon Jun 15 06:38:50 2015 +0000
7713
7714 upstream commit
7715
7716 turn SSH1 back on to match src/usr.bin/ssh being tested
7717
7718 Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
7719
7720commit b1dc2b33689668c75e95f873a42d5aea1f4af1db
7721Author: dtucker@openbsd.org <dtucker@openbsd.org>
7722Date: Mon Jul 13 04:57:14 2015 +0000
7723
7724 upstream commit
7725
7726 Add "PuTTY_Local:" to the clients to which we do not
7727 offer DH-GEX. This was the string that was used for development versions
7728 prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
7729 there are some extant products based on those versions. bx2424 from Jay
7730 Rouman, ok markus@ djm@
7731
7732 Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
7733
7734commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9
7735Author: markus@openbsd.org <markus@openbsd.org>
7736Date: Fri Jul 10 06:21:53 2015 +0000
7737
7738 upstream commit
7739
7740 Turn off DSA by default; add HostKeyAlgorithms to the
7741 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
7742 tested or turned back on; feedback and ok djm@
7743
7744 Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
7745
7746commit 16db0a7ee9a87945cc594d13863cfcb86038db59
7747Author: markus@openbsd.org <markus@openbsd.org>
7748Date: Thu Jul 9 09:49:46 2015 +0000
7749
7750 upstream commit
7751
7752 re-enable ed25519-certs if compiled w/o openssl; ok djm
7753
7754 Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
7755
7756commit c355bf306ac33de6545ce9dac22b84a194601e2f
7757Author: markus@openbsd.org <markus@openbsd.org>
7758Date: Wed Jul 8 20:24:02 2015 +0000
7759
7760 upstream commit
7761
7762 no need to include the old buffer/key API
7763
7764 Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
7765
7766commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee
7767Author: markus@openbsd.org <markus@openbsd.org>
7768Date: Wed Jul 8 19:09:25 2015 +0000
7769
7770 upstream commit
7771
7772 typedefs for Cipher&CipherContext are unused
7773
7774 Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
7775
7776commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0
7777Author: markus@openbsd.org <markus@openbsd.org>
7778Date: Wed Jul 8 19:04:21 2015 +0000
7779
7780 upstream commit
7781
7782 xmalloc.h is unused
7783
7784 Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
7785
7786commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31
7787Author: markus@openbsd.org <markus@openbsd.org>
7788Date: Wed Jul 8 19:01:15 2015 +0000
7789
7790 upstream commit
7791
7792 compress.c is gone
7793
7794 Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
7795
7796commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615
7797Author: djm@openbsd.org <djm@openbsd.org>
7798Date: Fri Jul 3 04:05:54 2015 +0000
7799
7800 upstream commit
7801
7802 another SSH_RSA_MINIMUM_MODULUS_SIZE that needed
7803 cranking
7804
7805 Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
7806
7807commit b1f383da5cd3cb921fc7776f17a14f44b8a31757
7808Author: djm@openbsd.org <djm@openbsd.org>
7809Date: Fri Jul 3 03:56:25 2015 +0000
7810
7811 upstream commit
7812
7813 add an XXX reminder for getting correct key paths from
7814 sshd_config
7815
7816 Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
7817
7818commit 933935ce8d093996c34d7efa4d59113163080680
7819Author: djm@openbsd.org <djm@openbsd.org>
7820Date: Fri Jul 3 03:49:45 2015 +0000
7821
7822 upstream commit
7823
7824 refuse to generate or accept RSA keys smaller than 1024
7825 bits; feedback and ok dtucker@
7826
7827 Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
7828
7829commit bdfd29f60b74f3e678297269dc6247a5699583c1
7830Author: djm@openbsd.org <djm@openbsd.org>
7831Date: Fri Jul 3 03:47:00 2015 +0000
7832
7833 upstream commit
7834
7835 turn off 1024 bit diffie-hellman-group1-sha1 key
7836 exchange method (already off in server, this turns it off in the client by
7837 default too) ok dtucker@
7838
7839 Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
7840
7841commit c28fc62d789d860c75e23a9fa9fb250eb2beca57
7842Author: djm@openbsd.org <djm@openbsd.org>
7843Date: Fri Jul 3 03:43:18 2015 +0000
7844
7845 upstream commit
7846
7847 delete support for legacy v00 certificates; "sure"
7848 markus@ dtucker@
7849
7850 Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
7851
7852commit 564d63e1b4a9637a209d42a9d49646781fc9caef
7853Author: djm@openbsd.org <djm@openbsd.org>
7854Date: Wed Jul 1 23:10:47 2015 +0000
7855
7856 upstream commit
7857
7858 Compile-time disable SSH v.1 again
7859
7860 Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
7861
7862commit 868109b650504dd9bcccdb1f51d0906f967c20ff
7863Author: djm@openbsd.org <djm@openbsd.org>
7864Date: Wed Jul 1 02:39:06 2015 +0000
7865
7866 upstream commit
7867
7868 twiddle PermitRootLogin back
7869
7870 Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
7871
7872commit 7de4b03a6e4071d454b72927ffaf52949fa34545
7873Author: djm@openbsd.org <djm@openbsd.org>
7874Date: Wed Jul 1 02:32:17 2015 +0000
7875
7876 upstream commit
7877
7878 twiddle; (this commit marks the openssh-6.9 release)
7879
7880 Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
7881
7882commit 1bf477d3cdf1a864646d59820878783d42357a1d
7883Author: djm@openbsd.org <djm@openbsd.org>
7884Date: Wed Jul 1 02:26:31 2015 +0000
7885
7886 upstream commit
7887
7888 better refuse ForwardX11Trusted=no connections attempted
7889 after ForwardX11Timeout expires; reported by Jann Horn
7890
7891 Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
7892
7893commit 47aa7a0f8551b471fcae0447c1d78464f6dba869
7894Author: djm@openbsd.org <djm@openbsd.org>
7895Date: Wed Jul 1 01:56:13 2015 +0000
7896
7897 upstream commit
7898
7899 put back default PermitRootLogin=no
7900
7901 Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
7902
7903commit 984b064fe2a23733733262f88d2e1b2a1a501662
7904Author: djm@openbsd.org <djm@openbsd.org>
7905Date: Wed Jul 1 01:55:13 2015 +0000
7906
7907 upstream commit
7908
7909 openssh-6.9
7910
7911 Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
7912
7913commit d921082ed670f516652eeba50705e1e9f6325346
7914Author: djm@openbsd.org <djm@openbsd.org>
7915Date: Wed Jul 1 01:55:00 2015 +0000
7916
7917 upstream commit
7918
7919 reset default PermitRootLogin to 'yes' (momentarily, for
7920 release)
7921
7922 Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
7923
7924commit 66295e0e1ba860e527f191b6325d2d77dec4dbce
7925Author: Damien Miller <djm@mindrot.org>
7926Date: Wed Jul 1 11:49:12 2015 +1000
7927
7928 crank version numbers for release
7929
7930commit 37035c07d4f26bb1fbe000d2acf78efdb008681d
7931Author: Damien Miller <djm@mindrot.org>
7932Date: Wed Jul 1 10:49:37 2015 +1000
7933
7934 s/--with-ssh1/--without-ssh1/
7935
7936commit 629df770dbadc2accfbe1c81b3f31f876d0acd84
7937Author: djm@openbsd.org <djm@openbsd.org>
7938Date: Tue Jun 30 05:25:07 2015 +0000
7939
7940 upstream commit
7941
7942 fatal() when a remote window update causes the window
7943 value to overflow. Reported by Georg Wicherski, ok markus@
7944
7945 Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
7946
7947commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2
7948Author: djm@openbsd.org <djm@openbsd.org>
7949Date: Tue Jun 30 05:23:25 2015 +0000
7950
7951 upstream commit
7952
7953 Fix math error in remote window calculations that causes
7954 eventual stalls for datagram channels. Reported by Georg Wicherski, ok
7955 markus@
7956
7957 Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
7958
7959commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889
7960Author: Damien Miller <djm@mindrot.org>
7961Date: Tue Jun 30 16:05:40 2015 +1000
7962
7963 skip IPv6-related portions on hosts without IPv6
7964
7965 with Tim Rice
7966
7967commit 512caddf590857af6aa12218461b5c0441028cf5
7968Author: djm@openbsd.org <djm@openbsd.org>
7969Date: Mon Jun 29 22:35:12 2015 +0000
7970
7971 upstream commit
7972
7973 add getpid to sandbox, reachable by grace_alarm_handler
7974
7975 reported by Jakub Jelen; bz#2419
7976
7977 Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
7978
7979commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93
7980Author: djm@openbsd.org <djm@openbsd.org>
7981Date: Fri Jun 26 05:13:20 2015 +0000
7982
7983 upstream commit
7984
7985 Fix \-escaping bug that caused forward path parsing to skip
7986 two characters and skip past the end of the string.
7987
7988 Based on patch by Salvador Fandino; ok dtucker@
7989
7990 Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
7991
7992commit bc20205c91c9920361d12b15d253d4997dba494a
7993Author: Damien Miller <djm@mindrot.org>
7994Date: Thu Jun 25 09:51:39 2015 +1000
7995
7996 add missing pselect6
7997
7998 patch from Jakub Jelen
7999
8000commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a
8001Author: djm@openbsd.org <djm@openbsd.org>
8002Date: Wed Jun 24 23:47:23 2015 +0000
8003
8004 upstream commit
8005
8006 correct test to sshkey_sign(); spotted by Albert S.
8007
8008 Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
8009
8010commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3
8011Author: dtucker@openbsd.org <dtucker@openbsd.org>
8012Date: Wed Jun 24 01:49:19 2015 +0000
8013
8014 upstream commit
8015
8016 Revert previous commit. We still want to call setgroups
8017 in the case where there are zero groups to remove any that we might otherwise
8018 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
8019 to setgroups is always a static global it's always valid to dereference in
8020 this case. ok deraadt@ djm@
8021
8022 Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
8023
8024commit 882f8bf94f79528caa65b0ba71c185d705bb7195
8025Author: dtucker@openbsd.org <dtucker@openbsd.org>
8026Date: Wed Jun 24 01:49:19 2015 +0000
8027
8028 upstream commit
8029
8030 Revert previous commit. We still want to call setgroups in
8031 the case where there are zero groups to remove any that we might otherwise
8032 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
8033 to setgroups is always a static global it's always valid to dereference in
8034 this case. ok deraadt@ djm@
8035
8036 Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
8037
8038commit 9488538a726951e82b3a4374f3c558d72c80a89b
8039Author: djm@openbsd.org <djm@openbsd.org>
8040Date: Mon Jun 22 23:42:16 2015 +0000
8041
8042 upstream commit
8043
8044 Don't count successful partial authentication as failures
8045 in monitor; this may have caused the monitor to refuse multiple
8046 authentications that would otherwise have successfully completed; ok markus@
8047
8048 Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3
8049
8050commit 63b78d003bd8ca111a736e6cea6333da50f5f09b
8051Author: dtucker@openbsd.org <dtucker@openbsd.org>
8052Date: Mon Jun 22 12:29:57 2015 +0000
8053
8054 upstream commit
8055
8056 Don't call setgroups if we have zero groups; there's no
8057 guarantee that it won't try to deref the pointer. Based on a patch from mail
8058 at quitesimple.org, ok djm deraadt
8059
8060 Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
8061
8062commit 5c15e22c691c79a47747bcf5490126656f97cecd
8063Author: Damien Miller <djm@mindrot.org>
8064Date: Thu Jun 18 15:07:56 2015 +1000
8065
8066 fix syntax error
8067
8068commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403
8069Author: jsing@openbsd.org <jsing@openbsd.org>
8070Date: Mon Jun 15 18:44:22 2015 +0000
8071
8072 upstream commit
8073
8074 If AuthorizedPrincipalsCommand is specified, however
8075 AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
8076 potentially fail due to key_cert_check_authority() failing to locate a
8077 principal that matches the username, even though an authorized principal has
8078 already been matched in the output of the subprocess. Fix this by using the
8079 same logic to determine if pw->pw_name should be passed, as is used to
8080 determine if a authorized principal must be matched earlier on.
8081
8082 ok djm@
8083
8084 Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
8085
8086commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905
8087Author: jsing@openbsd.org <jsing@openbsd.org>
8088Date: Mon Jun 15 18:42:19 2015 +0000
8089
8090 upstream commit
8091
8092 Make the arguments to match_principals_command() similar
8093 to match_principals_file(), by changing the last argument a struct
8094 sshkey_cert * and dereferencing key->cert in the caller.
8095
8096 No functional change.
8097
8098 ok djm@
8099
8100 Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
8101
8102commit 97e2e1596c202a4693468378b16b2353fd2d6c5e
8103Author: Damien Miller <djm@mindrot.org>
8104Date: Wed Jun 17 14:36:54 2015 +1000
8105
8106 trivial optimisation for seccomp-bpf
8107
8108 When doing arg inspection and the syscall doesn't match, skip
8109 past the instruction that reloads the syscall into the accumulator,
8110 since the accumulator hasn't been modified at this point.
8111
8112commit 99f33d7304893bd9fa04d227cb6e870171cded19
8113Author: Damien Miller <djm@mindrot.org>
8114Date: Wed Jun 17 10:50:51 2015 +1000
8115
8116 aarch64 support for seccomp-bpf sandbox
8117
8118 Also resort and tidy syscall list. Based on patches by Jakub Jelen
8119 bz#2361; ok dtucker@
8120
8121commit 4ef702e1244633c1025ec7cfe044b9ab267097bf
8122Author: djm@openbsd.org <djm@openbsd.org>
8123Date: Mon Jun 15 01:32:50 2015 +0000
8124
8125 upstream commit
8126
8127 return failure on RSA signature error; reported by Albert S
8128
8129 Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa
8130
8131commit a170f22baf18af0b1acf2788b8b715605f41a1f9
8132Author: Tim Rice <tim@multitalents.net>
8133Date: Tue Jun 9 22:41:13 2015 -0700
8134
8135 Fix t12 rules for out of tree builds.
8136
8137commit ec04dc4a5515c913121bc04ed261857e68fa5c18
8138Author: millert@openbsd.org <millert@openbsd.org>
8139Date: Fri Jun 5 15:13:13 2015 +0000
8140
8141 upstream commit
8142
8143 For "ssh -L 12345:/tmp/sock" don't fail with "No forward host
8144 name." (we have a path, not a host name). Based on a diff from Jared
8145 Yanovich. OK djm@
8146
8147 Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
8148
8149commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6
8150Author: djm@openbsd.org <djm@openbsd.org>
8151Date: Fri Jun 5 03:44:14 2015 +0000
8152
8153 upstream commit
8154
8155 typo: accidental repetition; bz#2386
8156
8157 Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
8158
8159commit adfb24c69d1b6f5e758db200866c711e25a2ba73
8160Author: Darren Tucker <dtucker@zip.com.au>
8161Date: Fri Jun 5 14:51:40 2015 +1000
8162
8163 Add Linux powerpc64le and powerpcle entries.
8164
8165 Stopgap to resolve bz#2409 because we are so close to release and will
8166 update config.guess and friends shortly after the release. ok djm@
8167
8168commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da
8169Merge: 6397eed d2480bc
8170Author: Tim Rice <tim@multitalents.net>
8171Date: Wed Jun 3 21:43:13 2015 -0700
8172
8173 Merge branch 'master' of git.mindrot.org:/var/git/openssh
8174
8175commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc
8176Author: Tim Rice <tim@multitalents.net>
8177Date: Wed Jun 3 21:41:11 2015 -0700
8178
8179 Remove unneeded backslashes. Patch from Ángel González
8180
8181commit d2480bcac1caf31b03068de877a47d6e1027bf6d
8182Author: Darren Tucker <dtucker@zip.com.au>
8183Date: Thu Jun 4 14:10:55 2015 +1000
8184
8185 Remove redundant include of stdarg.h. bz#2410
8186
8187commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb
8188Author: djm@openbsd.org <djm@openbsd.org>
8189Date: Tue Jun 2 09:10:40 2015 +0000
8190
8191 upstream commit
8192
8193 mention CheckHostIP adding addresses to known_hosts;
8194 bz#1993; ok dtucker@
8195
8196 Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
8197
8198commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818
8199Author: Darren Tucker <dtucker@zip.com.au>
8200Date: Tue Jun 2 20:15:26 2015 +1000
8201
8202 Replace strcpy with strlcpy.
8203
8204 ok djm, sanity check by Corinna Vinschen.
8205
8206commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143
8207Author: Damien Miller <djm@mindrot.org>
8208Date: Fri May 29 18:27:21 2015 +1000
8209
8210 skip, rather than fatal when run without SUDO set
8211
8212commit 599f01142a376645b15cbc9349d7e8975e1cf245
8213Author: Damien Miller <djm@mindrot.org>
8214Date: Fri May 29 18:03:15 2015 +1000
8215
8216 fix merge botch that left ",," in KEX algs
8217
8218commit 0c2a81dfc21822f2423edd30751e5ec53467b347
8219Author: Damien Miller <djm@mindrot.org>
8220Date: Fri May 29 17:08:28 2015 +1000
8221
8222 re-enable SSH protocol 1 at compile time
8223
8224commit db438f9285d64282d3ac9e8c0944f59f037c0151
8225Author: djm@openbsd.org <djm@openbsd.org>
8226Date: Fri May 29 03:05:13 2015 +0000
8227
8228 upstream commit
8229
8230 make this work without SUDO set; ok dtucker@
8231
8232 Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715
8233
8234commit 1d9a2e2849c9864fe75daabf433436341c968e14
8235Author: djm@openbsd.org <djm@openbsd.org>
8236Date: Thu May 28 07:37:31 2015 +0000
8237
8238 upstream commit
8239
8240 wrap all moduli-related code in #ifdef WITH_OPENSSL.
8241 based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
8242
8243 Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
8244
8245commit 496aeb25bc2d6c434171292e4714771b594bd00e
8246Author: dtucker@openbsd.org <dtucker@openbsd.org>
8247Date: Thu May 28 05:41:29 2015 +0000
8248
8249 upstream commit
8250
8251 Increase the allowed length of the known host file name
8252 in the log message to be consistent with other cases. Part of bz#1993, ok
8253 deraadt.
8254
8255 Upstream-ID: a9e97567be49f25daf286721450968251ff78397
8256
8257commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14
8258Author: dtucker@openbsd.org <dtucker@openbsd.org>
8259Date: Thu May 28 05:09:45 2015 +0000
8260
8261 upstream commit
8262
8263 Fix typo (keywork->keyword)
8264
8265 Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534
8266
8267commit 9cc6842493fbf23025ccc1edab064869640d3bec
8268Author: djm@openbsd.org <djm@openbsd.org>
8269Date: Thu May 28 04:50:53 2015 +0000
8270
8271 upstream commit
8272
8273 add error message on ftruncate failure; bz#2176
8274
8275 Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf
8276
8277commit d1958793a0072c22be26d136dbda5ae263e717a0
8278Author: djm@openbsd.org <djm@openbsd.org>
8279Date: Thu May 28 04:40:13 2015 +0000
8280
8281 upstream commit
8282
8283 make ssh-keygen default to ed25519 keys when compiled
8284 without OpenSSL; bz#2388, ok dtucker@
8285
8286 Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71
8287
8288commit 3ecde664c9fc5fb3667aedf9e6671462600f6496
8289Author: dtucker@openbsd.org <dtucker@openbsd.org>
8290Date: Wed May 27 23:51:10 2015 +0000
8291
8292 upstream commit
8293
8294 Reorder client proposal to prefer
8295 diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@
8296
8297 Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058
8298
8299commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68
8300Author: dtucker@openbsd.org <dtucker@openbsd.org>
8301Date: Wed May 27 23:39:18 2015 +0000
8302
8303 upstream commit
8304
8305 Add a stronger (4k bit) fallback group that sshd can use
8306 when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok
8307 markus@ (earlier version), djm@
8308
8309 Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4
8310
8311commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a
8312Author: Darren Tucker <dtucker@zip.com.au>
8313Date: Thu May 28 10:03:40 2015 +1000
8314
8315 New moduli file from OpenBSD, removing 1k groups.
8316
8317 Remove 1k bit groups. ok deraadt@, markus@
8318
8319commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea
8320Author: djm@openbsd.org <djm@openbsd.org>
8321Date: Wed May 27 05:15:02 2015 +0000
8322
8323 upstream commit
8324
8325 support PKCS#11 devices with external PIN entry devices
8326 bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
8327
8328 Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
8329
8330commit b282fec1aa05246ed3482270eb70fc3ec5f39a00
8331Author: dtucker@openbsd.org <dtucker@openbsd.org>
8332Date: Tue May 26 23:23:40 2015 +0000
8333
8334 upstream commit
8335
8336 Cap DH-GEX group size at 4kbits for Cisco implementations.
8337 Some of them will choke when asked for preferred sizes >4k instead of
8338 returning the 4k group that they do have. bz#2209, ok djm@
8339
8340 Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
8341
8342commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e
8343Author: djm@openbsd.org <djm@openbsd.org>
8344Date: Sun May 24 23:39:16 2015 +0000
8345
8346 upstream commit
8347
8348 add missing 'c' option to getopt(), case statement was
8349 already there; from Felix Bolte
8350
8351 Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081
8352
8353commit 64a89ec07660abba4d0da7c0095b7371c98bab62
8354Author: jsg@openbsd.org <jsg@openbsd.org>
8355Date: Sat May 23 14:28:37 2015 +0000
8356
8357 upstream commit
8358
8359 fix a memory leak in an error path ok markus@ dtucker@
8360
8361 Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598
8362
8363commit f948737449257d2cb83ffcfe7275eb79b677fd4a
8364Author: djm@openbsd.org <djm@openbsd.org>
8365Date: Fri May 22 05:28:45 2015 +0000
8366
8367 upstream commit
8368
8369 mention ssh-keygen -E for comparing legacy MD5
8370 fingerprints; bz#2332
8371
8372 Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
8373
8374commit 0882332616e4f0272c31cc47bf2018f9cb258a4e
8375Author: djm@openbsd.org <djm@openbsd.org>
8376Date: Fri May 22 04:45:52 2015 +0000
8377
8378 upstream commit
8379
8380 Reorder EscapeChar option parsing to avoid a single-byte
8381 out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
8382
8383 Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
8384
8385commit d7c31da4d42c115843edee2074d7d501f8804420
8386Author: djm@openbsd.org <djm@openbsd.org>
8387Date: Fri May 22 03:50:02 2015 +0000
8388
8389 upstream commit
8390
8391 add knob to relax GSSAPI host credential check for
8392 multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
8393 (kerberos/GSSAPI is not compiled by default on OpenBSD)
8394
8395 Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d
8396
8397commit aa72196a00be6e0b666215edcffbc10af234cb0e
8398Author: Darren Tucker <dtucker@zip.com.au>
8399Date: Fri May 22 17:49:46 2015 +1000
8400
8401 Include signal.h for sig_atomic_t, used by kex.h.
8402
8403 bz#2402, from tomas.kuthan at oracle com.
8404
8405commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a
8406Author: Darren Tucker <dtucker@zip.com.au>
8407Date: Fri May 22 12:47:24 2015 +1000
8408
8409 Import updated moduli file from OpenBSD.
8410
8411commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9
8412Author: djm@openbsd.org <djm@openbsd.org>
8413Date: Thu May 21 12:01:19 2015 +0000
8414
8415 upstream commit
8416
8417 Support "ssh-keygen -lF hostname" to find search known_hosts
8418 and print key hashes. Already advertised by ssh-keygen(1), but not delivered
8419 by code; ok dtucker@
8420
8421 Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387
8422
8423commit e97201feca10b5196da35819ae516d0b87cf3a50
8424Author: Damien Miller <djm@mindrot.org>
8425Date: Thu May 21 17:55:15 2015 +1000
8426
8427 conditionalise util.h inclusion
8428
8429commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0
8430Author: djm@openbsd.org <djm@openbsd.org>
8431Date: Thu May 21 06:44:25 2015 +0000
8432
8433 upstream commit
8434
8435 regress test for AuthorizedPrincipalsCommand
8436
8437 Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219
8438
8439commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1
8440Author: djm@openbsd.org <djm@openbsd.org>
8441Date: Thu May 21 06:40:02 2015 +0000
8442
8443 upstream commit
8444
8445 regress test for AuthorizedKeysCommand arguments
8446
8447 Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12
8448
8449commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1
8450Author: djm@openbsd.org <djm@openbsd.org>
8451Date: Thu May 21 06:43:30 2015 +0000
8452
8453 upstream commit
8454
8455 add AuthorizedPrincipalsCommand that allows getting
8456 authorized_principals from a subprocess rather than a file, which is quite
8457 useful in deployments with large userbases
8458
8459 feedback and ok markus@
8460
8461 Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
8462
8463commit 24232a3e5ab467678a86aa67968bbb915caffed4
8464Author: djm@openbsd.org <djm@openbsd.org>
8465Date: Thu May 21 06:38:35 2015 +0000
8466
8467 upstream commit
8468
8469 support arguments to AuthorizedKeysCommand
8470
8471 bz#2081 loosely based on patch by Sami Hartikainen
8472 feedback and ok markus@
8473
8474 Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7
8475
8476commit d80fbe41a57c72420c87a628444da16d09d66ca7
8477Author: djm@openbsd.org <djm@openbsd.org>
8478Date: Thu May 21 04:55:51 2015 +0000
8479
8480 upstream commit
8481
8482 refactor: split base64 encoding of pubkey into its own
8483 sshkey_to_base64() function and out of sshkey_write(); ok markus@
8484
8485 Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
8486
8487commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5
8488Author: deraadt@openbsd.org <deraadt@openbsd.org>
8489Date: Mon May 18 15:06:05 2015 +0000
8490
8491 upstream commit
8492
8493 getentropy() and sendsyslog() have been around long
8494 enough. openssh-portable may want the #ifdef's but not base. discussed with
8495 djm few weeks back
8496
8497 Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926
8498
8499commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e
8500Author: dtucker@openbsd.org <dtucker@openbsd.org>
8501Date: Fri May 15 05:44:21 2015 +0000
8502
8503 upstream commit
8504
8505 Use a salted hash of the lock passphrase instead of plain
8506 text and do constant-time comparisons of it. Should prevent leaking any
8507 information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
8508 incrementing delay for each failed unlock attempt up to 10s. ok markus@
8509 (earlier version), djm@
8510
8511 Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
8512
8513commit d028d5d3a697c71b21e4066d8672cacab3caa0a8
8514Author: Damien Miller <djm@mindrot.org>
8515Date: Tue May 5 19:10:58 2015 +1000
8516
8517 upstream commit
8518
8519 - tedu@cvs.openbsd.org 2015/01/12 03:20:04
8520 [bcrypt_pbkdf.c]
8521 rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
8522 nor are they the same size.
8523
8524commit f6391d4e59b058984163ab28f4e317e7a72478f1
8525Author: Damien Miller <djm@mindrot.org>
8526Date: Tue May 5 19:10:23 2015 +1000
8527
8528 upstream commit
8529
8530 - deraadt@cvs.openbsd.org 2015/01/08 00:30:07
8531 [bcrypt_pbkdf.c]
8532 declare a local version of MIN(), call it MINIMUM()
8533
8534commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f
8535Author: Damien Miller <djm@mindrot.org>
8536Date: Tue May 5 19:09:46 2015 +1000
8537
8538 upstream commit
8539
8540 - djm@cvs.openbsd.org 2014/12/30 01:41:43
8541 [bcrypt_pbkdf.c]
8542 typo in comment: ouput => output
8543
8544commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2
8545Author: djm@openbsd.org <djm@openbsd.org>
8546Date: Mon May 4 06:10:48 2015 +0000
8547
8548 upstream commit
8549
8550 Remove pattern length argument from match_pattern_list(), we
8551 only ever use it for strlen(pattern).
8552
8553 Prompted by hanno AT hboeck.de pointing an out-of-bound read
8554 error caused by an incorrect pattern length found using AFL
8555 and his own tools.
8556
8557 ok markus@
8558
8559commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4
8560Author: djm@openbsd.org <djm@openbsd.org>
8561Date: Fri May 1 07:10:01 2015 +0000
8562
8563 upstream commit
8564
8565 refactor ssh_dispatch_run_fatal() to use sshpkt_fatal()
8566 to better report error conditions. Teach sshpkt_fatal() about ECONNRESET.
8567
8568 Improves error messages on TCP connection resets. bz#2257
8569
8570 ok dtucker@
8571
8572commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d
8573Author: djm@openbsd.org <djm@openbsd.org>
8574Date: Fri May 1 07:08:08 2015 +0000
8575
8576 upstream commit
8577
8578 a couple of parse targets were missing activep checks,
8579 causing them to be misapplied in match context; bz#2272 diagnosis and
8580 original patch from Sami Hartikainen ok dtucker@
8581
8582commit 7e8528cad04b2775c3b7db08abf8fb42e47e6b2a
8583Author: djm@openbsd.org <djm@openbsd.org>
8584Date: Fri May 1 04:17:51 2015 +0000
8585
8586 upstream commit
8587
8588 make handling of AuthorizedPrincipalsFile=none more
8589 consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@
8590
8591commit ca430d4d9cc0f62eca3b1fb1e2928395b7ce80f7
8592Author: djm@openbsd.org <djm@openbsd.org>
8593Date: Fri May 1 04:03:20 2015 +0000
8594
8595 upstream commit
8596
8597 remove failed remote forwards established by muliplexing
8598 from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
8599 dtucker@
8600
8601commit 8312cfb8ad88657517b3e23ac8c56c8e38eb9792
8602Author: djm@openbsd.org <djm@openbsd.org>
8603Date: Fri May 1 04:01:58 2015 +0000
8604
8605 upstream commit
8606
8607 reduce stderr spam when using ssh -S /path/mux -O forward
8608 -R 0:... ok dtucker@
8609
8610commit 179be0f5e62f1f492462571944e45a3da660d82b
8611Author: djm@openbsd.org <djm@openbsd.org>
8612Date: Fri May 1 03:23:51 2015 +0000
8613
8614 upstream commit
8615
8616 prevent authorized_keys options picked up on public key
8617 tests without a corresponding private key authentication being applied to
8618 other authentication methods. Reported by halex@, ok markus@
8619
8620commit a42d67be65b719a430b7fcaba2a4e4118382723a
8621Author: djm@openbsd.org <djm@openbsd.org>
8622Date: Fri May 1 03:20:54 2015 +0000
8623
8624 upstream commit
8625
8626 Don't make parsing of authorized_keys' environment=
8627 option conditional on PermitUserEnv - always parse it, but only use the
8628 result if the option is enabled. This prevents the syntax of authorized_keys
8629 changing depending on which sshd_config options were enabled.
8630
8631 bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
8632
8633commit e661a86353e11592c7ed6a847e19a83609f49e77
8634Author: djm@openbsd.org <djm@openbsd.org>
8635Date: Mon May 4 06:10:48 2015 +0000
8636
8637 upstream commit
8638
8639 Remove pattern length argument from match_pattern_list(), we
8640 only ever use it for strlen(pattern).
8641
8642 Prompted by hanno AT hboeck.de pointing an out-of-bound read
8643 error caused by an incorrect pattern length found using AFL
8644 and his own tools.
8645
8646 ok markus@
8647
8648commit 0ef1de742be2ee4b10381193fe90730925b7f027
8649Author: dtucker@openbsd.org <dtucker@openbsd.org>
8650Date: Thu Apr 23 05:01:19 2015 +0000
8651
8652 upstream commit
8653
8654 Add a simple regression test for sshd's configuration
8655 parser. Right now, all it does is run the output of sshd -T back through
8656 itself and ensure the output is valid and invariant.
8657
8658commit 368f83c793275faa2c52f60eaa9bdac155c4254b
8659Author: djm@openbsd.org <djm@openbsd.org>
8660Date: Wed Apr 22 01:38:36 2015 +0000
8661
8662 upstream commit
8663
8664 use correct key for nested certificate test
8665
8666commit 8d4d1bfddbbd7d21f545dc6997081d1ea1fbc99a
8667Author: djm@openbsd.org <djm@openbsd.org>
8668Date: Fri May 1 07:11:47 2015 +0000
8669
8670 upstream commit
8671
8672 mention that the user's shell from /etc/passwd is used
8673 for commands too; bz#1459 ok dtucker@
8674
8675commit 5ab283d0016bbc9d4d71e8e5284d011bc5a930cf
8676Author: djm@openbsd.org <djm@openbsd.org>
8677Date: Fri May 8 07:29:00 2015 +0000
8678
8679 upstream commit
8680
8681 whitespace
8682
8683 Upstream-Regress-ID: 6b708a3e709d5b7fd37890f874bafdff1f597519
8684
8685commit 8377d5008ad260048192e1e56ad7d15a56d103dd
8686Author: djm@openbsd.org <djm@openbsd.org>
8687Date: Fri May 8 07:26:13 2015 +0000
8688
8689 upstream commit
8690
8691 whitespace at EOL
8692
8693 Upstream-Regress-ID: 9c48911643d5b05173b36a012041bed4080b8554
8694
8695commit c28a3436fa8737709ea88e4437f8f23a6ab50359
8696Author: djm@openbsd.org <djm@openbsd.org>
8697Date: Fri May 8 06:45:13 2015 +0000
8698
8699 upstream commit
8700
8701 moar whitespace at eol
8702
8703 Upstream-ID: 64eaf872a3ba52ed41e494287e80d40aaba4b515
8704
8705commit 2b64c490468fd4ca35ac8d5cc31c0520dc1508bb
8706Author: djm@openbsd.org <djm@openbsd.org>
8707Date: Fri May 8 06:41:56 2015 +0000
8708
8709 upstream commit
8710
8711 whitespace at EOL
8712
8713 Upstream-ID: 57bcf67d666c6fc1ad798aee448fdc3f70f7ec2c
8714
8715commit 4e636cf201ce6e7e3b9088568218f9d4e2c51712
8716Author: djm@openbsd.org <djm@openbsd.org>
8717Date: Fri May 8 03:56:51 2015 +0000
8718
8719 upstream commit
8720
8721 whitespace at EOL
8722
8723commit 38b8272f823dc1dd4e29dbcee83943ed48bb12fa
8724Author: dtucker@openbsd.org <dtucker@openbsd.org>
8725Date: Mon May 4 01:47:53 2015 +0000
8726
8727 upstream commit
8728
8729 Use diff w/out -u for better portability
8730
8731commit 297060f42d5189a4065ea1b6f0afdf6371fb0507
8732Author: dtucker@openbsd.org <dtucker@openbsd.org>
8733Date: Fri May 8 03:25:07 2015 +0000
8734
8735 upstream commit
8736
8737 Use xcalloc for permitted_adm_opens instead of xmalloc to
8738 ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok
8739 djm@
8740
8741commit 63ebf019be863b2d90492a85e248cf55a6e87403
8742Author: djm@openbsd.org <djm@openbsd.org>
8743Date: Fri May 8 03:17:49 2015 +0000
8744
8745 upstream commit
8746
8747 don't choke on new-format private keys encrypted with an
8748 AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
8749
8750commit f8484dac678ab3098ae522a5f03bb2530f822987
8751Author: dtucker@openbsd.org <dtucker@openbsd.org>
8752Date: Wed May 6 05:45:17 2015 +0000
8753
8754 upstream commit
8755
8756 Clarify pseudo-terminal request behaviour and use
8757 "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@.
8758
8759commit ea139507bef8bad26e86ed99a42c7233ad115c38
8760Author: dtucker@openbsd.org <dtucker@openbsd.org>
8761Date: Wed May 6 04:07:18 2015 +0000
8762
8763 upstream commit
8764
8765 Blacklist DH-GEX for specific PuTTY versions known to
8766 send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
8767 According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
8768 messages. ok djm@
8769
8770commit b58234f00ee3872eb84f6e9e572a9a34e902e36e
8771Author: dtucker@openbsd.org <dtucker@openbsd.org>
8772Date: Tue May 5 10:17:49 2015 +0000
8773
8774 upstream commit
8775
8776 WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
8777 don't offer that KEX method. ok markus@
8778
8779commit d5b1507a207253b39e810e91e68f9598691b7a29
8780Author: jsg@openbsd.org <jsg@openbsd.org>
8781Date: Tue May 5 02:48:17 2015 +0000
8782
8783 upstream commit
8784
8785 use the sizeof the struct not the sizeof a pointer to the
8786 struct in ssh_digest_start()
8787
8788 This file is only used if ssh is built with OPENSSL=no
8789
8790 ok markus@
8791
8792commit a647b9b8e616c231594b2710c925d31b1b8afea3
8793Author: Darren Tucker <dtucker@zip.com.au>
8794Date: Fri May 8 11:07:27 2015 +1000
8795
8796 Put brackets around mblen() compat constant.
8797
8798 This might help with the reported problem cross compiling for Android
8799 ("error: expected identifier or '(' before numeric constant") but
8800 shouldn't hurt in any case.
8801
8802commit d1680d36e17244d9af3843aeb5025cb8e40d6c07
8803Author: Darren Tucker <dtucker@zip.com.au>
8804Date: Thu Apr 30 09:18:11 2015 +1000
8805
8806 xrealloc -> xreallocarray in portable code too.
8807
8808commit 531a57a3893f9fcd4aaaba8c312b612bbbcc021e
8809Author: dtucker@openbsd.org <dtucker@openbsd.org>
8810Date: Wed Apr 29 03:48:56 2015 +0000
8811
8812 upstream commit
8813
8814 Allow ListenAddress, Port and AddressFamily in any
8815 order. bz#68, ok djm@, jmc@ (for the man page bit).
8816
8817commit c1d5bcf1aaf1209af02f79e48ba1cbc76a87b56f
8818Author: jmc@openbsd.org <jmc@openbsd.org>
8819Date: Tue Apr 28 13:47:38 2015 +0000
8820
8821 upstream commit
8822
8823 enviroment -> environment: apologies to darren for not
8824 spotting that first time round...
8825
8826commit 43beea053db191cac47c2cd8d3dc1930158aff1a
8827Author: dtucker@openbsd.org <dtucker@openbsd.org>
8828Date: Tue Apr 28 10:25:15 2015 +0000
8829
8830 upstream commit
8831
8832 Fix typo in previous
8833
8834commit 85b96ef41374f3ddc9139581f87da09b2cd9199e
8835Author: dtucker@openbsd.org <dtucker@openbsd.org>
8836Date: Tue Apr 28 10:17:58 2015 +0000
8837
8838 upstream commit
8839
8840 Document that the TERM environment variable is not
8841 subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
8842 jjelen at redhat, help and ok jmc@
8843
8844commit 88a7c598a94ff53f76df228eeaae238d2d467565
8845Author: djm@openbsd.org <djm@openbsd.org>
8846Date: Mon Apr 27 21:42:48 2015 +0000
8847
8848 upstream commit
8849
8850 Make sshd default to PermitRootLogin=no; ok deraadt@
8851 rpe@
8852
8853commit 734226b4480a6c736096c729fcf6f391400599c7
8854Author: djm@openbsd.org <djm@openbsd.org>
8855Date: Mon Apr 27 01:52:30 2015 +0000
8856
8857 upstream commit
8858
8859 fix compilation with OPENSSL=no; ok dtucker@
8860
8861commit a4b9d2ce1eb7703eaf0809b0c8a82ded8aa4f1c6
8862Author: dtucker@openbsd.org <dtucker@openbsd.org>
8863Date: Mon Apr 27 00:37:53 2015 +0000
8864
8865 upstream commit
8866
8867 Include stdio.h for FILE (used in sshkey.h) so it
8868 compiles with OPENSSL=no.
8869
8870commit dbcc652f4ca11fe04e5930c7ef18a219318c6cda
8871Author: djm@openbsd.org <djm@openbsd.org>
8872Date: Mon Apr 27 00:21:21 2015 +0000
8873
8874 upstream commit
8875
8876 allow "sshd -f none" to skip reading the config file,
8877 much like "ssh -F none" does. ok dtucker
8878
8879commit b7ca276fca316c952f0b90f5adb1448c8481eedc
8880Author: jmc@openbsd.org <jmc@openbsd.org>
8881Date: Fri Apr 24 06:26:49 2015 +0000
8882
8883 upstream commit
8884
8885 combine -Dd onto one line and update usage();
8886
8887commit 2ea974630d7017e4c7666d14d9dc939707613e96
8888Author: djm@openbsd.org <djm@openbsd.org>
8889Date: Fri Apr 24 05:26:44 2015 +0000
8890
8891 upstream commit
8892
8893 add ssh-agent -D to leave ssh-agent in foreground
8894 without enabling debug mode; bz#2381 ok dtucker@
8895
8896commit 8ac2ffd7aa06042f6b924c87139f2fea5c5682f7
8897Author: deraadt@openbsd.org <deraadt@openbsd.org>
8898Date: Fri Apr 24 01:36:24 2015 +0000
8899
8900 upstream commit
8901
8902 2*len -> use xreallocarray() ok djm
8903
8904commit 657a5fbc0d0aff309079ff8fb386f17e964963c2
8905Author: deraadt@openbsd.org <deraadt@openbsd.org>
8906Date: Fri Apr 24 01:36:00 2015 +0000
8907
8908 upstream commit
8909
8910 rename xrealloc() to xreallocarray() since it follows
8911 that form. ok djm
8912
8913commit 1108ae242fdd2c304307b68ddf46aebe43ebffaa
8914Author: dtucker@openbsd.org <dtucker@openbsd.org>
8915Date: Thu Apr 23 04:59:10 2015 +0000
8916
8917 upstream commit
8918
8919 Two small fixes for sshd -T: ListenAddress'es are added
8920 to a list head so reverse the order when printing them to ensure the
8921 behaviour remains the same, and print StreamLocalBindMask as octal with
8922 leading zero. ok deraadt@
8923
8924commit bd902b8473e1168f19378d5d0ae68d0c203525df
8925Author: dtucker@openbsd.org <dtucker@openbsd.org>
8926Date: Thu Apr 23 04:53:53 2015 +0000
8927
8928 upstream commit
8929
8930 Check for and reject missing arguments for
8931 VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com,
8932 ok djm@
8933
8934commit ca42c1758575e592239de1d5755140e054b91a0d
8935Author: djm@openbsd.org <djm@openbsd.org>
8936Date: Wed Apr 22 01:24:01 2015 +0000
8937
8938 upstream commit
8939
8940 unknown certificate extensions are non-fatal, so don't
8941 fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok
8942 dtucker@
8943
8944commit 39bfbf7caad231cc4bda6909fb1af0705bca04d8
8945Author: jsg@openbsd.org <jsg@openbsd.org>
8946Date: Tue Apr 21 07:01:00 2015 +0000
8947
8948 upstream commit
8949
8950 Add back a backslash removed in rev 1.42 so
8951 KEX_SERVER_ENCRYPT will include aes again.
8952
8953 ok deraadt@
8954
8955commit 6b0d576bb87eca3efd2b309fcfe4edfefc289f9c
8956Author: djm@openbsd.org <djm@openbsd.org>
8957Date: Fri Apr 17 13:32:09 2015 +0000
8958
8959 upstream commit
8960
8961 s/recommended/required/ that private keys be og-r this
8962 wording change was made a while ago but got accidentally reverted
8963
8964commit 44a8e7ce6f3ab4c2eb1ae49115c210b98e53c4df
8965Author: djm@openbsd.org <djm@openbsd.org>
8966Date: Fri Apr 17 13:25:52 2015 +0000
8967
8968 upstream commit
8969
8970 don't try to cleanup NULL KEX proposals in
8971 kex_prop_free(); found by Jukka Taimisto and Markus Hietava
8972
8973commit 3038a191872d2882052306098c1810d14835e704
8974Author: djm@openbsd.org <djm@openbsd.org>
8975Date: Fri Apr 17 13:19:22 2015 +0000
8976
8977 upstream commit
8978
8979 use error/logit/fatal instead of fprintf(stderr, ...)
8980 and exit(0), fix a few errors that were being printed to stdout instead of
8981 stderr and a few non-errors that were going to stderr instead of stdout
8982 bz#2325; ok dtucker
8983
8984commit a58be33cb6cd24441fa7e634db0e5babdd56f07f
8985Author: djm@openbsd.org <djm@openbsd.org>
8986Date: Fri Apr 17 13:16:48 2015 +0000
8987
8988 upstream commit
8989
8990 debug log missing DISPLAY environment when X11
8991 forwarding requested; bz#1682 ok dtucker@
8992
8993commit 17d4d9d9fbc8fb80e322f94d95eecc604588a474
8994Author: djm@openbsd.org <djm@openbsd.org>
8995Date: Fri Apr 17 04:32:31 2015 +0000
8996
8997 upstream commit
8998
8999 don't call record_login() in monitor when UseLogin is
9000 enabled; bz#278 reported by drk AT sgi.com; ok dtucker
9001
9002commit 40132ff87b6cbc3dc05fb5df2e9d8e3afa06aafd
9003Author: dtucker@openbsd.org <dtucker@openbsd.org>
9004Date: Fri Apr 17 04:12:35 2015 +0000
9005
9006 upstream commit
9007
9008 Add some missing options to sshd -T and fix the output
9009 of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat
9010 com, ok djm.
9011
9012commit 6cc7cfa936afde2d829e56ee6528c7ea47a42441
9013Author: dtucker@openbsd.org <dtucker@openbsd.org>
9014Date: Thu Apr 16 23:25:50 2015 +0000
9015
9016 upstream commit
9017
9018 Document "none" for PidFile XAuthLocation
9019 TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
9020
9021commit 15fdfc9b1c6808b26bc54d4d61a38b54541763ed
9022Author: dtucker@openbsd.org <dtucker@openbsd.org>
9023Date: Wed Apr 15 23:23:25 2015 +0000
9024
9025 upstream commit
9026
9027 Plug leak of address passed to logging. bz#2373, patch
9028 from jjelen at redhat, ok markus@
9029
9030commit bb2289e2a47d465eaaaeff3dee2a6b7777b4c291
9031Author: dtucker@openbsd.org <dtucker@openbsd.org>
9032Date: Tue Apr 14 04:17:03 2015 +0000
9033
9034 upstream commit
9035
9036 Output remote username in debug output since with Host
9037 and Match it's not always obvious what it will be. bz#2368, ok djm@
9038
9039commit 70860b6d07461906730632f9758ff1b7c98c695a
9040Author: Darren Tucker <dtucker@zip.com.au>
9041Date: Fri Apr 17 10:56:13 2015 +1000
9042
9043 Format UsePAM setting when using sshd -T.
9044
9045 Part of bz#2346, patch from jjelen at redhat com.
9046
9047commit ee15d9c9f0720f5a8b0b34e4b10ecf21f9824814
9048Author: Darren Tucker <dtucker@zip.com.au>
9049Date: Fri Apr 17 10:40:23 2015 +1000
9050
9051 Wrap endian.h include inside ifdef (bz#2370).
9052
9053commit 408f4c2ad4a4c41baa7b9b2b7423d875abbfa70b
9054Author: Darren Tucker <dtucker@zip.com.au>
9055Date: Fri Apr 17 09:39:58 2015 +1000
9056
9057 Look for '${host}-ar' before 'ar'.
9058
9059 This changes configure.ac to look for '${host}-ar' as set by
9060 AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
9061 Useful when cross-compiling when all your binutils are prefixed.
9062
9063 Patch from moben at exherbo org via astrand at lysator liu se and
9064 bz#2352.
9065
9066commit 673a1c16ad078d41558247ce739fe812c960acc8
9067Author: Damien Miller <djm@google.com>
9068Date: Thu Apr 16 11:40:20 2015 +1000
9069
9070 remove dependency on arpa/telnet.h
9071
9072commit 202d443eeda1829d336595a3cfc07827e49f45ed
9073Author: Darren Tucker <dtucker@zip.com.au>
9074Date: Wed Apr 15 15:59:49 2015 +1000
9075
9076 Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits.
9077
9078commit 597986493412c499f2bc2209420cb195f97b3668
9079Author: Damien Miller <djm@google.com>
9080Date: Thu Apr 9 10:14:48 2015 +1000
9081
9082 platform's with openpty don't need pty_release
9083
9084commit 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0
9085Author: djm@openbsd.org <djm@openbsd.org>
9086Date: Mon Apr 13 02:04:08 2015 +0000
9087
9088 upstream commit
9089
9090 deprecate ancient, pre-RFC4419 and undocumented
9091 SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
9092 reasonable" dtucker@
9093
9094commit d8f391caef62378463a0e6b36f940170dadfe605
9095Author: dtucker@openbsd.org <dtucker@openbsd.org>
9096Date: Fri Apr 10 05:16:50 2015 +0000
9097
9098 upstream commit
9099
9100 Don't send hostkey advertisments
9101 (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
9102 handle them. Newer versions should be OK. Patch from Bryan Drewery and
9103 IWAMOTO Kouichi, ok djm@
9104
9105commit 2c2cfe1a1c97eb9a08cc9817fd0678209680c636
9106Author: djm@openbsd.org <djm@openbsd.org>
9107Date: Fri Apr 10 00:08:55 2015 +0000
9108
9109 upstream commit
9110
9111 include port number if a non-default one has been
9112 specified; based on patch from Michael Handler
9113
9114commit 4492a4f222da4cf1e8eab12689196322e27b08c4
9115Author: djm@openbsd.org <djm@openbsd.org>
9116Date: Tue Apr 7 23:00:42 2015 +0000
9117
9118 upstream commit
9119
9120 treat Protocol=1,2|2,1 as Protocol=2 when compiled
9121 without SSH1 support; ok dtucker@ millert@
9122
9123commit c265e2e6e932efc6d86f6cc885dea33637a67564
9124Author: miod@openbsd.org <miod@openbsd.org>
9125Date: Sun Apr 5 15:43:43 2015 +0000
9126
9127 upstream commit
9128
9129 Do not use int for sig_atomic_t; spotted by
9130 christos@netbsd; ok markus@
9131
9132commit e7bf3a5eda6a1b02bef6096fed78527ee11e54cc
9133Author: Darren Tucker <dtucker@zip.com.au>
9134Date: Tue Apr 7 10:48:04 2015 +1000
9135
9136 Use do{}while(0) for no-op functions.
9137
9138 From FreeBSD.
9139
9140commit bb99844abae2b6447272f79e7fa84134802eb4df
9141Author: Darren Tucker <dtucker@zip.com.au>
9142Date: Tue Apr 7 10:47:15 2015 +1000
9143
9144 Wrap blf.h include in ifdef. From FreeBSD.
9145
9146commit d9b9b43656091cf0ad55c122f08fadb07dad0abd
9147Author: Darren Tucker <dtucker@zip.com.au>
9148Date: Tue Apr 7 09:10:00 2015 +1000
9149
9150 Fix misspellings of regress CONFOPTS env variables.
9151
9152 Patch from Bryan Drewery.
9153
9154commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156
9155Author: djm@openbsd.org <djm@openbsd.org>
9156Date: Fri Apr 3 22:17:27 2015 +0000
9157
9158 upstream commit
9159
9160 correct return value in pubkey parsing, spotted by Ben Hawkes
9161 ok markus@
9162
9163commit 7da2be0cb9601ed25460c83aa4d44052b967ba0f
9164Author: djm@openbsd.org <djm@openbsd.org>
9165Date: Tue Mar 31 22:59:01 2015 +0000
9166
9167 upstream commit
9168
9169 adapt to recent hostfile.c change: when parsing
9170 known_hosts without fully parsing the keys therein, hostkeys_foreach() will
9171 now correctly identify KEY_RSA1 keys; ok markus@ miod@
9172
9173commit 9e1777a0d1c706714b055811c12ab8cc21033e4a
9174Author: markus@openbsd.org <markus@openbsd.org>
9175Date: Tue Mar 24 20:19:15 2015 +0000
9176
9177 upstream commit
9178
9179 use ${SSH} for -Q instead of installed ssh
9180
9181commit ce1b358ea414a2cc88e4430cd5a2ea7fecd9de57
9182Author: djm@openbsd.org <djm@openbsd.org>
9183Date: Mon Mar 16 22:46:14 2015 +0000
9184
9185 upstream commit
9186
9187 make CLEANFILES clean up more of the tests' droppings
9188
9189commit 398f9ef192d820b67beba01ec234d66faca65775
9190Author: djm@openbsd.org <djm@openbsd.org>
9191Date: Tue Mar 31 22:57:06 2015 +0000
9192
9193 upstream commit
9194
9195 downgrade error() for known_hosts parse errors to debug()
9196 to quiet warnings from ssh1 keys present when compiled !ssh1.
9197
9198 also identify ssh1 keys when scanning, even when compiled !ssh1
9199
9200 ok markus@ miod@
9201
9202commit 9a47ab80030a31f2d122b8fd95bd48c408b9fcd9
9203Author: djm@openbsd.org <djm@openbsd.org>
9204Date: Tue Mar 31 22:55:50 2015 +0000
9205
9206 upstream commit
9207
9208 fd leak for !ssh1 case; found by unittests; ok markus@
9209
9210commit c9a0805a6280681901c270755a7cd630d7c5280e
9211Author: djm@openbsd.org <djm@openbsd.org>
9212Date: Tue Mar 31 22:55:24 2015 +0000
9213
9214 upstream commit
9215
9216 don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
9217 listener; reported by miod@; ok miod@ markus@
9218
9219commit 704d8c88988cae38fb755a6243b119731d223222
9220Author: tobias@openbsd.org <tobias@openbsd.org>
9221Date: Tue Mar 31 11:06:49 2015 +0000
9222
9223 upstream commit
9224
9225 Comments are only supported for RSA1 keys. If a user
9226 tried to add one and entered his passphrase, explicitly clear it before exit.
9227 This is done in all other error paths, too.
9228
9229 ok djm
9230
9231commit 78de1673c05ea2c33e0d4a4b64ecb5186b6ea2e9
9232Author: jmc@openbsd.org <jmc@openbsd.org>
9233Date: Mon Mar 30 18:28:37 2015 +0000
9234
9235 upstream commit
9236
9237 ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
9238 diff originally from jiri b;
9239
9240commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00
9241Author: djm@openbsd.org <djm@openbsd.org>
9242Date: Mon Mar 30 00:00:29 2015 +0000
9243
9244 upstream commit
9245
9246 fix uninitialised memory read when parsing a config file
9247 consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
9248 dtucker
9249
9250commit fecede00a76fbb33a349f5121c0b2f9fbc04a777
9251Author: markus@openbsd.org <markus@openbsd.org>
9252Date: Thu Mar 26 19:32:19 2015 +0000
9253
9254 upstream commit
9255
9256 sigp and lenp are not optional in ssh_agent_sign(); ok
9257 djm@
9258
9259commit 1b0ef3813244c78669e6d4d54c624f600945327d
9260Author: naddy@openbsd.org <naddy@openbsd.org>
9261Date: Thu Mar 26 12:32:38 2015 +0000
9262
9263 upstream commit
9264
9265 don't try to load .ssh/identity by default if SSH1 is
9266 disabled; ok markus@
9267
9268commit f9b78852379b74a2d14e6fc94fe52af30b7e9c31
9269Author: djm@openbsd.org <djm@openbsd.org>
9270Date: Thu Mar 26 07:00:04 2015 +0000
9271
9272 upstream commit
9273
9274 ban all-zero curve25519 keys as recommended by latest
9275 CFRG curves draft; ok markus
9276
9277commit b8afbe2c1aaf573565e4da775261dfafc8b1ba9c
9278Author: djm@openbsd.org <djm@openbsd.org>
9279Date: Thu Mar 26 06:59:28 2015 +0000
9280
9281 upstream commit
9282
9283 relax bits needed check to allow
9284 diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
9285 selected as symmetric cipher; ok markus
9286
9287commit 47842f71e31da130555353c1d57a1e5a8937f1c0
9288Author: markus@openbsd.org <markus@openbsd.org>
9289Date: Wed Mar 25 19:29:58 2015 +0000
9290
9291 upstream commit
9292
9293 ignore v1 errors on ssh-add -D; only try v2 keys on
9294 -l/-L (unless WITH_SSH1) ok djm@
9295
9296commit 5f57e77f91bf2230c09eca96eb5ecec39e5f2da6
9297Author: markus@openbsd.org <markus@openbsd.org>
9298Date: Wed Mar 25 19:21:48 2015 +0000
9299
9300 upstream commit
9301
9302 unbreak ssh_agent_sign (lenp vs *lenp)
9303
9304commit 4daeb67181054f2a377677fac919ee8f9ed3490e
9305Author: markus@openbsd.org <markus@openbsd.org>
9306Date: Tue Mar 24 20:10:08 2015 +0000
9307
9308 upstream commit
9309
9310 don't leak 'setp' on error; noted by Nicholas Lemonias;
9311 ok djm@
9312
9313commit 7d4f96f9de2a18af0d9fa75ea89a4990de0344f5
9314Author: markus@openbsd.org <markus@openbsd.org>
9315Date: Tue Mar 24 20:09:11 2015 +0000
9316
9317 upstream commit
9318
9319 consistent check for NULL as noted by Nicholas
9320 Lemonias; ok djm@
9321
9322commit df100be51354e447d9345cf1ec22e6013c0eed50
9323Author: markus@openbsd.org <markus@openbsd.org>
9324Date: Tue Mar 24 20:03:44 2015 +0000
9325
9326 upstream commit
9327
9328 correct fmt-string for size_t as noted by Nicholas
9329 Lemonias; ok djm@
9330
9331commit a22b9ef21285e81775732436f7c84a27bd3f71e0
9332Author: djm@openbsd.org <djm@openbsd.org>
9333Date: Tue Mar 24 09:17:21 2015 +0000
9334
9335 upstream commit
9336
9337 promote chacha20-poly1305@openssh.com to be the default
9338 cipher; ok markus
9339
9340commit 2aa9da1a3b360cf7b13e96fe1521534b91501fb5
9341Author: djm@openbsd.org <djm@openbsd.org>
9342Date: Tue Mar 24 01:29:19 2015 +0000
9343
9344 upstream commit
9345
9346 Compile-time disable SSH protocol 1. You can turn it
9347 back on using the Makefile.inc knob if you need it to talk to ancient
9348 devices.
9349
9350commit 53097b2022154edf96b4e8526af5666f979503f7
9351Author: djm@openbsd.org <djm@openbsd.org>
9352Date: Tue Mar 24 01:11:12 2015 +0000
9353
9354 upstream commit
9355
9356 fix double-negative error message "ssh1 is not
9357 unsupported"
9358
9359commit 5c27e3b6ec2db711dfcd40e6359c0bcdd0b62ea9
9360Author: djm@openbsd.org <djm@openbsd.org>
9361Date: Mon Mar 23 06:06:38 2015 +0000
9362
9363 upstream commit
9364
9365 for ssh-keygen -A, don't try (and fail) to generate ssh
9366 v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
9367 without OpenSSL based on patch by Mike Frysinger; bz#2369
9368
9369commit 725fd22a8c41db7de73a638539a5157b7e4424ae
9370Author: djm@openbsd.org <djm@openbsd.org>
9371Date: Wed Mar 18 01:44:21 2015 +0000
9372
9373 upstream commit
9374
9375 KRL support doesn't need OpenSSL anymore, remove #ifdefs
9376 from around call
9377
9378commit b07011c18e0b2e172c5fd09d21fb159a0bf5fcc7
9379Author: djm@openbsd.org <djm@openbsd.org>
9380Date: Mon Mar 16 11:09:52 2015 +0000
9381
9382 upstream commit
9383
9384 #if 0 some more arrays used only for decrypting (we don't
9385 use since we only need encrypt for AES-CTR)
9386
9387commit 1cb3016635898d287e9d58b50c430995652d5358
9388Author: jsg@openbsd.org <jsg@openbsd.org>
9389Date: Wed Mar 11 00:48:39 2015 +0000
9390
9391 upstream commit
9392
9393 add back the changes from rev 1.206, djm reverted this by
9394 mistake in rev 1.207
diff --git a/config.h.in b/config.h.in
new file mode 100644
index 000000000..b65420e4a
--- /dev/null
+++ b/config.h.in
@@ -0,0 +1,1770 @@
1/* config.h.in. Generated from configure.ac by autoheader. */
2
3/* Define if building universal (internal helper macro) */
4#undef AC_APPLE_UNIVERSAL_BUILD
5
6/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
7 */
8#undef AIX_GETNAMEINFO_HACK
9
10/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
11#undef AIX_LOGINFAILED_4ARG
12
13/* System only supports IPv4 audit records */
14#undef AU_IPv4
15
16/* Define if your resolver libs need this for getrrsetbyname */
17#undef BIND_8_COMPAT
18
19/* The system has incomplete BSM API */
20#undef BROKEN_BSM_API
21
22/* Define if cmsg_type is not passed correctly */
23#undef BROKEN_CMSG_TYPE
24
25/* getaddrinfo is broken (if present) */
26#undef BROKEN_GETADDRINFO
27
28/* getgroups(0,NULL) will return -1 */
29#undef BROKEN_GETGROUPS
30
31/* FreeBSD glob does not do what we need */
32#undef BROKEN_GLOB
33
34/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
35#undef BROKEN_INET_NTOA
36
37/* ia_uinfo routines not supported by OS yet */
38#undef BROKEN_LIBIAF
39
40/* Define if your struct dirent expects you to allocate extra space for d_name
41 */
42#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
43
44/* Can't do comparisons on readv */
45#undef BROKEN_READV_COMPARISON
46
47/* NetBSD read function is sometimes redirected, breaking atomicio comparisons
48 against it */
49#undef BROKEN_READ_COMPARISON
50
51/* realpath does not work with nonexistent files */
52#undef BROKEN_REALPATH
53
54/* Needed for NeXT */
55#undef BROKEN_SAVED_UIDS
56
57/* Define if your setregid() is broken */
58#undef BROKEN_SETREGID
59
60/* Define if your setresgid() is broken */
61#undef BROKEN_SETRESGID
62
63/* Define if your setresuid() is broken */
64#undef BROKEN_SETRESUID
65
66/* Define if your setreuid() is broken */
67#undef BROKEN_SETREUID
68
69/* LynxOS has broken setvbuf() implementation */
70#undef BROKEN_SETVBUF
71
72/* QNX shadow support is broken */
73#undef BROKEN_SHADOW_EXPIRE
74
75/* Define if your snprintf is busted */
76#undef BROKEN_SNPRINTF
77
78/* strnvis detected broken */
79#undef BROKEN_STRNVIS
80
81/* tcgetattr with ICANON may hang */
82#undef BROKEN_TCGETATTR_ICANON
83
84/* updwtmpx is broken (if present) */
85#undef BROKEN_UPDWTMPX
86
87/* Define if you have BSD auth support */
88#undef BSD_AUTH
89
90/* Define if you want to specify the path to your lastlog file */
91#undef CONF_LASTLOG_FILE
92
93/* Define if you want to specify the path to your utmp file */
94#undef CONF_UTMP_FILE
95
96/* Define if you want to specify the path to your wtmpx file */
97#undef CONF_WTMPX_FILE
98
99/* Define if you want to specify the path to your wtmp file */
100#undef CONF_WTMP_FILE
101
102/* Define if your platform needs to skip post auth file descriptor passing */
103#undef DISABLE_FD_PASSING
104
105/* Define if you don't want to use lastlog */
106#undef DISABLE_LASTLOG
107
108/* Define if you don't want to use your system's login() call */
109#undef DISABLE_LOGIN
110
111/* Define if you don't want to use pututline() etc. to write [uw]tmp */
112#undef DISABLE_PUTUTLINE
113
114/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
115#undef DISABLE_PUTUTXLINE
116
117/* Define if you want to disable shadow passwords */
118#undef DISABLE_SHADOW
119
120/* Define if you don't want to use utmp */
121#undef DISABLE_UTMP
122
123/* Define if you don't want to use utmpx */
124#undef DISABLE_UTMPX
125
126/* Define if you don't want to use wtmp */
127#undef DISABLE_WTMP
128
129/* Define if you don't want to use wtmpx */
130#undef DISABLE_WTMPX
131
132/* Enable for PKCS#11 support */
133#undef ENABLE_PKCS11
134
135/* File names may not contain backslash characters */
136#undef FILESYSTEM_NO_BACKSLASH
137
138/* fsid_t has member val */
139#undef FSID_HAS_VAL
140
141/* fsid_t has member __val */
142#undef FSID_HAS___VAL
143
144/* Define to 1 if the `getpgrp' function requires zero arguments. */
145#undef GETPGRP_VOID
146
147/* Conflicting defs for getspnam */
148#undef GETSPNAM_CONFLICTING_DEFS
149
150/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
151#undef GLOB_HAS_ALTDIRFUNC
152
153/* Define if your system glob() function has gl_matchc options in glob_t */
154#undef GLOB_HAS_GL_MATCHC
155
156/* Define if your system glob() function has gl_statv options in glob_t */
157#undef GLOB_HAS_GL_STATV
158
159/* Define this if you want GSSAPI support in the version 2 protocol */
160#undef GSSAPI
161
162/* Define if you want to use shadow password expire field */
163#undef HAS_SHADOW_EXPIRE
164
165/* Define if your system uses access rights style file descriptor passing */
166#undef HAVE_ACCRIGHTS_IN_MSGHDR
167
168/* Define if you have ut_addr in utmp.h */
169#undef HAVE_ADDR_IN_UTMP
170
171/* Define if you have ut_addr in utmpx.h */
172#undef HAVE_ADDR_IN_UTMPX
173
174/* Define if you have ut_addr_v6 in utmp.h */
175#undef HAVE_ADDR_V6_IN_UTMP
176
177/* Define if you have ut_addr_v6 in utmpx.h */
178#undef HAVE_ADDR_V6_IN_UTMPX
179
180/* Define to 1 if you have the `arc4random' function. */
181#undef HAVE_ARC4RANDOM
182
183/* Define to 1 if you have the `arc4random_buf' function. */
184#undef HAVE_ARC4RANDOM_BUF
185
186/* Define to 1 if you have the `arc4random_stir' function. */
187#undef HAVE_ARC4RANDOM_STIR
188
189/* Define to 1 if you have the `arc4random_uniform' function. */
190#undef HAVE_ARC4RANDOM_UNIFORM
191
192/* Define to 1 if you have the `asprintf' function. */
193#undef HAVE_ASPRINTF
194
195/* OpenBSD's gcc has bounded */
196#undef HAVE_ATTRIBUTE__BOUNDED__
197
198/* Have attribute nonnull */
199#undef HAVE_ATTRIBUTE__NONNULL__
200
201/* OpenBSD's gcc has sentinel */
202#undef HAVE_ATTRIBUTE__SENTINEL__
203
204/* Define to 1 if you have the `aug_get_machine' function. */
205#undef HAVE_AUG_GET_MACHINE
206
207/* Define to 1 if you have the `b64_ntop' function. */
208#undef HAVE_B64_NTOP
209
210/* Define to 1 if you have the `b64_pton' function. */
211#undef HAVE_B64_PTON
212
213/* Define if you have the basename function. */
214#undef HAVE_BASENAME
215
216/* Define to 1 if you have the `bcopy' function. */
217#undef HAVE_BCOPY
218
219/* Define to 1 if you have the `bcrypt_pbkdf' function. */
220#undef HAVE_BCRYPT_PBKDF
221
222/* Define to 1 if you have the `bindresvport_sa' function. */
223#undef HAVE_BINDRESVPORT_SA
224
225/* Define to 1 if you have the `blf_enc' function. */
226#undef HAVE_BLF_ENC
227
228/* Define to 1 if you have the <blf.h> header file. */
229#undef HAVE_BLF_H
230
231/* Define to 1 if you have the `Blowfish_expand0state' function. */
232#undef HAVE_BLOWFISH_EXPAND0STATE
233
234/* Define to 1 if you have the `Blowfish_expandstate' function. */
235#undef HAVE_BLOWFISH_EXPANDSTATE
236
237/* Define to 1 if you have the `Blowfish_initstate' function. */
238#undef HAVE_BLOWFISH_INITSTATE
239
240/* Define to 1 if you have the `Blowfish_stream2word' function. */
241#undef HAVE_BLOWFISH_STREAM2WORD
242
243/* Define to 1 if you have the `BN_is_prime_ex' function. */
244#undef HAVE_BN_IS_PRIME_EX
245
246/* Define to 1 if you have the <bsd/libutil.h> header file. */
247#undef HAVE_BSD_LIBUTIL_H
248
249/* Define to 1 if you have the <bsm/audit.h> header file. */
250#undef HAVE_BSM_AUDIT_H
251
252/* Define to 1 if you have the <bstring.h> header file. */
253#undef HAVE_BSTRING_H
254
255/* Define to 1 if you have the `cap_rights_limit' function. */
256#undef HAVE_CAP_RIGHTS_LIMIT
257
258/* Define to 1 if you have the `clock' function. */
259#undef HAVE_CLOCK
260
261/* Have clock_gettime */
262#undef HAVE_CLOCK_GETTIME
263
264/* define if you have clock_t data type */
265#undef HAVE_CLOCK_T
266
267/* Define to 1 if you have the `closefrom' function. */
268#undef HAVE_CLOSEFROM
269
270/* Define if gai_strerror() returns const char * */
271#undef HAVE_CONST_GAI_STRERROR_PROTO
272
273/* Define if your system uses ancillary data style file descriptor passing */
274#undef HAVE_CONTROL_IN_MSGHDR
275
276/* Define to 1 if you have the `crypt' function. */
277#undef HAVE_CRYPT
278
279/* Define to 1 if you have the <crypto/sha2.h> header file. */
280#undef HAVE_CRYPTO_SHA2_H
281
282/* Define to 1 if you have the <crypt.h> header file. */
283#undef HAVE_CRYPT_H
284
285/* Define if you are on Cygwin */
286#undef HAVE_CYGWIN
287
288/* Define if your libraries define daemon() */
289#undef HAVE_DAEMON
290
291/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if
292 you don't. */
293#undef HAVE_DECL_AI_NUMERICSERV
294
295/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
296 don't. */
297#undef HAVE_DECL_AUTHENTICATE
298
299/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
300 don't. */
301#undef HAVE_DECL_GLOB_NOMATCH
302
303/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
304 and to 0 if you don't. */
305#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
306
307/* Define to 1 if you have the declaration of `howmany', and to 0 if you
308 don't. */
309#undef HAVE_DECL_HOWMANY
310
311/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
312 don't. */
313#undef HAVE_DECL_H_ERRNO
314
315/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
316 don't. */
317#undef HAVE_DECL_LOGINFAILED
318
319/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
320 you don't. */
321#undef HAVE_DECL_LOGINRESTRICTIONS
322
323/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
324 don't. */
325#undef HAVE_DECL_LOGINSUCCESS
326
327/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you
328 don't. */
329#undef HAVE_DECL_MAXSYMLINKS
330
331/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
332 don't. */
333#undef HAVE_DECL_NFDBITS
334
335/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
336 don't. */
337#undef HAVE_DECL_OFFSETOF
338
339/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
340 don't. */
341#undef HAVE_DECL_O_NONBLOCK
342
343/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
344 don't. */
345#undef HAVE_DECL_PASSWDEXPIRED
346
347/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
348 don't. */
349#undef HAVE_DECL_SETAUTHDB
350
351/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
352 don't. */
353#undef HAVE_DECL_SHUT_RD
354
355/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
356 */
357#undef HAVE_DECL_WRITEV
358
359/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
360 don't. */
361#undef HAVE_DECL__GETLONG
362
363/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
364 don't. */
365#undef HAVE_DECL__GETSHORT
366
367/* Define to 1 if you have the `DES_crypt' function. */
368#undef HAVE_DES_CRYPT
369
370/* Define if you have /dev/ptmx */
371#undef HAVE_DEV_PTMX
372
373/* Define if you have /dev/ptc */
374#undef HAVE_DEV_PTS_AND_PTC
375
376/* Define to 1 if you have the <dirent.h> header file. */
377#undef HAVE_DIRENT_H
378
379/* Define to 1 if you have the `dirfd' function. */
380#undef HAVE_DIRFD
381
382/* Define to 1 if you have the `dirname' function. */
383#undef HAVE_DIRNAME
384
385/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
386#undef HAVE_DSA_GENERATE_PARAMETERS_EX
387
388/* Define to 1 if you have the <elf.h> header file. */
389#undef HAVE_ELF_H
390
391/* Define to 1 if you have the `endgrent' function. */
392#undef HAVE_ENDGRENT
393
394/* Define to 1 if you have the <endian.h> header file. */
395#undef HAVE_ENDIAN_H
396
397/* Define to 1 if you have the `endutent' function. */
398#undef HAVE_ENDUTENT
399
400/* Define to 1 if you have the `endutxent' function. */
401#undef HAVE_ENDUTXENT
402
403/* Define to 1 if you have the `err' function. */
404#undef HAVE_ERR
405
406/* Define to 1 if you have the `errx' function. */
407#undef HAVE_ERRX
408
409/* Define to 1 if you have the <err.h> header file. */
410#undef HAVE_ERR_H
411
412/* Define if your system has /etc/default/login */
413#undef HAVE_ETC_DEFAULT_LOGIN
414
415/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
416#undef HAVE_EVP_CIPHER_CTX_CTRL
417
418/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
419#undef HAVE_EVP_DIGESTFINAL_EX
420
421/* Define to 1 if you have the `EVP_DigestInit_ex' function. */
422#undef HAVE_EVP_DIGESTINIT_EX
423
424/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
425#undef HAVE_EVP_MD_CTX_CLEANUP
426
427/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
428#undef HAVE_EVP_MD_CTX_COPY_EX
429
430/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
431#undef HAVE_EVP_MD_CTX_INIT
432
433/* Define to 1 if you have the `EVP_ripemd160' function. */
434#undef HAVE_EVP_RIPEMD160
435
436/* Define to 1 if you have the `EVP_sha256' function. */
437#undef HAVE_EVP_SHA256
438
439/* Define if you have ut_exit in utmp.h */
440#undef HAVE_EXIT_IN_UTMP
441
442/* Define to 1 if you have the `explicit_bzero' function. */
443#undef HAVE_EXPLICIT_BZERO
444
445/* Define to 1 if you have the `fchmod' function. */
446#undef HAVE_FCHMOD
447
448/* Define to 1 if you have the `fchown' function. */
449#undef HAVE_FCHOWN
450
451/* Use F_CLOSEM fcntl for closefrom */
452#undef HAVE_FCNTL_CLOSEM
453
454/* Define to 1 if you have the <fcntl.h> header file. */
455#undef HAVE_FCNTL_H
456
457/* Define to 1 if the system has the type `fd_mask'. */
458#undef HAVE_FD_MASK
459
460/* Define to 1 if you have the <features.h> header file. */
461#undef HAVE_FEATURES_H
462
463/* Define to 1 if you have the <floatingpoint.h> header file. */
464#undef HAVE_FLOATINGPOINT_H
465
466/* Define to 1 if you have the `fmt_scaled' function. */
467#undef HAVE_FMT_SCALED
468
469/* Define to 1 if you have the `freeaddrinfo' function. */
470#undef HAVE_FREEADDRINFO
471
472/* Define to 1 if the system has the type `fsblkcnt_t'. */
473#undef HAVE_FSBLKCNT_T
474
475/* Define to 1 if the system has the type `fsfilcnt_t'. */
476#undef HAVE_FSFILCNT_T
477
478/* Define to 1 if you have the `fstatfs' function. */
479#undef HAVE_FSTATFS
480
481/* Define to 1 if you have the `fstatvfs' function. */
482#undef HAVE_FSTATVFS
483
484/* Define to 1 if you have the `futimes' function. */
485#undef HAVE_FUTIMES
486
487/* Define to 1 if you have the `gai_strerror' function. */
488#undef HAVE_GAI_STRERROR
489
490/* Define to 1 if you have the `getaddrinfo' function. */
491#undef HAVE_GETADDRINFO
492
493/* Define to 1 if you have the `getaudit' function. */
494#undef HAVE_GETAUDIT
495
496/* Define to 1 if you have the `getaudit_addr' function. */
497#undef HAVE_GETAUDIT_ADDR
498
499/* Define to 1 if you have the `getcwd' function. */
500#undef HAVE_GETCWD
501
502/* Define to 1 if you have the `getgrouplist' function. */
503#undef HAVE_GETGROUPLIST
504
505/* Define to 1 if you have the `getgrset' function. */
506#undef HAVE_GETGRSET
507
508/* Define to 1 if you have the `getlastlogxbyname' function. */
509#undef HAVE_GETLASTLOGXBYNAME
510
511/* Define to 1 if you have the `getluid' function. */
512#undef HAVE_GETLUID
513
514/* Define to 1 if you have the `getnameinfo' function. */
515#undef HAVE_GETNAMEINFO
516
517/* Define to 1 if you have the `getopt' function. */
518#undef HAVE_GETOPT
519
520/* Define to 1 if you have the <getopt.h> header file. */
521#undef HAVE_GETOPT_H
522
523/* Define if your getopt(3) defines and uses optreset */
524#undef HAVE_GETOPT_OPTRESET
525
526/* Define if your libraries define getpagesize() */
527#undef HAVE_GETPAGESIZE
528
529/* Define to 1 if you have the `getpeereid' function. */
530#undef HAVE_GETPEEREID
531
532/* Define to 1 if you have the `getpeerucred' function. */
533#undef HAVE_GETPEERUCRED
534
535/* Define to 1 if you have the `getpgid' function. */
536#undef HAVE_GETPGID
537
538/* Define to 1 if you have the `getpgrp' function. */
539#undef HAVE_GETPGRP
540
541/* Define to 1 if you have the `getpwanam' function. */
542#undef HAVE_GETPWANAM
543
544/* Define to 1 if you have the `getrlimit' function. */
545#undef HAVE_GETRLIMIT
546
547/* Define if getrrsetbyname() exists */
548#undef HAVE_GETRRSETBYNAME
549
550/* Define to 1 if you have the `getrusage' function. */
551#undef HAVE_GETRUSAGE
552
553/* Define to 1 if you have the `getseuserbyname' function. */
554#undef HAVE_GETSEUSERBYNAME
555
556/* Define to 1 if you have the `gettimeofday' function. */
557#undef HAVE_GETTIMEOFDAY
558
559/* Define to 1 if you have the `getttyent' function. */
560#undef HAVE_GETTTYENT
561
562/* Define to 1 if you have the `getutent' function. */
563#undef HAVE_GETUTENT
564
565/* Define to 1 if you have the `getutid' function. */
566#undef HAVE_GETUTID
567
568/* Define to 1 if you have the `getutline' function. */
569#undef HAVE_GETUTLINE
570
571/* Define to 1 if you have the `getutxent' function. */
572#undef HAVE_GETUTXENT
573
574/* Define to 1 if you have the `getutxid' function. */
575#undef HAVE_GETUTXID
576
577/* Define to 1 if you have the `getutxline' function. */
578#undef HAVE_GETUTXLINE
579
580/* Define to 1 if you have the `getutxuser' function. */
581#undef HAVE_GETUTXUSER
582
583/* Define to 1 if you have the `get_default_context_with_level' function. */
584#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
585
586/* Define to 1 if you have the `glob' function. */
587#undef HAVE_GLOB
588
589/* Define to 1 if you have the <glob.h> header file. */
590#undef HAVE_GLOB_H
591
592/* Define to 1 if you have the `group_from_gid' function. */
593#undef HAVE_GROUP_FROM_GID
594
595/* Define to 1 if you have the <gssapi_generic.h> header file. */
596#undef HAVE_GSSAPI_GENERIC_H
597
598/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
599#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
600
601/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
602#undef HAVE_GSSAPI_GSSAPI_H
603
604/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
605#undef HAVE_GSSAPI_GSSAPI_KRB5_H
606
607/* Define to 1 if you have the <gssapi.h> header file. */
608#undef HAVE_GSSAPI_H
609
610/* Define to 1 if you have the <gssapi_krb5.h> header file. */
611#undef HAVE_GSSAPI_KRB5_H
612
613/* Define if HEADER.ad exists in arpa/nameser.h */
614#undef HAVE_HEADER_AD
615
616/* Define to 1 if you have the `HMAC_CTX_init' function. */
617#undef HAVE_HMAC_CTX_INIT
618
619/* Define if you have ut_host in utmp.h */
620#undef HAVE_HOST_IN_UTMP
621
622/* Define if you have ut_host in utmpx.h */
623#undef HAVE_HOST_IN_UTMPX
624
625/* Define to 1 if you have the <iaf.h> header file. */
626#undef HAVE_IAF_H
627
628/* Define to 1 if you have the <ia.h> header file. */
629#undef HAVE_IA_H
630
631/* Define if you have ut_id in utmp.h */
632#undef HAVE_ID_IN_UTMP
633
634/* Define if you have ut_id in utmpx.h */
635#undef HAVE_ID_IN_UTMPX
636
637/* Define to 1 if you have the `inet_aton' function. */
638#undef HAVE_INET_ATON
639
640/* Define to 1 if you have the `inet_ntoa' function. */
641#undef HAVE_INET_NTOA
642
643/* Define to 1 if you have the `inet_ntop' function. */
644#undef HAVE_INET_NTOP
645
646/* Define to 1 if you have the `innetgr' function. */
647#undef HAVE_INNETGR
648
649/* define if you have int64_t data type */
650#undef HAVE_INT64_T
651
652/* Define to 1 if the system has the type `intmax_t'. */
653#undef HAVE_INTMAX_T
654
655/* Define to 1 if you have the <inttypes.h> header file. */
656#undef HAVE_INTTYPES_H
657
658/* define if you have intxx_t data type */
659#undef HAVE_INTXX_T
660
661/* Define to 1 if the system has the type `in_addr_t'. */
662#undef HAVE_IN_ADDR_T
663
664/* Define to 1 if the system has the type `in_port_t'. */
665#undef HAVE_IN_PORT_T
666
667/* Define if you have isblank(3C). */
668#undef HAVE_ISBLANK
669
670/* Define to 1 if you have the `krb5_cc_new_unique' function. */
671#undef HAVE_KRB5_CC_NEW_UNIQUE
672
673/* Define to 1 if you have the `krb5_free_error_message' function. */
674#undef HAVE_KRB5_FREE_ERROR_MESSAGE
675
676/* Define to 1 if you have the `krb5_get_error_message' function. */
677#undef HAVE_KRB5_GET_ERROR_MESSAGE
678
679/* Define to 1 if you have the <langinfo.h> header file. */
680#undef HAVE_LANGINFO_H
681
682/* Define to 1 if you have the <lastlog.h> header file. */
683#undef HAVE_LASTLOG_H
684
685/* Define if you want ldns support */
686#undef HAVE_LDNS
687
688/* Define to 1 if you have the <libaudit.h> header file. */
689#undef HAVE_LIBAUDIT_H
690
691/* Define to 1 if you have the `bsm' library (-lbsm). */
692#undef HAVE_LIBBSM
693
694/* Define to 1 if you have the `crypt' library (-lcrypt). */
695#undef HAVE_LIBCRYPT
696
697/* Define to 1 if you have the `dl' library (-ldl). */
698#undef HAVE_LIBDL
699
700/* Define to 1 if you have the <libgen.h> header file. */
701#undef HAVE_LIBGEN_H
702
703/* Define if system has libiaf that supports set_id */
704#undef HAVE_LIBIAF
705
706/* Define to 1 if you have the `network' library (-lnetwork). */
707#undef HAVE_LIBNETWORK
708
709/* Define to 1 if you have the `pam' library (-lpam). */
710#undef HAVE_LIBPAM
711
712/* Define to 1 if you have the `socket' library (-lsocket). */
713#undef HAVE_LIBSOCKET
714
715/* Define to 1 if you have the <libutil.h> header file. */
716#undef HAVE_LIBUTIL_H
717
718/* Define to 1 if you have the `xnet' library (-lxnet). */
719#undef HAVE_LIBXNET
720
721/* Define to 1 if you have the `z' library (-lz). */
722#undef HAVE_LIBZ
723
724/* Define to 1 if you have the <limits.h> header file. */
725#undef HAVE_LIMITS_H
726
727/* Define to 1 if you have the <linux/audit.h> header file. */
728#undef HAVE_LINUX_AUDIT_H
729
730/* Define to 1 if you have the <linux/filter.h> header file. */
731#undef HAVE_LINUX_FILTER_H
732
733/* Define to 1 if you have the <linux/if_tun.h> header file. */
734#undef HAVE_LINUX_IF_TUN_H
735
736/* Define to 1 if you have the <linux/seccomp.h> header file. */
737#undef HAVE_LINUX_SECCOMP_H
738
739/* Define to 1 if you have the `llabs' function. */
740#undef HAVE_LLABS
741
742/* Define to 1 if you have the <locale.h> header file. */
743#undef HAVE_LOCALE_H
744
745/* Define to 1 if you have the `login' function. */
746#undef HAVE_LOGIN
747
748/* Define to 1 if you have the <login_cap.h> header file. */
749#undef HAVE_LOGIN_CAP_H
750
751/* Define to 1 if you have the `login_getcapbool' function. */
752#undef HAVE_LOGIN_GETCAPBOOL
753
754/* Define to 1 if you have the <login.h> header file. */
755#undef HAVE_LOGIN_H
756
757/* Define to 1 if you have the `logout' function. */
758#undef HAVE_LOGOUT
759
760/* Define to 1 if you have the `logwtmp' function. */
761#undef HAVE_LOGWTMP
762
763/* Define to 1 if the system has the type `long double'. */
764#undef HAVE_LONG_DOUBLE
765
766/* Define to 1 if the system has the type `long long'. */
767#undef HAVE_LONG_LONG
768
769/* Define to 1 if you have the <maillock.h> header file. */
770#undef HAVE_MAILLOCK_H
771
772/* Define to 1 if you have the `mblen' function. */
773#undef HAVE_MBLEN
774
775/* Define to 1 if you have the `mbtowc' function. */
776#undef HAVE_MBTOWC
777
778/* Define to 1 if you have the `md5_crypt' function. */
779#undef HAVE_MD5_CRYPT
780
781/* Define if you want to allow MD5 passwords */
782#undef HAVE_MD5_PASSWORDS
783
784/* Define to 1 if you have the `memmove' function. */
785#undef HAVE_MEMMOVE
786
787/* Define to 1 if you have the <memory.h> header file. */
788#undef HAVE_MEMORY_H
789
790/* Define to 1 if you have the `memset_s' function. */
791#undef HAVE_MEMSET_S
792
793/* Define to 1 if you have the `mkdtemp' function. */
794#undef HAVE_MKDTEMP
795
796/* define if you have mode_t data type */
797#undef HAVE_MODE_T
798
799/* Some systems put nanosleep outside of libc */
800#undef HAVE_NANOSLEEP
801
802/* Define to 1 if you have the <ndir.h> header file. */
803#undef HAVE_NDIR_H
804
805/* Define to 1 if you have the <netdb.h> header file. */
806#undef HAVE_NETDB_H
807
808/* Define to 1 if you have the <netgroup.h> header file. */
809#undef HAVE_NETGROUP_H
810
811/* Define to 1 if you have the <net/if_tun.h> header file. */
812#undef HAVE_NET_IF_TUN_H
813
814/* Define if you are on NeXT */
815#undef HAVE_NEXT
816
817/* Define to 1 if you have the `ngetaddrinfo' function. */
818#undef HAVE_NGETADDRINFO
819
820/* Define to 1 if you have the `nl_langinfo' function. */
821#undef HAVE_NL_LANGINFO
822
823/* Define to 1 if you have the `nsleep' function. */
824#undef HAVE_NSLEEP
825
826/* Define to 1 if you have the `ogetaddrinfo' function. */
827#undef HAVE_OGETADDRINFO
828
829/* Define if you have an old version of PAM which takes only one argument to
830 pam_strerror */
831#undef HAVE_OLD_PAM
832
833/* Define to 1 if you have the `openlog_r' function. */
834#undef HAVE_OPENLOG_R
835
836/* Define to 1 if you have the `openpty' function. */
837#undef HAVE_OPENPTY
838
839/* Define if your ssl headers are included with #include <openssl/header.h> */
840#undef HAVE_OPENSSL
841
842/* Define if you have Digital Unix Security Integration Architecture */
843#undef HAVE_OSF_SIA
844
845/* Define to 1 if you have the `pam_getenvlist' function. */
846#undef HAVE_PAM_GETENVLIST
847
848/* Define to 1 if you have the <pam/pam_appl.h> header file. */
849#undef HAVE_PAM_PAM_APPL_H
850
851/* Define to 1 if you have the `pam_putenv' function. */
852#undef HAVE_PAM_PUTENV
853
854/* Define to 1 if you have the <paths.h> header file. */
855#undef HAVE_PATHS_H
856
857/* Define if you have ut_pid in utmp.h */
858#undef HAVE_PID_IN_UTMP
859
860/* define if you have pid_t data type */
861#undef HAVE_PID_T
862
863/* Define to 1 if you have the `pledge' function. */
864#undef HAVE_PLEDGE
865
866/* Define to 1 if you have the `poll' function. */
867#undef HAVE_POLL
868
869/* Define to 1 if you have the <poll.h> header file. */
870#undef HAVE_POLL_H
871
872/* Define to 1 if you have the `prctl' function. */
873#undef HAVE_PRCTL
874
875/* Define to 1 if you have the `priv_basicset' function. */
876#undef HAVE_PRIV_BASICSET
877
878/* Define to 1 if you have the <priv.h> header file. */
879#undef HAVE_PRIV_H
880
881/* Define if you have /proc/$pid/fd */
882#undef HAVE_PROC_PID
883
884/* Define to 1 if you have the `pstat' function. */
885#undef HAVE_PSTAT
886
887/* Define to 1 if you have the <pty.h> header file. */
888#undef HAVE_PTY_H
889
890/* Define to 1 if you have the `pututline' function. */
891#undef HAVE_PUTUTLINE
892
893/* Define to 1 if you have the `pututxline' function. */
894#undef HAVE_PUTUTXLINE
895
896/* Define to 1 if you have the `readpassphrase' function. */
897#undef HAVE_READPASSPHRASE
898
899/* Define to 1 if you have the <readpassphrase.h> header file. */
900#undef HAVE_READPASSPHRASE_H
901
902/* Define to 1 if you have the `reallocarray' function. */
903#undef HAVE_REALLOCARRAY
904
905/* Define to 1 if you have the `realpath' function. */
906#undef HAVE_REALPATH
907
908/* Define to 1 if you have the `recvmsg' function. */
909#undef HAVE_RECVMSG
910
911/* sys/resource.h has RLIMIT_NPROC */
912#undef HAVE_RLIMIT_NPROC
913
914/* Define to 1 if you have the <rpc/types.h> header file. */
915#undef HAVE_RPC_TYPES_H
916
917/* Define to 1 if you have the `rresvport_af' function. */
918#undef HAVE_RRESVPORT_AF
919
920/* Define to 1 if you have the `RSA_generate_key_ex' function. */
921#undef HAVE_RSA_GENERATE_KEY_EX
922
923/* Define to 1 if you have the `RSA_get_default_method' function. */
924#undef HAVE_RSA_GET_DEFAULT_METHOD
925
926/* Define to 1 if you have the <sandbox.h> header file. */
927#undef HAVE_SANDBOX_H
928
929/* Define to 1 if you have the `sandbox_init' function. */
930#undef HAVE_SANDBOX_INIT
931
932/* define if you have sa_family_t data type */
933#undef HAVE_SA_FAMILY_T
934
935/* Define to 1 if you have the `scan_scaled' function. */
936#undef HAVE_SCAN_SCALED
937
938/* Define if you have SecureWare-based protected password database */
939#undef HAVE_SECUREWARE
940
941/* Define to 1 if you have the <security/pam_appl.h> header file. */
942#undef HAVE_SECURITY_PAM_APPL_H
943
944/* Define to 1 if you have the `sendmsg' function. */
945#undef HAVE_SENDMSG
946
947/* Define to 1 if you have the `setauthdb' function. */
948#undef HAVE_SETAUTHDB
949
950/* Define to 1 if you have the `setdtablesize' function. */
951#undef HAVE_SETDTABLESIZE
952
953/* Define to 1 if you have the `setegid' function. */
954#undef HAVE_SETEGID
955
956/* Define to 1 if you have the `setenv' function. */
957#undef HAVE_SETENV
958
959/* Define to 1 if you have the `seteuid' function. */
960#undef HAVE_SETEUID
961
962/* Define to 1 if you have the `setgroupent' function. */
963#undef HAVE_SETGROUPENT
964
965/* Define to 1 if you have the `setgroups' function. */
966#undef HAVE_SETGROUPS
967
968/* Define to 1 if you have the `setlinebuf' function. */
969#undef HAVE_SETLINEBUF
970
971/* Define to 1 if you have the `setlogin' function. */
972#undef HAVE_SETLOGIN
973
974/* Define to 1 if you have the `setluid' function. */
975#undef HAVE_SETLUID
976
977/* Define to 1 if you have the `setpassent' function. */
978#undef HAVE_SETPASSENT
979
980/* Define to 1 if you have the `setpcred' function. */
981#undef HAVE_SETPCRED
982
983/* Define to 1 if you have the `setpflags' function. */
984#undef HAVE_SETPFLAGS
985
986/* Define to 1 if you have the `setppriv' function. */
987#undef HAVE_SETPPRIV
988
989/* Define to 1 if you have the `setproctitle' function. */
990#undef HAVE_SETPROCTITLE
991
992/* Define to 1 if you have the `setregid' function. */
993#undef HAVE_SETREGID
994
995/* Define to 1 if you have the `setresgid' function. */
996#undef HAVE_SETRESGID
997
998/* Define to 1 if you have the `setresuid' function. */
999#undef HAVE_SETRESUID
1000
1001/* Define to 1 if you have the `setreuid' function. */
1002#undef HAVE_SETREUID
1003
1004/* Define to 1 if you have the `setrlimit' function. */
1005#undef HAVE_SETRLIMIT
1006
1007/* Define to 1 if you have the `setsid' function. */
1008#undef HAVE_SETSID
1009
1010/* Define to 1 if you have the `setutent' function. */
1011#undef HAVE_SETUTENT
1012
1013/* Define to 1 if you have the `setutxdb' function. */
1014#undef HAVE_SETUTXDB
1015
1016/* Define to 1 if you have the `setutxent' function. */
1017#undef HAVE_SETUTXENT
1018
1019/* Define to 1 if you have the `setvbuf' function. */
1020#undef HAVE_SETVBUF
1021
1022/* Define to 1 if you have the `set_id' function. */
1023#undef HAVE_SET_ID
1024
1025/* Define to 1 if you have the `SHA256_Update' function. */
1026#undef HAVE_SHA256_UPDATE
1027
1028/* Define to 1 if you have the <sha2.h> header file. */
1029#undef HAVE_SHA2_H
1030
1031/* Define to 1 if you have the <shadow.h> header file. */
1032#undef HAVE_SHADOW_H
1033
1034/* Define to 1 if you have the `sigaction' function. */
1035#undef HAVE_SIGACTION
1036
1037/* Define to 1 if you have the `sigvec' function. */
1038#undef HAVE_SIGVEC
1039
1040/* Define to 1 if the system has the type `sig_atomic_t'. */
1041#undef HAVE_SIG_ATOMIC_T
1042
1043/* define if you have size_t data type */
1044#undef HAVE_SIZE_T
1045
1046/* Define to 1 if you have the `snprintf' function. */
1047#undef HAVE_SNPRINTF
1048
1049/* Define to 1 if you have the `socketpair' function. */
1050#undef HAVE_SOCKETPAIR
1051
1052/* Have PEERCRED socket option */
1053#undef HAVE_SO_PEERCRED
1054
1055/* define if you have ssize_t data type */
1056#undef HAVE_SSIZE_T
1057
1058/* Fields in struct sockaddr_storage */
1059#undef HAVE_SS_FAMILY_IN_SS
1060
1061/* Define to 1 if you have the `statfs' function. */
1062#undef HAVE_STATFS
1063
1064/* Define to 1 if you have the `statvfs' function. */
1065#undef HAVE_STATVFS
1066
1067/* Define to 1 if you have the <stddef.h> header file. */
1068#undef HAVE_STDDEF_H
1069
1070/* Define to 1 if you have the <stdint.h> header file. */
1071#undef HAVE_STDINT_H
1072
1073/* Define to 1 if you have the <stdlib.h> header file. */
1074#undef HAVE_STDLIB_H
1075
1076/* Define to 1 if you have the `strcasestr' function. */
1077#undef HAVE_STRCASESTR
1078
1079/* Define to 1 if you have the `strdup' function. */
1080#undef HAVE_STRDUP
1081
1082/* Define to 1 if you have the `strerror' function. */
1083#undef HAVE_STRERROR
1084
1085/* Define to 1 if you have the `strftime' function. */
1086#undef HAVE_STRFTIME
1087
1088/* Silly mkstemp() */
1089#undef HAVE_STRICT_MKSTEMP
1090
1091/* Define to 1 if you have the <strings.h> header file. */
1092#undef HAVE_STRINGS_H
1093
1094/* Define to 1 if you have the <string.h> header file. */
1095#undef HAVE_STRING_H
1096
1097/* Define to 1 if you have the `strlcat' function. */
1098#undef HAVE_STRLCAT
1099
1100/* Define to 1 if you have the `strlcpy' function. */
1101#undef HAVE_STRLCPY
1102
1103/* Define to 1 if you have the `strmode' function. */
1104#undef HAVE_STRMODE
1105
1106/* Define to 1 if you have the `strnlen' function. */
1107#undef HAVE_STRNLEN
1108
1109/* Define to 1 if you have the `strnvis' function. */
1110#undef HAVE_STRNVIS
1111
1112/* Define to 1 if you have the `strptime' function. */
1113#undef HAVE_STRPTIME
1114
1115/* Define to 1 if you have the `strsep' function. */
1116#undef HAVE_STRSEP
1117
1118/* Define to 1 if you have the `strtoll' function. */
1119#undef HAVE_STRTOLL
1120
1121/* Define to 1 if you have the `strtonum' function. */
1122#undef HAVE_STRTONUM
1123
1124/* Define to 1 if you have the `strtoul' function. */
1125#undef HAVE_STRTOUL
1126
1127/* Define to 1 if you have the `strtoull' function. */
1128#undef HAVE_STRTOULL
1129
1130/* define if you have struct addrinfo data type */
1131#undef HAVE_STRUCT_ADDRINFO
1132
1133/* define if you have struct in6_addr data type */
1134#undef HAVE_STRUCT_IN6_ADDR
1135
1136/* Define to 1 if `pw_change' is a member of `struct passwd'. */
1137#undef HAVE_STRUCT_PASSWD_PW_CHANGE
1138
1139/* Define to 1 if `pw_class' is a member of `struct passwd'. */
1140#undef HAVE_STRUCT_PASSWD_PW_CLASS
1141
1142/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
1143#undef HAVE_STRUCT_PASSWD_PW_EXPIRE
1144
1145/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
1146#undef HAVE_STRUCT_PASSWD_PW_GECOS
1147
1148/* define if you have struct sockaddr_in6 data type */
1149#undef HAVE_STRUCT_SOCKADDR_IN6
1150
1151/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
1152#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
1153
1154/* define if you have struct sockaddr_storage data type */
1155#undef HAVE_STRUCT_SOCKADDR_STORAGE
1156
1157/* Define to 1 if `st_blksize' is a member of `struct stat'. */
1158#undef HAVE_STRUCT_STAT_ST_BLKSIZE
1159
1160/* Define to 1 if the system has the type `struct timespec'. */
1161#undef HAVE_STRUCT_TIMESPEC
1162
1163/* define if you have struct timeval */
1164#undef HAVE_STRUCT_TIMEVAL
1165
1166/* Define to 1 if you have the `swap32' function. */
1167#undef HAVE_SWAP32
1168
1169/* Define to 1 if you have the `sysconf' function. */
1170#undef HAVE_SYSCONF
1171
1172/* Define if you have syslen in utmpx.h */
1173#undef HAVE_SYSLEN_IN_UTMPX
1174
1175/* Define to 1 if you have the <sys/audit.h> header file. */
1176#undef HAVE_SYS_AUDIT_H
1177
1178/* Define to 1 if you have the <sys/bitypes.h> header file. */
1179#undef HAVE_SYS_BITYPES_H
1180
1181/* Define to 1 if you have the <sys/bsdtty.h> header file. */
1182#undef HAVE_SYS_BSDTTY_H
1183
1184/* Define to 1 if you have the <sys/capability.h> header file. */
1185#undef HAVE_SYS_CAPABILITY_H
1186
1187/* Define to 1 if you have the <sys/cdefs.h> header file. */
1188#undef HAVE_SYS_CDEFS_H
1189
1190/* Define to 1 if you have the <sys/dir.h> header file. */
1191#undef HAVE_SYS_DIR_H
1192
1193/* Define if your system defines sys_errlist[] */
1194#undef HAVE_SYS_ERRLIST
1195
1196/* Define to 1 if you have the <sys/mman.h> header file. */
1197#undef HAVE_SYS_MMAN_H
1198
1199/* Define to 1 if you have the <sys/mount.h> header file. */
1200#undef HAVE_SYS_MOUNT_H
1201
1202/* Define to 1 if you have the <sys/ndir.h> header file. */
1203#undef HAVE_SYS_NDIR_H
1204
1205/* Define if your system defines sys_nerr */
1206#undef HAVE_SYS_NERR
1207
1208/* Define to 1 if you have the <sys/poll.h> header file. */
1209#undef HAVE_SYS_POLL_H
1210
1211/* Define to 1 if you have the <sys/prctl.h> header file. */
1212#undef HAVE_SYS_PRCTL_H
1213
1214/* Define to 1 if you have the <sys/pstat.h> header file. */
1215#undef HAVE_SYS_PSTAT_H
1216
1217/* Define to 1 if you have the <sys/ptms.h> header file. */
1218#undef HAVE_SYS_PTMS_H
1219
1220/* Define to 1 if you have the <sys/ptrace.h> header file. */
1221#undef HAVE_SYS_PTRACE_H
1222
1223/* Define to 1 if you have the <sys/select.h> header file. */
1224#undef HAVE_SYS_SELECT_H
1225
1226/* Define to 1 if you have the <sys/statvfs.h> header file. */
1227#undef HAVE_SYS_STATVFS_H
1228
1229/* Define to 1 if you have the <sys/stat.h> header file. */
1230#undef HAVE_SYS_STAT_H
1231
1232/* Define to 1 if you have the <sys/stream.h> header file. */
1233#undef HAVE_SYS_STREAM_H
1234
1235/* Define to 1 if you have the <sys/stropts.h> header file. */
1236#undef HAVE_SYS_STROPTS_H
1237
1238/* Define to 1 if you have the <sys/strtio.h> header file. */
1239#undef HAVE_SYS_STRTIO_H
1240
1241/* Force use of sys/syslog.h on Ultrix */
1242#undef HAVE_SYS_SYSLOG_H
1243
1244/* Define to 1 if you have the <sys/sysmacros.h> header file. */
1245#undef HAVE_SYS_SYSMACROS_H
1246
1247/* Define to 1 if you have the <sys/timers.h> header file. */
1248#undef HAVE_SYS_TIMERS_H
1249
1250/* Define to 1 if you have the <sys/time.h> header file. */
1251#undef HAVE_SYS_TIME_H
1252
1253/* Define to 1 if you have the <sys/types.h> header file. */
1254#undef HAVE_SYS_TYPES_H
1255
1256/* Define to 1 if you have the <sys/un.h> header file. */
1257#undef HAVE_SYS_UN_H
1258
1259/* Define to 1 if you have the `tcgetpgrp' function. */
1260#undef HAVE_TCGETPGRP
1261
1262/* Define to 1 if you have the `tcsendbreak' function. */
1263#undef HAVE_TCSENDBREAK
1264
1265/* Define to 1 if you have the `time' function. */
1266#undef HAVE_TIME
1267
1268/* Define to 1 if you have the <time.h> header file. */
1269#undef HAVE_TIME_H
1270
1271/* Define if you have ut_time in utmp.h */
1272#undef HAVE_TIME_IN_UTMP
1273
1274/* Define if you have ut_time in utmpx.h */
1275#undef HAVE_TIME_IN_UTMPX
1276
1277/* Define to 1 if you have the `timingsafe_bcmp' function. */
1278#undef HAVE_TIMINGSAFE_BCMP
1279
1280/* Define to 1 if you have the <tmpdir.h> header file. */
1281#undef HAVE_TMPDIR_H
1282
1283/* Define to 1 if you have the `truncate' function. */
1284#undef HAVE_TRUNCATE
1285
1286/* Define to 1 if you have the <ttyent.h> header file. */
1287#undef HAVE_TTYENT_H
1288
1289/* Define if you have ut_tv in utmp.h */
1290#undef HAVE_TV_IN_UTMP
1291
1292/* Define if you have ut_tv in utmpx.h */
1293#undef HAVE_TV_IN_UTMPX
1294
1295/* Define if you have ut_type in utmp.h */
1296#undef HAVE_TYPE_IN_UTMP
1297
1298/* Define if you have ut_type in utmpx.h */
1299#undef HAVE_TYPE_IN_UTMPX
1300
1301/* Define to 1 if you have the <ucred.h> header file. */
1302#undef HAVE_UCRED_H
1303
1304/* Define to 1 if the system has the type `uintmax_t'. */
1305#undef HAVE_UINTMAX_T
1306
1307/* define if you have uintxx_t data type */
1308#undef HAVE_UINTXX_T
1309
1310/* Define to 1 if you have the <unistd.h> header file. */
1311#undef HAVE_UNISTD_H
1312
1313/* Define to 1 if you have the `unsetenv' function. */
1314#undef HAVE_UNSETENV
1315
1316/* Define to 1 if the system has the type `unsigned long long'. */
1317#undef HAVE_UNSIGNED_LONG_LONG
1318
1319/* Define to 1 if you have the `updwtmp' function. */
1320#undef HAVE_UPDWTMP
1321
1322/* Define to 1 if you have the `updwtmpx' function. */
1323#undef HAVE_UPDWTMPX
1324
1325/* Define to 1 if you have the <usersec.h> header file. */
1326#undef HAVE_USERSEC_H
1327
1328/* Define to 1 if you have the `user_from_uid' function. */
1329#undef HAVE_USER_FROM_UID
1330
1331/* Define to 1 if you have the `usleep' function. */
1332#undef HAVE_USLEEP
1333
1334/* Define to 1 if you have the <util.h> header file. */
1335#undef HAVE_UTIL_H
1336
1337/* Define to 1 if you have the `utimes' function. */
1338#undef HAVE_UTIMES
1339
1340/* Define to 1 if you have the <utime.h> header file. */
1341#undef HAVE_UTIME_H
1342
1343/* Define to 1 if you have the `utmpname' function. */
1344#undef HAVE_UTMPNAME
1345
1346/* Define to 1 if you have the `utmpxname' function. */
1347#undef HAVE_UTMPXNAME
1348
1349/* Define to 1 if you have the <utmpx.h> header file. */
1350#undef HAVE_UTMPX_H
1351
1352/* Define to 1 if you have the <utmp.h> header file. */
1353#undef HAVE_UTMP_H
1354
1355/* define if you have u_char data type */
1356#undef HAVE_U_CHAR
1357
1358/* define if you have u_int data type */
1359#undef HAVE_U_INT
1360
1361/* define if you have u_int64_t data type */
1362#undef HAVE_U_INT64_T
1363
1364/* define if you have u_intxx_t data type */
1365#undef HAVE_U_INTXX_T
1366
1367/* Define to 1 if you have the `vasprintf' function. */
1368#undef HAVE_VASPRINTF
1369
1370/* Define if va_copy exists */
1371#undef HAVE_VA_COPY
1372
1373/* Define to 1 if you have the <vis.h> header file. */
1374#undef HAVE_VIS_H
1375
1376/* Define to 1 if you have the `vsnprintf' function. */
1377#undef HAVE_VSNPRINTF
1378
1379/* Define to 1 if you have the `waitpid' function. */
1380#undef HAVE_WAITPID
1381
1382/* Define to 1 if you have the `warn' function. */
1383#undef HAVE_WARN
1384
1385/* Define to 1 if you have the <wchar.h> header file. */
1386#undef HAVE_WCHAR_H
1387
1388/* Define to 1 if you have the `wcwidth' function. */
1389#undef HAVE_WCWIDTH
1390
1391/* Define to 1 if you have the `_getlong' function. */
1392#undef HAVE__GETLONG
1393
1394/* Define to 1 if you have the `_getpty' function. */
1395#undef HAVE__GETPTY
1396
1397/* Define to 1 if you have the `_getshort' function. */
1398#undef HAVE__GETSHORT
1399
1400/* Define if you have struct __res_state _res as an extern */
1401#undef HAVE__RES_EXTERN
1402
1403/* Define to 1 if you have the `__b64_ntop' function. */
1404#undef HAVE___B64_NTOP
1405
1406/* Define to 1 if you have the `__b64_pton' function. */
1407#undef HAVE___B64_PTON
1408
1409/* Define if compiler implements __FUNCTION__ */
1410#undef HAVE___FUNCTION__
1411
1412/* Define if libc defines __progname */
1413#undef HAVE___PROGNAME
1414
1415/* Fields in struct sockaddr_storage */
1416#undef HAVE___SS_FAMILY_IN_SS
1417
1418/* Define if __va_copy exists */
1419#undef HAVE___VA_COPY
1420
1421/* Define if compiler implements __func__ */
1422#undef HAVE___func__
1423
1424/* Define this if you are using the Heimdal version of Kerberos V5 */
1425#undef HEIMDAL
1426
1427/* Define if you need to use IP address instead of hostname in $DISPLAY */
1428#undef IPADDR_IN_DISPLAY
1429
1430/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
1431#undef IPV4_IN_IPV6
1432
1433/* Define if your system choked on IP TOS setting */
1434#undef IP_TOS_IS_BROKEN
1435
1436/* Define if you want Kerberos 5 support */
1437#undef KRB5
1438
1439/* Define if pututxline updates lastlog too */
1440#undef LASTLOG_WRITE_PUTUTXLINE
1441
1442/* Define to whatever link() returns for "not supported" if it doesn't return
1443 EOPNOTSUPP. */
1444#undef LINK_OPNOTSUPP_ERRNO
1445
1446/* Adjust Linux out-of-memory killer */
1447#undef LINUX_OOM_ADJUST
1448
1449/* max value of long long calculated by configure */
1450#undef LLONG_MAX
1451
1452/* min value of long long calculated by configure */
1453#undef LLONG_MIN
1454
1455/* Account locked with pw(1) */
1456#undef LOCKED_PASSWD_PREFIX
1457
1458/* String used in /etc/passwd to denote locked account */
1459#undef LOCKED_PASSWD_STRING
1460
1461/* String used in /etc/passwd to denote locked account */
1462#undef LOCKED_PASSWD_SUBSTR
1463
1464/* Some systems need a utmpx entry for /bin/login to work */
1465#undef LOGIN_NEEDS_UTMPX
1466
1467/* Set this to your mail directory if you do not have _PATH_MAILDIR */
1468#undef MAIL_DIRECTORY
1469
1470/* Need setpgrp to acquire controlling tty */
1471#undef NEED_SETPGRP
1472
1473/* compiler does not accept __attribute__ on return types */
1474#undef NO_ATTRIBUTE_ON_RETURN_TYPE
1475
1476/* Define if you don't want to use lastlog in session.c */
1477#undef NO_SSH_LASTLOG
1478
1479/* Define to disable UID restoration test */
1480#undef NO_UID_RESTORATION_TEST
1481
1482/* Define if X11 doesn't support AF_UNIX sockets on that system */
1483#undef NO_X11_UNIX_SOCKETS
1484
1485/* Define if EVP_DigestUpdate returns void */
1486#undef OPENSSL_EVP_DIGESTUPDATE_VOID
1487
1488/* OpenSSL has ECC */
1489#undef OPENSSL_HAS_ECC
1490
1491/* libcrypto has NID_X9_62_prime256v1 */
1492#undef OPENSSL_HAS_NISTP256
1493
1494/* libcrypto has NID_secp384r1 */
1495#undef OPENSSL_HAS_NISTP384
1496
1497/* libcrypto has NID_secp521r1 */
1498#undef OPENSSL_HAS_NISTP521
1499
1500/* libcrypto has EVP AES CTR */
1501#undef OPENSSL_HAVE_EVPCTR
1502
1503/* libcrypto has EVP AES GCM */
1504#undef OPENSSL_HAVE_EVPGCM
1505
1506/* libcrypto is missing AES 192 and 256 bit functions */
1507#undef OPENSSL_LOBOTOMISED_AES
1508
1509/* Define if you want the OpenSSL internally seeded PRNG only */
1510#undef OPENSSL_PRNG_ONLY
1511
1512/* Define to the address where bug reports for this package should be sent. */
1513#undef PACKAGE_BUGREPORT
1514
1515/* Define to the full name of this package. */
1516#undef PACKAGE_NAME
1517
1518/* Define to the full name and version of this package. */
1519#undef PACKAGE_STRING
1520
1521/* Define to the one symbol short name of this package. */
1522#undef PACKAGE_TARNAME
1523
1524/* Define to the home page for this package. */
1525#undef PACKAGE_URL
1526
1527/* Define to the version of this package. */
1528#undef PACKAGE_VERSION
1529
1530/* Define if you are using Solaris-derived PAM which passes pam_messages to
1531 the conversation function with an extra level of indirection */
1532#undef PAM_SUN_CODEBASE
1533
1534/* Work around problematic Linux PAM modules handling of PAM_TTY */
1535#undef PAM_TTY_KLUDGE
1536
1537/* must supply username to passwd */
1538#undef PASSWD_NEEDS_USERNAME
1539
1540/* System dirs owned by bin (uid 2) */
1541#undef PLATFORM_SYS_DIR_UID
1542
1543/* Port number of PRNGD/EGD random number socket */
1544#undef PRNGD_PORT
1545
1546/* Location of PRNGD/EGD random number socket */
1547#undef PRNGD_SOCKET
1548
1549/* read(1) can return 0 for a non-closed fd */
1550#undef PTY_ZEROREAD
1551
1552/* Sandbox using capsicum */
1553#undef SANDBOX_CAPSICUM
1554
1555/* Sandbox using Darwin sandbox_init(3) */
1556#undef SANDBOX_DARWIN
1557
1558/* no privsep sandboxing */
1559#undef SANDBOX_NULL
1560
1561/* Sandbox using pledge(2) */
1562#undef SANDBOX_PLEDGE
1563
1564/* Sandbox using setrlimit(2) */
1565#undef SANDBOX_RLIMIT
1566
1567/* Sandbox using seccomp filter */
1568#undef SANDBOX_SECCOMP_FILTER
1569
1570/* setrlimit RLIMIT_FSIZE works */
1571#undef SANDBOX_SKIP_RLIMIT_FSIZE
1572
1573/* define if setrlimit RLIMIT_NOFILE breaks things */
1574#undef SANDBOX_SKIP_RLIMIT_NOFILE
1575
1576/* Sandbox using Solaris/Illumos privileges */
1577#undef SANDBOX_SOLARIS
1578
1579/* Sandbox using systrace(4) */
1580#undef SANDBOX_SYSTRACE
1581
1582/* Specify the system call convention in use */
1583#undef SECCOMP_AUDIT_ARCH
1584
1585/* Define if your platform breaks doing a seteuid before a setuid */
1586#undef SETEUID_BREAKS_SETUID
1587
1588/* The size of `int', as computed by sizeof. */
1589#undef SIZEOF_INT
1590
1591/* The size of `long int', as computed by sizeof. */
1592#undef SIZEOF_LONG_INT
1593
1594/* The size of `long long int', as computed by sizeof. */
1595#undef SIZEOF_LONG_LONG_INT
1596
1597/* The size of `short int', as computed by sizeof. */
1598#undef SIZEOF_SHORT_INT
1599
1600/* Define if you want S/Key support */
1601#undef SKEY
1602
1603/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
1604#undef SKEYCHALLENGE_4ARG
1605
1606/* Define as const if snprintf() can declare const char *fmt */
1607#undef SNPRINTF_CONST
1608
1609/* Define to a Set Process Title type if your system is supported by
1610 bsd-setproctitle.c */
1611#undef SPT_TYPE
1612
1613/* Define if sshd somehow reacquires a controlling TTY after setsid() */
1614#undef SSHD_ACQUIRES_CTTY
1615
1616/* sshd PAM service name */
1617#undef SSHD_PAM_SERVICE
1618
1619/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
1620#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
1621
1622/* Use audit debugging module */
1623#undef SSH_AUDIT_EVENTS
1624
1625/* Windows is sensitive to read buffer size */
1626#undef SSH_IOBUFSZ
1627
1628/* non-privileged user for privilege separation */
1629#undef SSH_PRIVSEP_USER
1630
1631/* Use tunnel device compatibility to OpenBSD */
1632#undef SSH_TUN_COMPAT_AF
1633
1634/* Open tunnel devices the FreeBSD way */
1635#undef SSH_TUN_FREEBSD
1636
1637/* Open tunnel devices the Linux tun/tap way */
1638#undef SSH_TUN_LINUX
1639
1640/* No layer 2 tunnel support */
1641#undef SSH_TUN_NO_L2
1642
1643/* Open tunnel devices the OpenBSD way */
1644#undef SSH_TUN_OPENBSD
1645
1646/* Prepend the address family to IP tunnel traffic */
1647#undef SSH_TUN_PREPEND_AF
1648
1649/* Define to 1 if you have the ANSI C header files. */
1650#undef STDC_HEADERS
1651
1652/* Define if you want a different $PATH for the superuser */
1653#undef SUPERUSER_PATH
1654
1655/* syslog_r function is safe to use in in a signal handler */
1656#undef SYSLOG_R_SAFE_IN_SIGHAND
1657
1658/* Support passwords > 8 chars */
1659#undef UNIXWARE_LONG_PASSWORDS
1660
1661/* Specify default $PATH */
1662#undef USER_PATH
1663
1664/* Define this if you want to use libkafs' AFS support */
1665#undef USE_AFS
1666
1667/* Use BSM audit module */
1668#undef USE_BSM_AUDIT
1669
1670/* Use btmp to log bad logins */
1671#undef USE_BTMP
1672
1673/* Use libedit for sftp */
1674#undef USE_LIBEDIT
1675
1676/* Use Linux audit module */
1677#undef USE_LINUX_AUDIT
1678
1679/* Enable OpenSSL engine support */
1680#undef USE_OPENSSL_ENGINE
1681
1682/* Define if you want to enable PAM support */
1683#undef USE_PAM
1684
1685/* Use PIPES instead of a socketpair() */
1686#undef USE_PIPES
1687
1688/* Define if you have Solaris privileges */
1689#undef USE_SOLARIS_PRIVS
1690
1691/* Define if you have Solaris process contracts */
1692#undef USE_SOLARIS_PROCESS_CONTRACTS
1693
1694/* Define if you have Solaris projects */
1695#undef USE_SOLARIS_PROJECTS
1696
1697/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
1698#undef WITH_ABBREV_NO_TTY
1699
1700/* Define if you want to enable AIX4's authenticate function */
1701#undef WITH_AIXAUTHENTICATE
1702
1703/* Define if you have/want arrays (cluster-wide session managment, not C
1704 arrays) */
1705#undef WITH_IRIX_ARRAY
1706
1707/* Define if you want IRIX audit trails */
1708#undef WITH_IRIX_AUDIT
1709
1710/* Define if you want IRIX kernel jobs */
1711#undef WITH_IRIX_JOBS
1712
1713/* Define if you want IRIX project management */
1714#undef WITH_IRIX_PROJECT
1715
1716/* use libcrypto for cryptography */
1717#undef WITH_OPENSSL
1718
1719/* Define if you want SELinux support. */
1720#undef WITH_SELINUX
1721
1722/* include SSH protocol version 1 support */
1723#undef WITH_SSH1
1724
1725/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
1726 significant byte first (like Motorola and SPARC, unlike Intel). */
1727#if defined AC_APPLE_UNIVERSAL_BUILD
1728# if defined __BIG_ENDIAN__
1729# define WORDS_BIGENDIAN 1
1730# endif
1731#else
1732# ifndef WORDS_BIGENDIAN
1733# undef WORDS_BIGENDIAN
1734# endif
1735#endif
1736
1737/* Define if xauth is found in your path */
1738#undef XAUTH_PATH
1739
1740/* Enable large inode numbers on Mac OS X 10.5. */
1741#ifndef _DARWIN_USE_64_BIT_INODE
1742# define _DARWIN_USE_64_BIT_INODE 1
1743#endif
1744
1745/* Number of bits in a file offset, on hosts where this is settable. */
1746#undef _FILE_OFFSET_BITS
1747
1748/* Define for large files, on AIX-style hosts. */
1749#undef _LARGE_FILES
1750
1751/* log for bad login attempts */
1752#undef _PATH_BTMP
1753
1754/* Full path of your "passwd" program */
1755#undef _PATH_PASSWD_PROG
1756
1757/* Specify location of ssh.pid */
1758#undef _PATH_SSH_PIDDIR
1759
1760/* Define if we don't have struct __res_state in resolv.h */
1761#undef __res_state
1762
1763/* Define to `__inline__' or `__inline' if that's what the C compiler
1764 calls it, or to nothing if 'inline' is not supported under any name. */
1765#ifndef __cplusplus
1766#undef inline
1767#endif
1768
1769/* type to use in place of socklen_t if not defined */
1770#undef socklen_t
diff --git a/configure b/configure
new file mode 100755
index 000000000..5eaaa392f
--- /dev/null
+++ b/configure
@@ -0,0 +1,20446 @@
1#! /bin/sh
2# From configure.ac Revision: 1.583 .
3# Guess values for system-dependent variables and create Makefiles.
4# Generated by GNU Autoconf 2.69 for OpenSSH Portable.
5#
6# Report bugs to <openssh-unix-dev@mindrot.org>.
7#
8#
9# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
10#
11#
12# This configure script is free software; the Free Software Foundation
13# gives unlimited permission to copy, distribute and modify it.
14## -------------------- ##
15## M4sh Initialization. ##
16## -------------------- ##
17
18# Be more Bourne compatible
19DUALCASE=1; export DUALCASE # for MKS sh
20if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
21 emulate sh
22 NULLCMD=:
23 # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
24 # is contrary to our usage. Disable this feature.
25 alias -g '${1+"$@"}'='"$@"'
26 setopt NO_GLOB_SUBST
27else
28 case `(set -o) 2>/dev/null` in #(
29 *posix*) :
30 set -o posix ;; #(
31 *) :
32 ;;
33esac
34fi
35
36
37as_nl='
38'
39export as_nl
40# Printing a long string crashes Solaris 7 /usr/bin/printf.
41as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
42as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
43as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
44# Prefer a ksh shell builtin over an external printf program on Solaris,
45# but without wasting forks for bash or zsh.
46if test -z "$BASH_VERSION$ZSH_VERSION" \
47 && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
48 as_echo='print -r --'
49 as_echo_n='print -rn --'
50elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
51 as_echo='printf %s\n'
52 as_echo_n='printf %s'
53else
54 if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
55 as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
56 as_echo_n='/usr/ucb/echo -n'
57 else
58 as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
59 as_echo_n_body='eval
60 arg=$1;
61 case $arg in #(
62 *"$as_nl"*)
63 expr "X$arg" : "X\\(.*\\)$as_nl";
64 arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
65 esac;
66 expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
67 '
68 export as_echo_n_body
69 as_echo_n='sh -c $as_echo_n_body as_echo'
70 fi
71 export as_echo_body
72 as_echo='sh -c $as_echo_body as_echo'
73fi
74
75# The user is always right.
76if test "${PATH_SEPARATOR+set}" != set; then
77 PATH_SEPARATOR=:
78 (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
79 (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
80 PATH_SEPARATOR=';'
81 }
82fi
83
84
85# IFS
86# We need space, tab and new line, in precisely that order. Quoting is
87# there to prevent editors from complaining about space-tab.
88# (If _AS_PATH_WALK were called with IFS unset, it would disable word
89# splitting by setting IFS to empty value.)
90IFS=" "" $as_nl"
91
92# Find who we are. Look in the path if we contain no directory separator.
93as_myself=
94case $0 in #((
95 *[\\/]* ) as_myself=$0 ;;
96 *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
97for as_dir in $PATH
98do
99 IFS=$as_save_IFS
100 test -z "$as_dir" && as_dir=.
101 test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
102 done
103IFS=$as_save_IFS
104
105 ;;
106esac
107# We did not find ourselves, most probably we were run as `sh COMMAND'
108# in which case we are not to be found in the path.
109if test "x$as_myself" = x; then
110 as_myself=$0
111fi
112if test ! -f "$as_myself"; then
113 $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
114 exit 1
115fi
116
117# Unset variables that we do not need and which cause bugs (e.g. in
118# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
119# suppresses any "Segmentation fault" message there. '((' could
120# trigger a bug in pdksh 5.2.14.
121for as_var in BASH_ENV ENV MAIL MAILPATH
122do eval test x\${$as_var+set} = xset \
123 && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
124done
125PS1='$ '
126PS2='> '
127PS4='+ '
128
129# NLS nuisances.
130LC_ALL=C
131export LC_ALL
132LANGUAGE=C
133export LANGUAGE
134
135# CDPATH.
136(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
137
138# Use a proper internal environment variable to ensure we don't fall
139 # into an infinite loop, continuously re-executing ourselves.
140 if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
141 _as_can_reexec=no; export _as_can_reexec;
142 # We cannot yet assume a decent shell, so we have to provide a
143# neutralization value for shells without unset; and this also
144# works around shells that cannot unset nonexistent variables.
145# Preserve -v and -x to the replacement shell.
146BASH_ENV=/dev/null
147ENV=/dev/null
148(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
149case $- in # ((((
150 *v*x* | *x*v* ) as_opts=-vx ;;
151 *v* ) as_opts=-v ;;
152 *x* ) as_opts=-x ;;
153 * ) as_opts= ;;
154esac
155exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
156# Admittedly, this is quite paranoid, since all the known shells bail
157# out after a failed `exec'.
158$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
159as_fn_exit 255
160 fi
161 # We don't want this to propagate to other subprocesses.
162 { _as_can_reexec=; unset _as_can_reexec;}
163if test "x$CONFIG_SHELL" = x; then
164 as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
165 emulate sh
166 NULLCMD=:
167 # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
168 # is contrary to our usage. Disable this feature.
169 alias -g '\${1+\"\$@\"}'='\"\$@\"'
170 setopt NO_GLOB_SUBST
171else
172 case \`(set -o) 2>/dev/null\` in #(
173 *posix*) :
174 set -o posix ;; #(
175 *) :
176 ;;
177esac
178fi
179"
180 as_required="as_fn_return () { (exit \$1); }
181as_fn_success () { as_fn_return 0; }
182as_fn_failure () { as_fn_return 1; }
183as_fn_ret_success () { return 0; }
184as_fn_ret_failure () { return 1; }
185
186exitcode=0
187as_fn_success || { exitcode=1; echo as_fn_success failed.; }
188as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
189as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
190as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
191if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
192
193else
194 exitcode=1; echo positional parameters were not saved.
195fi
196test x\$exitcode = x0 || exit 1
197test -x / || exit 1"
198 as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
199 as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
200 eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
201 test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
202test \$(( 1 + 1 )) = 2 || exit 1"
203 if (eval "$as_required") 2>/dev/null; then :
204 as_have_required=yes
205else
206 as_have_required=no
207fi
208 if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
209
210else
211 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
212as_found=false
213for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
214do
215 IFS=$as_save_IFS
216 test -z "$as_dir" && as_dir=.
217 as_found=:
218 case $as_dir in #(
219 /*)
220 for as_base in sh bash ksh sh5; do
221 # Try only shells that exist, to save several forks.
222 as_shell=$as_dir/$as_base
223 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
224 { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
225 CONFIG_SHELL=$as_shell as_have_required=yes
226 if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
227 break 2
228fi
229fi
230 done;;
231 esac
232 as_found=false
233done
234$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
235 { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
236 CONFIG_SHELL=$SHELL as_have_required=yes
237fi; }
238IFS=$as_save_IFS
239
240
241 if test "x$CONFIG_SHELL" != x; then :
242 export CONFIG_SHELL
243 # We cannot yet assume a decent shell, so we have to provide a
244# neutralization value for shells without unset; and this also
245# works around shells that cannot unset nonexistent variables.
246# Preserve -v and -x to the replacement shell.
247BASH_ENV=/dev/null
248ENV=/dev/null
249(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
250case $- in # ((((
251 *v*x* | *x*v* ) as_opts=-vx ;;
252 *v* ) as_opts=-v ;;
253 *x* ) as_opts=-x ;;
254 * ) as_opts= ;;
255esac
256exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
257# Admittedly, this is quite paranoid, since all the known shells bail
258# out after a failed `exec'.
259$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
260exit 255
261fi
262
263 if test x$as_have_required = xno; then :
264 $as_echo "$0: This script requires a shell more modern than all"
265 $as_echo "$0: the shells that I found on your system."
266 if test x${ZSH_VERSION+set} = xset ; then
267 $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
268 $as_echo "$0: be upgraded to zsh 4.3.4 or later."
269 else
270 $as_echo "$0: Please tell bug-autoconf@gnu.org and
271$0: openssh-unix-dev@mindrot.org about your system,
272$0: including any error possibly output before this
273$0: message. Then install a modern shell, or manually run
274$0: the script under such a shell if you do have one."
275 fi
276 exit 1
277fi
278fi
279fi
280SHELL=${CONFIG_SHELL-/bin/sh}
281export SHELL
282# Unset more variables known to interfere with behavior of common tools.
283CLICOLOR_FORCE= GREP_OPTIONS=
284unset CLICOLOR_FORCE GREP_OPTIONS
285
286## --------------------- ##
287## M4sh Shell Functions. ##
288## --------------------- ##
289# as_fn_unset VAR
290# ---------------
291# Portably unset VAR.
292as_fn_unset ()
293{
294 { eval $1=; unset $1;}
295}
296as_unset=as_fn_unset
297
298# as_fn_set_status STATUS
299# -----------------------
300# Set $? to STATUS, without forking.
301as_fn_set_status ()
302{
303 return $1
304} # as_fn_set_status
305
306# as_fn_exit STATUS
307# -----------------
308# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
309as_fn_exit ()
310{
311 set +e
312 as_fn_set_status $1
313 exit $1
314} # as_fn_exit
315
316# as_fn_mkdir_p
317# -------------
318# Create "$as_dir" as a directory, including parents if necessary.
319as_fn_mkdir_p ()
320{
321
322 case $as_dir in #(
323 -*) as_dir=./$as_dir;;
324 esac
325 test -d "$as_dir" || eval $as_mkdir_p || {
326 as_dirs=
327 while :; do
328 case $as_dir in #(
329 *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
330 *) as_qdir=$as_dir;;
331 esac
332 as_dirs="'$as_qdir' $as_dirs"
333 as_dir=`$as_dirname -- "$as_dir" ||
334$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
335 X"$as_dir" : 'X\(//\)[^/]' \| \
336 X"$as_dir" : 'X\(//\)$' \| \
337 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
338$as_echo X"$as_dir" |
339 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
340 s//\1/
341 q
342 }
343 /^X\(\/\/\)[^/].*/{
344 s//\1/
345 q
346 }
347 /^X\(\/\/\)$/{
348 s//\1/
349 q
350 }
351 /^X\(\/\).*/{
352 s//\1/
353 q
354 }
355 s/.*/./; q'`
356 test -d "$as_dir" && break
357 done
358 test -z "$as_dirs" || eval "mkdir $as_dirs"
359 } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
360
361
362} # as_fn_mkdir_p
363
364# as_fn_executable_p FILE
365# -----------------------
366# Test if FILE is an executable regular file.
367as_fn_executable_p ()
368{
369 test -f "$1" && test -x "$1"
370} # as_fn_executable_p
371# as_fn_append VAR VALUE
372# ----------------------
373# Append the text in VALUE to the end of the definition contained in VAR. Take
374# advantage of any shell optimizations that allow amortized linear growth over
375# repeated appends, instead of the typical quadratic growth present in naive
376# implementations.
377if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
378 eval 'as_fn_append ()
379 {
380 eval $1+=\$2
381 }'
382else
383 as_fn_append ()
384 {
385 eval $1=\$$1\$2
386 }
387fi # as_fn_append
388
389# as_fn_arith ARG...
390# ------------------
391# Perform arithmetic evaluation on the ARGs, and store the result in the
392# global $as_val. Take advantage of shells that can avoid forks. The arguments
393# must be portable across $(()) and expr.
394if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
395 eval 'as_fn_arith ()
396 {
397 as_val=$(( $* ))
398 }'
399else
400 as_fn_arith ()
401 {
402 as_val=`expr "$@" || test $? -eq 1`
403 }
404fi # as_fn_arith
405
406
407# as_fn_error STATUS ERROR [LINENO LOG_FD]
408# ----------------------------------------
409# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
410# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
411# script with STATUS, using 1 if that was 0.
412as_fn_error ()
413{
414 as_status=$1; test $as_status -eq 0 && as_status=1
415 if test "$4"; then
416 as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
417 $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
418 fi
419 $as_echo "$as_me: error: $2" >&2
420 as_fn_exit $as_status
421} # as_fn_error
422
423if expr a : '\(a\)' >/dev/null 2>&1 &&
424 test "X`expr 00001 : '.*\(...\)'`" = X001; then
425 as_expr=expr
426else
427 as_expr=false
428fi
429
430if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
431 as_basename=basename
432else
433 as_basename=false
434fi
435
436if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
437 as_dirname=dirname
438else
439 as_dirname=false
440fi
441
442as_me=`$as_basename -- "$0" ||
443$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
444 X"$0" : 'X\(//\)$' \| \
445 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
446$as_echo X/"$0" |
447 sed '/^.*\/\([^/][^/]*\)\/*$/{
448 s//\1/
449 q
450 }
451 /^X\/\(\/\/\)$/{
452 s//\1/
453 q
454 }
455 /^X\/\(\/\).*/{
456 s//\1/
457 q
458 }
459 s/.*/./; q'`
460
461# Avoid depending upon Character Ranges.
462as_cr_letters='abcdefghijklmnopqrstuvwxyz'
463as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
464as_cr_Letters=$as_cr_letters$as_cr_LETTERS
465as_cr_digits='0123456789'
466as_cr_alnum=$as_cr_Letters$as_cr_digits
467
468
469 as_lineno_1=$LINENO as_lineno_1a=$LINENO
470 as_lineno_2=$LINENO as_lineno_2a=$LINENO
471 eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
472 test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
473 # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
474 sed -n '
475 p
476 /[$]LINENO/=
477 ' <$as_myself |
478 sed '
479 s/[$]LINENO.*/&-/
480 t lineno
481 b
482 :lineno
483 N
484 :loop
485 s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
486 t loop
487 s/-\n.*//
488 ' >$as_me.lineno &&
489 chmod +x "$as_me.lineno" ||
490 { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
491
492 # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
493 # already done that, so ensure we don't try to do so again and fall
494 # in an infinite loop. This has already happened in practice.
495 _as_can_reexec=no; export _as_can_reexec
496 # Don't try to exec as it changes $[0], causing all sort of problems
497 # (the dirname of $[0] is not the place where we might find the
498 # original and so on. Autoconf is especially sensitive to this).
499 . "./$as_me.lineno"
500 # Exit status is that of the last command.
501 exit
502}
503
504ECHO_C= ECHO_N= ECHO_T=
505case `echo -n x` in #(((((
506-n*)
507 case `echo 'xy\c'` in
508 *c*) ECHO_T=' ';; # ECHO_T is single tab character.
509 xy) ECHO_C='\c';;
510 *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
511 ECHO_T=' ';;
512 esac;;
513*)
514 ECHO_N='-n';;
515esac
516
517rm -f conf$$ conf$$.exe conf$$.file
518if test -d conf$$.dir; then
519 rm -f conf$$.dir/conf$$.file
520else
521 rm -f conf$$.dir
522 mkdir conf$$.dir 2>/dev/null
523fi
524if (echo >conf$$.file) 2>/dev/null; then
525 if ln -s conf$$.file conf$$ 2>/dev/null; then
526 as_ln_s='ln -s'
527 # ... but there are two gotchas:
528 # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
529 # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
530 # In both cases, we have to default to `cp -pR'.
531 ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
532 as_ln_s='cp -pR'
533 elif ln conf$$.file conf$$ 2>/dev/null; then
534 as_ln_s=ln
535 else
536 as_ln_s='cp -pR'
537 fi
538else
539 as_ln_s='cp -pR'
540fi
541rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
542rmdir conf$$.dir 2>/dev/null
543
544if mkdir -p . 2>/dev/null; then
545 as_mkdir_p='mkdir -p "$as_dir"'
546else
547 test -d ./-p && rmdir ./-p
548 as_mkdir_p=false
549fi
550
551as_test_x='test -x'
552as_executable_p=as_fn_executable_p
553
554# Sed expression to map a string onto a valid CPP name.
555as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
556
557# Sed expression to map a string onto a valid variable name.
558as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
559
560
561test -n "$DJDIR" || exec 7<&0 </dev/null
562exec 6>&1
563
564# Name of the host.
565# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
566# so uname gets run too.
567ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
568
569#
570# Initializations.
571#
572ac_default_prefix=/usr/local
573ac_clean_files=
574ac_config_libobj_dir=.
575LIBOBJS=
576cross_compiling=no
577subdirs=
578MFLAGS=
579MAKEFLAGS=
580
581# Identity of this package.
582PACKAGE_NAME='OpenSSH'
583PACKAGE_TARNAME='openssh'
584PACKAGE_VERSION='Portable'
585PACKAGE_STRING='OpenSSH Portable'
586PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org'
587PACKAGE_URL=''
588
589ac_unique_file="ssh.c"
590# Factoring default headers for most tests.
591ac_includes_default="\
592#include <stdio.h>
593#ifdef HAVE_SYS_TYPES_H
594# include <sys/types.h>
595#endif
596#ifdef HAVE_SYS_STAT_H
597# include <sys/stat.h>
598#endif
599#ifdef STDC_HEADERS
600# include <stdlib.h>
601# include <stddef.h>
602#else
603# ifdef HAVE_STDLIB_H
604# include <stdlib.h>
605# endif
606#endif
607#ifdef HAVE_STRING_H
608# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
609# include <memory.h>
610# endif
611# include <string.h>
612#endif
613#ifdef HAVE_STRINGS_H
614# include <strings.h>
615#endif
616#ifdef HAVE_INTTYPES_H
617# include <inttypes.h>
618#endif
619#ifdef HAVE_STDINT_H
620# include <stdint.h>
621#endif
622#ifdef HAVE_UNISTD_H
623# include <unistd.h>
624#endif"
625
626ac_subst_vars='LTLIBOBJS
627LIBOBJS
628UNSUPPORTED_ALGORITHMS
629TEST_MALLOC_OPTIONS
630TEST_SSH_UTF8
631TEST_SSH_IPV6
632piddir
633user_path
634mansubdir
635MANTYPE
636XAUTH_PATH
637STRIP_OPT
638xauth_path
639PRIVSEP_PATH
640K5LIBS
641GSSLIBS
642KRB5CONF
643SSHDLIBS
644SSHLIBS
645SSH_PRIVSEP_USER
646COMMENT_OUT_ECC
647TEST_SSH_ECC
648LIBEDIT
649PKGCONFIG
650LDNSCONFIG
651COMMENT_OUT_RSA1
652LD
653PATH_PASSWD_PROG
654STARTUP_SCRIPT_SHELL
655MAKE_PACKAGE_SUPPORTED
656PATH_USERADD_PROG
657PATH_GROUPADD_PROG
658MANFMT
659TEST_SHELL
660MANDOC
661NROFF
662GROFF
663SH
664TEST_MINUS_S_SH
665ENT
666SED
667PERL
668KILL
669CAT
670ac_ct_AR
671AR
672INSTALL_DATA
673INSTALL_SCRIPT
674INSTALL_PROGRAM
675RANLIB
676AWK
677EGREP
678GREP
679CPP
680host_os
681host_vendor
682host_cpu
683host
684build_os
685build_vendor
686build_cpu
687build
688OBJEXT
689EXEEXT
690ac_ct_CC
691CPPFLAGS
692LDFLAGS
693CFLAGS
694CC
695target_alias
696host_alias
697build_alias
698LIBS
699ECHO_T
700ECHO_N
701ECHO_C
702DEFS
703mandir
704localedir
705libdir
706psdir
707pdfdir
708dvidir
709htmldir
710infodir
711docdir
712oldincludedir
713includedir
714localstatedir
715sharedstatedir
716sysconfdir
717datadir
718datarootdir
719libexecdir
720sbindir
721bindir
722program_transform_name
723prefix
724exec_prefix
725PACKAGE_URL
726PACKAGE_BUGREPORT
727PACKAGE_STRING
728PACKAGE_VERSION
729PACKAGE_TARNAME
730PACKAGE_NAME
731PATH_SEPARATOR
732SHELL'
733ac_subst_files=''
734ac_user_opts='
735enable_option_checking
736enable_largefile
737with_openssl
738with_ssh1
739with_stackprotect
740with_hardening
741with_rpath
742with_cflags
743with_cppflags
744with_ldflags
745with_libs
746with_Werror
747with_solaris_contracts
748with_solaris_projects
749with_solaris_privs
750with_osfsia
751with_zlib
752with_zlib_version_check
753with_skey
754with_ldns
755with_libedit
756with_audit
757with_pie
758enable_pkcs11
759with_ssl_dir
760with_openssl_header_check
761with_ssl_engine
762with_prngd_port
763with_prngd_socket
764with_pam
765with_pam_service
766with_privsep_user
767with_sandbox
768with_selinux
769with_kerberos5
770with_privsep_path
771with_xauth
772enable_strip
773with_maildir
774with_mantype
775with_md5_passwords
776with_shadow
777with_ipaddr_display
778enable_etc_default_login
779with_default_path
780with_superuser_path
781with_4in6
782with_bsd_auth
783with_pid_dir
784enable_lastlog
785enable_utmp
786enable_utmpx
787enable_wtmp
788enable_wtmpx
789enable_libutil
790enable_pututline
791enable_pututxline
792with_lastlog
793'
794 ac_precious_vars='build_alias
795host_alias
796target_alias
797CC
798CFLAGS
799LDFLAGS
800LIBS
801CPPFLAGS
802CPP'
803
804
805# Initialize some variables set by options.
806ac_init_help=
807ac_init_version=false
808ac_unrecognized_opts=
809ac_unrecognized_sep=
810# The variables have the same names as the options, with
811# dashes changed to underlines.
812cache_file=/dev/null
813exec_prefix=NONE
814no_create=
815no_recursion=
816prefix=NONE
817program_prefix=NONE
818program_suffix=NONE
819program_transform_name=s,x,x,
820silent=
821site=
822srcdir=
823verbose=
824x_includes=NONE
825x_libraries=NONE
826
827# Installation directory options.
828# These are left unexpanded so users can "make install exec_prefix=/foo"
829# and all the variables that are supposed to be based on exec_prefix
830# by default will actually change.
831# Use braces instead of parens because sh, perl, etc. also accept them.
832# (The list follows the same order as the GNU Coding Standards.)
833bindir='${exec_prefix}/bin'
834sbindir='${exec_prefix}/sbin'
835libexecdir='${exec_prefix}/libexec'
836datarootdir='${prefix}/share'
837datadir='${datarootdir}'
838sysconfdir='${prefix}/etc'
839sharedstatedir='${prefix}/com'
840localstatedir='${prefix}/var'
841includedir='${prefix}/include'
842oldincludedir='/usr/include'
843docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
844infodir='${datarootdir}/info'
845htmldir='${docdir}'
846dvidir='${docdir}'
847pdfdir='${docdir}'
848psdir='${docdir}'
849libdir='${exec_prefix}/lib'
850localedir='${datarootdir}/locale'
851mandir='${datarootdir}/man'
852
853ac_prev=
854ac_dashdash=
855for ac_option
856do
857 # If the previous option needs an argument, assign it.
858 if test -n "$ac_prev"; then
859 eval $ac_prev=\$ac_option
860 ac_prev=
861 continue
862 fi
863
864 case $ac_option in
865 *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
866 *=) ac_optarg= ;;
867 *) ac_optarg=yes ;;
868 esac
869
870 # Accept the important Cygnus configure options, so we can diagnose typos.
871
872 case $ac_dashdash$ac_option in
873 --)
874 ac_dashdash=yes ;;
875
876 -bindir | --bindir | --bindi | --bind | --bin | --bi)
877 ac_prev=bindir ;;
878 -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
879 bindir=$ac_optarg ;;
880
881 -build | --build | --buil | --bui | --bu)
882 ac_prev=build_alias ;;
883 -build=* | --build=* | --buil=* | --bui=* | --bu=*)
884 build_alias=$ac_optarg ;;
885
886 -cache-file | --cache-file | --cache-fil | --cache-fi \
887 | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
888 ac_prev=cache_file ;;
889 -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
890 | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
891 cache_file=$ac_optarg ;;
892
893 --config-cache | -C)
894 cache_file=config.cache ;;
895
896 -datadir | --datadir | --datadi | --datad)
897 ac_prev=datadir ;;
898 -datadir=* | --datadir=* | --datadi=* | --datad=*)
899 datadir=$ac_optarg ;;
900
901 -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
902 | --dataroo | --dataro | --datar)
903 ac_prev=datarootdir ;;
904 -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
905 | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
906 datarootdir=$ac_optarg ;;
907
908 -disable-* | --disable-*)
909 ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
910 # Reject names that are not valid shell variable names.
911 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
912 as_fn_error $? "invalid feature name: $ac_useropt"
913 ac_useropt_orig=$ac_useropt
914 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
915 case $ac_user_opts in
916 *"
917"enable_$ac_useropt"
918"*) ;;
919 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
920 ac_unrecognized_sep=', ';;
921 esac
922 eval enable_$ac_useropt=no ;;
923
924 -docdir | --docdir | --docdi | --doc | --do)
925 ac_prev=docdir ;;
926 -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
927 docdir=$ac_optarg ;;
928
929 -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
930 ac_prev=dvidir ;;
931 -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
932 dvidir=$ac_optarg ;;
933
934 -enable-* | --enable-*)
935 ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
936 # Reject names that are not valid shell variable names.
937 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
938 as_fn_error $? "invalid feature name: $ac_useropt"
939 ac_useropt_orig=$ac_useropt
940 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
941 case $ac_user_opts in
942 *"
943"enable_$ac_useropt"
944"*) ;;
945 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
946 ac_unrecognized_sep=', ';;
947 esac
948 eval enable_$ac_useropt=\$ac_optarg ;;
949
950 -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
951 | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
952 | --exec | --exe | --ex)
953 ac_prev=exec_prefix ;;
954 -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
955 | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
956 | --exec=* | --exe=* | --ex=*)
957 exec_prefix=$ac_optarg ;;
958
959 -gas | --gas | --ga | --g)
960 # Obsolete; use --with-gas.
961 with_gas=yes ;;
962
963 -help | --help | --hel | --he | -h)
964 ac_init_help=long ;;
965 -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
966 ac_init_help=recursive ;;
967 -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
968 ac_init_help=short ;;
969
970 -host | --host | --hos | --ho)
971 ac_prev=host_alias ;;
972 -host=* | --host=* | --hos=* | --ho=*)
973 host_alias=$ac_optarg ;;
974
975 -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
976 ac_prev=htmldir ;;
977 -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
978 | --ht=*)
979 htmldir=$ac_optarg ;;
980
981 -includedir | --includedir | --includedi | --included | --include \
982 | --includ | --inclu | --incl | --inc)
983 ac_prev=includedir ;;
984 -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
985 | --includ=* | --inclu=* | --incl=* | --inc=*)
986 includedir=$ac_optarg ;;
987
988 -infodir | --infodir | --infodi | --infod | --info | --inf)
989 ac_prev=infodir ;;
990 -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
991 infodir=$ac_optarg ;;
992
993 -libdir | --libdir | --libdi | --libd)
994 ac_prev=libdir ;;
995 -libdir=* | --libdir=* | --libdi=* | --libd=*)
996 libdir=$ac_optarg ;;
997
998 -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
999 | --libexe | --libex | --libe)
1000 ac_prev=libexecdir ;;
1001 -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
1002 | --libexe=* | --libex=* | --libe=*)
1003 libexecdir=$ac_optarg ;;
1004
1005 -localedir | --localedir | --localedi | --localed | --locale)
1006 ac_prev=localedir ;;
1007 -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
1008 localedir=$ac_optarg ;;
1009
1010 -localstatedir | --localstatedir | --localstatedi | --localstated \
1011 | --localstate | --localstat | --localsta | --localst | --locals)
1012 ac_prev=localstatedir ;;
1013 -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
1014 | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
1015 localstatedir=$ac_optarg ;;
1016
1017 -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
1018 ac_prev=mandir ;;
1019 -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
1020 mandir=$ac_optarg ;;
1021
1022 -nfp | --nfp | --nf)
1023 # Obsolete; use --without-fp.
1024 with_fp=no ;;
1025
1026 -no-create | --no-create | --no-creat | --no-crea | --no-cre \
1027 | --no-cr | --no-c | -n)
1028 no_create=yes ;;
1029
1030 -no-recursion | --no-recursion | --no-recursio | --no-recursi \
1031 | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
1032 no_recursion=yes ;;
1033
1034 -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
1035 | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
1036 | --oldin | --oldi | --old | --ol | --o)
1037 ac_prev=oldincludedir ;;
1038 -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
1039 | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
1040 | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
1041 oldincludedir=$ac_optarg ;;
1042
1043 -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
1044 ac_prev=prefix ;;
1045 -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
1046 prefix=$ac_optarg ;;
1047
1048 -program-prefix | --program-prefix | --program-prefi | --program-pref \
1049 | --program-pre | --program-pr | --program-p)
1050 ac_prev=program_prefix ;;
1051 -program-prefix=* | --program-prefix=* | --program-prefi=* \
1052 | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
1053 program_prefix=$ac_optarg ;;
1054
1055 -program-suffix | --program-suffix | --program-suffi | --program-suff \
1056 | --program-suf | --program-su | --program-s)
1057 ac_prev=program_suffix ;;
1058 -program-suffix=* | --program-suffix=* | --program-suffi=* \
1059 | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
1060 program_suffix=$ac_optarg ;;
1061
1062 -program-transform-name | --program-transform-name \
1063 | --program-transform-nam | --program-transform-na \
1064 | --program-transform-n | --program-transform- \
1065 | --program-transform | --program-transfor \
1066 | --program-transfo | --program-transf \
1067 | --program-trans | --program-tran \
1068 | --progr-tra | --program-tr | --program-t)
1069 ac_prev=program_transform_name ;;
1070 -program-transform-name=* | --program-transform-name=* \
1071 | --program-transform-nam=* | --program-transform-na=* \
1072 | --program-transform-n=* | --program-transform-=* \
1073 | --program-transform=* | --program-transfor=* \
1074 | --program-transfo=* | --program-transf=* \
1075 | --program-trans=* | --program-tran=* \
1076 | --progr-tra=* | --program-tr=* | --program-t=*)
1077 program_transform_name=$ac_optarg ;;
1078
1079 -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
1080 ac_prev=pdfdir ;;
1081 -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
1082 pdfdir=$ac_optarg ;;
1083
1084 -psdir | --psdir | --psdi | --psd | --ps)
1085 ac_prev=psdir ;;
1086 -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
1087 psdir=$ac_optarg ;;
1088
1089 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
1090 | -silent | --silent | --silen | --sile | --sil)
1091 silent=yes ;;
1092
1093 -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
1094 ac_prev=sbindir ;;
1095 -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
1096 | --sbi=* | --sb=*)
1097 sbindir=$ac_optarg ;;
1098
1099 -sharedstatedir | --sharedstatedir | --sharedstatedi \
1100 | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
1101 | --sharedst | --shareds | --shared | --share | --shar \
1102 | --sha | --sh)
1103 ac_prev=sharedstatedir ;;
1104 -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
1105 | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
1106 | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
1107 | --sha=* | --sh=*)
1108 sharedstatedir=$ac_optarg ;;
1109
1110 -site | --site | --sit)
1111 ac_prev=site ;;
1112 -site=* | --site=* | --sit=*)
1113 site=$ac_optarg ;;
1114
1115 -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
1116 ac_prev=srcdir ;;
1117 -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
1118 srcdir=$ac_optarg ;;
1119
1120 -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
1121 | --syscon | --sysco | --sysc | --sys | --sy)
1122 ac_prev=sysconfdir ;;
1123 -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
1124 | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
1125 sysconfdir=$ac_optarg ;;
1126
1127 -target | --target | --targe | --targ | --tar | --ta | --t)
1128 ac_prev=target_alias ;;
1129 -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
1130 target_alias=$ac_optarg ;;
1131
1132 -v | -verbose | --verbose | --verbos | --verbo | --verb)
1133 verbose=yes ;;
1134
1135 -version | --version | --versio | --versi | --vers | -V)
1136 ac_init_version=: ;;
1137
1138 -with-* | --with-*)
1139 ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
1140 # Reject names that are not valid shell variable names.
1141 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1142 as_fn_error $? "invalid package name: $ac_useropt"
1143 ac_useropt_orig=$ac_useropt
1144 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1145 case $ac_user_opts in
1146 *"
1147"with_$ac_useropt"
1148"*) ;;
1149 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
1150 ac_unrecognized_sep=', ';;
1151 esac
1152 eval with_$ac_useropt=\$ac_optarg ;;
1153
1154 -without-* | --without-*)
1155 ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
1156 # Reject names that are not valid shell variable names.
1157 expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
1158 as_fn_error $? "invalid package name: $ac_useropt"
1159 ac_useropt_orig=$ac_useropt
1160 ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
1161 case $ac_user_opts in
1162 *"
1163"with_$ac_useropt"
1164"*) ;;
1165 *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
1166 ac_unrecognized_sep=', ';;
1167 esac
1168 eval with_$ac_useropt=no ;;
1169
1170 --x)
1171 # Obsolete; use --with-x.
1172 with_x=yes ;;
1173
1174 -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
1175 | --x-incl | --x-inc | --x-in | --x-i)
1176 ac_prev=x_includes ;;
1177 -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
1178 | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
1179 x_includes=$ac_optarg ;;
1180
1181 -x-libraries | --x-libraries | --x-librarie | --x-librari \
1182 | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
1183 ac_prev=x_libraries ;;
1184 -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
1185 | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
1186 x_libraries=$ac_optarg ;;
1187
1188 -*) as_fn_error $? "unrecognized option: \`$ac_option'
1189Try \`$0 --help' for more information"
1190 ;;
1191
1192 *=*)
1193 ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
1194 # Reject names that are not valid shell variable names.
1195 case $ac_envvar in #(
1196 '' | [0-9]* | *[!_$as_cr_alnum]* )
1197 as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
1198 esac
1199 eval $ac_envvar=\$ac_optarg
1200 export $ac_envvar ;;
1201
1202 *)
1203 # FIXME: should be removed in autoconf 3.0.
1204 $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
1205 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
1206 $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
1207 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
1208 ;;
1209
1210 esac
1211done
1212
1213if test -n "$ac_prev"; then
1214 ac_option=--`echo $ac_prev | sed 's/_/-/g'`
1215 as_fn_error $? "missing argument to $ac_option"
1216fi
1217
1218if test -n "$ac_unrecognized_opts"; then
1219 case $enable_option_checking in
1220 no) ;;
1221 fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
1222 *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
1223 esac
1224fi
1225
1226# Check all directory arguments for consistency.
1227for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
1228 datadir sysconfdir sharedstatedir localstatedir includedir \
1229 oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
1230 libdir localedir mandir
1231do
1232 eval ac_val=\$$ac_var
1233 # Remove trailing slashes.
1234 case $ac_val in
1235 */ )
1236 ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
1237 eval $ac_var=\$ac_val;;
1238 esac
1239 # Be sure to have absolute directory names.
1240 case $ac_val in
1241 [\\/$]* | ?:[\\/]* ) continue;;
1242 NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
1243 esac
1244 as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
1245done
1246
1247# There might be people who depend on the old broken behavior: `$host'
1248# used to hold the argument of --host etc.
1249# FIXME: To remove some day.
1250build=$build_alias
1251host=$host_alias
1252target=$target_alias
1253
1254# FIXME: To remove some day.
1255if test "x$host_alias" != x; then
1256 if test "x$build_alias" = x; then
1257 cross_compiling=maybe
1258 elif test "x$build_alias" != "x$host_alias"; then
1259 cross_compiling=yes
1260 fi
1261fi
1262
1263ac_tool_prefix=
1264test -n "$host_alias" && ac_tool_prefix=$host_alias-
1265
1266test "$silent" = yes && exec 6>/dev/null
1267
1268
1269ac_pwd=`pwd` && test -n "$ac_pwd" &&
1270ac_ls_di=`ls -di .` &&
1271ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
1272 as_fn_error $? "working directory cannot be determined"
1273test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
1274 as_fn_error $? "pwd does not report name of working directory"
1275
1276
1277# Find the source files, if location was not specified.
1278if test -z "$srcdir"; then
1279 ac_srcdir_defaulted=yes
1280 # Try the directory containing this script, then the parent directory.
1281 ac_confdir=`$as_dirname -- "$as_myself" ||
1282$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
1283 X"$as_myself" : 'X\(//\)[^/]' \| \
1284 X"$as_myself" : 'X\(//\)$' \| \
1285 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
1286$as_echo X"$as_myself" |
1287 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
1288 s//\1/
1289 q
1290 }
1291 /^X\(\/\/\)[^/].*/{
1292 s//\1/
1293 q
1294 }
1295 /^X\(\/\/\)$/{
1296 s//\1/
1297 q
1298 }
1299 /^X\(\/\).*/{
1300 s//\1/
1301 q
1302 }
1303 s/.*/./; q'`
1304 srcdir=$ac_confdir
1305 if test ! -r "$srcdir/$ac_unique_file"; then
1306 srcdir=..
1307 fi
1308else
1309 ac_srcdir_defaulted=no
1310fi
1311if test ! -r "$srcdir/$ac_unique_file"; then
1312 test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
1313 as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
1314fi
1315ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
1316ac_abs_confdir=`(
1317 cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
1318 pwd)`
1319# When building in place, set srcdir=.
1320if test "$ac_abs_confdir" = "$ac_pwd"; then
1321 srcdir=.
1322fi
1323# Remove unnecessary trailing slashes from srcdir.
1324# Double slashes in file names in object file debugging info
1325# mess up M-x gdb in Emacs.
1326case $srcdir in
1327*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
1328esac
1329for ac_var in $ac_precious_vars; do
1330 eval ac_env_${ac_var}_set=\${${ac_var}+set}
1331 eval ac_env_${ac_var}_value=\$${ac_var}
1332 eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
1333 eval ac_cv_env_${ac_var}_value=\$${ac_var}
1334done
1335
1336#
1337# Report the --help message.
1338#
1339if test "$ac_init_help" = "long"; then
1340 # Omit some internal or obsolete options to make the list less imposing.
1341 # This message is too long to be a string in the A/UX 3.1 sh.
1342 cat <<_ACEOF
1343\`configure' configures OpenSSH Portable to adapt to many kinds of systems.
1344
1345Usage: $0 [OPTION]... [VAR=VALUE]...
1346
1347To assign environment variables (e.g., CC, CFLAGS...), specify them as
1348VAR=VALUE. See below for descriptions of some of the useful variables.
1349
1350Defaults for the options are specified in brackets.
1351
1352Configuration:
1353 -h, --help display this help and exit
1354 --help=short display options specific to this package
1355 --help=recursive display the short help of all the included packages
1356 -V, --version display version information and exit
1357 -q, --quiet, --silent do not print \`checking ...' messages
1358 --cache-file=FILE cache test results in FILE [disabled]
1359 -C, --config-cache alias for \`--cache-file=config.cache'
1360 -n, --no-create do not create output files
1361 --srcdir=DIR find the sources in DIR [configure dir or \`..']
1362
1363Installation directories:
1364 --prefix=PREFIX install architecture-independent files in PREFIX
1365 [$ac_default_prefix]
1366 --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
1367 [PREFIX]
1368
1369By default, \`make install' will install all the files in
1370\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
1371an installation prefix other than \`$ac_default_prefix' using \`--prefix',
1372for instance \`--prefix=\$HOME'.
1373
1374For better control, use the options below.
1375
1376Fine tuning of the installation directories:
1377 --bindir=DIR user executables [EPREFIX/bin]
1378 --sbindir=DIR system admin executables [EPREFIX/sbin]
1379 --libexecdir=DIR program executables [EPREFIX/libexec]
1380 --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
1381 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
1382 --localstatedir=DIR modifiable single-machine data [PREFIX/var]
1383 --libdir=DIR object code libraries [EPREFIX/lib]
1384 --includedir=DIR C header files [PREFIX/include]
1385 --oldincludedir=DIR C header files for non-gcc [/usr/include]
1386 --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
1387 --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
1388 --infodir=DIR info documentation [DATAROOTDIR/info]
1389 --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
1390 --mandir=DIR man documentation [DATAROOTDIR/man]
1391 --docdir=DIR documentation root [DATAROOTDIR/doc/openssh]
1392 --htmldir=DIR html documentation [DOCDIR]
1393 --dvidir=DIR dvi documentation [DOCDIR]
1394 --pdfdir=DIR pdf documentation [DOCDIR]
1395 --psdir=DIR ps documentation [DOCDIR]
1396_ACEOF
1397
1398 cat <<\_ACEOF
1399
1400System types:
1401 --build=BUILD configure for building on BUILD [guessed]
1402 --host=HOST cross-compile to build programs to run on HOST [BUILD]
1403_ACEOF
1404fi
1405
1406if test -n "$ac_init_help"; then
1407 case $ac_init_help in
1408 short | recursive ) echo "Configuration of OpenSSH Portable:";;
1409 esac
1410 cat <<\_ACEOF
1411
1412Optional Features:
1413 --disable-option-checking ignore unrecognized --enable/--with options
1414 --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
1415 --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
1416 --disable-largefile omit support for large files
1417 --disable-pkcs11 disable PKCS#11 support code [no]
1418 --disable-strip Disable calling strip(1) on install
1419 --disable-etc-default-login Disable using PATH from /etc/default/login no
1420 --disable-lastlog disable use of lastlog even if detected no
1421 --disable-utmp disable use of utmp even if detected no
1422 --disable-utmpx disable use of utmpx even if detected no
1423 --disable-wtmp disable use of wtmp even if detected no
1424 --disable-wtmpx disable use of wtmpx even if detected no
1425 --disable-libutil disable use of libutil (login() etc.) no
1426 --disable-pututline disable use of pututline() etc. (uwtmp) no
1427 --disable-pututxline disable use of pututxline() etc. (uwtmpx) no
1428
1429Optional Packages:
1430 --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
1431 --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
1432 --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL**
1433 --with-ssh1 Enable support for SSH protocol 1
1434 --without-stackprotect Don't use compiler's stack protection
1435 --without-hardening Don't use toolchain hardening flags
1436 --without-rpath Disable auto-added -R linker paths
1437 --with-cflags Specify additional flags to pass to compiler
1438 --with-cppflags Specify additional flags to pass to preprocessor
1439 --with-ldflags Specify additional flags to pass to linker
1440 --with-libs Specify additional libraries to link with
1441 --with-Werror Build main code with -Werror
1442 --with-solaris-contracts Enable Solaris process contracts (experimental)
1443 --with-solaris-projects Enable Solaris projects (experimental)
1444 --with-solaris-privs Enable Solaris/Illumos privileges (experimental)
1445 --with-osfsia Enable Digital Unix SIA
1446 --with-zlib=PATH Use zlib in PATH
1447 --without-zlib-version-check Disable zlib version check
1448 --with-skey[=PATH] Enable S/Key support (optionally in PATH)
1449 --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
1450 --with-libedit[=PATH] Enable libedit support for sftp
1451 --with-audit=module Enable audit support (modules=debug,bsm,linux)
1452 --with-pie Build Position Independent Executables if possible
1453 --with-ssl-dir=PATH Specify path to OpenSSL installation
1454 --without-openssl-header-check Disable OpenSSL version consistency check
1455 --with-ssl-engine Enable OpenSSL (hardware) ENGINE support
1456 --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
1457 --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
1458 --with-pam Enable PAM support
1459 --with-pam-service=name Specify PAM service name
1460 --with-privsep-user=user Specify non-privileged user for privilege separation
1461 --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)
1462 --with-selinux Enable SELinux support
1463 --with-kerberos5=PATH Enable Kerberos 5 support
1464 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
1465 --with-xauth=PATH Specify path to xauth program
1466 --with-maildir=/path/to/mail Specify your system mail directory
1467 --with-mantype=man|cat|doc Set man page type
1468 --with-md5-passwords Enable use of MD5 passwords
1469 --without-shadow Disable shadow password support
1470 --with-ipaddr-display Use ip address instead of hostname in $DISPLAY
1471 --with-default-path= Specify default $PATH environment for server
1472 --with-superuser-path= Specify different path for super-user
1473 --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
1474 --with-bsd-auth Enable BSD auth support
1475 --with-pid-dir=PATH Specify location of ssh.pid file
1476 --with-lastlog=FILE|DIR specify lastlog location common locations
1477
1478Some influential environment variables:
1479 CC C compiler command
1480 CFLAGS C compiler flags
1481 LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
1482 nonstandard directory <lib dir>
1483 LIBS libraries to pass to the linker, e.g. -l<library>
1484 CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
1485 you have headers in a nonstandard directory <include dir>
1486 CPP C preprocessor
1487
1488Use these variables to override the choices made by `configure' or to help
1489it to find libraries and programs with nonstandard names/locations.
1490
1491Report bugs to <openssh-unix-dev@mindrot.org>.
1492_ACEOF
1493ac_status=$?
1494fi
1495
1496if test "$ac_init_help" = "recursive"; then
1497 # If there are subdirs, report their specific --help.
1498 for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
1499 test -d "$ac_dir" ||
1500 { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
1501 continue
1502 ac_builddir=.
1503
1504case "$ac_dir" in
1505.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
1506*)
1507 ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
1508 # A ".." for each directory in $ac_dir_suffix.
1509 ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
1510 case $ac_top_builddir_sub in
1511 "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
1512 *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
1513 esac ;;
1514esac
1515ac_abs_top_builddir=$ac_pwd
1516ac_abs_builddir=$ac_pwd$ac_dir_suffix
1517# for backward compatibility:
1518ac_top_builddir=$ac_top_build_prefix
1519
1520case $srcdir in
1521 .) # We are building in place.
1522 ac_srcdir=.
1523 ac_top_srcdir=$ac_top_builddir_sub
1524 ac_abs_top_srcdir=$ac_pwd ;;
1525 [\\/]* | ?:[\\/]* ) # Absolute name.
1526 ac_srcdir=$srcdir$ac_dir_suffix;
1527 ac_top_srcdir=$srcdir
1528 ac_abs_top_srcdir=$srcdir ;;
1529 *) # Relative name.
1530 ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
1531 ac_top_srcdir=$ac_top_build_prefix$srcdir
1532 ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
1533esac
1534ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
1535
1536 cd "$ac_dir" || { ac_status=$?; continue; }
1537 # Check for guested configure.
1538 if test -f "$ac_srcdir/configure.gnu"; then
1539 echo &&
1540 $SHELL "$ac_srcdir/configure.gnu" --help=recursive
1541 elif test -f "$ac_srcdir/configure"; then
1542 echo &&
1543 $SHELL "$ac_srcdir/configure" --help=recursive
1544 else
1545 $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
1546 fi || ac_status=$?
1547 cd "$ac_pwd" || { ac_status=$?; break; }
1548 done
1549fi
1550
1551test -n "$ac_init_help" && exit $ac_status
1552if $ac_init_version; then
1553 cat <<\_ACEOF
1554OpenSSH configure Portable
1555generated by GNU Autoconf 2.69
1556
1557Copyright (C) 2012 Free Software Foundation, Inc.
1558This configure script is free software; the Free Software Foundation
1559gives unlimited permission to copy, distribute and modify it.
1560_ACEOF
1561 exit
1562fi
1563
1564## ------------------------ ##
1565## Autoconf initialization. ##
1566## ------------------------ ##
1567
1568# ac_fn_c_try_compile LINENO
1569# --------------------------
1570# Try to compile conftest.$ac_ext, and return whether this succeeded.
1571ac_fn_c_try_compile ()
1572{
1573 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1574 rm -f conftest.$ac_objext
1575 if { { ac_try="$ac_compile"
1576case "(($ac_try" in
1577 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1578 *) ac_try_echo=$ac_try;;
1579esac
1580eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1581$as_echo "$ac_try_echo"; } >&5
1582 (eval "$ac_compile") 2>conftest.err
1583 ac_status=$?
1584 if test -s conftest.err; then
1585 grep -v '^ *+' conftest.err >conftest.er1
1586 cat conftest.er1 >&5
1587 mv -f conftest.er1 conftest.err
1588 fi
1589 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1590 test $ac_status = 0; } && {
1591 test -z "$ac_c_werror_flag" ||
1592 test ! -s conftest.err
1593 } && test -s conftest.$ac_objext; then :
1594 ac_retval=0
1595else
1596 $as_echo "$as_me: failed program was:" >&5
1597sed 's/^/| /' conftest.$ac_ext >&5
1598
1599 ac_retval=1
1600fi
1601 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1602 as_fn_set_status $ac_retval
1603
1604} # ac_fn_c_try_compile
1605
1606# ac_fn_c_try_run LINENO
1607# ----------------------
1608# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
1609# that executables *can* be run.
1610ac_fn_c_try_run ()
1611{
1612 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1613 if { { ac_try="$ac_link"
1614case "(($ac_try" in
1615 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1616 *) ac_try_echo=$ac_try;;
1617esac
1618eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1619$as_echo "$ac_try_echo"; } >&5
1620 (eval "$ac_link") 2>&5
1621 ac_status=$?
1622 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1623 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
1624 { { case "(($ac_try" in
1625 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1626 *) ac_try_echo=$ac_try;;
1627esac
1628eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1629$as_echo "$ac_try_echo"; } >&5
1630 (eval "$ac_try") 2>&5
1631 ac_status=$?
1632 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1633 test $ac_status = 0; }; }; then :
1634 ac_retval=0
1635else
1636 $as_echo "$as_me: program exited with status $ac_status" >&5
1637 $as_echo "$as_me: failed program was:" >&5
1638sed 's/^/| /' conftest.$ac_ext >&5
1639
1640 ac_retval=$ac_status
1641fi
1642 rm -rf conftest.dSYM conftest_ipa8_conftest.oo
1643 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1644 as_fn_set_status $ac_retval
1645
1646} # ac_fn_c_try_run
1647
1648# ac_fn_c_try_cpp LINENO
1649# ----------------------
1650# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
1651ac_fn_c_try_cpp ()
1652{
1653 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1654 if { { ac_try="$ac_cpp conftest.$ac_ext"
1655case "(($ac_try" in
1656 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1657 *) ac_try_echo=$ac_try;;
1658esac
1659eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1660$as_echo "$ac_try_echo"; } >&5
1661 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
1662 ac_status=$?
1663 if test -s conftest.err; then
1664 grep -v '^ *+' conftest.err >conftest.er1
1665 cat conftest.er1 >&5
1666 mv -f conftest.er1 conftest.err
1667 fi
1668 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1669 test $ac_status = 0; } > conftest.i && {
1670 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
1671 test ! -s conftest.err
1672 }; then :
1673 ac_retval=0
1674else
1675 $as_echo "$as_me: failed program was:" >&5
1676sed 's/^/| /' conftest.$ac_ext >&5
1677
1678 ac_retval=1
1679fi
1680 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1681 as_fn_set_status $ac_retval
1682
1683} # ac_fn_c_try_cpp
1684
1685# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
1686# -------------------------------------------------------
1687# Tests whether HEADER exists and can be compiled using the include files in
1688# INCLUDES, setting the cache variable VAR accordingly.
1689ac_fn_c_check_header_compile ()
1690{
1691 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1692 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1693$as_echo_n "checking for $2... " >&6; }
1694if eval \${$3+:} false; then :
1695 $as_echo_n "(cached) " >&6
1696else
1697 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1698/* end confdefs.h. */
1699$4
1700#include <$2>
1701_ACEOF
1702if ac_fn_c_try_compile "$LINENO"; then :
1703 eval "$3=yes"
1704else
1705 eval "$3=no"
1706fi
1707rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
1708fi
1709eval ac_res=\$$3
1710 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1711$as_echo "$ac_res" >&6; }
1712 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1713
1714} # ac_fn_c_check_header_compile
1715
1716# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
1717# ---------------------------------------------
1718# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
1719# accordingly.
1720ac_fn_c_check_decl ()
1721{
1722 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1723 as_decl_name=`echo $2|sed 's/ *(.*//'`
1724 as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
1725 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
1726$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
1727if eval \${$3+:} false; then :
1728 $as_echo_n "(cached) " >&6
1729else
1730 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1731/* end confdefs.h. */
1732$4
1733int
1734main ()
1735{
1736#ifndef $as_decl_name
1737#ifdef __cplusplus
1738 (void) $as_decl_use;
1739#else
1740 (void) $as_decl_name;
1741#endif
1742#endif
1743
1744 ;
1745 return 0;
1746}
1747_ACEOF
1748if ac_fn_c_try_compile "$LINENO"; then :
1749 eval "$3=yes"
1750else
1751 eval "$3=no"
1752fi
1753rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
1754fi
1755eval ac_res=\$$3
1756 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1757$as_echo "$ac_res" >&6; }
1758 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1759
1760} # ac_fn_c_check_decl
1761
1762# ac_fn_c_try_link LINENO
1763# -----------------------
1764# Try to link conftest.$ac_ext, and return whether this succeeded.
1765ac_fn_c_try_link ()
1766{
1767 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1768 rm -f conftest.$ac_objext conftest$ac_exeext
1769 if { { ac_try="$ac_link"
1770case "(($ac_try" in
1771 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
1772 *) ac_try_echo=$ac_try;;
1773esac
1774eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1775$as_echo "$ac_try_echo"; } >&5
1776 (eval "$ac_link") 2>conftest.err
1777 ac_status=$?
1778 if test -s conftest.err; then
1779 grep -v '^ *+' conftest.err >conftest.er1
1780 cat conftest.er1 >&5
1781 mv -f conftest.er1 conftest.err
1782 fi
1783 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1784 test $ac_status = 0; } && {
1785 test -z "$ac_c_werror_flag" ||
1786 test ! -s conftest.err
1787 } && test -s conftest$ac_exeext && {
1788 test "$cross_compiling" = yes ||
1789 test -x conftest$ac_exeext
1790 }; then :
1791 ac_retval=0
1792else
1793 $as_echo "$as_me: failed program was:" >&5
1794sed 's/^/| /' conftest.$ac_ext >&5
1795
1796 ac_retval=1
1797fi
1798 # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
1799 # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
1800 # interfere with the next link command; also delete a directory that is
1801 # left behind by Apple's compiler. We do this before executing the actions.
1802 rm -rf conftest.dSYM conftest_ipa8_conftest.oo
1803 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1804 as_fn_set_status $ac_retval
1805
1806} # ac_fn_c_try_link
1807
1808# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
1809# -------------------------------------------------------
1810# Tests whether HEADER exists, giving a warning if it cannot be compiled using
1811# the include files in INCLUDES and setting the cache variable VAR
1812# accordingly.
1813ac_fn_c_check_header_mongrel ()
1814{
1815 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1816 if eval \${$3+:} false; then :
1817 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1818$as_echo_n "checking for $2... " >&6; }
1819if eval \${$3+:} false; then :
1820 $as_echo_n "(cached) " >&6
1821fi
1822eval ac_res=\$$3
1823 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1824$as_echo "$ac_res" >&6; }
1825else
1826 # Is the header compilable?
1827{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
1828$as_echo_n "checking $2 usability... " >&6; }
1829cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1830/* end confdefs.h. */
1831$4
1832#include <$2>
1833_ACEOF
1834if ac_fn_c_try_compile "$LINENO"; then :
1835 ac_header_compiler=yes
1836else
1837 ac_header_compiler=no
1838fi
1839rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
1840{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
1841$as_echo "$ac_header_compiler" >&6; }
1842
1843# Is the header present?
1844{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
1845$as_echo_n "checking $2 presence... " >&6; }
1846cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1847/* end confdefs.h. */
1848#include <$2>
1849_ACEOF
1850if ac_fn_c_try_cpp "$LINENO"; then :
1851 ac_header_preproc=yes
1852else
1853 ac_header_preproc=no
1854fi
1855rm -f conftest.err conftest.i conftest.$ac_ext
1856{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
1857$as_echo "$ac_header_preproc" >&6; }
1858
1859# So? What about this header?
1860case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
1861 yes:no: )
1862 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
1863$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
1864 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
1865$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
1866 ;;
1867 no:yes:* )
1868 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
1869$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
1870 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
1871$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
1872 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
1873$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
1874 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
1875$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
1876 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
1877$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
1878( $as_echo "## ------------------------------------------- ##
1879## Report this to openssh-unix-dev@mindrot.org ##
1880## ------------------------------------------- ##"
1881 ) | sed "s/^/$as_me: WARNING: /" >&2
1882 ;;
1883esac
1884 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1885$as_echo_n "checking for $2... " >&6; }
1886if eval \${$3+:} false; then :
1887 $as_echo_n "(cached) " >&6
1888else
1889 eval "$3=\$ac_header_compiler"
1890fi
1891eval ac_res=\$$3
1892 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1893$as_echo "$ac_res" >&6; }
1894fi
1895 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1896
1897} # ac_fn_c_check_header_mongrel
1898
1899# ac_fn_c_check_func LINENO FUNC VAR
1900# ----------------------------------
1901# Tests whether FUNC exists, setting the cache variable VAR accordingly
1902ac_fn_c_check_func ()
1903{
1904 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1905 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1906$as_echo_n "checking for $2... " >&6; }
1907if eval \${$3+:} false; then :
1908 $as_echo_n "(cached) " >&6
1909else
1910 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1911/* end confdefs.h. */
1912/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
1913 For example, HP-UX 11i <limits.h> declares gettimeofday. */
1914#define $2 innocuous_$2
1915
1916/* System header to define __stub macros and hopefully few prototypes,
1917 which can conflict with char $2 (); below.
1918 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
1919 <limits.h> exists even on freestanding compilers. */
1920
1921#ifdef __STDC__
1922# include <limits.h>
1923#else
1924# include <assert.h>
1925#endif
1926
1927#undef $2
1928
1929/* Override any GCC internal prototype to avoid an error.
1930 Use char because int might match the return type of a GCC
1931 builtin and then its argument prototype would still apply. */
1932#ifdef __cplusplus
1933extern "C"
1934#endif
1935char $2 ();
1936/* The GNU C library defines this for functions which it implements
1937 to always fail with ENOSYS. Some functions are actually named
1938 something starting with __ and the normal name is an alias. */
1939#if defined __stub_$2 || defined __stub___$2
1940choke me
1941#endif
1942
1943int
1944main ()
1945{
1946return $2 ();
1947 ;
1948 return 0;
1949}
1950_ACEOF
1951if ac_fn_c_try_link "$LINENO"; then :
1952 eval "$3=yes"
1953else
1954 eval "$3=no"
1955fi
1956rm -f core conftest.err conftest.$ac_objext \
1957 conftest$ac_exeext conftest.$ac_ext
1958fi
1959eval ac_res=\$$3
1960 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
1961$as_echo "$ac_res" >&6; }
1962 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1963
1964} # ac_fn_c_check_func
1965
1966# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
1967# -------------------------------------------
1968# Tests whether TYPE exists after having included INCLUDES, setting cache
1969# variable VAR accordingly.
1970ac_fn_c_check_type ()
1971{
1972 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1973 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
1974$as_echo_n "checking for $2... " >&6; }
1975if eval \${$3+:} false; then :
1976 $as_echo_n "(cached) " >&6
1977else
1978 eval "$3=no"
1979 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1980/* end confdefs.h. */
1981$4
1982int
1983main ()
1984{
1985if (sizeof ($2))
1986 return 0;
1987 ;
1988 return 0;
1989}
1990_ACEOF
1991if ac_fn_c_try_compile "$LINENO"; then :
1992 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
1993/* end confdefs.h. */
1994$4
1995int
1996main ()
1997{
1998if (sizeof (($2)))
1999 return 0;
2000 ;
2001 return 0;
2002}
2003_ACEOF
2004if ac_fn_c_try_compile "$LINENO"; then :
2005
2006else
2007 eval "$3=yes"
2008fi
2009rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2010fi
2011rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2012fi
2013eval ac_res=\$$3
2014 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
2015$as_echo "$ac_res" >&6; }
2016 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2017
2018} # ac_fn_c_check_type
2019
2020# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
2021# --------------------------------------------
2022# Tries to find the compile-time value of EXPR in a program that includes
2023# INCLUDES, setting VAR accordingly. Returns whether the value could be
2024# computed
2025ac_fn_c_compute_int ()
2026{
2027 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2028 if test "$cross_compiling" = yes; then
2029 # Depending upon the size, compute the lo and hi bounds.
2030cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2031/* end confdefs.h. */
2032$4
2033int
2034main ()
2035{
2036static int test_array [1 - 2 * !(($2) >= 0)];
2037test_array [0] = 0;
2038return test_array [0];
2039
2040 ;
2041 return 0;
2042}
2043_ACEOF
2044if ac_fn_c_try_compile "$LINENO"; then :
2045 ac_lo=0 ac_mid=0
2046 while :; do
2047 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2048/* end confdefs.h. */
2049$4
2050int
2051main ()
2052{
2053static int test_array [1 - 2 * !(($2) <= $ac_mid)];
2054test_array [0] = 0;
2055return test_array [0];
2056
2057 ;
2058 return 0;
2059}
2060_ACEOF
2061if ac_fn_c_try_compile "$LINENO"; then :
2062 ac_hi=$ac_mid; break
2063else
2064 as_fn_arith $ac_mid + 1 && ac_lo=$as_val
2065 if test $ac_lo -le $ac_mid; then
2066 ac_lo= ac_hi=
2067 break
2068 fi
2069 as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
2070fi
2071rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2072 done
2073else
2074 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2075/* end confdefs.h. */
2076$4
2077int
2078main ()
2079{
2080static int test_array [1 - 2 * !(($2) < 0)];
2081test_array [0] = 0;
2082return test_array [0];
2083
2084 ;
2085 return 0;
2086}
2087_ACEOF
2088if ac_fn_c_try_compile "$LINENO"; then :
2089 ac_hi=-1 ac_mid=-1
2090 while :; do
2091 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2092/* end confdefs.h. */
2093$4
2094int
2095main ()
2096{
2097static int test_array [1 - 2 * !(($2) >= $ac_mid)];
2098test_array [0] = 0;
2099return test_array [0];
2100
2101 ;
2102 return 0;
2103}
2104_ACEOF
2105if ac_fn_c_try_compile "$LINENO"; then :
2106 ac_lo=$ac_mid; break
2107else
2108 as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
2109 if test $ac_mid -le $ac_hi; then
2110 ac_lo= ac_hi=
2111 break
2112 fi
2113 as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
2114fi
2115rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2116 done
2117else
2118 ac_lo= ac_hi=
2119fi
2120rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2121fi
2122rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2123# Binary search between lo and hi bounds.
2124while test "x$ac_lo" != "x$ac_hi"; do
2125 as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
2126 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2127/* end confdefs.h. */
2128$4
2129int
2130main ()
2131{
2132static int test_array [1 - 2 * !(($2) <= $ac_mid)];
2133test_array [0] = 0;
2134return test_array [0];
2135
2136 ;
2137 return 0;
2138}
2139_ACEOF
2140if ac_fn_c_try_compile "$LINENO"; then :
2141 ac_hi=$ac_mid
2142else
2143 as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
2144fi
2145rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2146done
2147case $ac_lo in #((
2148?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
2149'') ac_retval=1 ;;
2150esac
2151 else
2152 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2153/* end confdefs.h. */
2154$4
2155static long int longval () { return $2; }
2156static unsigned long int ulongval () { return $2; }
2157#include <stdio.h>
2158#include <stdlib.h>
2159int
2160main ()
2161{
2162
2163 FILE *f = fopen ("conftest.val", "w");
2164 if (! f)
2165 return 1;
2166 if (($2) < 0)
2167 {
2168 long int i = longval ();
2169 if (i != ($2))
2170 return 1;
2171 fprintf (f, "%ld", i);
2172 }
2173 else
2174 {
2175 unsigned long int i = ulongval ();
2176 if (i != ($2))
2177 return 1;
2178 fprintf (f, "%lu", i);
2179 }
2180 /* Do not output a trailing newline, as this causes \r\n confusion
2181 on some platforms. */
2182 return ferror (f) || fclose (f) != 0;
2183
2184 ;
2185 return 0;
2186}
2187_ACEOF
2188if ac_fn_c_try_run "$LINENO"; then :
2189 echo >>conftest.val; read $3 <conftest.val; ac_retval=0
2190else
2191 ac_retval=1
2192fi
2193rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
2194 conftest.$ac_objext conftest.beam conftest.$ac_ext
2195rm -f conftest.val
2196
2197 fi
2198 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2199 as_fn_set_status $ac_retval
2200
2201} # ac_fn_c_compute_int
2202
2203# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
2204# ----------------------------------------------------
2205# Tries to find if the field MEMBER exists in type AGGR, after including
2206# INCLUDES, setting cache variable VAR accordingly.
2207ac_fn_c_check_member ()
2208{
2209 as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
2210 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
2211$as_echo_n "checking for $2.$3... " >&6; }
2212if eval \${$4+:} false; then :
2213 $as_echo_n "(cached) " >&6
2214else
2215 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2216/* end confdefs.h. */
2217$5
2218int
2219main ()
2220{
2221static $2 ac_aggr;
2222if (ac_aggr.$3)
2223return 0;
2224 ;
2225 return 0;
2226}
2227_ACEOF
2228if ac_fn_c_try_compile "$LINENO"; then :
2229 eval "$4=yes"
2230else
2231 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2232/* end confdefs.h. */
2233$5
2234int
2235main ()
2236{
2237static $2 ac_aggr;
2238if (sizeof ac_aggr.$3)
2239return 0;
2240 ;
2241 return 0;
2242}
2243_ACEOF
2244if ac_fn_c_try_compile "$LINENO"; then :
2245 eval "$4=yes"
2246else
2247 eval "$4=no"
2248fi
2249rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2250fi
2251rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
2252fi
2253eval ac_res=\$$4
2254 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
2255$as_echo "$ac_res" >&6; }
2256 eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
2257
2258} # ac_fn_c_check_member
2259cat >config.log <<_ACEOF
2260This file contains any messages produced by compilers while
2261running configure, to aid debugging if configure makes a mistake.
2262
2263It was created by OpenSSH $as_me Portable, which was
2264generated by GNU Autoconf 2.69. Invocation command line was
2265
2266 $ $0 $@
2267
2268_ACEOF
2269exec 5>>config.log
2270{
2271cat <<_ASUNAME
2272## --------- ##
2273## Platform. ##
2274## --------- ##
2275
2276hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
2277uname -m = `(uname -m) 2>/dev/null || echo unknown`
2278uname -r = `(uname -r) 2>/dev/null || echo unknown`
2279uname -s = `(uname -s) 2>/dev/null || echo unknown`
2280uname -v = `(uname -v) 2>/dev/null || echo unknown`
2281
2282/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
2283/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
2284
2285/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
2286/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
2287/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
2288/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
2289/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
2290/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
2291/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
2292
2293_ASUNAME
2294
2295as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2296for as_dir in $PATH
2297do
2298 IFS=$as_save_IFS
2299 test -z "$as_dir" && as_dir=.
2300 $as_echo "PATH: $as_dir"
2301 done
2302IFS=$as_save_IFS
2303
2304} >&5
2305
2306cat >&5 <<_ACEOF
2307
2308
2309## ----------- ##
2310## Core tests. ##
2311## ----------- ##
2312
2313_ACEOF
2314
2315
2316# Keep a trace of the command line.
2317# Strip out --no-create and --no-recursion so they do not pile up.
2318# Strip out --silent because we don't want to record it for future runs.
2319# Also quote any args containing shell meta-characters.
2320# Make two passes to allow for proper duplicate-argument suppression.
2321ac_configure_args=
2322ac_configure_args0=
2323ac_configure_args1=
2324ac_must_keep_next=false
2325for ac_pass in 1 2
2326do
2327 for ac_arg
2328 do
2329 case $ac_arg in
2330 -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
2331 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
2332 | -silent | --silent | --silen | --sile | --sil)
2333 continue ;;
2334 *\'*)
2335 ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
2336 esac
2337 case $ac_pass in
2338 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
2339 2)
2340 as_fn_append ac_configure_args1 " '$ac_arg'"
2341 if test $ac_must_keep_next = true; then
2342 ac_must_keep_next=false # Got value, back to normal.
2343 else
2344 case $ac_arg in
2345 *=* | --config-cache | -C | -disable-* | --disable-* \
2346 | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
2347 | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
2348 | -with-* | --with-* | -without-* | --without-* | --x)
2349 case "$ac_configure_args0 " in
2350 "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
2351 esac
2352 ;;
2353 -* ) ac_must_keep_next=true ;;
2354 esac
2355 fi
2356 as_fn_append ac_configure_args " '$ac_arg'"
2357 ;;
2358 esac
2359 done
2360done
2361{ ac_configure_args0=; unset ac_configure_args0;}
2362{ ac_configure_args1=; unset ac_configure_args1;}
2363
2364# When interrupted or exit'd, cleanup temporary files, and complete
2365# config.log. We remove comments because anyway the quotes in there
2366# would cause problems or look ugly.
2367# WARNING: Use '\'' to represent an apostrophe within the trap.
2368# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
2369trap 'exit_status=$?
2370 # Save into config.log some information that might help in debugging.
2371 {
2372 echo
2373
2374 $as_echo "## ---------------- ##
2375## Cache variables. ##
2376## ---------------- ##"
2377 echo
2378 # The following way of writing the cache mishandles newlines in values,
2379(
2380 for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
2381 eval ac_val=\$$ac_var
2382 case $ac_val in #(
2383 *${as_nl}*)
2384 case $ac_var in #(
2385 *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
2386$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
2387 esac
2388 case $ac_var in #(
2389 _ | IFS | as_nl) ;; #(
2390 BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
2391 *) { eval $ac_var=; unset $ac_var;} ;;
2392 esac ;;
2393 esac
2394 done
2395 (set) 2>&1 |
2396 case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
2397 *${as_nl}ac_space=\ *)
2398 sed -n \
2399 "s/'\''/'\''\\\\'\'''\''/g;
2400 s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
2401 ;; #(
2402 *)
2403 sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
2404 ;;
2405 esac |
2406 sort
2407)
2408 echo
2409
2410 $as_echo "## ----------------- ##
2411## Output variables. ##
2412## ----------------- ##"
2413 echo
2414 for ac_var in $ac_subst_vars
2415 do
2416 eval ac_val=\$$ac_var
2417 case $ac_val in
2418 *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
2419 esac
2420 $as_echo "$ac_var='\''$ac_val'\''"
2421 done | sort
2422 echo
2423
2424 if test -n "$ac_subst_files"; then
2425 $as_echo "## ------------------- ##
2426## File substitutions. ##
2427## ------------------- ##"
2428 echo
2429 for ac_var in $ac_subst_files
2430 do
2431 eval ac_val=\$$ac_var
2432 case $ac_val in
2433 *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
2434 esac
2435 $as_echo "$ac_var='\''$ac_val'\''"
2436 done | sort
2437 echo
2438 fi
2439
2440 if test -s confdefs.h; then
2441 $as_echo "## ----------- ##
2442## confdefs.h. ##
2443## ----------- ##"
2444 echo
2445 cat confdefs.h
2446 echo
2447 fi
2448 test "$ac_signal" != 0 &&
2449 $as_echo "$as_me: caught signal $ac_signal"
2450 $as_echo "$as_me: exit $exit_status"
2451 } >&5
2452 rm -f core *.core core.conftest.* &&
2453 rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
2454 exit $exit_status
2455' 0
2456for ac_signal in 1 2 13 15; do
2457 trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
2458done
2459ac_signal=0
2460
2461# confdefs.h avoids OS command line length limits that DEFS can exceed.
2462rm -f -r conftest* confdefs.h
2463
2464$as_echo "/* confdefs.h */" > confdefs.h
2465
2466# Predefined preprocessor variables.
2467
2468cat >>confdefs.h <<_ACEOF
2469#define PACKAGE_NAME "$PACKAGE_NAME"
2470_ACEOF
2471
2472cat >>confdefs.h <<_ACEOF
2473#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
2474_ACEOF
2475
2476cat >>confdefs.h <<_ACEOF
2477#define PACKAGE_VERSION "$PACKAGE_VERSION"
2478_ACEOF
2479
2480cat >>confdefs.h <<_ACEOF
2481#define PACKAGE_STRING "$PACKAGE_STRING"
2482_ACEOF
2483
2484cat >>confdefs.h <<_ACEOF
2485#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
2486_ACEOF
2487
2488cat >>confdefs.h <<_ACEOF
2489#define PACKAGE_URL "$PACKAGE_URL"
2490_ACEOF
2491
2492
2493# Let the site file select an alternate cache file if it wants to.
2494# Prefer an explicitly selected file to automatically selected ones.
2495ac_site_file1=NONE
2496ac_site_file2=NONE
2497if test -n "$CONFIG_SITE"; then
2498 # We do not want a PATH search for config.site.
2499 case $CONFIG_SITE in #((
2500 -*) ac_site_file1=./$CONFIG_SITE;;
2501 */*) ac_site_file1=$CONFIG_SITE;;
2502 *) ac_site_file1=./$CONFIG_SITE;;
2503 esac
2504elif test "x$prefix" != xNONE; then
2505 ac_site_file1=$prefix/share/config.site
2506 ac_site_file2=$prefix/etc/config.site
2507else
2508 ac_site_file1=$ac_default_prefix/share/config.site
2509 ac_site_file2=$ac_default_prefix/etc/config.site
2510fi
2511for ac_site_file in "$ac_site_file1" "$ac_site_file2"
2512do
2513 test "x$ac_site_file" = xNONE && continue
2514 if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
2515 { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
2516$as_echo "$as_me: loading site script $ac_site_file" >&6;}
2517 sed 's/^/| /' "$ac_site_file" >&5
2518 . "$ac_site_file" \
2519 || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2520$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2521as_fn_error $? "failed to load site script $ac_site_file
2522See \`config.log' for more details" "$LINENO" 5; }
2523 fi
2524done
2525
2526if test -r "$cache_file"; then
2527 # Some versions of bash will fail to source /dev/null (special files
2528 # actually), so we avoid doing that. DJGPP emulates it as a regular file.
2529 if test /dev/null != "$cache_file" && test -f "$cache_file"; then
2530 { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
2531$as_echo "$as_me: loading cache $cache_file" >&6;}
2532 case $cache_file in
2533 [\\/]* | ?:[\\/]* ) . "$cache_file";;
2534 *) . "./$cache_file";;
2535 esac
2536 fi
2537else
2538 { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
2539$as_echo "$as_me: creating cache $cache_file" >&6;}
2540 >$cache_file
2541fi
2542
2543# Check that the precious variables saved in the cache have kept the same
2544# value.
2545ac_cache_corrupted=false
2546for ac_var in $ac_precious_vars; do
2547 eval ac_old_set=\$ac_cv_env_${ac_var}_set
2548 eval ac_new_set=\$ac_env_${ac_var}_set
2549 eval ac_old_val=\$ac_cv_env_${ac_var}_value
2550 eval ac_new_val=\$ac_env_${ac_var}_value
2551 case $ac_old_set,$ac_new_set in
2552 set,)
2553 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
2554$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
2555 ac_cache_corrupted=: ;;
2556 ,set)
2557 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
2558$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
2559 ac_cache_corrupted=: ;;
2560 ,);;
2561 *)
2562 if test "x$ac_old_val" != "x$ac_new_val"; then
2563 # differences in whitespace do not lead to failure.
2564 ac_old_val_w=`echo x $ac_old_val`
2565 ac_new_val_w=`echo x $ac_new_val`
2566 if test "$ac_old_val_w" != "$ac_new_val_w"; then
2567 { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
2568$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
2569 ac_cache_corrupted=:
2570 else
2571 { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
2572$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
2573 eval $ac_var=\$ac_old_val
2574 fi
2575 { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
2576$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
2577 { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
2578$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
2579 fi;;
2580 esac
2581 # Pass precious variables to config.status.
2582 if test "$ac_new_set" = set; then
2583 case $ac_new_val in
2584 *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
2585 *) ac_arg=$ac_var=$ac_new_val ;;
2586 esac
2587 case " $ac_configure_args " in
2588 *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
2589 *) as_fn_append ac_configure_args " '$ac_arg'" ;;
2590 esac
2591 fi
2592done
2593if $ac_cache_corrupted; then
2594 { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2595$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2596 { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
2597$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
2598 as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
2599fi
2600## -------------------- ##
2601## Main body of script. ##
2602## -------------------- ##
2603
2604ac_ext=c
2605ac_cpp='$CPP $CPPFLAGS'
2606ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2607ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2608ac_compiler_gnu=$ac_cv_c_compiler_gnu
2609
2610
2611
2612
2613ac_ext=c
2614ac_cpp='$CPP $CPPFLAGS'
2615ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2616ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2617ac_compiler_gnu=$ac_cv_c_compiler_gnu
2618
2619
2620ac_config_headers="$ac_config_headers config.h"
2621
2622ac_ext=c
2623ac_cpp='$CPP $CPPFLAGS'
2624ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
2625ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
2626ac_compiler_gnu=$ac_cv_c_compiler_gnu
2627if test -n "$ac_tool_prefix"; then
2628 # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
2629set dummy ${ac_tool_prefix}gcc; ac_word=$2
2630{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2631$as_echo_n "checking for $ac_word... " >&6; }
2632if ${ac_cv_prog_CC+:} false; then :
2633 $as_echo_n "(cached) " >&6
2634else
2635 if test -n "$CC"; then
2636 ac_cv_prog_CC="$CC" # Let the user override the test.
2637else
2638as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2639for as_dir in $PATH
2640do
2641 IFS=$as_save_IFS
2642 test -z "$as_dir" && as_dir=.
2643 for ac_exec_ext in '' $ac_executable_extensions; do
2644 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2645 ac_cv_prog_CC="${ac_tool_prefix}gcc"
2646 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2647 break 2
2648 fi
2649done
2650 done
2651IFS=$as_save_IFS
2652
2653fi
2654fi
2655CC=$ac_cv_prog_CC
2656if test -n "$CC"; then
2657 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2658$as_echo "$CC" >&6; }
2659else
2660 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2661$as_echo "no" >&6; }
2662fi
2663
2664
2665fi
2666if test -z "$ac_cv_prog_CC"; then
2667 ac_ct_CC=$CC
2668 # Extract the first word of "gcc", so it can be a program name with args.
2669set dummy gcc; ac_word=$2
2670{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2671$as_echo_n "checking for $ac_word... " >&6; }
2672if ${ac_cv_prog_ac_ct_CC+:} false; then :
2673 $as_echo_n "(cached) " >&6
2674else
2675 if test -n "$ac_ct_CC"; then
2676 ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
2677else
2678as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2679for as_dir in $PATH
2680do
2681 IFS=$as_save_IFS
2682 test -z "$as_dir" && as_dir=.
2683 for ac_exec_ext in '' $ac_executable_extensions; do
2684 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2685 ac_cv_prog_ac_ct_CC="gcc"
2686 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2687 break 2
2688 fi
2689done
2690 done
2691IFS=$as_save_IFS
2692
2693fi
2694fi
2695ac_ct_CC=$ac_cv_prog_ac_ct_CC
2696if test -n "$ac_ct_CC"; then
2697 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
2698$as_echo "$ac_ct_CC" >&6; }
2699else
2700 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2701$as_echo "no" >&6; }
2702fi
2703
2704 if test "x$ac_ct_CC" = x; then
2705 CC=""
2706 else
2707 case $cross_compiling:$ac_tool_warned in
2708yes:)
2709{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
2710$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
2711ac_tool_warned=yes ;;
2712esac
2713 CC=$ac_ct_CC
2714 fi
2715else
2716 CC="$ac_cv_prog_CC"
2717fi
2718
2719if test -z "$CC"; then
2720 if test -n "$ac_tool_prefix"; then
2721 # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
2722set dummy ${ac_tool_prefix}cc; ac_word=$2
2723{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2724$as_echo_n "checking for $ac_word... " >&6; }
2725if ${ac_cv_prog_CC+:} false; then :
2726 $as_echo_n "(cached) " >&6
2727else
2728 if test -n "$CC"; then
2729 ac_cv_prog_CC="$CC" # Let the user override the test.
2730else
2731as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2732for as_dir in $PATH
2733do
2734 IFS=$as_save_IFS
2735 test -z "$as_dir" && as_dir=.
2736 for ac_exec_ext in '' $ac_executable_extensions; do
2737 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2738 ac_cv_prog_CC="${ac_tool_prefix}cc"
2739 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2740 break 2
2741 fi
2742done
2743 done
2744IFS=$as_save_IFS
2745
2746fi
2747fi
2748CC=$ac_cv_prog_CC
2749if test -n "$CC"; then
2750 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2751$as_echo "$CC" >&6; }
2752else
2753 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2754$as_echo "no" >&6; }
2755fi
2756
2757
2758 fi
2759fi
2760if test -z "$CC"; then
2761 # Extract the first word of "cc", so it can be a program name with args.
2762set dummy cc; ac_word=$2
2763{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2764$as_echo_n "checking for $ac_word... " >&6; }
2765if ${ac_cv_prog_CC+:} false; then :
2766 $as_echo_n "(cached) " >&6
2767else
2768 if test -n "$CC"; then
2769 ac_cv_prog_CC="$CC" # Let the user override the test.
2770else
2771 ac_prog_rejected=no
2772as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2773for as_dir in $PATH
2774do
2775 IFS=$as_save_IFS
2776 test -z "$as_dir" && as_dir=.
2777 for ac_exec_ext in '' $ac_executable_extensions; do
2778 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2779 if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
2780 ac_prog_rejected=yes
2781 continue
2782 fi
2783 ac_cv_prog_CC="cc"
2784 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2785 break 2
2786 fi
2787done
2788 done
2789IFS=$as_save_IFS
2790
2791if test $ac_prog_rejected = yes; then
2792 # We found a bogon in the path, so make sure we never use it.
2793 set dummy $ac_cv_prog_CC
2794 shift
2795 if test $# != 0; then
2796 # We chose a different compiler from the bogus one.
2797 # However, it has the same basename, so the bogon will be chosen
2798 # first if we set CC to just the basename; use the full file name.
2799 shift
2800 ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
2801 fi
2802fi
2803fi
2804fi
2805CC=$ac_cv_prog_CC
2806if test -n "$CC"; then
2807 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2808$as_echo "$CC" >&6; }
2809else
2810 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2811$as_echo "no" >&6; }
2812fi
2813
2814
2815fi
2816if test -z "$CC"; then
2817 if test -n "$ac_tool_prefix"; then
2818 for ac_prog in cl.exe
2819 do
2820 # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
2821set dummy $ac_tool_prefix$ac_prog; ac_word=$2
2822{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2823$as_echo_n "checking for $ac_word... " >&6; }
2824if ${ac_cv_prog_CC+:} false; then :
2825 $as_echo_n "(cached) " >&6
2826else
2827 if test -n "$CC"; then
2828 ac_cv_prog_CC="$CC" # Let the user override the test.
2829else
2830as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2831for as_dir in $PATH
2832do
2833 IFS=$as_save_IFS
2834 test -z "$as_dir" && as_dir=.
2835 for ac_exec_ext in '' $ac_executable_extensions; do
2836 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2837 ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
2838 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2839 break 2
2840 fi
2841done
2842 done
2843IFS=$as_save_IFS
2844
2845fi
2846fi
2847CC=$ac_cv_prog_CC
2848if test -n "$CC"; then
2849 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
2850$as_echo "$CC" >&6; }
2851else
2852 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2853$as_echo "no" >&6; }
2854fi
2855
2856
2857 test -n "$CC" && break
2858 done
2859fi
2860if test -z "$CC"; then
2861 ac_ct_CC=$CC
2862 for ac_prog in cl.exe
2863do
2864 # Extract the first word of "$ac_prog", so it can be a program name with args.
2865set dummy $ac_prog; ac_word=$2
2866{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
2867$as_echo_n "checking for $ac_word... " >&6; }
2868if ${ac_cv_prog_ac_ct_CC+:} false; then :
2869 $as_echo_n "(cached) " >&6
2870else
2871 if test -n "$ac_ct_CC"; then
2872 ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
2873else
2874as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2875for as_dir in $PATH
2876do
2877 IFS=$as_save_IFS
2878 test -z "$as_dir" && as_dir=.
2879 for ac_exec_ext in '' $ac_executable_extensions; do
2880 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2881 ac_cv_prog_ac_ct_CC="$ac_prog"
2882 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
2883 break 2
2884 fi
2885done
2886 done
2887IFS=$as_save_IFS
2888
2889fi
2890fi
2891ac_ct_CC=$ac_cv_prog_ac_ct_CC
2892if test -n "$ac_ct_CC"; then
2893 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
2894$as_echo "$ac_ct_CC" >&6; }
2895else
2896 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2897$as_echo "no" >&6; }
2898fi
2899
2900
2901 test -n "$ac_ct_CC" && break
2902done
2903
2904 if test "x$ac_ct_CC" = x; then
2905 CC=""
2906 else
2907 case $cross_compiling:$ac_tool_warned in
2908yes:)
2909{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
2910$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
2911ac_tool_warned=yes ;;
2912esac
2913 CC=$ac_ct_CC
2914 fi
2915fi
2916
2917fi
2918
2919
2920test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
2921$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
2922as_fn_error $? "no acceptable C compiler found in \$PATH
2923See \`config.log' for more details" "$LINENO" 5; }
2924
2925# Provide some information about the compiler.
2926$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
2927set X $ac_compile
2928ac_compiler=$2
2929for ac_option in --version -v -V -qversion; do
2930 { { ac_try="$ac_compiler $ac_option >&5"
2931case "(($ac_try" in
2932 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2933 *) ac_try_echo=$ac_try;;
2934esac
2935eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2936$as_echo "$ac_try_echo"; } >&5
2937 (eval "$ac_compiler $ac_option >&5") 2>conftest.err
2938 ac_status=$?
2939 if test -s conftest.err; then
2940 sed '10a\
2941... rest of stderr output deleted ...
2942 10q' conftest.err >conftest.er1
2943 cat conftest.er1 >&5
2944 fi
2945 rm -f conftest.er1 conftest.err
2946 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2947 test $ac_status = 0; }
2948done
2949
2950cat confdefs.h - <<_ACEOF >conftest.$ac_ext
2951/* end confdefs.h. */
2952
2953int
2954main ()
2955{
2956
2957 ;
2958 return 0;
2959}
2960_ACEOF
2961ac_clean_files_save=$ac_clean_files
2962ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
2963# Try to create an executable without -o first, disregard a.out.
2964# It will help us diagnose broken compilers, and finding out an intuition
2965# of exeext.
2966{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
2967$as_echo_n "checking whether the C compiler works... " >&6; }
2968ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
2969
2970# The possible output files:
2971ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
2972
2973ac_rmfiles=
2974for ac_file in $ac_files
2975do
2976 case $ac_file in
2977 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
2978 * ) ac_rmfiles="$ac_rmfiles $ac_file";;
2979 esac
2980done
2981rm -f $ac_rmfiles
2982
2983if { { ac_try="$ac_link_default"
2984case "(($ac_try" in
2985 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
2986 *) ac_try_echo=$ac_try;;
2987esac
2988eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
2989$as_echo "$ac_try_echo"; } >&5
2990 (eval "$ac_link_default") 2>&5
2991 ac_status=$?
2992 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
2993 test $ac_status = 0; }; then :
2994 # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
2995# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
2996# in a Makefile. We should not override ac_cv_exeext if it was cached,
2997# so that the user can short-circuit this test for compilers unknown to
2998# Autoconf.
2999for ac_file in $ac_files ''
3000do
3001 test -f "$ac_file" || continue
3002 case $ac_file in
3003 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
3004 ;;
3005 [ab].out )
3006 # We found the default executable, but exeext='' is most
3007 # certainly right.
3008 break;;
3009 *.* )
3010 if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
3011 then :; else
3012 ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
3013 fi
3014 # We set ac_cv_exeext here because the later test for it is not
3015 # safe: cross compilers may not add the suffix if given an `-o'
3016 # argument, so we may need to know it at that point already.
3017 # Even if this section looks crufty: it has the advantage of
3018 # actually working.
3019 break;;
3020 * )
3021 break;;
3022 esac
3023done
3024test "$ac_cv_exeext" = no && ac_cv_exeext=
3025
3026else
3027 ac_file=''
3028fi
3029if test -z "$ac_file"; then :
3030 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
3031$as_echo "no" >&6; }
3032$as_echo "$as_me: failed program was:" >&5
3033sed 's/^/| /' conftest.$ac_ext >&5
3034
3035{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3036$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3037as_fn_error 77 "C compiler cannot create executables
3038See \`config.log' for more details" "$LINENO" 5; }
3039else
3040 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3041$as_echo "yes" >&6; }
3042fi
3043{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
3044$as_echo_n "checking for C compiler default output file name... " >&6; }
3045{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
3046$as_echo "$ac_file" >&6; }
3047ac_exeext=$ac_cv_exeext
3048
3049rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
3050ac_clean_files=$ac_clean_files_save
3051{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
3052$as_echo_n "checking for suffix of executables... " >&6; }
3053if { { ac_try="$ac_link"
3054case "(($ac_try" in
3055 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3056 *) ac_try_echo=$ac_try;;
3057esac
3058eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3059$as_echo "$ac_try_echo"; } >&5
3060 (eval "$ac_link") 2>&5
3061 ac_status=$?
3062 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3063 test $ac_status = 0; }; then :
3064 # If both `conftest.exe' and `conftest' are `present' (well, observable)
3065# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
3066# work properly (i.e., refer to `conftest.exe'), while it won't with
3067# `rm'.
3068for ac_file in conftest.exe conftest conftest.*; do
3069 test -f "$ac_file" || continue
3070 case $ac_file in
3071 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
3072 *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
3073 break;;
3074 * ) break;;
3075 esac
3076done
3077else
3078 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3079$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3080as_fn_error $? "cannot compute suffix of executables: cannot compile and link
3081See \`config.log' for more details" "$LINENO" 5; }
3082fi
3083rm -f conftest conftest$ac_cv_exeext
3084{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
3085$as_echo "$ac_cv_exeext" >&6; }
3086
3087rm -f conftest.$ac_ext
3088EXEEXT=$ac_cv_exeext
3089ac_exeext=$EXEEXT
3090cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3091/* end confdefs.h. */
3092#include <stdio.h>
3093int
3094main ()
3095{
3096FILE *f = fopen ("conftest.out", "w");
3097 return ferror (f) || fclose (f) != 0;
3098
3099 ;
3100 return 0;
3101}
3102_ACEOF
3103ac_clean_files="$ac_clean_files conftest.out"
3104# Check that the compiler produces executables we can run. If not, either
3105# the compiler is broken, or we cross compile.
3106{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
3107$as_echo_n "checking whether we are cross compiling... " >&6; }
3108if test "$cross_compiling" != yes; then
3109 { { ac_try="$ac_link"
3110case "(($ac_try" in
3111 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3112 *) ac_try_echo=$ac_try;;
3113esac
3114eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3115$as_echo "$ac_try_echo"; } >&5
3116 (eval "$ac_link") 2>&5
3117 ac_status=$?
3118 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3119 test $ac_status = 0; }
3120 if { ac_try='./conftest$ac_cv_exeext'
3121 { { case "(($ac_try" in
3122 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3123 *) ac_try_echo=$ac_try;;
3124esac
3125eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3126$as_echo "$ac_try_echo"; } >&5
3127 (eval "$ac_try") 2>&5
3128 ac_status=$?
3129 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3130 test $ac_status = 0; }; }; then
3131 cross_compiling=no
3132 else
3133 if test "$cross_compiling" = maybe; then
3134 cross_compiling=yes
3135 else
3136 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3137$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3138as_fn_error $? "cannot run C compiled programs.
3139If you meant to cross compile, use \`--host'.
3140See \`config.log' for more details" "$LINENO" 5; }
3141 fi
3142 fi
3143fi
3144{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
3145$as_echo "$cross_compiling" >&6; }
3146
3147rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
3148ac_clean_files=$ac_clean_files_save
3149{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
3150$as_echo_n "checking for suffix of object files... " >&6; }
3151if ${ac_cv_objext+:} false; then :
3152 $as_echo_n "(cached) " >&6
3153else
3154 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3155/* end confdefs.h. */
3156
3157int
3158main ()
3159{
3160
3161 ;
3162 return 0;
3163}
3164_ACEOF
3165rm -f conftest.o conftest.obj
3166if { { ac_try="$ac_compile"
3167case "(($ac_try" in
3168 *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
3169 *) ac_try_echo=$ac_try;;
3170esac
3171eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
3172$as_echo "$ac_try_echo"; } >&5
3173 (eval "$ac_compile") 2>&5
3174 ac_status=$?
3175 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
3176 test $ac_status = 0; }; then :
3177 for ac_file in conftest.o conftest.obj conftest.*; do
3178 test -f "$ac_file" || continue;
3179 case $ac_file in
3180 *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
3181 *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
3182 break;;
3183 esac
3184done
3185else
3186 $as_echo "$as_me: failed program was:" >&5
3187sed 's/^/| /' conftest.$ac_ext >&5
3188
3189{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3190$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3191as_fn_error $? "cannot compute suffix of object files: cannot compile
3192See \`config.log' for more details" "$LINENO" 5; }
3193fi
3194rm -f conftest.$ac_cv_objext conftest.$ac_ext
3195fi
3196{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
3197$as_echo "$ac_cv_objext" >&6; }
3198OBJEXT=$ac_cv_objext
3199ac_objext=$OBJEXT
3200{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
3201$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
3202if ${ac_cv_c_compiler_gnu+:} false; then :
3203 $as_echo_n "(cached) " >&6
3204else
3205 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3206/* end confdefs.h. */
3207
3208int
3209main ()
3210{
3211#ifndef __GNUC__
3212 choke me
3213#endif
3214
3215 ;
3216 return 0;
3217}
3218_ACEOF
3219if ac_fn_c_try_compile "$LINENO"; then :
3220 ac_compiler_gnu=yes
3221else
3222 ac_compiler_gnu=no
3223fi
3224rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3225ac_cv_c_compiler_gnu=$ac_compiler_gnu
3226
3227fi
3228{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
3229$as_echo "$ac_cv_c_compiler_gnu" >&6; }
3230if test $ac_compiler_gnu = yes; then
3231 GCC=yes
3232else
3233 GCC=
3234fi
3235ac_test_CFLAGS=${CFLAGS+set}
3236ac_save_CFLAGS=$CFLAGS
3237{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
3238$as_echo_n "checking whether $CC accepts -g... " >&6; }
3239if ${ac_cv_prog_cc_g+:} false; then :
3240 $as_echo_n "(cached) " >&6
3241else
3242 ac_save_c_werror_flag=$ac_c_werror_flag
3243 ac_c_werror_flag=yes
3244 ac_cv_prog_cc_g=no
3245 CFLAGS="-g"
3246 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3247/* end confdefs.h. */
3248
3249int
3250main ()
3251{
3252
3253 ;
3254 return 0;
3255}
3256_ACEOF
3257if ac_fn_c_try_compile "$LINENO"; then :
3258 ac_cv_prog_cc_g=yes
3259else
3260 CFLAGS=""
3261 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3262/* end confdefs.h. */
3263
3264int
3265main ()
3266{
3267
3268 ;
3269 return 0;
3270}
3271_ACEOF
3272if ac_fn_c_try_compile "$LINENO"; then :
3273
3274else
3275 ac_c_werror_flag=$ac_save_c_werror_flag
3276 CFLAGS="-g"
3277 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3278/* end confdefs.h. */
3279
3280int
3281main ()
3282{
3283
3284 ;
3285 return 0;
3286}
3287_ACEOF
3288if ac_fn_c_try_compile "$LINENO"; then :
3289 ac_cv_prog_cc_g=yes
3290fi
3291rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3292fi
3293rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3294fi
3295rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3296 ac_c_werror_flag=$ac_save_c_werror_flag
3297fi
3298{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
3299$as_echo "$ac_cv_prog_cc_g" >&6; }
3300if test "$ac_test_CFLAGS" = set; then
3301 CFLAGS=$ac_save_CFLAGS
3302elif test $ac_cv_prog_cc_g = yes; then
3303 if test "$GCC" = yes; then
3304 CFLAGS="-g -O2"
3305 else
3306 CFLAGS="-g"
3307 fi
3308else
3309 if test "$GCC" = yes; then
3310 CFLAGS="-O2"
3311 else
3312 CFLAGS=
3313 fi
3314fi
3315{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
3316$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
3317if ${ac_cv_prog_cc_c89+:} false; then :
3318 $as_echo_n "(cached) " >&6
3319else
3320 ac_cv_prog_cc_c89=no
3321ac_save_CC=$CC
3322cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3323/* end confdefs.h. */
3324#include <stdarg.h>
3325#include <stdio.h>
3326struct stat;
3327/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
3328struct buf { int x; };
3329FILE * (*rcsopen) (struct buf *, struct stat *, int);
3330static char *e (p, i)
3331 char **p;
3332 int i;
3333{
3334 return p[i];
3335}
3336static char *f (char * (*g) (char **, int), char **p, ...)
3337{
3338 char *s;
3339 va_list v;
3340 va_start (v,p);
3341 s = g (p, va_arg (v,int));
3342 va_end (v);
3343 return s;
3344}
3345
3346/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
3347 function prototypes and stuff, but not '\xHH' hex character constants.
3348 These don't provoke an error unfortunately, instead are silently treated
3349 as 'x'. The following induces an error, until -std is added to get
3350 proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
3351 array size at least. It's necessary to write '\x00'==0 to get something
3352 that's true only with -std. */
3353int osf4_cc_array ['\x00' == 0 ? 1 : -1];
3354
3355/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
3356 inside strings and character constants. */
3357#define FOO(x) 'x'
3358int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
3359
3360int test (int i, double x);
3361struct s1 {int (*f) (int a);};
3362struct s2 {int (*f) (double a);};
3363int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
3364int argc;
3365char **argv;
3366int
3367main ()
3368{
3369return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
3370 ;
3371 return 0;
3372}
3373_ACEOF
3374for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
3375 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
3376do
3377 CC="$ac_save_CC $ac_arg"
3378 if ac_fn_c_try_compile "$LINENO"; then :
3379 ac_cv_prog_cc_c89=$ac_arg
3380fi
3381rm -f core conftest.err conftest.$ac_objext
3382 test "x$ac_cv_prog_cc_c89" != "xno" && break
3383done
3384rm -f conftest.$ac_ext
3385CC=$ac_save_CC
3386
3387fi
3388# AC_CACHE_VAL
3389case "x$ac_cv_prog_cc_c89" in
3390 x)
3391 { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
3392$as_echo "none needed" >&6; } ;;
3393 xno)
3394 { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
3395$as_echo "unsupported" >&6; } ;;
3396 *)
3397 CC="$CC $ac_cv_prog_cc_c89"
3398 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
3399$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
3400esac
3401if test "x$ac_cv_prog_cc_c89" != xno; then :
3402
3403fi
3404
3405ac_ext=c
3406ac_cpp='$CPP $CPPFLAGS'
3407ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3408ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3409ac_compiler_gnu=$ac_cv_c_compiler_gnu
3410
3411ac_aux_dir=
3412for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
3413 if test -f "$ac_dir/install-sh"; then
3414 ac_aux_dir=$ac_dir
3415 ac_install_sh="$ac_aux_dir/install-sh -c"
3416 break
3417 elif test -f "$ac_dir/install.sh"; then
3418 ac_aux_dir=$ac_dir
3419 ac_install_sh="$ac_aux_dir/install.sh -c"
3420 break
3421 elif test -f "$ac_dir/shtool"; then
3422 ac_aux_dir=$ac_dir
3423 ac_install_sh="$ac_aux_dir/shtool install -c"
3424 break
3425 fi
3426done
3427if test -z "$ac_aux_dir"; then
3428 as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
3429fi
3430
3431# These three variables are undocumented and unsupported,
3432# and are intended to be withdrawn in a future Autoconf release.
3433# They can cause serious problems if a builder's source tree is in a directory
3434# whose full name contains unusual characters.
3435ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
3436ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
3437ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
3438
3439
3440# Make sure we can run config.sub.
3441$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
3442 as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
3443
3444{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
3445$as_echo_n "checking build system type... " >&6; }
3446if ${ac_cv_build+:} false; then :
3447 $as_echo_n "(cached) " >&6
3448else
3449 ac_build_alias=$build_alias
3450test "x$ac_build_alias" = x &&
3451 ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
3452test "x$ac_build_alias" = x &&
3453 as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
3454ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
3455 as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
3456
3457fi
3458{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
3459$as_echo "$ac_cv_build" >&6; }
3460case $ac_cv_build in
3461*-*-*) ;;
3462*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
3463esac
3464build=$ac_cv_build
3465ac_save_IFS=$IFS; IFS='-'
3466set x $ac_cv_build
3467shift
3468build_cpu=$1
3469build_vendor=$2
3470shift; shift
3471# Remember, the first character of IFS is used to create $*,
3472# except with old shells:
3473build_os=$*
3474IFS=$ac_save_IFS
3475case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
3476
3477
3478{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
3479$as_echo_n "checking host system type... " >&6; }
3480if ${ac_cv_host+:} false; then :
3481 $as_echo_n "(cached) " >&6
3482else
3483 if test "x$host_alias" = x; then
3484 ac_cv_host=$ac_cv_build
3485else
3486 ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
3487 as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
3488fi
3489
3490fi
3491{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
3492$as_echo "$ac_cv_host" >&6; }
3493case $ac_cv_host in
3494*-*-*) ;;
3495*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
3496esac
3497host=$ac_cv_host
3498ac_save_IFS=$IFS; IFS='-'
3499set x $ac_cv_host
3500shift
3501host_cpu=$1
3502host_vendor=$2
3503shift; shift
3504# Remember, the first character of IFS is used to create $*,
3505# except with old shells:
3506host_os=$*
3507IFS=$ac_save_IFS
3508case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
3509
3510
3511
3512ac_ext=c
3513ac_cpp='$CPP $CPPFLAGS'
3514ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3515ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3516ac_compiler_gnu=$ac_cv_c_compiler_gnu
3517{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
3518$as_echo_n "checking how to run the C preprocessor... " >&6; }
3519# On Suns, sometimes $CPP names a directory.
3520if test -n "$CPP" && test -d "$CPP"; then
3521 CPP=
3522fi
3523if test -z "$CPP"; then
3524 if ${ac_cv_prog_CPP+:} false; then :
3525 $as_echo_n "(cached) " >&6
3526else
3527 # Double quotes because CPP needs to be expanded
3528 for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
3529 do
3530 ac_preproc_ok=false
3531for ac_c_preproc_warn_flag in '' yes
3532do
3533 # Use a header file that comes with gcc, so configuring glibc
3534 # with a fresh cross-compiler works.
3535 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
3536 # <limits.h> exists even on freestanding compilers.
3537 # On the NeXT, cc -E runs the code through the compiler's parser,
3538 # not just through cpp. "Syntax error" is here to catch this case.
3539 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3540/* end confdefs.h. */
3541#ifdef __STDC__
3542# include <limits.h>
3543#else
3544# include <assert.h>
3545#endif
3546 Syntax error
3547_ACEOF
3548if ac_fn_c_try_cpp "$LINENO"; then :
3549
3550else
3551 # Broken: fails on valid input.
3552continue
3553fi
3554rm -f conftest.err conftest.i conftest.$ac_ext
3555
3556 # OK, works on sane cases. Now check whether nonexistent headers
3557 # can be detected and how.
3558 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3559/* end confdefs.h. */
3560#include <ac_nonexistent.h>
3561_ACEOF
3562if ac_fn_c_try_cpp "$LINENO"; then :
3563 # Broken: success on invalid input.
3564continue
3565else
3566 # Passes both tests.
3567ac_preproc_ok=:
3568break
3569fi
3570rm -f conftest.err conftest.i conftest.$ac_ext
3571
3572done
3573# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
3574rm -f conftest.i conftest.err conftest.$ac_ext
3575if $ac_preproc_ok; then :
3576 break
3577fi
3578
3579 done
3580 ac_cv_prog_CPP=$CPP
3581
3582fi
3583 CPP=$ac_cv_prog_CPP
3584else
3585 ac_cv_prog_CPP=$CPP
3586fi
3587{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
3588$as_echo "$CPP" >&6; }
3589ac_preproc_ok=false
3590for ac_c_preproc_warn_flag in '' yes
3591do
3592 # Use a header file that comes with gcc, so configuring glibc
3593 # with a fresh cross-compiler works.
3594 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
3595 # <limits.h> exists even on freestanding compilers.
3596 # On the NeXT, cc -E runs the code through the compiler's parser,
3597 # not just through cpp. "Syntax error" is here to catch this case.
3598 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3599/* end confdefs.h. */
3600#ifdef __STDC__
3601# include <limits.h>
3602#else
3603# include <assert.h>
3604#endif
3605 Syntax error
3606_ACEOF
3607if ac_fn_c_try_cpp "$LINENO"; then :
3608
3609else
3610 # Broken: fails on valid input.
3611continue
3612fi
3613rm -f conftest.err conftest.i conftest.$ac_ext
3614
3615 # OK, works on sane cases. Now check whether nonexistent headers
3616 # can be detected and how.
3617 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3618/* end confdefs.h. */
3619#include <ac_nonexistent.h>
3620_ACEOF
3621if ac_fn_c_try_cpp "$LINENO"; then :
3622 # Broken: success on invalid input.
3623continue
3624else
3625 # Passes both tests.
3626ac_preproc_ok=:
3627break
3628fi
3629rm -f conftest.err conftest.i conftest.$ac_ext
3630
3631done
3632# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
3633rm -f conftest.i conftest.err conftest.$ac_ext
3634if $ac_preproc_ok; then :
3635
3636else
3637 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
3638$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
3639as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
3640See \`config.log' for more details" "$LINENO" 5; }
3641fi
3642
3643ac_ext=c
3644ac_cpp='$CPP $CPPFLAGS'
3645ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
3646ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
3647ac_compiler_gnu=$ac_cv_c_compiler_gnu
3648
3649
3650{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
3651$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
3652if ${ac_cv_path_GREP+:} false; then :
3653 $as_echo_n "(cached) " >&6
3654else
3655 if test -z "$GREP"; then
3656 ac_path_GREP_found=false
3657 # Loop through the user's path and test for each of PROGNAME-LIST
3658 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3659for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
3660do
3661 IFS=$as_save_IFS
3662 test -z "$as_dir" && as_dir=.
3663 for ac_prog in grep ggrep; do
3664 for ac_exec_ext in '' $ac_executable_extensions; do
3665 ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
3666 as_fn_executable_p "$ac_path_GREP" || continue
3667# Check for GNU ac_path_GREP and select it if it is found.
3668 # Check for GNU $ac_path_GREP
3669case `"$ac_path_GREP" --version 2>&1` in
3670*GNU*)
3671 ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
3672*)
3673 ac_count=0
3674 $as_echo_n 0123456789 >"conftest.in"
3675 while :
3676 do
3677 cat "conftest.in" "conftest.in" >"conftest.tmp"
3678 mv "conftest.tmp" "conftest.in"
3679 cp "conftest.in" "conftest.nl"
3680 $as_echo 'GREP' >> "conftest.nl"
3681 "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
3682 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
3683 as_fn_arith $ac_count + 1 && ac_count=$as_val
3684 if test $ac_count -gt ${ac_path_GREP_max-0}; then
3685 # Best one so far, save it but keep looking for a better one
3686 ac_cv_path_GREP="$ac_path_GREP"
3687 ac_path_GREP_max=$ac_count
3688 fi
3689 # 10*(2^10) chars as input seems more than enough
3690 test $ac_count -gt 10 && break
3691 done
3692 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
3693esac
3694
3695 $ac_path_GREP_found && break 3
3696 done
3697 done
3698 done
3699IFS=$as_save_IFS
3700 if test -z "$ac_cv_path_GREP"; then
3701 as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
3702 fi
3703else
3704 ac_cv_path_GREP=$GREP
3705fi
3706
3707fi
3708{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
3709$as_echo "$ac_cv_path_GREP" >&6; }
3710 GREP="$ac_cv_path_GREP"
3711
3712
3713{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
3714$as_echo_n "checking for egrep... " >&6; }
3715if ${ac_cv_path_EGREP+:} false; then :
3716 $as_echo_n "(cached) " >&6
3717else
3718 if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
3719 then ac_cv_path_EGREP="$GREP -E"
3720 else
3721 if test -z "$EGREP"; then
3722 ac_path_EGREP_found=false
3723 # Loop through the user's path and test for each of PROGNAME-LIST
3724 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
3725for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
3726do
3727 IFS=$as_save_IFS
3728 test -z "$as_dir" && as_dir=.
3729 for ac_prog in egrep; do
3730 for ac_exec_ext in '' $ac_executable_extensions; do
3731 ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
3732 as_fn_executable_p "$ac_path_EGREP" || continue
3733# Check for GNU ac_path_EGREP and select it if it is found.
3734 # Check for GNU $ac_path_EGREP
3735case `"$ac_path_EGREP" --version 2>&1` in
3736*GNU*)
3737 ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
3738*)
3739 ac_count=0
3740 $as_echo_n 0123456789 >"conftest.in"
3741 while :
3742 do
3743 cat "conftest.in" "conftest.in" >"conftest.tmp"
3744 mv "conftest.tmp" "conftest.in"
3745 cp "conftest.in" "conftest.nl"
3746 $as_echo 'EGREP' >> "conftest.nl"
3747 "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
3748 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
3749 as_fn_arith $ac_count + 1 && ac_count=$as_val
3750 if test $ac_count -gt ${ac_path_EGREP_max-0}; then
3751 # Best one so far, save it but keep looking for a better one
3752 ac_cv_path_EGREP="$ac_path_EGREP"
3753 ac_path_EGREP_max=$ac_count
3754 fi
3755 # 10*(2^10) chars as input seems more than enough
3756 test $ac_count -gt 10 && break
3757 done
3758 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
3759esac
3760
3761 $ac_path_EGREP_found && break 3
3762 done
3763 done
3764 done
3765IFS=$as_save_IFS
3766 if test -z "$ac_cv_path_EGREP"; then
3767 as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
3768 fi
3769else
3770 ac_cv_path_EGREP=$EGREP
3771fi
3772
3773 fi
3774fi
3775{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
3776$as_echo "$ac_cv_path_EGREP" >&6; }
3777 EGREP="$ac_cv_path_EGREP"
3778
3779
3780{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
3781$as_echo_n "checking for ANSI C header files... " >&6; }
3782if ${ac_cv_header_stdc+:} false; then :
3783 $as_echo_n "(cached) " >&6
3784else
3785 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3786/* end confdefs.h. */
3787#include <stdlib.h>
3788#include <stdarg.h>
3789#include <string.h>
3790#include <float.h>
3791
3792int
3793main ()
3794{
3795
3796 ;
3797 return 0;
3798}
3799_ACEOF
3800if ac_fn_c_try_compile "$LINENO"; then :
3801 ac_cv_header_stdc=yes
3802else
3803 ac_cv_header_stdc=no
3804fi
3805rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3806
3807if test $ac_cv_header_stdc = yes; then
3808 # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
3809 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3810/* end confdefs.h. */
3811#include <string.h>
3812
3813_ACEOF
3814if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
3815 $EGREP "memchr" >/dev/null 2>&1; then :
3816
3817else
3818 ac_cv_header_stdc=no
3819fi
3820rm -f conftest*
3821
3822fi
3823
3824if test $ac_cv_header_stdc = yes; then
3825 # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
3826 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3827/* end confdefs.h. */
3828#include <stdlib.h>
3829
3830_ACEOF
3831if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
3832 $EGREP "free" >/dev/null 2>&1; then :
3833
3834else
3835 ac_cv_header_stdc=no
3836fi
3837rm -f conftest*
3838
3839fi
3840
3841if test $ac_cv_header_stdc = yes; then
3842 # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
3843 if test "$cross_compiling" = yes; then :
3844 :
3845else
3846 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3847/* end confdefs.h. */
3848#include <ctype.h>
3849#include <stdlib.h>
3850#if ((' ' & 0x0FF) == 0x020)
3851# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
3852# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
3853#else
3854# define ISLOWER(c) \
3855 (('a' <= (c) && (c) <= 'i') \
3856 || ('j' <= (c) && (c) <= 'r') \
3857 || ('s' <= (c) && (c) <= 'z'))
3858# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
3859#endif
3860
3861#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
3862int
3863main ()
3864{
3865 int i;
3866 for (i = 0; i < 256; i++)
3867 if (XOR (islower (i), ISLOWER (i))
3868 || toupper (i) != TOUPPER (i))
3869 return 2;
3870 return 0;
3871}
3872_ACEOF
3873if ac_fn_c_try_run "$LINENO"; then :
3874
3875else
3876 ac_cv_header_stdc=no
3877fi
3878rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
3879 conftest.$ac_objext conftest.beam conftest.$ac_ext
3880fi
3881
3882fi
3883fi
3884{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
3885$as_echo "$ac_cv_header_stdc" >&6; }
3886if test $ac_cv_header_stdc = yes; then
3887
3888$as_echo "#define STDC_HEADERS 1" >>confdefs.h
3889
3890fi
3891
3892# On IRIX 5.3, sys/types and inttypes.h are conflicting.
3893for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
3894 inttypes.h stdint.h unistd.h
3895do :
3896 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
3897ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
3898"
3899if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
3900 cat >>confdefs.h <<_ACEOF
3901#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
3902_ACEOF
3903
3904fi
3905
3906done
3907
3908
3909 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
3910$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
3911if ${ac_cv_c_bigendian+:} false; then :
3912 $as_echo_n "(cached) " >&6
3913else
3914 ac_cv_c_bigendian=unknown
3915 # See if we're dealing with a universal compiler.
3916 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3917/* end confdefs.h. */
3918#ifndef __APPLE_CC__
3919 not a universal capable compiler
3920 #endif
3921 typedef int dummy;
3922
3923_ACEOF
3924if ac_fn_c_try_compile "$LINENO"; then :
3925
3926 # Check for potential -arch flags. It is not universal unless
3927 # there are at least two -arch flags with different values.
3928 ac_arch=
3929 ac_prev=
3930 for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
3931 if test -n "$ac_prev"; then
3932 case $ac_word in
3933 i?86 | x86_64 | ppc | ppc64)
3934 if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
3935 ac_arch=$ac_word
3936 else
3937 ac_cv_c_bigendian=universal
3938 break
3939 fi
3940 ;;
3941 esac
3942 ac_prev=
3943 elif test "x$ac_word" = "x-arch"; then
3944 ac_prev=arch
3945 fi
3946 done
3947fi
3948rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3949 if test $ac_cv_c_bigendian = unknown; then
3950 # See if sys/param.h defines the BYTE_ORDER macro.
3951 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3952/* end confdefs.h. */
3953#include <sys/types.h>
3954 #include <sys/param.h>
3955
3956int
3957main ()
3958{
3959#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
3960 && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
3961 && LITTLE_ENDIAN)
3962 bogus endian macros
3963 #endif
3964
3965 ;
3966 return 0;
3967}
3968_ACEOF
3969if ac_fn_c_try_compile "$LINENO"; then :
3970 # It does; now see whether it defined to BIG_ENDIAN or not.
3971 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3972/* end confdefs.h. */
3973#include <sys/types.h>
3974 #include <sys/param.h>
3975
3976int
3977main ()
3978{
3979#if BYTE_ORDER != BIG_ENDIAN
3980 not big endian
3981 #endif
3982
3983 ;
3984 return 0;
3985}
3986_ACEOF
3987if ac_fn_c_try_compile "$LINENO"; then :
3988 ac_cv_c_bigendian=yes
3989else
3990 ac_cv_c_bigendian=no
3991fi
3992rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3993fi
3994rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3995 fi
3996 if test $ac_cv_c_bigendian = unknown; then
3997 # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
3998 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3999/* end confdefs.h. */
4000#include <limits.h>
4001
4002int
4003main ()
4004{
4005#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
4006 bogus endian macros
4007 #endif
4008
4009 ;
4010 return 0;
4011}
4012_ACEOF
4013if ac_fn_c_try_compile "$LINENO"; then :
4014 # It does; now see whether it defined to _BIG_ENDIAN or not.
4015 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4016/* end confdefs.h. */
4017#include <limits.h>
4018
4019int
4020main ()
4021{
4022#ifndef _BIG_ENDIAN
4023 not big endian
4024 #endif
4025
4026 ;
4027 return 0;
4028}
4029_ACEOF
4030if ac_fn_c_try_compile "$LINENO"; then :
4031 ac_cv_c_bigendian=yes
4032else
4033 ac_cv_c_bigendian=no
4034fi
4035rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4036fi
4037rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4038 fi
4039 if test $ac_cv_c_bigendian = unknown; then
4040 # Compile a test program.
4041 if test "$cross_compiling" = yes; then :
4042 # Try to guess by grepping values from an object file.
4043 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4044/* end confdefs.h. */
4045short int ascii_mm[] =
4046 { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
4047 short int ascii_ii[] =
4048 { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
4049 int use_ascii (int i) {
4050 return ascii_mm[i] + ascii_ii[i];
4051 }
4052 short int ebcdic_ii[] =
4053 { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
4054 short int ebcdic_mm[] =
4055 { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
4056 int use_ebcdic (int i) {
4057 return ebcdic_mm[i] + ebcdic_ii[i];
4058 }
4059 extern int foo;
4060
4061int
4062main ()
4063{
4064return use_ascii (foo) == use_ebcdic (foo);
4065 ;
4066 return 0;
4067}
4068_ACEOF
4069if ac_fn_c_try_compile "$LINENO"; then :
4070 if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
4071 ac_cv_c_bigendian=yes
4072 fi
4073 if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
4074 if test "$ac_cv_c_bigendian" = unknown; then
4075 ac_cv_c_bigendian=no
4076 else
4077 # finding both strings is unlikely to happen, but who knows?
4078 ac_cv_c_bigendian=unknown
4079 fi
4080 fi
4081fi
4082rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
4083else
4084 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4085/* end confdefs.h. */
4086$ac_includes_default
4087int
4088main ()
4089{
4090
4091 /* Are we little or big endian? From Harbison&Steele. */
4092 union
4093 {
4094 long int l;
4095 char c[sizeof (long int)];
4096 } u;
4097 u.l = 1;
4098 return u.c[sizeof (long int) - 1] == 1;
4099
4100 ;
4101 return 0;
4102}
4103_ACEOF
4104if ac_fn_c_try_run "$LINENO"; then :
4105 ac_cv_c_bigendian=no
4106else
4107 ac_cv_c_bigendian=yes
4108fi
4109rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
4110 conftest.$ac_objext conftest.beam conftest.$ac_ext
4111fi
4112
4113 fi
4114fi
4115{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
4116$as_echo "$ac_cv_c_bigendian" >&6; }
4117 case $ac_cv_c_bigendian in #(
4118 yes)
4119 $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
4120;; #(
4121 no)
4122 ;; #(
4123 universal)
4124
4125$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
4126
4127 ;; #(
4128 *)
4129 as_fn_error $? "unknown endianness
4130 presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
4131 esac
4132
4133
4134# Checks for programs.
4135for ac_prog in gawk mawk nawk awk
4136do
4137 # Extract the first word of "$ac_prog", so it can be a program name with args.
4138set dummy $ac_prog; ac_word=$2
4139{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4140$as_echo_n "checking for $ac_word... " >&6; }
4141if ${ac_cv_prog_AWK+:} false; then :
4142 $as_echo_n "(cached) " >&6
4143else
4144 if test -n "$AWK"; then
4145 ac_cv_prog_AWK="$AWK" # Let the user override the test.
4146else
4147as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4148for as_dir in $PATH
4149do
4150 IFS=$as_save_IFS
4151 test -z "$as_dir" && as_dir=.
4152 for ac_exec_ext in '' $ac_executable_extensions; do
4153 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4154 ac_cv_prog_AWK="$ac_prog"
4155 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4156 break 2
4157 fi
4158done
4159 done
4160IFS=$as_save_IFS
4161
4162fi
4163fi
4164AWK=$ac_cv_prog_AWK
4165if test -n "$AWK"; then
4166 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
4167$as_echo "$AWK" >&6; }
4168else
4169 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4170$as_echo "no" >&6; }
4171fi
4172
4173
4174 test -n "$AWK" && break
4175done
4176
4177ac_ext=c
4178ac_cpp='$CPP $CPPFLAGS'
4179ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
4180ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
4181ac_compiler_gnu=$ac_cv_c_compiler_gnu
4182{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
4183$as_echo_n "checking how to run the C preprocessor... " >&6; }
4184# On Suns, sometimes $CPP names a directory.
4185if test -n "$CPP" && test -d "$CPP"; then
4186 CPP=
4187fi
4188if test -z "$CPP"; then
4189 if ${ac_cv_prog_CPP+:} false; then :
4190 $as_echo_n "(cached) " >&6
4191else
4192 # Double quotes because CPP needs to be expanded
4193 for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
4194 do
4195 ac_preproc_ok=false
4196for ac_c_preproc_warn_flag in '' yes
4197do
4198 # Use a header file that comes with gcc, so configuring glibc
4199 # with a fresh cross-compiler works.
4200 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
4201 # <limits.h> exists even on freestanding compilers.
4202 # On the NeXT, cc -E runs the code through the compiler's parser,
4203 # not just through cpp. "Syntax error" is here to catch this case.
4204 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4205/* end confdefs.h. */
4206#ifdef __STDC__
4207# include <limits.h>
4208#else
4209# include <assert.h>
4210#endif
4211 Syntax error
4212_ACEOF
4213if ac_fn_c_try_cpp "$LINENO"; then :
4214
4215else
4216 # Broken: fails on valid input.
4217continue
4218fi
4219rm -f conftest.err conftest.i conftest.$ac_ext
4220
4221 # OK, works on sane cases. Now check whether nonexistent headers
4222 # can be detected and how.
4223 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4224/* end confdefs.h. */
4225#include <ac_nonexistent.h>
4226_ACEOF
4227if ac_fn_c_try_cpp "$LINENO"; then :
4228 # Broken: success on invalid input.
4229continue
4230else
4231 # Passes both tests.
4232ac_preproc_ok=:
4233break
4234fi
4235rm -f conftest.err conftest.i conftest.$ac_ext
4236
4237done
4238# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
4239rm -f conftest.i conftest.err conftest.$ac_ext
4240if $ac_preproc_ok; then :
4241 break
4242fi
4243
4244 done
4245 ac_cv_prog_CPP=$CPP
4246
4247fi
4248 CPP=$ac_cv_prog_CPP
4249else
4250 ac_cv_prog_CPP=$CPP
4251fi
4252{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
4253$as_echo "$CPP" >&6; }
4254ac_preproc_ok=false
4255for ac_c_preproc_warn_flag in '' yes
4256do
4257 # Use a header file that comes with gcc, so configuring glibc
4258 # with a fresh cross-compiler works.
4259 # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
4260 # <limits.h> exists even on freestanding compilers.
4261 # On the NeXT, cc -E runs the code through the compiler's parser,
4262 # not just through cpp. "Syntax error" is here to catch this case.
4263 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4264/* end confdefs.h. */
4265#ifdef __STDC__
4266# include <limits.h>
4267#else
4268# include <assert.h>
4269#endif
4270 Syntax error
4271_ACEOF
4272if ac_fn_c_try_cpp "$LINENO"; then :
4273
4274else
4275 # Broken: fails on valid input.
4276continue
4277fi
4278rm -f conftest.err conftest.i conftest.$ac_ext
4279
4280 # OK, works on sane cases. Now check whether nonexistent headers
4281 # can be detected and how.
4282 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
4283/* end confdefs.h. */
4284#include <ac_nonexistent.h>
4285_ACEOF
4286if ac_fn_c_try_cpp "$LINENO"; then :
4287 # Broken: success on invalid input.
4288continue
4289else
4290 # Passes both tests.
4291ac_preproc_ok=:
4292break
4293fi
4294rm -f conftest.err conftest.i conftest.$ac_ext
4295
4296done
4297# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
4298rm -f conftest.i conftest.err conftest.$ac_ext
4299if $ac_preproc_ok; then :
4300
4301else
4302 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
4303$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
4304as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
4305See \`config.log' for more details" "$LINENO" 5; }
4306fi
4307
4308ac_ext=c
4309ac_cpp='$CPP $CPPFLAGS'
4310ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
4311ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
4312ac_compiler_gnu=$ac_cv_c_compiler_gnu
4313
4314if test -n "$ac_tool_prefix"; then
4315 # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
4316set dummy ${ac_tool_prefix}ranlib; ac_word=$2
4317{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4318$as_echo_n "checking for $ac_word... " >&6; }
4319if ${ac_cv_prog_RANLIB+:} false; then :
4320 $as_echo_n "(cached) " >&6
4321else
4322 if test -n "$RANLIB"; then
4323 ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
4324else
4325as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4326for as_dir in $PATH
4327do
4328 IFS=$as_save_IFS
4329 test -z "$as_dir" && as_dir=.
4330 for ac_exec_ext in '' $ac_executable_extensions; do
4331 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4332 ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
4333 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4334 break 2
4335 fi
4336done
4337 done
4338IFS=$as_save_IFS
4339
4340fi
4341fi
4342RANLIB=$ac_cv_prog_RANLIB
4343if test -n "$RANLIB"; then
4344 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
4345$as_echo "$RANLIB" >&6; }
4346else
4347 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4348$as_echo "no" >&6; }
4349fi
4350
4351
4352fi
4353if test -z "$ac_cv_prog_RANLIB"; then
4354 ac_ct_RANLIB=$RANLIB
4355 # Extract the first word of "ranlib", so it can be a program name with args.
4356set dummy ranlib; ac_word=$2
4357{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4358$as_echo_n "checking for $ac_word... " >&6; }
4359if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
4360 $as_echo_n "(cached) " >&6
4361else
4362 if test -n "$ac_ct_RANLIB"; then
4363 ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
4364else
4365as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4366for as_dir in $PATH
4367do
4368 IFS=$as_save_IFS
4369 test -z "$as_dir" && as_dir=.
4370 for ac_exec_ext in '' $ac_executable_extensions; do
4371 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4372 ac_cv_prog_ac_ct_RANLIB="ranlib"
4373 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4374 break 2
4375 fi
4376done
4377 done
4378IFS=$as_save_IFS
4379
4380fi
4381fi
4382ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
4383if test -n "$ac_ct_RANLIB"; then
4384 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
4385$as_echo "$ac_ct_RANLIB" >&6; }
4386else
4387 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4388$as_echo "no" >&6; }
4389fi
4390
4391 if test "x$ac_ct_RANLIB" = x; then
4392 RANLIB=":"
4393 else
4394 case $cross_compiling:$ac_tool_warned in
4395yes:)
4396{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
4397$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
4398ac_tool_warned=yes ;;
4399esac
4400 RANLIB=$ac_ct_RANLIB
4401 fi
4402else
4403 RANLIB="$ac_cv_prog_RANLIB"
4404fi
4405
4406# Find a good install program. We prefer a C program (faster),
4407# so one script is as good as another. But avoid the broken or
4408# incompatible versions:
4409# SysV /etc/install, /usr/sbin/install
4410# SunOS /usr/etc/install
4411# IRIX /sbin/install
4412# AIX /bin/install
4413# AmigaOS /C/install, which installs bootblocks on floppy discs
4414# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
4415# AFS /usr/afsws/bin/install, which mishandles nonexistent args
4416# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
4417# OS/2's system install, which has a completely different semantic
4418# ./install, which can be erroneously created by make from ./install.sh.
4419# Reject install programs that cannot install multiple files.
4420{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
4421$as_echo_n "checking for a BSD-compatible install... " >&6; }
4422if test -z "$INSTALL"; then
4423if ${ac_cv_path_install+:} false; then :
4424 $as_echo_n "(cached) " >&6
4425else
4426 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4427for as_dir in $PATH
4428do
4429 IFS=$as_save_IFS
4430 test -z "$as_dir" && as_dir=.
4431 # Account for people who put trailing slashes in PATH elements.
4432case $as_dir/ in #((
4433 ./ | .// | /[cC]/* | \
4434 /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
4435 ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
4436 /usr/ucb/* ) ;;
4437 *)
4438 # OSF1 and SCO ODT 3.0 have their own names for install.
4439 # Don't use installbsd from OSF since it installs stuff as root
4440 # by default.
4441 for ac_prog in ginstall scoinst install; do
4442 for ac_exec_ext in '' $ac_executable_extensions; do
4443 if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
4444 if test $ac_prog = install &&
4445 grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
4446 # AIX install. It has an incompatible calling convention.
4447 :
4448 elif test $ac_prog = install &&
4449 grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
4450 # program-specific install script used by HP pwplus--don't use.
4451 :
4452 else
4453 rm -rf conftest.one conftest.two conftest.dir
4454 echo one > conftest.one
4455 echo two > conftest.two
4456 mkdir conftest.dir
4457 if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
4458 test -s conftest.one && test -s conftest.two &&
4459 test -s conftest.dir/conftest.one &&
4460 test -s conftest.dir/conftest.two
4461 then
4462 ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
4463 break 3
4464 fi
4465 fi
4466 fi
4467 done
4468 done
4469 ;;
4470esac
4471
4472 done
4473IFS=$as_save_IFS
4474
4475rm -rf conftest.one conftest.two conftest.dir
4476
4477fi
4478 if test "${ac_cv_path_install+set}" = set; then
4479 INSTALL=$ac_cv_path_install
4480 else
4481 # As a last resort, use the slow shell script. Don't cache a
4482 # value for INSTALL within a source directory, because that will
4483 # break other packages using the cache if that directory is
4484 # removed, or if the value is a relative name.
4485 INSTALL=$ac_install_sh
4486 fi
4487fi
4488{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
4489$as_echo "$INSTALL" >&6; }
4490
4491# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
4492# It thinks the first close brace ends the variable substitution.
4493test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
4494
4495test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
4496
4497test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
4498
4499{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
4500$as_echo_n "checking for egrep... " >&6; }
4501if ${ac_cv_path_EGREP+:} false; then :
4502 $as_echo_n "(cached) " >&6
4503else
4504 if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
4505 then ac_cv_path_EGREP="$GREP -E"
4506 else
4507 if test -z "$EGREP"; then
4508 ac_path_EGREP_found=false
4509 # Loop through the user's path and test for each of PROGNAME-LIST
4510 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4511for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
4512do
4513 IFS=$as_save_IFS
4514 test -z "$as_dir" && as_dir=.
4515 for ac_prog in egrep; do
4516 for ac_exec_ext in '' $ac_executable_extensions; do
4517 ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
4518 as_fn_executable_p "$ac_path_EGREP" || continue
4519# Check for GNU ac_path_EGREP and select it if it is found.
4520 # Check for GNU $ac_path_EGREP
4521case `"$ac_path_EGREP" --version 2>&1` in
4522*GNU*)
4523 ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
4524*)
4525 ac_count=0
4526 $as_echo_n 0123456789 >"conftest.in"
4527 while :
4528 do
4529 cat "conftest.in" "conftest.in" >"conftest.tmp"
4530 mv "conftest.tmp" "conftest.in"
4531 cp "conftest.in" "conftest.nl"
4532 $as_echo 'EGREP' >> "conftest.nl"
4533 "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
4534 diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
4535 as_fn_arith $ac_count + 1 && ac_count=$as_val
4536 if test $ac_count -gt ${ac_path_EGREP_max-0}; then
4537 # Best one so far, save it but keep looking for a better one
4538 ac_cv_path_EGREP="$ac_path_EGREP"
4539 ac_path_EGREP_max=$ac_count
4540 fi
4541 # 10*(2^10) chars as input seems more than enough
4542 test $ac_count -gt 10 && break
4543 done
4544 rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
4545esac
4546
4547 $ac_path_EGREP_found && break 3
4548 done
4549 done
4550 done
4551IFS=$as_save_IFS
4552 if test -z "$ac_cv_path_EGREP"; then
4553 as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
4554 fi
4555else
4556 ac_cv_path_EGREP=$EGREP
4557fi
4558
4559 fi
4560fi
4561{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
4562$as_echo "$ac_cv_path_EGREP" >&6; }
4563 EGREP="$ac_cv_path_EGREP"
4564
4565
4566if test -n "$ac_tool_prefix"; then
4567 for ac_prog in ar
4568 do
4569 # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
4570set dummy $ac_tool_prefix$ac_prog; ac_word=$2
4571{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4572$as_echo_n "checking for $ac_word... " >&6; }
4573if ${ac_cv_prog_AR+:} false; then :
4574 $as_echo_n "(cached) " >&6
4575else
4576 if test -n "$AR"; then
4577 ac_cv_prog_AR="$AR" # Let the user override the test.
4578else
4579as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4580for as_dir in $PATH
4581do
4582 IFS=$as_save_IFS
4583 test -z "$as_dir" && as_dir=.
4584 for ac_exec_ext in '' $ac_executable_extensions; do
4585 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4586 ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
4587 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4588 break 2
4589 fi
4590done
4591 done
4592IFS=$as_save_IFS
4593
4594fi
4595fi
4596AR=$ac_cv_prog_AR
4597if test -n "$AR"; then
4598 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
4599$as_echo "$AR" >&6; }
4600else
4601 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4602$as_echo "no" >&6; }
4603fi
4604
4605
4606 test -n "$AR" && break
4607 done
4608fi
4609if test -z "$AR"; then
4610 ac_ct_AR=$AR
4611 for ac_prog in ar
4612do
4613 # Extract the first word of "$ac_prog", so it can be a program name with args.
4614set dummy $ac_prog; ac_word=$2
4615{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4616$as_echo_n "checking for $ac_word... " >&6; }
4617if ${ac_cv_prog_ac_ct_AR+:} false; then :
4618 $as_echo_n "(cached) " >&6
4619else
4620 if test -n "$ac_ct_AR"; then
4621 ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
4622else
4623as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4624for as_dir in $PATH
4625do
4626 IFS=$as_save_IFS
4627 test -z "$as_dir" && as_dir=.
4628 for ac_exec_ext in '' $ac_executable_extensions; do
4629 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4630 ac_cv_prog_ac_ct_AR="$ac_prog"
4631 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4632 break 2
4633 fi
4634done
4635 done
4636IFS=$as_save_IFS
4637
4638fi
4639fi
4640ac_ct_AR=$ac_cv_prog_ac_ct_AR
4641if test -n "$ac_ct_AR"; then
4642 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
4643$as_echo "$ac_ct_AR" >&6; }
4644else
4645 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4646$as_echo "no" >&6; }
4647fi
4648
4649
4650 test -n "$ac_ct_AR" && break
4651done
4652
4653 if test "x$ac_ct_AR" = x; then
4654 AR=""
4655 else
4656 case $cross_compiling:$ac_tool_warned in
4657yes:)
4658{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
4659$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
4660ac_tool_warned=yes ;;
4661esac
4662 AR=$ac_ct_AR
4663 fi
4664fi
4665
4666# Extract the first word of "cat", so it can be a program name with args.
4667set dummy cat; ac_word=$2
4668{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4669$as_echo_n "checking for $ac_word... " >&6; }
4670if ${ac_cv_path_CAT+:} false; then :
4671 $as_echo_n "(cached) " >&6
4672else
4673 case $CAT in
4674 [\\/]* | ?:[\\/]*)
4675 ac_cv_path_CAT="$CAT" # Let the user override the test with a path.
4676 ;;
4677 *)
4678 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4679for as_dir in $PATH
4680do
4681 IFS=$as_save_IFS
4682 test -z "$as_dir" && as_dir=.
4683 for ac_exec_ext in '' $ac_executable_extensions; do
4684 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4685 ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext"
4686 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4687 break 2
4688 fi
4689done
4690 done
4691IFS=$as_save_IFS
4692
4693 ;;
4694esac
4695fi
4696CAT=$ac_cv_path_CAT
4697if test -n "$CAT"; then
4698 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5
4699$as_echo "$CAT" >&6; }
4700else
4701 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4702$as_echo "no" >&6; }
4703fi
4704
4705
4706# Extract the first word of "kill", so it can be a program name with args.
4707set dummy kill; ac_word=$2
4708{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4709$as_echo_n "checking for $ac_word... " >&6; }
4710if ${ac_cv_path_KILL+:} false; then :
4711 $as_echo_n "(cached) " >&6
4712else
4713 case $KILL in
4714 [\\/]* | ?:[\\/]*)
4715 ac_cv_path_KILL="$KILL" # Let the user override the test with a path.
4716 ;;
4717 *)
4718 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4719for as_dir in $PATH
4720do
4721 IFS=$as_save_IFS
4722 test -z "$as_dir" && as_dir=.
4723 for ac_exec_ext in '' $ac_executable_extensions; do
4724 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4725 ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext"
4726 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4727 break 2
4728 fi
4729done
4730 done
4731IFS=$as_save_IFS
4732
4733 ;;
4734esac
4735fi
4736KILL=$ac_cv_path_KILL
4737if test -n "$KILL"; then
4738 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5
4739$as_echo "$KILL" >&6; }
4740else
4741 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4742$as_echo "no" >&6; }
4743fi
4744
4745
4746for ac_prog in perl5 perl
4747do
4748 # Extract the first word of "$ac_prog", so it can be a program name with args.
4749set dummy $ac_prog; ac_word=$2
4750{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4751$as_echo_n "checking for $ac_word... " >&6; }
4752if ${ac_cv_path_PERL+:} false; then :
4753 $as_echo_n "(cached) " >&6
4754else
4755 case $PERL in
4756 [\\/]* | ?:[\\/]*)
4757 ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
4758 ;;
4759 *)
4760 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4761for as_dir in $PATH
4762do
4763 IFS=$as_save_IFS
4764 test -z "$as_dir" && as_dir=.
4765 for ac_exec_ext in '' $ac_executable_extensions; do
4766 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4767 ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
4768 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4769 break 2
4770 fi
4771done
4772 done
4773IFS=$as_save_IFS
4774
4775 ;;
4776esac
4777fi
4778PERL=$ac_cv_path_PERL
4779if test -n "$PERL"; then
4780 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
4781$as_echo "$PERL" >&6; }
4782else
4783 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4784$as_echo "no" >&6; }
4785fi
4786
4787
4788 test -n "$PERL" && break
4789done
4790
4791# Extract the first word of "sed", so it can be a program name with args.
4792set dummy sed; ac_word=$2
4793{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4794$as_echo_n "checking for $ac_word... " >&6; }
4795if ${ac_cv_path_SED+:} false; then :
4796 $as_echo_n "(cached) " >&6
4797else
4798 case $SED in
4799 [\\/]* | ?:[\\/]*)
4800 ac_cv_path_SED="$SED" # Let the user override the test with a path.
4801 ;;
4802 *)
4803 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4804for as_dir in $PATH
4805do
4806 IFS=$as_save_IFS
4807 test -z "$as_dir" && as_dir=.
4808 for ac_exec_ext in '' $ac_executable_extensions; do
4809 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4810 ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
4811 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4812 break 2
4813 fi
4814done
4815 done
4816IFS=$as_save_IFS
4817
4818 ;;
4819esac
4820fi
4821SED=$ac_cv_path_SED
4822if test -n "$SED"; then
4823 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5
4824$as_echo "$SED" >&6; }
4825else
4826 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4827$as_echo "no" >&6; }
4828fi
4829
4830
4831
4832# Extract the first word of "ent", so it can be a program name with args.
4833set dummy ent; ac_word=$2
4834{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4835$as_echo_n "checking for $ac_word... " >&6; }
4836if ${ac_cv_path_ENT+:} false; then :
4837 $as_echo_n "(cached) " >&6
4838else
4839 case $ENT in
4840 [\\/]* | ?:[\\/]*)
4841 ac_cv_path_ENT="$ENT" # Let the user override the test with a path.
4842 ;;
4843 *)
4844 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4845for as_dir in $PATH
4846do
4847 IFS=$as_save_IFS
4848 test -z "$as_dir" && as_dir=.
4849 for ac_exec_ext in '' $ac_executable_extensions; do
4850 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4851 ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext"
4852 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4853 break 2
4854 fi
4855done
4856 done
4857IFS=$as_save_IFS
4858
4859 ;;
4860esac
4861fi
4862ENT=$ac_cv_path_ENT
4863if test -n "$ENT"; then
4864 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5
4865$as_echo "$ENT" >&6; }
4866else
4867 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4868$as_echo "no" >&6; }
4869fi
4870
4871
4872
4873# Extract the first word of "bash", so it can be a program name with args.
4874set dummy bash; ac_word=$2
4875{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4876$as_echo_n "checking for $ac_word... " >&6; }
4877if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
4878 $as_echo_n "(cached) " >&6
4879else
4880 case $TEST_MINUS_S_SH in
4881 [\\/]* | ?:[\\/]*)
4882 ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
4883 ;;
4884 *)
4885 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4886for as_dir in $PATH
4887do
4888 IFS=$as_save_IFS
4889 test -z "$as_dir" && as_dir=.
4890 for ac_exec_ext in '' $ac_executable_extensions; do
4891 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4892 ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
4893 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4894 break 2
4895 fi
4896done
4897 done
4898IFS=$as_save_IFS
4899
4900 ;;
4901esac
4902fi
4903TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
4904if test -n "$TEST_MINUS_S_SH"; then
4905 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
4906$as_echo "$TEST_MINUS_S_SH" >&6; }
4907else
4908 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4909$as_echo "no" >&6; }
4910fi
4911
4912
4913# Extract the first word of "ksh", so it can be a program name with args.
4914set dummy ksh; ac_word=$2
4915{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4916$as_echo_n "checking for $ac_word... " >&6; }
4917if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
4918 $as_echo_n "(cached) " >&6
4919else
4920 case $TEST_MINUS_S_SH in
4921 [\\/]* | ?:[\\/]*)
4922 ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
4923 ;;
4924 *)
4925 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4926for as_dir in $PATH
4927do
4928 IFS=$as_save_IFS
4929 test -z "$as_dir" && as_dir=.
4930 for ac_exec_ext in '' $ac_executable_extensions; do
4931 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4932 ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
4933 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4934 break 2
4935 fi
4936done
4937 done
4938IFS=$as_save_IFS
4939
4940 ;;
4941esac
4942fi
4943TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
4944if test -n "$TEST_MINUS_S_SH"; then
4945 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
4946$as_echo "$TEST_MINUS_S_SH" >&6; }
4947else
4948 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4949$as_echo "no" >&6; }
4950fi
4951
4952
4953# Extract the first word of "sh", so it can be a program name with args.
4954set dummy sh; ac_word=$2
4955{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4956$as_echo_n "checking for $ac_word... " >&6; }
4957if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
4958 $as_echo_n "(cached) " >&6
4959else
4960 case $TEST_MINUS_S_SH in
4961 [\\/]* | ?:[\\/]*)
4962 ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
4963 ;;
4964 *)
4965 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
4966for as_dir in $PATH
4967do
4968 IFS=$as_save_IFS
4969 test -z "$as_dir" && as_dir=.
4970 for ac_exec_ext in '' $ac_executable_extensions; do
4971 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
4972 ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
4973 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
4974 break 2
4975 fi
4976done
4977 done
4978IFS=$as_save_IFS
4979
4980 ;;
4981esac
4982fi
4983TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
4984if test -n "$TEST_MINUS_S_SH"; then
4985 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
4986$as_echo "$TEST_MINUS_S_SH" >&6; }
4987else
4988 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
4989$as_echo "no" >&6; }
4990fi
4991
4992
4993# Extract the first word of "sh", so it can be a program name with args.
4994set dummy sh; ac_word=$2
4995{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
4996$as_echo_n "checking for $ac_word... " >&6; }
4997if ${ac_cv_path_SH+:} false; then :
4998 $as_echo_n "(cached) " >&6
4999else
5000 case $SH in
5001 [\\/]* | ?:[\\/]*)
5002 ac_cv_path_SH="$SH" # Let the user override the test with a path.
5003 ;;
5004 *)
5005 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5006for as_dir in $PATH
5007do
5008 IFS=$as_save_IFS
5009 test -z "$as_dir" && as_dir=.
5010 for ac_exec_ext in '' $ac_executable_extensions; do
5011 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5012 ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
5013 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5014 break 2
5015 fi
5016done
5017 done
5018IFS=$as_save_IFS
5019
5020 ;;
5021esac
5022fi
5023SH=$ac_cv_path_SH
5024if test -n "$SH"; then
5025 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
5026$as_echo "$SH" >&6; }
5027else
5028 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5029$as_echo "no" >&6; }
5030fi
5031
5032
5033# Extract the first word of "groff", so it can be a program name with args.
5034set dummy groff; ac_word=$2
5035{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5036$as_echo_n "checking for $ac_word... " >&6; }
5037if ${ac_cv_path_GROFF+:} false; then :
5038 $as_echo_n "(cached) " >&6
5039else
5040 case $GROFF in
5041 [\\/]* | ?:[\\/]*)
5042 ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
5043 ;;
5044 *)
5045 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5046for as_dir in $PATH
5047do
5048 IFS=$as_save_IFS
5049 test -z "$as_dir" && as_dir=.
5050 for ac_exec_ext in '' $ac_executable_extensions; do
5051 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5052 ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
5053 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5054 break 2
5055 fi
5056done
5057 done
5058IFS=$as_save_IFS
5059
5060 ;;
5061esac
5062fi
5063GROFF=$ac_cv_path_GROFF
5064if test -n "$GROFF"; then
5065 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5
5066$as_echo "$GROFF" >&6; }
5067else
5068 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5069$as_echo "no" >&6; }
5070fi
5071
5072
5073# Extract the first word of "nroff", so it can be a program name with args.
5074set dummy nroff; ac_word=$2
5075{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5076$as_echo_n "checking for $ac_word... " >&6; }
5077if ${ac_cv_path_NROFF+:} false; then :
5078 $as_echo_n "(cached) " >&6
5079else
5080 case $NROFF in
5081 [\\/]* | ?:[\\/]*)
5082 ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
5083 ;;
5084 *)
5085 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5086for as_dir in $PATH
5087do
5088 IFS=$as_save_IFS
5089 test -z "$as_dir" && as_dir=.
5090 for ac_exec_ext in '' $ac_executable_extensions; do
5091 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5092 ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
5093 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5094 break 2
5095 fi
5096done
5097 done
5098IFS=$as_save_IFS
5099
5100 ;;
5101esac
5102fi
5103NROFF=$ac_cv_path_NROFF
5104if test -n "$NROFF"; then
5105 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
5106$as_echo "$NROFF" >&6; }
5107else
5108 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5109$as_echo "no" >&6; }
5110fi
5111
5112
5113# Extract the first word of "mandoc", so it can be a program name with args.
5114set dummy mandoc; ac_word=$2
5115{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5116$as_echo_n "checking for $ac_word... " >&6; }
5117if ${ac_cv_path_MANDOC+:} false; then :
5118 $as_echo_n "(cached) " >&6
5119else
5120 case $MANDOC in
5121 [\\/]* | ?:[\\/]*)
5122 ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path.
5123 ;;
5124 *)
5125 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5126for as_dir in $PATH
5127do
5128 IFS=$as_save_IFS
5129 test -z "$as_dir" && as_dir=.
5130 for ac_exec_ext in '' $ac_executable_extensions; do
5131 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5132 ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext"
5133 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5134 break 2
5135 fi
5136done
5137 done
5138IFS=$as_save_IFS
5139
5140 ;;
5141esac
5142fi
5143MANDOC=$ac_cv_path_MANDOC
5144if test -n "$MANDOC"; then
5145 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5
5146$as_echo "$MANDOC" >&6; }
5147else
5148 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5149$as_echo "no" >&6; }
5150fi
5151
5152
5153TEST_SHELL=sh
5154
5155
5156if test "x$MANDOC" != "x" ; then
5157 MANFMT="$MANDOC"
5158elif test "x$NROFF" != "x" ; then
5159 MANFMT="$NROFF -mandoc"
5160elif test "x$GROFF" != "x" ; then
5161 MANFMT="$GROFF -mandoc -Tascii"
5162else
5163 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5
5164$as_echo "$as_me: WARNING: no manpage formatted found" >&2;}
5165 MANFMT="false"
5166fi
5167
5168
5169# Extract the first word of "groupadd", so it can be a program name with args.
5170set dummy groupadd; ac_word=$2
5171{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5172$as_echo_n "checking for $ac_word... " >&6; }
5173if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then :
5174 $as_echo_n "(cached) " >&6
5175else
5176 case $PATH_GROUPADD_PROG in
5177 [\\/]* | ?:[\\/]*)
5178 ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path.
5179 ;;
5180 *)
5181 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5182for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
5183do
5184 IFS=$as_save_IFS
5185 test -z "$as_dir" && as_dir=.
5186 for ac_exec_ext in '' $ac_executable_extensions; do
5187 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5188 ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext"
5189 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5190 break 2
5191 fi
5192done
5193 done
5194IFS=$as_save_IFS
5195
5196 test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd"
5197 ;;
5198esac
5199fi
5200PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG
5201if test -n "$PATH_GROUPADD_PROG"; then
5202 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5
5203$as_echo "$PATH_GROUPADD_PROG" >&6; }
5204else
5205 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5206$as_echo "no" >&6; }
5207fi
5208
5209
5210# Extract the first word of "useradd", so it can be a program name with args.
5211set dummy useradd; ac_word=$2
5212{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5213$as_echo_n "checking for $ac_word... " >&6; }
5214if ${ac_cv_path_PATH_USERADD_PROG+:} false; then :
5215 $as_echo_n "(cached) " >&6
5216else
5217 case $PATH_USERADD_PROG in
5218 [\\/]* | ?:[\\/]*)
5219 ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path.
5220 ;;
5221 *)
5222 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5223for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
5224do
5225 IFS=$as_save_IFS
5226 test -z "$as_dir" && as_dir=.
5227 for ac_exec_ext in '' $ac_executable_extensions; do
5228 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5229 ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext"
5230 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5231 break 2
5232 fi
5233done
5234 done
5235IFS=$as_save_IFS
5236
5237 test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd"
5238 ;;
5239esac
5240fi
5241PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG
5242if test -n "$PATH_USERADD_PROG"; then
5243 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5
5244$as_echo "$PATH_USERADD_PROG" >&6; }
5245else
5246 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5247$as_echo "no" >&6; }
5248fi
5249
5250
5251# Extract the first word of "pkgmk", so it can be a program name with args.
5252set dummy pkgmk; ac_word=$2
5253{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5254$as_echo_n "checking for $ac_word... " >&6; }
5255if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then :
5256 $as_echo_n "(cached) " >&6
5257else
5258 if test -n "$MAKE_PACKAGE_SUPPORTED"; then
5259 ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test.
5260else
5261as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5262for as_dir in $PATH
5263do
5264 IFS=$as_save_IFS
5265 test -z "$as_dir" && as_dir=.
5266 for ac_exec_ext in '' $ac_executable_extensions; do
5267 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5268 ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes"
5269 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5270 break 2
5271 fi
5272done
5273 done
5274IFS=$as_save_IFS
5275
5276 test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no"
5277fi
5278fi
5279MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED
5280if test -n "$MAKE_PACKAGE_SUPPORTED"; then
5281 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5
5282$as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; }
5283else
5284 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5285$as_echo "no" >&6; }
5286fi
5287
5288
5289if test -x /sbin/sh; then
5290 STARTUP_SCRIPT_SHELL=/sbin/sh
5291
5292else
5293 STARTUP_SCRIPT_SHELL=/bin/sh
5294
5295fi
5296
5297# System features
5298# Check whether --enable-largefile was given.
5299if test "${enable_largefile+set}" = set; then :
5300 enableval=$enable_largefile;
5301fi
5302
5303if test "$enable_largefile" != no; then
5304
5305 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
5306$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
5307if ${ac_cv_sys_largefile_CC+:} false; then :
5308 $as_echo_n "(cached) " >&6
5309else
5310 ac_cv_sys_largefile_CC=no
5311 if test "$GCC" != yes; then
5312 ac_save_CC=$CC
5313 while :; do
5314 # IRIX 6.2 and later do not support large files by default,
5315 # so use the C compiler's -n32 option if that helps.
5316 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5317/* end confdefs.h. */
5318#include <sys/types.h>
5319 /* Check that off_t can represent 2**63 - 1 correctly.
5320 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5321 since some C++ compilers masquerading as C compilers
5322 incorrectly reject 9223372036854775807. */
5323#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5324 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5325 && LARGE_OFF_T % 2147483647 == 1)
5326 ? 1 : -1];
5327int
5328main ()
5329{
5330
5331 ;
5332 return 0;
5333}
5334_ACEOF
5335 if ac_fn_c_try_compile "$LINENO"; then :
5336 break
5337fi
5338rm -f core conftest.err conftest.$ac_objext
5339 CC="$CC -n32"
5340 if ac_fn_c_try_compile "$LINENO"; then :
5341 ac_cv_sys_largefile_CC=' -n32'; break
5342fi
5343rm -f core conftest.err conftest.$ac_objext
5344 break
5345 done
5346 CC=$ac_save_CC
5347 rm -f conftest.$ac_ext
5348 fi
5349fi
5350{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
5351$as_echo "$ac_cv_sys_largefile_CC" >&6; }
5352 if test "$ac_cv_sys_largefile_CC" != no; then
5353 CC=$CC$ac_cv_sys_largefile_CC
5354 fi
5355
5356 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
5357$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
5358if ${ac_cv_sys_file_offset_bits+:} false; then :
5359 $as_echo_n "(cached) " >&6
5360else
5361 while :; do
5362 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5363/* end confdefs.h. */
5364#include <sys/types.h>
5365 /* Check that off_t can represent 2**63 - 1 correctly.
5366 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5367 since some C++ compilers masquerading as C compilers
5368 incorrectly reject 9223372036854775807. */
5369#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5370 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5371 && LARGE_OFF_T % 2147483647 == 1)
5372 ? 1 : -1];
5373int
5374main ()
5375{
5376
5377 ;
5378 return 0;
5379}
5380_ACEOF
5381if ac_fn_c_try_compile "$LINENO"; then :
5382 ac_cv_sys_file_offset_bits=no; break
5383fi
5384rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5385 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5386/* end confdefs.h. */
5387#define _FILE_OFFSET_BITS 64
5388#include <sys/types.h>
5389 /* Check that off_t can represent 2**63 - 1 correctly.
5390 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5391 since some C++ compilers masquerading as C compilers
5392 incorrectly reject 9223372036854775807. */
5393#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5394 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5395 && LARGE_OFF_T % 2147483647 == 1)
5396 ? 1 : -1];
5397int
5398main ()
5399{
5400
5401 ;
5402 return 0;
5403}
5404_ACEOF
5405if ac_fn_c_try_compile "$LINENO"; then :
5406 ac_cv_sys_file_offset_bits=64; break
5407fi
5408rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5409 ac_cv_sys_file_offset_bits=unknown
5410 break
5411done
5412fi
5413{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
5414$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
5415case $ac_cv_sys_file_offset_bits in #(
5416 no | unknown) ;;
5417 *)
5418cat >>confdefs.h <<_ACEOF
5419#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
5420_ACEOF
5421;;
5422esac
5423rm -rf conftest*
5424 if test $ac_cv_sys_file_offset_bits = unknown; then
5425 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
5426$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
5427if ${ac_cv_sys_large_files+:} false; then :
5428 $as_echo_n "(cached) " >&6
5429else
5430 while :; do
5431 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5432/* end confdefs.h. */
5433#include <sys/types.h>
5434 /* Check that off_t can represent 2**63 - 1 correctly.
5435 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5436 since some C++ compilers masquerading as C compilers
5437 incorrectly reject 9223372036854775807. */
5438#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5439 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5440 && LARGE_OFF_T % 2147483647 == 1)
5441 ? 1 : -1];
5442int
5443main ()
5444{
5445
5446 ;
5447 return 0;
5448}
5449_ACEOF
5450if ac_fn_c_try_compile "$LINENO"; then :
5451 ac_cv_sys_large_files=no; break
5452fi
5453rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5454 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5455/* end confdefs.h. */
5456#define _LARGE_FILES 1
5457#include <sys/types.h>
5458 /* Check that off_t can represent 2**63 - 1 correctly.
5459 We can't simply define LARGE_OFF_T to be 9223372036854775807,
5460 since some C++ compilers masquerading as C compilers
5461 incorrectly reject 9223372036854775807. */
5462#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
5463 int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
5464 && LARGE_OFF_T % 2147483647 == 1)
5465 ? 1 : -1];
5466int
5467main ()
5468{
5469
5470 ;
5471 return 0;
5472}
5473_ACEOF
5474if ac_fn_c_try_compile "$LINENO"; then :
5475 ac_cv_sys_large_files=1; break
5476fi
5477rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5478 ac_cv_sys_large_files=unknown
5479 break
5480done
5481fi
5482{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
5483$as_echo "$ac_cv_sys_large_files" >&6; }
5484case $ac_cv_sys_large_files in #(
5485 no | unknown) ;;
5486 *)
5487cat >>confdefs.h <<_ACEOF
5488#define _LARGE_FILES $ac_cv_sys_large_files
5489_ACEOF
5490;;
5491esac
5492rm -rf conftest*
5493 fi
5494
5495
5496fi
5497
5498
5499if test -z "$AR" ; then
5500 as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5
5501fi
5502
5503# Extract the first word of "passwd", so it can be a program name with args.
5504set dummy passwd; ac_word=$2
5505{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
5506$as_echo_n "checking for $ac_word... " >&6; }
5507if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then :
5508 $as_echo_n "(cached) " >&6
5509else
5510 case $PATH_PASSWD_PROG in
5511 [\\/]* | ?:[\\/]*)
5512 ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path.
5513 ;;
5514 *)
5515 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
5516for as_dir in $PATH
5517do
5518 IFS=$as_save_IFS
5519 test -z "$as_dir" && as_dir=.
5520 for ac_exec_ext in '' $ac_executable_extensions; do
5521 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
5522 ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext"
5523 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
5524 break 2
5525 fi
5526done
5527 done
5528IFS=$as_save_IFS
5529
5530 ;;
5531esac
5532fi
5533PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG
5534if test -n "$PATH_PASSWD_PROG"; then
5535 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5
5536$as_echo "$PATH_PASSWD_PROG" >&6; }
5537else
5538 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5539$as_echo "no" >&6; }
5540fi
5541
5542
5543if test ! -z "$PATH_PASSWD_PROG" ; then
5544
5545cat >>confdefs.h <<_ACEOF
5546#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG"
5547_ACEOF
5548
5549fi
5550
5551if test -z "$LD" ; then
5552 LD=$CC
5553fi
5554
5555
5556{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
5557$as_echo_n "checking for inline... " >&6; }
5558if ${ac_cv_c_inline+:} false; then :
5559 $as_echo_n "(cached) " >&6
5560else
5561 ac_cv_c_inline=no
5562for ac_kw in inline __inline__ __inline; do
5563 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5564/* end confdefs.h. */
5565#ifndef __cplusplus
5566typedef int foo_t;
5567static $ac_kw foo_t static_foo () {return 0; }
5568$ac_kw foo_t foo () {return 0; }
5569#endif
5570
5571_ACEOF
5572if ac_fn_c_try_compile "$LINENO"; then :
5573 ac_cv_c_inline=$ac_kw
5574fi
5575rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5576 test "$ac_cv_c_inline" != no && break
5577done
5578
5579fi
5580{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
5581$as_echo "$ac_cv_c_inline" >&6; }
5582
5583case $ac_cv_c_inline in
5584 inline | yes) ;;
5585 *)
5586 case $ac_cv_c_inline in
5587 no) ac_val=;;
5588 *) ac_val=$ac_cv_c_inline;;
5589 esac
5590 cat >>confdefs.h <<_ACEOF
5591#ifndef __cplusplus
5592#define inline $ac_val
5593#endif
5594_ACEOF
5595 ;;
5596esac
5597
5598
5599ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
5600"
5601if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
5602 have_llong_max=1
5603fi
5604
5605ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" "
5606 #include <sys/types.h>
5607 #include <sys/param.h>
5608 #include <dev/systrace.h>
5609
5610"
5611if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then :
5612 have_systr_policy_kill=1
5613fi
5614
5615ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" "
5616 #include <sys/types.h>
5617 #include <sys/resource.h>
5618
5619"
5620if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then :
5621
5622$as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h
5623
5624fi
5625
5626ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" "
5627 #include <sys/types.h>
5628 #include <linux/prctl.h>
5629
5630"
5631if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then :
5632 have_linux_no_new_privs=1
5633fi
5634
5635
5636openssl=yes
5637ssh1=no
5638COMMENT_OUT_RSA1="#no ssh1#"
5639
5640# Check whether --with-openssl was given.
5641if test "${with_openssl+set}" = set; then :
5642 withval=$with_openssl; if test "x$withval" = "xno" ; then
5643 openssl=no
5644 ssh1=no
5645 fi
5646
5647
5648fi
5649
5650{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL will be used for cryptography" >&5
5651$as_echo_n "checking whether OpenSSL will be used for cryptography... " >&6; }
5652if test "x$openssl" = "xyes" ; then
5653 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5654$as_echo "yes" >&6; }
5655
5656cat >>confdefs.h <<_ACEOF
5657#define WITH_OPENSSL 1
5658_ACEOF
5659
5660else
5661 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5662$as_echo "no" >&6; }
5663fi
5664
5665
5666# Check whether --with-ssh1 was given.
5667if test "${with_ssh1+set}" = set; then :
5668 withval=$with_ssh1;
5669 if test "x$withval" = "xyes" ; then
5670 if test "x$openssl" = "xno" ; then
5671 as_fn_error $? "Cannot enable SSH protocol 1 with OpenSSL disabled" "$LINENO" 5
5672 fi
5673 ssh1=yes
5674 COMMENT_OUT_RSA1=""
5675 elif test "x$withval" = "xno" ; then
5676 ssh1=no
5677 else
5678 as_fn_error $? "unknown --with-ssh1 argument" "$LINENO" 5
5679 fi
5680
5681
5682fi
5683
5684{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SSH protocol 1 support is enabled" >&5
5685$as_echo_n "checking whether SSH protocol 1 support is enabled... " >&6; }
5686if test "x$ssh1" = "xyes" ; then
5687 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5688$as_echo "yes" >&6; }
5689
5690cat >>confdefs.h <<_ACEOF
5691#define WITH_SSH1 1
5692_ACEOF
5693
5694
5695else
5696 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5697$as_echo "no" >&6; }
5698fi
5699
5700use_stack_protector=1
5701use_toolchain_hardening=1
5702
5703# Check whether --with-stackprotect was given.
5704if test "${with_stackprotect+set}" = set; then :
5705 withval=$with_stackprotect;
5706 if test "x$withval" = "xno"; then
5707 use_stack_protector=0
5708 fi
5709fi
5710
5711
5712# Check whether --with-hardening was given.
5713if test "${with_hardening+set}" = set; then :
5714 withval=$with_hardening;
5715 if test "x$withval" = "xno"; then
5716 use_toolchain_hardening=0
5717 fi
5718fi
5719
5720
5721# We use -Werror for the tests only so that we catch warnings like "this is
5722# on by default" for things like -fPIE.
5723{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5
5724$as_echo_n "checking if $CC supports -Werror... " >&6; }
5725saved_CFLAGS="$CFLAGS"
5726CFLAGS="$CFLAGS -Werror"
5727cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5728/* end confdefs.h. */
5729int main(void) { return 0; }
5730_ACEOF
5731if ac_fn_c_try_compile "$LINENO"; then :
5732 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5733$as_echo "yes" >&6; }
5734 WERROR="-Werror"
5735else
5736 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5737$as_echo "no" >&6; }
5738 WERROR=""
5739
5740fi
5741rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5742CFLAGS="$saved_CFLAGS"
5743
5744if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
5745 {
5746 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5
5747$as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; }
5748 saved_CFLAGS="$CFLAGS"
5749 CFLAGS="$CFLAGS $WERROR -Qunused-arguments"
5750 _define_flag=""
5751 test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments"
5752 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5753/* end confdefs.h. */
5754
5755#include <stdlib.h>
5756#include <stdio.h>
5757int main(int argc, char **argv) {
5758 /* Some math to catch -ftrapv problems in the toolchain */
5759 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5760 float l = i * 2.1;
5761 double m = l / 0.5;
5762 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5763 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5764 exit(0);
5765}
5766
5767_ACEOF
5768if ac_fn_c_try_compile "$LINENO"; then :
5769
5770if `grep -i "unrecognized option" conftest.err >/dev/null`
5771then
5772 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5773$as_echo "no" >&6; }
5774 CFLAGS="$saved_CFLAGS"
5775else
5776 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5777$as_echo "yes" >&6; }
5778 CFLAGS="$saved_CFLAGS $_define_flag"
5779fi
5780else
5781 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5782$as_echo "no" >&6; }
5783 CFLAGS="$saved_CFLAGS"
5784
5785fi
5786rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5787}
5788 {
5789 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5
5790$as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; }
5791 saved_CFLAGS="$CFLAGS"
5792 CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option"
5793 _define_flag=""
5794 test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option"
5795 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5796/* end confdefs.h. */
5797
5798#include <stdlib.h>
5799#include <stdio.h>
5800int main(int argc, char **argv) {
5801 /* Some math to catch -ftrapv problems in the toolchain */
5802 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5803 float l = i * 2.1;
5804 double m = l / 0.5;
5805 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5806 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5807 exit(0);
5808}
5809
5810_ACEOF
5811if ac_fn_c_try_compile "$LINENO"; then :
5812
5813if `grep -i "unrecognized option" conftest.err >/dev/null`
5814then
5815 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5816$as_echo "no" >&6; }
5817 CFLAGS="$saved_CFLAGS"
5818else
5819 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5820$as_echo "yes" >&6; }
5821 CFLAGS="$saved_CFLAGS $_define_flag"
5822fi
5823else
5824 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5825$as_echo "no" >&6; }
5826 CFLAGS="$saved_CFLAGS"
5827
5828fi
5829rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5830}
5831 {
5832 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5
5833$as_echo_n "checking if $CC supports compile flag -Wall... " >&6; }
5834 saved_CFLAGS="$CFLAGS"
5835 CFLAGS="$CFLAGS $WERROR -Wall"
5836 _define_flag=""
5837 test "x$_define_flag" = "x" && _define_flag="-Wall"
5838 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5839/* end confdefs.h. */
5840
5841#include <stdlib.h>
5842#include <stdio.h>
5843int main(int argc, char **argv) {
5844 /* Some math to catch -ftrapv problems in the toolchain */
5845 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5846 float l = i * 2.1;
5847 double m = l / 0.5;
5848 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5849 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5850 exit(0);
5851}
5852
5853_ACEOF
5854if ac_fn_c_try_compile "$LINENO"; then :
5855
5856if `grep -i "unrecognized option" conftest.err >/dev/null`
5857then
5858 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5859$as_echo "no" >&6; }
5860 CFLAGS="$saved_CFLAGS"
5861else
5862 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5863$as_echo "yes" >&6; }
5864 CFLAGS="$saved_CFLAGS $_define_flag"
5865fi
5866else
5867 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5868$as_echo "no" >&6; }
5869 CFLAGS="$saved_CFLAGS"
5870
5871fi
5872rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5873}
5874 {
5875 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5
5876$as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; }
5877 saved_CFLAGS="$CFLAGS"
5878 CFLAGS="$CFLAGS $WERROR -Wpointer-arith"
5879 _define_flag=""
5880 test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith"
5881 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5882/* end confdefs.h. */
5883
5884#include <stdlib.h>
5885#include <stdio.h>
5886int main(int argc, char **argv) {
5887 /* Some math to catch -ftrapv problems in the toolchain */
5888 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5889 float l = i * 2.1;
5890 double m = l / 0.5;
5891 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5892 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5893 exit(0);
5894}
5895
5896_ACEOF
5897if ac_fn_c_try_compile "$LINENO"; then :
5898
5899if `grep -i "unrecognized option" conftest.err >/dev/null`
5900then
5901 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5902$as_echo "no" >&6; }
5903 CFLAGS="$saved_CFLAGS"
5904else
5905 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5906$as_echo "yes" >&6; }
5907 CFLAGS="$saved_CFLAGS $_define_flag"
5908fi
5909else
5910 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5911$as_echo "no" >&6; }
5912 CFLAGS="$saved_CFLAGS"
5913
5914fi
5915rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5916}
5917 {
5918 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5
5919$as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; }
5920 saved_CFLAGS="$CFLAGS"
5921 CFLAGS="$CFLAGS $WERROR -Wuninitialized"
5922 _define_flag=""
5923 test "x$_define_flag" = "x" && _define_flag="-Wuninitialized"
5924 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5925/* end confdefs.h. */
5926
5927#include <stdlib.h>
5928#include <stdio.h>
5929int main(int argc, char **argv) {
5930 /* Some math to catch -ftrapv problems in the toolchain */
5931 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5932 float l = i * 2.1;
5933 double m = l / 0.5;
5934 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5935 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5936 exit(0);
5937}
5938
5939_ACEOF
5940if ac_fn_c_try_compile "$LINENO"; then :
5941
5942if `grep -i "unrecognized option" conftest.err >/dev/null`
5943then
5944 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5945$as_echo "no" >&6; }
5946 CFLAGS="$saved_CFLAGS"
5947else
5948 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5949$as_echo "yes" >&6; }
5950 CFLAGS="$saved_CFLAGS $_define_flag"
5951fi
5952else
5953 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5954$as_echo "no" >&6; }
5955 CFLAGS="$saved_CFLAGS"
5956
5957fi
5958rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
5959}
5960 {
5961 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5
5962$as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; }
5963 saved_CFLAGS="$CFLAGS"
5964 CFLAGS="$CFLAGS $WERROR -Wsign-compare"
5965 _define_flag=""
5966 test "x$_define_flag" = "x" && _define_flag="-Wsign-compare"
5967 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
5968/* end confdefs.h. */
5969
5970#include <stdlib.h>
5971#include <stdio.h>
5972int main(int argc, char **argv) {
5973 /* Some math to catch -ftrapv problems in the toolchain */
5974 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
5975 float l = i * 2.1;
5976 double m = l / 0.5;
5977 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
5978 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
5979 exit(0);
5980}
5981
5982_ACEOF
5983if ac_fn_c_try_compile "$LINENO"; then :
5984
5985if `grep -i "unrecognized option" conftest.err >/dev/null`
5986then
5987 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5988$as_echo "no" >&6; }
5989 CFLAGS="$saved_CFLAGS"
5990else
5991 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
5992$as_echo "yes" >&6; }
5993 CFLAGS="$saved_CFLAGS $_define_flag"
5994fi
5995else
5996 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
5997$as_echo "no" >&6; }
5998 CFLAGS="$saved_CFLAGS"
5999
6000fi
6001rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6002}
6003 {
6004 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5
6005$as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; }
6006 saved_CFLAGS="$CFLAGS"
6007 CFLAGS="$CFLAGS $WERROR -Wformat-security"
6008 _define_flag=""
6009 test "x$_define_flag" = "x" && _define_flag="-Wformat-security"
6010 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6011/* end confdefs.h. */
6012
6013#include <stdlib.h>
6014#include <stdio.h>
6015int main(int argc, char **argv) {
6016 /* Some math to catch -ftrapv problems in the toolchain */
6017 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6018 float l = i * 2.1;
6019 double m = l / 0.5;
6020 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6021 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6022 exit(0);
6023}
6024
6025_ACEOF
6026if ac_fn_c_try_compile "$LINENO"; then :
6027
6028if `grep -i "unrecognized option" conftest.err >/dev/null`
6029then
6030 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6031$as_echo "no" >&6; }
6032 CFLAGS="$saved_CFLAGS"
6033else
6034 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6035$as_echo "yes" >&6; }
6036 CFLAGS="$saved_CFLAGS $_define_flag"
6037fi
6038else
6039 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6040$as_echo "no" >&6; }
6041 CFLAGS="$saved_CFLAGS"
6042
6043fi
6044rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6045}
6046 {
6047 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5
6048$as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; }
6049 saved_CFLAGS="$CFLAGS"
6050 CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess"
6051 _define_flag=""
6052 test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess"
6053 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6054/* end confdefs.h. */
6055
6056#include <stdlib.h>
6057#include <stdio.h>
6058int main(int argc, char **argv) {
6059 /* Some math to catch -ftrapv problems in the toolchain */
6060 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6061 float l = i * 2.1;
6062 double m = l / 0.5;
6063 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6064 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6065 exit(0);
6066}
6067
6068_ACEOF
6069if ac_fn_c_try_compile "$LINENO"; then :
6070
6071if `grep -i "unrecognized option" conftest.err >/dev/null`
6072then
6073 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6074$as_echo "no" >&6; }
6075 CFLAGS="$saved_CFLAGS"
6076else
6077 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6078$as_echo "yes" >&6; }
6079 CFLAGS="$saved_CFLAGS $_define_flag"
6080fi
6081else
6082 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6083$as_echo "no" >&6; }
6084 CFLAGS="$saved_CFLAGS"
6085
6086fi
6087rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6088}
6089 {
6090 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5
6091$as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; }
6092 saved_CFLAGS="$CFLAGS"
6093 CFLAGS="$CFLAGS $WERROR -Wpointer-sign"
6094 _define_flag="-Wno-pointer-sign"
6095 test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign"
6096 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6097/* end confdefs.h. */
6098
6099#include <stdlib.h>
6100#include <stdio.h>
6101int main(int argc, char **argv) {
6102 /* Some math to catch -ftrapv problems in the toolchain */
6103 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6104 float l = i * 2.1;
6105 double m = l / 0.5;
6106 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6107 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6108 exit(0);
6109}
6110
6111_ACEOF
6112if ac_fn_c_try_compile "$LINENO"; then :
6113
6114if `grep -i "unrecognized option" conftest.err >/dev/null`
6115then
6116 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6117$as_echo "no" >&6; }
6118 CFLAGS="$saved_CFLAGS"
6119else
6120 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6121$as_echo "yes" >&6; }
6122 CFLAGS="$saved_CFLAGS $_define_flag"
6123fi
6124else
6125 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6126$as_echo "no" >&6; }
6127 CFLAGS="$saved_CFLAGS"
6128
6129fi
6130rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6131}
6132 {
6133 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5
6134$as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; }
6135 saved_CFLAGS="$CFLAGS"
6136 CFLAGS="$CFLAGS $WERROR -Wunused-result"
6137 _define_flag="-Wno-unused-result"
6138 test "x$_define_flag" = "x" && _define_flag="-Wunused-result"
6139 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6140/* end confdefs.h. */
6141
6142#include <stdlib.h>
6143#include <stdio.h>
6144int main(int argc, char **argv) {
6145 /* Some math to catch -ftrapv problems in the toolchain */
6146 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6147 float l = i * 2.1;
6148 double m = l / 0.5;
6149 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6150 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6151 exit(0);
6152}
6153
6154_ACEOF
6155if ac_fn_c_try_compile "$LINENO"; then :
6156
6157if `grep -i "unrecognized option" conftest.err >/dev/null`
6158then
6159 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6160$as_echo "no" >&6; }
6161 CFLAGS="$saved_CFLAGS"
6162else
6163 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6164$as_echo "yes" >&6; }
6165 CFLAGS="$saved_CFLAGS $_define_flag"
6166fi
6167else
6168 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6169$as_echo "no" >&6; }
6170 CFLAGS="$saved_CFLAGS"
6171
6172fi
6173rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6174}
6175 {
6176 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5
6177$as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; }
6178 saved_CFLAGS="$CFLAGS"
6179 CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing"
6180 _define_flag=""
6181 test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing"
6182 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6183/* end confdefs.h. */
6184
6185#include <stdlib.h>
6186#include <stdio.h>
6187int main(int argc, char **argv) {
6188 /* Some math to catch -ftrapv problems in the toolchain */
6189 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6190 float l = i * 2.1;
6191 double m = l / 0.5;
6192 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6193 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6194 exit(0);
6195}
6196
6197_ACEOF
6198if ac_fn_c_try_compile "$LINENO"; then :
6199
6200if `grep -i "unrecognized option" conftest.err >/dev/null`
6201then
6202 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6203$as_echo "no" >&6; }
6204 CFLAGS="$saved_CFLAGS"
6205else
6206 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6207$as_echo "yes" >&6; }
6208 CFLAGS="$saved_CFLAGS $_define_flag"
6209fi
6210else
6211 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6212$as_echo "no" >&6; }
6213 CFLAGS="$saved_CFLAGS"
6214
6215fi
6216rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6217}
6218 {
6219 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5
6220$as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; }
6221 saved_CFLAGS="$CFLAGS"
6222 CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2"
6223 _define_flag=""
6224 test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2"
6225 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6226/* end confdefs.h. */
6227
6228#include <stdlib.h>
6229#include <stdio.h>
6230int main(int argc, char **argv) {
6231 /* Some math to catch -ftrapv problems in the toolchain */
6232 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6233 float l = i * 2.1;
6234 double m = l / 0.5;
6235 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6236 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
6237 exit(0);
6238}
6239
6240_ACEOF
6241if ac_fn_c_try_compile "$LINENO"; then :
6242
6243if `grep -i "unrecognized option" conftest.err >/dev/null`
6244then
6245 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6246$as_echo "no" >&6; }
6247 CFLAGS="$saved_CFLAGS"
6248else
6249 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6250$as_echo "yes" >&6; }
6251 CFLAGS="$saved_CFLAGS $_define_flag"
6252fi
6253else
6254 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6255$as_echo "no" >&6; }
6256 CFLAGS="$saved_CFLAGS"
6257
6258fi
6259rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6260}
6261 if test "x$use_toolchain_hardening" = "x1"; then
6262 {
6263 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5
6264$as_echo_n "checking if $LD supports link flag -Wl,-z,relro... " >&6; }
6265 saved_LDFLAGS="$LDFLAGS"
6266 LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro"
6267 _define_flag=""
6268 test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro"
6269 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6270/* end confdefs.h. */
6271
6272#include <stdlib.h>
6273#include <stdio.h>
6274int main(int argc, char **argv) {
6275 /* Some math to catch -ftrapv problems in the toolchain */
6276 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6277 float l = i * 2.1;
6278 double m = l / 0.5;
6279 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6280 long long p = n * o;
6281 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6282 exit(0);
6283}
6284
6285_ACEOF
6286if ac_fn_c_try_link "$LINENO"; then :
6287 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6288$as_echo "yes" >&6; }
6289 LDFLAGS="$saved_LDFLAGS $_define_flag"
6290else
6291 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6292$as_echo "no" >&6; }
6293 LDFLAGS="$saved_LDFLAGS"
6294
6295fi
6296rm -f core conftest.err conftest.$ac_objext \
6297 conftest$ac_exeext conftest.$ac_ext
6298}
6299 {
6300 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5
6301$as_echo_n "checking if $LD supports link flag -Wl,-z,now... " >&6; }
6302 saved_LDFLAGS="$LDFLAGS"
6303 LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now"
6304 _define_flag=""
6305 test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now"
6306 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6307/* end confdefs.h. */
6308
6309#include <stdlib.h>
6310#include <stdio.h>
6311int main(int argc, char **argv) {
6312 /* Some math to catch -ftrapv problems in the toolchain */
6313 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6314 float l = i * 2.1;
6315 double m = l / 0.5;
6316 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6317 long long p = n * o;
6318 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6319 exit(0);
6320}
6321
6322_ACEOF
6323if ac_fn_c_try_link "$LINENO"; then :
6324 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6325$as_echo "yes" >&6; }
6326 LDFLAGS="$saved_LDFLAGS $_define_flag"
6327else
6328 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6329$as_echo "no" >&6; }
6330 LDFLAGS="$saved_LDFLAGS"
6331
6332fi
6333rm -f core conftest.err conftest.$ac_objext \
6334 conftest$ac_exeext conftest.$ac_ext
6335}
6336 {
6337 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5
6338$as_echo_n "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; }
6339 saved_LDFLAGS="$LDFLAGS"
6340 LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack"
6341 _define_flag=""
6342 test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack"
6343 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6344/* end confdefs.h. */
6345
6346#include <stdlib.h>
6347#include <stdio.h>
6348int main(int argc, char **argv) {
6349 /* Some math to catch -ftrapv problems in the toolchain */
6350 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6351 float l = i * 2.1;
6352 double m = l / 0.5;
6353 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6354 long long p = n * o;
6355 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6356 exit(0);
6357}
6358
6359_ACEOF
6360if ac_fn_c_try_link "$LINENO"; then :
6361 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6362$as_echo "yes" >&6; }
6363 LDFLAGS="$saved_LDFLAGS $_define_flag"
6364else
6365 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6366$as_echo "no" >&6; }
6367 LDFLAGS="$saved_LDFLAGS"
6368
6369fi
6370rm -f core conftest.err conftest.$ac_objext \
6371 conftest$ac_exeext conftest.$ac_ext
6372}
6373 # NB. -ftrapv expects certain support functions to be present in
6374 # the compiler library (libgcc or similar) to detect integer operations
6375 # that can overflow. We must check that the result of enabling it
6376 # actually links. The test program compiled/linked includes a number
6377 # of integer operations that should exercise this.
6378 {
6379 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5
6380$as_echo_n "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; }
6381 saved_CFLAGS="$CFLAGS"
6382 CFLAGS="$CFLAGS $WERROR -ftrapv"
6383 _define_flag=""
6384 test "x$_define_flag" = "x" && _define_flag="-ftrapv"
6385 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6386/* end confdefs.h. */
6387
6388#include <stdlib.h>
6389#include <stdio.h>
6390int main(int argc, char **argv) {
6391 /* Some math to catch -ftrapv problems in the toolchain */
6392 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
6393 float l = i * 2.1;
6394 double m = l / 0.5;
6395 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
6396 long long int p = n * o;
6397 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
6398 exit(0);
6399}
6400
6401_ACEOF
6402if ac_fn_c_try_link "$LINENO"; then :
6403
6404if `grep -i "unrecognized option" conftest.err >/dev/null`
6405then
6406 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6407$as_echo "no" >&6; }
6408 CFLAGS="$saved_CFLAGS"
6409else
6410 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6411$as_echo "yes" >&6; }
6412 CFLAGS="$saved_CFLAGS $_define_flag"
6413fi
6414else
6415 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6416$as_echo "no" >&6; }
6417 CFLAGS="$saved_CFLAGS"
6418
6419fi
6420rm -f core conftest.err conftest.$ac_objext \
6421 conftest$ac_exeext conftest.$ac_ext
6422}
6423 fi
6424 { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5
6425$as_echo_n "checking gcc version... " >&6; }
6426 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
6427 case $GCC_VER in
6428 1.*) no_attrib_nonnull=1 ;;
6429 2.8* | 2.9*)
6430 no_attrib_nonnull=1
6431 ;;
6432 2.*) no_attrib_nonnull=1 ;;
6433 *) ;;
6434 esac
6435 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5
6436$as_echo "$GCC_VER" >&6; }
6437
6438 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5
6439$as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; }
6440 saved_CFLAGS="$CFLAGS"
6441 CFLAGS="$CFLAGS -fno-builtin-memset"
6442 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6443/* end confdefs.h. */
6444 #include <string.h>
6445int
6446main ()
6447{
6448 char b[10]; memset(b, 0, sizeof(b));
6449 ;
6450 return 0;
6451}
6452_ACEOF
6453if ac_fn_c_try_link "$LINENO"; then :
6454 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6455$as_echo "yes" >&6; }
6456else
6457 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6458$as_echo "no" >&6; }
6459 CFLAGS="$saved_CFLAGS"
6460
6461fi
6462rm -f core conftest.err conftest.$ac_objext \
6463 conftest$ac_exeext conftest.$ac_ext
6464
6465 # -fstack-protector-all doesn't always work for some GCC versions
6466 # and/or platforms, so we test if we can. If it's not supported
6467 # on a given platform gcc will emit a warning so we use -Werror.
6468 if test "x$use_stack_protector" = "x1"; then
6469 for t in -fstack-protector-strong -fstack-protector-all \
6470 -fstack-protector; do
6471 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5
6472$as_echo_n "checking if $CC supports $t... " >&6; }
6473 saved_CFLAGS="$CFLAGS"
6474 saved_LDFLAGS="$LDFLAGS"
6475 CFLAGS="$CFLAGS $t -Werror"
6476 LDFLAGS="$LDFLAGS $t -Werror"
6477 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6478/* end confdefs.h. */
6479 #include <stdio.h>
6480int
6481main ()
6482{
6483
6484 char x[256];
6485 snprintf(x, sizeof(x), "XXX");
6486
6487 ;
6488 return 0;
6489}
6490_ACEOF
6491if ac_fn_c_try_link "$LINENO"; then :
6492 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6493$as_echo "yes" >&6; }
6494 CFLAGS="$saved_CFLAGS $t"
6495 LDFLAGS="$saved_LDFLAGS $t"
6496 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5
6497$as_echo_n "checking if $t works... " >&6; }
6498 if test "$cross_compiling" = yes; then :
6499 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5
6500$as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;}
6501 break
6502
6503else
6504 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6505/* end confdefs.h. */
6506 #include <stdio.h>
6507int
6508main ()
6509{
6510
6511 char x[256];
6512 snprintf(x, sizeof(x), "XXX");
6513
6514 ;
6515 return 0;
6516}
6517_ACEOF
6518if ac_fn_c_try_run "$LINENO"; then :
6519 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6520$as_echo "yes" >&6; }
6521 break
6522else
6523 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6524$as_echo "no" >&6; }
6525fi
6526rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
6527 conftest.$ac_objext conftest.beam conftest.$ac_ext
6528fi
6529
6530
6531else
6532 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6533$as_echo "no" >&6; }
6534
6535fi
6536rm -f core conftest.err conftest.$ac_objext \
6537 conftest$ac_exeext conftest.$ac_ext
6538 CFLAGS="$saved_CFLAGS"
6539 LDFLAGS="$saved_LDFLAGS"
6540 done
6541 fi
6542
6543 if test -z "$have_llong_max"; then
6544 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
6545 unset ac_cv_have_decl_LLONG_MAX
6546 saved_CFLAGS="$CFLAGS"
6547 CFLAGS="$CFLAGS -std=gnu99"
6548 ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
6549
6550"
6551if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
6552 have_llong_max=1
6553else
6554 CFLAGS="$saved_CFLAGS"
6555fi
6556
6557 fi
6558fi
6559
6560{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5
6561$as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; }
6562cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6563/* end confdefs.h. */
6564
6565#include <stdlib.h>
6566__attribute__((__unused__)) static void foo(void){return;}
6567int
6568main ()
6569{
6570 exit(0);
6571 ;
6572 return 0;
6573}
6574_ACEOF
6575if ac_fn_c_try_compile "$LINENO"; then :
6576 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6577$as_echo "yes" >&6; }
6578else
6579 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6580$as_echo "no" >&6; }
6581
6582$as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h
6583
6584
6585fi
6586rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6587
6588if test "x$no_attrib_nonnull" != "x1" ; then
6589
6590$as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h
6591
6592fi
6593
6594
6595# Check whether --with-rpath was given.
6596if test "${with_rpath+set}" = set; then :
6597 withval=$with_rpath;
6598 if test "x$withval" = "xno" ; then
6599 need_dash_r=""
6600 fi
6601 if test "x$withval" = "xyes" ; then
6602 need_dash_r=1
6603 fi
6604
6605
6606fi
6607
6608
6609# Allow user to specify flags
6610
6611# Check whether --with-cflags was given.
6612if test "${with_cflags+set}" = set; then :
6613 withval=$with_cflags;
6614 if test -n "$withval" && test "x$withval" != "xno" && \
6615 test "x${withval}" != "xyes"; then
6616 CFLAGS="$CFLAGS $withval"
6617 fi
6618
6619
6620fi
6621
6622
6623# Check whether --with-cppflags was given.
6624if test "${with_cppflags+set}" = set; then :
6625 withval=$with_cppflags;
6626 if test -n "$withval" && test "x$withval" != "xno" && \
6627 test "x${withval}" != "xyes"; then
6628 CPPFLAGS="$CPPFLAGS $withval"
6629 fi
6630
6631
6632fi
6633
6634
6635# Check whether --with-ldflags was given.
6636if test "${with_ldflags+set}" = set; then :
6637 withval=$with_ldflags;
6638 if test -n "$withval" && test "x$withval" != "xno" && \
6639 test "x${withval}" != "xyes"; then
6640 LDFLAGS="$LDFLAGS $withval"
6641 fi
6642
6643
6644fi
6645
6646
6647# Check whether --with-libs was given.
6648if test "${with_libs+set}" = set; then :
6649 withval=$with_libs;
6650 if test -n "$withval" && test "x$withval" != "xno" && \
6651 test "x${withval}" != "xyes"; then
6652 LIBS="$LIBS $withval"
6653 fi
6654
6655
6656fi
6657
6658
6659# Check whether --with-Werror was given.
6660if test "${with_Werror+set}" = set; then :
6661 withval=$with_Werror;
6662 if test -n "$withval" && test "x$withval" != "xno"; then
6663 werror_flags="-Werror"
6664 if test "x${withval}" != "xyes"; then
6665 werror_flags="$withval"
6666 fi
6667 fi
6668
6669
6670fi
6671
6672
6673for ac_header in \
6674 blf.h \
6675 bstring.h \
6676 crypt.h \
6677 crypto/sha2.h \
6678 dirent.h \
6679 endian.h \
6680 elf.h \
6681 err.h \
6682 features.h \
6683 fcntl.h \
6684 floatingpoint.h \
6685 getopt.h \
6686 glob.h \
6687 ia.h \
6688 iaf.h \
6689 inttypes.h \
6690 langinfo.h \
6691 limits.h \
6692 locale.h \
6693 login.h \
6694 maillock.h \
6695 ndir.h \
6696 net/if_tun.h \
6697 netdb.h \
6698 netgroup.h \
6699 pam/pam_appl.h \
6700 paths.h \
6701 poll.h \
6702 pty.h \
6703 readpassphrase.h \
6704 rpc/types.h \
6705 security/pam_appl.h \
6706 sha2.h \
6707 shadow.h \
6708 stddef.h \
6709 stdint.h \
6710 string.h \
6711 strings.h \
6712 sys/audit.h \
6713 sys/bitypes.h \
6714 sys/bsdtty.h \
6715 sys/capability.h \
6716 sys/cdefs.h \
6717 sys/dir.h \
6718 sys/mman.h \
6719 sys/ndir.h \
6720 sys/poll.h \
6721 sys/prctl.h \
6722 sys/pstat.h \
6723 sys/ptrace.h \
6724 sys/select.h \
6725 sys/stat.h \
6726 sys/stream.h \
6727 sys/stropts.h \
6728 sys/strtio.h \
6729 sys/statvfs.h \
6730 sys/sysmacros.h \
6731 sys/time.h \
6732 sys/timers.h \
6733 time.h \
6734 tmpdir.h \
6735 ttyent.h \
6736 ucred.h \
6737 unistd.h \
6738 usersec.h \
6739 util.h \
6740 utime.h \
6741 utmp.h \
6742 utmpx.h \
6743 vis.h \
6744 wchar.h \
6745
6746do :
6747 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
6748ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
6749if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
6750 cat >>confdefs.h <<_ACEOF
6751#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
6752_ACEOF
6753
6754fi
6755
6756done
6757
6758
6759# lastlog.h requires sys/time.h to be included first on Solaris
6760for ac_header in lastlog.h
6761do :
6762 ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" "
6763#ifdef HAVE_SYS_TIME_H
6764# include <sys/time.h>
6765#endif
6766
6767"
6768if test "x$ac_cv_header_lastlog_h" = xyes; then :
6769 cat >>confdefs.h <<_ACEOF
6770#define HAVE_LASTLOG_H 1
6771_ACEOF
6772
6773fi
6774
6775done
6776
6777
6778# sys/ptms.h requires sys/stream.h to be included first on Solaris
6779for ac_header in sys/ptms.h
6780do :
6781 ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" "
6782#ifdef HAVE_SYS_STREAM_H
6783# include <sys/stream.h>
6784#endif
6785
6786"
6787if test "x$ac_cv_header_sys_ptms_h" = xyes; then :
6788 cat >>confdefs.h <<_ACEOF
6789#define HAVE_SYS_PTMS_H 1
6790_ACEOF
6791
6792fi
6793
6794done
6795
6796
6797# login_cap.h requires sys/types.h on NetBSD
6798for ac_header in login_cap.h
6799do :
6800 ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "
6801#include <sys/types.h>
6802
6803"
6804if test "x$ac_cv_header_login_cap_h" = xyes; then :
6805 cat >>confdefs.h <<_ACEOF
6806#define HAVE_LOGIN_CAP_H 1
6807_ACEOF
6808
6809fi
6810
6811done
6812
6813
6814# older BSDs need sys/param.h before sys/mount.h
6815for ac_header in sys/mount.h
6816do :
6817 ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" "
6818#include <sys/param.h>
6819
6820"
6821if test "x$ac_cv_header_sys_mount_h" = xyes; then :
6822 cat >>confdefs.h <<_ACEOF
6823#define HAVE_SYS_MOUNT_H 1
6824_ACEOF
6825
6826fi
6827
6828done
6829
6830
6831# Android requires sys/socket.h to be included before sys/un.h
6832for ac_header in sys/un.h
6833do :
6834 ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" "
6835#include <sys/types.h>
6836#include <sys/socket.h>
6837
6838"
6839if test "x$ac_cv_header_sys_un_h" = xyes; then :
6840 cat >>confdefs.h <<_ACEOF
6841#define HAVE_SYS_UN_H 1
6842_ACEOF
6843
6844fi
6845
6846done
6847
6848
6849# Messages for features tested for in target-specific section
6850SIA_MSG="no"
6851SPC_MSG="no"
6852SP_MSG="no"
6853SPP_MSG="no"
6854
6855# Support for Solaris/Illumos privileges (this test is used by both
6856# the --with-solaris-privs option and --with-sandbox=solaris).
6857SOLARIS_PRIVS="no"
6858
6859# Check for some target-specific stuff
6860case "$host" in
6861*-*-aix*)
6862 # Some versions of VAC won't allow macro redefinitions at
6863 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
6864 # particularly with older versions of vac or xlc.
6865 # It also throws errors about null macro argments, but these are
6866 # not fatal.
6867 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5
6868$as_echo_n "checking if compiler allows macro redefinitions... " >&6; }
6869 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6870/* end confdefs.h. */
6871
6872#define testmacro foo
6873#define testmacro bar
6874int
6875main ()
6876{
6877 exit(0);
6878 ;
6879 return 0;
6880}
6881_ACEOF
6882if ac_fn_c_try_compile "$LINENO"; then :
6883 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
6884$as_echo "yes" >&6; }
6885else
6886 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
6887$as_echo "no" >&6; }
6888 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
6889 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
6890 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
6891 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
6892
6893
6894fi
6895rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
6896
6897 { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5
6898$as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; }
6899 if (test -z "$blibpath"); then
6900 blibpath="/usr/lib:/lib"
6901 fi
6902 saved_LDFLAGS="$LDFLAGS"
6903 if test "$GCC" = "yes"; then
6904 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
6905 else
6906 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
6907 fi
6908 for tryflags in $flags ;do
6909 if (test -z "$blibflags"); then
6910 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
6911 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6912/* end confdefs.h. */
6913
6914int
6915main ()
6916{
6917
6918 ;
6919 return 0;
6920}
6921_ACEOF
6922if ac_fn_c_try_link "$LINENO"; then :
6923 blibflags=$tryflags
6924fi
6925rm -f core conftest.err conftest.$ac_objext \
6926 conftest$ac_exeext conftest.$ac_ext
6927 fi
6928 done
6929 if (test -z "$blibflags"); then
6930 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
6931$as_echo "not found" >&6; }
6932 as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5
6933 else
6934 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5
6935$as_echo "$blibflags" >&6; }
6936 fi
6937 LDFLAGS="$saved_LDFLAGS"
6938 ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate"
6939if test "x$ac_cv_func_authenticate" = xyes; then :
6940
6941$as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
6942
6943else
6944 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5
6945$as_echo_n "checking for authenticate in -ls... " >&6; }
6946if ${ac_cv_lib_s_authenticate+:} false; then :
6947 $as_echo_n "(cached) " >&6
6948else
6949 ac_check_lib_save_LIBS=$LIBS
6950LIBS="-ls $LIBS"
6951cat confdefs.h - <<_ACEOF >conftest.$ac_ext
6952/* end confdefs.h. */
6953
6954/* Override any GCC internal prototype to avoid an error.
6955 Use char because int might match the return type of a GCC
6956 builtin and then its argument prototype would still apply. */
6957#ifdef __cplusplus
6958extern "C"
6959#endif
6960char authenticate ();
6961int
6962main ()
6963{
6964return authenticate ();
6965 ;
6966 return 0;
6967}
6968_ACEOF
6969if ac_fn_c_try_link "$LINENO"; then :
6970 ac_cv_lib_s_authenticate=yes
6971else
6972 ac_cv_lib_s_authenticate=no
6973fi
6974rm -f core conftest.err conftest.$ac_objext \
6975 conftest$ac_exeext conftest.$ac_ext
6976LIBS=$ac_check_lib_save_LIBS
6977fi
6978{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5
6979$as_echo "$ac_cv_lib_s_authenticate" >&6; }
6980if test "x$ac_cv_lib_s_authenticate" = xyes; then :
6981 $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
6982
6983 LIBS="$LIBS -ls"
6984
6985fi
6986
6987
6988fi
6989
6990 ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h>
6991"
6992if test "x$ac_cv_have_decl_authenticate" = xyes; then :
6993 ac_have_decl=1
6994else
6995 ac_have_decl=0
6996fi
6997
6998cat >>confdefs.h <<_ACEOF
6999#define HAVE_DECL_AUTHENTICATE $ac_have_decl
7000_ACEOF
7001ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h>
7002"
7003if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then :
7004 ac_have_decl=1
7005else
7006 ac_have_decl=0
7007fi
7008
7009cat >>confdefs.h <<_ACEOF
7010#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl
7011_ACEOF
7012ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h>
7013"
7014if test "x$ac_cv_have_decl_loginsuccess" = xyes; then :
7015 ac_have_decl=1
7016else
7017 ac_have_decl=0
7018fi
7019
7020cat >>confdefs.h <<_ACEOF
7021#define HAVE_DECL_LOGINSUCCESS $ac_have_decl
7022_ACEOF
7023ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h>
7024"
7025if test "x$ac_cv_have_decl_passwdexpired" = xyes; then :
7026 ac_have_decl=1
7027else
7028 ac_have_decl=0
7029fi
7030
7031cat >>confdefs.h <<_ACEOF
7032#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl
7033_ACEOF
7034ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h>
7035"
7036if test "x$ac_cv_have_decl_setauthdb" = xyes; then :
7037 ac_have_decl=1
7038else
7039 ac_have_decl=0
7040fi
7041
7042cat >>confdefs.h <<_ACEOF
7043#define HAVE_DECL_SETAUTHDB $ac_have_decl
7044_ACEOF
7045
7046 ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h>
7047
7048"
7049if test "x$ac_cv_have_decl_loginfailed" = xyes; then :
7050 ac_have_decl=1
7051else
7052 ac_have_decl=0
7053fi
7054
7055cat >>confdefs.h <<_ACEOF
7056#define HAVE_DECL_LOGINFAILED $ac_have_decl
7057_ACEOF
7058if test $ac_have_decl = 1; then :
7059 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5
7060$as_echo_n "checking if loginfailed takes 4 arguments... " >&6; }
7061 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7062/* end confdefs.h. */
7063 #include <usersec.h>
7064int
7065main ()
7066{
7067 (void)loginfailed("user","host","tty",0);
7068 ;
7069 return 0;
7070}
7071_ACEOF
7072if ac_fn_c_try_compile "$LINENO"; then :
7073 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7074$as_echo "yes" >&6; }
7075
7076$as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h
7077
7078else
7079 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7080$as_echo "no" >&6; }
7081
7082fi
7083rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
7084fi
7085
7086 for ac_func in getgrset setauthdb
7087do :
7088 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
7089ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
7090if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
7091 cat >>confdefs.h <<_ACEOF
7092#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
7093_ACEOF
7094
7095fi
7096done
7097
7098 ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h>
7099 #include <fcntl.h>
7100
7101"
7102if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then :
7103
7104$as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h
7105
7106fi
7107
7108 check_for_aix_broken_getaddrinfo=1
7109
7110$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
7111
7112
7113$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7114
7115
7116$as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7117
7118
7119$as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7120
7121
7122$as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
7123
7124
7125$as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
7126
7127
7128$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7129
7130
7131$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
7132
7133
7134$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h
7135
7136
7137$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
7138
7139 ;;
7140*-*-android*)
7141
7142$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
7143
7144
7145$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
7146
7147 ;;
7148*-*-cygwin*)
7149 check_for_libcrypt_later=1
7150 LIBS="$LIBS /usr/lib/textreadmode.o"
7151
7152$as_echo "#define HAVE_CYGWIN 1" >>confdefs.h
7153
7154
7155$as_echo "#define USE_PIPES 1" >>confdefs.h
7156
7157
7158$as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h
7159
7160
7161$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
7162
7163
7164$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
7165
7166
7167$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
7168
7169
7170$as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h
7171
7172
7173$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h
7174
7175 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
7176 # reasons which cause compile warnings, so we disable those warnings.
7177 {
7178 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5
7179$as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; }
7180 saved_CFLAGS="$CFLAGS"
7181 CFLAGS="$CFLAGS $WERROR -Wno-attributes"
7182 _define_flag=""
7183 test "x$_define_flag" = "x" && _define_flag="-Wno-attributes"
7184 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7185/* end confdefs.h. */
7186
7187#include <stdlib.h>
7188#include <stdio.h>
7189int main(int argc, char **argv) {
7190 /* Some math to catch -ftrapv problems in the toolchain */
7191 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
7192 float l = i * 2.1;
7193 double m = l / 0.5;
7194 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
7195 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
7196 exit(0);
7197}
7198
7199_ACEOF
7200if ac_fn_c_try_compile "$LINENO"; then :
7201
7202if `grep -i "unrecognized option" conftest.err >/dev/null`
7203then
7204 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7205$as_echo "no" >&6; }
7206 CFLAGS="$saved_CFLAGS"
7207else
7208 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7209$as_echo "yes" >&6; }
7210 CFLAGS="$saved_CFLAGS $_define_flag"
7211fi
7212else
7213 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7214$as_echo "no" >&6; }
7215 CFLAGS="$saved_CFLAGS"
7216
7217fi
7218rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
7219}
7220 ;;
7221*-*-dgux*)
7222
7223$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
7224
7225 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7226
7227 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7228
7229 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7230
7231 ;;
7232*-*-darwin*)
7233 use_pie=auto
7234 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5
7235$as_echo_n "checking if we have working getaddrinfo... " >&6; }
7236 if test "$cross_compiling" = yes; then :
7237 { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5
7238$as_echo "assume it is working" >&6; }
7239else
7240 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7241/* end confdefs.h. */
7242 #include <mach-o/dyld.h>
7243main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
7244 exit(0);
7245 else
7246 exit(1);
7247}
7248
7249_ACEOF
7250if ac_fn_c_try_run "$LINENO"; then :
7251 { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5
7252$as_echo "working" >&6; }
7253else
7254 { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5
7255$as_echo "buggy" >&6; }
7256
7257$as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
7258
7259
7260fi
7261rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
7262 conftest.$ac_objext conftest.beam conftest.$ac_ext
7263fi
7264
7265 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7266
7267 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7268
7269 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7270
7271
7272$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
7273
7274
7275cat >>confdefs.h <<_ACEOF
7276#define BIND_8_COMPAT 1
7277_ACEOF
7278
7279
7280$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
7281
7282
7283$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
7284
7285
7286$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
7287
7288
7289 ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default"
7290if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then :
7291
7292else
7293
7294$as_echo "#define AU_IPv4 0" >>confdefs.h
7295
7296 #include <bsm/audit.h>
7297
7298$as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h
7299
7300
7301fi
7302
7303
7304$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7305
7306 for ac_func in sandbox_init
7307do :
7308 ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init"
7309if test "x$ac_cv_func_sandbox_init" = xyes; then :
7310 cat >>confdefs.h <<_ACEOF
7311#define HAVE_SANDBOX_INIT 1
7312_ACEOF
7313
7314fi
7315done
7316
7317 for ac_header in sandbox.h
7318do :
7319 ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default"
7320if test "x$ac_cv_header_sandbox_h" = xyes; then :
7321 cat >>confdefs.h <<_ACEOF
7322#define HAVE_SANDBOX_H 1
7323_ACEOF
7324
7325fi
7326
7327done
7328
7329 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sandbox_apply in -lsandbox" >&5
7330$as_echo_n "checking for sandbox_apply in -lsandbox... " >&6; }
7331if ${ac_cv_lib_sandbox_sandbox_apply+:} false; then :
7332 $as_echo_n "(cached) " >&6
7333else
7334 ac_check_lib_save_LIBS=$LIBS
7335LIBS="-lsandbox $LIBS"
7336cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7337/* end confdefs.h. */
7338
7339/* Override any GCC internal prototype to avoid an error.
7340 Use char because int might match the return type of a GCC
7341 builtin and then its argument prototype would still apply. */
7342#ifdef __cplusplus
7343extern "C"
7344#endif
7345char sandbox_apply ();
7346int
7347main ()
7348{
7349return sandbox_apply ();
7350 ;
7351 return 0;
7352}
7353_ACEOF
7354if ac_fn_c_try_link "$LINENO"; then :
7355 ac_cv_lib_sandbox_sandbox_apply=yes
7356else
7357 ac_cv_lib_sandbox_sandbox_apply=no
7358fi
7359rm -f core conftest.err conftest.$ac_objext \
7360 conftest$ac_exeext conftest.$ac_ext
7361LIBS=$ac_check_lib_save_LIBS
7362fi
7363{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sandbox_sandbox_apply" >&5
7364$as_echo "$ac_cv_lib_sandbox_sandbox_apply" >&6; }
7365if test "x$ac_cv_lib_sandbox_sandbox_apply" = xyes; then :
7366
7367 SSHDLIBS="$SSHDLIBS -lsandbox"
7368
7369fi
7370
7371 ;;
7372*-*-dragonfly*)
7373 SSHDLIBS="$SSHDLIBS -lcrypt"
7374 TEST_MALLOC_OPTIONS="AFGJPRX"
7375 ;;
7376*-*-haiku*)
7377 LIBS="$LIBS -lbsd "
7378 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5
7379$as_echo_n "checking for socket in -lnetwork... " >&6; }
7380if ${ac_cv_lib_network_socket+:} false; then :
7381 $as_echo_n "(cached) " >&6
7382else
7383 ac_check_lib_save_LIBS=$LIBS
7384LIBS="-lnetwork $LIBS"
7385cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7386/* end confdefs.h. */
7387
7388/* Override any GCC internal prototype to avoid an error.
7389 Use char because int might match the return type of a GCC
7390 builtin and then its argument prototype would still apply. */
7391#ifdef __cplusplus
7392extern "C"
7393#endif
7394char socket ();
7395int
7396main ()
7397{
7398return socket ();
7399 ;
7400 return 0;
7401}
7402_ACEOF
7403if ac_fn_c_try_link "$LINENO"; then :
7404 ac_cv_lib_network_socket=yes
7405else
7406 ac_cv_lib_network_socket=no
7407fi
7408rm -f core conftest.err conftest.$ac_objext \
7409 conftest$ac_exeext conftest.$ac_ext
7410LIBS=$ac_check_lib_save_LIBS
7411fi
7412{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5
7413$as_echo "$ac_cv_lib_network_socket" >&6; }
7414if test "x$ac_cv_lib_network_socket" = xyes; then :
7415 cat >>confdefs.h <<_ACEOF
7416#define HAVE_LIBNETWORK 1
7417_ACEOF
7418
7419 LIBS="-lnetwork $LIBS"
7420
7421fi
7422
7423 $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
7424
7425 MANTYPE=man
7426 ;;
7427*-*-hpux*)
7428 # first we define all of the options common to all HP-UX releases
7429 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
7430 IPADDR_IN_DISPLAY=yes
7431 $as_echo "#define USE_PIPES 1" >>confdefs.h
7432
7433 $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
7434
7435
7436$as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h
7437
7438 $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h
7439
7440
7441$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
7442
7443 maildir="/var/mail"
7444 LIBS="$LIBS -lsec"
7445 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5
7446$as_echo_n "checking for t_error in -lxnet... " >&6; }
7447if ${ac_cv_lib_xnet_t_error+:} false; then :
7448 $as_echo_n "(cached) " >&6
7449else
7450 ac_check_lib_save_LIBS=$LIBS
7451LIBS="-lxnet $LIBS"
7452cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7453/* end confdefs.h. */
7454
7455/* Override any GCC internal prototype to avoid an error.
7456 Use char because int might match the return type of a GCC
7457 builtin and then its argument prototype would still apply. */
7458#ifdef __cplusplus
7459extern "C"
7460#endif
7461char t_error ();
7462int
7463main ()
7464{
7465return t_error ();
7466 ;
7467 return 0;
7468}
7469_ACEOF
7470if ac_fn_c_try_link "$LINENO"; then :
7471 ac_cv_lib_xnet_t_error=yes
7472else
7473 ac_cv_lib_xnet_t_error=no
7474fi
7475rm -f core conftest.err conftest.$ac_objext \
7476 conftest$ac_exeext conftest.$ac_ext
7477LIBS=$ac_check_lib_save_LIBS
7478fi
7479{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5
7480$as_echo "$ac_cv_lib_xnet_t_error" >&6; }
7481if test "x$ac_cv_lib_xnet_t_error" = xyes; then :
7482 cat >>confdefs.h <<_ACEOF
7483#define HAVE_LIBXNET 1
7484_ACEOF
7485
7486 LIBS="-lxnet $LIBS"
7487
7488else
7489 as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5
7490fi
7491
7492
7493 # next, we define all of the options specific to major releases
7494 case "$host" in
7495 *-*-hpux10*)
7496 if test -z "$GCC"; then
7497 CFLAGS="$CFLAGS -Ae"
7498 fi
7499 ;;
7500 *-*-hpux11*)
7501
7502$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
7503
7504
7505$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
7506
7507
7508$as_echo "#define USE_BTMP 1" >>confdefs.h
7509
7510 check_for_hpux_broken_getaddrinfo=1
7511 check_for_conflicting_getspnam=1
7512 ;;
7513 esac
7514
7515 # lastly, we define options specific to minor releases
7516 case "$host" in
7517 *-*-hpux10.26)
7518
7519$as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
7520
7521 disable_ptmx_check=yes
7522 LIBS="$LIBS -lsecpw"
7523 ;;
7524 esac
7525 ;;
7526*-*-irix5*)
7527 PATH="$PATH:/usr/etc"
7528
7529$as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
7530
7531 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7532
7533 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7534
7535 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7536
7537
7538$as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
7539
7540 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
7541
7542 ;;
7543*-*-irix6*)
7544 PATH="$PATH:/usr/etc"
7545
7546$as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h
7547
7548
7549$as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h
7550
7551
7552$as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h
7553
7554 ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob"
7555if test "x$ac_cv_func_jlimit_startjob" = xyes; then :
7556
7557$as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h
7558
7559fi
7560
7561 $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
7562
7563 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7564
7565 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7566
7567 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7568
7569
7570$as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
7571
7572 $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
7573
7574 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
7575
7576 ;;
7577*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
7578 check_for_libcrypt_later=1
7579 $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7580
7581 $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
7582
7583 $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7584
7585
7586$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
7587
7588
7589$as_echo "#define USE_BTMP 1" >>confdefs.h
7590
7591 ;;
7592*-*-linux*)
7593 no_dev_ptmx=1
7594 use_pie=auto
7595 check_for_libcrypt_later=1
7596 check_for_openpty_ctty_bug=1
7597 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
7598
7599$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7600
7601
7602$as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
7603
7604 $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
7605
7606
7607$as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h
7608
7609
7610$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
7611
7612 $as_echo "#define USE_BTMP 1" >>confdefs.h
7613
7614
7615$as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h
7616
7617 inet6_default_4in6=yes
7618 case `uname -r` in
7619 1.*|2.0.*)
7620
7621$as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h
7622
7623 ;;
7624 esac
7625 # tun(4) forwarding compat code
7626 for ac_header in linux/if_tun.h
7627do :
7628 ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default"
7629if test "x$ac_cv_header_linux_if_tun_h" = xyes; then :
7630 cat >>confdefs.h <<_ACEOF
7631#define HAVE_LINUX_IF_TUN_H 1
7632_ACEOF
7633
7634fi
7635
7636done
7637
7638 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
7639
7640$as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h
7641
7642
7643$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
7644
7645
7646$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
7647
7648 fi
7649 for ac_header in linux/seccomp.h linux/filter.h linux/audit.h
7650do :
7651 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
7652ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h>
7653"
7654if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
7655 cat >>confdefs.h <<_ACEOF
7656#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
7657_ACEOF
7658
7659fi
7660
7661done
7662
7663 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5
7664$as_echo_n "checking for seccomp architecture... " >&6; }
7665 seccomp_audit_arch=
7666 case "$host" in
7667 x86_64-*)
7668 seccomp_audit_arch=AUDIT_ARCH_X86_64
7669 ;;
7670 i*86-*)
7671 seccomp_audit_arch=AUDIT_ARCH_I386
7672 ;;
7673 arm*-*)
7674 seccomp_audit_arch=AUDIT_ARCH_ARM
7675 ;;
7676 aarch64*-*)
7677 seccomp_audit_arch=AUDIT_ARCH_AARCH64
7678 ;;
7679 s390x-*)
7680 seccomp_audit_arch=AUDIT_ARCH_S390X
7681 ;;
7682 s390-*)
7683 seccomp_audit_arch=AUDIT_ARCH_S390
7684 ;;
7685 powerpc64-*)
7686 seccomp_audit_arch=AUDIT_ARCH_PPC64
7687 ;;
7688 powerpc64le-*)
7689 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
7690 ;;
7691 mips-*)
7692 seccomp_audit_arch=AUDIT_ARCH_MIPS
7693 ;;
7694 mipsel-*)
7695 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
7696 ;;
7697 mips64-*)
7698 seccomp_audit_arch=AUDIT_ARCH_MIPS64
7699 ;;
7700 mips64el-*)
7701 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
7702 ;;
7703 esac
7704 if test "x$seccomp_audit_arch" != "x" ; then
7705 { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5
7706$as_echo "\"$seccomp_audit_arch\"" >&6; }
7707
7708cat >>confdefs.h <<_ACEOF
7709#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch
7710_ACEOF
7711
7712 else
7713 { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5
7714$as_echo "architecture not supported" >&6; }
7715 fi
7716 ;;
7717mips-sony-bsd|mips-sony-newsos4)
7718
7719$as_echo "#define NEED_SETPGRP 1" >>confdefs.h
7720
7721 SONY=1
7722 ;;
7723*-*-netbsd*)
7724 check_for_libcrypt_before=1
7725 if test "x$withval" != "xno" ; then
7726 need_dash_r=1
7727 fi
7728 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
7729
7730$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
7731
7732 ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
7733if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
7734
7735else
7736
7737$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
7738
7739fi
7740
7741
7742
7743$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
7744
7745 TEST_MALLOC_OPTIONS="AJRX"
7746
7747$as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h
7748
7749 ;;
7750*-*-freebsd*)
7751 check_for_libcrypt_later=1
7752
7753$as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h
7754
7755
7756$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
7757
7758 ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
7759if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
7760
7761else
7762
7763$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
7764
7765fi
7766
7767
7768
7769$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
7770
7771 TEST_MALLOC_OPTIONS="AJRX"
7772 # Preauth crypto occasionally uses file descriptors for crypto offload
7773 # and will crash if they cannot be opened.
7774
7775$as_echo "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h
7776
7777 ;;
7778*-*-bsdi*)
7779 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
7780
7781 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
7782
7783 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
7784
7785 ;;
7786*-next-*)
7787 conf_lastlog_location="/usr/adm/lastlog"
7788 conf_utmp_location=/etc/utmp
7789 conf_wtmp_location=/usr/adm/wtmp
7790 maildir=/usr/spool/mail
7791
7792$as_echo "#define HAVE_NEXT 1" >>confdefs.h
7793
7794 $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
7795
7796 $as_echo "#define USE_PIPES 1" >>confdefs.h
7797
7798
7799$as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h
7800
7801 ;;
7802*-*-openbsd*)
7803 use_pie=auto
7804
7805$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h
7806
7807
7808$as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h
7809
7810
7811$as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h
7812
7813
7814$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h
7815
7816 TEST_MALLOC_OPTIONS="AFGJPRX"
7817 ;;
7818*-*-solaris*)
7819 if test "x$withval" != "xno" ; then
7820 need_dash_r=1
7821 fi
7822 $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
7823
7824 $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
7825
7826 $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
7827
7828
7829$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
7830
7831 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
7832
7833 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
7834
7835$as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
7836
7837
7838$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
7839
7840
7841$as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h
7842
7843 external_path_file=/etc/default/login
7844 # hardwire lastlog location (can't detect it on some versions)
7845 conf_lastlog_location="/var/adm/lastlog"
7846 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5
7847$as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; }
7848 sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'`
7849 if test "$sol2ver" -ge 8; then
7850 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
7851$as_echo "yes" >&6; }
7852 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
7853
7854
7855$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
7856
7857 else
7858 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
7859$as_echo "no" >&6; }
7860 fi
7861 for ac_func in setpflags
7862do :
7863 ac_fn_c_check_func "$LINENO" "setpflags" "ac_cv_func_setpflags"
7864if test "x$ac_cv_func_setpflags" = xyes; then :
7865 cat >>confdefs.h <<_ACEOF
7866#define HAVE_SETPFLAGS 1
7867_ACEOF
7868
7869fi
7870done
7871
7872 for ac_func in setppriv
7873do :
7874 ac_fn_c_check_func "$LINENO" "setppriv" "ac_cv_func_setppriv"
7875if test "x$ac_cv_func_setppriv" = xyes; then :
7876 cat >>confdefs.h <<_ACEOF
7877#define HAVE_SETPPRIV 1
7878_ACEOF
7879
7880fi
7881done
7882
7883 for ac_func in priv_basicset
7884do :
7885 ac_fn_c_check_func "$LINENO" "priv_basicset" "ac_cv_func_priv_basicset"
7886if test "x$ac_cv_func_priv_basicset" = xyes; then :
7887 cat >>confdefs.h <<_ACEOF
7888#define HAVE_PRIV_BASICSET 1
7889_ACEOF
7890
7891fi
7892done
7893
7894 for ac_header in priv.h
7895do :
7896 ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default"
7897if test "x$ac_cv_header_priv_h" = xyes; then :
7898 cat >>confdefs.h <<_ACEOF
7899#define HAVE_PRIV_H 1
7900_ACEOF
7901
7902fi
7903
7904done
7905
7906
7907# Check whether --with-solaris-contracts was given.
7908if test "${with_solaris_contracts+set}" = set; then :
7909 withval=$with_solaris_contracts;
7910 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5
7911$as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; }
7912if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then :
7913 $as_echo_n "(cached) " >&6
7914else
7915 ac_check_lib_save_LIBS=$LIBS
7916LIBS="-lcontract $LIBS"
7917cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7918/* end confdefs.h. */
7919
7920/* Override any GCC internal prototype to avoid an error.
7921 Use char because int might match the return type of a GCC
7922 builtin and then its argument prototype would still apply. */
7923#ifdef __cplusplus
7924extern "C"
7925#endif
7926char ct_tmpl_activate ();
7927int
7928main ()
7929{
7930return ct_tmpl_activate ();
7931 ;
7932 return 0;
7933}
7934_ACEOF
7935if ac_fn_c_try_link "$LINENO"; then :
7936 ac_cv_lib_contract_ct_tmpl_activate=yes
7937else
7938 ac_cv_lib_contract_ct_tmpl_activate=no
7939fi
7940rm -f core conftest.err conftest.$ac_objext \
7941 conftest$ac_exeext conftest.$ac_ext
7942LIBS=$ac_check_lib_save_LIBS
7943fi
7944{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5
7945$as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; }
7946if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then :
7947
7948$as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h
7949
7950 LIBS="$LIBS -lcontract"
7951 SPC_MSG="yes"
7952fi
7953
7954
7955fi
7956
7957
7958# Check whether --with-solaris-projects was given.
7959if test "${with_solaris_projects+set}" = set; then :
7960 withval=$with_solaris_projects;
7961 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5
7962$as_echo_n "checking for setproject in -lproject... " >&6; }
7963if ${ac_cv_lib_project_setproject+:} false; then :
7964 $as_echo_n "(cached) " >&6
7965else
7966 ac_check_lib_save_LIBS=$LIBS
7967LIBS="-lproject $LIBS"
7968cat confdefs.h - <<_ACEOF >conftest.$ac_ext
7969/* end confdefs.h. */
7970
7971/* Override any GCC internal prototype to avoid an error.
7972 Use char because int might match the return type of a GCC
7973 builtin and then its argument prototype would still apply. */
7974#ifdef __cplusplus
7975extern "C"
7976#endif
7977char setproject ();
7978int
7979main ()
7980{
7981return setproject ();
7982 ;
7983 return 0;
7984}
7985_ACEOF
7986if ac_fn_c_try_link "$LINENO"; then :
7987 ac_cv_lib_project_setproject=yes
7988else
7989 ac_cv_lib_project_setproject=no
7990fi
7991rm -f core conftest.err conftest.$ac_objext \
7992 conftest$ac_exeext conftest.$ac_ext
7993LIBS=$ac_check_lib_save_LIBS
7994fi
7995{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5
7996$as_echo "$ac_cv_lib_project_setproject" >&6; }
7997if test "x$ac_cv_lib_project_setproject" = xyes; then :
7998
7999$as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h
8000
8001 LIBS="$LIBS -lproject"
8002 SP_MSG="yes"
8003fi
8004
8005
8006fi
8007
8008
8009# Check whether --with-solaris-privs was given.
8010if test "${with_solaris_privs+set}" = set; then :
8011 withval=$with_solaris_privs;
8012 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Solaris/Illumos privilege support" >&5
8013$as_echo_n "checking for Solaris/Illumos privilege support... " >&6; }
8014 if test "x$ac_cv_func_setppriv" = "xyes" -a \
8015 "x$ac_cv_header_priv_h" = "xyes" ; then
8016 SOLARIS_PRIVS=yes
8017 { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5
8018$as_echo "found" >&6; }
8019
8020$as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h
8021
8022
8023$as_echo "#define USE_SOLARIS_PRIVS 1" >>confdefs.h
8024
8025 SPP_MSG="yes"
8026 else
8027 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
8028$as_echo "not found" >&6; }
8029 as_fn_error $? "*** must have support for Solaris privileges to use --with-solaris-privs" "$LINENO" 5
8030 fi
8031
8032fi
8033
8034 TEST_SHELL=$SHELL # let configure find us a capable shell
8035 ;;
8036*-*-sunos4*)
8037 CPPFLAGS="$CPPFLAGS -DSUNOS4"
8038 for ac_func in getpwanam
8039do :
8040 ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam"
8041if test "x$ac_cv_func_getpwanam" = xyes; then :
8042 cat >>confdefs.h <<_ACEOF
8043#define HAVE_GETPWANAM 1
8044_ACEOF
8045
8046fi
8047done
8048
8049 $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
8050
8051 conf_utmp_location=/etc/utmp
8052 conf_wtmp_location=/var/adm/wtmp
8053 conf_lastlog_location=/var/adm/lastlog
8054 $as_echo "#define USE_PIPES 1" >>confdefs.h
8055
8056 ;;
8057*-ncr-sysv*)
8058 LIBS="$LIBS -lc89"
8059 $as_echo "#define USE_PIPES 1" >>confdefs.h
8060
8061 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
8062
8063 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8064
8065 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8066
8067 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8068
8069 ;;
8070*-sni-sysv*)
8071 # /usr/ucblib MUST NOT be searched on ReliantUNIX
8072 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5
8073$as_echo_n "checking for dlsym in -ldl... " >&6; }
8074if ${ac_cv_lib_dl_dlsym+:} false; then :
8075 $as_echo_n "(cached) " >&6
8076else
8077 ac_check_lib_save_LIBS=$LIBS
8078LIBS="-ldl $LIBS"
8079cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8080/* end confdefs.h. */
8081
8082/* Override any GCC internal prototype to avoid an error.
8083 Use char because int might match the return type of a GCC
8084 builtin and then its argument prototype would still apply. */
8085#ifdef __cplusplus
8086extern "C"
8087#endif
8088char dlsym ();
8089int
8090main ()
8091{
8092return dlsym ();
8093 ;
8094 return 0;
8095}
8096_ACEOF
8097if ac_fn_c_try_link "$LINENO"; then :
8098 ac_cv_lib_dl_dlsym=yes
8099else
8100 ac_cv_lib_dl_dlsym=no
8101fi
8102rm -f core conftest.err conftest.$ac_objext \
8103 conftest$ac_exeext conftest.$ac_ext
8104LIBS=$ac_check_lib_save_LIBS
8105fi
8106{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5
8107$as_echo "$ac_cv_lib_dl_dlsym" >&6; }
8108if test "x$ac_cv_lib_dl_dlsym" = xyes; then :
8109 cat >>confdefs.h <<_ACEOF
8110#define HAVE_LIBDL 1
8111_ACEOF
8112
8113 LIBS="-ldl $LIBS"
8114
8115fi
8116
8117 # -lresolv needs to be at the end of LIBS or DNS lookups break
8118 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
8119$as_echo_n "checking for res_query in -lresolv... " >&6; }
8120if ${ac_cv_lib_resolv_res_query+:} false; then :
8121 $as_echo_n "(cached) " >&6
8122else
8123 ac_check_lib_save_LIBS=$LIBS
8124LIBS="-lresolv $LIBS"
8125cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8126/* end confdefs.h. */
8127
8128/* Override any GCC internal prototype to avoid an error.
8129 Use char because int might match the return type of a GCC
8130 builtin and then its argument prototype would still apply. */
8131#ifdef __cplusplus
8132extern "C"
8133#endif
8134char res_query ();
8135int
8136main ()
8137{
8138return res_query ();
8139 ;
8140 return 0;
8141}
8142_ACEOF
8143if ac_fn_c_try_link "$LINENO"; then :
8144 ac_cv_lib_resolv_res_query=yes
8145else
8146 ac_cv_lib_resolv_res_query=no
8147fi
8148rm -f core conftest.err conftest.$ac_objext \
8149 conftest$ac_exeext conftest.$ac_ext
8150LIBS=$ac_check_lib_save_LIBS
8151fi
8152{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5
8153$as_echo "$ac_cv_lib_resolv_res_query" >&6; }
8154if test "x$ac_cv_lib_resolv_res_query" = xyes; then :
8155 LIBS="$LIBS -lresolv"
8156fi
8157
8158 IPADDR_IN_DISPLAY=yes
8159 $as_echo "#define USE_PIPES 1" >>confdefs.h
8160
8161 $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
8162
8163 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8164
8165 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8166
8167 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8168
8169 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
8170
8171 external_path_file=/etc/default/login
8172 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
8173 # Attention: always take care to bind libsocket and libnsl before libc,
8174 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
8175 ;;
8176# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
8177*-*-sysv4.2*)
8178 $as_echo "#define USE_PIPES 1" >>confdefs.h
8179
8180 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8181
8182 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8183
8184 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8185
8186
8187$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
8188
8189 $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
8190
8191 TEST_SHELL=$SHELL # let configure find us a capable shell
8192 ;;
8193# UnixWare 7.x, OpenUNIX 8
8194*-*-sysv5*)
8195 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
8196
8197$as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h
8198
8199 $as_echo "#define USE_PIPES 1" >>confdefs.h
8200
8201 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8202
8203 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
8204
8205 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8206
8207 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8208
8209 $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
8210
8211 TEST_SHELL=$SHELL # let configure find us a capable shell
8212 case "$host" in
8213 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
8214 maildir=/var/spool/mail
8215
8216$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h
8217
8218 $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
8219
8220 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5
8221$as_echo_n "checking for getluid in -lprot... " >&6; }
8222if ${ac_cv_lib_prot_getluid+:} false; then :
8223 $as_echo_n "(cached) " >&6
8224else
8225 ac_check_lib_save_LIBS=$LIBS
8226LIBS="-lprot $LIBS"
8227cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8228/* end confdefs.h. */
8229
8230/* Override any GCC internal prototype to avoid an error.
8231 Use char because int might match the return type of a GCC
8232 builtin and then its argument prototype would still apply. */
8233#ifdef __cplusplus
8234extern "C"
8235#endif
8236char getluid ();
8237int
8238main ()
8239{
8240return getluid ();
8241 ;
8242 return 0;
8243}
8244_ACEOF
8245if ac_fn_c_try_link "$LINENO"; then :
8246 ac_cv_lib_prot_getluid=yes
8247else
8248 ac_cv_lib_prot_getluid=no
8249fi
8250rm -f core conftest.err conftest.$ac_objext \
8251 conftest$ac_exeext conftest.$ac_ext
8252LIBS=$ac_check_lib_save_LIBS
8253fi
8254{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5
8255$as_echo "$ac_cv_lib_prot_getluid" >&6; }
8256if test "x$ac_cv_lib_prot_getluid" = xyes; then :
8257 LIBS="$LIBS -lprot"
8258 for ac_func in getluid setluid
8259do :
8260 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
8261ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
8262if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
8263 cat >>confdefs.h <<_ACEOF
8264#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
8265_ACEOF
8266
8267fi
8268done
8269
8270 $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
8271
8272 $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
8273
8274
8275fi
8276
8277 ;;
8278 *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
8279
8280 check_for_libcrypt_later=1
8281 ;;
8282 esac
8283 ;;
8284*-*-sysv*)
8285 ;;
8286# SCO UNIX and OEM versions of SCO UNIX
8287*-*-sco3.2v4*)
8288 as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5
8289 ;;
8290# SCO OpenServer 5.x
8291*-*-sco3.2v5*)
8292 if test -z "$GCC"; then
8293 CFLAGS="$CFLAGS -belf"
8294 fi
8295 LIBS="$LIBS -lprot -lx -ltinfo -lm"
8296 no_dev_ptmx=1
8297 $as_echo "#define USE_PIPES 1" >>confdefs.h
8298
8299 $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
8300
8301 $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
8302
8303 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8304
8305 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8306
8307 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
8308
8309 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8310
8311 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8312
8313 $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
8314
8315 $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
8316
8317 $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
8318
8319 for ac_func in getluid setluid
8320do :
8321 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
8322ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
8323if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
8324 cat >>confdefs.h <<_ACEOF
8325#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
8326_ACEOF
8327
8328fi
8329done
8330
8331 MANTYPE=man
8332 TEST_SHELL=$SHELL # let configure find us a capable shell
8333 SKIP_DISABLE_LASTLOG_DEFINE=yes
8334 ;;
8335*-*-unicosmk*)
8336
8337$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
8338
8339 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8340
8341 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8342
8343 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8344
8345 $as_echo "#define USE_PIPES 1" >>confdefs.h
8346
8347 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8348
8349 LDFLAGS="$LDFLAGS"
8350 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
8351 MANTYPE=cat
8352 ;;
8353*-*-unicosmp*)
8354 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8355
8356 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8357
8358 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8359
8360 $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
8361
8362 $as_echo "#define USE_PIPES 1" >>confdefs.h
8363
8364 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8365
8366 LDFLAGS="$LDFLAGS"
8367 LIBS="$LIBS -lgen -lacid -ldb"
8368 MANTYPE=cat
8369 ;;
8370*-*-unicos*)
8371 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8372
8373 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8374
8375 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8376
8377 $as_echo "#define USE_PIPES 1" >>confdefs.h
8378
8379 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8380
8381 $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
8382
8383 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
8384 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
8385 MANTYPE=cat
8386 ;;
8387*-dec-osf*)
8388 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5
8389$as_echo_n "checking for Digital Unix SIA... " >&6; }
8390 no_osfsia=""
8391
8392# Check whether --with-osfsia was given.
8393if test "${with_osfsia+set}" = set; then :
8394 withval=$with_osfsia;
8395 if test "x$withval" = "xno" ; then
8396 { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
8397$as_echo "disabled" >&6; }
8398 no_osfsia=1
8399 fi
8400
8401fi
8402
8403 if test -z "$no_osfsia" ; then
8404 if test -f /etc/sia/matrix.conf; then
8405 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
8406$as_echo "yes" >&6; }
8407
8408$as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h
8409
8410
8411$as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
8412
8413 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8414
8415 LIBS="$LIBS -lsecurity -ldb -lm -laud"
8416 SIA_MSG="yes"
8417 else
8418 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
8419$as_echo "no" >&6; }
8420
8421$as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h
8422
8423 fi
8424 fi
8425 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
8426
8427 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
8428
8429 $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
8430
8431 $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
8432
8433
8434$as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h
8435
8436 ;;
8437
8438*-*-nto-qnx*)
8439 $as_echo "#define USE_PIPES 1" >>confdefs.h
8440
8441 $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
8442
8443 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
8444
8445 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
8446
8447
8448$as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h
8449
8450 enable_etc_default_login=no # has incompatible /etc/default/login
8451 case "$host" in
8452 *-*-nto-qnx6*)
8453 $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
8454
8455 ;;
8456 esac
8457 ;;
8458
8459*-*-ultrix*)
8460
8461$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h
8462
8463 $as_echo "#define NEED_SETPGRP 1" >>confdefs.h
8464
8465
8466$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h
8467
8468 ;;
8469
8470*-*-lynxos)
8471 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
8472
8473$as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h
8474
8475 ;;
8476esac
8477
8478{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5
8479$as_echo_n "checking compiler and flags for sanity... " >&6; }
8480if test "$cross_compiling" = yes; then :
8481 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5
8482$as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;}
8483
8484else
8485 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8486/* end confdefs.h. */
8487 #include <stdio.h>
8488int
8489main ()
8490{
8491 exit(0);
8492 ;
8493 return 0;
8494}
8495_ACEOF
8496if ac_fn_c_try_run "$LINENO"; then :
8497 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
8498$as_echo "yes" >&6; }
8499else
8500
8501 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
8502$as_echo "no" >&6; }
8503 as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5
8504
8505fi
8506rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
8507 conftest.$ac_objext conftest.beam conftest.$ac_ext
8508fi
8509
8510
8511# Checks for libraries.
8512ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
8513if test "x$ac_cv_func_setsockopt" = xyes; then :
8514
8515else
8516 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
8517$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
8518if ${ac_cv_lib_socket_setsockopt+:} false; then :
8519 $as_echo_n "(cached) " >&6
8520else
8521 ac_check_lib_save_LIBS=$LIBS
8522LIBS="-lsocket $LIBS"
8523cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8524/* end confdefs.h. */
8525
8526/* Override any GCC internal prototype to avoid an error.
8527 Use char because int might match the return type of a GCC
8528 builtin and then its argument prototype would still apply. */
8529#ifdef __cplusplus
8530extern "C"
8531#endif
8532char setsockopt ();
8533int
8534main ()
8535{
8536return setsockopt ();
8537 ;
8538 return 0;
8539}
8540_ACEOF
8541if ac_fn_c_try_link "$LINENO"; then :
8542 ac_cv_lib_socket_setsockopt=yes
8543else
8544 ac_cv_lib_socket_setsockopt=no
8545fi
8546rm -f core conftest.err conftest.$ac_objext \
8547 conftest$ac_exeext conftest.$ac_ext
8548LIBS=$ac_check_lib_save_LIBS
8549fi
8550{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
8551$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
8552if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
8553 cat >>confdefs.h <<_ACEOF
8554#define HAVE_LIBSOCKET 1
8555_ACEOF
8556
8557 LIBS="-lsocket $LIBS"
8558
8559fi
8560
8561fi
8562
8563
8564for ac_func in dirname
8565do :
8566 ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname"
8567if test "x$ac_cv_func_dirname" = xyes; then :
8568 cat >>confdefs.h <<_ACEOF
8569#define HAVE_DIRNAME 1
8570_ACEOF
8571 for ac_header in libgen.h
8572do :
8573 ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
8574if test "x$ac_cv_header_libgen_h" = xyes; then :
8575 cat >>confdefs.h <<_ACEOF
8576#define HAVE_LIBGEN_H 1
8577_ACEOF
8578
8579fi
8580
8581done
8582
8583else
8584
8585 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5
8586$as_echo_n "checking for dirname in -lgen... " >&6; }
8587if ${ac_cv_lib_gen_dirname+:} false; then :
8588 $as_echo_n "(cached) " >&6
8589else
8590 ac_check_lib_save_LIBS=$LIBS
8591LIBS="-lgen $LIBS"
8592cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8593/* end confdefs.h. */
8594
8595/* Override any GCC internal prototype to avoid an error.
8596 Use char because int might match the return type of a GCC
8597 builtin and then its argument prototype would still apply. */
8598#ifdef __cplusplus
8599extern "C"
8600#endif
8601char dirname ();
8602int
8603main ()
8604{
8605return dirname ();
8606 ;
8607 return 0;
8608}
8609_ACEOF
8610if ac_fn_c_try_link "$LINENO"; then :
8611 ac_cv_lib_gen_dirname=yes
8612else
8613 ac_cv_lib_gen_dirname=no
8614fi
8615rm -f core conftest.err conftest.$ac_objext \
8616 conftest$ac_exeext conftest.$ac_ext
8617LIBS=$ac_check_lib_save_LIBS
8618fi
8619{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5
8620$as_echo "$ac_cv_lib_gen_dirname" >&6; }
8621if test "x$ac_cv_lib_gen_dirname" = xyes; then :
8622
8623 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5
8624$as_echo_n "checking for broken dirname... " >&6; }
8625if ${ac_cv_have_broken_dirname+:} false; then :
8626 $as_echo_n "(cached) " >&6
8627else
8628
8629 save_LIBS="$LIBS"
8630 LIBS="$LIBS -lgen"
8631 if test "$cross_compiling" = yes; then :
8632 ac_cv_have_broken_dirname="no"
8633else
8634 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8635/* end confdefs.h. */
8636
8637#include <libgen.h>
8638#include <string.h>
8639
8640int main(int argc, char **argv) {
8641 char *s, buf[32];
8642
8643 strncpy(buf,"/etc", 32);
8644 s = dirname(buf);
8645 if (!s || strncmp(s, "/", 32) != 0) {
8646 exit(1);
8647 } else {
8648 exit(0);
8649 }
8650}
8651
8652_ACEOF
8653if ac_fn_c_try_run "$LINENO"; then :
8654 ac_cv_have_broken_dirname="no"
8655else
8656 ac_cv_have_broken_dirname="yes"
8657fi
8658rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
8659 conftest.$ac_objext conftest.beam conftest.$ac_ext
8660fi
8661
8662 LIBS="$save_LIBS"
8663
8664fi
8665{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5
8666$as_echo "$ac_cv_have_broken_dirname" >&6; }
8667 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
8668 LIBS="$LIBS -lgen"
8669 $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h
8670
8671 for ac_header in libgen.h
8672do :
8673 ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
8674if test "x$ac_cv_header_libgen_h" = xyes; then :
8675 cat >>confdefs.h <<_ACEOF
8676#define HAVE_LIBGEN_H 1
8677_ACEOF
8678
8679fi
8680
8681done
8682
8683 fi
8684
8685fi
8686
8687
8688fi
8689done
8690
8691
8692ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam"
8693if test "x$ac_cv_func_getspnam" = xyes; then :
8694
8695else
8696 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5
8697$as_echo_n "checking for getspnam in -lgen... " >&6; }
8698if ${ac_cv_lib_gen_getspnam+:} false; then :
8699 $as_echo_n "(cached) " >&6
8700else
8701 ac_check_lib_save_LIBS=$LIBS
8702LIBS="-lgen $LIBS"
8703cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8704/* end confdefs.h. */
8705
8706/* Override any GCC internal prototype to avoid an error.
8707 Use char because int might match the return type of a GCC
8708 builtin and then its argument prototype would still apply. */
8709#ifdef __cplusplus
8710extern "C"
8711#endif
8712char getspnam ();
8713int
8714main ()
8715{
8716return getspnam ();
8717 ;
8718 return 0;
8719}
8720_ACEOF
8721if ac_fn_c_try_link "$LINENO"; then :
8722 ac_cv_lib_gen_getspnam=yes
8723else
8724 ac_cv_lib_gen_getspnam=no
8725fi
8726rm -f core conftest.err conftest.$ac_objext \
8727 conftest$ac_exeext conftest.$ac_ext
8728LIBS=$ac_check_lib_save_LIBS
8729fi
8730{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5
8731$as_echo "$ac_cv_lib_gen_getspnam" >&6; }
8732if test "x$ac_cv_lib_gen_getspnam" = xyes; then :
8733 LIBS="$LIBS -lgen"
8734fi
8735
8736fi
8737
8738{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5
8739$as_echo_n "checking for library containing basename... " >&6; }
8740if ${ac_cv_search_basename+:} false; then :
8741 $as_echo_n "(cached) " >&6
8742else
8743 ac_func_search_save_LIBS=$LIBS
8744cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8745/* end confdefs.h. */
8746
8747/* Override any GCC internal prototype to avoid an error.
8748 Use char because int might match the return type of a GCC
8749 builtin and then its argument prototype would still apply. */
8750#ifdef __cplusplus
8751extern "C"
8752#endif
8753char basename ();
8754int
8755main ()
8756{
8757return basename ();
8758 ;
8759 return 0;
8760}
8761_ACEOF
8762for ac_lib in '' gen; do
8763 if test -z "$ac_lib"; then
8764 ac_res="none required"
8765 else
8766 ac_res=-l$ac_lib
8767 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
8768 fi
8769 if ac_fn_c_try_link "$LINENO"; then :
8770 ac_cv_search_basename=$ac_res
8771fi
8772rm -f core conftest.err conftest.$ac_objext \
8773 conftest$ac_exeext
8774 if ${ac_cv_search_basename+:} false; then :
8775 break
8776fi
8777done
8778if ${ac_cv_search_basename+:} false; then :
8779
8780else
8781 ac_cv_search_basename=no
8782fi
8783rm conftest.$ac_ext
8784LIBS=$ac_func_search_save_LIBS
8785fi
8786{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5
8787$as_echo "$ac_cv_search_basename" >&6; }
8788ac_res=$ac_cv_search_basename
8789if test "$ac_res" != no; then :
8790 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
8791
8792$as_echo "#define HAVE_BASENAME 1" >>confdefs.h
8793
8794fi
8795
8796
8797
8798# Check whether --with-zlib was given.
8799if test "${with_zlib+set}" = set; then :
8800 withval=$with_zlib; if test "x$withval" = "xno" ; then
8801 as_fn_error $? "*** zlib is required ***" "$LINENO" 5
8802 elif test "x$withval" != "xyes"; then
8803 if test -d "$withval/lib"; then
8804 if test -n "${need_dash_r}"; then
8805 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
8806 else
8807 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
8808 fi
8809 else
8810 if test -n "${need_dash_r}"; then
8811 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
8812 else
8813 LDFLAGS="-L${withval} ${LDFLAGS}"
8814 fi
8815 fi
8816 if test -d "$withval/include"; then
8817 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
8818 else
8819 CPPFLAGS="-I${withval} ${CPPFLAGS}"
8820 fi
8821 fi
8822
8823fi
8824
8825
8826ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
8827if test "x$ac_cv_header_zlib_h" = xyes; then :
8828
8829else
8830 as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5
8831fi
8832
8833
8834{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5
8835$as_echo_n "checking for deflate in -lz... " >&6; }
8836if ${ac_cv_lib_z_deflate+:} false; then :
8837 $as_echo_n "(cached) " >&6
8838else
8839 ac_check_lib_save_LIBS=$LIBS
8840LIBS="-lz $LIBS"
8841cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8842/* end confdefs.h. */
8843
8844/* Override any GCC internal prototype to avoid an error.
8845 Use char because int might match the return type of a GCC
8846 builtin and then its argument prototype would still apply. */
8847#ifdef __cplusplus
8848extern "C"
8849#endif
8850char deflate ();
8851int
8852main ()
8853{
8854return deflate ();
8855 ;
8856 return 0;
8857}
8858_ACEOF
8859if ac_fn_c_try_link "$LINENO"; then :
8860 ac_cv_lib_z_deflate=yes
8861else
8862 ac_cv_lib_z_deflate=no
8863fi
8864rm -f core conftest.err conftest.$ac_objext \
8865 conftest$ac_exeext conftest.$ac_ext
8866LIBS=$ac_check_lib_save_LIBS
8867fi
8868{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5
8869$as_echo "$ac_cv_lib_z_deflate" >&6; }
8870if test "x$ac_cv_lib_z_deflate" = xyes; then :
8871 cat >>confdefs.h <<_ACEOF
8872#define HAVE_LIBZ 1
8873_ACEOF
8874
8875 LIBS="-lz $LIBS"
8876
8877else
8878
8879 saved_CPPFLAGS="$CPPFLAGS"
8880 saved_LDFLAGS="$LDFLAGS"
8881 save_LIBS="$LIBS"
8882 if test -n "${need_dash_r}"; then
8883 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
8884 else
8885 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
8886 fi
8887 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
8888 LIBS="$LIBS -lz"
8889 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8890/* end confdefs.h. */
8891
8892/* Override any GCC internal prototype to avoid an error.
8893 Use char because int might match the return type of a GCC
8894 builtin and then its argument prototype would still apply. */
8895#ifdef __cplusplus
8896extern "C"
8897#endif
8898char deflate ();
8899int
8900main ()
8901{
8902return deflate ();
8903 ;
8904 return 0;
8905}
8906_ACEOF
8907if ac_fn_c_try_link "$LINENO"; then :
8908 $as_echo "#define HAVE_LIBZ 1" >>confdefs.h
8909
8910else
8911
8912 as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5
8913
8914
8915fi
8916rm -f core conftest.err conftest.$ac_objext \
8917 conftest$ac_exeext conftest.$ac_ext
8918
8919
8920fi
8921
8922
8923
8924# Check whether --with-zlib-version-check was given.
8925if test "${with_zlib_version_check+set}" = set; then :
8926 withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then
8927 zlib_check_nonfatal=1
8928 fi
8929
8930
8931fi
8932
8933
8934{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5
8935$as_echo_n "checking for possibly buggy zlib... " >&6; }
8936if test "$cross_compiling" = yes; then :
8937 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5
8938$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
8939
8940else
8941 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
8942/* end confdefs.h. */
8943
8944#include <stdio.h>
8945#include <stdlib.h>
8946#include <zlib.h>
8947
8948int
8949main ()
8950{
8951
8952 int a=0, b=0, c=0, d=0, n, v;
8953 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
8954 if (n != 3 && n != 4)
8955 exit(1);
8956 v = a*1000000 + b*10000 + c*100 + d;
8957 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
8958
8959 /* 1.1.4 is OK */
8960 if (a == 1 && b == 1 && c >= 4)
8961 exit(0);
8962
8963 /* 1.2.3 and up are OK */
8964 if (v >= 1020300)
8965 exit(0);
8966
8967 exit(2);
8968
8969 ;
8970 return 0;
8971}
8972_ACEOF
8973if ac_fn_c_try_run "$LINENO"; then :
8974 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
8975$as_echo "no" >&6; }
8976else
8977 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
8978$as_echo "yes" >&6; }
8979 if test -z "$zlib_check_nonfatal" ; then
8980 as_fn_error $? "*** zlib too old - check config.log ***
8981Your reported zlib version has known security problems. It's possible your
8982vendor has fixed these problems without changing the version number. If you
8983are sure this is the case, you can disable the check by running
8984\"./configure --without-zlib-version-check\".
8985If you are in doubt, upgrade zlib to version 1.2.3 or greater.
8986See http://www.gzip.org/zlib/ for details." "$LINENO" 5
8987 else
8988 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5
8989$as_echo "$as_me: WARNING: zlib version may have security problems" >&2;}
8990 fi
8991
8992fi
8993rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
8994 conftest.$ac_objext conftest.beam conftest.$ac_ext
8995fi
8996
8997
8998ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
8999if test "x$ac_cv_func_strcasecmp" = xyes; then :
9000
9001else
9002 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5
9003$as_echo_n "checking for strcasecmp in -lresolv... " >&6; }
9004if ${ac_cv_lib_resolv_strcasecmp+:} false; then :
9005 $as_echo_n "(cached) " >&6
9006else
9007 ac_check_lib_save_LIBS=$LIBS
9008LIBS="-lresolv $LIBS"
9009cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9010/* end confdefs.h. */
9011
9012/* Override any GCC internal prototype to avoid an error.
9013 Use char because int might match the return type of a GCC
9014 builtin and then its argument prototype would still apply. */
9015#ifdef __cplusplus
9016extern "C"
9017#endif
9018char strcasecmp ();
9019int
9020main ()
9021{
9022return strcasecmp ();
9023 ;
9024 return 0;
9025}
9026_ACEOF
9027if ac_fn_c_try_link "$LINENO"; then :
9028 ac_cv_lib_resolv_strcasecmp=yes
9029else
9030 ac_cv_lib_resolv_strcasecmp=no
9031fi
9032rm -f core conftest.err conftest.$ac_objext \
9033 conftest$ac_exeext conftest.$ac_ext
9034LIBS=$ac_check_lib_save_LIBS
9035fi
9036{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5
9037$as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; }
9038if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then :
9039 LIBS="$LIBS -lresolv"
9040fi
9041
9042
9043fi
9044
9045for ac_func in utimes
9046do :
9047 ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes"
9048if test "x$ac_cv_func_utimes" = xyes; then :
9049 cat >>confdefs.h <<_ACEOF
9050#define HAVE_UTIMES 1
9051_ACEOF
9052
9053else
9054 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5
9055$as_echo_n "checking for utimes in -lc89... " >&6; }
9056if ${ac_cv_lib_c89_utimes+:} false; then :
9057 $as_echo_n "(cached) " >&6
9058else
9059 ac_check_lib_save_LIBS=$LIBS
9060LIBS="-lc89 $LIBS"
9061cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9062/* end confdefs.h. */
9063
9064/* Override any GCC internal prototype to avoid an error.
9065 Use char because int might match the return type of a GCC
9066 builtin and then its argument prototype would still apply. */
9067#ifdef __cplusplus
9068extern "C"
9069#endif
9070char utimes ();
9071int
9072main ()
9073{
9074return utimes ();
9075 ;
9076 return 0;
9077}
9078_ACEOF
9079if ac_fn_c_try_link "$LINENO"; then :
9080 ac_cv_lib_c89_utimes=yes
9081else
9082 ac_cv_lib_c89_utimes=no
9083fi
9084rm -f core conftest.err conftest.$ac_objext \
9085 conftest$ac_exeext conftest.$ac_ext
9086LIBS=$ac_check_lib_save_LIBS
9087fi
9088{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5
9089$as_echo "$ac_cv_lib_c89_utimes" >&6; }
9090if test "x$ac_cv_lib_c89_utimes" = xyes; then :
9091 $as_echo "#define HAVE_UTIMES 1" >>confdefs.h
9092
9093 LIBS="$LIBS -lc89"
9094fi
9095
9096
9097fi
9098done
9099
9100
9101for ac_header in bsd/libutil.h libutil.h
9102do :
9103 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
9104ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
9105if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
9106 cat >>confdefs.h <<_ACEOF
9107#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
9108_ACEOF
9109
9110fi
9111
9112done
9113
9114{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5
9115$as_echo_n "checking for library containing fmt_scaled... " >&6; }
9116if ${ac_cv_search_fmt_scaled+:} false; then :
9117 $as_echo_n "(cached) " >&6
9118else
9119 ac_func_search_save_LIBS=$LIBS
9120cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9121/* end confdefs.h. */
9122
9123/* Override any GCC internal prototype to avoid an error.
9124 Use char because int might match the return type of a GCC
9125 builtin and then its argument prototype would still apply. */
9126#ifdef __cplusplus
9127extern "C"
9128#endif
9129char fmt_scaled ();
9130int
9131main ()
9132{
9133return fmt_scaled ();
9134 ;
9135 return 0;
9136}
9137_ACEOF
9138for ac_lib in '' util bsd; do
9139 if test -z "$ac_lib"; then
9140 ac_res="none required"
9141 else
9142 ac_res=-l$ac_lib
9143 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9144 fi
9145 if ac_fn_c_try_link "$LINENO"; then :
9146 ac_cv_search_fmt_scaled=$ac_res
9147fi
9148rm -f core conftest.err conftest.$ac_objext \
9149 conftest$ac_exeext
9150 if ${ac_cv_search_fmt_scaled+:} false; then :
9151 break
9152fi
9153done
9154if ${ac_cv_search_fmt_scaled+:} false; then :
9155
9156else
9157 ac_cv_search_fmt_scaled=no
9158fi
9159rm conftest.$ac_ext
9160LIBS=$ac_func_search_save_LIBS
9161fi
9162{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5
9163$as_echo "$ac_cv_search_fmt_scaled" >&6; }
9164ac_res=$ac_cv_search_fmt_scaled
9165if test "$ac_res" != no; then :
9166 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9167
9168fi
9169
9170{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5
9171$as_echo_n "checking for library containing scan_scaled... " >&6; }
9172if ${ac_cv_search_scan_scaled+:} false; then :
9173 $as_echo_n "(cached) " >&6
9174else
9175 ac_func_search_save_LIBS=$LIBS
9176cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9177/* end confdefs.h. */
9178
9179/* Override any GCC internal prototype to avoid an error.
9180 Use char because int might match the return type of a GCC
9181 builtin and then its argument prototype would still apply. */
9182#ifdef __cplusplus
9183extern "C"
9184#endif
9185char scan_scaled ();
9186int
9187main ()
9188{
9189return scan_scaled ();
9190 ;
9191 return 0;
9192}
9193_ACEOF
9194for ac_lib in '' util bsd; do
9195 if test -z "$ac_lib"; then
9196 ac_res="none required"
9197 else
9198 ac_res=-l$ac_lib
9199 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9200 fi
9201 if ac_fn_c_try_link "$LINENO"; then :
9202 ac_cv_search_scan_scaled=$ac_res
9203fi
9204rm -f core conftest.err conftest.$ac_objext \
9205 conftest$ac_exeext
9206 if ${ac_cv_search_scan_scaled+:} false; then :
9207 break
9208fi
9209done
9210if ${ac_cv_search_scan_scaled+:} false; then :
9211
9212else
9213 ac_cv_search_scan_scaled=no
9214fi
9215rm conftest.$ac_ext
9216LIBS=$ac_func_search_save_LIBS
9217fi
9218{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5
9219$as_echo "$ac_cv_search_scan_scaled" >&6; }
9220ac_res=$ac_cv_search_scan_scaled
9221if test "$ac_res" != no; then :
9222 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9223
9224fi
9225
9226{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5
9227$as_echo_n "checking for library containing login... " >&6; }
9228if ${ac_cv_search_login+:} false; then :
9229 $as_echo_n "(cached) " >&6
9230else
9231 ac_func_search_save_LIBS=$LIBS
9232cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9233/* end confdefs.h. */
9234
9235/* Override any GCC internal prototype to avoid an error.
9236 Use char because int might match the return type of a GCC
9237 builtin and then its argument prototype would still apply. */
9238#ifdef __cplusplus
9239extern "C"
9240#endif
9241char login ();
9242int
9243main ()
9244{
9245return login ();
9246 ;
9247 return 0;
9248}
9249_ACEOF
9250for ac_lib in '' util bsd; do
9251 if test -z "$ac_lib"; then
9252 ac_res="none required"
9253 else
9254 ac_res=-l$ac_lib
9255 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9256 fi
9257 if ac_fn_c_try_link "$LINENO"; then :
9258 ac_cv_search_login=$ac_res
9259fi
9260rm -f core conftest.err conftest.$ac_objext \
9261 conftest$ac_exeext
9262 if ${ac_cv_search_login+:} false; then :
9263 break
9264fi
9265done
9266if ${ac_cv_search_login+:} false; then :
9267
9268else
9269 ac_cv_search_login=no
9270fi
9271rm conftest.$ac_ext
9272LIBS=$ac_func_search_save_LIBS
9273fi
9274{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5
9275$as_echo "$ac_cv_search_login" >&6; }
9276ac_res=$ac_cv_search_login
9277if test "$ac_res" != no; then :
9278 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9279
9280fi
9281
9282{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5
9283$as_echo_n "checking for library containing logout... " >&6; }
9284if ${ac_cv_search_logout+:} false; then :
9285 $as_echo_n "(cached) " >&6
9286else
9287 ac_func_search_save_LIBS=$LIBS
9288cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9289/* end confdefs.h. */
9290
9291/* Override any GCC internal prototype to avoid an error.
9292 Use char because int might match the return type of a GCC
9293 builtin and then its argument prototype would still apply. */
9294#ifdef __cplusplus
9295extern "C"
9296#endif
9297char logout ();
9298int
9299main ()
9300{
9301return logout ();
9302 ;
9303 return 0;
9304}
9305_ACEOF
9306for ac_lib in '' util bsd; do
9307 if test -z "$ac_lib"; then
9308 ac_res="none required"
9309 else
9310 ac_res=-l$ac_lib
9311 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9312 fi
9313 if ac_fn_c_try_link "$LINENO"; then :
9314 ac_cv_search_logout=$ac_res
9315fi
9316rm -f core conftest.err conftest.$ac_objext \
9317 conftest$ac_exeext
9318 if ${ac_cv_search_logout+:} false; then :
9319 break
9320fi
9321done
9322if ${ac_cv_search_logout+:} false; then :
9323
9324else
9325 ac_cv_search_logout=no
9326fi
9327rm conftest.$ac_ext
9328LIBS=$ac_func_search_save_LIBS
9329fi
9330{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5
9331$as_echo "$ac_cv_search_logout" >&6; }
9332ac_res=$ac_cv_search_logout
9333if test "$ac_res" != no; then :
9334 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9335
9336fi
9337
9338{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5
9339$as_echo_n "checking for library containing logwtmp... " >&6; }
9340if ${ac_cv_search_logwtmp+:} false; then :
9341 $as_echo_n "(cached) " >&6
9342else
9343 ac_func_search_save_LIBS=$LIBS
9344cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9345/* end confdefs.h. */
9346
9347/* Override any GCC internal prototype to avoid an error.
9348 Use char because int might match the return type of a GCC
9349 builtin and then its argument prototype would still apply. */
9350#ifdef __cplusplus
9351extern "C"
9352#endif
9353char logwtmp ();
9354int
9355main ()
9356{
9357return logwtmp ();
9358 ;
9359 return 0;
9360}
9361_ACEOF
9362for ac_lib in '' util bsd; do
9363 if test -z "$ac_lib"; then
9364 ac_res="none required"
9365 else
9366 ac_res=-l$ac_lib
9367 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9368 fi
9369 if ac_fn_c_try_link "$LINENO"; then :
9370 ac_cv_search_logwtmp=$ac_res
9371fi
9372rm -f core conftest.err conftest.$ac_objext \
9373 conftest$ac_exeext
9374 if ${ac_cv_search_logwtmp+:} false; then :
9375 break
9376fi
9377done
9378if ${ac_cv_search_logwtmp+:} false; then :
9379
9380else
9381 ac_cv_search_logwtmp=no
9382fi
9383rm conftest.$ac_ext
9384LIBS=$ac_func_search_save_LIBS
9385fi
9386{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5
9387$as_echo "$ac_cv_search_logwtmp" >&6; }
9388ac_res=$ac_cv_search_logwtmp
9389if test "$ac_res" != no; then :
9390 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9391
9392fi
9393
9394{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5
9395$as_echo_n "checking for library containing openpty... " >&6; }
9396if ${ac_cv_search_openpty+:} false; then :
9397 $as_echo_n "(cached) " >&6
9398else
9399 ac_func_search_save_LIBS=$LIBS
9400cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9401/* end confdefs.h. */
9402
9403/* Override any GCC internal prototype to avoid an error.
9404 Use char because int might match the return type of a GCC
9405 builtin and then its argument prototype would still apply. */
9406#ifdef __cplusplus
9407extern "C"
9408#endif
9409char openpty ();
9410int
9411main ()
9412{
9413return openpty ();
9414 ;
9415 return 0;
9416}
9417_ACEOF
9418for ac_lib in '' util bsd; do
9419 if test -z "$ac_lib"; then
9420 ac_res="none required"
9421 else
9422 ac_res=-l$ac_lib
9423 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9424 fi
9425 if ac_fn_c_try_link "$LINENO"; then :
9426 ac_cv_search_openpty=$ac_res
9427fi
9428rm -f core conftest.err conftest.$ac_objext \
9429 conftest$ac_exeext
9430 if ${ac_cv_search_openpty+:} false; then :
9431 break
9432fi
9433done
9434if ${ac_cv_search_openpty+:} false; then :
9435
9436else
9437 ac_cv_search_openpty=no
9438fi
9439rm conftest.$ac_ext
9440LIBS=$ac_func_search_save_LIBS
9441fi
9442{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5
9443$as_echo "$ac_cv_search_openpty" >&6; }
9444ac_res=$ac_cv_search_openpty
9445if test "$ac_res" != no; then :
9446 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9447
9448fi
9449
9450{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5
9451$as_echo_n "checking for library containing updwtmp... " >&6; }
9452if ${ac_cv_search_updwtmp+:} false; then :
9453 $as_echo_n "(cached) " >&6
9454else
9455 ac_func_search_save_LIBS=$LIBS
9456cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9457/* end confdefs.h. */
9458
9459/* Override any GCC internal prototype to avoid an error.
9460 Use char because int might match the return type of a GCC
9461 builtin and then its argument prototype would still apply. */
9462#ifdef __cplusplus
9463extern "C"
9464#endif
9465char updwtmp ();
9466int
9467main ()
9468{
9469return updwtmp ();
9470 ;
9471 return 0;
9472}
9473_ACEOF
9474for ac_lib in '' util bsd; do
9475 if test -z "$ac_lib"; then
9476 ac_res="none required"
9477 else
9478 ac_res=-l$ac_lib
9479 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9480 fi
9481 if ac_fn_c_try_link "$LINENO"; then :
9482 ac_cv_search_updwtmp=$ac_res
9483fi
9484rm -f core conftest.err conftest.$ac_objext \
9485 conftest$ac_exeext
9486 if ${ac_cv_search_updwtmp+:} false; then :
9487 break
9488fi
9489done
9490if ${ac_cv_search_updwtmp+:} false; then :
9491
9492else
9493 ac_cv_search_updwtmp=no
9494fi
9495rm conftest.$ac_ext
9496LIBS=$ac_func_search_save_LIBS
9497fi
9498{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5
9499$as_echo "$ac_cv_search_updwtmp" >&6; }
9500ac_res=$ac_cv_search_updwtmp
9501if test "$ac_res" != no; then :
9502 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9503
9504fi
9505
9506for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp
9507do :
9508 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
9509ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
9510if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
9511 cat >>confdefs.h <<_ACEOF
9512#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
9513_ACEOF
9514
9515fi
9516done
9517
9518
9519# On some platforms, inet_ntop and gethostbyname may be found in libresolv
9520# or libnsl.
9521{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5
9522$as_echo_n "checking for library containing inet_ntop... " >&6; }
9523if ${ac_cv_search_inet_ntop+:} false; then :
9524 $as_echo_n "(cached) " >&6
9525else
9526 ac_func_search_save_LIBS=$LIBS
9527cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9528/* end confdefs.h. */
9529
9530/* Override any GCC internal prototype to avoid an error.
9531 Use char because int might match the return type of a GCC
9532 builtin and then its argument prototype would still apply. */
9533#ifdef __cplusplus
9534extern "C"
9535#endif
9536char inet_ntop ();
9537int
9538main ()
9539{
9540return inet_ntop ();
9541 ;
9542 return 0;
9543}
9544_ACEOF
9545for ac_lib in '' resolv nsl; do
9546 if test -z "$ac_lib"; then
9547 ac_res="none required"
9548 else
9549 ac_res=-l$ac_lib
9550 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9551 fi
9552 if ac_fn_c_try_link "$LINENO"; then :
9553 ac_cv_search_inet_ntop=$ac_res
9554fi
9555rm -f core conftest.err conftest.$ac_objext \
9556 conftest$ac_exeext
9557 if ${ac_cv_search_inet_ntop+:} false; then :
9558 break
9559fi
9560done
9561if ${ac_cv_search_inet_ntop+:} false; then :
9562
9563else
9564 ac_cv_search_inet_ntop=no
9565fi
9566rm conftest.$ac_ext
9567LIBS=$ac_func_search_save_LIBS
9568fi
9569{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5
9570$as_echo "$ac_cv_search_inet_ntop" >&6; }
9571ac_res=$ac_cv_search_inet_ntop
9572if test "$ac_res" != no; then :
9573 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9574
9575fi
9576
9577{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
9578$as_echo_n "checking for library containing gethostbyname... " >&6; }
9579if ${ac_cv_search_gethostbyname+:} false; then :
9580 $as_echo_n "(cached) " >&6
9581else
9582 ac_func_search_save_LIBS=$LIBS
9583cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9584/* end confdefs.h. */
9585
9586/* Override any GCC internal prototype to avoid an error.
9587 Use char because int might match the return type of a GCC
9588 builtin and then its argument prototype would still apply. */
9589#ifdef __cplusplus
9590extern "C"
9591#endif
9592char gethostbyname ();
9593int
9594main ()
9595{
9596return gethostbyname ();
9597 ;
9598 return 0;
9599}
9600_ACEOF
9601for ac_lib in '' resolv nsl; do
9602 if test -z "$ac_lib"; then
9603 ac_res="none required"
9604 else
9605 ac_res=-l$ac_lib
9606 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
9607 fi
9608 if ac_fn_c_try_link "$LINENO"; then :
9609 ac_cv_search_gethostbyname=$ac_res
9610fi
9611rm -f core conftest.err conftest.$ac_objext \
9612 conftest$ac_exeext
9613 if ${ac_cv_search_gethostbyname+:} false; then :
9614 break
9615fi
9616done
9617if ${ac_cv_search_gethostbyname+:} false; then :
9618
9619else
9620 ac_cv_search_gethostbyname=no
9621fi
9622rm conftest.$ac_ext
9623LIBS=$ac_func_search_save_LIBS
9624fi
9625{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5
9626$as_echo "$ac_cv_search_gethostbyname" >&6; }
9627ac_res=$ac_cv_search_gethostbyname
9628if test "$ac_res" != no; then :
9629 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
9630
9631fi
9632
9633
9634for ac_func in strftime
9635do :
9636 ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
9637if test "x$ac_cv_func_strftime" = xyes; then :
9638 cat >>confdefs.h <<_ACEOF
9639#define HAVE_STRFTIME 1
9640_ACEOF
9641
9642else
9643 # strftime is in -lintl on SCO UNIX.
9644{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5
9645$as_echo_n "checking for strftime in -lintl... " >&6; }
9646if ${ac_cv_lib_intl_strftime+:} false; then :
9647 $as_echo_n "(cached) " >&6
9648else
9649 ac_check_lib_save_LIBS=$LIBS
9650LIBS="-lintl $LIBS"
9651cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9652/* end confdefs.h. */
9653
9654/* Override any GCC internal prototype to avoid an error.
9655 Use char because int might match the return type of a GCC
9656 builtin and then its argument prototype would still apply. */
9657#ifdef __cplusplus
9658extern "C"
9659#endif
9660char strftime ();
9661int
9662main ()
9663{
9664return strftime ();
9665 ;
9666 return 0;
9667}
9668_ACEOF
9669if ac_fn_c_try_link "$LINENO"; then :
9670 ac_cv_lib_intl_strftime=yes
9671else
9672 ac_cv_lib_intl_strftime=no
9673fi
9674rm -f core conftest.err conftest.$ac_objext \
9675 conftest$ac_exeext conftest.$ac_ext
9676LIBS=$ac_check_lib_save_LIBS
9677fi
9678{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5
9679$as_echo "$ac_cv_lib_intl_strftime" >&6; }
9680if test "x$ac_cv_lib_intl_strftime" = xyes; then :
9681 $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h
9682
9683LIBS="-lintl $LIBS"
9684fi
9685
9686fi
9687done
9688
9689
9690# Check for ALTDIRFUNC glob() extension
9691{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5
9692$as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; }
9693cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9694/* end confdefs.h. */
9695
9696 #include <glob.h>
9697 #ifdef GLOB_ALTDIRFUNC
9698 FOUNDIT
9699 #endif
9700
9701_ACEOF
9702if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
9703 $EGREP "FOUNDIT" >/dev/null 2>&1; then :
9704
9705
9706$as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h
9707
9708 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9709$as_echo "yes" >&6; }
9710
9711else
9712
9713 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9714$as_echo "no" >&6; }
9715
9716
9717fi
9718rm -f conftest*
9719
9720
9721# Check for g.gl_matchc glob() extension
9722{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5
9723$as_echo_n "checking for gl_matchc field in glob_t... " >&6; }
9724cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9725/* end confdefs.h. */
9726 #include <glob.h>
9727int
9728main ()
9729{
9730 glob_t g; g.gl_matchc = 1;
9731 ;
9732 return 0;
9733}
9734_ACEOF
9735if ac_fn_c_try_compile "$LINENO"; then :
9736
9737
9738$as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h
9739
9740 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9741$as_echo "yes" >&6; }
9742
9743else
9744
9745 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9746$as_echo "no" >&6; }
9747
9748fi
9749rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
9750
9751# Check for g.gl_statv glob() extension
9752{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5
9753$as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; }
9754cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9755/* end confdefs.h. */
9756 #include <glob.h>
9757int
9758main ()
9759{
9760
9761#ifndef GLOB_KEEPSTAT
9762#error "glob does not support GLOB_KEEPSTAT extension"
9763#endif
9764glob_t g;
9765g.gl_statv = NULL;
9766
9767 ;
9768 return 0;
9769}
9770_ACEOF
9771if ac_fn_c_try_compile "$LINENO"; then :
9772
9773
9774$as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h
9775
9776 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9777$as_echo "yes" >&6; }
9778
9779else
9780
9781 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9782$as_echo "no" >&6; }
9783
9784
9785fi
9786rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
9787
9788ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h>
9789"
9790if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then :
9791 ac_have_decl=1
9792else
9793 ac_have_decl=0
9794fi
9795
9796cat >>confdefs.h <<_ACEOF
9797#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl
9798_ACEOF
9799
9800
9801ac_fn_c_check_decl "$LINENO" "VIS_ALL" "ac_cv_have_decl_VIS_ALL" "#include <vis.h>
9802"
9803if test "x$ac_cv_have_decl_VIS_ALL" = xyes; then :
9804
9805else
9806
9807$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
9808
9809fi
9810
9811
9812{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5
9813$as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; }
9814if test "$cross_compiling" = yes; then :
9815
9816 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5
9817$as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;}
9818 $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
9819
9820
9821
9822else
9823 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9824/* end confdefs.h. */
9825
9826#include <sys/types.h>
9827#include <dirent.h>
9828int
9829main ()
9830{
9831
9832 struct dirent d;
9833 exit(sizeof(d.d_name)<=sizeof(char));
9834
9835 ;
9836 return 0;
9837}
9838_ACEOF
9839if ac_fn_c_try_run "$LINENO"; then :
9840 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9841$as_echo "yes" >&6; }
9842else
9843
9844 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9845$as_echo "no" >&6; }
9846
9847$as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
9848
9849
9850fi
9851rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
9852 conftest.$ac_objext conftest.beam conftest.$ac_ext
9853fi
9854
9855
9856{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5
9857$as_echo_n "checking for /proc/pid/fd directory... " >&6; }
9858if test -d "/proc/$$/fd" ; then
9859
9860$as_echo "#define HAVE_PROC_PID 1" >>confdefs.h
9861
9862 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9863$as_echo "yes" >&6; }
9864else
9865 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9866$as_echo "no" >&6; }
9867fi
9868
9869# Check whether user wants S/Key support
9870SKEY_MSG="no"
9871
9872# Check whether --with-skey was given.
9873if test "${with_skey+set}" = set; then :
9874 withval=$with_skey;
9875 if test "x$withval" != "xno" ; then
9876
9877 if test "x$withval" != "xyes" ; then
9878 CPPFLAGS="$CPPFLAGS -I${withval}/include"
9879 LDFLAGS="$LDFLAGS -L${withval}/lib"
9880 fi
9881
9882
9883$as_echo "#define SKEY 1" >>confdefs.h
9884
9885 LIBS="-lskey $LIBS"
9886 SKEY_MSG="yes"
9887
9888 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5
9889$as_echo_n "checking for s/key support... " >&6; }
9890 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9891/* end confdefs.h. */
9892
9893#include <stdio.h>
9894#include <skey.h>
9895
9896int
9897main ()
9898{
9899
9900 char *ff = skey_keyinfo(""); ff="";
9901 exit(0);
9902
9903 ;
9904 return 0;
9905}
9906_ACEOF
9907if ac_fn_c_try_link "$LINENO"; then :
9908 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9909$as_echo "yes" >&6; }
9910else
9911
9912 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9913$as_echo "no" >&6; }
9914 as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5
9915
9916fi
9917rm -f core conftest.err conftest.$ac_objext \
9918 conftest$ac_exeext conftest.$ac_ext
9919 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5
9920$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; }
9921 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
9922/* end confdefs.h. */
9923
9924#include <stdio.h>
9925#include <skey.h>
9926
9927int
9928main ()
9929{
9930
9931 (void)skeychallenge(NULL,"name","",0);
9932
9933 ;
9934 return 0;
9935}
9936_ACEOF
9937if ac_fn_c_try_compile "$LINENO"; then :
9938
9939 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
9940$as_echo "yes" >&6; }
9941
9942$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h
9943
9944else
9945
9946 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
9947$as_echo "no" >&6; }
9948
9949fi
9950rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
9951 fi
9952
9953
9954fi
9955
9956
9957# Check whether user wants to use ldns
9958LDNS_MSG="no"
9959
9960# Check whether --with-ldns was given.
9961if test "${with_ldns+set}" = set; then :
9962 withval=$with_ldns;
9963 ldns=""
9964 if test "x$withval" = "xyes" ; then
9965 if test -n "$ac_tool_prefix"; then
9966 # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args.
9967set dummy ${ac_tool_prefix}ldns-config; ac_word=$2
9968{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
9969$as_echo_n "checking for $ac_word... " >&6; }
9970if ${ac_cv_path_LDNSCONFIG+:} false; then :
9971 $as_echo_n "(cached) " >&6
9972else
9973 case $LDNSCONFIG in
9974 [\\/]* | ?:[\\/]*)
9975 ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path.
9976 ;;
9977 *)
9978 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
9979for as_dir in $PATH
9980do
9981 IFS=$as_save_IFS
9982 test -z "$as_dir" && as_dir=.
9983 for ac_exec_ext in '' $ac_executable_extensions; do
9984 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
9985 ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
9986 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
9987 break 2
9988 fi
9989done
9990 done
9991IFS=$as_save_IFS
9992
9993 ;;
9994esac
9995fi
9996LDNSCONFIG=$ac_cv_path_LDNSCONFIG
9997if test -n "$LDNSCONFIG"; then
9998 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5
9999$as_echo "$LDNSCONFIG" >&6; }
10000else
10001 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10002$as_echo "no" >&6; }
10003fi
10004
10005
10006fi
10007if test -z "$ac_cv_path_LDNSCONFIG"; then
10008 ac_pt_LDNSCONFIG=$LDNSCONFIG
10009 # Extract the first word of "ldns-config", so it can be a program name with args.
10010set dummy ldns-config; ac_word=$2
10011{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10012$as_echo_n "checking for $ac_word... " >&6; }
10013if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then :
10014 $as_echo_n "(cached) " >&6
10015else
10016 case $ac_pt_LDNSCONFIG in
10017 [\\/]* | ?:[\\/]*)
10018 ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path.
10019 ;;
10020 *)
10021 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10022for as_dir in $PATH
10023do
10024 IFS=$as_save_IFS
10025 test -z "$as_dir" && as_dir=.
10026 for ac_exec_ext in '' $ac_executable_extensions; do
10027 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10028 ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
10029 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10030 break 2
10031 fi
10032done
10033 done
10034IFS=$as_save_IFS
10035
10036 ;;
10037esac
10038fi
10039ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG
10040if test -n "$ac_pt_LDNSCONFIG"; then
10041 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5
10042$as_echo "$ac_pt_LDNSCONFIG" >&6; }
10043else
10044 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10045$as_echo "no" >&6; }
10046fi
10047
10048 if test "x$ac_pt_LDNSCONFIG" = x; then
10049 LDNSCONFIG="no"
10050 else
10051 case $cross_compiling:$ac_tool_warned in
10052yes:)
10053{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
10054$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
10055ac_tool_warned=yes ;;
10056esac
10057 LDNSCONFIG=$ac_pt_LDNSCONFIG
10058 fi
10059else
10060 LDNSCONFIG="$ac_cv_path_LDNSCONFIG"
10061fi
10062
10063 if test "x$PKGCONFIG" = "xno"; then
10064 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10065 LDFLAGS="$LDFLAGS -L${withval}/lib"
10066 LIBS="-lldns $LIBS"
10067 ldns=yes
10068 else
10069 LIBS="$LIBS `$LDNSCONFIG --libs`"
10070 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
10071 fi
10072 elif test "x$withval" != "xno" ; then
10073 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10074 LDFLAGS="$LDFLAGS -L${withval}/lib"
10075 LIBS="-lldns $LIBS"
10076 ldns=yes
10077 fi
10078
10079 # Verify that it works.
10080 if test "x$ldns" = "xyes" ; then
10081
10082$as_echo "#define HAVE_LDNS 1" >>confdefs.h
10083
10084 LDNS_MSG="yes"
10085 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
10086$as_echo_n "checking for ldns support... " >&6; }
10087 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10088/* end confdefs.h. */
10089
10090#include <stdio.h>
10091#include <stdlib.h>
10092#include <stdint.h>
10093#include <ldns/ldns.h>
10094int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
10095
10096
10097_ACEOF
10098if ac_fn_c_try_link "$LINENO"; then :
10099 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10100$as_echo "yes" >&6; }
10101else
10102
10103 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10104$as_echo "no" >&6; }
10105 as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5
10106
10107fi
10108rm -f core conftest.err conftest.$ac_objext \
10109 conftest$ac_exeext conftest.$ac_ext
10110 fi
10111
10112fi
10113
10114
10115# Check whether user wants libedit support
10116LIBEDIT_MSG="no"
10117
10118# Check whether --with-libedit was given.
10119if test "${with_libedit+set}" = set; then :
10120 withval=$with_libedit; if test "x$withval" != "xno" ; then
10121 if test "x$withval" = "xyes" ; then
10122 if test -n "$ac_tool_prefix"; then
10123 # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
10124set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
10125{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10126$as_echo_n "checking for $ac_word... " >&6; }
10127if ${ac_cv_path_PKGCONFIG+:} false; then :
10128 $as_echo_n "(cached) " >&6
10129else
10130 case $PKGCONFIG in
10131 [\\/]* | ?:[\\/]*)
10132 ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
10133 ;;
10134 *)
10135 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10136for as_dir in $PATH
10137do
10138 IFS=$as_save_IFS
10139 test -z "$as_dir" && as_dir=.
10140 for ac_exec_ext in '' $ac_executable_extensions; do
10141 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10142 ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
10143 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10144 break 2
10145 fi
10146done
10147 done
10148IFS=$as_save_IFS
10149
10150 ;;
10151esac
10152fi
10153PKGCONFIG=$ac_cv_path_PKGCONFIG
10154if test -n "$PKGCONFIG"; then
10155 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
10156$as_echo "$PKGCONFIG" >&6; }
10157else
10158 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10159$as_echo "no" >&6; }
10160fi
10161
10162
10163fi
10164if test -z "$ac_cv_path_PKGCONFIG"; then
10165 ac_pt_PKGCONFIG=$PKGCONFIG
10166 # Extract the first word of "pkg-config", so it can be a program name with args.
10167set dummy pkg-config; ac_word=$2
10168{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
10169$as_echo_n "checking for $ac_word... " >&6; }
10170if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
10171 $as_echo_n "(cached) " >&6
10172else
10173 case $ac_pt_PKGCONFIG in
10174 [\\/]* | ?:[\\/]*)
10175 ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
10176 ;;
10177 *)
10178 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
10179for as_dir in $PATH
10180do
10181 IFS=$as_save_IFS
10182 test -z "$as_dir" && as_dir=.
10183 for ac_exec_ext in '' $ac_executable_extensions; do
10184 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
10185 ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
10186 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
10187 break 2
10188 fi
10189done
10190 done
10191IFS=$as_save_IFS
10192
10193 ;;
10194esac
10195fi
10196ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
10197if test -n "$ac_pt_PKGCONFIG"; then
10198 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
10199$as_echo "$ac_pt_PKGCONFIG" >&6; }
10200else
10201 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10202$as_echo "no" >&6; }
10203fi
10204
10205 if test "x$ac_pt_PKGCONFIG" = x; then
10206 PKGCONFIG="no"
10207 else
10208 case $cross_compiling:$ac_tool_warned in
10209yes:)
10210{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
10211$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
10212ac_tool_warned=yes ;;
10213esac
10214 PKGCONFIG=$ac_pt_PKGCONFIG
10215 fi
10216else
10217 PKGCONFIG="$ac_cv_path_PKGCONFIG"
10218fi
10219
10220 if test "x$PKGCONFIG" != "xno"; then
10221 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5
10222$as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; }
10223 if "$PKGCONFIG" libedit; then
10224 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10225$as_echo "yes" >&6; }
10226 use_pkgconfig_for_libedit=yes
10227 else
10228 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10229$as_echo "no" >&6; }
10230 fi
10231 fi
10232 else
10233 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10234 if test -n "${need_dash_r}"; then
10235 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
10236 else
10237 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
10238 fi
10239 fi
10240 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
10241 LIBEDIT=`$PKGCONFIG --libs libedit`
10242 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
10243 else
10244 LIBEDIT="-ledit -lcurses"
10245 fi
10246 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
10247 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5
10248$as_echo_n "checking for el_init in -ledit... " >&6; }
10249if ${ac_cv_lib_edit_el_init+:} false; then :
10250 $as_echo_n "(cached) " >&6
10251else
10252 ac_check_lib_save_LIBS=$LIBS
10253LIBS="-ledit $OTHERLIBS
10254 $LIBS"
10255cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10256/* end confdefs.h. */
10257
10258/* Override any GCC internal prototype to avoid an error.
10259 Use char because int might match the return type of a GCC
10260 builtin and then its argument prototype would still apply. */
10261#ifdef __cplusplus
10262extern "C"
10263#endif
10264char el_init ();
10265int
10266main ()
10267{
10268return el_init ();
10269 ;
10270 return 0;
10271}
10272_ACEOF
10273if ac_fn_c_try_link "$LINENO"; then :
10274 ac_cv_lib_edit_el_init=yes
10275else
10276 ac_cv_lib_edit_el_init=no
10277fi
10278rm -f core conftest.err conftest.$ac_objext \
10279 conftest$ac_exeext conftest.$ac_ext
10280LIBS=$ac_check_lib_save_LIBS
10281fi
10282{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5
10283$as_echo "$ac_cv_lib_edit_el_init" >&6; }
10284if test "x$ac_cv_lib_edit_el_init" = xyes; then :
10285
10286$as_echo "#define USE_LIBEDIT 1" >>confdefs.h
10287
10288 LIBEDIT_MSG="yes"
10289
10290
10291else
10292 as_fn_error $? "libedit not found" "$LINENO" 5
10293fi
10294
10295 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5
10296$as_echo_n "checking if libedit version is compatible... " >&6; }
10297 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10298/* end confdefs.h. */
10299 #include <histedit.h>
10300int
10301main ()
10302{
10303
10304 int i = H_SETSIZE;
10305 el_init("", NULL, NULL, NULL);
10306 exit(0);
10307
10308 ;
10309 return 0;
10310}
10311_ACEOF
10312if ac_fn_c_try_compile "$LINENO"; then :
10313 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10314$as_echo "yes" >&6; }
10315else
10316 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10317$as_echo "no" >&6; }
10318 as_fn_error $? "libedit version is not compatible" "$LINENO" 5
10319
10320fi
10321rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10322 fi
10323
10324fi
10325
10326
10327AUDIT_MODULE=none
10328
10329# Check whether --with-audit was given.
10330if test "${with_audit+set}" = set; then :
10331 withval=$with_audit;
10332 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5
10333$as_echo_n "checking for supported audit module... " >&6; }
10334 case "$withval" in
10335 bsm)
10336 { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5
10337$as_echo "bsm" >&6; }
10338 AUDIT_MODULE=bsm
10339 for ac_header in bsm/audit.h
10340do :
10341 ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" "
10342#ifdef HAVE_TIME_H
10343# include <time.h>
10344#endif
10345
10346
10347"
10348if test "x$ac_cv_header_bsm_audit_h" = xyes; then :
10349 cat >>confdefs.h <<_ACEOF
10350#define HAVE_BSM_AUDIT_H 1
10351_ACEOF
10352
10353else
10354 as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5
10355fi
10356
10357done
10358
10359 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5
10360$as_echo_n "checking for getaudit in -lbsm... " >&6; }
10361if ${ac_cv_lib_bsm_getaudit+:} false; then :
10362 $as_echo_n "(cached) " >&6
10363else
10364 ac_check_lib_save_LIBS=$LIBS
10365LIBS="-lbsm $LIBS"
10366cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10367/* end confdefs.h. */
10368
10369/* Override any GCC internal prototype to avoid an error.
10370 Use char because int might match the return type of a GCC
10371 builtin and then its argument prototype would still apply. */
10372#ifdef __cplusplus
10373extern "C"
10374#endif
10375char getaudit ();
10376int
10377main ()
10378{
10379return getaudit ();
10380 ;
10381 return 0;
10382}
10383_ACEOF
10384if ac_fn_c_try_link "$LINENO"; then :
10385 ac_cv_lib_bsm_getaudit=yes
10386else
10387 ac_cv_lib_bsm_getaudit=no
10388fi
10389rm -f core conftest.err conftest.$ac_objext \
10390 conftest$ac_exeext conftest.$ac_ext
10391LIBS=$ac_check_lib_save_LIBS
10392fi
10393{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5
10394$as_echo "$ac_cv_lib_bsm_getaudit" >&6; }
10395if test "x$ac_cv_lib_bsm_getaudit" = xyes; then :
10396 cat >>confdefs.h <<_ACEOF
10397#define HAVE_LIBBSM 1
10398_ACEOF
10399
10400 LIBS="-lbsm $LIBS"
10401
10402else
10403 as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5
10404fi
10405
10406 for ac_func in getaudit
10407do :
10408 ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit"
10409if test "x$ac_cv_func_getaudit" = xyes; then :
10410 cat >>confdefs.h <<_ACEOF
10411#define HAVE_GETAUDIT 1
10412_ACEOF
10413
10414else
10415 as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5
10416fi
10417done
10418
10419 # These are optional
10420 for ac_func in getaudit_addr aug_get_machine
10421do :
10422 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
10423ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
10424if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
10425 cat >>confdefs.h <<_ACEOF
10426#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
10427_ACEOF
10428
10429fi
10430done
10431
10432
10433$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h
10434
10435 if test "$sol2ver" -ge 11; then
10436 SSHDLIBS="$SSHDLIBS -lscf"
10437
10438$as_echo "#define BROKEN_BSM_API 1" >>confdefs.h
10439
10440 fi
10441 ;;
10442 linux)
10443 { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5
10444$as_echo "linux" >&6; }
10445 AUDIT_MODULE=linux
10446 for ac_header in libaudit.h
10447do :
10448 ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default"
10449if test "x$ac_cv_header_libaudit_h" = xyes; then :
10450 cat >>confdefs.h <<_ACEOF
10451#define HAVE_LIBAUDIT_H 1
10452_ACEOF
10453
10454fi
10455
10456done
10457
10458 SSHDLIBS="$SSHDLIBS -laudit"
10459
10460$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h
10461
10462 ;;
10463 debug)
10464 AUDIT_MODULE=debug
10465 { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
10466$as_echo "debug" >&6; }
10467
10468$as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h
10469
10470 ;;
10471 no)
10472 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10473$as_echo "no" >&6; }
10474 ;;
10475 *)
10476 as_fn_error $? "Unknown audit module $withval" "$LINENO" 5
10477 ;;
10478 esac
10479
10480fi
10481
10482
10483
10484# Check whether --with-pie was given.
10485if test "${with_pie+set}" = set; then :
10486 withval=$with_pie;
10487 if test "x$withval" = "xno"; then
10488 use_pie=no
10489 fi
10490 if test "x$withval" = "xyes"; then
10491 use_pie=yes
10492 fi
10493
10494
10495fi
10496
10497if test "x$use_pie" = "x"; then
10498 use_pie=no
10499fi
10500if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
10501 # Turn off automatic PIE when toolchain hardening is off.
10502 use_pie=no
10503fi
10504if test "x$use_pie" = "xauto"; then
10505 # Automatic PIE requires gcc >= 4.x
10506 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5
10507$as_echo_n "checking for gcc >= 4.x... " >&6; }
10508 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10509/* end confdefs.h. */
10510
10511#if !defined(__GNUC__) || __GNUC__ < 4
10512#error gcc is too old
10513#endif
10514
10515_ACEOF
10516if ac_fn_c_try_compile "$LINENO"; then :
10517 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10518$as_echo "yes" >&6; }
10519else
10520 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10521$as_echo "no" >&6; }
10522 use_pie=no
10523
10524fi
10525rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10526fi
10527if test "x$use_pie" != "xno"; then
10528 SAVED_CFLAGS="$CFLAGS"
10529 SAVED_LDFLAGS="$LDFLAGS"
10530 {
10531 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5
10532$as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; }
10533 saved_CFLAGS="$CFLAGS"
10534 CFLAGS="$CFLAGS $WERROR -fPIE"
10535 _define_flag=""
10536 test "x$_define_flag" = "x" && _define_flag="-fPIE"
10537 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10538/* end confdefs.h. */
10539
10540#include <stdlib.h>
10541#include <stdio.h>
10542int main(int argc, char **argv) {
10543 /* Some math to catch -ftrapv problems in the toolchain */
10544 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
10545 float l = i * 2.1;
10546 double m = l / 0.5;
10547 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
10548 printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
10549 exit(0);
10550}
10551
10552_ACEOF
10553if ac_fn_c_try_compile "$LINENO"; then :
10554
10555if `grep -i "unrecognized option" conftest.err >/dev/null`
10556then
10557 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10558$as_echo "no" >&6; }
10559 CFLAGS="$saved_CFLAGS"
10560else
10561 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10562$as_echo "yes" >&6; }
10563 CFLAGS="$saved_CFLAGS $_define_flag"
10564fi
10565else
10566 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10567$as_echo "no" >&6; }
10568 CFLAGS="$saved_CFLAGS"
10569
10570fi
10571rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10572}
10573 {
10574 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5
10575$as_echo_n "checking if $LD supports link flag -pie... " >&6; }
10576 saved_LDFLAGS="$LDFLAGS"
10577 LDFLAGS="$LDFLAGS $WERROR -pie"
10578 _define_flag=""
10579 test "x$_define_flag" = "x" && _define_flag="-pie"
10580 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10581/* end confdefs.h. */
10582
10583#include <stdlib.h>
10584#include <stdio.h>
10585int main(int argc, char **argv) {
10586 /* Some math to catch -ftrapv problems in the toolchain */
10587 int i = 123 * argc, j = 456 + argc, k = 789 - argc;
10588 float l = i * 2.1;
10589 double m = l / 0.5;
10590 long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
10591 long long p = n * o;
10592 printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
10593 exit(0);
10594}
10595
10596_ACEOF
10597if ac_fn_c_try_link "$LINENO"; then :
10598 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10599$as_echo "yes" >&6; }
10600 LDFLAGS="$saved_LDFLAGS $_define_flag"
10601else
10602 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10603$as_echo "no" >&6; }
10604 LDFLAGS="$saved_LDFLAGS"
10605
10606fi
10607rm -f core conftest.err conftest.$ac_objext \
10608 conftest$ac_exeext conftest.$ac_ext
10609}
10610 # We use both -fPIE and -pie or neither.
10611 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5
10612$as_echo_n "checking whether both -fPIE and -pie are supported... " >&6; }
10613 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
10614 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
10615 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10616$as_echo "yes" >&6; }
10617 else
10618 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10619$as_echo "no" >&6; }
10620 CFLAGS="$SAVED_CFLAGS"
10621 LDFLAGS="$SAVED_LDFLAGS"
10622 fi
10623fi
10624
10625for ac_func in \
10626 Blowfish_initstate \
10627 Blowfish_expandstate \
10628 Blowfish_expand0state \
10629 Blowfish_stream2word \
10630 asprintf \
10631 b64_ntop \
10632 __b64_ntop \
10633 b64_pton \
10634 __b64_pton \
10635 bcopy \
10636 bcrypt_pbkdf \
10637 bindresvport_sa \
10638 blf_enc \
10639 cap_rights_limit \
10640 clock \
10641 closefrom \
10642 dirfd \
10643 endgrent \
10644 err \
10645 errx \
10646 explicit_bzero \
10647 fchmod \
10648 fchown \
10649 freeaddrinfo \
10650 fstatfs \
10651 fstatvfs \
10652 futimes \
10653 getaddrinfo \
10654 getcwd \
10655 getgrouplist \
10656 getnameinfo \
10657 getopt \
10658 getpeereid \
10659 getpeerucred \
10660 getpgid \
10661 getpgrp \
10662 _getpty \
10663 getrlimit \
10664 getttyent \
10665 glob \
10666 group_from_gid \
10667 inet_aton \
10668 inet_ntoa \
10669 inet_ntop \
10670 innetgr \
10671 llabs \
10672 login_getcapbool \
10673 md5_crypt \
10674 memmove \
10675 memset_s \
10676 mkdtemp \
10677 ngetaddrinfo \
10678 nsleep \
10679 ogetaddrinfo \
10680 openlog_r \
10681 pledge \
10682 poll \
10683 prctl \
10684 pstat \
10685 readpassphrase \
10686 reallocarray \
10687 recvmsg \
10688 rresvport_af \
10689 sendmsg \
10690 setdtablesize \
10691 setegid \
10692 setenv \
10693 seteuid \
10694 setgroupent \
10695 setgroups \
10696 setlinebuf \
10697 setlogin \
10698 setpassent\
10699 setpcred \
10700 setproctitle \
10701 setregid \
10702 setreuid \
10703 setrlimit \
10704 setsid \
10705 setvbuf \
10706 sigaction \
10707 sigvec \
10708 snprintf \
10709 socketpair \
10710 statfs \
10711 statvfs \
10712 strcasestr \
10713 strdup \
10714 strerror \
10715 strlcat \
10716 strlcpy \
10717 strmode \
10718 strnlen \
10719 strnvis \
10720 strptime \
10721 strtonum \
10722 strtoll \
10723 strtoul \
10724 strtoull \
10725 swap32 \
10726 sysconf \
10727 tcgetpgrp \
10728 timingsafe_bcmp \
10729 truncate \
10730 unsetenv \
10731 updwtmpx \
10732 user_from_uid \
10733 usleep \
10734 vasprintf \
10735 vsnprintf \
10736 waitpid \
10737 warn \
10738
10739do :
10740 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
10741ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
10742if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
10743 cat >>confdefs.h <<_ACEOF
10744#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
10745_ACEOF
10746
10747fi
10748done
10749
10750
10751for ac_func in mblen mbtowc nl_langinfo wcwidth
10752do :
10753 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
10754ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
10755if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
10756 cat >>confdefs.h <<_ACEOF
10757#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
10758_ACEOF
10759
10760fi
10761done
10762
10763
10764TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
10765{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5
10766$as_echo_n "checking for utf8 locale support... " >&6; }
10767if test "$cross_compiling" = yes; then :
10768 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
10769$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
10770
10771else
10772 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10773/* end confdefs.h. */
10774
10775#include <locale.h>
10776#include <stdlib.h>
10777
10778int
10779main ()
10780{
10781
10782 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
10783 if (loc != NULL)
10784 exit(0);
10785 exit(1);
10786
10787 ;
10788 return 0;
10789}
10790_ACEOF
10791if ac_fn_c_try_run "$LINENO"; then :
10792 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
10793$as_echo "yes" >&6; }
10794else
10795 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
10796$as_echo "no" >&6; }
10797 TEST_SSH_UTF8=no
10798fi
10799rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
10800 conftest.$ac_objext conftest.beam conftest.$ac_ext
10801fi
10802
10803
10804cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10805/* end confdefs.h. */
10806 #include <ctype.h>
10807int
10808main ()
10809{
10810 return (isblank('a'));
10811 ;
10812 return 0;
10813}
10814_ACEOF
10815if ac_fn_c_try_link "$LINENO"; then :
10816
10817$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h
10818
10819
10820fi
10821rm -f core conftest.err conftest.$ac_objext \
10822 conftest$ac_exeext conftest.$ac_ext
10823
10824disable_pkcs11=
10825# Check whether --enable-pkcs11 was given.
10826if test "${enable_pkcs11+set}" = set; then :
10827 enableval=$enable_pkcs11;
10828 if test "x$enableval" = "xno" ; then
10829 disable_pkcs11=1
10830 fi
10831
10832
10833fi
10834
10835
10836# PKCS11 depends on OpenSSL.
10837if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
10838 # PKCS#11 support requires dlopen() and co
10839 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
10840$as_echo_n "checking for library containing dlopen... " >&6; }
10841if ${ac_cv_search_dlopen+:} false; then :
10842 $as_echo_n "(cached) " >&6
10843else
10844 ac_func_search_save_LIBS=$LIBS
10845cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10846/* end confdefs.h. */
10847
10848/* Override any GCC internal prototype to avoid an error.
10849 Use char because int might match the return type of a GCC
10850 builtin and then its argument prototype would still apply. */
10851#ifdef __cplusplus
10852extern "C"
10853#endif
10854char dlopen ();
10855int
10856main ()
10857{
10858return dlopen ();
10859 ;
10860 return 0;
10861}
10862_ACEOF
10863for ac_lib in '' dl; do
10864 if test -z "$ac_lib"; then
10865 ac_res="none required"
10866 else
10867 ac_res=-l$ac_lib
10868 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
10869 fi
10870 if ac_fn_c_try_link "$LINENO"; then :
10871 ac_cv_search_dlopen=$ac_res
10872fi
10873rm -f core conftest.err conftest.$ac_objext \
10874 conftest$ac_exeext
10875 if ${ac_cv_search_dlopen+:} false; then :
10876 break
10877fi
10878done
10879if ${ac_cv_search_dlopen+:} false; then :
10880
10881else
10882 ac_cv_search_dlopen=no
10883fi
10884rm conftest.$ac_ext
10885LIBS=$ac_func_search_save_LIBS
10886fi
10887{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
10888$as_echo "$ac_cv_search_dlopen" >&6; }
10889ac_res=$ac_cv_search_dlopen
10890if test "$ac_res" != no; then :
10891 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
10892
10893$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h
10894
10895
10896fi
10897
10898fi
10899
10900# IRIX has a const char return value for gai_strerror()
10901for ac_func in gai_strerror
10902do :
10903 ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror"
10904if test "x$ac_cv_func_gai_strerror" = xyes; then :
10905 cat >>confdefs.h <<_ACEOF
10906#define HAVE_GAI_STRERROR 1
10907_ACEOF
10908
10909 $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h
10910
10911 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10912/* end confdefs.h. */
10913
10914#include <sys/types.h>
10915#include <sys/socket.h>
10916#include <netdb.h>
10917
10918const char *gai_strerror(int);
10919
10920int
10921main ()
10922{
10923
10924 char *str;
10925 str = gai_strerror(0);
10926
10927 ;
10928 return 0;
10929}
10930_ACEOF
10931if ac_fn_c_try_compile "$LINENO"; then :
10932
10933
10934$as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h
10935
10936fi
10937rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
10938fi
10939done
10940
10941
10942{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5
10943$as_echo_n "checking for library containing nanosleep... " >&6; }
10944if ${ac_cv_search_nanosleep+:} false; then :
10945 $as_echo_n "(cached) " >&6
10946else
10947 ac_func_search_save_LIBS=$LIBS
10948cat confdefs.h - <<_ACEOF >conftest.$ac_ext
10949/* end confdefs.h. */
10950
10951/* Override any GCC internal prototype to avoid an error.
10952 Use char because int might match the return type of a GCC
10953 builtin and then its argument prototype would still apply. */
10954#ifdef __cplusplus
10955extern "C"
10956#endif
10957char nanosleep ();
10958int
10959main ()
10960{
10961return nanosleep ();
10962 ;
10963 return 0;
10964}
10965_ACEOF
10966for ac_lib in '' rt posix4; do
10967 if test -z "$ac_lib"; then
10968 ac_res="none required"
10969 else
10970 ac_res=-l$ac_lib
10971 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
10972 fi
10973 if ac_fn_c_try_link "$LINENO"; then :
10974 ac_cv_search_nanosleep=$ac_res
10975fi
10976rm -f core conftest.err conftest.$ac_objext \
10977 conftest$ac_exeext
10978 if ${ac_cv_search_nanosleep+:} false; then :
10979 break
10980fi
10981done
10982if ${ac_cv_search_nanosleep+:} false; then :
10983
10984else
10985 ac_cv_search_nanosleep=no
10986fi
10987rm conftest.$ac_ext
10988LIBS=$ac_func_search_save_LIBS
10989fi
10990{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5
10991$as_echo "$ac_cv_search_nanosleep" >&6; }
10992ac_res=$ac_cv_search_nanosleep
10993if test "$ac_res" != no; then :
10994 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
10995
10996$as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h
10997
10998fi
10999
11000
11001{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
11002$as_echo_n "checking for library containing clock_gettime... " >&6; }
11003if ${ac_cv_search_clock_gettime+:} false; then :
11004 $as_echo_n "(cached) " >&6
11005else
11006 ac_func_search_save_LIBS=$LIBS
11007cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11008/* end confdefs.h. */
11009
11010/* Override any GCC internal prototype to avoid an error.
11011 Use char because int might match the return type of a GCC
11012 builtin and then its argument prototype would still apply. */
11013#ifdef __cplusplus
11014extern "C"
11015#endif
11016char clock_gettime ();
11017int
11018main ()
11019{
11020return clock_gettime ();
11021 ;
11022 return 0;
11023}
11024_ACEOF
11025for ac_lib in '' rt; do
11026 if test -z "$ac_lib"; then
11027 ac_res="none required"
11028 else
11029 ac_res=-l$ac_lib
11030 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
11031 fi
11032 if ac_fn_c_try_link "$LINENO"; then :
11033 ac_cv_search_clock_gettime=$ac_res
11034fi
11035rm -f core conftest.err conftest.$ac_objext \
11036 conftest$ac_exeext
11037 if ${ac_cv_search_clock_gettime+:} false; then :
11038 break
11039fi
11040done
11041if ${ac_cv_search_clock_gettime+:} false; then :
11042
11043else
11044 ac_cv_search_clock_gettime=no
11045fi
11046rm conftest.$ac_ext
11047LIBS=$ac_func_search_save_LIBS
11048fi
11049{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
11050$as_echo "$ac_cv_search_clock_gettime" >&6; }
11051ac_res=$ac_cv_search_clock_gettime
11052if test "$ac_res" != no; then :
11053 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
11054
11055$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h
11056
11057fi
11058
11059
11060ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default"
11061if test "x$ac_cv_have_decl_getrusage" = xyes; then :
11062 for ac_func in getrusage
11063do :
11064 ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage"
11065if test "x$ac_cv_func_getrusage" = xyes; then :
11066 cat >>confdefs.h <<_ACEOF
11067#define HAVE_GETRUSAGE 1
11068_ACEOF
11069
11070fi
11071done
11072
11073fi
11074
11075ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" "
11076#ifdef HAVE_STRING_H
11077# include <string.h>
11078#endif
11079
11080"
11081if test "x$ac_cv_have_decl_strsep" = xyes; then :
11082 for ac_func in strsep
11083do :
11084 ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep"
11085if test "x$ac_cv_func_strsep" = xyes; then :
11086 cat >>confdefs.h <<_ACEOF
11087#define HAVE_STRSEP 1
11088_ACEOF
11089
11090fi
11091done
11092
11093fi
11094
11095
11096ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h>
11097
11098"
11099if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then :
11100 $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h
11101
11102else
11103 for ac_func in tcsendbreak
11104do :
11105 ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak"
11106if test "x$ac_cv_func_tcsendbreak" = xyes; then :
11107 cat >>confdefs.h <<_ACEOF
11108#define HAVE_TCSENDBREAK 1
11109_ACEOF
11110
11111fi
11112done
11113
11114fi
11115
11116
11117ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h>
11118"
11119if test "x$ac_cv_have_decl_h_errno" = xyes; then :
11120 ac_have_decl=1
11121else
11122 ac_have_decl=0
11123fi
11124
11125cat >>confdefs.h <<_ACEOF
11126#define HAVE_DECL_H_ERRNO $ac_have_decl
11127_ACEOF
11128
11129
11130ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" "
11131#include <sys/types.h>
11132#include <sys/socket.h>
11133
11134"
11135if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then :
11136 ac_have_decl=1
11137else
11138 ac_have_decl=0
11139fi
11140
11141cat >>confdefs.h <<_ACEOF
11142#define HAVE_DECL_SHUT_RD $ac_have_decl
11143_ACEOF
11144
11145
11146ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" "
11147#include <sys/types.h>
11148#ifdef HAVE_SYS_STAT_H
11149# include <sys/stat.h>
11150#endif
11151#ifdef HAVE_FCNTL_H
11152# include <fcntl.h>
11153#endif
11154
11155"
11156if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then :
11157 ac_have_decl=1
11158else
11159 ac_have_decl=0
11160fi
11161
11162cat >>confdefs.h <<_ACEOF
11163#define HAVE_DECL_O_NONBLOCK $ac_have_decl
11164_ACEOF
11165
11166
11167ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" "
11168#include <sys/types.h>
11169#include <sys/uio.h>
11170#include <unistd.h>
11171
11172"
11173if test "x$ac_cv_have_decl_writev" = xyes; then :
11174 ac_have_decl=1
11175else
11176 ac_have_decl=0
11177fi
11178
11179cat >>confdefs.h <<_ACEOF
11180#define HAVE_DECL_WRITEV $ac_have_decl
11181_ACEOF
11182
11183
11184ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" "
11185#include <sys/param.h>
11186
11187"
11188if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then :
11189 ac_have_decl=1
11190else
11191 ac_have_decl=0
11192fi
11193
11194cat >>confdefs.h <<_ACEOF
11195#define HAVE_DECL_MAXSYMLINKS $ac_have_decl
11196_ACEOF
11197
11198
11199ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" "
11200#include <stddef.h>
11201
11202"
11203if test "x$ac_cv_have_decl_offsetof" = xyes; then :
11204 ac_have_decl=1
11205else
11206 ac_have_decl=0
11207fi
11208
11209cat >>confdefs.h <<_ACEOF
11210#define HAVE_DECL_OFFSETOF $ac_have_decl
11211_ACEOF
11212
11213
11214# extra bits for select(2)
11215ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" "
11216#include <sys/param.h>
11217#include <sys/types.h>
11218#ifdef HAVE_SYS_SYSMACROS_H
11219#include <sys/sysmacros.h>
11220#endif
11221#ifdef HAVE_SYS_SELECT_H
11222#include <sys/select.h>
11223#endif
11224#ifdef HAVE_SYS_TIME_H
11225#include <sys/time.h>
11226#endif
11227#ifdef HAVE_UNISTD_H
11228#include <unistd.h>
11229#endif
11230
11231"
11232if test "x$ac_cv_have_decl_howmany" = xyes; then :
11233 ac_have_decl=1
11234else
11235 ac_have_decl=0
11236fi
11237
11238cat >>confdefs.h <<_ACEOF
11239#define HAVE_DECL_HOWMANY $ac_have_decl
11240_ACEOF
11241ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" "
11242#include <sys/param.h>
11243#include <sys/types.h>
11244#ifdef HAVE_SYS_SYSMACROS_H
11245#include <sys/sysmacros.h>
11246#endif
11247#ifdef HAVE_SYS_SELECT_H
11248#include <sys/select.h>
11249#endif
11250#ifdef HAVE_SYS_TIME_H
11251#include <sys/time.h>
11252#endif
11253#ifdef HAVE_UNISTD_H
11254#include <unistd.h>
11255#endif
11256
11257"
11258if test "x$ac_cv_have_decl_NFDBITS" = xyes; then :
11259 ac_have_decl=1
11260else
11261 ac_have_decl=0
11262fi
11263
11264cat >>confdefs.h <<_ACEOF
11265#define HAVE_DECL_NFDBITS $ac_have_decl
11266_ACEOF
11267
11268ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" "
11269#include <sys/param.h>
11270#include <sys/types.h>
11271#ifdef HAVE_SYS_SELECT_H
11272#include <sys/select.h>
11273#endif
11274#ifdef HAVE_SYS_TIME_H
11275#include <sys/time.h>
11276#endif
11277#ifdef HAVE_UNISTD_H
11278#include <unistd.h>
11279#endif
11280
11281"
11282if test "x$ac_cv_type_fd_mask" = xyes; then :
11283
11284cat >>confdefs.h <<_ACEOF
11285#define HAVE_FD_MASK 1
11286_ACEOF
11287
11288
11289fi
11290
11291
11292for ac_func in setresuid
11293do :
11294 ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
11295if test "x$ac_cv_func_setresuid" = xyes; then :
11296 cat >>confdefs.h <<_ACEOF
11297#define HAVE_SETRESUID 1
11298_ACEOF
11299
11300 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5
11301$as_echo_n "checking if setresuid seems to work... " >&6; }
11302 if test "$cross_compiling" = yes; then :
11303 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
11304$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
11305
11306else
11307 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11308/* end confdefs.h. */
11309
11310#include <stdlib.h>
11311#include <errno.h>
11312
11313int
11314main ()
11315{
11316
11317 errno=0;
11318 setresuid(0,0,0);
11319 if (errno==ENOSYS)
11320 exit(1);
11321 else
11322 exit(0);
11323
11324 ;
11325 return 0;
11326}
11327_ACEOF
11328if ac_fn_c_try_run "$LINENO"; then :
11329 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11330$as_echo "yes" >&6; }
11331else
11332
11333$as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h
11334
11335 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
11336$as_echo "not implemented" >&6; }
11337fi
11338rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11339 conftest.$ac_objext conftest.beam conftest.$ac_ext
11340fi
11341
11342
11343fi
11344done
11345
11346
11347for ac_func in setresgid
11348do :
11349 ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid"
11350if test "x$ac_cv_func_setresgid" = xyes; then :
11351 cat >>confdefs.h <<_ACEOF
11352#define HAVE_SETRESGID 1
11353_ACEOF
11354
11355 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5
11356$as_echo_n "checking if setresgid seems to work... " >&6; }
11357 if test "$cross_compiling" = yes; then :
11358 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
11359$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
11360
11361else
11362 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11363/* end confdefs.h. */
11364
11365#include <stdlib.h>
11366#include <errno.h>
11367
11368int
11369main ()
11370{
11371
11372 errno=0;
11373 setresgid(0,0,0);
11374 if (errno==ENOSYS)
11375 exit(1);
11376 else
11377 exit(0);
11378
11379 ;
11380 return 0;
11381}
11382_ACEOF
11383if ac_fn_c_try_run "$LINENO"; then :
11384 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11385$as_echo "yes" >&6; }
11386else
11387
11388$as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h
11389
11390 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
11391$as_echo "not implemented" >&6; }
11392fi
11393rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11394 conftest.$ac_objext conftest.beam conftest.$ac_ext
11395fi
11396
11397
11398fi
11399done
11400
11401
11402for ac_func in realpath
11403do :
11404 ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath"
11405if test "x$ac_cv_func_realpath" = xyes; then :
11406 cat >>confdefs.h <<_ACEOF
11407#define HAVE_REALPATH 1
11408_ACEOF
11409
11410 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if realpath works with non-existent files" >&5
11411$as_echo_n "checking if realpath works with non-existent files... " >&6; }
11412 if test "$cross_compiling" = yes; then :
11413 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5
11414$as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;}
11415
11416else
11417 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11418/* end confdefs.h. */
11419
11420#include <limits.h>
11421#include <stdlib.h>
11422#include <errno.h>
11423
11424int
11425main ()
11426{
11427
11428 char buf[PATH_MAX];
11429 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
11430 if (errno == ENOENT)
11431 exit(1);
11432 exit(0);
11433
11434 ;
11435 return 0;
11436}
11437_ACEOF
11438if ac_fn_c_try_run "$LINENO"; then :
11439 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11440$as_echo "yes" >&6; }
11441else
11442
11443$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
11444
11445 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11446$as_echo "no" >&6; }
11447fi
11448rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11449 conftest.$ac_objext conftest.beam conftest.$ac_ext
11450fi
11451
11452
11453fi
11454done
11455
11456
11457for ac_func in gettimeofday time
11458do :
11459 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11460ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11461if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11462 cat >>confdefs.h <<_ACEOF
11463#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11464_ACEOF
11465
11466fi
11467done
11468
11469for ac_func in endutent getutent getutid getutline pututline setutent
11470do :
11471 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11472ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11473if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11474 cat >>confdefs.h <<_ACEOF
11475#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11476_ACEOF
11477
11478fi
11479done
11480
11481for ac_func in utmpname
11482do :
11483 ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname"
11484if test "x$ac_cv_func_utmpname" = xyes; then :
11485 cat >>confdefs.h <<_ACEOF
11486#define HAVE_UTMPNAME 1
11487_ACEOF
11488
11489fi
11490done
11491
11492for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline
11493do :
11494 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11495ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11496if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11497 cat >>confdefs.h <<_ACEOF
11498#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11499_ACEOF
11500
11501fi
11502done
11503
11504for ac_func in setutxdb setutxent utmpxname
11505do :
11506 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
11507ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
11508if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
11509 cat >>confdefs.h <<_ACEOF
11510#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
11511_ACEOF
11512
11513fi
11514done
11515
11516for ac_func in getlastlogxbyname
11517do :
11518 ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname"
11519if test "x$ac_cv_func_getlastlogxbyname" = xyes; then :
11520 cat >>confdefs.h <<_ACEOF
11521#define HAVE_GETLASTLOGXBYNAME 1
11522_ACEOF
11523
11524fi
11525done
11526
11527
11528ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon"
11529if test "x$ac_cv_func_daemon" = xyes; then :
11530
11531$as_echo "#define HAVE_DAEMON 1" >>confdefs.h
11532
11533else
11534 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5
11535$as_echo_n "checking for daemon in -lbsd... " >&6; }
11536if ${ac_cv_lib_bsd_daemon+:} false; then :
11537 $as_echo_n "(cached) " >&6
11538else
11539 ac_check_lib_save_LIBS=$LIBS
11540LIBS="-lbsd $LIBS"
11541cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11542/* end confdefs.h. */
11543
11544/* Override any GCC internal prototype to avoid an error.
11545 Use char because int might match the return type of a GCC
11546 builtin and then its argument prototype would still apply. */
11547#ifdef __cplusplus
11548extern "C"
11549#endif
11550char daemon ();
11551int
11552main ()
11553{
11554return daemon ();
11555 ;
11556 return 0;
11557}
11558_ACEOF
11559if ac_fn_c_try_link "$LINENO"; then :
11560 ac_cv_lib_bsd_daemon=yes
11561else
11562 ac_cv_lib_bsd_daemon=no
11563fi
11564rm -f core conftest.err conftest.$ac_objext \
11565 conftest$ac_exeext conftest.$ac_ext
11566LIBS=$ac_check_lib_save_LIBS
11567fi
11568{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5
11569$as_echo "$ac_cv_lib_bsd_daemon" >&6; }
11570if test "x$ac_cv_lib_bsd_daemon" = xyes; then :
11571 LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h
11572
11573fi
11574
11575
11576fi
11577
11578
11579ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize"
11580if test "x$ac_cv_func_getpagesize" = xyes; then :
11581
11582$as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
11583
11584else
11585 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5
11586$as_echo_n "checking for getpagesize in -lucb... " >&6; }
11587if ${ac_cv_lib_ucb_getpagesize+:} false; then :
11588 $as_echo_n "(cached) " >&6
11589else
11590 ac_check_lib_save_LIBS=$LIBS
11591LIBS="-lucb $LIBS"
11592cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11593/* end confdefs.h. */
11594
11595/* Override any GCC internal prototype to avoid an error.
11596 Use char because int might match the return type of a GCC
11597 builtin and then its argument prototype would still apply. */
11598#ifdef __cplusplus
11599extern "C"
11600#endif
11601char getpagesize ();
11602int
11603main ()
11604{
11605return getpagesize ();
11606 ;
11607 return 0;
11608}
11609_ACEOF
11610if ac_fn_c_try_link "$LINENO"; then :
11611 ac_cv_lib_ucb_getpagesize=yes
11612else
11613 ac_cv_lib_ucb_getpagesize=no
11614fi
11615rm -f core conftest.err conftest.$ac_objext \
11616 conftest$ac_exeext conftest.$ac_ext
11617LIBS=$ac_check_lib_save_LIBS
11618fi
11619{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5
11620$as_echo "$ac_cv_lib_ucb_getpagesize" >&6; }
11621if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then :
11622 LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
11623
11624fi
11625
11626
11627fi
11628
11629
11630# Check for broken snprintf
11631if test "x$ac_cv_func_snprintf" = "xyes" ; then
11632 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5
11633$as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; }
11634 if test "$cross_compiling" = yes; then :
11635 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
11636$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
11637
11638else
11639 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11640/* end confdefs.h. */
11641 #include <stdio.h>
11642int
11643main ()
11644{
11645
11646 char b[5];
11647 snprintf(b,5,"123456789");
11648 exit(b[4]!='\0');
11649
11650 ;
11651 return 0;
11652}
11653_ACEOF
11654if ac_fn_c_try_run "$LINENO"; then :
11655 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11656$as_echo "yes" >&6; }
11657else
11658
11659 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11660$as_echo "no" >&6; }
11661
11662$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
11663
11664 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
11665$as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
11666
11667fi
11668rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11669 conftest.$ac_objext conftest.beam conftest.$ac_ext
11670fi
11671
11672fi
11673
11674# We depend on vsnprintf returning the right thing on overflow: the
11675# number of characters it tried to create (as per SUSv3)
11676if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
11677 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5
11678$as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; }
11679 if test "$cross_compiling" = yes; then :
11680 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5
11681$as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;}
11682
11683else
11684 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11685/* end confdefs.h. */
11686
11687#include <sys/types.h>
11688#include <stdio.h>
11689#include <stdarg.h>
11690
11691int x_snprintf(char *str, size_t count, const char *fmt, ...)
11692{
11693 size_t ret;
11694 va_list ap;
11695
11696 va_start(ap, fmt);
11697 ret = vsnprintf(str, count, fmt, ap);
11698 va_end(ap);
11699 return ret;
11700}
11701
11702int
11703main ()
11704{
11705
11706char x[1];
11707if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
11708 return 1;
11709if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
11710 return 1;
11711return 0;
11712
11713 ;
11714 return 0;
11715}
11716_ACEOF
11717if ac_fn_c_try_run "$LINENO"; then :
11718 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11719$as_echo "yes" >&6; }
11720else
11721
11722 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11723$as_echo "no" >&6; }
11724
11725$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
11726
11727 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5
11728$as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;}
11729
11730fi
11731rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11732 conftest.$ac_objext conftest.beam conftest.$ac_ext
11733fi
11734
11735fi
11736
11737# On systems where [v]snprintf is broken, but is declared in stdio,
11738# check that the fmt argument is const char * or just char *.
11739# This is only useful for when BROKEN_SNPRINTF
11740{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5
11741$as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; }
11742cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11743/* end confdefs.h. */
11744
11745#include <stdio.h>
11746int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
11747
11748int
11749main ()
11750{
11751
11752 snprintf(0, 0, 0);
11753
11754 ;
11755 return 0;
11756}
11757_ACEOF
11758if ac_fn_c_try_compile "$LINENO"; then :
11759 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11760$as_echo "yes" >&6; }
11761
11762$as_echo "#define SNPRINTF_CONST const" >>confdefs.h
11763
11764else
11765 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11766$as_echo "no" >&6; }
11767 $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h
11768
11769fi
11770rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
11771
11772# Check for missing getpeereid (or equiv) support
11773NO_PEERCHECK=""
11774if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
11775 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5
11776$as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; }
11777 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11778/* end confdefs.h. */
11779
11780#include <sys/types.h>
11781#include <sys/socket.h>
11782int
11783main ()
11784{
11785int i = SO_PEERCRED;
11786 ;
11787 return 0;
11788}
11789_ACEOF
11790if ac_fn_c_try_compile "$LINENO"; then :
11791 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11792$as_echo "yes" >&6; }
11793
11794$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h
11795
11796
11797else
11798 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11799$as_echo "no" >&6; }
11800 NO_PEERCHECK=1
11801
11802fi
11803rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
11804fi
11805
11806if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
11807{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5
11808$as_echo_n "checking for (overly) strict mkstemp... " >&6; }
11809if test "$cross_compiling" = yes; then :
11810
11811 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11812$as_echo "yes" >&6; }
11813 $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
11814
11815
11816
11817else
11818 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11819/* end confdefs.h. */
11820
11821#include <stdlib.h>
11822
11823int
11824main ()
11825{
11826
11827 char template[]="conftest.mkstemp-test";
11828 if (mkstemp(template) == -1)
11829 exit(1);
11830 unlink(template);
11831 exit(0);
11832
11833 ;
11834 return 0;
11835}
11836_ACEOF
11837if ac_fn_c_try_run "$LINENO"; then :
11838
11839 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11840$as_echo "no" >&6; }
11841
11842else
11843
11844 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11845$as_echo "yes" >&6; }
11846
11847$as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
11848
11849
11850fi
11851rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11852 conftest.$ac_objext conftest.beam conftest.$ac_ext
11853fi
11854
11855fi
11856
11857if test ! -z "$check_for_openpty_ctty_bug"; then
11858 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5
11859$as_echo_n "checking if openpty correctly handles controlling tty... " >&6; }
11860 if test "$cross_compiling" = yes; then :
11861
11862 { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
11863$as_echo "cross-compiling, assuming yes" >&6; }
11864
11865
11866else
11867 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11868/* end confdefs.h. */
11869
11870#include <stdio.h>
11871#include <sys/fcntl.h>
11872#include <sys/types.h>
11873#include <sys/wait.h>
11874
11875int
11876main ()
11877{
11878
11879 pid_t pid;
11880 int fd, ptyfd, ttyfd, status;
11881
11882 pid = fork();
11883 if (pid < 0) { /* failed */
11884 exit(1);
11885 } else if (pid > 0) { /* parent */
11886 waitpid(pid, &status, 0);
11887 if (WIFEXITED(status))
11888 exit(WEXITSTATUS(status));
11889 else
11890 exit(2);
11891 } else { /* child */
11892 close(0); close(1); close(2);
11893 setsid();
11894 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
11895 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
11896 if (fd >= 0)
11897 exit(3); /* Acquired ctty: broken */
11898 else
11899 exit(0); /* Did not acquire ctty: OK */
11900 }
11901
11902 ;
11903 return 0;
11904}
11905_ACEOF
11906if ac_fn_c_try_run "$LINENO"; then :
11907
11908 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
11909$as_echo "yes" >&6; }
11910
11911else
11912
11913 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
11914$as_echo "no" >&6; }
11915 $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
11916
11917
11918fi
11919rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
11920 conftest.$ac_objext conftest.beam conftest.$ac_ext
11921fi
11922
11923fi
11924
11925if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
11926 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
11927 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
11928$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
11929 if test "$cross_compiling" = yes; then :
11930
11931 { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
11932$as_echo "cross-compiling, assuming yes" >&6; }
11933
11934
11935else
11936 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
11937/* end confdefs.h. */
11938
11939#include <stdio.h>
11940#include <sys/socket.h>
11941#include <netdb.h>
11942#include <errno.h>
11943#include <netinet/in.h>
11944
11945#define TEST_PORT "2222"
11946
11947int
11948main ()
11949{
11950
11951 int err, sock;
11952 struct addrinfo *gai_ai, *ai, hints;
11953 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
11954
11955 memset(&hints, 0, sizeof(hints));
11956 hints.ai_family = PF_UNSPEC;
11957 hints.ai_socktype = SOCK_STREAM;
11958 hints.ai_flags = AI_PASSIVE;
11959
11960 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
11961 if (err != 0) {
11962 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
11963 exit(1);
11964 }
11965
11966 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
11967 if (ai->ai_family != AF_INET6)
11968 continue;
11969
11970 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
11971 sizeof(ntop), strport, sizeof(strport),
11972 NI_NUMERICHOST|NI_NUMERICSERV);
11973
11974 if (err != 0) {
11975 if (err == EAI_SYSTEM)
11976 perror("getnameinfo EAI_SYSTEM");
11977 else
11978 fprintf(stderr, "getnameinfo failed: %s\n",
11979 gai_strerror(err));
11980 exit(2);
11981 }
11982
11983 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
11984 if (sock < 0)
11985 perror("socket");
11986 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
11987 if (errno == EBADF)
11988 exit(3);
11989 }
11990 }
11991 exit(0);
11992
11993 ;
11994 return 0;
11995}
11996_ACEOF
11997if ac_fn_c_try_run "$LINENO"; then :
11998
11999 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12000$as_echo "yes" >&6; }
12001
12002else
12003
12004 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12005$as_echo "no" >&6; }
12006 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
12007
12008
12009fi
12010rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12011 conftest.$ac_objext conftest.beam conftest.$ac_ext
12012fi
12013
12014fi
12015
12016if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
12017 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
12018 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
12019$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
12020 if test "$cross_compiling" = yes; then :
12021
12022 { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5
12023$as_echo "cross-compiling, assuming no" >&6; }
12024
12025
12026else
12027 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12028/* end confdefs.h. */
12029
12030#include <stdio.h>
12031#include <sys/socket.h>
12032#include <netdb.h>
12033#include <errno.h>
12034#include <netinet/in.h>
12035
12036#define TEST_PORT "2222"
12037
12038int
12039main ()
12040{
12041
12042 int err, sock;
12043 struct addrinfo *gai_ai, *ai, hints;
12044 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
12045
12046 memset(&hints, 0, sizeof(hints));
12047 hints.ai_family = PF_UNSPEC;
12048 hints.ai_socktype = SOCK_STREAM;
12049 hints.ai_flags = AI_PASSIVE;
12050
12051 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
12052 if (err != 0) {
12053 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
12054 exit(1);
12055 }
12056
12057 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
12058 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
12059 continue;
12060
12061 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
12062 sizeof(ntop), strport, sizeof(strport),
12063 NI_NUMERICHOST|NI_NUMERICSERV);
12064
12065 if (ai->ai_family == AF_INET && err != 0) {
12066 perror("getnameinfo");
12067 exit(2);
12068 }
12069 }
12070 exit(0);
12071
12072 ;
12073 return 0;
12074}
12075_ACEOF
12076if ac_fn_c_try_run "$LINENO"; then :
12077
12078 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12079$as_echo "yes" >&6; }
12080
12081$as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h
12082
12083
12084else
12085
12086 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12087$as_echo "no" >&6; }
12088 $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
12089
12090
12091fi
12092rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12093 conftest.$ac_objext conftest.beam conftest.$ac_ext
12094fi
12095
12096fi
12097
12098if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
12099 ac_fn_c_check_decl "$LINENO" "AI_NUMERICSERV" "ac_cv_have_decl_AI_NUMERICSERV" "#include <sys/types.h>
12100 #include <sys/socket.h>
12101 #include <netdb.h>
12102"
12103if test "x$ac_cv_have_decl_AI_NUMERICSERV" = xyes; then :
12104 ac_have_decl=1
12105else
12106 ac_have_decl=0
12107fi
12108
12109cat >>confdefs.h <<_ACEOF
12110#define HAVE_DECL_AI_NUMERICSERV $ac_have_decl
12111_ACEOF
12112
12113fi
12114
12115if test "x$check_for_conflicting_getspnam" = "x1"; then
12116 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5
12117$as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; }
12118 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12119/* end confdefs.h. */
12120 #include <shadow.h>
12121int
12122main ()
12123{
12124 exit(0);
12125 ;
12126 return 0;
12127}
12128_ACEOF
12129if ac_fn_c_try_compile "$LINENO"; then :
12130
12131 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12132$as_echo "no" >&6; }
12133
12134else
12135
12136 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12137$as_echo "yes" >&6; }
12138
12139$as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h
12140
12141
12142
12143fi
12144rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12145fi
12146
12147if test "x$ac_cv_func_strnvis" = "xyes"; then
12148 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strnvis" >&5
12149$as_echo_n "checking for working strnvis... " >&6; }
12150 if test "$cross_compiling" = yes; then :
12151 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming broken" >&5
12152$as_echo "$as_me: WARNING: cross compiling: assuming broken" >&2;}
12153
12154$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
12155
12156
12157else
12158 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12159/* end confdefs.h. */
12160
12161#include <signal.h>
12162#include <stdlib.h>
12163#include <string.h>
12164#include <vis.h>
12165static void sighandler(int sig) { _exit(1); }
12166
12167int
12168main ()
12169{
12170
12171 char dst[16];
12172
12173 signal(SIGSEGV, sighandler);
12174 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
12175 exit(0);
12176 exit(1)
12177
12178 ;
12179 return 0;
12180}
12181_ACEOF
12182if ac_fn_c_try_run "$LINENO"; then :
12183 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12184$as_echo "yes" >&6; }
12185else
12186 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12187$as_echo "no" >&6; }
12188
12189$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
12190
12191fi
12192rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12193 conftest.$ac_objext conftest.beam conftest.$ac_ext
12194fi
12195
12196fi
12197
12198{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5
12199$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; }
12200if ${ac_cv_func_getpgrp_void+:} false; then :
12201 $as_echo_n "(cached) " >&6
12202else
12203 # Use it with a single arg.
12204cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12205/* end confdefs.h. */
12206$ac_includes_default
12207int
12208main ()
12209{
12210getpgrp (0);
12211 ;
12212 return 0;
12213}
12214_ACEOF
12215if ac_fn_c_try_compile "$LINENO"; then :
12216 ac_cv_func_getpgrp_void=no
12217else
12218 ac_cv_func_getpgrp_void=yes
12219fi
12220rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12221
12222fi
12223{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5
12224$as_echo "$ac_cv_func_getpgrp_void" >&6; }
12225if test $ac_cv_func_getpgrp_void = yes; then
12226
12227$as_echo "#define GETPGRP_VOID 1" >>confdefs.h
12228
12229fi
12230
12231
12232# Search for OpenSSL
12233saved_CPPFLAGS="$CPPFLAGS"
12234saved_LDFLAGS="$LDFLAGS"
12235
12236# Check whether --with-ssl-dir was given.
12237if test "${with_ssl_dir+set}" = set; then :
12238 withval=$with_ssl_dir;
12239 if test "x$openssl" = "xno" ; then
12240 as_fn_error $? "cannot use --with-ssl-dir when OpenSSL disabled" "$LINENO" 5
12241 fi
12242 if test "x$withval" != "xno" ; then
12243 case "$withval" in
12244 # Relative paths
12245 ./*|../*) withval="`pwd`/$withval"
12246 esac
12247 if test -d "$withval/lib"; then
12248 if test -n "${need_dash_r}"; then
12249 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
12250 else
12251 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
12252 fi
12253 elif test -d "$withval/lib64"; then
12254 if test -n "${need_dash_r}"; then
12255 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
12256 else
12257 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
12258 fi
12259 else
12260 if test -n "${need_dash_r}"; then
12261 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
12262 else
12263 LDFLAGS="-L${withval} ${LDFLAGS}"
12264 fi
12265 fi
12266 if test -d "$withval/include"; then
12267 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
12268 else
12269 CPPFLAGS="-I${withval} ${CPPFLAGS}"
12270 fi
12271 fi
12272
12273
12274fi
12275
12276
12277
12278# Check whether --with-openssl-header-check was given.
12279if test "${with_openssl_header_check+set}" = set; then :
12280 withval=$with_openssl_header_check;
12281 if test "x$withval" = "xno" ; then
12282 openssl_check_nonfatal=1
12283 fi
12284
12285
12286fi
12287
12288
12289openssl_engine=no
12290
12291# Check whether --with-ssl-engine was given.
12292if test "${with_ssl_engine+set}" = set; then :
12293 withval=$with_ssl_engine;
12294 if test "x$withval" != "xno" ; then
12295 if test "x$openssl" = "xno" ; then
12296 as_fn_error $? "cannot use --with-ssl-engine when OpenSSL disabled" "$LINENO" 5
12297 fi
12298 openssl_engine=yes
12299 fi
12300
12301
12302fi
12303
12304
12305if test "x$openssl" = "xyes" ; then
12306 LIBS="-lcrypto $LIBS"
12307 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12308/* end confdefs.h. */
12309
12310/* Override any GCC internal prototype to avoid an error.
12311 Use char because int might match the return type of a GCC
12312 builtin and then its argument prototype would still apply. */
12313#ifdef __cplusplus
12314extern "C"
12315#endif
12316char RAND_add ();
12317int
12318main ()
12319{
12320return RAND_add ();
12321 ;
12322 return 0;
12323}
12324_ACEOF
12325if ac_fn_c_try_link "$LINENO"; then :
12326
12327$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
12328
12329else
12330
12331 if test -n "${need_dash_r}"; then
12332 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
12333 else
12334 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
12335 fi
12336 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
12337 ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
12338if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then :
12339
12340else
12341 as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5
12342fi
12343
12344
12345 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12346/* end confdefs.h. */
12347
12348/* Override any GCC internal prototype to avoid an error.
12349 Use char because int might match the return type of a GCC
12350 builtin and then its argument prototype would still apply. */
12351#ifdef __cplusplus
12352extern "C"
12353#endif
12354char RAND_add ();
12355int
12356main ()
12357{
12358return RAND_add ();
12359 ;
12360 return 0;
12361}
12362_ACEOF
12363if ac_fn_c_try_link "$LINENO"; then :
12364 $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
12365
12366else
12367
12368 as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5
12369
12370
12371fi
12372rm -f core conftest.err conftest.$ac_objext \
12373 conftest$ac_exeext conftest.$ac_ext
12374
12375
12376fi
12377rm -f core conftest.err conftest.$ac_objext \
12378 conftest$ac_exeext conftest.$ac_ext
12379
12380 # Determine OpenSSL header version
12381 { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5
12382$as_echo_n "checking OpenSSL header version... " >&6; }
12383 if test "$cross_compiling" = yes; then :
12384
12385 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
12386$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
12387
12388
12389else
12390 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12391/* end confdefs.h. */
12392
12393 #include <stdlib.h>
12394 #include <stdio.h>
12395 #include <string.h>
12396 #include <openssl/opensslv.h>
12397 #define DATA "conftest.sslincver"
12398
12399int
12400main ()
12401{
12402
12403 FILE *fd;
12404 int rc;
12405
12406 fd = fopen(DATA,"w");
12407 if(fd == NULL)
12408 exit(1);
12409
12410 if ((rc = fprintf(fd, "%08lx (%s)\n",
12411 (unsigned long)OPENSSL_VERSION_NUMBER,
12412 OPENSSL_VERSION_TEXT)) < 0)
12413 exit(1);
12414
12415 exit(0);
12416
12417 ;
12418 return 0;
12419}
12420_ACEOF
12421if ac_fn_c_try_run "$LINENO"; then :
12422
12423 ssl_header_ver=`cat conftest.sslincver`
12424 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5
12425$as_echo "$ssl_header_ver" >&6; }
12426
12427else
12428
12429 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
12430$as_echo "not found" >&6; }
12431 as_fn_error $? "OpenSSL version header not found." "$LINENO" 5
12432
12433fi
12434rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12435 conftest.$ac_objext conftest.beam conftest.$ac_ext
12436fi
12437
12438
12439 # Determine OpenSSL library version
12440 { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5
12441$as_echo_n "checking OpenSSL library version... " >&6; }
12442 if test "$cross_compiling" = yes; then :
12443
12444 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
12445$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
12446
12447
12448else
12449 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12450/* end confdefs.h. */
12451
12452 #include <stdio.h>
12453 #include <string.h>
12454 #include <openssl/opensslv.h>
12455 #include <openssl/crypto.h>
12456 #define DATA "conftest.ssllibver"
12457
12458int
12459main ()
12460{
12461
12462 FILE *fd;
12463 int rc;
12464
12465 fd = fopen(DATA,"w");
12466 if(fd == NULL)
12467 exit(1);
12468
12469 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
12470 SSLeay_version(SSLEAY_VERSION))) < 0)
12471 exit(1);
12472
12473 exit(0);
12474
12475 ;
12476 return 0;
12477}
12478_ACEOF
12479if ac_fn_c_try_run "$LINENO"; then :
12480
12481 ssl_library_ver=`cat conftest.ssllibver`
12482 # Check version is supported.
12483 case "$ssl_library_ver" in
12484 10000*|0*)
12485 as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5
12486 ;;
12487 *) ;;
12488 esac
12489 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
12490$as_echo "$ssl_library_ver" >&6; }
12491
12492else
12493
12494 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
12495$as_echo "not found" >&6; }
12496 as_fn_error $? "OpenSSL library not found." "$LINENO" 5
12497
12498fi
12499rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12500 conftest.$ac_objext conftest.beam conftest.$ac_ext
12501fi
12502
12503
12504 # Sanity check OpenSSL headers
12505 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5
12506$as_echo_n "checking whether OpenSSL's headers match the library... " >&6; }
12507 if test "$cross_compiling" = yes; then :
12508
12509 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
12510$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
12511
12512
12513else
12514 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12515/* end confdefs.h. */
12516
12517 #include <string.h>
12518 #include <openssl/opensslv.h>
12519 #include <openssl/crypto.h>
12520
12521int
12522main ()
12523{
12524
12525 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
12526
12527 ;
12528 return 0;
12529}
12530_ACEOF
12531if ac_fn_c_try_run "$LINENO"; then :
12532
12533 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12534$as_echo "yes" >&6; }
12535
12536else
12537
12538 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12539$as_echo "no" >&6; }
12540 if test "x$openssl_check_nonfatal" = "x"; then
12541 as_fn_error $? "Your OpenSSL headers do not match your
12542 library. Check config.log for details.
12543 If you are sure your installation is consistent, you can disable the check
12544 by running \"./configure --without-openssl-header-check\".
12545 Also see contrib/findssl.sh for help identifying header/library mismatches.
12546 " "$LINENO" 5
12547 else
12548 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your
12549 library. Check config.log for details.
12550 Also see contrib/findssl.sh for help identifying header/library mismatches." >&5
12551$as_echo "$as_me: WARNING: Your OpenSSL headers do not match your
12552 library. Check config.log for details.
12553 Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;}
12554 fi
12555
12556fi
12557rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
12558 conftest.$ac_objext conftest.beam conftest.$ac_ext
12559fi
12560
12561
12562 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5
12563$as_echo_n "checking if programs using OpenSSL functions will link... " >&6; }
12564 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12565/* end confdefs.h. */
12566 #include <openssl/evp.h>
12567int
12568main ()
12569{
12570 SSLeay_add_all_algorithms();
12571 ;
12572 return 0;
12573}
12574_ACEOF
12575if ac_fn_c_try_link "$LINENO"; then :
12576
12577 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12578$as_echo "yes" >&6; }
12579
12580else
12581
12582 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12583$as_echo "no" >&6; }
12584 saved_LIBS="$LIBS"
12585 LIBS="$LIBS -ldl"
12586 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5
12587$as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; }
12588 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12589/* end confdefs.h. */
12590 #include <openssl/evp.h>
12591int
12592main ()
12593{
12594 SSLeay_add_all_algorithms();
12595 ;
12596 return 0;
12597}
12598_ACEOF
12599if ac_fn_c_try_link "$LINENO"; then :
12600
12601 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12602$as_echo "yes" >&6; }
12603
12604else
12605
12606 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12607$as_echo "no" >&6; }
12608 LIBS="$saved_LIBS"
12609
12610
12611fi
12612rm -f core conftest.err conftest.$ac_objext \
12613 conftest$ac_exeext conftest.$ac_ext
12614
12615
12616fi
12617rm -f core conftest.err conftest.$ac_objext \
12618 conftest$ac_exeext conftest.$ac_ext
12619
12620 for ac_func in \
12621 BN_is_prime_ex \
12622 DSA_generate_parameters_ex \
12623 EVP_DigestInit_ex \
12624 EVP_DigestFinal_ex \
12625 EVP_MD_CTX_init \
12626 EVP_MD_CTX_cleanup \
12627 EVP_MD_CTX_copy_ex \
12628 HMAC_CTX_init \
12629 RSA_generate_key_ex \
12630 RSA_get_default_method \
12631
12632do :
12633 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
12634ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
12635if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
12636 cat >>confdefs.h <<_ACEOF
12637#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
12638_ACEOF
12639
12640fi
12641done
12642
12643
12644 if test "x$openssl_engine" = "xyes" ; then
12645 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5
12646$as_echo_n "checking for OpenSSL ENGINE support... " >&6; }
12647 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12648/* end confdefs.h. */
12649
12650 #include <openssl/engine.h>
12651
12652int
12653main ()
12654{
12655
12656 ENGINE_load_builtin_engines();
12657 ENGINE_register_all_complete();
12658
12659 ;
12660 return 0;
12661}
12662_ACEOF
12663if ac_fn_c_try_compile "$LINENO"; then :
12664 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12665$as_echo "yes" >&6; }
12666
12667$as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h
12668
12669
12670else
12671 as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5
12672
12673fi
12674rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
12675 fi
12676
12677 # Check for OpenSSL without EVP_aes_{192,256}_cbc
12678 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5
12679$as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; }
12680 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12681/* end confdefs.h. */
12682
12683 #include <string.h>
12684 #include <openssl/evp.h>
12685
12686int
12687main ()
12688{
12689
12690 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
12691
12692 ;
12693 return 0;
12694}
12695_ACEOF
12696if ac_fn_c_try_link "$LINENO"; then :
12697
12698 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12699$as_echo "no" >&6; }
12700
12701else
12702
12703 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12704$as_echo "yes" >&6; }
12705
12706$as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h
12707
12708
12709
12710fi
12711rm -f core conftest.err conftest.$ac_objext \
12712 conftest$ac_exeext conftest.$ac_ext
12713
12714 # Check for OpenSSL with EVP_aes_*ctr
12715 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5
12716$as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; }
12717 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12718/* end confdefs.h. */
12719
12720 #include <string.h>
12721 #include <openssl/evp.h>
12722
12723int
12724main ()
12725{
12726
12727 exit(EVP_aes_128_ctr() == NULL ||
12728 EVP_aes_192_cbc() == NULL ||
12729 EVP_aes_256_cbc() == NULL);
12730
12731 ;
12732 return 0;
12733}
12734_ACEOF
12735if ac_fn_c_try_link "$LINENO"; then :
12736
12737 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12738$as_echo "yes" >&6; }
12739
12740$as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h
12741
12742
12743else
12744
12745 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12746$as_echo "no" >&6; }
12747
12748
12749fi
12750rm -f core conftest.err conftest.$ac_objext \
12751 conftest$ac_exeext conftest.$ac_ext
12752
12753 # Check for OpenSSL with EVP_aes_*gcm
12754 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5
12755$as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; }
12756 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12757/* end confdefs.h. */
12758
12759 #include <string.h>
12760 #include <openssl/evp.h>
12761
12762int
12763main ()
12764{
12765
12766 exit(EVP_aes_128_gcm() == NULL ||
12767 EVP_aes_256_gcm() == NULL ||
12768 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
12769 EVP_CTRL_GCM_IV_GEN == 0 ||
12770 EVP_CTRL_GCM_SET_TAG == 0 ||
12771 EVP_CTRL_GCM_GET_TAG == 0 ||
12772 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
12773
12774 ;
12775 return 0;
12776}
12777_ACEOF
12778if ac_fn_c_try_link "$LINENO"; then :
12779
12780 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12781$as_echo "yes" >&6; }
12782
12783$as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h
12784
12785
12786else
12787
12788 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12789$as_echo "no" >&6; }
12790 unsupported_algorithms="$unsupported_cipers \
12791 aes128-gcm@openssh.com \
12792 aes256-gcm@openssh.com"
12793
12794
12795fi
12796rm -f core conftest.err conftest.$ac_objext \
12797 conftest$ac_exeext conftest.$ac_ext
12798
12799 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5
12800$as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; }
12801if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
12802 $as_echo_n "(cached) " >&6
12803else
12804 ac_func_search_save_LIBS=$LIBS
12805cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12806/* end confdefs.h. */
12807
12808/* Override any GCC internal prototype to avoid an error.
12809 Use char because int might match the return type of a GCC
12810 builtin and then its argument prototype would still apply. */
12811#ifdef __cplusplus
12812extern "C"
12813#endif
12814char EVP_CIPHER_CTX_ctrl ();
12815int
12816main ()
12817{
12818return EVP_CIPHER_CTX_ctrl ();
12819 ;
12820 return 0;
12821}
12822_ACEOF
12823for ac_lib in '' crypto; do
12824 if test -z "$ac_lib"; then
12825 ac_res="none required"
12826 else
12827 ac_res=-l$ac_lib
12828 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
12829 fi
12830 if ac_fn_c_try_link "$LINENO"; then :
12831 ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res
12832fi
12833rm -f core conftest.err conftest.$ac_objext \
12834 conftest$ac_exeext
12835 if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
12836 break
12837fi
12838done
12839if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
12840
12841else
12842 ac_cv_search_EVP_CIPHER_CTX_ctrl=no
12843fi
12844rm conftest.$ac_ext
12845LIBS=$ac_func_search_save_LIBS
12846fi
12847{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5
12848$as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; }
12849ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl
12850if test "$ac_res" != no; then :
12851 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
12852
12853$as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h
12854
12855fi
12856
12857
12858 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5
12859$as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; }
12860 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12861/* end confdefs.h. */
12862
12863 #include <string.h>
12864 #include <openssl/evp.h>
12865
12866int
12867main ()
12868{
12869
12870 if(EVP_DigestUpdate(NULL, NULL,0))
12871 exit(0);
12872
12873 ;
12874 return 0;
12875}
12876_ACEOF
12877if ac_fn_c_try_link "$LINENO"; then :
12878
12879 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
12880$as_echo "yes" >&6; }
12881
12882else
12883
12884 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
12885$as_echo "no" >&6; }
12886
12887$as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h
12888
12889
12890
12891fi
12892rm -f core conftest.err conftest.$ac_objext \
12893 conftest$ac_exeext conftest.$ac_ext
12894
12895 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
12896 # because the system crypt() is more featureful.
12897 if test "x$check_for_libcrypt_before" = "x1"; then
12898 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
12899$as_echo_n "checking for crypt in -lcrypt... " >&6; }
12900if ${ac_cv_lib_crypt_crypt+:} false; then :
12901 $as_echo_n "(cached) " >&6
12902else
12903 ac_check_lib_save_LIBS=$LIBS
12904LIBS="-lcrypt $LIBS"
12905cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12906/* end confdefs.h. */
12907
12908/* Override any GCC internal prototype to avoid an error.
12909 Use char because int might match the return type of a GCC
12910 builtin and then its argument prototype would still apply. */
12911#ifdef __cplusplus
12912extern "C"
12913#endif
12914char crypt ();
12915int
12916main ()
12917{
12918return crypt ();
12919 ;
12920 return 0;
12921}
12922_ACEOF
12923if ac_fn_c_try_link "$LINENO"; then :
12924 ac_cv_lib_crypt_crypt=yes
12925else
12926 ac_cv_lib_crypt_crypt=no
12927fi
12928rm -f core conftest.err conftest.$ac_objext \
12929 conftest$ac_exeext conftest.$ac_ext
12930LIBS=$ac_check_lib_save_LIBS
12931fi
12932{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
12933$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
12934if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
12935 cat >>confdefs.h <<_ACEOF
12936#define HAVE_LIBCRYPT 1
12937_ACEOF
12938
12939 LIBS="-lcrypt $LIBS"
12940
12941fi
12942
12943 fi
12944
12945 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
12946 # version in OpenSSL.
12947 if test "x$check_for_libcrypt_later" = "x1"; then
12948 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
12949$as_echo_n "checking for crypt in -lcrypt... " >&6; }
12950if ${ac_cv_lib_crypt_crypt+:} false; then :
12951 $as_echo_n "(cached) " >&6
12952else
12953 ac_check_lib_save_LIBS=$LIBS
12954LIBS="-lcrypt $LIBS"
12955cat confdefs.h - <<_ACEOF >conftest.$ac_ext
12956/* end confdefs.h. */
12957
12958/* Override any GCC internal prototype to avoid an error.
12959 Use char because int might match the return type of a GCC
12960 builtin and then its argument prototype would still apply. */
12961#ifdef __cplusplus
12962extern "C"
12963#endif
12964char crypt ();
12965int
12966main ()
12967{
12968return crypt ();
12969 ;
12970 return 0;
12971}
12972_ACEOF
12973if ac_fn_c_try_link "$LINENO"; then :
12974 ac_cv_lib_crypt_crypt=yes
12975else
12976 ac_cv_lib_crypt_crypt=no
12977fi
12978rm -f core conftest.err conftest.$ac_objext \
12979 conftest$ac_exeext conftest.$ac_ext
12980LIBS=$ac_check_lib_save_LIBS
12981fi
12982{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
12983$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
12984if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
12985 LIBS="$LIBS -lcrypt"
12986fi
12987
12988 fi
12989 for ac_func in crypt DES_crypt
12990do :
12991 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
12992ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
12993if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
12994 cat >>confdefs.h <<_ACEOF
12995#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
12996_ACEOF
12997
12998fi
12999done
13000
13001
13002 # Search for SHA256 support in libc and/or OpenSSL
13003 for ac_func in SHA256_Update EVP_sha256
13004do :
13005 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
13006ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
13007if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
13008 cat >>confdefs.h <<_ACEOF
13009#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
13010_ACEOF
13011
13012else
13013 unsupported_algorithms="$unsupported_algorithms \
13014 hmac-sha2-256 \
13015 hmac-sha2-512 \
13016 diffie-hellman-group-exchange-sha256 \
13017 hmac-sha2-256-etm@openssh.com \
13018 hmac-sha2-512-etm@openssh.com"
13019
13020
13021fi
13022done
13023
13024 # Search for RIPE-MD support in OpenSSL
13025 for ac_func in EVP_ripemd160
13026do :
13027 ac_fn_c_check_func "$LINENO" "EVP_ripemd160" "ac_cv_func_EVP_ripemd160"
13028if test "x$ac_cv_func_EVP_ripemd160" = xyes; then :
13029 cat >>confdefs.h <<_ACEOF
13030#define HAVE_EVP_RIPEMD160 1
13031_ACEOF
13032
13033else
13034 unsupported_algorithms="$unsupported_algorithms \
13035 hmac-ripemd160 \
13036 hmac-ripemd160@openssh.com \
13037 hmac-ripemd160-etm@openssh.com"
13038
13039
13040fi
13041done
13042
13043
13044 # Check complete ECC support in OpenSSL
13045 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5
13046$as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; }
13047 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13048/* end confdefs.h. */
13049
13050 #include <openssl/ec.h>
13051 #include <openssl/ecdh.h>
13052 #include <openssl/ecdsa.h>
13053 #include <openssl/evp.h>
13054 #include <openssl/objects.h>
13055 #include <openssl/opensslv.h>
13056 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
13057 # error "OpenSSL < 0.9.8g has unreliable ECC code"
13058 #endif
13059
13060int
13061main ()
13062{
13063
13064 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
13065 const EVP_MD *m = EVP_sha256(); /* We need this too */
13066
13067 ;
13068 return 0;
13069}
13070_ACEOF
13071if ac_fn_c_try_link "$LINENO"; then :
13072 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13073$as_echo "yes" >&6; }
13074 enable_nistp256=1
13075else
13076 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13077$as_echo "no" >&6; }
13078
13079fi
13080rm -f core conftest.err conftest.$ac_objext \
13081 conftest$ac_exeext conftest.$ac_ext
13082
13083 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5
13084$as_echo_n "checking whether OpenSSL has NID_secp384r1... " >&6; }
13085 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13086/* end confdefs.h. */
13087
13088 #include <openssl/ec.h>
13089 #include <openssl/ecdh.h>
13090 #include <openssl/ecdsa.h>
13091 #include <openssl/evp.h>
13092 #include <openssl/objects.h>
13093 #include <openssl/opensslv.h>
13094 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
13095 # error "OpenSSL < 0.9.8g has unreliable ECC code"
13096 #endif
13097
13098int
13099main ()
13100{
13101
13102 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
13103 const EVP_MD *m = EVP_sha384(); /* We need this too */
13104
13105 ;
13106 return 0;
13107}
13108_ACEOF
13109if ac_fn_c_try_link "$LINENO"; then :
13110 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13111$as_echo "yes" >&6; }
13112 enable_nistp384=1
13113else
13114 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13115$as_echo "no" >&6; }
13116
13117fi
13118rm -f core conftest.err conftest.$ac_objext \
13119 conftest$ac_exeext conftest.$ac_ext
13120
13121 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5
13122$as_echo_n "checking whether OpenSSL has NID_secp521r1... " >&6; }
13123 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13124/* end confdefs.h. */
13125
13126 #include <openssl/ec.h>
13127 #include <openssl/ecdh.h>
13128 #include <openssl/ecdsa.h>
13129 #include <openssl/evp.h>
13130 #include <openssl/objects.h>
13131 #include <openssl/opensslv.h>
13132 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
13133 # error "OpenSSL < 0.9.8g has unreliable ECC code"
13134 #endif
13135
13136int
13137main ()
13138{
13139
13140 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
13141 const EVP_MD *m = EVP_sha512(); /* We need this too */
13142
13143 ;
13144 return 0;
13145}
13146_ACEOF
13147if ac_fn_c_try_link "$LINENO"; then :
13148 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13149$as_echo "yes" >&6; }
13150 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5
13151$as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; }
13152 if test "$cross_compiling" = yes; then :
13153 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5
13154$as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;}
13155 enable_nistp521=1
13156
13157else
13158 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13159/* end confdefs.h. */
13160
13161 #include <openssl/ec.h>
13162 #include <openssl/ecdh.h>
13163 #include <openssl/ecdsa.h>
13164 #include <openssl/evp.h>
13165 #include <openssl/objects.h>
13166 #include <openssl/opensslv.h>
13167
13168int
13169main ()
13170{
13171
13172 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
13173 const EVP_MD *m = EVP_sha512(); /* We need this too */
13174 exit(e == NULL || m == NULL);
13175
13176 ;
13177 return 0;
13178}
13179_ACEOF
13180if ac_fn_c_try_run "$LINENO"; then :
13181 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13182$as_echo "yes" >&6; }
13183 enable_nistp521=1
13184else
13185 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13186$as_echo "no" >&6; }
13187fi
13188rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13189 conftest.$ac_objext conftest.beam conftest.$ac_ext
13190fi
13191
13192else
13193 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13194$as_echo "no" >&6; }
13195
13196fi
13197rm -f core conftest.err conftest.$ac_objext \
13198 conftest$ac_exeext conftest.$ac_ext
13199
13200 COMMENT_OUT_ECC="#no ecc#"
13201 TEST_SSH_ECC=no
13202
13203 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
13204 test x$enable_nistp521 = x1; then
13205
13206$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
13207
13208 fi
13209 if test x$enable_nistp256 = x1; then
13210
13211$as_echo "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h
13212
13213 TEST_SSH_ECC=yes
13214 COMMENT_OUT_ECC=""
13215 else
13216 unsupported_algorithms="$unsupported_algorithms \
13217 ecdsa-sha2-nistp256 \
13218 ecdh-sha2-nistp256 \
13219 ecdsa-sha2-nistp256-cert-v01@openssh.com"
13220 fi
13221 if test x$enable_nistp384 = x1; then
13222
13223$as_echo "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h
13224
13225 TEST_SSH_ECC=yes
13226 COMMENT_OUT_ECC=""
13227 else
13228 unsupported_algorithms="$unsupported_algorithms \
13229 ecdsa-sha2-nistp384 \
13230 ecdh-sha2-nistp384 \
13231 ecdsa-sha2-nistp384-cert-v01@openssh.com"
13232 fi
13233 if test x$enable_nistp521 = x1; then
13234
13235$as_echo "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h
13236
13237 TEST_SSH_ECC=yes
13238 COMMENT_OUT_ECC=""
13239 else
13240 unsupported_algorithms="$unsupported_algorithms \
13241 ecdh-sha2-nistp521 \
13242 ecdsa-sha2-nistp521 \
13243 ecdsa-sha2-nistp521-cert-v01@openssh.com"
13244 fi
13245
13246
13247
13248else
13249 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
13250$as_echo_n "checking for crypt in -lcrypt... " >&6; }
13251if ${ac_cv_lib_crypt_crypt+:} false; then :
13252 $as_echo_n "(cached) " >&6
13253else
13254 ac_check_lib_save_LIBS=$LIBS
13255LIBS="-lcrypt $LIBS"
13256cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13257/* end confdefs.h. */
13258
13259/* Override any GCC internal prototype to avoid an error.
13260 Use char because int might match the return type of a GCC
13261 builtin and then its argument prototype would still apply. */
13262#ifdef __cplusplus
13263extern "C"
13264#endif
13265char crypt ();
13266int
13267main ()
13268{
13269return crypt ();
13270 ;
13271 return 0;
13272}
13273_ACEOF
13274if ac_fn_c_try_link "$LINENO"; then :
13275 ac_cv_lib_crypt_crypt=yes
13276else
13277 ac_cv_lib_crypt_crypt=no
13278fi
13279rm -f core conftest.err conftest.$ac_objext \
13280 conftest$ac_exeext conftest.$ac_ext
13281LIBS=$ac_check_lib_save_LIBS
13282fi
13283{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
13284$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
13285if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
13286 LIBS="$LIBS -lcrypt"
13287fi
13288
13289 for ac_func in crypt
13290do :
13291 ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt"
13292if test "x$ac_cv_func_crypt" = xyes; then :
13293 cat >>confdefs.h <<_ACEOF
13294#define HAVE_CRYPT 1
13295_ACEOF
13296
13297fi
13298done
13299
13300fi
13301
13302for ac_func in \
13303 arc4random \
13304 arc4random_buf \
13305 arc4random_stir \
13306 arc4random_uniform \
13307
13308do :
13309 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
13310ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
13311if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
13312 cat >>confdefs.h <<_ACEOF
13313#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
13314_ACEOF
13315
13316fi
13317done
13318
13319
13320saved_LIBS="$LIBS"
13321{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5
13322$as_echo_n "checking for ia_openinfo in -liaf... " >&6; }
13323if ${ac_cv_lib_iaf_ia_openinfo+:} false; then :
13324 $as_echo_n "(cached) " >&6
13325else
13326 ac_check_lib_save_LIBS=$LIBS
13327LIBS="-liaf $LIBS"
13328cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13329/* end confdefs.h. */
13330
13331/* Override any GCC internal prototype to avoid an error.
13332 Use char because int might match the return type of a GCC
13333 builtin and then its argument prototype would still apply. */
13334#ifdef __cplusplus
13335extern "C"
13336#endif
13337char ia_openinfo ();
13338int
13339main ()
13340{
13341return ia_openinfo ();
13342 ;
13343 return 0;
13344}
13345_ACEOF
13346if ac_fn_c_try_link "$LINENO"; then :
13347 ac_cv_lib_iaf_ia_openinfo=yes
13348else
13349 ac_cv_lib_iaf_ia_openinfo=no
13350fi
13351rm -f core conftest.err conftest.$ac_objext \
13352 conftest$ac_exeext conftest.$ac_ext
13353LIBS=$ac_check_lib_save_LIBS
13354fi
13355{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5
13356$as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; }
13357if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then :
13358
13359 LIBS="$LIBS -liaf"
13360 for ac_func in set_id
13361do :
13362 ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id"
13363if test "x$ac_cv_func_set_id" = xyes; then :
13364 cat >>confdefs.h <<_ACEOF
13365#define HAVE_SET_ID 1
13366_ACEOF
13367 SSHDLIBS="$SSHDLIBS -liaf"
13368
13369$as_echo "#define HAVE_LIBIAF 1" >>confdefs.h
13370
13371
13372fi
13373done
13374
13375
13376fi
13377
13378LIBS="$saved_LIBS"
13379
13380### Configure cryptographic random number support
13381
13382# Check wheter OpenSSL seeds itself
13383if test "x$openssl" = "xyes" ; then
13384 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5
13385$as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; }
13386 if test "$cross_compiling" = yes; then :
13387
13388 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13389$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13390 # This is safe, since we will fatal() at runtime if
13391 # OpenSSL is not seeded correctly.
13392 OPENSSL_SEEDS_ITSELF=yes
13393
13394
13395else
13396 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13397/* end confdefs.h. */
13398
13399 #include <string.h>
13400 #include <openssl/rand.h>
13401
13402int
13403main ()
13404{
13405
13406 exit(RAND_status() == 1 ? 0 : 1);
13407
13408 ;
13409 return 0;
13410}
13411_ACEOF
13412if ac_fn_c_try_run "$LINENO"; then :
13413
13414 OPENSSL_SEEDS_ITSELF=yes
13415 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13416$as_echo "yes" >&6; }
13417
13418else
13419
13420 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13421$as_echo "no" >&6; }
13422
13423fi
13424rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13425 conftest.$ac_objext conftest.beam conftest.$ac_ext
13426fi
13427
13428fi
13429
13430# PRNGD TCP socket
13431
13432# Check whether --with-prngd-port was given.
13433if test "${with_prngd_port+set}" = set; then :
13434 withval=$with_prngd_port;
13435 case "$withval" in
13436 no)
13437 withval=""
13438 ;;
13439 [0-9]*)
13440 ;;
13441 *)
13442 as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5
13443 ;;
13444 esac
13445 if test ! -z "$withval" ; then
13446 PRNGD_PORT="$withval"
13447
13448cat >>confdefs.h <<_ACEOF
13449#define PRNGD_PORT $PRNGD_PORT
13450_ACEOF
13451
13452 fi
13453
13454
13455fi
13456
13457
13458# PRNGD Unix domain socket
13459
13460# Check whether --with-prngd-socket was given.
13461if test "${with_prngd_socket+set}" = set; then :
13462 withval=$with_prngd_socket;
13463 case "$withval" in
13464 yes)
13465 withval="/var/run/egd-pool"
13466 ;;
13467 no)
13468 withval=""
13469 ;;
13470 /*)
13471 ;;
13472 *)
13473 as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5
13474 ;;
13475 esac
13476
13477 if test ! -z "$withval" ; then
13478 if test ! -z "$PRNGD_PORT" ; then
13479 as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5
13480 fi
13481 if test ! -r "$withval" ; then
13482 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5
13483$as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
13484 fi
13485 PRNGD_SOCKET="$withval"
13486
13487cat >>confdefs.h <<_ACEOF
13488#define PRNGD_SOCKET "$PRNGD_SOCKET"
13489_ACEOF
13490
13491 fi
13492
13493else
13494
13495 # Check for existing socket only if we don't have a random device already
13496 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
13497 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5
13498$as_echo_n "checking for PRNGD/EGD socket... " >&6; }
13499 # Insert other locations here
13500 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
13501 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
13502 PRNGD_SOCKET="$sock"
13503 cat >>confdefs.h <<_ACEOF
13504#define PRNGD_SOCKET "$PRNGD_SOCKET"
13505_ACEOF
13506
13507 break;
13508 fi
13509 done
13510 if test ! -z "$PRNGD_SOCKET" ; then
13511 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5
13512$as_echo "$PRNGD_SOCKET" >&6; }
13513 else
13514 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
13515$as_echo "not found" >&6; }
13516 fi
13517 fi
13518
13519
13520fi
13521
13522
13523# Which randomness source do we use?
13524if test ! -z "$PRNGD_PORT" ; then
13525 RAND_MSG="PRNGd port $PRNGD_PORT"
13526elif test ! -z "$PRNGD_SOCKET" ; then
13527 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
13528elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
13529
13530$as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h
13531
13532 RAND_MSG="OpenSSL internal ONLY"
13533elif test "x$openssl" = "xno" ; then
13534 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5
13535$as_echo "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;}
13536else
13537 as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5
13538fi
13539
13540# Check for PAM libs
13541PAM_MSG="no"
13542
13543# Check whether --with-pam was given.
13544if test "${with_pam+set}" = set; then :
13545 withval=$with_pam;
13546 if test "x$withval" != "xno" ; then
13547 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
13548 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
13549 as_fn_error $? "PAM headers not found" "$LINENO" 5
13550 fi
13551
13552 saved_LIBS="$LIBS"
13553 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
13554$as_echo_n "checking for dlopen in -ldl... " >&6; }
13555if ${ac_cv_lib_dl_dlopen+:} false; then :
13556 $as_echo_n "(cached) " >&6
13557else
13558 ac_check_lib_save_LIBS=$LIBS
13559LIBS="-ldl $LIBS"
13560cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13561/* end confdefs.h. */
13562
13563/* Override any GCC internal prototype to avoid an error.
13564 Use char because int might match the return type of a GCC
13565 builtin and then its argument prototype would still apply. */
13566#ifdef __cplusplus
13567extern "C"
13568#endif
13569char dlopen ();
13570int
13571main ()
13572{
13573return dlopen ();
13574 ;
13575 return 0;
13576}
13577_ACEOF
13578if ac_fn_c_try_link "$LINENO"; then :
13579 ac_cv_lib_dl_dlopen=yes
13580else
13581 ac_cv_lib_dl_dlopen=no
13582fi
13583rm -f core conftest.err conftest.$ac_objext \
13584 conftest$ac_exeext conftest.$ac_ext
13585LIBS=$ac_check_lib_save_LIBS
13586fi
13587{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
13588$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
13589if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
13590 cat >>confdefs.h <<_ACEOF
13591#define HAVE_LIBDL 1
13592_ACEOF
13593
13594 LIBS="-ldl $LIBS"
13595
13596fi
13597
13598 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5
13599$as_echo_n "checking for pam_set_item in -lpam... " >&6; }
13600if ${ac_cv_lib_pam_pam_set_item+:} false; then :
13601 $as_echo_n "(cached) " >&6
13602else
13603 ac_check_lib_save_LIBS=$LIBS
13604LIBS="-lpam $LIBS"
13605cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13606/* end confdefs.h. */
13607
13608/* Override any GCC internal prototype to avoid an error.
13609 Use char because int might match the return type of a GCC
13610 builtin and then its argument prototype would still apply. */
13611#ifdef __cplusplus
13612extern "C"
13613#endif
13614char pam_set_item ();
13615int
13616main ()
13617{
13618return pam_set_item ();
13619 ;
13620 return 0;
13621}
13622_ACEOF
13623if ac_fn_c_try_link "$LINENO"; then :
13624 ac_cv_lib_pam_pam_set_item=yes
13625else
13626 ac_cv_lib_pam_pam_set_item=no
13627fi
13628rm -f core conftest.err conftest.$ac_objext \
13629 conftest$ac_exeext conftest.$ac_ext
13630LIBS=$ac_check_lib_save_LIBS
13631fi
13632{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5
13633$as_echo "$ac_cv_lib_pam_pam_set_item" >&6; }
13634if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then :
13635 cat >>confdefs.h <<_ACEOF
13636#define HAVE_LIBPAM 1
13637_ACEOF
13638
13639 LIBS="-lpam $LIBS"
13640
13641else
13642 as_fn_error $? "*** libpam missing" "$LINENO" 5
13643fi
13644
13645 for ac_func in pam_getenvlist
13646do :
13647 ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist"
13648if test "x$ac_cv_func_pam_getenvlist" = xyes; then :
13649 cat >>confdefs.h <<_ACEOF
13650#define HAVE_PAM_GETENVLIST 1
13651_ACEOF
13652
13653fi
13654done
13655
13656 for ac_func in pam_putenv
13657do :
13658 ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv"
13659if test "x$ac_cv_func_pam_putenv" = xyes; then :
13660 cat >>confdefs.h <<_ACEOF
13661#define HAVE_PAM_PUTENV 1
13662_ACEOF
13663
13664fi
13665done
13666
13667 LIBS="$saved_LIBS"
13668
13669 PAM_MSG="yes"
13670
13671 SSHDLIBS="$SSHDLIBS -lpam"
13672
13673$as_echo "#define USE_PAM 1" >>confdefs.h
13674
13675
13676 if test $ac_cv_lib_dl_dlopen = yes; then
13677 case "$LIBS" in
13678 *-ldl*)
13679 # libdl already in LIBS
13680 ;;
13681 *)
13682 SSHDLIBS="$SSHDLIBS -ldl"
13683 ;;
13684 esac
13685 fi
13686 fi
13687
13688
13689fi
13690
13691
13692
13693# Check whether --with-pam-service was given.
13694if test "${with_pam_service+set}" = set; then :
13695 withval=$with_pam_service;
13696 if test "x$withval" != "xno" && \
13697 test "x$withval" != "xyes" ; then
13698
13699cat >>confdefs.h <<_ACEOF
13700#define SSHD_PAM_SERVICE "$withval"
13701_ACEOF
13702
13703 fi
13704
13705
13706fi
13707
13708
13709# Check for older PAM
13710if test "x$PAM_MSG" = "xyes" ; then
13711 # Check PAM strerror arguments (old PAM)
13712 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5
13713$as_echo_n "checking whether pam_strerror takes only one argument... " >&6; }
13714 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13715/* end confdefs.h. */
13716
13717#include <stdlib.h>
13718#if defined(HAVE_SECURITY_PAM_APPL_H)
13719#include <security/pam_appl.h>
13720#elif defined (HAVE_PAM_PAM_APPL_H)
13721#include <pam/pam_appl.h>
13722#endif
13723
13724int
13725main ()
13726{
13727
13728(void)pam_strerror((pam_handle_t *)NULL, -1);
13729
13730 ;
13731 return 0;
13732}
13733_ACEOF
13734if ac_fn_c_try_compile "$LINENO"; then :
13735 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13736$as_echo "no" >&6; }
13737else
13738
13739
13740$as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h
13741
13742 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13743$as_echo "yes" >&6; }
13744 PAM_MSG="yes (old library)"
13745
13746
13747fi
13748rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
13749fi
13750
13751case "$host" in
13752*-*-cygwin*)
13753 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
13754 ;;
13755*)
13756 SSH_PRIVSEP_USER=sshd
13757 ;;
13758esac
13759
13760# Check whether --with-privsep-user was given.
13761if test "${with_privsep_user+set}" = set; then :
13762 withval=$with_privsep_user;
13763 if test -n "$withval" && test "x$withval" != "xno" && \
13764 test "x${withval}" != "xyes"; then
13765 SSH_PRIVSEP_USER=$withval
13766 fi
13767
13768
13769fi
13770
13771if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
13772
13773cat >>confdefs.h <<_ACEOF
13774#define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER
13775_ACEOF
13776
13777else
13778
13779cat >>confdefs.h <<_ACEOF
13780#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER"
13781_ACEOF
13782
13783fi
13784
13785
13786if test "x$have_linux_no_new_privs" = "x1" ; then
13787ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" "
13788 #include <sys/types.h>
13789 #include <linux/seccomp.h>
13790
13791"
13792if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then :
13793 have_seccomp_filter=1
13794fi
13795
13796fi
13797if test "x$have_seccomp_filter" = "x1" ; then
13798{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
13799$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
13800cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13801/* end confdefs.h. */
13802
13803 #include <errno.h>
13804 #include <elf.h>
13805 #include <linux/audit.h>
13806 #include <linux/seccomp.h>
13807 #include <stdlib.h>
13808 #include <sys/prctl.h>
13809
13810int
13811main ()
13812{
13813 int i = $seccomp_audit_arch;
13814 errno = 0;
13815 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
13816 exit(errno == EFAULT ? 0 : 1);
13817 ;
13818 return 0;
13819}
13820_ACEOF
13821if ac_fn_c_try_link "$LINENO"; then :
13822 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13823$as_echo "yes" >&6; }
13824else
13825
13826 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13827$as_echo "no" >&6; }
13828 # Disable seccomp filter as a target
13829 have_seccomp_filter=0
13830
13831
13832fi
13833rm -f core conftest.err conftest.$ac_objext \
13834 conftest$ac_exeext conftest.$ac_ext
13835fi
13836
13837# Decide which sandbox style to use
13838sandbox_arg=""
13839
13840# Check whether --with-sandbox was given.
13841if test "${with_sandbox+set}" = set; then :
13842 withval=$with_sandbox;
13843 if test "x$withval" = "xyes" ; then
13844 sandbox_arg=""
13845 else
13846 sandbox_arg="$withval"
13847 fi
13848
13849
13850fi
13851
13852
13853# Some platforms (seems to be the ones that have a kernel poll(2)-type
13854# function with which they implement select(2)) use an extra file descriptor
13855# when calling select(2), which means we can't use the rlimit sandbox.
13856{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5
13857$as_echo_n "checking if select works with descriptor rlimit... " >&6; }
13858if test "$cross_compiling" = yes; then :
13859 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13860$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13861
13862else
13863 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13864/* end confdefs.h. */
13865
13866#include <sys/types.h>
13867#ifdef HAVE_SYS_TIME_H
13868# include <sys/time.h>
13869#endif
13870#include <sys/resource.h>
13871#ifdef HAVE_SYS_SELECT_H
13872# include <sys/select.h>
13873#endif
13874#include <errno.h>
13875#include <fcntl.h>
13876#include <stdlib.h>
13877
13878int
13879main ()
13880{
13881
13882 struct rlimit rl_zero;
13883 int fd, r;
13884 fd_set fds;
13885 struct timeval tv;
13886
13887 fd = open("/dev/null", O_RDONLY);
13888 FD_ZERO(&fds);
13889 FD_SET(fd, &fds);
13890 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
13891 setrlimit(RLIMIT_FSIZE, &rl_zero);
13892 setrlimit(RLIMIT_NOFILE, &rl_zero);
13893 tv.tv_sec = 1;
13894 tv.tv_usec = 0;
13895 r = select(fd+1, &fds, NULL, NULL, &tv);
13896 exit (r == -1 ? 1 : 0);
13897
13898 ;
13899 return 0;
13900}
13901_ACEOF
13902if ac_fn_c_try_run "$LINENO"; then :
13903 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13904$as_echo "yes" >&6; }
13905 select_works_with_rlimit=yes
13906else
13907 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13908$as_echo "no" >&6; }
13909 select_works_with_rlimit=no
13910fi
13911rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13912 conftest.$ac_objext conftest.beam conftest.$ac_ext
13913fi
13914
13915
13916{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5
13917$as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; }
13918if test "$cross_compiling" = yes; then :
13919 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13920$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13921
13922else
13923 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13924/* end confdefs.h. */
13925
13926#include <sys/types.h>
13927#ifdef HAVE_SYS_TIME_H
13928# include <sys/time.h>
13929#endif
13930#include <sys/resource.h>
13931#include <errno.h>
13932#include <stdlib.h>
13933
13934int
13935main ()
13936{
13937
13938 struct rlimit rl_zero;
13939 int fd, r;
13940 fd_set fds;
13941
13942 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
13943 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
13944 exit (r == -1 ? 1 : 0);
13945
13946 ;
13947 return 0;
13948}
13949_ACEOF
13950if ac_fn_c_try_run "$LINENO"; then :
13951 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13952$as_echo "yes" >&6; }
13953 rlimit_nofile_zero_works=yes
13954else
13955 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13956$as_echo "no" >&6; }
13957 rlimit_nofile_zero_works=no
13958fi
13959rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
13960 conftest.$ac_objext conftest.beam conftest.$ac_ext
13961fi
13962
13963
13964{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5
13965$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; }
13966if test "$cross_compiling" = yes; then :
13967 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
13968$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
13969
13970else
13971 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
13972/* end confdefs.h. */
13973
13974#include <sys/types.h>
13975#include <sys/resource.h>
13976#include <stdlib.h>
13977
13978int
13979main ()
13980{
13981
13982 struct rlimit rl_zero;
13983
13984 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
13985 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
13986
13987 ;
13988 return 0;
13989}
13990_ACEOF
13991if ac_fn_c_try_run "$LINENO"; then :
13992 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
13993$as_echo "yes" >&6; }
13994else
13995 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
13996$as_echo "no" >&6; }
13997
13998$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h
13999
14000fi
14001rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
14002 conftest.$ac_objext conftest.beam conftest.$ac_ext
14003fi
14004
14005
14006if test "x$sandbox_arg" = "xpledge" || \
14007 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
14008 test "x$ac_cv_func_pledge" != "xyes" && \
14009 as_fn_error $? "pledge sandbox requires pledge(2) support" "$LINENO" 5
14010 SANDBOX_STYLE="pledge"
14011
14012$as_echo "#define SANDBOX_PLEDGE 1" >>confdefs.h
14013
14014elif test "x$sandbox_arg" = "xsystrace" || \
14015 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
14016 test "x$have_systr_policy_kill" != "x1" && \
14017 as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
14018 SANDBOX_STYLE="systrace"
14019
14020$as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
14021
14022elif test "x$sandbox_arg" = "xdarwin" || \
14023 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
14024 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
14025 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
14026 "x$ac_cv_header_sandbox_h" != "xyes" && \
14027 as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
14028 SANDBOX_STYLE="darwin"
14029
14030$as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
14031
14032elif test "x$sandbox_arg" = "xseccomp_filter" || \
14033 ( test -z "$sandbox_arg" && \
14034 test "x$have_seccomp_filter" = "x1" && \
14035 test "x$ac_cv_header_elf_h" = "xyes" && \
14036 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
14037 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
14038 test "x$seccomp_audit_arch" != "x" && \
14039 test "x$have_linux_no_new_privs" = "x1" && \
14040 test "x$ac_cv_func_prctl" = "xyes" ) ; then
14041 test "x$seccomp_audit_arch" = "x" && \
14042 as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5
14043 test "x$have_linux_no_new_privs" != "x1" && \
14044 as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5
14045 test "x$have_seccomp_filter" != "x1" && \
14046 as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
14047 test "x$ac_cv_func_prctl" != "xyes" && \
14048 as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
14049 SANDBOX_STYLE="seccomp_filter"
14050
14051$as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
14052
14053elif test "x$sandbox_arg" = "xcapsicum" || \
14054 ( test -z "$sandbox_arg" && \
14055 test "x$ac_cv_header_sys_capability_h" = "xyes" && \
14056 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
14057 test "x$ac_cv_header_sys_capability_h" != "xyes" && \
14058 as_fn_error $? "capsicum sandbox requires sys/capability.h header" "$LINENO" 5
14059 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
14060 as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5
14061 SANDBOX_STYLE="capsicum"
14062
14063$as_echo "#define SANDBOX_CAPSICUM 1" >>confdefs.h
14064
14065elif test "x$sandbox_arg" = "xrlimit" || \
14066 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
14067 test "x$select_works_with_rlimit" = "xyes" && \
14068 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
14069 test "x$ac_cv_func_setrlimit" != "xyes" && \
14070 as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
14071 test "x$select_works_with_rlimit" != "xyes" && \
14072 as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5
14073 SANDBOX_STYLE="rlimit"
14074
14075$as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
14076
14077elif test "x$sandbox_arg" = "xsolaris" || \
14078 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
14079 SANDBOX_STYLE="solaris"
14080
14081$as_echo "#define SANDBOX_SOLARIS 1" >>confdefs.h
14082
14083elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
14084 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
14085 SANDBOX_STYLE="none"
14086
14087$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
14088
14089else
14090 as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
14091fi
14092
14093# Cheap hack to ensure NEWS-OS libraries are arranged right.
14094if test ! -z "$SONY" ; then
14095 LIBS="$LIBS -liberty";
14096fi
14097
14098# Check for long long datatypes
14099ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default"
14100if test "x$ac_cv_type_long_long" = xyes; then :
14101
14102cat >>confdefs.h <<_ACEOF
14103#define HAVE_LONG_LONG 1
14104_ACEOF
14105
14106
14107fi
14108ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default"
14109if test "x$ac_cv_type_unsigned_long_long" = xyes; then :
14110
14111cat >>confdefs.h <<_ACEOF
14112#define HAVE_UNSIGNED_LONG_LONG 1
14113_ACEOF
14114
14115
14116fi
14117ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default"
14118if test "x$ac_cv_type_long_double" = xyes; then :
14119
14120cat >>confdefs.h <<_ACEOF
14121#define HAVE_LONG_DOUBLE 1
14122_ACEOF
14123
14124
14125fi
14126
14127
14128# Check datatype sizes
14129# The cast to long int works around a bug in the HP C Compiler
14130# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14131# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14132# This bug is HP SR number 8606223364.
14133{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5
14134$as_echo_n "checking size of short int... " >&6; }
14135if ${ac_cv_sizeof_short_int+:} false; then :
14136 $as_echo_n "(cached) " >&6
14137else
14138 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then :
14139
14140else
14141 if test "$ac_cv_type_short_int" = yes; then
14142 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14143$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14144as_fn_error 77 "cannot compute sizeof (short int)
14145See \`config.log' for more details" "$LINENO" 5; }
14146 else
14147 ac_cv_sizeof_short_int=0
14148 fi
14149fi
14150
14151fi
14152{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5
14153$as_echo "$ac_cv_sizeof_short_int" >&6; }
14154
14155
14156
14157cat >>confdefs.h <<_ACEOF
14158#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int
14159_ACEOF
14160
14161
14162# The cast to long int works around a bug in the HP C Compiler
14163# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14164# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14165# This bug is HP SR number 8606223364.
14166{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
14167$as_echo_n "checking size of int... " >&6; }
14168if ${ac_cv_sizeof_int+:} false; then :
14169 $as_echo_n "(cached) " >&6
14170else
14171 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
14172
14173else
14174 if test "$ac_cv_type_int" = yes; then
14175 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14176$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14177as_fn_error 77 "cannot compute sizeof (int)
14178See \`config.log' for more details" "$LINENO" 5; }
14179 else
14180 ac_cv_sizeof_int=0
14181 fi
14182fi
14183
14184fi
14185{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
14186$as_echo "$ac_cv_sizeof_int" >&6; }
14187
14188
14189
14190cat >>confdefs.h <<_ACEOF
14191#define SIZEOF_INT $ac_cv_sizeof_int
14192_ACEOF
14193
14194
14195# The cast to long int works around a bug in the HP C Compiler
14196# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14197# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14198# This bug is HP SR number 8606223364.
14199{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
14200$as_echo_n "checking size of long int... " >&6; }
14201if ${ac_cv_sizeof_long_int+:} false; then :
14202 $as_echo_n "(cached) " >&6
14203else
14204 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then :
14205
14206else
14207 if test "$ac_cv_type_long_int" = yes; then
14208 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14209$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14210as_fn_error 77 "cannot compute sizeof (long int)
14211See \`config.log' for more details" "$LINENO" 5; }
14212 else
14213 ac_cv_sizeof_long_int=0
14214 fi
14215fi
14216
14217fi
14218{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
14219$as_echo "$ac_cv_sizeof_long_int" >&6; }
14220
14221
14222
14223cat >>confdefs.h <<_ACEOF
14224#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
14225_ACEOF
14226
14227
14228# The cast to long int works around a bug in the HP C Compiler
14229# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
14230# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
14231# This bug is HP SR number 8606223364.
14232{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5
14233$as_echo_n "checking size of long long int... " >&6; }
14234if ${ac_cv_sizeof_long_long_int+:} false; then :
14235 $as_echo_n "(cached) " >&6
14236else
14237 if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then :
14238
14239else
14240 if test "$ac_cv_type_long_long_int" = yes; then
14241 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
14242$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
14243as_fn_error 77 "cannot compute sizeof (long long int)
14244See \`config.log' for more details" "$LINENO" 5; }
14245 else
14246 ac_cv_sizeof_long_long_int=0
14247 fi
14248fi
14249
14250fi
14251{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5
14252$as_echo "$ac_cv_sizeof_long_long_int" >&6; }
14253
14254
14255
14256cat >>confdefs.h <<_ACEOF
14257#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int
14258_ACEOF
14259
14260
14261
14262# Sanity check long long for some platforms (AIX)
14263if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
14264 ac_cv_sizeof_long_long_int=0
14265fi
14266
14267# compute LLONG_MIN and LLONG_MAX if we don't know them.
14268if test -z "$have_llong_max"; then
14269 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5
14270$as_echo_n "checking for max value of long long... " >&6; }
14271 if test "$cross_compiling" = yes; then :
14272
14273 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
14274$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
14275
14276
14277else
14278 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14279/* end confdefs.h. */
14280
14281#include <stdio.h>
14282/* Why is this so damn hard? */
14283#ifdef __GNUC__
14284# undef __GNUC__
14285#endif
14286#define __USE_ISOC99
14287#include <limits.h>
14288#define DATA "conftest.llminmax"
14289#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
14290
14291/*
14292 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
14293 * we do this the hard way.
14294 */
14295static int
14296fprint_ll(FILE *f, long long n)
14297{
14298 unsigned int i;
14299 int l[sizeof(long long) * 8];
14300
14301 if (n < 0)
14302 if (fprintf(f, "-") < 0)
14303 return -1;
14304 for (i = 0; n != 0; i++) {
14305 l[i] = my_abs(n % 10);
14306 n /= 10;
14307 }
14308 do {
14309 if (fprintf(f, "%d", l[--i]) < 0)
14310 return -1;
14311 } while (i != 0);
14312 if (fprintf(f, " ") < 0)
14313 return -1;
14314 return 0;
14315}
14316
14317int
14318main ()
14319{
14320
14321 FILE *f;
14322 long long i, llmin, llmax = 0;
14323
14324 if((f = fopen(DATA,"w")) == NULL)
14325 exit(1);
14326
14327#if defined(LLONG_MIN) && defined(LLONG_MAX)
14328 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
14329 llmin = LLONG_MIN;
14330 llmax = LLONG_MAX;
14331#else
14332 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
14333 /* This will work on one's complement and two's complement */
14334 for (i = 1; i > llmax; i <<= 1, i++)
14335 llmax = i;
14336 llmin = llmax + 1LL; /* wrap */
14337#endif
14338
14339 /* Sanity check */
14340 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
14341 || llmax - 1 > llmax || llmin == llmax || llmin == 0
14342 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
14343 fprintf(f, "unknown unknown\n");
14344 exit(2);
14345 }
14346
14347 if (fprint_ll(f, llmin) < 0)
14348 exit(3);
14349 if (fprint_ll(f, llmax) < 0)
14350 exit(4);
14351 if (fclose(f) < 0)
14352 exit(5);
14353 exit(0);
14354
14355 ;
14356 return 0;
14357}
14358_ACEOF
14359if ac_fn_c_try_run "$LINENO"; then :
14360
14361 llong_min=`$AWK '{print $1}' conftest.llminmax`
14362 llong_max=`$AWK '{print $2}' conftest.llminmax`
14363
14364 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5
14365$as_echo "$llong_max" >&6; }
14366
14367cat >>confdefs.h <<_ACEOF
14368#define LLONG_MAX ${llong_max}LL
14369_ACEOF
14370
14371 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5
14372$as_echo_n "checking for min value of long long... " >&6; }
14373 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5
14374$as_echo "$llong_min" >&6; }
14375
14376cat >>confdefs.h <<_ACEOF
14377#define LLONG_MIN ${llong_min}LL
14378_ACEOF
14379
14380
14381else
14382
14383 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
14384$as_echo "not found" >&6; }
14385
14386fi
14387rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
14388 conftest.$ac_objext conftest.beam conftest.$ac_ext
14389fi
14390
14391fi
14392
14393
14394# More checks for data types
14395{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5
14396$as_echo_n "checking for u_int type... " >&6; }
14397if ${ac_cv_have_u_int+:} false; then :
14398 $as_echo_n "(cached) " >&6
14399else
14400
14401 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14402/* end confdefs.h. */
14403 #include <sys/types.h>
14404int
14405main ()
14406{
14407 u_int a; a = 1;
14408 ;
14409 return 0;
14410}
14411_ACEOF
14412if ac_fn_c_try_compile "$LINENO"; then :
14413 ac_cv_have_u_int="yes"
14414else
14415 ac_cv_have_u_int="no"
14416
14417fi
14418rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14419
14420fi
14421{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5
14422$as_echo "$ac_cv_have_u_int" >&6; }
14423if test "x$ac_cv_have_u_int" = "xyes" ; then
14424
14425$as_echo "#define HAVE_U_INT 1" >>confdefs.h
14426
14427 have_u_int=1
14428fi
14429
14430{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5
14431$as_echo_n "checking for intXX_t types... " >&6; }
14432if ${ac_cv_have_intxx_t+:} false; then :
14433 $as_echo_n "(cached) " >&6
14434else
14435
14436 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14437/* end confdefs.h. */
14438 #include <sys/types.h>
14439int
14440main ()
14441{
14442 int8_t a; int16_t b; int32_t c; a = b = c = 1;
14443 ;
14444 return 0;
14445}
14446_ACEOF
14447if ac_fn_c_try_compile "$LINENO"; then :
14448 ac_cv_have_intxx_t="yes"
14449else
14450 ac_cv_have_intxx_t="no"
14451
14452fi
14453rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14454
14455fi
14456{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5
14457$as_echo "$ac_cv_have_intxx_t" >&6; }
14458if test "x$ac_cv_have_intxx_t" = "xyes" ; then
14459
14460$as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
14461
14462 have_intxx_t=1
14463fi
14464
14465if (test -z "$have_intxx_t" && \
14466 test "x$ac_cv_header_stdint_h" = "xyes")
14467then
14468 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5
14469$as_echo_n "checking for intXX_t types in stdint.h... " >&6; }
14470 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14471/* end confdefs.h. */
14472 #include <stdint.h>
14473int
14474main ()
14475{
14476 int8_t a; int16_t b; int32_t c; a = b = c = 1;
14477 ;
14478 return 0;
14479}
14480_ACEOF
14481if ac_fn_c_try_compile "$LINENO"; then :
14482
14483 $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
14484
14485 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14486$as_echo "yes" >&6; }
14487
14488else
14489 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14490$as_echo "no" >&6; }
14491
14492fi
14493rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14494fi
14495
14496{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5
14497$as_echo_n "checking for int64_t type... " >&6; }
14498if ${ac_cv_have_int64_t+:} false; then :
14499 $as_echo_n "(cached) " >&6
14500else
14501
14502 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14503/* end confdefs.h. */
14504
14505#include <sys/types.h>
14506#ifdef HAVE_STDINT_H
14507# include <stdint.h>
14508#endif
14509#include <sys/socket.h>
14510#ifdef HAVE_SYS_BITYPES_H
14511# include <sys/bitypes.h>
14512#endif
14513
14514int
14515main ()
14516{
14517
14518int64_t a; a = 1;
14519
14520 ;
14521 return 0;
14522}
14523_ACEOF
14524if ac_fn_c_try_compile "$LINENO"; then :
14525 ac_cv_have_int64_t="yes"
14526else
14527 ac_cv_have_int64_t="no"
14528
14529fi
14530rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14531
14532fi
14533{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5
14534$as_echo "$ac_cv_have_int64_t" >&6; }
14535if test "x$ac_cv_have_int64_t" = "xyes" ; then
14536
14537$as_echo "#define HAVE_INT64_T 1" >>confdefs.h
14538
14539fi
14540
14541{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5
14542$as_echo_n "checking for u_intXX_t types... " >&6; }
14543if ${ac_cv_have_u_intxx_t+:} false; then :
14544 $as_echo_n "(cached) " >&6
14545else
14546
14547 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14548/* end confdefs.h. */
14549 #include <sys/types.h>
14550int
14551main ()
14552{
14553 u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
14554 ;
14555 return 0;
14556}
14557_ACEOF
14558if ac_fn_c_try_compile "$LINENO"; then :
14559 ac_cv_have_u_intxx_t="yes"
14560else
14561 ac_cv_have_u_intxx_t="no"
14562
14563fi
14564rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14565
14566fi
14567{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5
14568$as_echo "$ac_cv_have_u_intxx_t" >&6; }
14569if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
14570
14571$as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
14572
14573 have_u_intxx_t=1
14574fi
14575
14576if test -z "$have_u_intxx_t" ; then
14577 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5
14578$as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; }
14579 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14580/* end confdefs.h. */
14581 #include <sys/socket.h>
14582int
14583main ()
14584{
14585 u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
14586 ;
14587 return 0;
14588}
14589_ACEOF
14590if ac_fn_c_try_compile "$LINENO"; then :
14591
14592 $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
14593
14594 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14595$as_echo "yes" >&6; }
14596
14597else
14598 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14599$as_echo "no" >&6; }
14600
14601fi
14602rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14603fi
14604
14605{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5
14606$as_echo_n "checking for u_int64_t types... " >&6; }
14607if ${ac_cv_have_u_int64_t+:} false; then :
14608 $as_echo_n "(cached) " >&6
14609else
14610
14611 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14612/* end confdefs.h. */
14613 #include <sys/types.h>
14614int
14615main ()
14616{
14617 u_int64_t a; a = 1;
14618 ;
14619 return 0;
14620}
14621_ACEOF
14622if ac_fn_c_try_compile "$LINENO"; then :
14623 ac_cv_have_u_int64_t="yes"
14624else
14625 ac_cv_have_u_int64_t="no"
14626
14627fi
14628rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14629
14630fi
14631{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5
14632$as_echo "$ac_cv_have_u_int64_t" >&6; }
14633if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
14634
14635$as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
14636
14637 have_u_int64_t=1
14638fi
14639
14640if (test -z "$have_u_int64_t" && \
14641 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
14642then
14643 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5
14644$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; }
14645 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14646/* end confdefs.h. */
14647 #include <sys/bitypes.h>
14648int
14649main ()
14650{
14651 u_int64_t a; a = 1
14652 ;
14653 return 0;
14654}
14655_ACEOF
14656if ac_fn_c_try_compile "$LINENO"; then :
14657
14658 $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
14659
14660 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14661$as_echo "yes" >&6; }
14662
14663else
14664 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14665$as_echo "no" >&6; }
14666
14667fi
14668rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14669fi
14670
14671if test -z "$have_u_intxx_t" ; then
14672 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5
14673$as_echo_n "checking for uintXX_t types... " >&6; }
14674if ${ac_cv_have_uintxx_t+:} false; then :
14675 $as_echo_n "(cached) " >&6
14676else
14677
14678 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14679/* end confdefs.h. */
14680
14681#include <sys/types.h>
14682
14683int
14684main ()
14685{
14686
14687 uint8_t a;
14688 uint16_t b;
14689 uint32_t c;
14690 a = b = c = 1;
14691
14692 ;
14693 return 0;
14694}
14695_ACEOF
14696if ac_fn_c_try_compile "$LINENO"; then :
14697 ac_cv_have_uintxx_t="yes"
14698else
14699 ac_cv_have_uintxx_t="no"
14700
14701fi
14702rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14703
14704fi
14705{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5
14706$as_echo "$ac_cv_have_uintxx_t" >&6; }
14707 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
14708
14709$as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
14710
14711 fi
14712fi
14713
14714if (test -z "$have_uintxx_t" && \
14715 test "x$ac_cv_header_stdint_h" = "xyes")
14716then
14717 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5
14718$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; }
14719 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14720/* end confdefs.h. */
14721 #include <stdint.h>
14722int
14723main ()
14724{
14725 uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
14726 ;
14727 return 0;
14728}
14729_ACEOF
14730if ac_fn_c_try_compile "$LINENO"; then :
14731
14732 $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
14733
14734 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14735$as_echo "yes" >&6; }
14736
14737else
14738 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14739$as_echo "no" >&6; }
14740
14741fi
14742rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14743fi
14744
14745if (test -z "$have_uintxx_t" && \
14746 test "x$ac_cv_header_inttypes_h" = "xyes")
14747then
14748 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5
14749$as_echo_n "checking for uintXX_t types in inttypes.h... " >&6; }
14750 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14751/* end confdefs.h. */
14752 #include <inttypes.h>
14753int
14754main ()
14755{
14756 uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
14757 ;
14758 return 0;
14759}
14760_ACEOF
14761if ac_fn_c_try_compile "$LINENO"; then :
14762
14763 $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
14764
14765 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14766$as_echo "yes" >&6; }
14767
14768else
14769 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14770$as_echo "no" >&6; }
14771
14772fi
14773rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14774fi
14775
14776if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
14777 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
14778then
14779 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
14780$as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; }
14781 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14782/* end confdefs.h. */
14783
14784#include <sys/bitypes.h>
14785
14786int
14787main ()
14788{
14789
14790 int8_t a; int16_t b; int32_t c;
14791 u_int8_t e; u_int16_t f; u_int32_t g;
14792 a = b = c = e = f = g = 1;
14793
14794 ;
14795 return 0;
14796}
14797_ACEOF
14798if ac_fn_c_try_compile "$LINENO"; then :
14799
14800 $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
14801
14802 $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
14803
14804 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
14805$as_echo "yes" >&6; }
14806
14807else
14808 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
14809$as_echo "no" >&6; }
14810
14811fi
14812rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14813fi
14814
14815
14816{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5
14817$as_echo_n "checking for u_char... " >&6; }
14818if ${ac_cv_have_u_char+:} false; then :
14819 $as_echo_n "(cached) " >&6
14820else
14821
14822 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14823/* end confdefs.h. */
14824 #include <sys/types.h>
14825int
14826main ()
14827{
14828 u_char foo; foo = 125;
14829 ;
14830 return 0;
14831}
14832_ACEOF
14833if ac_fn_c_try_compile "$LINENO"; then :
14834 ac_cv_have_u_char="yes"
14835else
14836 ac_cv_have_u_char="no"
14837
14838fi
14839rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14840
14841fi
14842{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5
14843$as_echo "$ac_cv_have_u_char" >&6; }
14844if test "x$ac_cv_have_u_char" = "xyes" ; then
14845
14846$as_echo "#define HAVE_U_CHAR 1" >>confdefs.h
14847
14848fi
14849
14850ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "
14851#include <sys/types.h>
14852#include <stdint.h>
14853
14854"
14855if test "x$ac_cv_type_intmax_t" = xyes; then :
14856
14857cat >>confdefs.h <<_ACEOF
14858#define HAVE_INTMAX_T 1
14859_ACEOF
14860
14861
14862fi
14863ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "
14864#include <sys/types.h>
14865#include <stdint.h>
14866
14867"
14868if test "x$ac_cv_type_uintmax_t" = xyes; then :
14869
14870cat >>confdefs.h <<_ACEOF
14871#define HAVE_UINTMAX_T 1
14872_ACEOF
14873
14874
14875fi
14876
14877
14878
14879 ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
14880#include <sys/socket.h>
14881"
14882if test "x$ac_cv_type_socklen_t" = xyes; then :
14883
14884else
14885
14886 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
14887$as_echo_n "checking for socklen_t equivalent... " >&6; }
14888 if ${curl_cv_socklen_t_equiv+:} false; then :
14889 $as_echo_n "(cached) " >&6
14890else
14891
14892 # Systems have either "struct sockaddr *" or
14893 # "void *" as the second argument to getpeername
14894 curl_cv_socklen_t_equiv=
14895 for arg2 in "struct sockaddr" void; do
14896 for t in int size_t unsigned long "unsigned long"; do
14897 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
14898/* end confdefs.h. */
14899
14900 #include <sys/types.h>
14901 #include <sys/socket.h>
14902
14903 int getpeername (int, $arg2 *, $t *);
14904
14905int
14906main ()
14907{
14908
14909 $t len;
14910 getpeername(0,0,&len);
14911
14912 ;
14913 return 0;
14914}
14915_ACEOF
14916if ac_fn_c_try_compile "$LINENO"; then :
14917
14918 curl_cv_socklen_t_equiv="$t"
14919 break
14920
14921fi
14922rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
14923 done
14924 done
14925
14926 if test "x$curl_cv_socklen_t_equiv" = x; then
14927 as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
14928 fi
14929
14930fi
14931
14932 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5
14933$as_echo "$curl_cv_socklen_t_equiv" >&6; }
14934
14935cat >>confdefs.h <<_ACEOF
14936#define socklen_t $curl_cv_socklen_t_equiv
14937_ACEOF
14938
14939fi
14940
14941
14942
14943ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h>
14944"
14945if test "x$ac_cv_type_sig_atomic_t" = xyes; then :
14946
14947cat >>confdefs.h <<_ACEOF
14948#define HAVE_SIG_ATOMIC_T 1
14949_ACEOF
14950
14951
14952fi
14953
14954ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" "
14955#include <sys/types.h>
14956#ifdef HAVE_SYS_BITYPES_H
14957#include <sys/bitypes.h>
14958#endif
14959#ifdef HAVE_SYS_STATFS_H
14960#include <sys/statfs.h>
14961#endif
14962#ifdef HAVE_SYS_STATVFS_H
14963#include <sys/statvfs.h>
14964#endif
14965
14966"
14967if test "x$ac_cv_type_fsblkcnt_t" = xyes; then :
14968
14969cat >>confdefs.h <<_ACEOF
14970#define HAVE_FSBLKCNT_T 1
14971_ACEOF
14972
14973
14974fi
14975ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" "
14976#include <sys/types.h>
14977#ifdef HAVE_SYS_BITYPES_H
14978#include <sys/bitypes.h>
14979#endif
14980#ifdef HAVE_SYS_STATFS_H
14981#include <sys/statfs.h>
14982#endif
14983#ifdef HAVE_SYS_STATVFS_H
14984#include <sys/statvfs.h>
14985#endif
14986
14987"
14988if test "x$ac_cv_type_fsfilcnt_t" = xyes; then :
14989
14990cat >>confdefs.h <<_ACEOF
14991#define HAVE_FSFILCNT_T 1
14992_ACEOF
14993
14994
14995fi
14996
14997
14998ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h>
14999#include <netinet/in.h>
15000"
15001if test "x$ac_cv_type_in_addr_t" = xyes; then :
15002
15003cat >>confdefs.h <<_ACEOF
15004#define HAVE_IN_ADDR_T 1
15005_ACEOF
15006
15007
15008fi
15009ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h>
15010#include <netinet/in.h>
15011"
15012if test "x$ac_cv_type_in_port_t" = xyes; then :
15013
15014cat >>confdefs.h <<_ACEOF
15015#define HAVE_IN_PORT_T 1
15016_ACEOF
15017
15018
15019fi
15020
15021
15022{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
15023$as_echo_n "checking for size_t... " >&6; }
15024if ${ac_cv_have_size_t+:} false; then :
15025 $as_echo_n "(cached) " >&6
15026else
15027
15028 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15029/* end confdefs.h. */
15030 #include <sys/types.h>
15031int
15032main ()
15033{
15034 size_t foo; foo = 1235;
15035 ;
15036 return 0;
15037}
15038_ACEOF
15039if ac_fn_c_try_compile "$LINENO"; then :
15040 ac_cv_have_size_t="yes"
15041else
15042 ac_cv_have_size_t="no"
15043
15044fi
15045rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15046
15047fi
15048{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5
15049$as_echo "$ac_cv_have_size_t" >&6; }
15050if test "x$ac_cv_have_size_t" = "xyes" ; then
15051
15052$as_echo "#define HAVE_SIZE_T 1" >>confdefs.h
15053
15054fi
15055
15056{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5
15057$as_echo_n "checking for ssize_t... " >&6; }
15058if ${ac_cv_have_ssize_t+:} false; then :
15059 $as_echo_n "(cached) " >&6
15060else
15061
15062 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15063/* end confdefs.h. */
15064 #include <sys/types.h>
15065int
15066main ()
15067{
15068 ssize_t foo; foo = 1235;
15069 ;
15070 return 0;
15071}
15072_ACEOF
15073if ac_fn_c_try_compile "$LINENO"; then :
15074 ac_cv_have_ssize_t="yes"
15075else
15076 ac_cv_have_ssize_t="no"
15077
15078fi
15079rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15080
15081fi
15082{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5
15083$as_echo "$ac_cv_have_ssize_t" >&6; }
15084if test "x$ac_cv_have_ssize_t" = "xyes" ; then
15085
15086$as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h
15087
15088fi
15089
15090{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5
15091$as_echo_n "checking for clock_t... " >&6; }
15092if ${ac_cv_have_clock_t+:} false; then :
15093 $as_echo_n "(cached) " >&6
15094else
15095
15096 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15097/* end confdefs.h. */
15098 #include <time.h>
15099int
15100main ()
15101{
15102 clock_t foo; foo = 1235;
15103 ;
15104 return 0;
15105}
15106_ACEOF
15107if ac_fn_c_try_compile "$LINENO"; then :
15108 ac_cv_have_clock_t="yes"
15109else
15110 ac_cv_have_clock_t="no"
15111
15112fi
15113rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15114
15115fi
15116{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5
15117$as_echo "$ac_cv_have_clock_t" >&6; }
15118if test "x$ac_cv_have_clock_t" = "xyes" ; then
15119
15120$as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h
15121
15122fi
15123
15124{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5
15125$as_echo_n "checking for sa_family_t... " >&6; }
15126if ${ac_cv_have_sa_family_t+:} false; then :
15127 $as_echo_n "(cached) " >&6
15128else
15129
15130 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15131/* end confdefs.h. */
15132
15133#include <sys/types.h>
15134#include <sys/socket.h>
15135
15136int
15137main ()
15138{
15139 sa_family_t foo; foo = 1235;
15140 ;
15141 return 0;
15142}
15143_ACEOF
15144if ac_fn_c_try_compile "$LINENO"; then :
15145 ac_cv_have_sa_family_t="yes"
15146else
15147 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15148/* end confdefs.h. */
15149
15150#include <sys/types.h>
15151#include <sys/socket.h>
15152#include <netinet/in.h>
15153
15154int
15155main ()
15156{
15157 sa_family_t foo; foo = 1235;
15158 ;
15159 return 0;
15160}
15161_ACEOF
15162if ac_fn_c_try_compile "$LINENO"; then :
15163 ac_cv_have_sa_family_t="yes"
15164else
15165 ac_cv_have_sa_family_t="no"
15166
15167fi
15168rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15169
15170fi
15171rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15172
15173fi
15174{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5
15175$as_echo "$ac_cv_have_sa_family_t" >&6; }
15176if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
15177
15178$as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h
15179
15180fi
15181
15182{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5
15183$as_echo_n "checking for pid_t... " >&6; }
15184if ${ac_cv_have_pid_t+:} false; then :
15185 $as_echo_n "(cached) " >&6
15186else
15187
15188 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15189/* end confdefs.h. */
15190 #include <sys/types.h>
15191int
15192main ()
15193{
15194 pid_t foo; foo = 1235;
15195 ;
15196 return 0;
15197}
15198_ACEOF
15199if ac_fn_c_try_compile "$LINENO"; then :
15200 ac_cv_have_pid_t="yes"
15201else
15202 ac_cv_have_pid_t="no"
15203
15204fi
15205rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15206
15207fi
15208{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5
15209$as_echo "$ac_cv_have_pid_t" >&6; }
15210if test "x$ac_cv_have_pid_t" = "xyes" ; then
15211
15212$as_echo "#define HAVE_PID_T 1" >>confdefs.h
15213
15214fi
15215
15216{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5
15217$as_echo_n "checking for mode_t... " >&6; }
15218if ${ac_cv_have_mode_t+:} false; then :
15219 $as_echo_n "(cached) " >&6
15220else
15221
15222 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15223/* end confdefs.h. */
15224 #include <sys/types.h>
15225int
15226main ()
15227{
15228 mode_t foo; foo = 1235;
15229 ;
15230 return 0;
15231}
15232_ACEOF
15233if ac_fn_c_try_compile "$LINENO"; then :
15234 ac_cv_have_mode_t="yes"
15235else
15236 ac_cv_have_mode_t="no"
15237
15238fi
15239rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15240
15241fi
15242{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5
15243$as_echo "$ac_cv_have_mode_t" >&6; }
15244if test "x$ac_cv_have_mode_t" = "xyes" ; then
15245
15246$as_echo "#define HAVE_MODE_T 1" >>confdefs.h
15247
15248fi
15249
15250
15251{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5
15252$as_echo_n "checking for struct sockaddr_storage... " >&6; }
15253if ${ac_cv_have_struct_sockaddr_storage+:} false; then :
15254 $as_echo_n "(cached) " >&6
15255else
15256
15257 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15258/* end confdefs.h. */
15259
15260#include <sys/types.h>
15261#include <sys/socket.h>
15262
15263int
15264main ()
15265{
15266 struct sockaddr_storage s;
15267 ;
15268 return 0;
15269}
15270_ACEOF
15271if ac_fn_c_try_compile "$LINENO"; then :
15272 ac_cv_have_struct_sockaddr_storage="yes"
15273else
15274 ac_cv_have_struct_sockaddr_storage="no"
15275
15276fi
15277rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15278
15279fi
15280{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5
15281$as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; }
15282if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
15283
15284$as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h
15285
15286fi
15287
15288{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5
15289$as_echo_n "checking for struct sockaddr_in6... " >&6; }
15290if ${ac_cv_have_struct_sockaddr_in6+:} false; then :
15291 $as_echo_n "(cached) " >&6
15292else
15293
15294 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15295/* end confdefs.h. */
15296
15297#include <sys/types.h>
15298#include <netinet/in.h>
15299
15300int
15301main ()
15302{
15303 struct sockaddr_in6 s; s.sin6_family = 0;
15304 ;
15305 return 0;
15306}
15307_ACEOF
15308if ac_fn_c_try_compile "$LINENO"; then :
15309 ac_cv_have_struct_sockaddr_in6="yes"
15310else
15311 ac_cv_have_struct_sockaddr_in6="no"
15312
15313fi
15314rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15315
15316fi
15317{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5
15318$as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; }
15319if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
15320
15321$as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h
15322
15323fi
15324
15325{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5
15326$as_echo_n "checking for struct in6_addr... " >&6; }
15327if ${ac_cv_have_struct_in6_addr+:} false; then :
15328 $as_echo_n "(cached) " >&6
15329else
15330
15331 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15332/* end confdefs.h. */
15333
15334#include <sys/types.h>
15335#include <netinet/in.h>
15336
15337int
15338main ()
15339{
15340 struct in6_addr s; s.s6_addr[0] = 0;
15341 ;
15342 return 0;
15343}
15344_ACEOF
15345if ac_fn_c_try_compile "$LINENO"; then :
15346 ac_cv_have_struct_in6_addr="yes"
15347else
15348 ac_cv_have_struct_in6_addr="no"
15349
15350fi
15351rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15352
15353fi
15354{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5
15355$as_echo "$ac_cv_have_struct_in6_addr" >&6; }
15356if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
15357
15358$as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h
15359
15360
15361 ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" "
15362#ifdef HAVE_SYS_TYPES_H
15363#include <sys/types.h>
15364#endif
15365#include <netinet/in.h>
15366
15367"
15368if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then :
15369
15370cat >>confdefs.h <<_ACEOF
15371#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
15372_ACEOF
15373
15374
15375fi
15376
15377fi
15378
15379{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5
15380$as_echo_n "checking for struct addrinfo... " >&6; }
15381if ${ac_cv_have_struct_addrinfo+:} false; then :
15382 $as_echo_n "(cached) " >&6
15383else
15384
15385 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15386/* end confdefs.h. */
15387
15388#include <sys/types.h>
15389#include <sys/socket.h>
15390#include <netdb.h>
15391
15392int
15393main ()
15394{
15395 struct addrinfo s; s.ai_flags = AI_PASSIVE;
15396 ;
15397 return 0;
15398}
15399_ACEOF
15400if ac_fn_c_try_compile "$LINENO"; then :
15401 ac_cv_have_struct_addrinfo="yes"
15402else
15403 ac_cv_have_struct_addrinfo="no"
15404
15405fi
15406rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15407
15408fi
15409{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5
15410$as_echo "$ac_cv_have_struct_addrinfo" >&6; }
15411if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
15412
15413$as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h
15414
15415fi
15416
15417{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5
15418$as_echo_n "checking for struct timeval... " >&6; }
15419if ${ac_cv_have_struct_timeval+:} false; then :
15420 $as_echo_n "(cached) " >&6
15421else
15422
15423 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15424/* end confdefs.h. */
15425 #include <sys/time.h>
15426int
15427main ()
15428{
15429 struct timeval tv; tv.tv_sec = 1;
15430 ;
15431 return 0;
15432}
15433_ACEOF
15434if ac_fn_c_try_compile "$LINENO"; then :
15435 ac_cv_have_struct_timeval="yes"
15436else
15437 ac_cv_have_struct_timeval="no"
15438
15439fi
15440rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
15441
15442fi
15443{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5
15444$as_echo "$ac_cv_have_struct_timeval" >&6; }
15445if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
15446
15447$as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h
15448
15449 have_struct_timeval=1
15450fi
15451
15452ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default"
15453if test "x$ac_cv_type_struct_timespec" = xyes; then :
15454
15455cat >>confdefs.h <<_ACEOF
15456#define HAVE_STRUCT_TIMESPEC 1
15457_ACEOF
15458
15459
15460fi
15461
15462
15463# We need int64_t or else certian parts of the compile will fail.
15464if test "x$ac_cv_have_int64_t" = "xno" && \
15465 test "x$ac_cv_sizeof_long_int" != "x8" && \
15466 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
15467 echo "OpenSSH requires int64_t support. Contact your vendor or install"
15468 echo "an alternative compiler (I.E., GCC) before continuing."
15469 echo ""
15470 exit 1;
15471else
15472 if test "$cross_compiling" = yes; then :
15473 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
15474$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
15475
15476else
15477 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15478/* end confdefs.h. */
15479
15480#include <stdio.h>
15481#include <string.h>
15482#ifdef HAVE_SNPRINTF
15483main()
15484{
15485 char buf[50];
15486 char expected_out[50];
15487 int mazsize = 50 ;
15488#if (SIZEOF_LONG_INT == 8)
15489 long int num = 0x7fffffffffffffff;
15490#else
15491 long long num = 0x7fffffffffffffffll;
15492#endif
15493 strcpy(expected_out, "9223372036854775807");
15494 snprintf(buf, mazsize, "%lld", num);
15495 if(strcmp(buf, expected_out) != 0)
15496 exit(1);
15497 exit(0);
15498}
15499#else
15500main() { exit(0); }
15501#endif
15502
15503_ACEOF
15504if ac_fn_c_try_run "$LINENO"; then :
15505 true
15506else
15507 $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
15508
15509fi
15510rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
15511 conftest.$ac_objext conftest.beam conftest.$ac_ext
15512fi
15513
15514fi
15515
15516
15517# look for field 'ut_host' in header 'utmp.h'
15518 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15519 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
15520 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5
15521$as_echo_n "checking for ut_host field in utmp.h... " >&6; }
15522 if eval \${$ossh_varname+:} false; then :
15523 $as_echo_n "(cached) " >&6
15524else
15525
15526 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15527/* end confdefs.h. */
15528#include <utmp.h>
15529
15530_ACEOF
15531if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15532 $EGREP "ut_host" >/dev/null 2>&1; then :
15533 eval "$ossh_varname=yes"
15534else
15535 eval "$ossh_varname=no"
15536fi
15537rm -f conftest*
15538
15539fi
15540
15541 ossh_result=`eval 'echo $'"$ossh_varname"`
15542 if test -n "`echo $ossh_varname`"; then
15543 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15544$as_echo "$ossh_result" >&6; }
15545 if test "x$ossh_result" = "xyes"; then
15546
15547$as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h
15548
15549 fi
15550 else
15551 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15552$as_echo "no" >&6; }
15553 fi
15554
15555
15556# look for field 'ut_host' in header 'utmpx.h'
15557 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15558 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
15559 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5
15560$as_echo_n "checking for ut_host field in utmpx.h... " >&6; }
15561 if eval \${$ossh_varname+:} false; then :
15562 $as_echo_n "(cached) " >&6
15563else
15564
15565 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15566/* end confdefs.h. */
15567#include <utmpx.h>
15568
15569_ACEOF
15570if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15571 $EGREP "ut_host" >/dev/null 2>&1; then :
15572 eval "$ossh_varname=yes"
15573else
15574 eval "$ossh_varname=no"
15575fi
15576rm -f conftest*
15577
15578fi
15579
15580 ossh_result=`eval 'echo $'"$ossh_varname"`
15581 if test -n "`echo $ossh_varname`"; then
15582 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15583$as_echo "$ossh_result" >&6; }
15584 if test "x$ossh_result" = "xyes"; then
15585
15586$as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h
15587
15588 fi
15589 else
15590 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15591$as_echo "no" >&6; }
15592 fi
15593
15594
15595# look for field 'syslen' in header 'utmpx.h'
15596 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15597 ossh_varname="ossh_cv_$ossh_safe""_has_"syslen
15598 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5
15599$as_echo_n "checking for syslen field in utmpx.h... " >&6; }
15600 if eval \${$ossh_varname+:} false; then :
15601 $as_echo_n "(cached) " >&6
15602else
15603
15604 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15605/* end confdefs.h. */
15606#include <utmpx.h>
15607
15608_ACEOF
15609if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15610 $EGREP "syslen" >/dev/null 2>&1; then :
15611 eval "$ossh_varname=yes"
15612else
15613 eval "$ossh_varname=no"
15614fi
15615rm -f conftest*
15616
15617fi
15618
15619 ossh_result=`eval 'echo $'"$ossh_varname"`
15620 if test -n "`echo $ossh_varname`"; then
15621 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15622$as_echo "$ossh_result" >&6; }
15623 if test "x$ossh_result" = "xyes"; then
15624
15625$as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h
15626
15627 fi
15628 else
15629 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15630$as_echo "no" >&6; }
15631 fi
15632
15633
15634# look for field 'ut_pid' in header 'utmp.h'
15635 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15636 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid
15637 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5
15638$as_echo_n "checking for ut_pid field in utmp.h... " >&6; }
15639 if eval \${$ossh_varname+:} false; then :
15640 $as_echo_n "(cached) " >&6
15641else
15642
15643 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15644/* end confdefs.h. */
15645#include <utmp.h>
15646
15647_ACEOF
15648if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15649 $EGREP "ut_pid" >/dev/null 2>&1; then :
15650 eval "$ossh_varname=yes"
15651else
15652 eval "$ossh_varname=no"
15653fi
15654rm -f conftest*
15655
15656fi
15657
15658 ossh_result=`eval 'echo $'"$ossh_varname"`
15659 if test -n "`echo $ossh_varname`"; then
15660 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15661$as_echo "$ossh_result" >&6; }
15662 if test "x$ossh_result" = "xyes"; then
15663
15664$as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h
15665
15666 fi
15667 else
15668 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15669$as_echo "no" >&6; }
15670 fi
15671
15672
15673# look for field 'ut_type' in header 'utmp.h'
15674 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15675 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
15676 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5
15677$as_echo_n "checking for ut_type field in utmp.h... " >&6; }
15678 if eval \${$ossh_varname+:} false; then :
15679 $as_echo_n "(cached) " >&6
15680else
15681
15682 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15683/* end confdefs.h. */
15684#include <utmp.h>
15685
15686_ACEOF
15687if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15688 $EGREP "ut_type" >/dev/null 2>&1; then :
15689 eval "$ossh_varname=yes"
15690else
15691 eval "$ossh_varname=no"
15692fi
15693rm -f conftest*
15694
15695fi
15696
15697 ossh_result=`eval 'echo $'"$ossh_varname"`
15698 if test -n "`echo $ossh_varname`"; then
15699 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15700$as_echo "$ossh_result" >&6; }
15701 if test "x$ossh_result" = "xyes"; then
15702
15703$as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h
15704
15705 fi
15706 else
15707 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15708$as_echo "no" >&6; }
15709 fi
15710
15711
15712# look for field 'ut_type' in header 'utmpx.h'
15713 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15714 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
15715 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5
15716$as_echo_n "checking for ut_type field in utmpx.h... " >&6; }
15717 if eval \${$ossh_varname+:} false; then :
15718 $as_echo_n "(cached) " >&6
15719else
15720
15721 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15722/* end confdefs.h. */
15723#include <utmpx.h>
15724
15725_ACEOF
15726if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15727 $EGREP "ut_type" >/dev/null 2>&1; then :
15728 eval "$ossh_varname=yes"
15729else
15730 eval "$ossh_varname=no"
15731fi
15732rm -f conftest*
15733
15734fi
15735
15736 ossh_result=`eval 'echo $'"$ossh_varname"`
15737 if test -n "`echo $ossh_varname`"; then
15738 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15739$as_echo "$ossh_result" >&6; }
15740 if test "x$ossh_result" = "xyes"; then
15741
15742$as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h
15743
15744 fi
15745 else
15746 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15747$as_echo "no" >&6; }
15748 fi
15749
15750
15751# look for field 'ut_tv' in header 'utmp.h'
15752 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15753 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
15754 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5
15755$as_echo_n "checking for ut_tv field in utmp.h... " >&6; }
15756 if eval \${$ossh_varname+:} false; then :
15757 $as_echo_n "(cached) " >&6
15758else
15759
15760 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15761/* end confdefs.h. */
15762#include <utmp.h>
15763
15764_ACEOF
15765if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15766 $EGREP "ut_tv" >/dev/null 2>&1; then :
15767 eval "$ossh_varname=yes"
15768else
15769 eval "$ossh_varname=no"
15770fi
15771rm -f conftest*
15772
15773fi
15774
15775 ossh_result=`eval 'echo $'"$ossh_varname"`
15776 if test -n "`echo $ossh_varname`"; then
15777 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15778$as_echo "$ossh_result" >&6; }
15779 if test "x$ossh_result" = "xyes"; then
15780
15781$as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h
15782
15783 fi
15784 else
15785 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15786$as_echo "no" >&6; }
15787 fi
15788
15789
15790# look for field 'ut_id' in header 'utmp.h'
15791 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15792 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
15793 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5
15794$as_echo_n "checking for ut_id field in utmp.h... " >&6; }
15795 if eval \${$ossh_varname+:} false; then :
15796 $as_echo_n "(cached) " >&6
15797else
15798
15799 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15800/* end confdefs.h. */
15801#include <utmp.h>
15802
15803_ACEOF
15804if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15805 $EGREP "ut_id" >/dev/null 2>&1; then :
15806 eval "$ossh_varname=yes"
15807else
15808 eval "$ossh_varname=no"
15809fi
15810rm -f conftest*
15811
15812fi
15813
15814 ossh_result=`eval 'echo $'"$ossh_varname"`
15815 if test -n "`echo $ossh_varname`"; then
15816 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15817$as_echo "$ossh_result" >&6; }
15818 if test "x$ossh_result" = "xyes"; then
15819
15820$as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h
15821
15822 fi
15823 else
15824 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15825$as_echo "no" >&6; }
15826 fi
15827
15828
15829# look for field 'ut_id' in header 'utmpx.h'
15830 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15831 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
15832 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5
15833$as_echo_n "checking for ut_id field in utmpx.h... " >&6; }
15834 if eval \${$ossh_varname+:} false; then :
15835 $as_echo_n "(cached) " >&6
15836else
15837
15838 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15839/* end confdefs.h. */
15840#include <utmpx.h>
15841
15842_ACEOF
15843if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15844 $EGREP "ut_id" >/dev/null 2>&1; then :
15845 eval "$ossh_varname=yes"
15846else
15847 eval "$ossh_varname=no"
15848fi
15849rm -f conftest*
15850
15851fi
15852
15853 ossh_result=`eval 'echo $'"$ossh_varname"`
15854 if test -n "`echo $ossh_varname`"; then
15855 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15856$as_echo "$ossh_result" >&6; }
15857 if test "x$ossh_result" = "xyes"; then
15858
15859$as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h
15860
15861 fi
15862 else
15863 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15864$as_echo "no" >&6; }
15865 fi
15866
15867
15868# look for field 'ut_addr' in header 'utmp.h'
15869 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15870 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
15871 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5
15872$as_echo_n "checking for ut_addr field in utmp.h... " >&6; }
15873 if eval \${$ossh_varname+:} false; then :
15874 $as_echo_n "(cached) " >&6
15875else
15876
15877 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15878/* end confdefs.h. */
15879#include <utmp.h>
15880
15881_ACEOF
15882if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15883 $EGREP "ut_addr" >/dev/null 2>&1; then :
15884 eval "$ossh_varname=yes"
15885else
15886 eval "$ossh_varname=no"
15887fi
15888rm -f conftest*
15889
15890fi
15891
15892 ossh_result=`eval 'echo $'"$ossh_varname"`
15893 if test -n "`echo $ossh_varname`"; then
15894 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15895$as_echo "$ossh_result" >&6; }
15896 if test "x$ossh_result" = "xyes"; then
15897
15898$as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h
15899
15900 fi
15901 else
15902 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15903$as_echo "no" >&6; }
15904 fi
15905
15906
15907# look for field 'ut_addr' in header 'utmpx.h'
15908 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15909 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
15910 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5
15911$as_echo_n "checking for ut_addr field in utmpx.h... " >&6; }
15912 if eval \${$ossh_varname+:} false; then :
15913 $as_echo_n "(cached) " >&6
15914else
15915
15916 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15917/* end confdefs.h. */
15918#include <utmpx.h>
15919
15920_ACEOF
15921if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15922 $EGREP "ut_addr" >/dev/null 2>&1; then :
15923 eval "$ossh_varname=yes"
15924else
15925 eval "$ossh_varname=no"
15926fi
15927rm -f conftest*
15928
15929fi
15930
15931 ossh_result=`eval 'echo $'"$ossh_varname"`
15932 if test -n "`echo $ossh_varname`"; then
15933 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15934$as_echo "$ossh_result" >&6; }
15935 if test "x$ossh_result" = "xyes"; then
15936
15937$as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h
15938
15939 fi
15940 else
15941 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15942$as_echo "no" >&6; }
15943 fi
15944
15945
15946# look for field 'ut_addr_v6' in header 'utmp.h'
15947 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
15948 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
15949 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5
15950$as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; }
15951 if eval \${$ossh_varname+:} false; then :
15952 $as_echo_n "(cached) " >&6
15953else
15954
15955 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15956/* end confdefs.h. */
15957#include <utmp.h>
15958
15959_ACEOF
15960if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
15961 $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
15962 eval "$ossh_varname=yes"
15963else
15964 eval "$ossh_varname=no"
15965fi
15966rm -f conftest*
15967
15968fi
15969
15970 ossh_result=`eval 'echo $'"$ossh_varname"`
15971 if test -n "`echo $ossh_varname`"; then
15972 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
15973$as_echo "$ossh_result" >&6; }
15974 if test "x$ossh_result" = "xyes"; then
15975
15976$as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h
15977
15978 fi
15979 else
15980 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
15981$as_echo "no" >&6; }
15982 fi
15983
15984
15985# look for field 'ut_addr_v6' in header 'utmpx.h'
15986 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
15987 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
15988 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5
15989$as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; }
15990 if eval \${$ossh_varname+:} false; then :
15991 $as_echo_n "(cached) " >&6
15992else
15993
15994 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
15995/* end confdefs.h. */
15996#include <utmpx.h>
15997
15998_ACEOF
15999if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16000 $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
16001 eval "$ossh_varname=yes"
16002else
16003 eval "$ossh_varname=no"
16004fi
16005rm -f conftest*
16006
16007fi
16008
16009 ossh_result=`eval 'echo $'"$ossh_varname"`
16010 if test -n "`echo $ossh_varname`"; then
16011 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16012$as_echo "$ossh_result" >&6; }
16013 if test "x$ossh_result" = "xyes"; then
16014
16015$as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h
16016
16017 fi
16018 else
16019 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16020$as_echo "no" >&6; }
16021 fi
16022
16023
16024# look for field 'ut_exit' in header 'utmp.h'
16025 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
16026 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit
16027 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5
16028$as_echo_n "checking for ut_exit field in utmp.h... " >&6; }
16029 if eval \${$ossh_varname+:} false; then :
16030 $as_echo_n "(cached) " >&6
16031else
16032
16033 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16034/* end confdefs.h. */
16035#include <utmp.h>
16036
16037_ACEOF
16038if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16039 $EGREP "ut_exit" >/dev/null 2>&1; then :
16040 eval "$ossh_varname=yes"
16041else
16042 eval "$ossh_varname=no"
16043fi
16044rm -f conftest*
16045
16046fi
16047
16048 ossh_result=`eval 'echo $'"$ossh_varname"`
16049 if test -n "`echo $ossh_varname`"; then
16050 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16051$as_echo "$ossh_result" >&6; }
16052 if test "x$ossh_result" = "xyes"; then
16053
16054$as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h
16055
16056 fi
16057 else
16058 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16059$as_echo "no" >&6; }
16060 fi
16061
16062
16063# look for field 'ut_time' in header 'utmp.h'
16064 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
16065 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
16066 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5
16067$as_echo_n "checking for ut_time field in utmp.h... " >&6; }
16068 if eval \${$ossh_varname+:} false; then :
16069 $as_echo_n "(cached) " >&6
16070else
16071
16072 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16073/* end confdefs.h. */
16074#include <utmp.h>
16075
16076_ACEOF
16077if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16078 $EGREP "ut_time" >/dev/null 2>&1; then :
16079 eval "$ossh_varname=yes"
16080else
16081 eval "$ossh_varname=no"
16082fi
16083rm -f conftest*
16084
16085fi
16086
16087 ossh_result=`eval 'echo $'"$ossh_varname"`
16088 if test -n "`echo $ossh_varname`"; then
16089 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16090$as_echo "$ossh_result" >&6; }
16091 if test "x$ossh_result" = "xyes"; then
16092
16093$as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h
16094
16095 fi
16096 else
16097 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16098$as_echo "no" >&6; }
16099 fi
16100
16101
16102# look for field 'ut_time' in header 'utmpx.h'
16103 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
16104 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
16105 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5
16106$as_echo_n "checking for ut_time field in utmpx.h... " >&6; }
16107 if eval \${$ossh_varname+:} false; then :
16108 $as_echo_n "(cached) " >&6
16109else
16110
16111 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16112/* end confdefs.h. */
16113#include <utmpx.h>
16114
16115_ACEOF
16116if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16117 $EGREP "ut_time" >/dev/null 2>&1; then :
16118 eval "$ossh_varname=yes"
16119else
16120 eval "$ossh_varname=no"
16121fi
16122rm -f conftest*
16123
16124fi
16125
16126 ossh_result=`eval 'echo $'"$ossh_varname"`
16127 if test -n "`echo $ossh_varname`"; then
16128 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16129$as_echo "$ossh_result" >&6; }
16130 if test "x$ossh_result" = "xyes"; then
16131
16132$as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h
16133
16134 fi
16135 else
16136 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16137$as_echo "no" >&6; }
16138 fi
16139
16140
16141# look for field 'ut_tv' in header 'utmpx.h'
16142 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
16143 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
16144 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5
16145$as_echo_n "checking for ut_tv field in utmpx.h... " >&6; }
16146 if eval \${$ossh_varname+:} false; then :
16147 $as_echo_n "(cached) " >&6
16148else
16149
16150 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16151/* end confdefs.h. */
16152#include <utmpx.h>
16153
16154_ACEOF
16155if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
16156 $EGREP "ut_tv" >/dev/null 2>&1; then :
16157 eval "$ossh_varname=yes"
16158else
16159 eval "$ossh_varname=no"
16160fi
16161rm -f conftest*
16162
16163fi
16164
16165 ossh_result=`eval 'echo $'"$ossh_varname"`
16166 if test -n "`echo $ossh_varname`"; then
16167 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
16168$as_echo "$ossh_result" >&6; }
16169 if test "x$ossh_result" = "xyes"; then
16170
16171$as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h
16172
16173 fi
16174 else
16175 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16176$as_echo "no" >&6; }
16177 fi
16178
16179
16180ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default"
16181if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then :
16182
16183cat >>confdefs.h <<_ACEOF
16184#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
16185_ACEOF
16186
16187
16188fi
16189
16190ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" "
16191#include <sys/types.h>
16192#include <pwd.h>
16193
16194"
16195if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then :
16196
16197cat >>confdefs.h <<_ACEOF
16198#define HAVE_STRUCT_PASSWD_PW_GECOS 1
16199_ACEOF
16200
16201
16202fi
16203ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" "
16204#include <sys/types.h>
16205#include <pwd.h>
16206
16207"
16208if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then :
16209
16210cat >>confdefs.h <<_ACEOF
16211#define HAVE_STRUCT_PASSWD_PW_CLASS 1
16212_ACEOF
16213
16214
16215fi
16216ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" "
16217#include <sys/types.h>
16218#include <pwd.h>
16219
16220"
16221if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then :
16222
16223cat >>confdefs.h <<_ACEOF
16224#define HAVE_STRUCT_PASSWD_PW_CHANGE 1
16225_ACEOF
16226
16227
16228fi
16229ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" "
16230#include <sys/types.h>
16231#include <pwd.h>
16232
16233"
16234if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then :
16235
16236cat >>confdefs.h <<_ACEOF
16237#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1
16238_ACEOF
16239
16240
16241fi
16242
16243
16244ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" "
16245#include <stdio.h>
16246#if HAVE_SYS_TYPES_H
16247# include <sys/types.h>
16248#endif
16249#include <netinet/in.h>
16250#include <arpa/nameser.h>
16251#include <resolv.h>
16252
16253"
16254if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then :
16255
16256else
16257
16258$as_echo "#define __res_state state" >>confdefs.h
16259
16260fi
16261
16262
16263{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5
16264$as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; }
16265if ${ac_cv_have_ss_family_in_struct_ss+:} false; then :
16266 $as_echo_n "(cached) " >&6
16267else
16268
16269 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16270/* end confdefs.h. */
16271
16272#include <sys/types.h>
16273#include <sys/socket.h>
16274
16275int
16276main ()
16277{
16278 struct sockaddr_storage s; s.ss_family = 1;
16279 ;
16280 return 0;
16281}
16282_ACEOF
16283if ac_fn_c_try_compile "$LINENO"; then :
16284 ac_cv_have_ss_family_in_struct_ss="yes"
16285else
16286 ac_cv_have_ss_family_in_struct_ss="no"
16287fi
16288rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16289
16290fi
16291{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5
16292$as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; }
16293if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
16294
16295$as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h
16296
16297fi
16298
16299{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5
16300$as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; }
16301if ${ac_cv_have___ss_family_in_struct_ss+:} false; then :
16302 $as_echo_n "(cached) " >&6
16303else
16304
16305 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16306/* end confdefs.h. */
16307
16308#include <sys/types.h>
16309#include <sys/socket.h>
16310
16311int
16312main ()
16313{
16314 struct sockaddr_storage s; s.__ss_family = 1;
16315 ;
16316 return 0;
16317}
16318_ACEOF
16319if ac_fn_c_try_compile "$LINENO"; then :
16320 ac_cv_have___ss_family_in_struct_ss="yes"
16321else
16322 ac_cv_have___ss_family_in_struct_ss="no"
16323
16324fi
16325rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16326
16327fi
16328{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5
16329$as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; }
16330if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
16331
16332$as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h
16333
16334fi
16335
16336{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5
16337$as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; }
16338if ${ac_cv_have_accrights_in_msghdr+:} false; then :
16339 $as_echo_n "(cached) " >&6
16340else
16341
16342 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16343/* end confdefs.h. */
16344
16345#include <sys/types.h>
16346#include <sys/socket.h>
16347#include <sys/uio.h>
16348
16349int
16350main ()
16351{
16352
16353#ifdef msg_accrights
16354#error "msg_accrights is a macro"
16355exit(1);
16356#endif
16357struct msghdr m;
16358m.msg_accrights = 0;
16359exit(0);
16360
16361 ;
16362 return 0;
16363}
16364_ACEOF
16365if ac_fn_c_try_compile "$LINENO"; then :
16366 ac_cv_have_accrights_in_msghdr="yes"
16367else
16368 ac_cv_have_accrights_in_msghdr="no"
16369
16370fi
16371rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16372
16373fi
16374{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5
16375$as_echo "$ac_cv_have_accrights_in_msghdr" >&6; }
16376if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
16377
16378$as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h
16379
16380fi
16381
16382{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5
16383$as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; }
16384cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16385/* end confdefs.h. */
16386
16387#include <sys/param.h>
16388#include <sys/stat.h>
16389#ifdef HAVE_SYS_TIME_H
16390# include <sys/time.h>
16391#endif
16392#ifdef HAVE_SYS_MOUNT_H
16393#include <sys/mount.h>
16394#endif
16395#ifdef HAVE_SYS_STATVFS_H
16396#include <sys/statvfs.h>
16397#endif
16398
16399int
16400main ()
16401{
16402 struct statvfs s; s.f_fsid = 0;
16403 ;
16404 return 0;
16405}
16406_ACEOF
16407if ac_fn_c_try_compile "$LINENO"; then :
16408 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16409$as_echo "yes" >&6; }
16410else
16411 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16412$as_echo "no" >&6; }
16413
16414 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5
16415$as_echo_n "checking if fsid_t has member val... " >&6; }
16416 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16417/* end confdefs.h. */
16418
16419#include <sys/types.h>
16420#include <sys/statvfs.h>
16421
16422int
16423main ()
16424{
16425 fsid_t t; t.val[0] = 0;
16426 ;
16427 return 0;
16428}
16429_ACEOF
16430if ac_fn_c_try_compile "$LINENO"; then :
16431 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16432$as_echo "yes" >&6; }
16433
16434$as_echo "#define FSID_HAS_VAL 1" >>confdefs.h
16435
16436else
16437 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16438$as_echo "no" >&6; }
16439fi
16440rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16441
16442 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5
16443$as_echo_n "checking if f_fsid has member __val... " >&6; }
16444 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16445/* end confdefs.h. */
16446
16447#include <sys/types.h>
16448#include <sys/statvfs.h>
16449
16450int
16451main ()
16452{
16453 fsid_t t; t.__val[0] = 0;
16454 ;
16455 return 0;
16456}
16457_ACEOF
16458if ac_fn_c_try_compile "$LINENO"; then :
16459 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
16460$as_echo "yes" >&6; }
16461
16462$as_echo "#define FSID_HAS___VAL 1" >>confdefs.h
16463
16464else
16465 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
16466$as_echo "no" >&6; }
16467fi
16468rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16469
16470fi
16471rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16472
16473{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5
16474$as_echo_n "checking for msg_control field in struct msghdr... " >&6; }
16475if ${ac_cv_have_control_in_msghdr+:} false; then :
16476 $as_echo_n "(cached) " >&6
16477else
16478
16479 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16480/* end confdefs.h. */
16481
16482#include <sys/types.h>
16483#include <sys/socket.h>
16484#include <sys/uio.h>
16485
16486int
16487main ()
16488{
16489
16490#ifdef msg_control
16491#error "msg_control is a macro"
16492exit(1);
16493#endif
16494struct msghdr m;
16495m.msg_control = 0;
16496exit(0);
16497
16498 ;
16499 return 0;
16500}
16501_ACEOF
16502if ac_fn_c_try_compile "$LINENO"; then :
16503 ac_cv_have_control_in_msghdr="yes"
16504else
16505 ac_cv_have_control_in_msghdr="no"
16506
16507fi
16508rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
16509
16510fi
16511{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5
16512$as_echo "$ac_cv_have_control_in_msghdr" >&6; }
16513if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
16514
16515$as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h
16516
16517fi
16518
16519{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5
16520$as_echo_n "checking if libc defines __progname... " >&6; }
16521if ${ac_cv_libc_defines___progname+:} false; then :
16522 $as_echo_n "(cached) " >&6
16523else
16524
16525 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16526/* end confdefs.h. */
16527
16528int
16529main ()
16530{
16531 extern char *__progname; printf("%s", __progname);
16532 ;
16533 return 0;
16534}
16535_ACEOF
16536if ac_fn_c_try_link "$LINENO"; then :
16537 ac_cv_libc_defines___progname="yes"
16538else
16539 ac_cv_libc_defines___progname="no"
16540
16541fi
16542rm -f core conftest.err conftest.$ac_objext \
16543 conftest$ac_exeext conftest.$ac_ext
16544
16545fi
16546{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5
16547$as_echo "$ac_cv_libc_defines___progname" >&6; }
16548if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
16549
16550$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h
16551
16552fi
16553
16554{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5
16555$as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; }
16556if ${ac_cv_cc_implements___FUNCTION__+:} false; then :
16557 $as_echo_n "(cached) " >&6
16558else
16559
16560 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16561/* end confdefs.h. */
16562 #include <stdio.h>
16563int
16564main ()
16565{
16566 printf("%s", __FUNCTION__);
16567 ;
16568 return 0;
16569}
16570_ACEOF
16571if ac_fn_c_try_link "$LINENO"; then :
16572 ac_cv_cc_implements___FUNCTION__="yes"
16573else
16574 ac_cv_cc_implements___FUNCTION__="no"
16575
16576fi
16577rm -f core conftest.err conftest.$ac_objext \
16578 conftest$ac_exeext conftest.$ac_ext
16579
16580fi
16581{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5
16582$as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; }
16583if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
16584
16585$as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h
16586
16587fi
16588
16589{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5
16590$as_echo_n "checking whether $CC implements __func__... " >&6; }
16591if ${ac_cv_cc_implements___func__+:} false; then :
16592 $as_echo_n "(cached) " >&6
16593else
16594
16595 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16596/* end confdefs.h. */
16597 #include <stdio.h>
16598int
16599main ()
16600{
16601 printf("%s", __func__);
16602 ;
16603 return 0;
16604}
16605_ACEOF
16606if ac_fn_c_try_link "$LINENO"; then :
16607 ac_cv_cc_implements___func__="yes"
16608else
16609 ac_cv_cc_implements___func__="no"
16610
16611fi
16612rm -f core conftest.err conftest.$ac_objext \
16613 conftest$ac_exeext conftest.$ac_ext
16614
16615fi
16616{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5
16617$as_echo "$ac_cv_cc_implements___func__" >&6; }
16618if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
16619
16620$as_echo "#define HAVE___func__ 1" >>confdefs.h
16621
16622fi
16623
16624{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5
16625$as_echo_n "checking whether va_copy exists... " >&6; }
16626if ${ac_cv_have_va_copy+:} false; then :
16627 $as_echo_n "(cached) " >&6
16628else
16629
16630 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16631/* end confdefs.h. */
16632
16633#include <stdarg.h>
16634va_list x,y;
16635
16636int
16637main ()
16638{
16639 va_copy(x,y);
16640 ;
16641 return 0;
16642}
16643_ACEOF
16644if ac_fn_c_try_link "$LINENO"; then :
16645 ac_cv_have_va_copy="yes"
16646else
16647 ac_cv_have_va_copy="no"
16648
16649fi
16650rm -f core conftest.err conftest.$ac_objext \
16651 conftest$ac_exeext conftest.$ac_ext
16652
16653fi
16654{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5
16655$as_echo "$ac_cv_have_va_copy" >&6; }
16656if test "x$ac_cv_have_va_copy" = "xyes" ; then
16657
16658$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h
16659
16660fi
16661
16662{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5
16663$as_echo_n "checking whether __va_copy exists... " >&6; }
16664if ${ac_cv_have___va_copy+:} false; then :
16665 $as_echo_n "(cached) " >&6
16666else
16667
16668 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16669/* end confdefs.h. */
16670
16671#include <stdarg.h>
16672va_list x,y;
16673
16674int
16675main ()
16676{
16677 __va_copy(x,y);
16678 ;
16679 return 0;
16680}
16681_ACEOF
16682if ac_fn_c_try_link "$LINENO"; then :
16683 ac_cv_have___va_copy="yes"
16684else
16685 ac_cv_have___va_copy="no"
16686
16687fi
16688rm -f core conftest.err conftest.$ac_objext \
16689 conftest$ac_exeext conftest.$ac_ext
16690
16691fi
16692{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5
16693$as_echo "$ac_cv_have___va_copy" >&6; }
16694if test "x$ac_cv_have___va_copy" = "xyes" ; then
16695
16696$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h
16697
16698fi
16699
16700{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5
16701$as_echo_n "checking whether getopt has optreset support... " >&6; }
16702if ${ac_cv_have_getopt_optreset+:} false; then :
16703 $as_echo_n "(cached) " >&6
16704else
16705
16706 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16707/* end confdefs.h. */
16708 #include <getopt.h>
16709int
16710main ()
16711{
16712 extern int optreset; optreset = 0;
16713 ;
16714 return 0;
16715}
16716_ACEOF
16717if ac_fn_c_try_link "$LINENO"; then :
16718 ac_cv_have_getopt_optreset="yes"
16719else
16720 ac_cv_have_getopt_optreset="no"
16721
16722fi
16723rm -f core conftest.err conftest.$ac_objext \
16724 conftest$ac_exeext conftest.$ac_ext
16725
16726fi
16727{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5
16728$as_echo "$ac_cv_have_getopt_optreset" >&6; }
16729if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
16730
16731$as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h
16732
16733fi
16734
16735{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5
16736$as_echo_n "checking if libc defines sys_errlist... " >&6; }
16737if ${ac_cv_libc_defines_sys_errlist+:} false; then :
16738 $as_echo_n "(cached) " >&6
16739else
16740
16741 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16742/* end confdefs.h. */
16743
16744int
16745main ()
16746{
16747 extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);
16748 ;
16749 return 0;
16750}
16751_ACEOF
16752if ac_fn_c_try_link "$LINENO"; then :
16753 ac_cv_libc_defines_sys_errlist="yes"
16754else
16755 ac_cv_libc_defines_sys_errlist="no"
16756
16757fi
16758rm -f core conftest.err conftest.$ac_objext \
16759 conftest$ac_exeext conftest.$ac_ext
16760
16761fi
16762{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5
16763$as_echo "$ac_cv_libc_defines_sys_errlist" >&6; }
16764if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
16765
16766$as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h
16767
16768fi
16769
16770
16771{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5
16772$as_echo_n "checking if libc defines sys_nerr... " >&6; }
16773if ${ac_cv_libc_defines_sys_nerr+:} false; then :
16774 $as_echo_n "(cached) " >&6
16775else
16776
16777 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16778/* end confdefs.h. */
16779
16780int
16781main ()
16782{
16783 extern int sys_nerr; printf("%i", sys_nerr);
16784 ;
16785 return 0;
16786}
16787_ACEOF
16788if ac_fn_c_try_link "$LINENO"; then :
16789 ac_cv_libc_defines_sys_nerr="yes"
16790else
16791 ac_cv_libc_defines_sys_nerr="no"
16792
16793fi
16794rm -f core conftest.err conftest.$ac_objext \
16795 conftest$ac_exeext conftest.$ac_ext
16796
16797fi
16798{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5
16799$as_echo "$ac_cv_libc_defines_sys_nerr" >&6; }
16800if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
16801
16802$as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h
16803
16804fi
16805
16806# Check libraries needed by DNS fingerprint support
16807{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5
16808$as_echo_n "checking for library containing getrrsetbyname... " >&6; }
16809if ${ac_cv_search_getrrsetbyname+:} false; then :
16810 $as_echo_n "(cached) " >&6
16811else
16812 ac_func_search_save_LIBS=$LIBS
16813cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16814/* end confdefs.h. */
16815
16816/* Override any GCC internal prototype to avoid an error.
16817 Use char because int might match the return type of a GCC
16818 builtin and then its argument prototype would still apply. */
16819#ifdef __cplusplus
16820extern "C"
16821#endif
16822char getrrsetbyname ();
16823int
16824main ()
16825{
16826return getrrsetbyname ();
16827 ;
16828 return 0;
16829}
16830_ACEOF
16831for ac_lib in '' resolv; do
16832 if test -z "$ac_lib"; then
16833 ac_res="none required"
16834 else
16835 ac_res=-l$ac_lib
16836 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
16837 fi
16838 if ac_fn_c_try_link "$LINENO"; then :
16839 ac_cv_search_getrrsetbyname=$ac_res
16840fi
16841rm -f core conftest.err conftest.$ac_objext \
16842 conftest$ac_exeext
16843 if ${ac_cv_search_getrrsetbyname+:} false; then :
16844 break
16845fi
16846done
16847if ${ac_cv_search_getrrsetbyname+:} false; then :
16848
16849else
16850 ac_cv_search_getrrsetbyname=no
16851fi
16852rm conftest.$ac_ext
16853LIBS=$ac_func_search_save_LIBS
16854fi
16855{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5
16856$as_echo "$ac_cv_search_getrrsetbyname" >&6; }
16857ac_res=$ac_cv_search_getrrsetbyname
16858if test "$ac_res" != no; then :
16859 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
16860
16861$as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h
16862
16863else
16864
16865 # Needed by our getrrsetbyname()
16866 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5
16867$as_echo_n "checking for library containing res_query... " >&6; }
16868if ${ac_cv_search_res_query+:} false; then :
16869 $as_echo_n "(cached) " >&6
16870else
16871 ac_func_search_save_LIBS=$LIBS
16872cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16873/* end confdefs.h. */
16874
16875/* Override any GCC internal prototype to avoid an error.
16876 Use char because int might match the return type of a GCC
16877 builtin and then its argument prototype would still apply. */
16878#ifdef __cplusplus
16879extern "C"
16880#endif
16881char res_query ();
16882int
16883main ()
16884{
16885return res_query ();
16886 ;
16887 return 0;
16888}
16889_ACEOF
16890for ac_lib in '' resolv; do
16891 if test -z "$ac_lib"; then
16892 ac_res="none required"
16893 else
16894 ac_res=-l$ac_lib
16895 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
16896 fi
16897 if ac_fn_c_try_link "$LINENO"; then :
16898 ac_cv_search_res_query=$ac_res
16899fi
16900rm -f core conftest.err conftest.$ac_objext \
16901 conftest$ac_exeext
16902 if ${ac_cv_search_res_query+:} false; then :
16903 break
16904fi
16905done
16906if ${ac_cv_search_res_query+:} false; then :
16907
16908else
16909 ac_cv_search_res_query=no
16910fi
16911rm conftest.$ac_ext
16912LIBS=$ac_func_search_save_LIBS
16913fi
16914{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5
16915$as_echo "$ac_cv_search_res_query" >&6; }
16916ac_res=$ac_cv_search_res_query
16917if test "$ac_res" != no; then :
16918 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
16919
16920fi
16921
16922 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
16923$as_echo_n "checking for library containing dn_expand... " >&6; }
16924if ${ac_cv_search_dn_expand+:} false; then :
16925 $as_echo_n "(cached) " >&6
16926else
16927 ac_func_search_save_LIBS=$LIBS
16928cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16929/* end confdefs.h. */
16930
16931/* Override any GCC internal prototype to avoid an error.
16932 Use char because int might match the return type of a GCC
16933 builtin and then its argument prototype would still apply. */
16934#ifdef __cplusplus
16935extern "C"
16936#endif
16937char dn_expand ();
16938int
16939main ()
16940{
16941return dn_expand ();
16942 ;
16943 return 0;
16944}
16945_ACEOF
16946for ac_lib in '' resolv; do
16947 if test -z "$ac_lib"; then
16948 ac_res="none required"
16949 else
16950 ac_res=-l$ac_lib
16951 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
16952 fi
16953 if ac_fn_c_try_link "$LINENO"; then :
16954 ac_cv_search_dn_expand=$ac_res
16955fi
16956rm -f core conftest.err conftest.$ac_objext \
16957 conftest$ac_exeext
16958 if ${ac_cv_search_dn_expand+:} false; then :
16959 break
16960fi
16961done
16962if ${ac_cv_search_dn_expand+:} false; then :
16963
16964else
16965 ac_cv_search_dn_expand=no
16966fi
16967rm conftest.$ac_ext
16968LIBS=$ac_func_search_save_LIBS
16969fi
16970{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
16971$as_echo "$ac_cv_search_dn_expand" >&6; }
16972ac_res=$ac_cv_search_dn_expand
16973if test "$ac_res" != no; then :
16974 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
16975
16976fi
16977
16978 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5
16979$as_echo_n "checking if res_query will link... " >&6; }
16980 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
16981/* end confdefs.h. */
16982
16983#include <sys/types.h>
16984#include <netinet/in.h>
16985#include <arpa/nameser.h>
16986#include <netdb.h>
16987#include <resolv.h>
16988
16989int
16990main ()
16991{
16992
16993 res_query (0, 0, 0, 0, 0);
16994
16995 ;
16996 return 0;
16997}
16998_ACEOF
16999if ac_fn_c_try_link "$LINENO"; then :
17000 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17001$as_echo "yes" >&6; }
17002else
17003 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17004$as_echo "no" >&6; }
17005 saved_LIBS="$LIBS"
17006 LIBS="$LIBS -lresolv"
17007 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
17008$as_echo_n "checking for res_query in -lresolv... " >&6; }
17009 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17010/* end confdefs.h. */
17011
17012#include <sys/types.h>
17013#include <netinet/in.h>
17014#include <arpa/nameser.h>
17015#include <netdb.h>
17016#include <resolv.h>
17017
17018int
17019main ()
17020{
17021
17022 res_query (0, 0, 0, 0, 0);
17023
17024 ;
17025 return 0;
17026}
17027_ACEOF
17028if ac_fn_c_try_link "$LINENO"; then :
17029 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17030$as_echo "yes" >&6; }
17031else
17032 LIBS="$saved_LIBS"
17033 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17034$as_echo "no" >&6; }
17035fi
17036rm -f core conftest.err conftest.$ac_objext \
17037 conftest$ac_exeext conftest.$ac_ext
17038
17039fi
17040rm -f core conftest.err conftest.$ac_objext \
17041 conftest$ac_exeext conftest.$ac_ext
17042 for ac_func in _getshort _getlong
17043do :
17044 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
17045ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
17046if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
17047 cat >>confdefs.h <<_ACEOF
17048#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
17049_ACEOF
17050
17051fi
17052done
17053
17054 ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h>
17055 #include <arpa/nameser.h>
17056"
17057if test "x$ac_cv_have_decl__getshort" = xyes; then :
17058 ac_have_decl=1
17059else
17060 ac_have_decl=0
17061fi
17062
17063cat >>confdefs.h <<_ACEOF
17064#define HAVE_DECL__GETSHORT $ac_have_decl
17065_ACEOF
17066ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h>
17067 #include <arpa/nameser.h>
17068"
17069if test "x$ac_cv_have_decl__getlong" = xyes; then :
17070 ac_have_decl=1
17071else
17072 ac_have_decl=0
17073fi
17074
17075cat >>confdefs.h <<_ACEOF
17076#define HAVE_DECL__GETLONG $ac_have_decl
17077_ACEOF
17078
17079 ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h>
17080"
17081if test "x$ac_cv_member_HEADER_ad" = xyes; then :
17082
17083$as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h
17084
17085fi
17086
17087
17088fi
17089
17090
17091{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5
17092$as_echo_n "checking if struct __res_state _res is an extern... " >&6; }
17093cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17094/* end confdefs.h. */
17095
17096#include <stdio.h>
17097#if HAVE_SYS_TYPES_H
17098# include <sys/types.h>
17099#endif
17100#include <netinet/in.h>
17101#include <arpa/nameser.h>
17102#include <resolv.h>
17103extern struct __res_state _res;
17104
17105int
17106main ()
17107{
17108
17109struct __res_state *volatile p = &_res; /* force resolution of _res */
17110return 0;
17111
17112 ;
17113 return 0;
17114}
17115_ACEOF
17116if ac_fn_c_try_link "$LINENO"; then :
17117 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17118$as_echo "yes" >&6; }
17119
17120$as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h
17121
17122
17123else
17124 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17125$as_echo "no" >&6; }
17126
17127fi
17128rm -f core conftest.err conftest.$ac_objext \
17129 conftest$ac_exeext conftest.$ac_ext
17130
17131# Check whether user wants SELinux support
17132SELINUX_MSG="no"
17133LIBSELINUX=""
17134
17135# Check whether --with-selinux was given.
17136if test "${with_selinux+set}" = set; then :
17137 withval=$with_selinux; if test "x$withval" != "xno" ; then
17138 save_LIBS="$LIBS"
17139
17140$as_echo "#define WITH_SELINUX 1" >>confdefs.h
17141
17142 SELINUX_MSG="yes"
17143 ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default"
17144if test "x$ac_cv_header_selinux_selinux_h" = xyes; then :
17145
17146else
17147 as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5
17148fi
17149
17150
17151 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5
17152$as_echo_n "checking for setexeccon in -lselinux... " >&6; }
17153if ${ac_cv_lib_selinux_setexeccon+:} false; then :
17154 $as_echo_n "(cached) " >&6
17155else
17156 ac_check_lib_save_LIBS=$LIBS
17157LIBS="-lselinux $LIBS"
17158cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17159/* end confdefs.h. */
17160
17161/* Override any GCC internal prototype to avoid an error.
17162 Use char because int might match the return type of a GCC
17163 builtin and then its argument prototype would still apply. */
17164#ifdef __cplusplus
17165extern "C"
17166#endif
17167char setexeccon ();
17168int
17169main ()
17170{
17171return setexeccon ();
17172 ;
17173 return 0;
17174}
17175_ACEOF
17176if ac_fn_c_try_link "$LINENO"; then :
17177 ac_cv_lib_selinux_setexeccon=yes
17178else
17179 ac_cv_lib_selinux_setexeccon=no
17180fi
17181rm -f core conftest.err conftest.$ac_objext \
17182 conftest$ac_exeext conftest.$ac_ext
17183LIBS=$ac_check_lib_save_LIBS
17184fi
17185{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5
17186$as_echo "$ac_cv_lib_selinux_setexeccon" >&6; }
17187if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then :
17188 LIBSELINUX="-lselinux"
17189 LIBS="$LIBS -lselinux"
17190
17191else
17192 as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5
17193fi
17194
17195 SSHLIBS="$SSHLIBS $LIBSELINUX"
17196 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
17197 for ac_func in getseuserbyname get_default_context_with_level
17198do :
17199 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
17200ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
17201if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
17202 cat >>confdefs.h <<_ACEOF
17203#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
17204_ACEOF
17205
17206fi
17207done
17208
17209 LIBS="$save_LIBS"
17210 fi
17211
17212fi
17213
17214
17215
17216
17217# Check whether user wants Kerberos 5 support
17218KRB5_MSG="no"
17219
17220# Check whether --with-kerberos5 was given.
17221if test "${with_kerberos5+set}" = set; then :
17222 withval=$with_kerberos5; if test "x$withval" != "xno" ; then
17223 if test "x$withval" = "xyes" ; then
17224 KRB5ROOT="/usr/local"
17225 else
17226 KRB5ROOT=${withval}
17227 fi
17228
17229
17230$as_echo "#define KRB5 1" >>confdefs.h
17231
17232 KRB5_MSG="yes"
17233
17234 if test -n "$ac_tool_prefix"; then
17235 # Extract the first word of "${ac_tool_prefix}krb5-config", so it can be a program name with args.
17236set dummy ${ac_tool_prefix}krb5-config; ac_word=$2
17237{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17238$as_echo_n "checking for $ac_word... " >&6; }
17239if ${ac_cv_path_KRB5CONF+:} false; then :
17240 $as_echo_n "(cached) " >&6
17241else
17242 case $KRB5CONF in
17243 [\\/]* | ?:[\\/]*)
17244 ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path.
17245 ;;
17246 *)
17247 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17248as_dummy="$KRB5ROOT/bin:$PATH"
17249for as_dir in $as_dummy
17250do
17251 IFS=$as_save_IFS
17252 test -z "$as_dir" && as_dir=.
17253 for ac_exec_ext in '' $ac_executable_extensions; do
17254 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
17255 ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext"
17256 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17257 break 2
17258 fi
17259done
17260 done
17261IFS=$as_save_IFS
17262
17263 ;;
17264esac
17265fi
17266KRB5CONF=$ac_cv_path_KRB5CONF
17267if test -n "$KRB5CONF"; then
17268 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5
17269$as_echo "$KRB5CONF" >&6; }
17270else
17271 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17272$as_echo "no" >&6; }
17273fi
17274
17275
17276fi
17277if test -z "$ac_cv_path_KRB5CONF"; then
17278 ac_pt_KRB5CONF=$KRB5CONF
17279 # Extract the first word of "krb5-config", so it can be a program name with args.
17280set dummy krb5-config; ac_word=$2
17281{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17282$as_echo_n "checking for $ac_word... " >&6; }
17283if ${ac_cv_path_ac_pt_KRB5CONF+:} false; then :
17284 $as_echo_n "(cached) " >&6
17285else
17286 case $ac_pt_KRB5CONF in
17287 [\\/]* | ?:[\\/]*)
17288 ac_cv_path_ac_pt_KRB5CONF="$ac_pt_KRB5CONF" # Let the user override the test with a path.
17289 ;;
17290 *)
17291 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17292as_dummy="$KRB5ROOT/bin:$PATH"
17293for as_dir in $as_dummy
17294do
17295 IFS=$as_save_IFS
17296 test -z "$as_dir" && as_dir=.
17297 for ac_exec_ext in '' $ac_executable_extensions; do
17298 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
17299 ac_cv_path_ac_pt_KRB5CONF="$as_dir/$ac_word$ac_exec_ext"
17300 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17301 break 2
17302 fi
17303done
17304 done
17305IFS=$as_save_IFS
17306
17307 ;;
17308esac
17309fi
17310ac_pt_KRB5CONF=$ac_cv_path_ac_pt_KRB5CONF
17311if test -n "$ac_pt_KRB5CONF"; then
17312 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_KRB5CONF" >&5
17313$as_echo "$ac_pt_KRB5CONF" >&6; }
17314else
17315 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17316$as_echo "no" >&6; }
17317fi
17318
17319 if test "x$ac_pt_KRB5CONF" = x; then
17320 KRB5CONF="$KRB5ROOT/bin/krb5-config"
17321 else
17322 case $cross_compiling:$ac_tool_warned in
17323yes:)
17324{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
17325$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
17326ac_tool_warned=yes ;;
17327esac
17328 KRB5CONF=$ac_pt_KRB5CONF
17329 fi
17330else
17331 KRB5CONF="$ac_cv_path_KRB5CONF"
17332fi
17333
17334 if test -x $KRB5CONF ; then
17335 K5CFLAGS="`$KRB5CONF --cflags`"
17336 K5LIBS="`$KRB5CONF --libs`"
17337 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
17338
17339 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5
17340$as_echo_n "checking for gssapi support... " >&6; }
17341 if $KRB5CONF | grep gssapi >/dev/null ; then
17342 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17343$as_echo "yes" >&6; }
17344
17345$as_echo "#define GSSAPI 1" >>confdefs.h
17346
17347 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
17348 GSSLIBS="`$KRB5CONF --libs gssapi`"
17349 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
17350 else
17351 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17352$as_echo "no" >&6; }
17353 fi
17354 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
17355$as_echo_n "checking whether we are using Heimdal... " >&6; }
17356 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17357/* end confdefs.h. */
17358 #include <krb5.h>
17359
17360int
17361main ()
17362{
17363 char *tmp = heimdal_version;
17364 ;
17365 return 0;
17366}
17367_ACEOF
17368if ac_fn_c_try_compile "$LINENO"; then :
17369 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17370$as_echo "yes" >&6; }
17371
17372$as_echo "#define HEIMDAL 1" >>confdefs.h
17373
17374else
17375 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17376$as_echo "no" >&6; }
17377
17378fi
17379rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
17380 else
17381 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
17382 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
17383 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
17384$as_echo_n "checking whether we are using Heimdal... " >&6; }
17385 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17386/* end confdefs.h. */
17387 #include <krb5.h>
17388
17389int
17390main ()
17391{
17392 char *tmp = heimdal_version;
17393 ;
17394 return 0;
17395}
17396_ACEOF
17397if ac_fn_c_try_compile "$LINENO"; then :
17398 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
17399$as_echo "yes" >&6; }
17400 $as_echo "#define HEIMDAL 1" >>confdefs.h
17401
17402 K5LIBS="-lkrb5"
17403 K5LIBS="$K5LIBS -lcom_err -lasn1"
17404 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5
17405$as_echo_n "checking for net_write in -lroken... " >&6; }
17406if ${ac_cv_lib_roken_net_write+:} false; then :
17407 $as_echo_n "(cached) " >&6
17408else
17409 ac_check_lib_save_LIBS=$LIBS
17410LIBS="-lroken $LIBS"
17411cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17412/* end confdefs.h. */
17413
17414/* Override any GCC internal prototype to avoid an error.
17415 Use char because int might match the return type of a GCC
17416 builtin and then its argument prototype would still apply. */
17417#ifdef __cplusplus
17418extern "C"
17419#endif
17420char net_write ();
17421int
17422main ()
17423{
17424return net_write ();
17425 ;
17426 return 0;
17427}
17428_ACEOF
17429if ac_fn_c_try_link "$LINENO"; then :
17430 ac_cv_lib_roken_net_write=yes
17431else
17432 ac_cv_lib_roken_net_write=no
17433fi
17434rm -f core conftest.err conftest.$ac_objext \
17435 conftest$ac_exeext conftest.$ac_ext
17436LIBS=$ac_check_lib_save_LIBS
17437fi
17438{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5
17439$as_echo "$ac_cv_lib_roken_net_write" >&6; }
17440if test "x$ac_cv_lib_roken_net_write" = xyes; then :
17441 K5LIBS="$K5LIBS -lroken"
17442fi
17443
17444 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
17445$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
17446if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then :
17447 $as_echo_n "(cached) " >&6
17448else
17449 ac_check_lib_save_LIBS=$LIBS
17450LIBS="-ldes $LIBS"
17451cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17452/* end confdefs.h. */
17453
17454/* Override any GCC internal prototype to avoid an error.
17455 Use char because int might match the return type of a GCC
17456 builtin and then its argument prototype would still apply. */
17457#ifdef __cplusplus
17458extern "C"
17459#endif
17460char des_cbc_encrypt ();
17461int
17462main ()
17463{
17464return des_cbc_encrypt ();
17465 ;
17466 return 0;
17467}
17468_ACEOF
17469if ac_fn_c_try_link "$LINENO"; then :
17470 ac_cv_lib_des_des_cbc_encrypt=yes
17471else
17472 ac_cv_lib_des_des_cbc_encrypt=no
17473fi
17474rm -f core conftest.err conftest.$ac_objext \
17475 conftest$ac_exeext conftest.$ac_ext
17476LIBS=$ac_check_lib_save_LIBS
17477fi
17478{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
17479$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
17480if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then :
17481 K5LIBS="$K5LIBS -ldes"
17482fi
17483
17484
17485else
17486 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17487$as_echo "no" >&6; }
17488 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
17489
17490fi
17491rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
17492 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
17493$as_echo_n "checking for library containing dn_expand... " >&6; }
17494if ${ac_cv_search_dn_expand+:} false; then :
17495 $as_echo_n "(cached) " >&6
17496else
17497 ac_func_search_save_LIBS=$LIBS
17498cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17499/* end confdefs.h. */
17500
17501/* Override any GCC internal prototype to avoid an error.
17502 Use char because int might match the return type of a GCC
17503 builtin and then its argument prototype would still apply. */
17504#ifdef __cplusplus
17505extern "C"
17506#endif
17507char dn_expand ();
17508int
17509main ()
17510{
17511return dn_expand ();
17512 ;
17513 return 0;
17514}
17515_ACEOF
17516for ac_lib in '' resolv; do
17517 if test -z "$ac_lib"; then
17518 ac_res="none required"
17519 else
17520 ac_res=-l$ac_lib
17521 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
17522 fi
17523 if ac_fn_c_try_link "$LINENO"; then :
17524 ac_cv_search_dn_expand=$ac_res
17525fi
17526rm -f core conftest.err conftest.$ac_objext \
17527 conftest$ac_exeext
17528 if ${ac_cv_search_dn_expand+:} false; then :
17529 break
17530fi
17531done
17532if ${ac_cv_search_dn_expand+:} false; then :
17533
17534else
17535 ac_cv_search_dn_expand=no
17536fi
17537rm conftest.$ac_ext
17538LIBS=$ac_func_search_save_LIBS
17539fi
17540{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
17541$as_echo "$ac_cv_search_dn_expand" >&6; }
17542ac_res=$ac_cv_search_dn_expand
17543if test "$ac_res" != no; then :
17544 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
17545
17546fi
17547
17548
17549 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5
17550$as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; }
17551if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then :
17552 $as_echo_n "(cached) " >&6
17553else
17554 ac_check_lib_save_LIBS=$LIBS
17555LIBS="-lgssapi_krb5 $LIBS"
17556cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17557/* end confdefs.h. */
17558
17559/* Override any GCC internal prototype to avoid an error.
17560 Use char because int might match the return type of a GCC
17561 builtin and then its argument prototype would still apply. */
17562#ifdef __cplusplus
17563extern "C"
17564#endif
17565char gss_init_sec_context ();
17566int
17567main ()
17568{
17569return gss_init_sec_context ();
17570 ;
17571 return 0;
17572}
17573_ACEOF
17574if ac_fn_c_try_link "$LINENO"; then :
17575 ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
17576else
17577 ac_cv_lib_gssapi_krb5_gss_init_sec_context=no
17578fi
17579rm -f core conftest.err conftest.$ac_objext \
17580 conftest$ac_exeext conftest.$ac_ext
17581LIBS=$ac_check_lib_save_LIBS
17582fi
17583{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
17584$as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; }
17585if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then :
17586 $as_echo "#define GSSAPI 1" >>confdefs.h
17587
17588 GSSLIBS="-lgssapi_krb5"
17589else
17590 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5
17591$as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; }
17592if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then :
17593 $as_echo_n "(cached) " >&6
17594else
17595 ac_check_lib_save_LIBS=$LIBS
17596LIBS="-lgssapi $LIBS"
17597cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17598/* end confdefs.h. */
17599
17600/* Override any GCC internal prototype to avoid an error.
17601 Use char because int might match the return type of a GCC
17602 builtin and then its argument prototype would still apply. */
17603#ifdef __cplusplus
17604extern "C"
17605#endif
17606char gss_init_sec_context ();
17607int
17608main ()
17609{
17610return gss_init_sec_context ();
17611 ;
17612 return 0;
17613}
17614_ACEOF
17615if ac_fn_c_try_link "$LINENO"; then :
17616 ac_cv_lib_gssapi_gss_init_sec_context=yes
17617else
17618 ac_cv_lib_gssapi_gss_init_sec_context=no
17619fi
17620rm -f core conftest.err conftest.$ac_objext \
17621 conftest$ac_exeext conftest.$ac_ext
17622LIBS=$ac_check_lib_save_LIBS
17623fi
17624{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
17625$as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; }
17626if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then :
17627 $as_echo "#define GSSAPI 1" >>confdefs.h
17628
17629 GSSLIBS="-lgssapi"
17630else
17631 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5
17632$as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; }
17633if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then :
17634 $as_echo_n "(cached) " >&6
17635else
17636 ac_check_lib_save_LIBS=$LIBS
17637LIBS="-lgss $LIBS"
17638cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17639/* end confdefs.h. */
17640
17641/* Override any GCC internal prototype to avoid an error.
17642 Use char because int might match the return type of a GCC
17643 builtin and then its argument prototype would still apply. */
17644#ifdef __cplusplus
17645extern "C"
17646#endif
17647char gss_init_sec_context ();
17648int
17649main ()
17650{
17651return gss_init_sec_context ();
17652 ;
17653 return 0;
17654}
17655_ACEOF
17656if ac_fn_c_try_link "$LINENO"; then :
17657 ac_cv_lib_gss_gss_init_sec_context=yes
17658else
17659 ac_cv_lib_gss_gss_init_sec_context=no
17660fi
17661rm -f core conftest.err conftest.$ac_objext \
17662 conftest$ac_exeext conftest.$ac_ext
17663LIBS=$ac_check_lib_save_LIBS
17664fi
17665{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5
17666$as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; }
17667if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then :
17668 $as_echo "#define GSSAPI 1" >>confdefs.h
17669
17670 GSSLIBS="-lgss"
17671else
17672 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
17673$as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;}
17674fi
17675
17676
17677fi
17678
17679
17680fi
17681
17682
17683 ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
17684if test "x$ac_cv_header_gssapi_h" = xyes; then :
17685
17686else
17687 unset ac_cv_header_gssapi_h
17688 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
17689 for ac_header in gssapi.h
17690do :
17691 ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
17692if test "x$ac_cv_header_gssapi_h" = xyes; then :
17693 cat >>confdefs.h <<_ACEOF
17694#define HAVE_GSSAPI_H 1
17695_ACEOF
17696
17697else
17698 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5
17699$as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;}
17700
17701fi
17702
17703done
17704
17705
17706
17707fi
17708
17709
17710
17711 oldCPP="$CPPFLAGS"
17712 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
17713 ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default"
17714if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then :
17715
17716else
17717 CPPFLAGS="$oldCPP"
17718fi
17719
17720
17721
17722 fi
17723 if test ! -z "$need_dash_r" ; then
17724 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
17725 fi
17726 if test ! -z "$blibpath" ; then
17727 blibpath="$blibpath:${KRB5ROOT}/lib"
17728 fi
17729
17730 for ac_header in gssapi.h gssapi/gssapi.h
17731do :
17732 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
17733ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
17734if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
17735 cat >>confdefs.h <<_ACEOF
17736#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
17737_ACEOF
17738
17739fi
17740
17741done
17742
17743 for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h
17744do :
17745 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
17746ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
17747if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
17748 cat >>confdefs.h <<_ACEOF
17749#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
17750_ACEOF
17751
17752fi
17753
17754done
17755
17756 for ac_header in gssapi_generic.h gssapi/gssapi_generic.h
17757do :
17758 as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
17759ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
17760if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
17761 cat >>confdefs.h <<_ACEOF
17762#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
17763_ACEOF
17764
17765fi
17766
17767done
17768
17769
17770 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5
17771$as_echo_n "checking for library containing k_hasafs... " >&6; }
17772if ${ac_cv_search_k_hasafs+:} false; then :
17773 $as_echo_n "(cached) " >&6
17774else
17775 ac_func_search_save_LIBS=$LIBS
17776cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17777/* end confdefs.h. */
17778
17779/* Override any GCC internal prototype to avoid an error.
17780 Use char because int might match the return type of a GCC
17781 builtin and then its argument prototype would still apply. */
17782#ifdef __cplusplus
17783extern "C"
17784#endif
17785char k_hasafs ();
17786int
17787main ()
17788{
17789return k_hasafs ();
17790 ;
17791 return 0;
17792}
17793_ACEOF
17794for ac_lib in '' kafs; do
17795 if test -z "$ac_lib"; then
17796 ac_res="none required"
17797 else
17798 ac_res=-l$ac_lib
17799 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
17800 fi
17801 if ac_fn_c_try_link "$LINENO"; then :
17802 ac_cv_search_k_hasafs=$ac_res
17803fi
17804rm -f core conftest.err conftest.$ac_objext \
17805 conftest$ac_exeext
17806 if ${ac_cv_search_k_hasafs+:} false; then :
17807 break
17808fi
17809done
17810if ${ac_cv_search_k_hasafs+:} false; then :
17811
17812else
17813 ac_cv_search_k_hasafs=no
17814fi
17815rm conftest.$ac_ext
17816LIBS=$ac_func_search_save_LIBS
17817fi
17818{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5
17819$as_echo "$ac_cv_search_k_hasafs" >&6; }
17820ac_res=$ac_cv_search_k_hasafs
17821if test "$ac_res" != no; then :
17822 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
17823
17824$as_echo "#define USE_AFS 1" >>confdefs.h
17825
17826fi
17827
17828
17829 ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" "
17830#ifdef HAVE_GSSAPI_H
17831# include <gssapi.h>
17832#elif defined(HAVE_GSSAPI_GSSAPI_H)
17833# include <gssapi/gssapi.h>
17834#endif
17835
17836#ifdef HAVE_GSSAPI_GENERIC_H
17837# include <gssapi_generic.h>
17838#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
17839# include <gssapi/gssapi_generic.h>
17840#endif
17841
17842"
17843if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then :
17844 ac_have_decl=1
17845else
17846 ac_have_decl=0
17847fi
17848
17849cat >>confdefs.h <<_ACEOF
17850#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl
17851_ACEOF
17852
17853 saved_LIBS="$LIBS"
17854 LIBS="$LIBS $K5LIBS"
17855 for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message
17856do :
17857 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
17858ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
17859if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
17860 cat >>confdefs.h <<_ACEOF
17861#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
17862_ACEOF
17863
17864fi
17865done
17866
17867 LIBS="$saved_LIBS"
17868
17869 fi
17870
17871
17872fi
17873
17874
17875
17876
17877# Looking for programs, paths and files
17878
17879PRIVSEP_PATH=/var/empty
17880
17881# Check whether --with-privsep-path was given.
17882if test "${with_privsep_path+set}" = set; then :
17883 withval=$with_privsep_path;
17884 if test -n "$withval" && test "x$withval" != "xno" && \
17885 test "x${withval}" != "xyes"; then
17886 PRIVSEP_PATH=$withval
17887 fi
17888
17889
17890fi
17891
17892
17893
17894
17895# Check whether --with-xauth was given.
17896if test "${with_xauth+set}" = set; then :
17897 withval=$with_xauth;
17898 if test -n "$withval" && test "x$withval" != "xno" && \
17899 test "x${withval}" != "xyes"; then
17900 xauth_path=$withval
17901 fi
17902
17903else
17904
17905 TestPath="$PATH"
17906 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
17907 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
17908 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
17909 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
17910 # Extract the first word of "xauth", so it can be a program name with args.
17911set dummy xauth; ac_word=$2
17912{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
17913$as_echo_n "checking for $ac_word... " >&6; }
17914if ${ac_cv_path_xauth_path+:} false; then :
17915 $as_echo_n "(cached) " >&6
17916else
17917 case $xauth_path in
17918 [\\/]* | ?:[\\/]*)
17919 ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path.
17920 ;;
17921 *)
17922 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
17923for as_dir in $TestPath
17924do
17925 IFS=$as_save_IFS
17926 test -z "$as_dir" && as_dir=.
17927 for ac_exec_ext in '' $ac_executable_extensions; do
17928 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
17929 ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext"
17930 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
17931 break 2
17932 fi
17933done
17934 done
17935IFS=$as_save_IFS
17936
17937 ;;
17938esac
17939fi
17940xauth_path=$ac_cv_path_xauth_path
17941if test -n "$xauth_path"; then
17942 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5
17943$as_echo "$xauth_path" >&6; }
17944else
17945 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
17946$as_echo "no" >&6; }
17947fi
17948
17949
17950 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
17951 xauth_path="/usr/openwin/bin/xauth"
17952 fi
17953
17954
17955fi
17956
17957
17958STRIP_OPT=-s
17959# Check whether --enable-strip was given.
17960if test "${enable_strip+set}" = set; then :
17961 enableval=$enable_strip;
17962 if test "x$enableval" = "xno" ; then
17963 STRIP_OPT=
17964 fi
17965
17966
17967fi
17968
17969
17970
17971if test -z "$xauth_path" ; then
17972 XAUTH_PATH="undefined"
17973
17974else
17975
17976cat >>confdefs.h <<_ACEOF
17977#define XAUTH_PATH "$xauth_path"
17978_ACEOF
17979
17980 XAUTH_PATH=$xauth_path
17981
17982fi
17983
17984# Check for mail directory
17985
17986# Check whether --with-maildir was given.
17987if test "${with_maildir+set}" = set; then :
17988 withval=$with_maildir;
17989 if test "X$withval" != X && test "x$withval" != xno && \
17990 test "x${withval}" != xyes; then
17991
17992cat >>confdefs.h <<_ACEOF
17993#define MAIL_DIRECTORY "$withval"
17994_ACEOF
17995
17996 fi
17997
17998else
17999
18000 if test "X$maildir" != "X"; then
18001 cat >>confdefs.h <<_ACEOF
18002#define MAIL_DIRECTORY "$maildir"
18003_ACEOF
18004
18005 else
18006 { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5
18007$as_echo_n "checking Discovering system mail directory... " >&6; }
18008 if test "$cross_compiling" = yes; then :
18009
18010 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5
18011$as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;}
18012
18013
18014else
18015 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18016/* end confdefs.h. */
18017
18018#include <stdio.h>
18019#include <string.h>
18020#ifdef HAVE_PATHS_H
18021#include <paths.h>
18022#endif
18023#ifdef HAVE_MAILLOCK_H
18024#include <maillock.h>
18025#endif
18026#define DATA "conftest.maildir"
18027
18028int
18029main ()
18030{
18031
18032 FILE *fd;
18033 int rc;
18034
18035 fd = fopen(DATA,"w");
18036 if(fd == NULL)
18037 exit(1);
18038
18039#if defined (_PATH_MAILDIR)
18040 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
18041 exit(1);
18042#elif defined (MAILDIR)
18043 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
18044 exit(1);
18045#elif defined (_PATH_MAIL)
18046 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
18047 exit(1);
18048#else
18049 exit (2);
18050#endif
18051
18052 exit(0);
18053
18054 ;
18055 return 0;
18056}
18057_ACEOF
18058if ac_fn_c_try_run "$LINENO"; then :
18059
18060 maildir_what=`awk -F: '{print $1}' conftest.maildir`
18061 maildir=`awk -F: '{print $2}' conftest.maildir \
18062 | sed 's|/$||'`
18063 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5
18064$as_echo "Using: $maildir from $maildir_what" >&6; }
18065 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
18066 cat >>confdefs.h <<_ACEOF
18067#define MAIL_DIRECTORY "$maildir"
18068_ACEOF
18069
18070 fi
18071
18072else
18073
18074 if test "X$ac_status" = "X2";then
18075# our test program didn't find it. Default to /var/spool/mail
18076 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5
18077$as_echo "Using: default value of /var/spool/mail" >&6; }
18078 cat >>confdefs.h <<_ACEOF
18079#define MAIL_DIRECTORY "/var/spool/mail"
18080_ACEOF
18081
18082 else
18083 { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5
18084$as_echo "*** not found ***" >&6; }
18085 fi
18086
18087fi
18088rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
18089 conftest.$ac_objext conftest.beam conftest.$ac_ext
18090fi
18091
18092 fi
18093
18094
18095fi
18096 # maildir
18097
18098if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
18099 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5
18100$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;}
18101 disable_ptmx_check=yes
18102fi
18103if test -z "$no_dev_ptmx" ; then
18104 if test "x$disable_ptmx_check" != "xyes" ; then
18105 as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh`
18106{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5
18107$as_echo_n "checking for \"/dev/ptmx\"... " >&6; }
18108if eval \${$as_ac_File+:} false; then :
18109 $as_echo_n "(cached) " >&6
18110else
18111 test "$cross_compiling" = yes &&
18112 as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
18113if test -r ""/dev/ptmx""; then
18114 eval "$as_ac_File=yes"
18115else
18116 eval "$as_ac_File=no"
18117fi
18118fi
18119eval ac_res=\$$as_ac_File
18120 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
18121$as_echo "$ac_res" >&6; }
18122if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
18123
18124
18125cat >>confdefs.h <<_ACEOF
18126#define HAVE_DEV_PTMX 1
18127_ACEOF
18128
18129 have_dev_ptmx=1
18130
18131
18132fi
18133
18134 fi
18135fi
18136
18137if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
18138 as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh`
18139{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5
18140$as_echo_n "checking for \"/dev/ptc\"... " >&6; }
18141if eval \${$as_ac_File+:} false; then :
18142 $as_echo_n "(cached) " >&6
18143else
18144 test "$cross_compiling" = yes &&
18145 as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
18146if test -r ""/dev/ptc""; then
18147 eval "$as_ac_File=yes"
18148else
18149 eval "$as_ac_File=no"
18150fi
18151fi
18152eval ac_res=\$$as_ac_File
18153 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
18154$as_echo "$ac_res" >&6; }
18155if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
18156
18157
18158cat >>confdefs.h <<_ACEOF
18159#define HAVE_DEV_PTS_AND_PTC 1
18160_ACEOF
18161
18162 have_dev_ptc=1
18163
18164
18165fi
18166
18167else
18168 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5
18169$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;}
18170fi
18171
18172# Options from here on. Some of these are preset by platform above
18173
18174# Check whether --with-mantype was given.
18175if test "${with_mantype+set}" = set; then :
18176 withval=$with_mantype;
18177 case "$withval" in
18178 man|cat|doc)
18179 MANTYPE=$withval
18180 ;;
18181 *)
18182 as_fn_error $? "invalid man type: $withval" "$LINENO" 5
18183 ;;
18184 esac
18185
18186
18187fi
18188
18189if test -z "$MANTYPE"; then
18190 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
18191 for ac_prog in nroff awf
18192do
18193 # Extract the first word of "$ac_prog", so it can be a program name with args.
18194set dummy $ac_prog; ac_word=$2
18195{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
18196$as_echo_n "checking for $ac_word... " >&6; }
18197if ${ac_cv_path_NROFF+:} false; then :
18198 $as_echo_n "(cached) " >&6
18199else
18200 case $NROFF in
18201 [\\/]* | ?:[\\/]*)
18202 ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
18203 ;;
18204 *)
18205 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
18206for as_dir in $TestPath
18207do
18208 IFS=$as_save_IFS
18209 test -z "$as_dir" && as_dir=.
18210 for ac_exec_ext in '' $ac_executable_extensions; do
18211 if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
18212 ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
18213 $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
18214 break 2
18215 fi
18216done
18217 done
18218IFS=$as_save_IFS
18219
18220 ;;
18221esac
18222fi
18223NROFF=$ac_cv_path_NROFF
18224if test -n "$NROFF"; then
18225 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
18226$as_echo "$NROFF" >&6; }
18227else
18228 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18229$as_echo "no" >&6; }
18230fi
18231
18232
18233 test -n "$NROFF" && break
18234done
18235test -n "$NROFF" || NROFF="/bin/false"
18236
18237 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
18238 MANTYPE=doc
18239 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
18240 MANTYPE=man
18241 else
18242 MANTYPE=cat
18243 fi
18244fi
18245
18246if test "$MANTYPE" = "doc"; then
18247 mansubdir=man;
18248else
18249 mansubdir=$MANTYPE;
18250fi
18251
18252
18253# Check whether to enable MD5 passwords
18254MD5_MSG="no"
18255
18256# Check whether --with-md5-passwords was given.
18257if test "${with_md5_passwords+set}" = set; then :
18258 withval=$with_md5_passwords;
18259 if test "x$withval" != "xno" ; then
18260
18261$as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h
18262
18263 MD5_MSG="yes"
18264 fi
18265
18266
18267fi
18268
18269
18270# Whether to disable shadow password support
18271
18272# Check whether --with-shadow was given.
18273if test "${with_shadow+set}" = set; then :
18274 withval=$with_shadow;
18275 if test "x$withval" = "xno" ; then
18276 $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
18277
18278 disable_shadow=yes
18279 fi
18280
18281
18282fi
18283
18284
18285if test -z "$disable_shadow" ; then
18286 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5
18287$as_echo_n "checking if the systems has expire shadow information... " >&6; }
18288 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18289/* end confdefs.h. */
18290
18291#include <sys/types.h>
18292#include <shadow.h>
18293struct spwd sp;
18294
18295int
18296main ()
18297{
18298 sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0;
18299 ;
18300 return 0;
18301}
18302_ACEOF
18303if ac_fn_c_try_compile "$LINENO"; then :
18304 sp_expire_available=yes
18305fi
18306rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18307
18308 if test "x$sp_expire_available" = "xyes" ; then
18309 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18310$as_echo "yes" >&6; }
18311
18312$as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h
18313
18314 else
18315 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18316$as_echo "no" >&6; }
18317 fi
18318fi
18319
18320# Use ip address instead of hostname in $DISPLAY
18321if test ! -z "$IPADDR_IN_DISPLAY" ; then
18322 DISPLAY_HACK_MSG="yes"
18323
18324$as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
18325
18326else
18327 DISPLAY_HACK_MSG="no"
18328
18329# Check whether --with-ipaddr-display was given.
18330if test "${with_ipaddr_display+set}" = set; then :
18331 withval=$with_ipaddr_display;
18332 if test "x$withval" != "xno" ; then
18333 $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
18334
18335 DISPLAY_HACK_MSG="yes"
18336 fi
18337
18338
18339fi
18340
18341fi
18342
18343# check for /etc/default/login and use it if present.
18344# Check whether --enable-etc-default-login was given.
18345if test "${enable_etc_default_login+set}" = set; then :
18346 enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then
18347 { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5
18348$as_echo "$as_me: /etc/default/login handling disabled" >&6;}
18349 etc_default_login=no
18350 else
18351 etc_default_login=yes
18352 fi
18353else
18354 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
18355 then
18356 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5
18357$as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;}
18358 etc_default_login=no
18359 else
18360 etc_default_login=yes
18361 fi
18362
18363fi
18364
18365
18366if test "x$etc_default_login" != "xno"; then
18367 as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh`
18368{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5
18369$as_echo_n "checking for \"/etc/default/login\"... " >&6; }
18370if eval \${$as_ac_File+:} false; then :
18371 $as_echo_n "(cached) " >&6
18372else
18373 test "$cross_compiling" = yes &&
18374 as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
18375if test -r ""/etc/default/login""; then
18376 eval "$as_ac_File=yes"
18377else
18378 eval "$as_ac_File=no"
18379fi
18380fi
18381eval ac_res=\$$as_ac_File
18382 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
18383$as_echo "$ac_res" >&6; }
18384if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
18385 external_path_file=/etc/default/login
18386fi
18387
18388 if test "x$external_path_file" = "x/etc/default/login"; then
18389
18390$as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h
18391
18392 fi
18393fi
18394
18395if test $ac_cv_func_login_getcapbool = "yes" && \
18396 test $ac_cv_header_login_cap_h = "yes" ; then
18397 external_path_file=/etc/login.conf
18398fi
18399
18400# Whether to mess with the default path
18401SERVER_PATH_MSG="(default)"
18402
18403# Check whether --with-default-path was given.
18404if test "${with_default_path+set}" = set; then :
18405 withval=$with_default_path;
18406 if test "x$external_path_file" = "x/etc/login.conf" ; then
18407 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
18408--with-default-path=PATH has no effect on this system.
18409Edit /etc/login.conf instead." >&5
18410$as_echo "$as_me: WARNING:
18411--with-default-path=PATH has no effect on this system.
18412Edit /etc/login.conf instead." >&2;}
18413 elif test "x$withval" != "xno" ; then
18414 if test ! -z "$external_path_file" ; then
18415 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
18416--with-default-path=PATH will only be used if PATH is not defined in
18417$external_path_file ." >&5
18418$as_echo "$as_me: WARNING:
18419--with-default-path=PATH will only be used if PATH is not defined in
18420$external_path_file ." >&2;}
18421 fi
18422 user_path="$withval"
18423 SERVER_PATH_MSG="$withval"
18424 fi
18425
18426else
18427 if test "x$external_path_file" = "x/etc/login.conf" ; then
18428 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
18429$as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;}
18430 else
18431 if test ! -z "$external_path_file" ; then
18432 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
18433If PATH is defined in $external_path_file, ensure the path to scp is included,
18434otherwise scp will not work." >&5
18435$as_echo "$as_me: WARNING:
18436If PATH is defined in $external_path_file, ensure the path to scp is included,
18437otherwise scp will not work." >&2;}
18438 fi
18439 if test "$cross_compiling" = yes; then :
18440 user_path="/usr/bin:/bin:/usr/sbin:/sbin"
18441
18442else
18443 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18444/* end confdefs.h. */
18445
18446/* find out what STDPATH is */
18447#include <stdio.h>
18448#ifdef HAVE_PATHS_H
18449# include <paths.h>
18450#endif
18451#ifndef _PATH_STDPATH
18452# ifdef _PATH_USERPATH /* Irix */
18453# define _PATH_STDPATH _PATH_USERPATH
18454# else
18455# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
18456# endif
18457#endif
18458#include <sys/types.h>
18459#include <sys/stat.h>
18460#include <fcntl.h>
18461#define DATA "conftest.stdpath"
18462
18463int
18464main ()
18465{
18466
18467 FILE *fd;
18468 int rc;
18469
18470 fd = fopen(DATA,"w");
18471 if(fd == NULL)
18472 exit(1);
18473
18474 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
18475 exit(1);
18476
18477 exit(0);
18478
18479 ;
18480 return 0;
18481}
18482_ACEOF
18483if ac_fn_c_try_run "$LINENO"; then :
18484 user_path=`cat conftest.stdpath`
18485else
18486 user_path="/usr/bin:/bin:/usr/sbin:/sbin"
18487fi
18488rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
18489 conftest.$ac_objext conftest.beam conftest.$ac_ext
18490fi
18491
18492# make sure $bindir is in USER_PATH so scp will work
18493 t_bindir="${bindir}"
18494 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
18495 t_bindir=`eval echo ${t_bindir}`
18496 case $t_bindir in
18497 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
18498 esac
18499 case $t_bindir in
18500 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
18501 esac
18502 done
18503 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
18504 if test $? -ne 0 ; then
18505 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
18506 if test $? -ne 0 ; then
18507 user_path=$user_path:$t_bindir
18508 { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5
18509$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; }
18510 fi
18511 fi
18512 fi
18513
18514fi
18515
18516if test "x$external_path_file" != "x/etc/login.conf" ; then
18517
18518cat >>confdefs.h <<_ACEOF
18519#define USER_PATH "$user_path"
18520_ACEOF
18521
18522
18523fi
18524
18525# Set superuser path separately to user path
18526
18527# Check whether --with-superuser-path was given.
18528if test "${with_superuser_path+set}" = set; then :
18529 withval=$with_superuser_path;
18530 if test -n "$withval" && test "x$withval" != "xno" && \
18531 test "x${withval}" != "xyes"; then
18532
18533cat >>confdefs.h <<_ACEOF
18534#define SUPERUSER_PATH "$withval"
18535_ACEOF
18536
18537 superuser_path=$withval
18538 fi
18539
18540
18541fi
18542
18543
18544
18545{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
18546$as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; }
18547IPV4_IN6_HACK_MSG="no"
18548
18549# Check whether --with-4in6 was given.
18550if test "${with_4in6+set}" = set; then :
18551 withval=$with_4in6;
18552 if test "x$withval" != "xno" ; then
18553 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18554$as_echo "yes" >&6; }
18555
18556$as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
18557
18558 IPV4_IN6_HACK_MSG="yes"
18559 else
18560 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18561$as_echo "no" >&6; }
18562 fi
18563
18564else
18565
18566 if test "x$inet6_default_4in6" = "xyes"; then
18567 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5
18568$as_echo "yes (default)" >&6; }
18569 $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
18570
18571 IPV4_IN6_HACK_MSG="yes"
18572 else
18573 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5
18574$as_echo "no (default)" >&6; }
18575 fi
18576
18577
18578fi
18579
18580
18581# Whether to enable BSD auth support
18582BSD_AUTH_MSG=no
18583
18584# Check whether --with-bsd-auth was given.
18585if test "${with_bsd_auth+set}" = set; then :
18586 withval=$with_bsd_auth;
18587 if test "x$withval" != "xno" ; then
18588
18589$as_echo "#define BSD_AUTH 1" >>confdefs.h
18590
18591 BSD_AUTH_MSG=yes
18592 fi
18593
18594
18595fi
18596
18597
18598# Where to place sshd.pid
18599piddir=/var/run
18600# make sure the directory exists
18601if test ! -d $piddir ; then
18602 piddir=`eval echo ${sysconfdir}`
18603 case $piddir in
18604 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
18605 esac
18606fi
18607
18608
18609# Check whether --with-pid-dir was given.
18610if test "${with_pid_dir+set}" = set; then :
18611 withval=$with_pid_dir;
18612 if test -n "$withval" && test "x$withval" != "xno" && \
18613 test "x${withval}" != "xyes"; then
18614 piddir=$withval
18615 if test ! -d $piddir ; then
18616 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5
18617$as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
18618 fi
18619 fi
18620
18621
18622fi
18623
18624
18625
18626cat >>confdefs.h <<_ACEOF
18627#define _PATH_SSH_PIDDIR "$piddir"
18628_ACEOF
18629
18630
18631
18632# Check whether --enable-lastlog was given.
18633if test "${enable_lastlog+set}" = set; then :
18634 enableval=$enable_lastlog;
18635 if test "x$enableval" = "xno" ; then
18636 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
18637
18638 fi
18639
18640
18641fi
18642
18643# Check whether --enable-utmp was given.
18644if test "${enable_utmp+set}" = set; then :
18645 enableval=$enable_utmp;
18646 if test "x$enableval" = "xno" ; then
18647 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
18648
18649 fi
18650
18651
18652fi
18653
18654# Check whether --enable-utmpx was given.
18655if test "${enable_utmpx+set}" = set; then :
18656 enableval=$enable_utmpx;
18657 if test "x$enableval" = "xno" ; then
18658
18659$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h
18660
18661 fi
18662
18663
18664fi
18665
18666# Check whether --enable-wtmp was given.
18667if test "${enable_wtmp+set}" = set; then :
18668 enableval=$enable_wtmp;
18669 if test "x$enableval" = "xno" ; then
18670 $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
18671
18672 fi
18673
18674
18675fi
18676
18677# Check whether --enable-wtmpx was given.
18678if test "${enable_wtmpx+set}" = set; then :
18679 enableval=$enable_wtmpx;
18680 if test "x$enableval" = "xno" ; then
18681
18682$as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
18683
18684 fi
18685
18686
18687fi
18688
18689# Check whether --enable-libutil was given.
18690if test "${enable_libutil+set}" = set; then :
18691 enableval=$enable_libutil;
18692 if test "x$enableval" = "xno" ; then
18693 $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
18694
18695 fi
18696
18697
18698fi
18699
18700# Check whether --enable-pututline was given.
18701if test "${enable_pututline+set}" = set; then :
18702 enableval=$enable_pututline;
18703 if test "x$enableval" = "xno" ; then
18704
18705$as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h
18706
18707 fi
18708
18709
18710fi
18711
18712# Check whether --enable-pututxline was given.
18713if test "${enable_pututxline+set}" = set; then :
18714 enableval=$enable_pututxline;
18715 if test "x$enableval" = "xno" ; then
18716
18717$as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h
18718
18719 fi
18720
18721
18722fi
18723
18724
18725# Check whether --with-lastlog was given.
18726if test "${with_lastlog+set}" = set; then :
18727 withval=$with_lastlog;
18728 if test "x$withval" = "xno" ; then
18729 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
18730
18731 elif test -n "$withval" && test "x${withval}" != "xyes"; then
18732 conf_lastlog_location=$withval
18733 fi
18734
18735
18736fi
18737
18738
18739
18740{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5
18741$as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; }
18742cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18743/* end confdefs.h. */
18744
18745#include <sys/types.h>
18746#include <utmp.h>
18747#ifdef HAVE_LASTLOG_H
18748# include <lastlog.h>
18749#endif
18750#ifdef HAVE_PATHS_H
18751# include <paths.h>
18752#endif
18753#ifdef HAVE_LOGIN_H
18754# include <login.h>
18755#endif
18756
18757int
18758main ()
18759{
18760 char *lastlog = LASTLOG_FILE;
18761 ;
18762 return 0;
18763}
18764_ACEOF
18765if ac_fn_c_try_compile "$LINENO"; then :
18766 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18767$as_echo "yes" >&6; }
18768else
18769
18770 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18771$as_echo "no" >&6; }
18772 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5
18773$as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; }
18774 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18775/* end confdefs.h. */
18776
18777#include <sys/types.h>
18778#include <utmp.h>
18779#ifdef HAVE_LASTLOG_H
18780# include <lastlog.h>
18781#endif
18782#ifdef HAVE_PATHS_H
18783# include <paths.h>
18784#endif
18785
18786int
18787main ()
18788{
18789 char *lastlog = _PATH_LASTLOG;
18790 ;
18791 return 0;
18792}
18793_ACEOF
18794if ac_fn_c_try_compile "$LINENO"; then :
18795 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18796$as_echo "yes" >&6; }
18797else
18798
18799 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18800$as_echo "no" >&6; }
18801 system_lastlog_path=no
18802
18803fi
18804rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18805
18806fi
18807rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18808
18809if test -z "$conf_lastlog_location"; then
18810 if test x"$system_lastlog_path" = x"no" ; then
18811 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
18812 if (test -d "$f" || test -f "$f") ; then
18813 conf_lastlog_location=$f
18814 fi
18815 done
18816 if test -z "$conf_lastlog_location"; then
18817 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5
18818$as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
18819 fi
18820 fi
18821fi
18822
18823if test -n "$conf_lastlog_location"; then
18824
18825cat >>confdefs.h <<_ACEOF
18826#define CONF_LASTLOG_FILE "$conf_lastlog_location"
18827_ACEOF
18828
18829fi
18830
18831{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5
18832$as_echo_n "checking if your system defines UTMP_FILE... " >&6; }
18833cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18834/* end confdefs.h. */
18835
18836#include <sys/types.h>
18837#include <utmp.h>
18838#ifdef HAVE_PATHS_H
18839# include <paths.h>
18840#endif
18841
18842int
18843main ()
18844{
18845 char *utmp = UTMP_FILE;
18846 ;
18847 return 0;
18848}
18849_ACEOF
18850if ac_fn_c_try_compile "$LINENO"; then :
18851 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18852$as_echo "yes" >&6; }
18853else
18854 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18855$as_echo "no" >&6; }
18856 system_utmp_path=no
18857
18858fi
18859rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18860if test -z "$conf_utmp_location"; then
18861 if test x"$system_utmp_path" = x"no" ; then
18862 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
18863 if test -f $f ; then
18864 conf_utmp_location=$f
18865 fi
18866 done
18867 if test -z "$conf_utmp_location"; then
18868 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
18869
18870 fi
18871 fi
18872fi
18873if test -n "$conf_utmp_location"; then
18874
18875cat >>confdefs.h <<_ACEOF
18876#define CONF_UTMP_FILE "$conf_utmp_location"
18877_ACEOF
18878
18879fi
18880
18881{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5
18882$as_echo_n "checking if your system defines WTMP_FILE... " >&6; }
18883cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18884/* end confdefs.h. */
18885
18886#include <sys/types.h>
18887#include <utmp.h>
18888#ifdef HAVE_PATHS_H
18889# include <paths.h>
18890#endif
18891
18892int
18893main ()
18894{
18895 char *wtmp = WTMP_FILE;
18896 ;
18897 return 0;
18898}
18899_ACEOF
18900if ac_fn_c_try_compile "$LINENO"; then :
18901 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18902$as_echo "yes" >&6; }
18903else
18904 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18905$as_echo "no" >&6; }
18906 system_wtmp_path=no
18907
18908fi
18909rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18910if test -z "$conf_wtmp_location"; then
18911 if test x"$system_wtmp_path" = x"no" ; then
18912 for f in /usr/adm/wtmp /var/log/wtmp; do
18913 if test -f $f ; then
18914 conf_wtmp_location=$f
18915 fi
18916 done
18917 if test -z "$conf_wtmp_location"; then
18918 $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
18919
18920 fi
18921 fi
18922fi
18923if test -n "$conf_wtmp_location"; then
18924
18925cat >>confdefs.h <<_ACEOF
18926#define CONF_WTMP_FILE "$conf_wtmp_location"
18927_ACEOF
18928
18929fi
18930
18931{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5
18932$as_echo_n "checking if your system defines WTMPX_FILE... " >&6; }
18933cat confdefs.h - <<_ACEOF >conftest.$ac_ext
18934/* end confdefs.h. */
18935
18936#include <sys/types.h>
18937#include <utmp.h>
18938#ifdef HAVE_UTMPX_H
18939#include <utmpx.h>
18940#endif
18941#ifdef HAVE_PATHS_H
18942# include <paths.h>
18943#endif
18944
18945int
18946main ()
18947{
18948 char *wtmpx = WTMPX_FILE;
18949 ;
18950 return 0;
18951}
18952_ACEOF
18953if ac_fn_c_try_compile "$LINENO"; then :
18954 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
18955$as_echo "yes" >&6; }
18956else
18957 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
18958$as_echo "no" >&6; }
18959 system_wtmpx_path=no
18960
18961fi
18962rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
18963if test -z "$conf_wtmpx_location"; then
18964 if test x"$system_wtmpx_path" = x"no" ; then
18965 $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
18966
18967 fi
18968else
18969
18970cat >>confdefs.h <<_ACEOF
18971#define CONF_WTMPX_FILE "$conf_wtmpx_location"
18972_ACEOF
18973
18974fi
18975
18976
18977if test ! -z "$blibpath" ; then
18978 LDFLAGS="$LDFLAGS $blibflags$blibpath"
18979 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5
18980$as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;}
18981fi
18982
18983ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" "
18984#ifdef HAVE_SYS_TYPES_H
18985#include <sys/types.h>
18986#endif
18987#ifdef HAVE_UTMP_H
18988#include <utmp.h>
18989#endif
18990#ifdef HAVE_UTMPX_H
18991#include <utmpx.h>
18992#endif
18993#ifdef HAVE_LASTLOG_H
18994#include <lastlog.h>
18995#endif
18996
18997"
18998if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then :
18999
19000else
19001
19002 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
19003 $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
19004
19005 fi
19006
19007fi
19008
19009
19010ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" "
19011#ifdef HAVE_SYS_TYPES_H
19012#include <sys/types.h>
19013#endif
19014#ifdef HAVE_UTMP_H
19015#include <utmp.h>
19016#endif
19017#ifdef HAVE_UTMPX_H
19018#include <utmpx.h>
19019#endif
19020#ifdef HAVE_LASTLOG_H
19021#include <lastlog.h>
19022#endif
19023
19024"
19025if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then :
19026
19027else
19028
19029 $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
19030
19031 $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
19032
19033
19034fi
19035
19036
19037CFLAGS="$CFLAGS $werror_flags"
19038
19039if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
19040 TEST_SSH_IPV6=no
19041else
19042 TEST_SSH_IPV6=yes
19043fi
19044ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default"
19045if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then :
19046 TEST_SSH_IPV6=no
19047fi
19048
19049TEST_SSH_IPV6=$TEST_SSH_IPV6
19050
19051TEST_SSH_UTF8=$TEST_SSH_UTF8
19052
19053TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS
19054
19055UNSUPPORTED_ALGORITHMS=$unsupported_algorithms
19056
19057
19058
19059ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh"
19060
19061cat >confcache <<\_ACEOF
19062# This file is a shell script that caches the results of configure
19063# tests run on this system so they can be shared between configure
19064# scripts and configure runs, see configure's option --config-cache.
19065# It is not useful on other systems. If it contains results you don't
19066# want to keep, you may remove or edit it.
19067#
19068# config.status only pays attention to the cache file if you give it
19069# the --recheck option to rerun configure.
19070#
19071# `ac_cv_env_foo' variables (set or unset) will be overridden when
19072# loading this file, other *unset* `ac_cv_foo' will be assigned the
19073# following values.
19074
19075_ACEOF
19076
19077# The following way of writing the cache mishandles newlines in values,
19078# but we know of no workaround that is simple, portable, and efficient.
19079# So, we kill variables containing newlines.
19080# Ultrix sh set writes to stderr and can't be redirected directly,
19081# and sets the high bit in the cache file unless we assign to the vars.
19082(
19083 for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
19084 eval ac_val=\$$ac_var
19085 case $ac_val in #(
19086 *${as_nl}*)
19087 case $ac_var in #(
19088 *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
19089$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
19090 esac
19091 case $ac_var in #(
19092 _ | IFS | as_nl) ;; #(
19093 BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
19094 *) { eval $ac_var=; unset $ac_var;} ;;
19095 esac ;;
19096 esac
19097 done
19098
19099 (set) 2>&1 |
19100 case $as_nl`(ac_space=' '; set) 2>&1` in #(
19101 *${as_nl}ac_space=\ *)
19102 # `set' does not quote correctly, so add quotes: double-quote
19103 # substitution turns \\\\ into \\, and sed turns \\ into \.
19104 sed -n \
19105 "s/'/'\\\\''/g;
19106 s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
19107 ;; #(
19108 *)
19109 # `set' quotes correctly as required by POSIX, so do not add quotes.
19110 sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
19111 ;;
19112 esac |
19113 sort
19114) |
19115 sed '
19116 /^ac_cv_env_/b end
19117 t clear
19118 :clear
19119 s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
19120 t end
19121 s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
19122 :end' >>confcache
19123if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
19124 if test -w "$cache_file"; then
19125 if test "x$cache_file" != "x/dev/null"; then
19126 { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
19127$as_echo "$as_me: updating cache $cache_file" >&6;}
19128 if test ! -f "$cache_file" || test -h "$cache_file"; then
19129 cat confcache >"$cache_file"
19130 else
19131 case $cache_file in #(
19132 */* | ?:*)
19133 mv -f confcache "$cache_file"$$ &&
19134 mv -f "$cache_file"$$ "$cache_file" ;; #(
19135 *)
19136 mv -f confcache "$cache_file" ;;
19137 esac
19138 fi
19139 fi
19140 else
19141 { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
19142$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
19143 fi
19144fi
19145rm -f confcache
19146
19147test "x$prefix" = xNONE && prefix=$ac_default_prefix
19148# Let make expand exec_prefix.
19149test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
19150
19151DEFS=-DHAVE_CONFIG_H
19152
19153ac_libobjs=
19154ac_ltlibobjs=
19155U=
19156for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
19157 # 1. Remove the extension, and $U if already installed.
19158 ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
19159 ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
19160 # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
19161 # will be set to the directory where LIBOBJS objects are built.
19162 as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
19163 as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
19164done
19165LIBOBJS=$ac_libobjs
19166
19167LTLIBOBJS=$ac_ltlibobjs
19168
19169
19170
19171
19172: "${CONFIG_STATUS=./config.status}"
19173ac_write_fail=0
19174ac_clean_files_save=$ac_clean_files
19175ac_clean_files="$ac_clean_files $CONFIG_STATUS"
19176{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
19177$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
19178as_write_fail=0
19179cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
19180#! $SHELL
19181# Generated by $as_me.
19182# Run this file to recreate the current configuration.
19183# Compiler output produced by configure, useful for debugging
19184# configure, is in config.log if it exists.
19185
19186debug=false
19187ac_cs_recheck=false
19188ac_cs_silent=false
19189
19190SHELL=\${CONFIG_SHELL-$SHELL}
19191export SHELL
19192_ASEOF
19193cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
19194## -------------------- ##
19195## M4sh Initialization. ##
19196## -------------------- ##
19197
19198# Be more Bourne compatible
19199DUALCASE=1; export DUALCASE # for MKS sh
19200if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
19201 emulate sh
19202 NULLCMD=:
19203 # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
19204 # is contrary to our usage. Disable this feature.
19205 alias -g '${1+"$@"}'='"$@"'
19206 setopt NO_GLOB_SUBST
19207else
19208 case `(set -o) 2>/dev/null` in #(
19209 *posix*) :
19210 set -o posix ;; #(
19211 *) :
19212 ;;
19213esac
19214fi
19215
19216
19217as_nl='
19218'
19219export as_nl
19220# Printing a long string crashes Solaris 7 /usr/bin/printf.
19221as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
19222as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
19223as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
19224# Prefer a ksh shell builtin over an external printf program on Solaris,
19225# but without wasting forks for bash or zsh.
19226if test -z "$BASH_VERSION$ZSH_VERSION" \
19227 && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
19228 as_echo='print -r --'
19229 as_echo_n='print -rn --'
19230elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
19231 as_echo='printf %s\n'
19232 as_echo_n='printf %s'
19233else
19234 if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
19235 as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
19236 as_echo_n='/usr/ucb/echo -n'
19237 else
19238 as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
19239 as_echo_n_body='eval
19240 arg=$1;
19241 case $arg in #(
19242 *"$as_nl"*)
19243 expr "X$arg" : "X\\(.*\\)$as_nl";
19244 arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
19245 esac;
19246 expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
19247 '
19248 export as_echo_n_body
19249 as_echo_n='sh -c $as_echo_n_body as_echo'
19250 fi
19251 export as_echo_body
19252 as_echo='sh -c $as_echo_body as_echo'
19253fi
19254
19255# The user is always right.
19256if test "${PATH_SEPARATOR+set}" != set; then
19257 PATH_SEPARATOR=:
19258 (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
19259 (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
19260 PATH_SEPARATOR=';'
19261 }
19262fi
19263
19264
19265# IFS
19266# We need space, tab and new line, in precisely that order. Quoting is
19267# there to prevent editors from complaining about space-tab.
19268# (If _AS_PATH_WALK were called with IFS unset, it would disable word
19269# splitting by setting IFS to empty value.)
19270IFS=" "" $as_nl"
19271
19272# Find who we are. Look in the path if we contain no directory separator.
19273as_myself=
19274case $0 in #((
19275 *[\\/]* ) as_myself=$0 ;;
19276 *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
19277for as_dir in $PATH
19278do
19279 IFS=$as_save_IFS
19280 test -z "$as_dir" && as_dir=.
19281 test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
19282 done
19283IFS=$as_save_IFS
19284
19285 ;;
19286esac
19287# We did not find ourselves, most probably we were run as `sh COMMAND'
19288# in which case we are not to be found in the path.
19289if test "x$as_myself" = x; then
19290 as_myself=$0
19291fi
19292if test ! -f "$as_myself"; then
19293 $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
19294 exit 1
19295fi
19296
19297# Unset variables that we do not need and which cause bugs (e.g. in
19298# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
19299# suppresses any "Segmentation fault" message there. '((' could
19300# trigger a bug in pdksh 5.2.14.
19301for as_var in BASH_ENV ENV MAIL MAILPATH
19302do eval test x\${$as_var+set} = xset \
19303 && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
19304done
19305PS1='$ '
19306PS2='> '
19307PS4='+ '
19308
19309# NLS nuisances.
19310LC_ALL=C
19311export LC_ALL
19312LANGUAGE=C
19313export LANGUAGE
19314
19315# CDPATH.
19316(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
19317
19318
19319# as_fn_error STATUS ERROR [LINENO LOG_FD]
19320# ----------------------------------------
19321# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
19322# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
19323# script with STATUS, using 1 if that was 0.
19324as_fn_error ()
19325{
19326 as_status=$1; test $as_status -eq 0 && as_status=1
19327 if test "$4"; then
19328 as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
19329 $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
19330 fi
19331 $as_echo "$as_me: error: $2" >&2
19332 as_fn_exit $as_status
19333} # as_fn_error
19334
19335
19336# as_fn_set_status STATUS
19337# -----------------------
19338# Set $? to STATUS, without forking.
19339as_fn_set_status ()
19340{
19341 return $1
19342} # as_fn_set_status
19343
19344# as_fn_exit STATUS
19345# -----------------
19346# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
19347as_fn_exit ()
19348{
19349 set +e
19350 as_fn_set_status $1
19351 exit $1
19352} # as_fn_exit
19353
19354# as_fn_unset VAR
19355# ---------------
19356# Portably unset VAR.
19357as_fn_unset ()
19358{
19359 { eval $1=; unset $1;}
19360}
19361as_unset=as_fn_unset
19362# as_fn_append VAR VALUE
19363# ----------------------
19364# Append the text in VALUE to the end of the definition contained in VAR. Take
19365# advantage of any shell optimizations that allow amortized linear growth over
19366# repeated appends, instead of the typical quadratic growth present in naive
19367# implementations.
19368if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
19369 eval 'as_fn_append ()
19370 {
19371 eval $1+=\$2
19372 }'
19373else
19374 as_fn_append ()
19375 {
19376 eval $1=\$$1\$2
19377 }
19378fi # as_fn_append
19379
19380# as_fn_arith ARG...
19381# ------------------
19382# Perform arithmetic evaluation on the ARGs, and store the result in the
19383# global $as_val. Take advantage of shells that can avoid forks. The arguments
19384# must be portable across $(()) and expr.
19385if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
19386 eval 'as_fn_arith ()
19387 {
19388 as_val=$(( $* ))
19389 }'
19390else
19391 as_fn_arith ()
19392 {
19393 as_val=`expr "$@" || test $? -eq 1`
19394 }
19395fi # as_fn_arith
19396
19397
19398if expr a : '\(a\)' >/dev/null 2>&1 &&
19399 test "X`expr 00001 : '.*\(...\)'`" = X001; then
19400 as_expr=expr
19401else
19402 as_expr=false
19403fi
19404
19405if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
19406 as_basename=basename
19407else
19408 as_basename=false
19409fi
19410
19411if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
19412 as_dirname=dirname
19413else
19414 as_dirname=false
19415fi
19416
19417as_me=`$as_basename -- "$0" ||
19418$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
19419 X"$0" : 'X\(//\)$' \| \
19420 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
19421$as_echo X/"$0" |
19422 sed '/^.*\/\([^/][^/]*\)\/*$/{
19423 s//\1/
19424 q
19425 }
19426 /^X\/\(\/\/\)$/{
19427 s//\1/
19428 q
19429 }
19430 /^X\/\(\/\).*/{
19431 s//\1/
19432 q
19433 }
19434 s/.*/./; q'`
19435
19436# Avoid depending upon Character Ranges.
19437as_cr_letters='abcdefghijklmnopqrstuvwxyz'
19438as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
19439as_cr_Letters=$as_cr_letters$as_cr_LETTERS
19440as_cr_digits='0123456789'
19441as_cr_alnum=$as_cr_Letters$as_cr_digits
19442
19443ECHO_C= ECHO_N= ECHO_T=
19444case `echo -n x` in #(((((
19445-n*)
19446 case `echo 'xy\c'` in
19447 *c*) ECHO_T=' ';; # ECHO_T is single tab character.
19448 xy) ECHO_C='\c';;
19449 *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
19450 ECHO_T=' ';;
19451 esac;;
19452*)
19453 ECHO_N='-n';;
19454esac
19455
19456rm -f conf$$ conf$$.exe conf$$.file
19457if test -d conf$$.dir; then
19458 rm -f conf$$.dir/conf$$.file
19459else
19460 rm -f conf$$.dir
19461 mkdir conf$$.dir 2>/dev/null
19462fi
19463if (echo >conf$$.file) 2>/dev/null; then
19464 if ln -s conf$$.file conf$$ 2>/dev/null; then
19465 as_ln_s='ln -s'
19466 # ... but there are two gotchas:
19467 # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
19468 # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
19469 # In both cases, we have to default to `cp -pR'.
19470 ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
19471 as_ln_s='cp -pR'
19472 elif ln conf$$.file conf$$ 2>/dev/null; then
19473 as_ln_s=ln
19474 else
19475 as_ln_s='cp -pR'
19476 fi
19477else
19478 as_ln_s='cp -pR'
19479fi
19480rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
19481rmdir conf$$.dir 2>/dev/null
19482
19483
19484# as_fn_mkdir_p
19485# -------------
19486# Create "$as_dir" as a directory, including parents if necessary.
19487as_fn_mkdir_p ()
19488{
19489
19490 case $as_dir in #(
19491 -*) as_dir=./$as_dir;;
19492 esac
19493 test -d "$as_dir" || eval $as_mkdir_p || {
19494 as_dirs=
19495 while :; do
19496 case $as_dir in #(
19497 *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
19498 *) as_qdir=$as_dir;;
19499 esac
19500 as_dirs="'$as_qdir' $as_dirs"
19501 as_dir=`$as_dirname -- "$as_dir" ||
19502$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
19503 X"$as_dir" : 'X\(//\)[^/]' \| \
19504 X"$as_dir" : 'X\(//\)$' \| \
19505 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
19506$as_echo X"$as_dir" |
19507 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
19508 s//\1/
19509 q
19510 }
19511 /^X\(\/\/\)[^/].*/{
19512 s//\1/
19513 q
19514 }
19515 /^X\(\/\/\)$/{
19516 s//\1/
19517 q
19518 }
19519 /^X\(\/\).*/{
19520 s//\1/
19521 q
19522 }
19523 s/.*/./; q'`
19524 test -d "$as_dir" && break
19525 done
19526 test -z "$as_dirs" || eval "mkdir $as_dirs"
19527 } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
19528
19529
19530} # as_fn_mkdir_p
19531if mkdir -p . 2>/dev/null; then
19532 as_mkdir_p='mkdir -p "$as_dir"'
19533else
19534 test -d ./-p && rmdir ./-p
19535 as_mkdir_p=false
19536fi
19537
19538
19539# as_fn_executable_p FILE
19540# -----------------------
19541# Test if FILE is an executable regular file.
19542as_fn_executable_p ()
19543{
19544 test -f "$1" && test -x "$1"
19545} # as_fn_executable_p
19546as_test_x='test -x'
19547as_executable_p=as_fn_executable_p
19548
19549# Sed expression to map a string onto a valid CPP name.
19550as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
19551
19552# Sed expression to map a string onto a valid variable name.
19553as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
19554
19555
19556exec 6>&1
19557## ----------------------------------- ##
19558## Main body of $CONFIG_STATUS script. ##
19559## ----------------------------------- ##
19560_ASEOF
19561test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
19562
19563cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19564# Save the log message, to keep $0 and so on meaningful, and to
19565# report actual input values of CONFIG_FILES etc. instead of their
19566# values after options handling.
19567ac_log="
19568This file was extended by OpenSSH $as_me Portable, which was
19569generated by GNU Autoconf 2.69. Invocation command line was
19570
19571 CONFIG_FILES = $CONFIG_FILES
19572 CONFIG_HEADERS = $CONFIG_HEADERS
19573 CONFIG_LINKS = $CONFIG_LINKS
19574 CONFIG_COMMANDS = $CONFIG_COMMANDS
19575 $ $0 $@
19576
19577on `(hostname || uname -n) 2>/dev/null | sed 1q`
19578"
19579
19580_ACEOF
19581
19582case $ac_config_files in *"
19583"*) set x $ac_config_files; shift; ac_config_files=$*;;
19584esac
19585
19586case $ac_config_headers in *"
19587"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
19588esac
19589
19590
19591cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19592# Files that config.status was made for.
19593config_files="$ac_config_files"
19594config_headers="$ac_config_headers"
19595
19596_ACEOF
19597
19598cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19599ac_cs_usage="\
19600\`$as_me' instantiates files and other configuration actions
19601from templates according to the current configuration. Unless the files
19602and actions are specified as TAGs, all are instantiated by default.
19603
19604Usage: $0 [OPTION]... [TAG]...
19605
19606 -h, --help print this help, then exit
19607 -V, --version print version number and configuration settings, then exit
19608 --config print configuration, then exit
19609 -q, --quiet, --silent
19610 do not print progress messages
19611 -d, --debug don't remove temporary files
19612 --recheck update $as_me by reconfiguring in the same conditions
19613 --file=FILE[:TEMPLATE]
19614 instantiate the configuration file FILE
19615 --header=FILE[:TEMPLATE]
19616 instantiate the configuration header FILE
19617
19618Configuration files:
19619$config_files
19620
19621Configuration headers:
19622$config_headers
19623
19624Report bugs to <openssh-unix-dev@mindrot.org>."
19625
19626_ACEOF
19627cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19628ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
19629ac_cs_version="\\
19630OpenSSH config.status Portable
19631configured by $0, generated by GNU Autoconf 2.69,
19632 with options \\"\$ac_cs_config\\"
19633
19634Copyright (C) 2012 Free Software Foundation, Inc.
19635This config.status script is free software; the Free Software Foundation
19636gives unlimited permission to copy, distribute and modify it."
19637
19638ac_pwd='$ac_pwd'
19639srcdir='$srcdir'
19640INSTALL='$INSTALL'
19641AWK='$AWK'
19642test -n "\$AWK" || AWK=awk
19643_ACEOF
19644
19645cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19646# The default lists apply if the user does not specify any file.
19647ac_need_defaults=:
19648while test $# != 0
19649do
19650 case $1 in
19651 --*=?*)
19652 ac_option=`expr "X$1" : 'X\([^=]*\)='`
19653 ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
19654 ac_shift=:
19655 ;;
19656 --*=)
19657 ac_option=`expr "X$1" : 'X\([^=]*\)='`
19658 ac_optarg=
19659 ac_shift=:
19660 ;;
19661 *)
19662 ac_option=$1
19663 ac_optarg=$2
19664 ac_shift=shift
19665 ;;
19666 esac
19667
19668 case $ac_option in
19669 # Handling of the options.
19670 -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
19671 ac_cs_recheck=: ;;
19672 --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
19673 $as_echo "$ac_cs_version"; exit ;;
19674 --config | --confi | --conf | --con | --co | --c )
19675 $as_echo "$ac_cs_config"; exit ;;
19676 --debug | --debu | --deb | --de | --d | -d )
19677 debug=: ;;
19678 --file | --fil | --fi | --f )
19679 $ac_shift
19680 case $ac_optarg in
19681 *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
19682 '') as_fn_error $? "missing file argument" ;;
19683 esac
19684 as_fn_append CONFIG_FILES " '$ac_optarg'"
19685 ac_need_defaults=false;;
19686 --header | --heade | --head | --hea )
19687 $ac_shift
19688 case $ac_optarg in
19689 *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
19690 esac
19691 as_fn_append CONFIG_HEADERS " '$ac_optarg'"
19692 ac_need_defaults=false;;
19693 --he | --h)
19694 # Conflict between --help and --header
19695 as_fn_error $? "ambiguous option: \`$1'
19696Try \`$0 --help' for more information.";;
19697 --help | --hel | -h )
19698 $as_echo "$ac_cs_usage"; exit ;;
19699 -q | -quiet | --quiet | --quie | --qui | --qu | --q \
19700 | -silent | --silent | --silen | --sile | --sil | --si | --s)
19701 ac_cs_silent=: ;;
19702
19703 # This is an error.
19704 -*) as_fn_error $? "unrecognized option: \`$1'
19705Try \`$0 --help' for more information." ;;
19706
19707 *) as_fn_append ac_config_targets " $1"
19708 ac_need_defaults=false ;;
19709
19710 esac
19711 shift
19712done
19713
19714ac_configure_extra_args=
19715
19716if $ac_cs_silent; then
19717 exec 6>/dev/null
19718 ac_configure_extra_args="$ac_configure_extra_args --silent"
19719fi
19720
19721_ACEOF
19722cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19723if \$ac_cs_recheck; then
19724 set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
19725 shift
19726 \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
19727 CONFIG_SHELL='$SHELL'
19728 export CONFIG_SHELL
19729 exec "\$@"
19730fi
19731
19732_ACEOF
19733cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19734exec 5>>config.log
19735{
19736 echo
19737 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
19738## Running $as_me. ##
19739_ASBOX
19740 $as_echo "$ac_log"
19741} >&5
19742
19743_ACEOF
19744cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19745_ACEOF
19746
19747cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19748
19749# Handling of arguments.
19750for ac_config_target in $ac_config_targets
19751do
19752 case $ac_config_target in
19753 "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
19754 "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
19755 "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;;
19756 "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;;
19757 "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;;
19758 "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;;
19759 "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;;
19760 "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;;
19761
19762 *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
19763 esac
19764done
19765
19766
19767# If the user did not use the arguments to specify the items to instantiate,
19768# then the envvar interface is used. Set only those that are not.
19769# We use the long form for the default assignment because of an extremely
19770# bizarre bug on SunOS 4.1.3.
19771if $ac_need_defaults; then
19772 test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
19773 test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
19774fi
19775
19776# Have a temporary directory for convenience. Make it in the build tree
19777# simply because there is no reason against having it here, and in addition,
19778# creating and moving files from /tmp can sometimes cause problems.
19779# Hook for its removal unless debugging.
19780# Note that there is a small window in which the directory will not be cleaned:
19781# after its creation but before its name has been assigned to `$tmp'.
19782$debug ||
19783{
19784 tmp= ac_tmp=
19785 trap 'exit_status=$?
19786 : "${ac_tmp:=$tmp}"
19787 { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
19788' 0
19789 trap 'as_fn_exit 1' 1 2 13 15
19790}
19791# Create a (secure) tmp directory for tmp files.
19792
19793{
19794 tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
19795 test -d "$tmp"
19796} ||
19797{
19798 tmp=./conf$$-$RANDOM
19799 (umask 077 && mkdir "$tmp")
19800} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
19801ac_tmp=$tmp
19802
19803# Set up the scripts for CONFIG_FILES section.
19804# No need to generate them if there are no CONFIG_FILES.
19805# This happens for instance with `./config.status config.h'.
19806if test -n "$CONFIG_FILES"; then
19807
19808
19809ac_cr=`echo X | tr X '\015'`
19810# On cygwin, bash can eat \r inside `` if the user requested igncr.
19811# But we know of no other shell where ac_cr would be empty at this
19812# point, so we can use a bashism as a fallback.
19813if test "x$ac_cr" = x; then
19814 eval ac_cr=\$\'\\r\'
19815fi
19816ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
19817if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
19818 ac_cs_awk_cr='\\r'
19819else
19820 ac_cs_awk_cr=$ac_cr
19821fi
19822
19823echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
19824_ACEOF
19825
19826
19827{
19828 echo "cat >conf$$subs.awk <<_ACEOF" &&
19829 echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
19830 echo "_ACEOF"
19831} >conf$$subs.sh ||
19832 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
19833ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
19834ac_delim='%!_!# '
19835for ac_last_try in false false false false false :; do
19836 . ./conf$$subs.sh ||
19837 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
19838
19839 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
19840 if test $ac_delim_n = $ac_delim_num; then
19841 break
19842 elif $ac_last_try; then
19843 as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
19844 else
19845 ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
19846 fi
19847done
19848rm -f conf$$subs.sh
19849
19850cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19851cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
19852_ACEOF
19853sed -n '
19854h
19855s/^/S["/; s/!.*/"]=/
19856p
19857g
19858s/^[^!]*!//
19859:repl
19860t repl
19861s/'"$ac_delim"'$//
19862t delim
19863:nl
19864h
19865s/\(.\{148\}\)..*/\1/
19866t more1
19867s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
19868p
19869n
19870b repl
19871:more1
19872s/["\\]/\\&/g; s/^/"/; s/$/"\\/
19873p
19874g
19875s/.\{148\}//
19876t nl
19877:delim
19878h
19879s/\(.\{148\}\)..*/\1/
19880t more2
19881s/["\\]/\\&/g; s/^/"/; s/$/"/
19882p
19883b
19884:more2
19885s/["\\]/\\&/g; s/^/"/; s/$/"\\/
19886p
19887g
19888s/.\{148\}//
19889t delim
19890' <conf$$subs.awk | sed '
19891/^[^""]/{
19892 N
19893 s/\n//
19894}
19895' >>$CONFIG_STATUS || ac_write_fail=1
19896rm -f conf$$subs.awk
19897cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
19898_ACAWK
19899cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
19900 for (key in S) S_is_set[key] = 1
19901 FS = ""
19902
19903}
19904{
19905 line = $ 0
19906 nfields = split(line, field, "@")
19907 substed = 0
19908 len = length(field[1])
19909 for (i = 2; i < nfields; i++) {
19910 key = field[i]
19911 keylen = length(key)
19912 if (S_is_set[key]) {
19913 value = S[key]
19914 line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
19915 len += length(value) + length(field[++i])
19916 substed = 1
19917 } else
19918 len += 1 + keylen
19919 }
19920
19921 print line
19922}
19923
19924_ACAWK
19925_ACEOF
19926cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19927if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
19928 sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
19929else
19930 cat
19931fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
19932 || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
19933_ACEOF
19934
19935# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
19936# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
19937# trailing colons and then remove the whole line if VPATH becomes empty
19938# (actually we leave an empty line to preserve line numbers).
19939if test "x$srcdir" = x.; then
19940 ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
19941h
19942s///
19943s/^/:/
19944s/[ ]*$/:/
19945s/:\$(srcdir):/:/g
19946s/:\${srcdir}:/:/g
19947s/:@srcdir@:/:/g
19948s/^:*//
19949s/:*$//
19950x
19951s/\(=[ ]*\).*/\1/
19952G
19953s/\n//
19954s/^[^=]*=[ ]*$//
19955}'
19956fi
19957
19958cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
19959fi # test -n "$CONFIG_FILES"
19960
19961# Set up the scripts for CONFIG_HEADERS section.
19962# No need to generate them if there are no CONFIG_HEADERS.
19963# This happens for instance with `./config.status Makefile'.
19964if test -n "$CONFIG_HEADERS"; then
19965cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
19966BEGIN {
19967_ACEOF
19968
19969# Transform confdefs.h into an awk script `defines.awk', embedded as
19970# here-document in config.status, that substitutes the proper values into
19971# config.h.in to produce config.h.
19972
19973# Create a delimiter string that does not exist in confdefs.h, to ease
19974# handling of long lines.
19975ac_delim='%!_!# '
19976for ac_last_try in false false :; do
19977 ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
19978 if test -z "$ac_tt"; then
19979 break
19980 elif $ac_last_try; then
19981 as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
19982 else
19983 ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
19984 fi
19985done
19986
19987# For the awk script, D is an array of macro values keyed by name,
19988# likewise P contains macro parameters if any. Preserve backslash
19989# newline sequences.
19990
19991ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
19992sed -n '
19993s/.\{148\}/&'"$ac_delim"'/g
19994t rset
19995:rset
19996s/^[ ]*#[ ]*define[ ][ ]*/ /
19997t def
19998d
19999:def
20000s/\\$//
20001t bsnl
20002s/["\\]/\\&/g
20003s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
20004D["\1"]=" \3"/p
20005s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
20006d
20007:bsnl
20008s/["\\]/\\&/g
20009s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
20010D["\1"]=" \3\\\\\\n"\\/p
20011t cont
20012s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
20013t cont
20014d
20015:cont
20016n
20017s/.\{148\}/&'"$ac_delim"'/g
20018t clear
20019:clear
20020s/\\$//
20021t bsnlc
20022s/["\\]/\\&/g; s/^/"/; s/$/"/p
20023d
20024:bsnlc
20025s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
20026b cont
20027' <confdefs.h | sed '
20028s/'"$ac_delim"'/"\\\
20029"/g' >>$CONFIG_STATUS || ac_write_fail=1
20030
20031cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
20032 for (key in D) D_is_set[key] = 1
20033 FS = ""
20034}
20035/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
20036 line = \$ 0
20037 split(line, arg, " ")
20038 if (arg[1] == "#") {
20039 defundef = arg[2]
20040 mac1 = arg[3]
20041 } else {
20042 defundef = substr(arg[1], 2)
20043 mac1 = arg[2]
20044 }
20045 split(mac1, mac2, "(") #)
20046 macro = mac2[1]
20047 prefix = substr(line, 1, index(line, defundef) - 1)
20048 if (D_is_set[macro]) {
20049 # Preserve the white space surrounding the "#".
20050 print prefix "define", macro P[macro] D[macro]
20051 next
20052 } else {
20053 # Replace #undef with comments. This is necessary, for example,
20054 # in the case of _POSIX_SOURCE, which is predefined and required
20055 # on some systems where configure will not decide to define it.
20056 if (defundef == "undef") {
20057 print "/*", prefix defundef, macro, "*/"
20058 next
20059 }
20060 }
20061}
20062{ print }
20063_ACAWK
20064_ACEOF
20065cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
20066 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
20067fi # test -n "$CONFIG_HEADERS"
20068
20069
20070eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
20071shift
20072for ac_tag
20073do
20074 case $ac_tag in
20075 :[FHLC]) ac_mode=$ac_tag; continue;;
20076 esac
20077 case $ac_mode$ac_tag in
20078 :[FHL]*:*);;
20079 :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
20080 :[FH]-) ac_tag=-:-;;
20081 :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
20082 esac
20083 ac_save_IFS=$IFS
20084 IFS=:
20085 set x $ac_tag
20086 IFS=$ac_save_IFS
20087 shift
20088 ac_file=$1
20089 shift
20090
20091 case $ac_mode in
20092 :L) ac_source=$1;;
20093 :[FH])
20094 ac_file_inputs=
20095 for ac_f
20096 do
20097 case $ac_f in
20098 -) ac_f="$ac_tmp/stdin";;
20099 *) # Look for the file first in the build tree, then in the source tree
20100 # (if the path is not absolute). The absolute path cannot be DOS-style,
20101 # because $ac_f cannot contain `:'.
20102 test -f "$ac_f" ||
20103 case $ac_f in
20104 [\\/$]*) false;;
20105 *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
20106 esac ||
20107 as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
20108 esac
20109 case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
20110 as_fn_append ac_file_inputs " '$ac_f'"
20111 done
20112
20113 # Let's still pretend it is `configure' which instantiates (i.e., don't
20114 # use $as_me), people would be surprised to read:
20115 # /* config.h. Generated by config.status. */
20116 configure_input='Generated from '`
20117 $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
20118 `' by configure.'
20119 if test x"$ac_file" != x-; then
20120 configure_input="$ac_file. $configure_input"
20121 { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
20122$as_echo "$as_me: creating $ac_file" >&6;}
20123 fi
20124 # Neutralize special characters interpreted by sed in replacement strings.
20125 case $configure_input in #(
20126 *\&* | *\|* | *\\* )
20127 ac_sed_conf_input=`$as_echo "$configure_input" |
20128 sed 's/[\\\\&|]/\\\\&/g'`;; #(
20129 *) ac_sed_conf_input=$configure_input;;
20130 esac
20131
20132 case $ac_tag in
20133 *:-:* | *:-) cat >"$ac_tmp/stdin" \
20134 || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
20135 esac
20136 ;;
20137 esac
20138
20139 ac_dir=`$as_dirname -- "$ac_file" ||
20140$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
20141 X"$ac_file" : 'X\(//\)[^/]' \| \
20142 X"$ac_file" : 'X\(//\)$' \| \
20143 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
20144$as_echo X"$ac_file" |
20145 sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
20146 s//\1/
20147 q
20148 }
20149 /^X\(\/\/\)[^/].*/{
20150 s//\1/
20151 q
20152 }
20153 /^X\(\/\/\)$/{
20154 s//\1/
20155 q
20156 }
20157 /^X\(\/\).*/{
20158 s//\1/
20159 q
20160 }
20161 s/.*/./; q'`
20162 as_dir="$ac_dir"; as_fn_mkdir_p
20163 ac_builddir=.
20164
20165case "$ac_dir" in
20166.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
20167*)
20168 ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
20169 # A ".." for each directory in $ac_dir_suffix.
20170 ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
20171 case $ac_top_builddir_sub in
20172 "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
20173 *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
20174 esac ;;
20175esac
20176ac_abs_top_builddir=$ac_pwd
20177ac_abs_builddir=$ac_pwd$ac_dir_suffix
20178# for backward compatibility:
20179ac_top_builddir=$ac_top_build_prefix
20180
20181case $srcdir in
20182 .) # We are building in place.
20183 ac_srcdir=.
20184 ac_top_srcdir=$ac_top_builddir_sub
20185 ac_abs_top_srcdir=$ac_pwd ;;
20186 [\\/]* | ?:[\\/]* ) # Absolute name.
20187 ac_srcdir=$srcdir$ac_dir_suffix;
20188 ac_top_srcdir=$srcdir
20189 ac_abs_top_srcdir=$srcdir ;;
20190 *) # Relative name.
20191 ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
20192 ac_top_srcdir=$ac_top_build_prefix$srcdir
20193 ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
20194esac
20195ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
20196
20197
20198 case $ac_mode in
20199 :F)
20200 #
20201 # CONFIG_FILE
20202 #
20203
20204 case $INSTALL in
20205 [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
20206 *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
20207 esac
20208_ACEOF
20209
20210cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
20211# If the template does not know about datarootdir, expand it.
20212# FIXME: This hack should be removed a few years after 2.60.
20213ac_datarootdir_hack=; ac_datarootdir_seen=
20214ac_sed_dataroot='
20215/datarootdir/ {
20216 p
20217 q
20218}
20219/@datadir@/p
20220/@docdir@/p
20221/@infodir@/p
20222/@localedir@/p
20223/@mandir@/p'
20224case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
20225*datarootdir*) ac_datarootdir_seen=yes;;
20226*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
20227 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
20228$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
20229_ACEOF
20230cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
20231 ac_datarootdir_hack='
20232 s&@datadir@&$datadir&g
20233 s&@docdir@&$docdir&g
20234 s&@infodir@&$infodir&g
20235 s&@localedir@&$localedir&g
20236 s&@mandir@&$mandir&g
20237 s&\\\${datarootdir}&$datarootdir&g' ;;
20238esac
20239_ACEOF
20240
20241# Neutralize VPATH when `$srcdir' = `.'.
20242# Shell code in configure.ac might set extrasub.
20243# FIXME: do we really want to maintain this feature?
20244cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
20245ac_sed_extra="$ac_vpsub
20246$extrasub
20247_ACEOF
20248cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
20249:t
20250/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
20251s|@configure_input@|$ac_sed_conf_input|;t t
20252s&@top_builddir@&$ac_top_builddir_sub&;t t
20253s&@top_build_prefix@&$ac_top_build_prefix&;t t
20254s&@srcdir@&$ac_srcdir&;t t
20255s&@abs_srcdir@&$ac_abs_srcdir&;t t
20256s&@top_srcdir@&$ac_top_srcdir&;t t
20257s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
20258s&@builddir@&$ac_builddir&;t t
20259s&@abs_builddir@&$ac_abs_builddir&;t t
20260s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
20261s&@INSTALL@&$ac_INSTALL&;t t
20262$ac_datarootdir_hack
20263"
20264eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
20265 >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20266
20267test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
20268 { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
20269 { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
20270 "$ac_tmp/out"`; test -z "$ac_out"; } &&
20271 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
20272which seems to be undefined. Please make sure it is defined" >&5
20273$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
20274which seems to be undefined. Please make sure it is defined" >&2;}
20275
20276 rm -f "$ac_tmp/stdin"
20277 case $ac_file in
20278 -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
20279 *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
20280 esac \
20281 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20282 ;;
20283 :H)
20284 #
20285 # CONFIG_HEADER
20286 #
20287 if test x"$ac_file" != x-; then
20288 {
20289 $as_echo "/* $configure_input */" \
20290 && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
20291 } >"$ac_tmp/config.h" \
20292 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20293 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
20294 { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
20295$as_echo "$as_me: $ac_file is unchanged" >&6;}
20296 else
20297 rm -f "$ac_file"
20298 mv "$ac_tmp/config.h" "$ac_file" \
20299 || as_fn_error $? "could not create $ac_file" "$LINENO" 5
20300 fi
20301 else
20302 $as_echo "/* $configure_input */" \
20303 && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
20304 || as_fn_error $? "could not create -" "$LINENO" 5
20305 fi
20306 ;;
20307
20308
20309 esac
20310
20311done # for ac_tag
20312
20313
20314as_fn_exit 0
20315_ACEOF
20316ac_clean_files=$ac_clean_files_save
20317
20318test $ac_write_fail = 0 ||
20319 as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
20320
20321
20322# configure is writing to config.log, and then calls config.status.
20323# config.status does its own redirection, appending to config.log.
20324# Unfortunately, on DOS this fails, as config.log is still kept open
20325# by configure, so config.status won't be able to write to it; its
20326# output is simply discarded. So we exec the FD to /dev/null,
20327# effectively closing config.log, so it can be properly (re)opened and
20328# appended to by config.status. When coming back to configure, we
20329# need to make the FD available again.
20330if test "$no_create" != yes; then
20331 ac_cs_success=:
20332 ac_config_status_args=
20333 test "$silent" = yes &&
20334 ac_config_status_args="$ac_config_status_args --quiet"
20335 exec 5>/dev/null
20336 $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
20337 exec 5>>config.log
20338 # Use ||, not &&, to avoid exiting from the if with $? = 1, which
20339 # would make configure fail if this is the last instruction.
20340 $ac_cs_success || as_fn_exit 1
20341fi
20342if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
20343 { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
20344$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
20345fi
20346
20347
20348# Print summary of options
20349
20350# Someone please show me a better way :)
20351A=`eval echo ${prefix}` ; A=`eval echo ${A}`
20352B=`eval echo ${bindir}` ; B=`eval echo ${B}`
20353C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
20354D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
20355E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
20356F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
20357G=`eval echo ${piddir}` ; G=`eval echo ${G}`
20358H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
20359I=`eval echo ${user_path}` ; I=`eval echo ${I}`
20360J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
20361
20362echo ""
20363echo "OpenSSH has been configured with the following options:"
20364echo " User binaries: $B"
20365echo " System binaries: $C"
20366echo " Configuration files: $D"
20367echo " Askpass program: $E"
20368echo " Manual pages: $F"
20369echo " PID file: $G"
20370echo " Privilege separation chroot path: $H"
20371if test "x$external_path_file" = "x/etc/login.conf" ; then
20372echo " At runtime, sshd will use the path defined in $external_path_file"
20373echo " Make sure the path to scp is present, otherwise scp will not work"
20374else
20375echo " sshd default user PATH: $I"
20376 if test ! -z "$external_path_file"; then
20377echo " (If PATH is set in $external_path_file it will be used instead. If"
20378echo " used, ensure the path to scp is present, otherwise scp will not work.)"
20379 fi
20380fi
20381if test ! -z "$superuser_path" ; then
20382echo " sshd superuser user PATH: $J"
20383fi
20384echo " Manpage format: $MANTYPE"
20385echo " PAM support: $PAM_MSG"
20386echo " OSF SIA support: $SIA_MSG"
20387echo " KerberosV support: $KRB5_MSG"
20388echo " SELinux support: $SELINUX_MSG"
20389echo " Smartcard support: $SCARD_MSG"
20390echo " S/KEY support: $SKEY_MSG"
20391echo " MD5 password support: $MD5_MSG"
20392echo " libedit support: $LIBEDIT_MSG"
20393echo " libldns support: $LDNS_MSG"
20394echo " Solaris process contract support: $SPC_MSG"
20395echo " Solaris project support: $SP_MSG"
20396echo " Solaris privilege support: $SPP_MSG"
20397echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
20398echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
20399echo " BSD Auth support: $BSD_AUTH_MSG"
20400echo " Random number source: $RAND_MSG"
20401echo " Privsep sandbox style: $SANDBOX_STYLE"
20402
20403echo ""
20404
20405echo " Host: ${host}"
20406echo " Compiler: ${CC}"
20407echo " Compiler flags: ${CFLAGS}"
20408echo "Preprocessor flags: ${CPPFLAGS}"
20409echo " Linker flags: ${LDFLAGS}"
20410echo " Libraries: ${LIBS}"
20411if test ! -z "${SSHDLIBS}"; then
20412echo " +for sshd: ${SSHDLIBS}"
20413fi
20414if test ! -z "${SSHLIBS}"; then
20415echo " +for ssh: ${SSHLIBS}"
20416fi
20417
20418echo ""
20419
20420if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
20421 echo "SVR4 style packages are supported with \"make package\""
20422 echo ""
20423fi
20424
20425if test "x$PAM_MSG" = "xyes" ; then
20426 echo "PAM is enabled. You may need to install a PAM control file "
20427 echo "for sshd, otherwise password authentication may fail. "
20428 echo "Example PAM control files can be found in the contrib/ "
20429 echo "subdirectory"
20430 echo ""
20431fi
20432
20433if test ! -z "$NO_PEERCHECK" ; then
20434 echo "WARNING: the operating system that you are using does not"
20435 echo "appear to support getpeereid(), getpeerucred() or the"
20436 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
20437 echo "enforce security checks to prevent unauthorised connections to"
20438 echo "ssh-agent. Their absence increases the risk that a malicious"
20439 echo "user can connect to your agent."
20440 echo ""
20441fi
20442
20443if test "$AUDIT_MODULE" = "bsm" ; then
20444 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
20445 echo "See the Solaris section in README.platform for details."
20446fi
diff --git a/moduli.0 b/moduli.0
new file mode 100644
index 000000000..dd762af85
--- /dev/null
+++ b/moduli.0
@@ -0,0 +1,74 @@
1MODULI(5) File Formats Manual MODULI(5)
2
3NAME
4 moduli M-bM-^@M-^S Diffie-Hellman moduli
5
6DESCRIPTION
7 The /etc/moduli file contains prime numbers and generators for use by
8 sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
9
10 New moduli may be generated with ssh-keygen(1) using a two-step process.
11 An initial candidate generation pass, using ssh-keygen -G, calculates
12 numbers that are likely to be useful. A second primality testing pass,
13 using ssh-keygen -T, provides a high degree of assurance that the numbers
14 are prime and are safe for use in Diffie-Hellman operations by sshd(8).
15 This moduli format is used as the output from each pass.
16
17 The file consists of newline-separated records, one per modulus,
18 containing seven space-separated fields. These fields are as follows:
19
20 timestamp The time that the modulus was last processed as
21 YYYYMMDDHHMMSS.
22
23 type Decimal number specifying the internal structure of
24 the prime modulus. Supported types are:
25
26 0 Unknown, not tested.
27 2 "Safe" prime; (p-1)/2 is also prime.
28 4 Sophie Germain; 2p+1 is also prime.
29
30 Moduli candidates initially produced by ssh-keygen(1)
31 are Sophie Germain primes (type 4). Further primality
32 testing with ssh-keygen(1) produces safe prime moduli
33 (type 2) that are ready for use in sshd(8). Other
34 types are not used by OpenSSH.
35
36 tests Decimal number indicating the type of primality tests
37 that the number has been subjected to represented as a
38 bitmask of the following values:
39
40 0x00 Not tested.
41 0x01 Composite number M-bM-^@M-^S not prime.
42 0x02 Sieve of Eratosthenes.
43 0x04 Probabilistic Miller-Rabin primality tests.
44
45 The ssh-keygen(1) moduli candidate generation uses the
46 Sieve of Eratosthenes (flag 0x02). Subsequent
47 ssh-keygen(1) primality tests are Miller-Rabin tests
48 (flag 0x04).
49
50 trials Decimal number indicating the number of primality
51 trials that have been performed on the modulus.
52
53 size Decimal number indicating the size of the prime in
54 bits.
55
56 generator The recommended generator for use with this modulus
57 (hexadecimal).
58
59 modulus The modulus itself in hexadecimal.
60
61 When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
62 the size of the modulus required to produce enough Diffie-Hellman output
63 to sufficiently key the selected symmetric cipher. sshd(8) then randomly
64 selects a modulus from /etc/moduli that best meets the size requirement.
65
66SEE ALSO
67 ssh-keygen(1), sshd(8)
68
69STANDARDS
70 M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
71 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
72 2006.
73
74OpenBSD 6.0 September 26, 2012 OpenBSD 6.0
diff --git a/scp.0 b/scp.0
new file mode 100644
index 000000000..46a084698
--- /dev/null
+++ b/scp.0
@@ -0,0 +1,168 @@
1SCP(1) General Commands Manual SCP(1)
2
3NAME
4 scp M-bM-^@M-^S secure copy (remote file copy program)
5
6SYNOPSIS
7 scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
8 [-l limit] [-o ssh_option] [-P port] [-S program]
9 [[user@]host1:]file1 ... [[user@]host2:]file2
10
11DESCRIPTION
12 scp copies files between hosts on a network. It uses ssh(1) for data
13 transfer, and uses the same authentication and provides the same security
14 as ssh(1). scp will ask for passwords or passphrases if they are needed
15 for authentication.
16
17 File names may contain a user and host specification to indicate that the
18 file is to be copied to/from that host. Local file names can be made
19 explicit using absolute or relative pathnames to avoid scp treating file
20 names containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. Copies between two remote hosts
21 are also permitted.
22
23 The options are as follows:
24
25 -1 Forces scp to use protocol 1.
26
27 -2 Forces scp to use protocol 2.
28
29 -3 Copies between two remote hosts are transferred through the local
30 host. Without this option the data is copied directly between
31 the two remote hosts. Note that this option disables the
32 progress meter.
33
34 -4 Forces scp to use IPv4 addresses only.
35
36 -6 Forces scp to use IPv6 addresses only.
37
38 -B Selects batch mode (prevents asking for passwords or
39 passphrases).
40
41 -C Compression enable. Passes the -C flag to ssh(1) to enable
42 compression.
43
44 -c cipher
45 Selects the cipher to use for encrypting the data transfer. This
46 option is directly passed to ssh(1).
47
48 -F ssh_config
49 Specifies an alternative per-user configuration file for ssh.
50 This option is directly passed to ssh(1).
51
52 -i identity_file
53 Selects the file from which the identity (private key) for public
54 key authentication is read. This option is directly passed to
55 ssh(1).
56
57 -l limit
58 Limits the used bandwidth, specified in Kbit/s.
59
60 -o ssh_option
61 Can be used to pass options to ssh in the format used in
62 ssh_config(5). This is useful for specifying options for which
63 there is no separate scp command-line flag. For full details of
64 the options listed below, and their possible values, see
65 ssh_config(5).
66
67 AddressFamily
68 BatchMode
69 BindAddress
70 CanonicalDomains
71 CanonicalizeFallbackLocal
72 CanonicalizeHostname
73 CanonicalizeMaxDots
74 CanonicalizePermittedCNAMEs
75 CertificateFile
76 ChallengeResponseAuthentication
77 CheckHostIP
78 Cipher
79 Ciphers
80 Compression
81 CompressionLevel
82 ConnectionAttempts
83 ConnectTimeout
84 ControlMaster
85 ControlPath
86 ControlPersist
87 GlobalKnownHostsFile
88 GSSAPIAuthentication
89 GSSAPIDelegateCredentials
90 HashKnownHosts
91 Host
92 HostbasedAuthentication
93 HostbasedKeyTypes
94 HostKeyAlgorithms
95 HostKeyAlias
96 HostName
97 IdentitiesOnly
98 IdentityAgent
99 IdentityFile
100 IPQoS
101 KbdInteractiveAuthentication
102 KbdInteractiveDevices
103 KexAlgorithms
104 LogLevel
105 MACs
106 NoHostAuthenticationForLocalhost
107 NumberOfPasswordPrompts
108 PasswordAuthentication
109 PKCS11Provider
110 Port
111 PreferredAuthentications
112 Protocol
113 ProxyCommand
114 ProxyJump
115 PubkeyAcceptedKeyTypes
116 PubkeyAuthentication
117 RekeyLimit
118 RhostsRSAAuthentication
119 RSAAuthentication
120 SendEnv
121 ServerAliveInterval
122 ServerAliveCountMax
123 StrictHostKeyChecking
124 TCPKeepAlive
125 UpdateHostKeys
126 UsePrivilegedPort
127 User
128 UserKnownHostsFile
129 VerifyHostKeyDNS
130
131 -P port
132 Specifies the port to connect to on the remote host. Note that
133 this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already
134 reserved for preserving the times and modes of the file.
135
136 -p Preserves modification times, access times, and modes from the
137 original file.
138
139 -q Quiet mode: disables the progress meter as well as warning and
140 diagnostic messages from ssh(1).
141
142 -r Recursively copy entire directories. Note that scp follows
143 symbolic links encountered in the tree traversal.
144
145 -S program
146 Name of program to use for the encrypted connection. The program
147 must understand ssh(1) options.
148
149 -v Verbose mode. Causes scp and ssh(1) to print debugging messages
150 about their progress. This is helpful in debugging connection,
151 authentication, and configuration problems.
152
153EXIT STATUS
154 The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs.
155
156SEE ALSO
157 sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5),
158 sshd(8)
159
160HISTORY
161 scp is based on the rcp program in BSD source code from the Regents of
162 the University of California.
163
164AUTHORS
165 Timo Rinne <tri@iki.fi>
166 Tatu Ylonen <ylo@cs.hut.fi>
167
168OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/sftp-server.0 b/sftp-server.0
new file mode 100644
index 000000000..20d477d49
--- /dev/null
+++ b/sftp-server.0
@@ -0,0 +1,96 @@
1SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8)
2
3NAME
4 sftp-server M-bM-^@M-^S SFTP server subsystem
5
6SYNOPSIS
7 sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
8 [-P blacklisted_requests] [-p whitelisted_requests]
9 [-u umask]
10 sftp-server -Q protocol_feature
11
12DESCRIPTION
13 sftp-server is a program that speaks the server side of SFTP protocol to
14 stdout and expects client requests from stdin. sftp-server is not
15 intended to be called directly, but from sshd(8) using the Subsystem
16 option.
17
18 Command-line flags to sftp-server should be specified in the Subsystem
19 declaration. See sshd_config(5) for more information.
20
21 Valid options are:
22
23 -d start_directory
24 specifies an alternate starting directory for users. The
25 pathname may contain the following tokens that are expanded at
26 runtime: %% is replaced by a literal '%', %d is replaced by the
27 home directory of the user being authenticated, and %u is
28 replaced by the username of that user. The default is to use the
29 user's home directory. This option is useful in conjunction with
30 the sshd_config(5) ChrootDirectory option.
31
32 -e Causes sftp-server to print logging information to stderr instead
33 of syslog for debugging.
34
35 -f log_facility
36 Specifies the facility code that is used when logging messages
37 from sftp-server. The possible values are: DAEMON, USER, AUTH,
38 LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
39 The default is AUTH.
40
41 -h Displays sftp-server usage information.
42
43 -l log_level
44 Specifies which messages will be logged by sftp-server. The
45 possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
46 DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
47 that sftp-server performs on behalf of the client. DEBUG and
48 DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
49 levels of debugging output. The default is ERROR.
50
51 -P blacklisted_requests
52 Specify a comma-separated list of SFTP protocol requests that are
53 banned by the server. sftp-server will reply to any blacklisted
54 request with a failure. The -Q flag can be used to determine the
55 supported request types. If both a blacklist and a whitelist are
56 specified, then the blacklist is applied before the whitelist.
57
58 -p whitelisted_requests
59 Specify a comma-separated list of SFTP protocol requests that are
60 permitted by the server. All request types that are not on the
61 whitelist will be logged and replied to with a failure message.
62
63 Care must be taken when using this feature to ensure that
64 requests made implicitly by SFTP clients are permitted.
65
66 -Q protocol_feature
67 Query protocol features supported by sftp-server. At present the
68 only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used
69 for black or whitelisting (flags -P and -p respectively).
70
71 -R Places this instance of sftp-server into a read-only mode.
72 Attempts to open files for writing, as well as other operations
73 that change the state of the filesystem, will be denied.
74
75 -u umask
76 Sets an explicit umask(2) to be applied to newly-created files
77 and directories, instead of the user's default mask.
78
79 On some systems, sftp-server must be able to access /dev/log for logging
80 to work, and use of sftp-server in a chroot configuration therefore
81 requires that syslogd(8) establish a logging socket inside the chroot
82 directory.
83
84SEE ALSO
85 sftp(1), ssh(1), sshd_config(5), sshd(8)
86
87 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
88 filexfer-02.txt, October 2001, work in progress material.
89
90HISTORY
91 sftp-server first appeared in OpenBSD 2.8.
92
93AUTHORS
94 Markus Friedl <markus@openbsd.org>
95
96OpenBSD 6.0 December 11, 2014 OpenBSD 6.0
diff --git a/sftp.0 b/sftp.0
new file mode 100644
index 000000000..2e0c274d9
--- /dev/null
+++ b/sftp.0
@@ -0,0 +1,386 @@
1SFTP(1) General Commands Manual SFTP(1)
2
3NAME
4 sftp M-bM-^@M-^S secure file transfer program
5
6SYNOPSIS
7 sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
8 [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
9 [-o ssh_option] [-P port] [-R num_requests] [-S program]
10 [-s subsystem | sftp_server] host
11 sftp [user@]host[:file ...]
12 sftp [user@]host[:dir[/]]
13 sftp -b batchfile [user@]host
14
15DESCRIPTION
16 sftp is an interactive file transfer program, similar to ftp(1), which
17 performs all operations over an encrypted ssh(1) transport. It may also
18 use many features of ssh, such as public key authentication and
19 compression. sftp connects and logs into the specified host, then enters
20 an interactive command mode.
21
22 The second usage format will retrieve files automatically if a non-
23 interactive authentication method is used; otherwise it will do so after
24 successful interactive authentication.
25
26 The third usage format allows sftp to start in a remote directory.
27
28 The final usage format allows for automated sessions using the -b option.
29 In such cases, it is necessary to configure non-interactive
30 authentication to obviate the need to enter a password at connection time
31 (see sshd(8) and ssh-keygen(1) for details).
32
33 Since some usage formats use colon characters to delimit host names from
34 path names, IPv6 addresses must be enclosed in square brackets to avoid
35 ambiguity.
36
37 The options are as follows:
38
39 -1 Specify the use of protocol version 1.
40
41 -2 Specify the use of protocol version 2.
42
43 -4 Forces sftp to use IPv4 addresses only.
44
45 -6 Forces sftp to use IPv6 addresses only.
46
47 -a Attempt to continue interrupted transfers rather than overwriting
48 existing partial or complete copies of files. If the partial
49 contents differ from those being transferred, then the resultant
50 file is likely to be corrupt.
51
52 -B buffer_size
53 Specify the size of the buffer that sftp uses when transferring
54 files. Larger buffers require fewer round trips at the cost of
55 higher memory consumption. The default is 32768 bytes.
56
57 -b batchfile
58 Batch mode reads a series of commands from an input batchfile
59 instead of stdin. Since it lacks user interaction it should be
60 used in conjunction with non-interactive authentication. A
61 batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp
62 will abort if any of the following commands fail: get, put,
63 reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod,
64 chown, chgrp, lpwd, df, symlink, and lmkdir. Termination on
65 error can be suppressed on a command by command basis by
66 prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, -rm
67 /tmp/blah*).
68
69 -C Enables compression (via ssh's -C flag).
70
71 -c cipher
72 Selects the cipher to use for encrypting the data transfers.
73 This option is directly passed to ssh(1).
74
75 -D sftp_server_path
76 Connect directly to a local sftp server (rather than via ssh(1)).
77 This option may be useful in debugging the client and server.
78
79 -F ssh_config
80 Specifies an alternative per-user configuration file for ssh(1).
81 This option is directly passed to ssh(1).
82
83 -f Requests that files be flushed to disk immediately after
84 transfer. When uploading files, this feature is only enabled if
85 the server implements the "fsync@openssh.com" extension.
86
87 -i identity_file
88 Selects the file from which the identity (private key) for public
89 key authentication is read. This option is directly passed to
90 ssh(1).
91
92 -l limit
93 Limits the used bandwidth, specified in Kbit/s.
94
95 -o ssh_option
96 Can be used to pass options to ssh in the format used in
97 ssh_config(5). This is useful for specifying options for which
98 there is no separate sftp command-line flag. For example, to
99 specify an alternate port use: sftp -oPort=24. For full details
100 of the options listed below, and their possible values, see
101 ssh_config(5).
102
103 AddressFamily
104 BatchMode
105 BindAddress
106 CanonicalDomains
107 CanonicalizeFallbackLocal
108 CanonicalizeHostname
109 CanonicalizeMaxDots
110 CanonicalizePermittedCNAMEs
111 CertificateFile
112 ChallengeResponseAuthentication
113 CheckHostIP
114 Cipher
115 Ciphers
116 Compression
117 CompressionLevel
118 ConnectionAttempts
119 ConnectTimeout
120 ControlMaster
121 ControlPath
122 ControlPersist
123 GlobalKnownHostsFile
124 GSSAPIAuthentication
125 GSSAPIDelegateCredentials
126 HashKnownHosts
127 Host
128 HostbasedAuthentication
129 HostbasedKeyTypes
130 HostKeyAlgorithms
131 HostKeyAlias
132 HostName
133 IdentitiesOnly
134 IdentityAgent
135 IdentityFile
136 IPQoS
137 KbdInteractiveAuthentication
138 KbdInteractiveDevices
139 KexAlgorithms
140 LogLevel
141 MACs
142 NoHostAuthenticationForLocalhost
143 NumberOfPasswordPrompts
144 PasswordAuthentication
145 PKCS11Provider
146 Port
147 PreferredAuthentications
148 Protocol
149 ProxyCommand
150 ProxyJump
151 PubkeyAuthentication
152 RekeyLimit
153 RhostsRSAAuthentication
154 RSAAuthentication
155 SendEnv
156 ServerAliveInterval
157 ServerAliveCountMax
158 StrictHostKeyChecking
159 TCPKeepAlive
160 UpdateHostKeys
161 UsePrivilegedPort
162 User
163 UserKnownHostsFile
164 VerifyHostKeyDNS
165
166 -P port
167 Specifies the port to connect to on the remote host.
168
169 -p Preserves modification times, access times, and modes from the
170 original files transferred.
171
172 -q Quiet mode: disables the progress meter as well as warning and
173 diagnostic messages from ssh(1).
174
175 -R num_requests
176 Specify how many requests may be outstanding at any one time.
177 Increasing this may slightly improve file transfer speed but will
178 increase memory usage. The default is 64 outstanding requests.
179
180 -r Recursively copy entire directories when uploading and
181 downloading. Note that sftp does not follow symbolic links
182 encountered in the tree traversal.
183
184 -S program
185 Name of the program to use for the encrypted connection. The
186 program must understand ssh(1) options.
187
188 -s subsystem | sftp_server
189 Specifies the SSH2 subsystem or the path for an sftp server on
190 the remote host. A path is useful for using sftp over protocol
191 version 1, or when the remote sshd(8) does not have an sftp
192 subsystem configured.
193
194 -v Raise logging level. This option is also passed to ssh.
195
196INTERACTIVE COMMANDS
197 Once in interactive mode, sftp understands a set of commands similar to
198 those of ftp(1). Commands are case insensitive. Pathnames that contain
199 spaces must be enclosed in quotes. Any special characters contained
200 within pathnames that are recognized by glob(3) must be escaped with
201 backslashes (M-bM-^@M-^X\M-bM-^@M-^Y).
202
203 bye Quit sftp.
204
205 cd path
206 Change remote directory to path.
207
208 chgrp grp path
209 Change group of file path to grp. path may contain glob(3)
210 characters and may match multiple files. grp must be a numeric
211 GID.
212
213 chmod mode path
214 Change permissions of file path to mode. path may contain
215 glob(3) characters and may match multiple files.
216
217 chown own path
218 Change owner of file path to own. path may contain glob(3)
219 characters and may match multiple files. own must be a numeric
220 UID.
221
222 df [-hi] [path]
223 Display usage information for the filesystem holding the current
224 directory (or path if specified). If the -h flag is specified,
225 the capacity information will be displayed using "human-readable"
226 suffixes. The -i flag requests display of inode information in
227 addition to capacity information. This command is only supported
228 on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension.
229
230 exit Quit sftp.
231
232 get [-afPpr] remote-path [local-path]
233 Retrieve the remote-path and store it on the local machine. If
234 the local path name is not specified, it is given the same name
235 it has on the remote machine. remote-path may contain glob(3)
236 characters and may match multiple files. If it does and
237 local-path is specified, then local-path must specify a
238 directory.
239
240 If the -a flag is specified, then attempt to resume partial
241 transfers of existing files. Note that resumption assumes that
242 any partial copy of the local file matches the remote copy. If
243 the remote file contents differ from the partial local copy then
244 the resultant file is likely to be corrupt.
245
246 If the -f flag is specified, then fsync(2) will be called after
247 the file transfer has completed to flush the file to disk.
248
249 If either the -P or -p flag is specified, then full file
250 permissions and access times are copied too.
251
252 If the -r flag is specified then directories will be copied
253 recursively. Note that sftp does not follow symbolic links when
254 performing recursive transfers.
255
256 help Display help text.
257
258 lcd path
259 Change local directory to path.
260
261 lls [ls-options [path]]
262 Display local directory listing of either path or current
263 directory if path is not specified. ls-options may contain any
264 flags supported by the local system's ls(1) command. path may
265 contain glob(3) characters and may match multiple files.
266
267 lmkdir path
268 Create local directory specified by path.
269
270 ln [-s] oldpath newpath
271 Create a link from oldpath to newpath. If the -s flag is
272 specified the created link is a symbolic link, otherwise it is a
273 hard link.
274
275 lpwd Print local working directory.
276
277 ls [-1afhlnrSt] [path]
278 Display a remote directory listing of either path or the current
279 directory if path is not specified. path may contain glob(3)
280 characters and may match multiple files.
281
282 The following flags are recognized and alter the behaviour of ls
283 accordingly:
284
285 -1 Produce single columnar output.
286
287 -a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y).
288
289 -f Do not sort the listing. The default sort order is
290 lexicographical.
291
292 -h When used with a long format option, use unit suffixes:
293 Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
294 and Exabyte in order to reduce the number of digits to
295 four or fewer using powers of 2 for sizes (K=1024,
296 M=1048576, etc.).
297
298 -l Display additional details including permissions and
299 ownership information.
300
301 -n Produce a long listing with user and group information
302 presented numerically.
303
304 -r Reverse the sort order of the listing.
305
306 -S Sort the listing by file size.
307
308 -t Sort the listing by last modification time.
309
310 lumask umask
311 Set local umask to umask.
312
313 mkdir path
314 Create remote directory specified by path.
315
316 progress
317 Toggle display of progress meter.
318
319 put [-afPpr] local-path [remote-path]
320 Upload local-path and store it on the remote machine. If the
321 remote path name is not specified, it is given the same name it
322 has on the local machine. local-path may contain glob(3)
323 characters and may match multiple files. If it does and
324 remote-path is specified, then remote-path must specify a
325 directory.
326
327 If the -a flag is specified, then attempt to resume partial
328 transfers of existing files. Note that resumption assumes that
329 any partial copy of the remote file matches the local copy. If
330 the local file contents differ from the remote local copy then
331 the resultant file is likely to be corrupt.
332
333 If the -f flag is specified, then a request will be sent to the
334 server to call fsync(2) after the file has been transferred.
335 Note that this is only supported by servers that implement the
336 "fsync@openssh.com" extension.
337
338 If either the -P or -p flag is specified, then full file
339 permissions and access times are copied too.
340
341 If the -r flag is specified then directories will be copied
342 recursively. Note that sftp does not follow symbolic links when
343 performing recursive transfers.
344
345 pwd Display remote working directory.
346
347 quit Quit sftp.
348
349 reget [-Ppr] remote-path [local-path]
350 Resume download of remote-path. Equivalent to get with the -a
351 flag set.
352
353 reput [-Ppr] [local-path] remote-path
354 Resume upload of [local-path]. Equivalent to put with the -a
355 flag set.
356
357 rename oldpath newpath
358 Rename remote file from oldpath to newpath.
359
360 rm path
361 Delete remote file specified by path.
362
363 rmdir path
364 Remove remote directory specified by path.
365
366 symlink oldpath newpath
367 Create a symbolic link from oldpath to newpath.
368
369 version
370 Display the sftp protocol version.
371
372 !command
373 Execute command in local shell.
374
375 ! Escape to local shell.
376
377 ? Synonym for help.
378
379SEE ALSO
380 ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3),
381 ssh_config(5), sftp-server(8), sshd(8)
382
383 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
384 filexfer-00.txt, January 2001, work in progress material.
385
386OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/ssh-add.0 b/ssh-add.0
new file mode 100644
index 000000000..706bfe661
--- /dev/null
+++ b/ssh-add.0
@@ -0,0 +1,129 @@
1SSH-ADD(1) General Commands Manual SSH-ADD(1)
2
3NAME
4 ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
5
6SYNOPSIS
7 ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...]
8 ssh-add -s pkcs11
9 ssh-add -e pkcs11
10
11DESCRIPTION
12 ssh-add adds private key identities to the authentication agent,
13 ssh-agent(1). When run without arguments, it adds the files
14 ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
15 ~/.ssh/identity. After loading a private key, ssh-add will try to load
16 corresponding certificate information from the filename obtained by
17 appending -cert.pub to the name of the private key file. Alternative
18 file names can be given on the command line.
19
20 If any file requires a passphrase, ssh-add asks for the passphrase from
21 the user. The passphrase is read from the user's tty. ssh-add retries
22 the last passphrase if multiple identity files are given.
23
24 The authentication agent must be running and the SSH_AUTH_SOCK
25 environment variable must contain the name of its socket for ssh-add to
26 work.
27
28 The options are as follows:
29
30 -c Indicates that added identities should be subject to confirmation
31 before being used for authentication. Confirmation is performed
32 by ssh-askpass(1). Successful confirmation is signaled by a zero
33 exit status from ssh-askpass(1), rather than text entered into
34 the requester.
35
36 -D Deletes all identities from the agent.
37
38 -d Instead of adding identities, removes identities from the agent.
39 If ssh-add has been run without arguments, the keys for the
40 default identities and their corresponding certificates will be
41 removed. Otherwise, the argument list will be interpreted as a
42 list of paths to public key files to specify keys and
43 certificates to be removed from the agent. If no public key is
44 found at a given path, ssh-add will append .pub and retry.
45
46 -E fingerprint_hash
47 Specifies the hash algorithm used when displaying key
48 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
49 default is M-bM-^@M-^\sha256M-bM-^@M-^].
50
51 -e pkcs11
52 Remove keys provided by the PKCS#11 shared library pkcs11.
53
54 -k When loading keys into or deleting keys from the agent, process
55 plain private keys only and skip certificates.
56
57 -L Lists public key parameters of all identities currently
58 represented by the agent.
59
60 -l Lists fingerprints of all identities currently represented by the
61 agent.
62
63 -s pkcs11
64 Add keys provided by the PKCS#11 shared library pkcs11.
65
66 -t life
67 Set a maximum lifetime when adding identities to an agent. The
68 lifetime may be specified in seconds or in a time format
69 specified in sshd_config(5).
70
71 -X Unlock the agent.
72
73 -x Lock the agent with a password.
74
75ENVIRONMENT
76 DISPLAY and SSH_ASKPASS
77 If ssh-add needs a passphrase, it will read the passphrase from
78 the current terminal if it was run from a terminal. If ssh-add
79 does not have a terminal associated with it but DISPLAY and
80 SSH_ASKPASS are set, it will execute the program specified by
81 SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to
82 read the passphrase. This is particularly useful when calling
83 ssh-add from a .xsession or related script. (Note that on some
84 machines it may be necessary to redirect the input from /dev/null
85 to make this work.)
86
87 SSH_AUTH_SOCK
88 Identifies the path of a UNIX-domain socket used to communicate
89 with the agent.
90
91FILES
92 ~/.ssh/identity
93 Contains the protocol version 1 RSA authentication identity of
94 the user.
95
96 ~/.ssh/id_dsa
97 Contains the protocol version 2 DSA authentication identity of
98 the user.
99
100 ~/.ssh/id_ecdsa
101 Contains the protocol version 2 ECDSA authentication identity of
102 the user.
103
104 ~/.ssh/id_ed25519
105 Contains the protocol version 2 Ed25519 authentication identity
106 of the user.
107
108 ~/.ssh/id_rsa
109 Contains the protocol version 2 RSA authentication identity of
110 the user.
111
112 Identity files should not be readable by anyone but the user. Note that
113 ssh-add ignores identity files if they are accessible by others.
114
115EXIT STATUS
116 Exit status is 0 on success, 1 if the specified command fails, and 2 if
117 ssh-add is unable to contact the authentication agent.
118
119SEE ALSO
120 ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8)
121
122AUTHORS
123 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
124 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
125 de Raadt and Dug Song removed many bugs, re-added newer features and
126 created OpenSSH. Markus Friedl contributed the support for SSH protocol
127 versions 1.5 and 2.0.
128
129OpenBSD 6.0 March 30, 2015 OpenBSD 6.0
diff --git a/ssh-agent.0 b/ssh-agent.0
new file mode 100644
index 000000000..bb3c8d605
--- /dev/null
+++ b/ssh-agent.0
@@ -0,0 +1,120 @@
1SSH-AGENT(1) General Commands Manual SSH-AGENT(1)
2
3NAME
4 ssh-agent M-bM-^@M-^S authentication agent
5
6SYNOPSIS
7 ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
8 [-P pkcs11_whitelist] [-t life] [command [arg ...]]
9 ssh-agent [-c | -s] -k
10
11DESCRIPTION
12 ssh-agent is a program to hold private keys used for public key
13 authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
14 in the beginning of an X-session or a login session, and all other
15 windows or programs are started as clients to the ssh-agent program.
16 Through use of environment variables the agent can be located and
17 automatically used for authentication when logging in to other machines
18 using ssh(1).
19
20 The agent initially does not have any private keys. Keys are added using
21 ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1).
22 Multiple identities may be stored in ssh-agent concurrently and ssh(1)
23 will automatically use them if present. ssh-add(1) is also used to
24 remove keys from ssh-agent and to query the keys that are held in one.
25
26 The options are as follows:
27
28 -a bind_address
29 Bind the agent to the UNIX-domain socket bind_address. The
30 default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.
31
32 -c Generate C-shell commands on stdout. This is the default if
33 SHELL looks like it's a csh style of shell.
34
35 -D Foreground mode. When this option is specified ssh-agent will
36 not fork.
37
38 -d Debug mode. When this option is specified ssh-agent will not
39 fork and will write debug information to standard error.
40
41 -E fingerprint_hash
42 Specifies the hash algorithm used when displaying key
43 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
44 default is M-bM-^@M-^\sha256M-bM-^@M-^].
45
46 -k Kill the current agent (given by the SSH_AGENT_PID environment
47 variable).
48
49 -P pkcs11_whitelist
50 Specify a pattern-list of acceptable paths for PKCS#11 shared
51 libraries that may be added using the -s option to ssh-add(1).
52 The default is to allow loading PKCS#11 libraries from
53 M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^]. PKCS#11 libraries that do not
54 match the whitelist will be refused. See PATTERNS in
55 ssh_config(5) for a description of pattern-list syntax.
56
57 -s Generate Bourne shell commands on stdout. This is the default if
58 SHELL does not look like it's a csh style of shell.
59
60 -t life
61 Set a default value for the maximum lifetime of identities added
62 to the agent. The lifetime may be specified in seconds or in a
63 time format specified in sshd_config(5). A lifetime specified
64 for an identity with ssh-add(1) overrides this value. Without
65 this option the default maximum lifetime is forever.
66
67 If a command line is given, this is executed as a subprocess of the
68 agent. When the command dies, so does the agent.
69
70 The idea is that the agent is run in the user's local PC, laptop, or
71 terminal. Authentication data need not be stored on any other machine,
72 and authentication passphrases never go over the network. However, the
73 connection to the agent is forwarded over SSH remote logins, and the user
74 can thus use the privileges given by the identities anywhere in the
75 network in a secure way.
76
77 There are two main ways to get an agent set up: The first is that the
78 agent starts a new subcommand into which some environment variables are
79 exported, eg ssh-agent xterm &. The second is that the agent prints the
80 needed shell commands (either sh(1) or csh(1) syntax can be generated)
81 which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
82 Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
83 csh(1) and derivatives.
84
85 Later ssh(1) looks at these variables and uses them to establish a
86 connection to the agent.
87
88 The agent will never send a private key over its request channel.
89 Instead, operations that require a private key will be performed by the
90 agent, and the result will be returned to the requester. This way,
91 private keys are not exposed to clients using the agent.
92
93 A UNIX-domain socket is created and the name of this socket is stored in
94 the SSH_AUTH_SOCK environment variable. The socket is made accessible
95 only to the current user. This method is easily abused by root or
96 another instance of the same user.
97
98 The SSH_AGENT_PID environment variable holds the agent's process ID.
99
100 The agent exits automatically when the command given on the command line
101 terminates.
102
103FILES
104 $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
105 UNIX-domain sockets used to contain the connection to the
106 authentication agent. These sockets should only be readable by
107 the owner. The sockets should get automatically removed when the
108 agent exits.
109
110SEE ALSO
111 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
112
113AUTHORS
114 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
115 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
116 de Raadt and Dug Song removed many bugs, re-added newer features and
117 created OpenSSH. Markus Friedl contributed the support for SSH protocol
118 versions 1.5 and 2.0.
119
120OpenBSD 6.0 November 30, 2016 OpenBSD 6.0
diff --git a/ssh-keygen.0 b/ssh-keygen.0
new file mode 100644
index 000000000..569297da4
--- /dev/null
+++ b/ssh-keygen.0
@@ -0,0 +1,570 @@
1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1)
2
3NAME
4 ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
5
6SYNOPSIS
7 ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
8 [-N new_passphrase] [-C comment] [-f output_keyfile]
9 ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
10 ssh-keygen -i [-m key_format] [-f input_keyfile]
11 ssh-keygen -e [-m key_format] [-f input_keyfile]
12 ssh-keygen -y [-f input_keyfile]
13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
14 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
15 ssh-keygen -B [-f input_keyfile]
16 ssh-keygen -D pkcs11
17 ssh-keygen -F hostname [-f known_hosts_file] [-l]
18 ssh-keygen -H [-f known_hosts_file]
19 ssh-keygen -R hostname [-f known_hosts_file]
20 ssh-keygen -r hostname [-f input_keyfile] [-g]
21 ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
22 ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
23 [-j start_line] [-K checkpt] [-W generator]
24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
25 [-O option] [-V validity_interval] [-z serial_number] file ...
26 ssh-keygen -L [-f input_keyfile]
27 ssh-keygen -A
28 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
29 file ...
30 ssh-keygen -Q -f krl_file file ...
31
32DESCRIPTION
33 ssh-keygen generates, manages and converts authentication keys for
34 ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1
35 and 2. Protocol 1 should not be used and is only offered to support
36 legacy devices. It suffers from a number of cryptographic weaknesses and
37 doesn't support many of the advanced features available for protocol 2.
38
39 The type of key to be generated is specified with the -t option. If
40 invoked without any arguments, ssh-keygen will generate an RSA key for
41 use in SSH protocol 2 connections.
42
43 ssh-keygen is also used to generate groups for use in Diffie-Hellman
44 group exchange (DH-GEX). See the MODULI GENERATION section for details.
45
46 Finally, ssh-keygen can be used to generate and update Key Revocation
47 Lists, and to test whether given keys have been revoked by one. See the
48 KEY REVOCATION LISTS section for details.
49
50 Normally each user wishing to use SSH with public key authentication runs
51 this once to create the authentication key in ~/.ssh/identity,
52 ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
53 Additionally, the system administrator may use this to generate host
54 keys, as seen in /etc/rc.
55
56 Normally this program generates the key and asks for a file in which to
57 store the private key. The public key is stored in a file with the same
58 name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
59 passphrase may be empty to indicate no passphrase (host keys must have an
60 empty passphrase), or it may be a string of arbitrary length. A
61 passphrase is similar to a password, except it can be a phrase with a
62 series of words, punctuation, numbers, whitespace, or any string of
63 characters you want. Good passphrases are 10-30 characters long, are not
64 simple sentences or otherwise easily guessable (English prose has only
65 1-2 bits of entropy per character, and provides very bad passphrases),
66 and contain a mix of upper and lowercase letters, numbers, and non-
67 alphanumeric characters. The passphrase can be changed later by using
68 the -p option.
69
70 There is no way to recover a lost passphrase. If the passphrase is lost
71 or forgotten, a new key must be generated and the corresponding public
72 key copied to other machines.
73
74 For RSA1 keys and keys stored in the newer OpenSSH format, there is also
75 a comment field in the key file that is only for convenience to the user
76 to help identify the key. The comment can tell what the key is for, or
77 whatever is useful. The comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the
78 key is created, but can be changed using the -c option.
79
80 After a key is generated, instructions below detail where the keys should
81 be placed to be activated.
82
83 The options are as follows:
84
85 -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
86 which host keys do not exist, generate the host keys with the
87 default key file path, an empty passphrase, default bits for the
88 key type, and default comment. This is used by /etc/rc to
89 generate new host keys.
90
91 -a rounds
92 When saving a new-format private key (i.e. an ed25519 key or any
93 SSH protocol 2 key when the -o flag is set), this option
94 specifies the number of KDF (key derivation function) rounds
95 used. Higher numbers result in slower passphrase verification
96 and increased resistance to brute-force password cracking (should
97 the keys be stolen).
98
99 When screening DH-GEX candidates ( using the -T command). This
100 option specifies the number of primality tests to perform.
101
102 -B Show the bubblebabble digest of specified private or public key
103 file.
104
105 -b bits
106 Specifies the number of bits in the key to create. For RSA keys,
107 the minimum size is 1024 bits and the default is 2048 bits.
108 Generally, 2048 bits is considered sufficient. DSA keys must be
109 exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
110 the -b flag determines the key length by selecting from one of
111 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
112 use bit lengths other than these three values for ECDSA keys will
113 fail. Ed25519 keys have a fixed length and the -b flag will be
114 ignored.
115
116 -C comment
117 Provides a new comment.
118
119 -c Requests changing the comment in the private and public key
120 files. This operation is only supported for RSA1 keys and keys
121 stored in the newer OpenSSH format. The program will prompt for
122 the file containing the private keys, for the passphrase if the
123 key has one, and for the new comment.
124
125 -D pkcs11
126 Download the RSA public keys provided by the PKCS#11 shared
127 library pkcs11. When used in combination with -s, this option
128 indicates that a CA key resides in a PKCS#11 token (see the
129 CERTIFICATES section for details).
130
131 -E fingerprint_hash
132 Specifies the hash algorithm used when displaying key
133 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
134 default is M-bM-^@M-^\sha256M-bM-^@M-^].
135
136 -e This option will read a private or public OpenSSH key file and
137 print to stdout the key in one of the formats specified by the -m
138 option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option
139 allows exporting OpenSSH keys for use by other programs,
140 including several commercial SSH implementations.
141
142 -F hostname
143 Search for the specified hostname in a known_hosts file, listing
144 any occurrences found. This option is useful to find hashed host
145 names or addresses and may also be used in conjunction with the
146 -H option to print found keys in a hashed format.
147
148 -f filename
149 Specifies the filename of the key file.
150
151 -G output_file
152 Generate candidate primes for DH-GEX. These primes must be
153 screened for safety (using the -T option) before use.
154
155 -g Use generic DNS format when printing fingerprint resource records
156 using the -r command.
157
158 -H Hash a known_hosts file. This replaces all hostnames and
159 addresses with hashed representations within the specified file;
160 the original content is moved to a file with a .old suffix.
161 These hashes may be used normally by ssh and sshd, but they do
162 not reveal identifying information should the file's contents be
163 disclosed. This option will not modify existing hashed hostnames
164 and is therefore safe to use on files that mix hashed and non-
165 hashed names.
166
167 -h When signing a key, create a host certificate instead of a user
168 certificate. Please see the CERTIFICATES section for details.
169
170 -I certificate_identity
171 Specify the key identity when signing a public key. Please see
172 the CERTIFICATES section for details.
173
174 -i This option will read an unencrypted private (or public) key file
175 in the format specified by the -m option and print an OpenSSH
176 compatible private (or public) key to stdout. This option allows
177 importing keys from other software, including several commercial
178 SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^].
179
180 -J num_lines
181 Exit after screening the specified number of lines while
182 performing DH candidate screening using the -T option.
183
184 -j start_line
185 Start screening at the specified line number while performing DH
186 candidate screening using the -T option.
187
188 -K checkpt
189 Write the last line processed to the file checkpt while
190 performing DH candidate screening using the -T option. This will
191 be used to skip lines in the input file that have already been
192 processed if the job is restarted.
193
194 -k Generate a KRL file. In this mode, ssh-keygen will generate a
195 KRL file at the location specified via the -f flag that revokes
196 every key or certificate presented on the command line.
197 Keys/certificates to be revoked may be specified by public key
198 file or using the format described in the KEY REVOCATION LISTS
199 section.
200
201 -L Prints the contents of one or more certificates.
202
203 -l Show fingerprint of specified public key file. Private RSA1 keys
204 are also supported. For RSA and DSA keys ssh-keygen tries to
205 find the matching public key file and prints its fingerprint. If
206 combined with -v, a visual ASCII art representation of the key is
207 supplied with the fingerprint.
208
209 -M memory
210 Specify the amount of memory to use (in megabytes) when
211 generating candidate moduli for DH-GEX.
212
213 -m key_format
214 Specify a key format for the -i (import) or -e (export)
215 conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^]
216 (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public
217 key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is
218 M-bM-^@M-^\RFC4716M-bM-^@M-^].
219
220 -N new_passphrase
221 Provides the new passphrase.
222
223 -n principals
224 Specify one or more principals (user or host names) to be
225 included in a certificate when signing a key. Multiple
226 principals may be specified, separated by commas. Please see the
227 CERTIFICATES section for details.
228
229 -O option
230 Specify a certificate option when signing a key. This option may
231 be specified multiple times. Please see the CERTIFICATES section
232 for details. The options that are valid for user certificates
233 are:
234
235 clear Clear all enabled permissions. This is useful for
236 clearing the default set of permissions so permissions
237 may be added individually.
238
239 force-command=command
240 Forces the execution of command instead of any shell or
241 command specified by the user when the certificate is
242 used for authentication.
243
244 no-agent-forwarding
245 Disable ssh-agent(1) forwarding (permitted by default).
246
247 no-port-forwarding
248 Disable port forwarding (permitted by default).
249
250 no-pty Disable PTY allocation (permitted by default).
251
252 no-user-rc
253 Disable execution of ~/.ssh/rc by sshd(8) (permitted by
254 default).
255
256 no-x11-forwarding
257 Disable X11 forwarding (permitted by default).
258
259 permit-agent-forwarding
260 Allows ssh-agent(1) forwarding.
261
262 permit-port-forwarding
263 Allows port forwarding.
264
265 permit-pty
266 Allows PTY allocation.
267
268 permit-user-rc
269 Allows execution of ~/.ssh/rc by sshd(8).
270
271 permit-x11-forwarding
272 Allows X11 forwarding.
273
274 source-address=address_list
275 Restrict the source addresses from which the certificate
276 is considered valid. The address_list is a comma-
277 separated list of one or more address/netmask pairs in
278 CIDR format.
279
280 At present, no options are valid for host keys.
281
282 -o Causes ssh-keygen to save private keys using the new OpenSSH
283 format rather than the more compatible PEM format. The new
284 format has increased resistance to brute-force password cracking
285 but is not supported by versions of OpenSSH prior to 6.5.
286 Ed25519 keys always use the new private key format.
287
288 -P passphrase
289 Provides the (old) passphrase.
290
291 -p Requests changing the passphrase of a private key file instead of
292 creating a new private key. The program will prompt for the file
293 containing the private key, for the old passphrase, and twice for
294 the new passphrase.
295
296 -Q Test whether keys have been revoked in a KRL.
297
298 -q Silence ssh-keygen.
299
300 -R hostname
301 Removes all keys belonging to hostname from a known_hosts file.
302 This option is useful to delete hashed hosts (see the -H option
303 above).
304
305 -r hostname
306 Print the SSHFP fingerprint resource record named hostname for
307 the specified public key file.
308
309 -S start
310 Specify start point (in hex) when generating candidate moduli for
311 DH-GEX.
312
313 -s ca_key
314 Certify (sign) a public key using the specified CA key. Please
315 see the CERTIFICATES section for details.
316
317 When generating a KRL, -s specifies a path to a CA public key
318 file used to revoke certificates directly by key ID or serial
319 number. See the KEY REVOCATION LISTS section for details.
320
321 -T output_file
322 Test DH group exchange candidate primes (generated using the -G
323 option) for safety.
324
325 -t dsa | ecdsa | ed25519 | rsa | rsa1
326 Specifies the type of key to create. The possible values are
327 M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
328 M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
329
330 -u Update a KRL. When specified with -k, keys listed via the
331 command line are added to the existing KRL rather than a new KRL
332 being created.
333
334 -V validity_interval
335 Specify a validity interval when signing a certificate. A
336 validity interval may consist of a single time, indicating that
337 the certificate is valid beginning now and expiring at that time,
338 or may consist of two times separated by a colon to indicate an
339 explicit time interval. The start time may be specified as a
340 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a
341 relative time (to the current time) consisting of a minus sign
342 followed by a relative time in the format described in the TIME
343 FORMATS section of sshd_config(5). The end time may be specified
344 as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
345 starting with a plus character.
346
347 For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day
348 from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks
349 from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM,
350 January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^]
351 (valid from yesterday to midnight, January 1st, 2011).
352
353 -v Verbose mode. Causes ssh-keygen to print debugging messages
354 about its progress. This is helpful for debugging moduli
355 generation. Multiple -v options increase the verbosity. The
356 maximum is 3.
357
358 -W generator
359 Specify desired generator when testing candidate moduli for DH-
360 GEX.
361
362 -y This option will read a private OpenSSH format file and print an
363 OpenSSH public key to stdout.
364
365 -z serial_number
366 Specifies a serial number to be embedded in the certificate to
367 distinguish this certificate from others from the same CA. The
368 default serial number is zero.
369
370 When generating a KRL, the -z flag is used to specify a KRL
371 version number.
372
373MODULI GENERATION
374 ssh-keygen may be used to generate groups for the Diffie-Hellman Group
375 Exchange (DH-GEX) protocol. Generating these groups is a two-step
376 process: first, candidate primes are generated using a fast, but memory
377 intensive process. These candidate primes are then tested for
378 suitability (a CPU-intensive process).
379
380 Generation of primes is performed using the -G option. The desired
381 length of the primes may be specified by the -b option. For example:
382
383 # ssh-keygen -G moduli-2048.candidates -b 2048
384
385 By default, the search for primes begins at a random point in the desired
386 length range. This may be overridden using the -S option, which
387 specifies a different start point (in hex).
388
389 Once a set of candidates have been generated, they must be screened for
390 suitability. This may be performed using the -T option. In this mode
391 ssh-keygen will read candidates from standard input (or a file specified
392 using the -f option). For example:
393
394 # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
395
396 By default, each candidate will be subjected to 100 primality tests.
397 This may be overridden using the -a option. The DH generator value will
398 be chosen automatically for the prime under consideration. If a specific
399 generator is desired, it may be requested using the -W option. Valid
400 generator values are 2, 3, and 5.
401
402 Screened DH groups may be installed in /etc/moduli. It is important that
403 this file contains moduli of a range of bit lengths and that both ends of
404 a connection share common moduli.
405
406CERTIFICATES
407 ssh-keygen supports signing of keys to produce certificates that may be
408 used for user or host authentication. Certificates consist of a public
409 key, some identity information, zero or more principal (user or host)
410 names and a set of options that are signed by a Certification Authority
411 (CA) key. Clients or servers may then trust only the CA key and verify
412 its signature on a certificate rather than trusting many user/host keys.
413 Note that OpenSSH certificates are a different, and much simpler, format
414 to the X.509 certificates used in ssl(8).
415
416 ssh-keygen supports two types of certificates: user and host. User
417 certificates authenticate users to servers, whereas host certificates
418 authenticate server hosts to users. To generate a user certificate:
419
420 $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
421
422 The resultant certificate will be placed in /path/to/user_key-cert.pub.
423 A host certificate requires the -h option:
424
425 $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
426
427 The host certificate will be output to /path/to/host_key-cert.pub.
428
429 It is possible to sign using a CA key stored in a PKCS#11 token by
430 providing the token library using -D and identifying the CA key by
431 providing its public half as an argument to -s:
432
433 $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
434
435 In all cases, key_id is a "key identifier" that is logged by the server
436 when the certificate is used for authentication.
437
438 Certificates may be limited to be valid for a set of principal
439 (user/host) names. By default, generated certificates are valid for all
440 users or hosts. To generate a certificate for a specified set of
441 principals:
442
443 $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
444 $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
445
446 Additional limitations on the validity and use of user certificates may
447 be specified through certificate options. A certificate option may
448 disable features of the SSH session, may be valid only when presented
449 from particular source addresses or may force the use of a specific
450 command. For a list of valid certificate options, see the documentation
451 for the -O option above.
452
453 Finally, certificates may be defined with a validity lifetime. The -V
454 option allows specification of certificate start and end times. A
455 certificate that is presented at a time outside this range will not be
456 considered valid. By default, certificates are valid from UNIX Epoch to
457 the distant future.
458
459 For certificates to be used for user or host authentication, the CA
460 public key must be trusted by sshd(8) or ssh(1). Please refer to those
461 manual pages for details.
462
463KEY REVOCATION LISTS
464 ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
465 These binary files specify keys or certificates to be revoked using a
466 compact format, taking as little as one bit per certificate if they are
467 being revoked by serial number.
468
469 KRLs may be generated using the -k flag. This option reads one or more
470 files from the command line and generates a new KRL. The files may
471 either contain a KRL specification (see below) or public keys, listed one
472 per line. Plain public keys are revoked by listing their hash or
473 contents in the KRL and certificates revoked by serial number or key ID
474 (if the serial is zero or not available).
475
476 Revoking keys using a KRL specification offers explicit control over the
477 types of record used to revoke keys and may be used to directly revoke
478 certificates by serial number or key ID without having the complete
479 original certificate on hand. A KRL specification consists of lines
480 containing one of the following directives followed by a colon and some
481 directive-specific information.
482
483 serial: serial_number[-serial_number]
484 Revokes a certificate with the specified serial number. Serial
485 numbers are 64-bit values, not including zero and may be
486 expressed in decimal, hex or octal. If two serial numbers are
487 specified separated by a hyphen, then the range of serial numbers
488 including and between each is revoked. The CA key must have been
489 specified on the ssh-keygen command line using the -s option.
490
491 id: key_id
492 Revokes a certificate with the specified key ID string. The CA
493 key must have been specified on the ssh-keygen command line using
494 the -s option.
495
496 key: public_key
497 Revokes the specified key. If a certificate is listed, then it
498 is revoked as a plain public key.
499
500 sha1: public_key
501 Revokes the specified key by its SHA1 hash.
502
503 KRLs may be updated using the -u flag in addition to -k. When this
504 option is specified, keys listed via the command line are merged into the
505 KRL, adding to those already there.
506
507 It is also possible, given a KRL, to test whether it revokes a particular
508 key (or keys). The -Q flag will query an existing KRL, testing each key
509 specified on the command line. If any key listed on the command line has
510 been revoked (or an error encountered) then ssh-keygen will exit with a
511 non-zero exit status. A zero exit status will only be returned if no key
512 was revoked.
513
514FILES
515 ~/.ssh/identity
516 Contains the protocol version 1 RSA authentication identity of
517 the user. This file should not be readable by anyone but the
518 user. It is possible to specify a passphrase when generating the
519 key; that passphrase will be used to encrypt the private part of
520 this file using 3DES. This file is not automatically accessed by
521 ssh-keygen but it is offered as the default file for the private
522 key. ssh(1) will read this file when a login attempt is made.
523
524 ~/.ssh/identity.pub
525 Contains the protocol version 1 RSA public key for
526 authentication. The contents of this file should be added to
527 ~/.ssh/authorized_keys on all machines where the user wishes to
528 log in using RSA authentication. There is no need to keep the
529 contents of this file secret.
530
531 ~/.ssh/id_dsa
532 ~/.ssh/id_ecdsa
533 ~/.ssh/id_ed25519
534 ~/.ssh/id_rsa
535 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
536 authentication identity of the user. This file should not be
537 readable by anyone but the user. It is possible to specify a
538 passphrase when generating the key; that passphrase will be used
539 to encrypt the private part of this file using 128-bit AES. This
540 file is not automatically accessed by ssh-keygen but it is
541 offered as the default file for the private key. ssh(1) will
542 read this file when a login attempt is made.
543
544 ~/.ssh/id_dsa.pub
545 ~/.ssh/id_ecdsa.pub
546 ~/.ssh/id_ed25519.pub
547 ~/.ssh/id_rsa.pub
548 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
549 key for authentication. The contents of this file should be
550 added to ~/.ssh/authorized_keys on all machines where the user
551 wishes to log in using public key authentication. There is no
552 need to keep the contents of this file secret.
553
554 /etc/moduli
555 Contains Diffie-Hellman groups used for DH-GEX. The file format
556 is described in moduli(5).
557
558SEE ALSO
559 ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
560
561 The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
562
563AUTHORS
564 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
565 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
566 de Raadt and Dug Song removed many bugs, re-added newer features and
567 created OpenSSH. Markus Friedl contributed the support for SSH protocol
568 versions 1.5 and 2.0.
569
570OpenBSD 6.0 June 16, 2016 OpenBSD 6.0
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
new file mode 100644
index 000000000..e9d9f0d8b
--- /dev/null
+++ b/ssh-keyscan.0
@@ -0,0 +1,111 @@
1SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1)
2
3NAME
4 ssh-keyscan M-bM-^@M-^S gather ssh public keys
5
6SYNOPSIS
7 ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type]
8 [host | addrlist namelist] ...
9
10DESCRIPTION
11 ssh-keyscan is a utility for gathering the public ssh host keys of a
12 number of hosts. It was designed to aid in building and verifying
13 ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable
14 for use by shell and perl scripts.
15
16 ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
17 possible in parallel, so it is very efficient. The keys from a domain of
18 1,000 hosts can be collected in tens of seconds, even when some of those
19 hosts are down or do not run ssh. For scanning, one does not need login
20 access to the machines that are being scanned, nor does the scanning
21 process involve any encryption.
22
23 The options are as follows:
24
25 -4 Forces ssh-keyscan to use IPv4 addresses only.
26
27 -6 Forces ssh-keyscan to use IPv6 addresses only.
28
29 -c Request certificates from target hosts instead of plain keys.
30
31 -f file
32 Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line.
33 If - is supplied instead of a filename, ssh-keyscan will read
34 hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from the standard input.
35
36 -H Hash all hostnames and addresses in the output. Hashed names may
37 be used normally by ssh and sshd, but they do not reveal
38 identifying information should the file's contents be disclosed.
39
40 -p port
41 Port to connect to on the remote host.
42
43 -T timeout
44 Set the timeout for connection attempts. If timeout seconds have
45 elapsed since a connection was initiated to a host or since the
46 last time anything was read from that host, then the connection
47 is closed and the host in question considered unavailable.
48 Default is 5 seconds.
49
50 -t type
51 Specifies the type of the key to fetch from the scanned hosts.
52 The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
53 M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
54 values may be specified by separating them with commas. The
55 default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
56
57 -v Verbose mode. Causes ssh-keyscan to print debugging messages
58 about its progress.
59
60SECURITY
61 If an ssh_known_hosts file is constructed using ssh-keyscan without
62 verifying the keys, users will be vulnerable to man in the middle
63 attacks. On the other hand, if the security model allows such a risk,
64 ssh-keyscan can help in the detection of tampered keyfiles or man in the
65 middle attacks which have begun after the ssh_known_hosts file was
66 created.
67
68FILES
69 Input format:
70
71 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
72
73 Output format for RSA1 keys:
74
75 host-or-namelist bits exponent modulus
76
77 Output format for RSA, DSA, ECDSA, and Ed25519 keys:
78
79 host-or-namelist keytype base64-encoded-key
80
81 Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
82 M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
83
84 /etc/ssh/ssh_known_hosts
85
86EXAMPLES
87 Print the rsa host key for machine hostname:
88
89 $ ssh-keyscan hostname
90
91 Find all hosts from the file ssh_hosts which have new or different keys
92 from those in the sorted file ssh_known_hosts:
93
94 $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
95 sort -u - ssh_known_hosts | diff ssh_known_hosts -
96
97SEE ALSO
98 ssh(1), sshd(8)
99
100AUTHORS
101 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
102 Davison <wayned@users.sourceforge.net> added support for protocol version
103 2.
104
105BUGS
106 It generates "Connection closed by remote host" messages on the consoles
107 of all the machines it scans if the server is older than version 2.9.
108 This is because it opens a connection to the ssh port, reads the public
109 key, and drops the connection as soon as it gets the key.
110
111OpenBSD 6.0 November 8, 2015 OpenBSD 6.0
diff --git a/ssh-keysign.0 b/ssh-keysign.0
new file mode 100644
index 000000000..34a451d62
--- /dev/null
+++ b/ssh-keysign.0
@@ -0,0 +1,52 @@
1SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8)
2
3NAME
4 ssh-keysign M-bM-^@M-^S ssh helper program for host-based authentication
5
6SYNOPSIS
7 ssh-keysign
8
9DESCRIPTION
10 ssh-keysign is used by ssh(1) to access the local host keys and generate
11 the digital signature required during host-based authentication.
12
13 ssh-keysign is disabled by default and can only be enabled in the global
14 client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
15 to M-bM-^@M-^\yesM-bM-^@M-^].
16
17 ssh-keysign is not intended to be invoked by the user, but from ssh(1).
18 See ssh(1) and sshd(8) for more information about host-based
19 authentication.
20
21FILES
22 /etc/ssh/ssh_config
23 Controls whether ssh-keysign is enabled.
24
25 /etc/ssh/ssh_host_dsa_key
26 /etc/ssh/ssh_host_ecdsa_key
27 /etc/ssh/ssh_host_ed25519_key
28 /etc/ssh/ssh_host_rsa_key
29 These files contain the private parts of the host keys used to
30 generate the digital signature. They should be owned by root,
31 readable only by root, and not accessible to others. Since they
32 are readable only by root, ssh-keysign must be set-uid root if
33 host-based authentication is used.
34
35 /etc/ssh/ssh_host_dsa_key-cert.pub
36 /etc/ssh/ssh_host_ecdsa_key-cert.pub
37 /etc/ssh/ssh_host_ed25519_key-cert.pub
38 /etc/ssh/ssh_host_rsa_key-cert.pub
39 If these files exist they are assumed to contain public
40 certificate information corresponding with the private keys
41 above.
42
43SEE ALSO
44 ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
45
46HISTORY
47 ssh-keysign first appeared in OpenBSD 3.2.
48
49AUTHORS
50 Markus Friedl <markus@openbsd.org>
51
52OpenBSD 6.0 February 17, 2016 OpenBSD 6.0
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0
new file mode 100644
index 000000000..1b58361a6
--- /dev/null
+++ b/ssh-pkcs11-helper.0
@@ -0,0 +1,25 @@
1SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8)
2
3NAME
4 ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support
5
6SYNOPSIS
7 ssh-pkcs11-helper
8
9DESCRIPTION
10 ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a
11 PKCS#11 token.
12
13 ssh-pkcs11-helper is not intended to be invoked by the user, but from
14 ssh-agent(1).
15
16SEE ALSO
17 ssh(1), ssh-add(1), ssh-agent(1)
18
19HISTORY
20 ssh-pkcs11-helper first appeared in OpenBSD 4.7.
21
22AUTHORS
23 Markus Friedl <markus@openbsd.org>
24
25OpenBSD 6.0 July 16, 2013 OpenBSD 6.0
diff --git a/ssh.0 b/ssh.0
new file mode 100644
index 000000000..67ce809bb
--- /dev/null
+++ b/ssh.0
@@ -0,0 +1,971 @@
1SSH(1) General Commands Manual SSH(1)
2
3NAME
4 ssh M-bM-^@M-^S OpenSSH SSH client (remote login program)
5
6SYNOPSIS
7 ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
8 [-D [bind_address:]port] [-E log_file] [-e escape_char]
9 [-F configfile] [-I pkcs11] [-i identity_file]
10 [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
11 [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
12 [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
13 [user@]hostname [command]
14
15DESCRIPTION
16 ssh (SSH client) is a program for logging into a remote machine and for
17 executing commands on a remote machine. It is intended to provide secure
18 encrypted communications between two untrusted hosts over an insecure
19 network. X11 connections, arbitrary TCP ports and UNIX-domain sockets
20 can also be forwarded over the secure channel.
21
22 ssh connects and logs into the specified hostname (with optional user
23 name). The user must prove his/her identity to the remote machine using
24 one of several methods (see below).
25
26 If command is specified, it is executed on the remote host instead of a
27 login shell.
28
29 The options are as follows:
30
31 -1 Forces ssh to try protocol version 1 only.
32
33 -2 Forces ssh to try protocol version 2 only.
34
35 -4 Forces ssh to use IPv4 addresses only.
36
37 -6 Forces ssh to use IPv6 addresses only.
38
39 -A Enables forwarding of the authentication agent connection. This
40 can also be specified on a per-host basis in a configuration
41 file.
42
43 Agent forwarding should be enabled with caution. Users with the
44 ability to bypass file permissions on the remote host (for the
45 agent's UNIX-domain socket) can access the local agent through
46 the forwarded connection. An attacker cannot obtain key material
47 from the agent, however they can perform operations on the keys
48 that enable them to authenticate using the identities loaded into
49 the agent.
50
51 -a Disables forwarding of the authentication agent connection.
52
53 -b bind_address
54 Use bind_address on the local machine as the source address of
55 the connection. Only useful on systems with more than one
56 address.
57
58 -C Requests compression of all data (including stdin, stdout,
59 stderr, and data for forwarded X11, TCP and UNIX-domain
60 connections). The compression algorithm is the same used by
61 gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the
62 CompressionLevel option for protocol version 1. Compression is
63 desirable on modem lines and other slow connections, but will
64 only slow down things on fast networks. The default value can be
65 set on a host-by-host basis in the configuration files; see the
66 Compression option.
67
68 -c cipher_spec
69 Selects the cipher specification for encrypting the session.
70
71 Protocol version 1 allows specification of a single cipher. The
72 supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol
73 version 2, cipher_spec is a comma-separated list of ciphers
74 listed in order of preference. See the Ciphers keyword in
75 ssh_config(5) for more information.
76
77 -D [bind_address:]port
78 Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.
79 This works by allocating a socket to listen to port on the local
80 side, optionally bound to the specified bind_address. Whenever a
81 connection is made to this port, the connection is forwarded over
82 the secure channel, and the application protocol is then used to
83 determine where to connect to from the remote machine. Currently
84 the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
85 as a SOCKS server. Only root can forward privileged ports.
86 Dynamic port forwardings can also be specified in the
87 configuration file.
88
89 IPv6 addresses can be specified by enclosing the address in
90 square brackets. Only the superuser can forward privileged
91 ports. By default, the local port is bound in accordance with
92 the GatewayPorts setting. However, an explicit bind_address may
93 be used to bind the connection to a specific address. The
94 bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be
95 bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates
96 that the port should be available from all interfaces.
97
98 -E log_file
99 Append debug logs to log_file instead of standard error.
100
101 -e escape_char
102 Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y).
103 The escape character is only recognized at the beginning of a
104 line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the
105 connection; followed by control-Z suspends the connection; and
106 followed by itself sends the escape character once. Setting the
107 character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session
108 fully transparent.
109
110 -F configfile
111 Specifies an alternative per-user configuration file. If a
112 configuration file is given on the command line, the system-wide
113 configuration file (/etc/ssh/ssh_config) will be ignored. The
114 default for the per-user configuration file is ~/.ssh/config.
115
116 -f Requests ssh to go to background just before command execution.
117 This is useful if ssh is going to ask for passwords or
118 passphrases, but the user wants it in the background. This
119 implies -n. The recommended way to start X11 programs at a
120 remote site is with something like ssh -f host xterm.
121
122 If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^],
123 then a client started with -f will wait for all remote port
124 forwards to be successfully established before placing itself in
125 the background.
126
127 -G Causes ssh to print its configuration after evaluating Host and
128 Match blocks and exit.
129
130 -g Allows remote hosts to connect to local forwarded ports. If used
131 on a multiplexed connection, then this option must be specified
132 on the master process.
133
134 -I pkcs11
135 Specify the PKCS#11 shared library ssh should use to communicate
136 with a PKCS#11 token providing the user's private RSA key.
137
138 -i identity_file
139 Selects a file from which the identity (private key) for public
140 key authentication is read. The default is ~/.ssh/identity for
141 protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
142 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
143 Identity files may also be specified on a per-host basis in the
144 configuration file. It is possible to have multiple -i options
145 (and multiple identities specified in configuration files). If
146 no certificates have been explicitly specified by the
147 CertificateFile directive, ssh will also try to load certificate
148 information from the filename obtained by appending -cert.pub to
149 identity filenames.
150
151 -J [user@]host[:port]
152 Connect to the target host by first making a ssh connection to
153 the jump host and then establishing a TCP forwarding to the
154 ultimate destination from there. Multiple jump hops may be
155 specified separated by comma characters. This is a shortcut to
156 specify a ProxyJump configuration directive.
157
158 -K Enables GSSAPI-based authentication and forwarding (delegation)
159 of GSSAPI credentials to the server.
160
161 -k Disables forwarding (delegation) of GSSAPI credentials to the
162 server.
163
164 -L [bind_address:]port:host:hostport
165 -L [bind_address:]port:remote_socket
166 -L local_socket:host:hostport
167 -L local_socket:remote_socket
168 Specifies that connections to the given TCP port or Unix socket
169 on the local (client) host are to be forwarded to the given host
170 and port, or Unix socket, on the remote side. This works by
171 allocating a socket to listen to either a TCP port on the local
172 side, optionally bound to the specified bind_address, or to a
173 Unix socket. Whenever a connection is made to the local port or
174 socket, the connection is forwarded over the secure channel, and
175 a connection is made to either host port hostport, or the Unix
176 socket remote_socket, from the remote machine.
177
178 Port forwardings can also be specified in the configuration file.
179 Only the superuser can forward privileged ports. IPv6 addresses
180 can be specified by enclosing the address in square brackets.
181
182 By default, the local port is bound in accordance with the
183 GatewayPorts setting. However, an explicit bind_address may be
184 used to bind the connection to a specific address. The
185 bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be
186 bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates
187 that the port should be available from all interfaces.
188
189 -l login_name
190 Specifies the user to log in as on the remote machine. This also
191 may be specified on a per-host basis in the configuration file.
192
193 -M Places the ssh client into M-bM-^@M-^\masterM-bM-^@M-^] mode for connection sharing.
194 Multiple -M options places ssh into M-bM-^@M-^\masterM-bM-^@M-^] mode with
195 confirmation required before slave connections are accepted.
196 Refer to the description of ControlMaster in ssh_config(5) for
197 details.
198
199 -m mac_spec
200 A comma-separated list of MAC (message authentication code)
201 algorithms, specified in order of preference. See the MACs
202 keyword for more information.
203
204 -N Do not execute a remote command. This is useful for just
205 forwarding ports.
206
207 -n Redirects stdin from /dev/null (actually, prevents reading from
208 stdin). This must be used when ssh is run in the background. A
209 common trick is to use this to run X11 programs on a remote
210 machine. For example, ssh -n shadows.cs.hut.fi emacs & will
211 start an emacs on shadows.cs.hut.fi, and the X11 connection will
212 be automatically forwarded over an encrypted channel. The ssh
213 program will be put in the background. (This does not work if
214 ssh needs to ask for a password or passphrase; see also the -f
215 option.)
216
217 -O ctl_cmd
218 Control an active connection multiplexing master process. When
219 the -O option is specified, the ctl_cmd argument is interpreted
220 and passed to the master process. Valid commands are: M-bM-^@M-^\checkM-bM-^@M-^]
221 (check that the master process is running), M-bM-^@M-^\forwardM-bM-^@M-^] (request
222 forwardings without command execution), M-bM-^@M-^\cancelM-bM-^@M-^] (cancel
223 forwardings), M-bM-^@M-^\exitM-bM-^@M-^] (request the master to exit), and M-bM-^@M-^\stopM-bM-^@M-^]
224 (request the master to stop accepting further multiplexing
225 requests).
226
227 -o option
228 Can be used to give options in the format used in the
229 configuration file. This is useful for specifying options for
230 which there is no separate command-line flag. For full details
231 of the options listed below, and their possible values, see
232 ssh_config(5).
233
234 AddKeysToAgent
235 AddressFamily
236 BatchMode
237 BindAddress
238 CanonicalDomains
239 CanonicalizeFallbackLocal
240 CanonicalizeHostname
241 CanonicalizeMaxDots
242 CanonicalizePermittedCNAMEs
243 CertificateFile
244 ChallengeResponseAuthentication
245 CheckHostIP
246 Cipher
247 Ciphers
248 ClearAllForwardings
249 Compression
250 CompressionLevel
251 ConnectionAttempts
252 ConnectTimeout
253 ControlMaster
254 ControlPath
255 ControlPersist
256 DynamicForward
257 EscapeChar
258 ExitOnForwardFailure
259 FingerprintHash
260 ForwardAgent
261 ForwardX11
262 ForwardX11Timeout
263 ForwardX11Trusted
264 GatewayPorts
265 GlobalKnownHostsFile
266 GSSAPIAuthentication
267 GSSAPIDelegateCredentials
268 HashKnownHosts
269 Host
270 HostbasedAuthentication
271 HostbasedKeyTypes
272 HostKeyAlgorithms
273 HostKeyAlias
274 HostName
275 IdentitiesOnly
276 IdentityAgent
277 IdentityFile
278 Include
279 IPQoS
280 KbdInteractiveAuthentication
281 KbdInteractiveDevices
282 KexAlgorithms
283 LocalCommand
284 LocalForward
285 LogLevel
286 MACs
287 Match
288 NoHostAuthenticationForLocalhost
289 NumberOfPasswordPrompts
290 PasswordAuthentication
291 PermitLocalCommand
292 PKCS11Provider
293 Port
294 PreferredAuthentications
295 Protocol
296 ProxyCommand
297 ProxyJump
298 ProxyUseFdpass
299 PubkeyAcceptedKeyTypes
300 PubkeyAuthentication
301 RekeyLimit
302 RemoteForward
303 RequestTTY
304 RhostsRSAAuthentication
305 RSAAuthentication
306 SendEnv
307 ServerAliveInterval
308 ServerAliveCountMax
309 StreamLocalBindMask
310 StreamLocalBindUnlink
311 StrictHostKeyChecking
312 TCPKeepAlive
313 Tunnel
314 TunnelDevice
315 UpdateHostKeys
316 UsePrivilegedPort
317 User
318 UserKnownHostsFile
319 VerifyHostKeyDNS
320 VisualHostKey
321 XAuthLocation
322
323 -p port
324 Port to connect to on the remote host. This can be specified on
325 a per-host basis in the configuration file.
326
327 -Q query_option
328 Queries ssh for the algorithms supported for the specified
329 version 2. The available features are: cipher (supported
330 symmetric ciphers), cipher-auth (supported symmetric ciphers that
331 support authenticated encryption), mac (supported message
332 integrity codes), kex (key exchange algorithms), key (key types),
333 key-cert (certificate key types), key-plain (non-certificate key
334 types), and protocol-version (supported SSH protocol versions).
335
336 -q Quiet mode. Causes most warning and diagnostic messages to be
337 suppressed.
338
339 -R [bind_address:]port:host:hostport
340 -R [bind_address:]port:local_socket
341 -R remote_socket:host:hostport
342 -R remote_socket:local_socket
343 Specifies that connections to the given TCP port or Unix socket
344 on the remote (server) host are to be forwarded to the given host
345 and port, or Unix socket, on the local side. This works by
346 allocating a socket to listen to either a TCP port or to a Unix
347 socket on the remote side. Whenever a connection is made to this
348 port or Unix socket, the connection is forwarded over the secure
349 channel, and a connection is made to either host port hostport,
350 or local_socket, from the local machine.
351
352 Port forwardings can also be specified in the configuration file.
353 Privileged ports can be forwarded only when logging in as root on
354 the remote machine. IPv6 addresses can be specified by enclosing
355 the address in square brackets.
356
357 By default, TCP listening sockets on the server will be bound to
358 the loopback interface only. This may be overridden by
359 specifying a bind_address. An empty bind_address, or the address
360 M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all
361 interfaces. Specifying a remote bind_address will only succeed
362 if the server's GatewayPorts option is enabled (see
363 sshd_config(5)).
364
365 If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically
366 allocated on the server and reported to the client at run time.
367 When used together with -O forward the allocated port will be
368 printed to the standard output.
369
370 -S ctl_path
371 Specifies the location of a control socket for connection
372 sharing, or the string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing.
373 Refer to the description of ControlPath and ControlMaster in
374 ssh_config(5) for details.
375
376 -s May be used to request invocation of a subsystem on the remote
377 system. Subsystems facilitate the use of SSH as a secure
378 transport for other applications (e.g. sftp(1)). The subsystem
379 is specified as the remote command.
380
381 -T Disable pseudo-terminal allocation.
382
383 -t Force pseudo-terminal allocation. This can be used to execute
384 arbitrary screen-based programs on a remote machine, which can be
385 very useful, e.g. when implementing menu services. Multiple -t
386 options force tty allocation, even if ssh has no local tty.
387
388 -V Display the version number and exit.
389
390 -v Verbose mode. Causes ssh to print debugging messages about its
391 progress. This is helpful in debugging connection,
392 authentication, and configuration problems. Multiple -v options
393 increase the verbosity. The maximum is 3.
394
395 -W host:port
396 Requests that standard input and output on the client be
397 forwarded to host on port over the secure channel. Implies -N,
398 -T, ExitOnForwardFailure and ClearAllForwardings, though these
399 can be overridden in the configuration file or using -o command
400 line options.
401
402 -w local_tun[:remote_tun]
403 Requests tunnel device forwarding with the specified tun(4)
404 devices between the client (local_tun) and the server
405 (remote_tun).
406
407 The devices may be specified by numerical ID or the keyword
408 M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If
409 remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the
410 Tunnel and TunnelDevice directives in ssh_config(5). If the
411 Tunnel directive is unset, it is set to the default tunnel mode,
412 which is M-bM-^@M-^\point-to-pointM-bM-^@M-^].
413
414 -X Enables X11 forwarding. This can also be specified on a per-host
415 basis in a configuration file.
416
417 X11 forwarding should be enabled with caution. Users with the
418 ability to bypass file permissions on the remote host (for the
419 user's X authorization database) can access the local X11 display
420 through the forwarded connection. An attacker may then be able
421 to perform activities such as keystroke monitoring.
422
423 For this reason, X11 forwarding is subjected to X11 SECURITY
424 extension restrictions by default. Please refer to the ssh -Y
425 option and the ForwardX11Trusted directive in ssh_config(5) for
426 more information.
427
428 -x Disables X11 forwarding.
429
430 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
431 subjected to the X11 SECURITY extension controls.
432
433 -y Send log information using the syslog(3) system module. By
434 default this information is sent to stderr.
435
436 ssh may additionally obtain configuration data from a per-user
437 configuration file and a system-wide configuration file. The file format
438 and configuration options are described in ssh_config(5).
439
440AUTHENTICATION
441 The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to
442 use protocol 2 only, though this can be changed via the Protocol option
443 in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should
444 not be used and is only offered to support legacy devices. It suffers
445 from a number of cryptographic weaknesses and doesn't support many of the
446 advanced features available for protocol 2.
447
448 The methods available for authentication are: GSSAPI-based
449 authentication, host-based authentication, public key authentication,
450 challenge-response authentication, and password authentication.
451 Authentication methods are tried in the order specified above, though
452 PreferredAuthentications can be used to change the default order.
453
454 Host-based authentication works as follows: If the machine the user logs
455 in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
456 machine, and the user names are the same on both sides, or if the files
457 ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
458 machine and contain a line containing the name of the client machine and
459 the name of the user on that machine, the user is considered for login.
460 Additionally, the server must be able to verify the client's host key
461 (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
462 below) for login to be permitted. This authentication method closes
463 security holes due to IP spoofing, DNS spoofing, and routing spoofing.
464 [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
465 rlogin/rsh protocol in general, are inherently insecure and should be
466 disabled if security is desired.]
467
468 Public key authentication works as follows: The scheme is based on
469 public-key cryptography, using cryptosystems where encryption and
470 decryption are done using separate keys, and it is unfeasible to derive
471 the decryption key from the encryption key. The idea is that each user
472 creates a public/private key pair for authentication purposes. The
473 server knows the public key, and only the user knows the private key.
474 ssh implements public key authentication protocol automatically, using
475 one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of
476 ssl(8) contains a brief discussion of the DSA and RSA algorithms.
477
478 The file ~/.ssh/authorized_keys lists the public keys that are permitted
479 for logging in. When the user logs in, the ssh program tells the server
480 which key pair it would like to use for authentication. The client
481 proves that it has access to the private key and the server checks that
482 the corresponding public key is authorized to accept the account.
483
484 The user creates his/her key pair by running ssh-keygen(1). This stores
485 the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA),
486 ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa
487 (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),
488 ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
489 ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
490 home directory. The user should then copy the public key to
491 ~/.ssh/authorized_keys in his/her home directory on the remote machine.
492 The authorized_keys file corresponds to the conventional ~/.rhosts file,
493 and has one key per line, though the lines can be very long. After this,
494 the user can log in without giving the password.
495
496 A variation on public key authentication is available in the form of
497 certificate authentication: instead of a set of public/private keys,
498 signed certificates are used. This has the advantage that a single
499 trusted certification authority can be used in place of many
500 public/private keys. See the CERTIFICATES section of ssh-keygen(1) for
501 more information.
502
503 The most convenient way to use public key or certificate authentication
504 may be with an authentication agent. See ssh-agent(1) and (optionally)
505 the AddKeysToAgent directive in ssh_config(5) for more information.
506
507 Challenge-response authentication works as follows: The server sends an
508 arbitrary "challenge" text, and prompts for a response. Examples of
509 challenge-response authentication include BSD Authentication (see
510 login.conf(5)) and PAM (some non-OpenBSD systems).
511
512 Finally, if other authentication methods fail, ssh prompts the user for a
513 password. The password is sent to the remote host for checking; however,
514 since all communications are encrypted, the password cannot be seen by
515 someone listening on the network.
516
517 ssh automatically maintains and checks a database containing
518 identification for all hosts it has ever been used with. Host keys are
519 stored in ~/.ssh/known_hosts in the user's home directory. Additionally,
520 the file /etc/ssh/ssh_known_hosts is automatically checked for known
521 hosts. Any new hosts are automatically added to the user's file. If a
522 host's identification ever changes, ssh warns about this and disables
523 password authentication to prevent server spoofing or man-in-the-middle
524 attacks, which could otherwise be used to circumvent the encryption. The
525 StrictHostKeyChecking option can be used to control logins to machines
526 whose host key is not known or has changed.
527
528 When the user's identity has been accepted by the server, the server
529 either executes the given command in a non-interactive session or, if no
530 command has been specified, logs into the machine and gives the user a
531 normal shell as an interactive session. All communication with the
532 remote command or shell will be automatically encrypted.
533
534 If an interactive session is requested ssh by default will only request a
535 pseudo-terminal (pty) for interactive sessions when the client has one.
536 The flags -T and -t can be used to override this behaviour.
537
538 If a pseudo-terminal has been allocated the user may use the escape
539 characters noted below.
540
541 If no pseudo-terminal has been allocated, the session is transparent and
542 can be used to reliably transfer binary data. On most systems, setting
543 the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent
544 even if a tty is used.
545
546 The session terminates when the command or shell on the remote machine
547 exits and all X11 and TCP connections have been closed.
548
549ESCAPE CHARACTERS
550 When a pseudo-terminal has been requested, ssh supports a number of
551 functions through the use of an escape character.
552
553 A single tilde character can be sent as ~~ or by following the tilde by a
554 character other than those described below. The escape character must
555 always follow a newline to be interpreted as special. The escape
556 character can be changed in configuration files using the EscapeChar
557 configuration directive or on the command line by the -e option.
558
559 The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are:
560
561 ~. Disconnect.
562
563 ~^Z Background ssh.
564
565 ~# List forwarded connections.
566
567 ~& Background ssh at logout when waiting for forwarded connection /
568 X11 sessions to terminate.
569
570 ~? Display a list of escape characters.
571
572 ~B Send a BREAK to the remote system (only useful if the peer
573 supports it).
574
575 ~C Open command line. Currently this allows the addition of port
576 forwardings using the -L, -R and -D options (see above). It also
577 allows the cancellation of existing port-forwardings with
578 -KL[bind_address:]port for local, -KR[bind_address:]port for
579 remote and -KD[bind_address:]port for dynamic port-forwardings.
580 !command allows the user to execute a local command if the
581 PermitLocalCommand option is enabled in ssh_config(5). Basic
582 help is available, using the -h option.
583
584 ~R Request rekeying of the connection (only useful if the peer
585 supports it).
586
587 ~V Decrease the verbosity (LogLevel) when errors are being written
588 to stderr.
589
590 ~v Increase the verbosity (LogLevel) when errors are being written
591 to stderr.
592
593TCP FORWARDING
594 Forwarding of arbitrary TCP connections over the secure channel can be
595 specified either on the command line or in a configuration file. One
596 possible application of TCP forwarding is a secure connection to a mail
597 server; another is going through firewalls.
598
599 In the example below, we look at encrypting communication between an IRC
600 client and server, even though the IRC server does not directly support
601 encrypted communications. This works as follows: the user connects to
602 the remote host using ssh, specifying a port to be used to forward
603 connections to the remote server. After that it is possible to start the
604 service which is to be encrypted on the client machine, connecting to the
605 same local port, and ssh will encrypt and forward the connection.
606
607 The following example tunnels an IRC session from client machine
608 M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]:
609
610 $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
611 $ irc -c '#users' -p 1234 pinky 127.0.0.1
612
613 This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining
614 channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234. It doesn't matter
615 which port is used, as long as it's greater than 1023 (remember, only
616 root can open sockets on privileged ports) and doesn't conflict with any
617 ports already in use. The connection is forwarded to port 6667 on the
618 remote server, since that's the standard port for IRC services.
619
620 The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is
621 specified to allow an amount of time (10 seconds, in the example) to
622 start the service which is to be tunnelled. If no connections are made
623 within the time specified, ssh will exit.
624
625X11 FORWARDING
626 If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the
627 -X, -x, and -Y options above) and the user is using X11 (the DISPLAY
628 environment variable is set), the connection to the X11 display is
629 automatically forwarded to the remote side in such a way that any X11
630 programs started from the shell (or command) will go through the
631 encrypted channel, and the connection to the real X server will be made
632 from the local machine. The user should not manually set DISPLAY.
633 Forwarding of X11 connections can be configured on the command line or in
634 configuration files.
635
636 The DISPLAY value set by ssh will point to the server machine, but with a
637 display number greater than zero. This is normal, and happens because
638 ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the
639 connections over the encrypted channel.
640
641 ssh will also automatically set up Xauthority data on the server machine.
642 For this purpose, it will generate a random authorization cookie, store
643 it in Xauthority on the server, and verify that any forwarded connections
644 carry this cookie and replace it by the real cookie when the connection
645 is opened. The real authentication cookie is never sent to the server
646 machine (and no cookies are sent in the plain).
647
648 If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of
649 the -A and -a options above) and the user is using an authentication
650 agent, the connection to the agent is automatically forwarded to the
651 remote side.
652
653VERIFYING HOST KEYS
654 When connecting to a server for the first time, a fingerprint of the
655 server's public key is presented to the user (unless the option
656 StrictHostKeyChecking has been disabled). Fingerprints can be determined
657 using ssh-keygen(1):
658
659 $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
660
661 If the fingerprint is already known, it can be matched and the key can be
662 accepted or rejected. If only legacy (MD5) fingerprints for the server
663 are available, the ssh-keygen(1) -E option may be used to downgrade the
664 fingerprint algorithm to match.
665
666 Because of the difficulty of comparing host keys just by looking at
667 fingerprint strings, there is also support to compare host keys visually,
668 using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small
669 ASCII graphic gets displayed on every login to a server, no matter if the
670 session itself is interactive or not. By learning the pattern a known
671 server produces, a user can easily find out that the host key has changed
672 when a completely different pattern is displayed. Because these patterns
673 are not unambiguous however, a pattern that looks similar to the pattern
674 remembered only gives a good probability that the host key is the same,
675 not guaranteed proof.
676
677 To get a listing of the fingerprints along with their random art for all
678 known hosts, the following command line can be used:
679
680 $ ssh-keygen -lv -f ~/.ssh/known_hosts
681
682 If the fingerprint is unknown, an alternative method of verification is
683 available: SSH fingerprints verified by DNS. An additional resource
684 record (RR), SSHFP, is added to a zonefile and the connecting client is
685 able to match the fingerprint with that of the key presented.
686
687 In this example, we are connecting a client to a server,
688 M-bM-^@M-^\host.example.comM-bM-^@M-^]. The SSHFP resource records should first be added to
689 the zonefile for host.example.com:
690
691 $ ssh-keygen -r host.example.com.
692
693 The output lines will have to be added to the zonefile. To check that
694 the zone is answering fingerprint queries:
695
696 $ dig -t SSHFP host.example.com
697
698 Finally the client connects:
699
700 $ ssh -o "VerifyHostKeyDNS ask" host.example.com
701 [...]
702 Matching host key fingerprint found in DNS.
703 Are you sure you want to continue connecting (yes/no)?
704
705 See the VerifyHostKeyDNS option in ssh_config(5) for more information.
706
707SSH-BASED VIRTUAL PRIVATE NETWORKS
708 ssh contains support for Virtual Private Network (VPN) tunnelling using
709 the tun(4) network pseudo-device, allowing two networks to be joined
710 securely. The sshd_config(5) configuration option PermitTunnel controls
711 whether the server supports this, and at what level (layer 2 or 3
712 traffic).
713
714 The following example would connect client network 10.0.50.0/24 with
715 remote network 10.0.99.0/24 using a point-to-point connection from
716 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway
717 to the remote network, at 192.168.1.15, allows it.
718
719 On the client:
720
721 # ssh -f -w 0:1 192.168.1.15 true
722 # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
723 # route add 10.0.99.0/24 10.1.1.2
724
725 On the server:
726
727 # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
728 # route add 10.0.50.0/24 10.1.1.1
729
730 Client access may be more finely tuned via the /root/.ssh/authorized_keys
731 file (see below) and the PermitRootLogin server option. The following
732 entry would permit connections on tun(4) device 1 from user M-bM-^@M-^\janeM-bM-^@M-^] and on
733 tun device 2 from user M-bM-^@M-^\johnM-bM-^@M-^], if PermitRootLogin is set to
734 M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^]:
735
736 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
737 tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
738
739 Since an SSH-based setup entails a fair amount of overhead, it may be
740 more suited to temporary setups, such as for wireless VPNs. More
741 permanent VPNs are better provided by tools such as ipsecctl(8) and
742 isakmpd(8).
743
744ENVIRONMENT
745 ssh will normally set the following environment variables:
746
747 DISPLAY The DISPLAY variable indicates the location of the
748 X11 server. It is automatically set by ssh to
749 point to a value of the form M-bM-^@M-^\hostname:nM-bM-^@M-^], where
750 M-bM-^@M-^\hostnameM-bM-^@M-^] indicates the host where the shell runs,
751 and M-bM-^@M-^XnM-bM-^@M-^Y is an integer M-bM-^IM-% 1. ssh uses this special
752 value to forward X11 connections over the secure
753 channel. The user should normally not set DISPLAY
754 explicitly, as that will render the X11 connection
755 insecure (and will require the user to manually
756 copy any required authorization cookies).
757
758 HOME Set to the path of the user's home directory.
759
760 LOGNAME Synonym for USER; set for compatibility with
761 systems that use this variable.
762
763 MAIL Set to the path of the user's mailbox.
764
765 PATH Set to the default PATH, as specified when
766 compiling ssh.
767
768 SSH_ASKPASS If ssh needs a passphrase, it will read the
769 passphrase from the current terminal if it was run
770 from a terminal. If ssh does not have a terminal
771 associated with it but DISPLAY and SSH_ASKPASS are
772 set, it will execute the program specified by
773 SSH_ASKPASS and open an X11 window to read the
774 passphrase. This is particularly useful when
775 calling ssh from a .xsession or related script.
776 (Note that on some machines it may be necessary to
777 redirect the input from /dev/null to make this
778 work.)
779
780 SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to
781 communicate with the agent.
782
783 SSH_CONNECTION Identifies the client and server ends of the
784 connection. The variable contains four space-
785 separated values: client IP address, client port
786 number, server IP address, and server port number.
787
788 SSH_ORIGINAL_COMMAND This variable contains the original command line if
789 a forced command is executed. It can be used to
790 extract the original arguments.
791
792 SSH_TTY This is set to the name of the tty (path to the
793 device) associated with the current shell or
794 command. If the current session has no tty, this
795 variable is not set.
796
797 TZ This variable is set to indicate the present time
798 zone if it was set when the daemon was started
799 (i.e. the daemon passes the value on to new
800 connections).
801
802 USER Set to the name of the user logging in.
803
804 Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
805 M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are
806 allowed to change their environment. For more information, see the
807 PermitUserEnvironment option in sshd_config(5).
808
809FILES
810 ~/.rhosts
811 This file is used for host-based authentication (see above). On
812 some machines this file may need to be world-readable if the
813 user's home directory is on an NFS partition, because sshd(8)
814 reads it as root. Additionally, this file must be owned by the
815 user, and must not have write permissions for anyone else. The
816 recommended permission for most machines is read/write for the
817 user, and not accessible by others.
818
819 ~/.shosts
820 This file is used in exactly the same way as .rhosts, but allows
821 host-based authentication without permitting login with
822 rlogin/rsh.
823
824 ~/.ssh/
825 This directory is the default location for all user-specific
826 configuration and authentication information. There is no
827 general requirement to keep the entire contents of this directory
828 secret, but the recommended permissions are read/write/execute
829 for the user, and not accessible by others.
830
831 ~/.ssh/authorized_keys
832 Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
833 for logging in as this user. The format of this file is
834 described in the sshd(8) manual page. This file is not highly
835 sensitive, but the recommended permissions are read/write for the
836 user, and not accessible by others.
837
838 ~/.ssh/config
839 This is the per-user configuration file. The file format and
840 configuration options are described in ssh_config(5). Because of
841 the potential for abuse, this file must have strict permissions:
842 read/write for the user, and not writable by others.
843
844 ~/.ssh/environment
845 Contains additional definitions for environment variables; see
846 ENVIRONMENT, above.
847
848 ~/.ssh/identity
849 ~/.ssh/id_dsa
850 ~/.ssh/id_ecdsa
851 ~/.ssh/id_ed25519
852 ~/.ssh/id_rsa
853 Contains the private key for authentication. These files contain
854 sensitive data and should be readable by the user but not
855 accessible by others (read/write/execute). ssh will simply
856 ignore a private key file if it is accessible by others. It is
857 possible to specify a passphrase when generating the key which
858 will be used to encrypt the sensitive part of this file using
859 3DES.
860
861 ~/.ssh/identity.pub
862 ~/.ssh/id_dsa.pub
863 ~/.ssh/id_ecdsa.pub
864 ~/.ssh/id_ed25519.pub
865 ~/.ssh/id_rsa.pub
866 Contains the public key for authentication. These files are not
867 sensitive and can (but need not) be readable by anyone.
868
869 ~/.ssh/known_hosts
870 Contains a list of host keys for all hosts the user has logged
871 into that are not already in the systemwide list of known host
872 keys. See sshd(8) for further details of the format of this
873 file.
874
875 ~/.ssh/rc
876 Commands in this file are executed by ssh when the user logs in,
877 just before the user's shell (or command) is started. See the
878 sshd(8) manual page for more information.
879
880 /etc/hosts.equiv
881 This file is for host-based authentication (see above). It
882 should only be writable by root.
883
884 /etc/shosts.equiv
885 This file is used in exactly the same way as hosts.equiv, but
886 allows host-based authentication without permitting login with
887 rlogin/rsh.
888
889 /etc/ssh/ssh_config
890 Systemwide configuration file. The file format and configuration
891 options are described in ssh_config(5).
892
893 /etc/ssh/ssh_host_key
894 /etc/ssh/ssh_host_dsa_key
895 /etc/ssh/ssh_host_ecdsa_key
896 /etc/ssh/ssh_host_ed25519_key
897 /etc/ssh/ssh_host_rsa_key
898 These files contain the private parts of the host keys and are
899 used for host-based authentication.
900
901 /etc/ssh/ssh_known_hosts
902 Systemwide list of known host keys. This file should be prepared
903 by the system administrator to contain the public host keys of
904 all machines in the organization. It should be world-readable.
905 See sshd(8) for further details of the format of this file.
906
907 /etc/ssh/sshrc
908 Commands in this file are executed by ssh when the user logs in,
909 just before the user's shell (or command) is started. See the
910 sshd(8) manual page for more information.
911
912EXIT STATUS
913 ssh exits with the exit status of the remote command or with 255 if an
914 error occurred.
915
916SEE ALSO
917 scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1),
918 tun(4), ssh_config(5), ssh-keysign(8), sshd(8)
919
920STANDARDS
921 S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned
922 Numbers, RFC 4250, January 2006.
923
924 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture,
925 RFC 4251, January 2006.
926
927 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,
928 RFC 4252, January 2006.
929
930 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer
931 Protocol, RFC 4253, January 2006.
932
933 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC
934 4254, January 2006.
935
936 J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell
937 (SSH) Key Fingerprints, RFC 4255, January 2006.
938
939 F. Cusack and M. Forssen, Generic Message Exchange Authentication for the
940 Secure Shell Protocol (SSH), RFC 4256, January 2006.
941
942 J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break
943 Extension, RFC 4335, January 2006.
944
945 M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport
946 Layer Encryption Modes, RFC 4344, January 2006.
947
948 B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport
949 Layer Protocol, RFC 4345, January 2006.
950
951 M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
952 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
953
954 J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File
955 Format, RFC 4716, November 2006.
956
957 D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the
958 Secure Shell Transport Layer, RFC 5656, December 2009.
959
960 A. Perrig and D. Song, Hash Visualization: a New Technique to improve
961 Real-World Security, 1999, International Workshop on Cryptographic
962 Techniques and E-Commerce (CrypTEC '99).
963
964AUTHORS
965 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
966 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
967 de Raadt and Dug Song removed many bugs, re-added newer features and
968 created OpenSSH. Markus Friedl contributed the support for SSH protocol
969 versions 1.5 and 2.0.
970
971OpenBSD 6.0 July 16, 2016 OpenBSD 6.0
diff --git a/ssh_config.0 b/ssh_config.0
new file mode 100644
index 000000000..ade8e6562
--- /dev/null
+++ b/ssh_config.0
@@ -0,0 +1,1092 @@
1SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5)
2
3NAME
4 ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files
5
6SYNOPSIS
7 ~/.ssh/config
8 /etc/ssh/ssh_config
9
10DESCRIPTION
11 ssh(1) obtains configuration data from the following sources in the
12 following order:
13
14 1. command-line options
15 2. user's configuration file (~/.ssh/config)
16 3. system-wide configuration file (/etc/ssh/ssh_config)
17
18 For each parameter, the first obtained value will be used. The
19 configuration files contain sections separated by Host specifications,
20 and that section is only applied for hosts that match one of the patterns
21 given in the specification. The matched host name is usually the one
22 given on the command line (see the CanonicalizeHostname option for
23 exceptions).
24
25 Since the first obtained value for each parameter is used, more host-
26 specific declarations should be given near the beginning of the file, and
27 general defaults at the end.
28
29 The file contains keyword-argument pairs, one per line. Lines starting
30 with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may
31 optionally be enclosed in double quotes (") in order to represent
32 arguments containing spaces. Configuration options may be separated by
33 whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format
34 is useful to avoid the need to quote whitespace when specifying
35 configuration options using the ssh, scp, and sftp -o option.
36
37 The possible keywords and their meanings are as follows (note that
38 keywords are case-insensitive and arguments are case-sensitive):
39
40 Host Restricts the following declarations (up to the next Host or
41 Match keyword) to be only for those hosts that match one of the
42 patterns given after the keyword. If more than one pattern is
43 provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y
44 as a pattern can be used to provide global defaults for all
45 hosts. The host is usually the hostname argument given on the
46 command line (see the CanonicalizeHostname keyword for
47 exceptions).
48
49 A pattern entry may be negated by prefixing it with an
50 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the
51 Host entry is ignored, regardless of whether any other patterns
52 on the line match. Negated matches are therefore useful to
53 provide exceptions for wildcard matches.
54
55 See PATTERNS for more information on patterns.
56
57 Match Restricts the following declarations (up to the next Host or
58 Match keyword) to be used only when the conditions following the
59 Match keyword are satisfied. Match conditions are specified
60 using one or more criteria or the single token all which always
61 matches. The available criteria keywords are: canonical, exec,
62 host, originalhost, user, and localuser. The all criteria must
63 appear alone or immediately after canonical. Other criteria may
64 be combined arbitrarily. All criteria but all and canonical
65 require an argument. Criteria may be negated by prepending an
66 exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y).
67
68 The canonical keyword matches only when the configuration file is
69 being re-parsed after hostname canonicalization (see the
70 CanonicalizeHostname option.) This may be useful to specify
71 conditions that work with canonical host names only. The exec
72 keyword executes the specified command under the user's shell.
73 If the command returns a zero exit status then the condition is
74 considered true. Commands containing whitespace characters must
75 be quoted. Arguments to exec accept the tokens described in the
76 TOKENS section.
77
78 The other keywords' criteria must be single entries or comma-
79 separated lists and may use the wildcard and negation operators
80 described in the PATTERNS section. The criteria for the host
81 keyword are matched against the target hostname, after any
82 substitution by the Hostname or CanonicalizeHostname options.
83 The originalhost keyword matches against the hostname as it was
84 specified on the command-line. The user keyword matches against
85 the target username on the remote host. The localuser keyword
86 matches against the name of the local user running ssh(1) (this
87 keyword may be useful in system-wide ssh_config files).
88
89 AddKeysToAgent
90 Specifies whether keys should be automatically added to a running
91 ssh-agent(1). If this option is set to yes and a key is loaded
92 from a file, the key and its passphrase are added to the agent
93 with the default lifetime, as if by ssh-add(1). If this option
94 is set to ask, ssh(1) will require confirmation using the
95 SSH_ASKPASS program before adding a key (see ssh-add(1) for
96 details). If this option is set to confirm, each use of the key
97 must be confirmed, as if the -c option was specified to
98 ssh-add(1). If this option is set to no, no keys are added to
99 the agent. The argument must be yes, confirm, ask, or no (the
100 default).
101
102 AddressFamily
103 Specifies which address family to use when connecting. Valid
104 arguments are any (the default), inet (use IPv4 only), or inet6
105 (use IPv6 only).
106
107 BatchMode
108 If set to yes, passphrase/password querying will be disabled.
109 This option is useful in scripts and other batch jobs where no
110 user is present to supply the password. The argument must be yes
111 or no (the default).
112
113 BindAddress
114 Use the specified address on the local machine as the source
115 address of the connection. Only useful on systems with more than
116 one address. Note that this option does not work if
117 UsePrivilegedPort is set to yes.
118
119 CanonicalDomains
120 When CanonicalizeHostname is enabled, this option specifies the
121 list of domain suffixes in which to search for the specified
122 destination host.
123
124 CanonicalizeFallbackLocal
125 Specifies whether to fail with an error when hostname
126 canonicalization fails. The default, yes, will attempt to look
127 up the unqualified hostname using the system resolver's search
128 rules. A value of no will cause ssh(1) to fail instantly if
129 CanonicalizeHostname is enabled and the target hostname cannot be
130 found in any of the domains specified by CanonicalDomains.
131
132 CanonicalizeHostname
133 Controls whether explicit hostname canonicalization is performed.
134 The default, no, is not to perform any name rewriting and let the
135 system resolver handle all hostname lookups. If set to yes then,
136 for connections that do not use a ProxyCommand, ssh(1) will
137 attempt to canonicalize the hostname specified on the command
138 line using the CanonicalDomains suffixes and
139 CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is
140 set to always, then canonicalization is applied to proxied
141 connections too.
142
143 If this option is enabled, then the configuration files are
144 processed again using the new target name to pick up any new
145 configuration in matching Host and Match stanzas.
146
147 CanonicalizeMaxDots
148 Specifies the maximum number of dot characters in a hostname
149 before canonicalization is disabled. The default, 1, allows a
150 single dot (i.e. hostname.subdomain).
151
152 CanonicalizePermittedCNAMEs
153 Specifies rules to determine whether CNAMEs should be followed
154 when canonicalizing hostnames. The rules consist of one or more
155 arguments of source_domain_list:target_domain_list, where
156 source_domain_list is a pattern-list of domains that may follow
157 CNAMEs in canonicalization, and target_domain_list is a pattern-
158 list of domains that they may resolve to.
159
160 For example, "*.a.example.com:*.b.example.com,*.c.example.com"
161 will allow hostnames matching "*.a.example.com" to be
162 canonicalized to names in the "*.b.example.com" or
163 "*.c.example.com" domains.
164
165 CertificateFile
166 Specifies a file from which the user's certificate is read. A
167 corresponding private key must be provided separately in order to
168 use this certificate either from an IdentityFile directive or -i
169 flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider.
170
171 Arguments to CertificateFile may use the tilde syntax to refer to
172 a user's home directory or the tokens described in the TOKENS
173 section.
174
175 It is possible to have multiple certificate files specified in
176 configuration files; these certificates will be tried in
177 sequence. Multiple CertificateFile directives will add to the
178 list of certificates used for authentication.
179
180 ChallengeResponseAuthentication
181 Specifies whether to use challenge-response authentication. The
182 argument to this keyword must be yes (the default) or no.
183
184 CheckHostIP
185 If set to yes (the default), ssh(1) will additionally check the
186 host IP address in the known_hosts file. This allows it to
187 detect if a host key changed due to DNS spoofing and will add
188 addresses of destination hosts to ~/.ssh/known_hosts in the
189 process, regardless of the setting of StrictHostKeyChecking. If
190 the option is set to no, the check will not be executed.
191
192 Cipher Specifies the cipher to use for encrypting the session in
193 protocol version 1. Currently, blowfish, 3des (the default), and
194 des are supported, though des is only supported in the ssh(1)
195 client for interoperability with legacy protocol 1
196 implementations; its use is strongly discouraged due to
197 cryptographic weaknesses.
198
199 Ciphers
200 Specifies the ciphers allowed for protocol version 2 in order of
201 preference. Multiple ciphers must be comma-separated. If the
202 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
203 ciphers will be appended to the default set instead of replacing
204 them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then
205 the specified ciphers (including wildcards) will be removed from
206 the default set instead of replacing them.
207
208 The supported ciphers are:
209
210 3des-cbc
211 aes128-cbc
212 aes192-cbc
213 aes256-cbc
214 aes128-ctr
215 aes192-ctr
216 aes256-ctr
217 aes128-gcm@openssh.com
218 aes256-gcm@openssh.com
219 arcfour
220 arcfour128
221 arcfour256
222 blowfish-cbc
223 cast128-cbc
224 chacha20-poly1305@openssh.com
225
226 The default is:
227
228 chacha20-poly1305@openssh.com,
229 aes128-ctr,aes192-ctr,aes256-ctr,
230 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
231 aes128-cbc,aes192-cbc,aes256-cbc
232
233 The list of available ciphers may also be obtained using "ssh -Q
234 cipher".
235
236 ClearAllForwardings
237 Specifies that all local, remote, and dynamic port forwardings
238 specified in the configuration files or on the command line be
239 cleared. This option is primarily useful when used from the
240 ssh(1) command line to clear port forwardings set in
241 configuration files, and is automatically set by scp(1) and
242 sftp(1). The argument must be yes or no (the default).
243
244 Compression
245 Specifies whether to use compression. The argument must be yes
246 or no (the default).
247
248 CompressionLevel
249 Specifies the compression level to use if compression is enabled.
250 The argument must be an integer from 1 (fast) to 9 (slow, best).
251 The default level is 6, which is good for most applications. The
252 meaning of the values is the same as in gzip(1). Note that this
253 option applies to protocol version 1 only.
254
255 ConnectionAttempts
256 Specifies the number of tries (one per second) to make before
257 exiting. The argument must be an integer. This may be useful in
258 scripts if the connection sometimes fails. The default is 1.
259
260 ConnectTimeout
261 Specifies the timeout (in seconds) used when connecting to the
262 SSH server, instead of using the default system TCP timeout.
263 This value is used only when the target is down or really
264 unreachable, not when it refuses the connection.
265
266 ControlMaster
267 Enables the sharing of multiple sessions over a single network
268 connection. When set to yes, ssh(1) will listen for connections
269 on a control socket specified using the ControlPath argument.
270 Additional sessions can connect to this socket using the same
271 ControlPath with ControlMaster set to no (the default). These
272 sessions will try to reuse the master instance's network
273 connection rather than initiating new ones, but will fall back to
274 connecting normally if the control socket does not exist, or is
275 not listening.
276
277 Setting this to ask will cause ssh(1) to listen for control
278 connections, but require confirmation using ssh-askpass(1). If
279 the ControlPath cannot be opened, ssh(1) will continue without
280 connecting to a master instance.
281
282 X11 and ssh-agent(1) forwarding is supported over these
283 multiplexed connections, however the display and agent forwarded
284 will be the one belonging to the master connection i.e. it is not
285 possible to forward multiple displays or agents.
286
287 Two additional options allow for opportunistic multiplexing: try
288 to use a master connection but fall back to creating a new one if
289 one does not already exist. These options are: auto and autoask.
290 The latter requires confirmation like the ask option.
291
292 ControlPath
293 Specify the path to the control socket used for connection
294 sharing as described in the ControlMaster section above or the
295 string none to disable connection sharing. Arguments to
296 ControlPath may use the tilde syntax to refer to a user's home
297 directory or the tokens described in the TOKENS section. It is
298 recommended that any ControlPath used for opportunistic
299 connection sharing include at least %h, %p, and %r (or
300 alternatively %C) and be placed in a directory that is not
301 writable by other users. This ensures that shared connections
302 are uniquely identified.
303
304 ControlPersist
305 When used in conjunction with ControlMaster, specifies that the
306 master connection should remain open in the background (waiting
307 for future client connections) after the initial client
308 connection has been closed. If set to no, then the master
309 connection will not be placed into the background, and will close
310 as soon as the initial client connection is closed. If set to
311 yes or 0, then the master connection will remain in the
312 background indefinitely (until killed or closed via a mechanism
313 such as the "ssh -O exit"). If set to a time in seconds, or a
314 time in any of the formats documented in sshd_config(5), then the
315 backgrounded master connection will automatically terminate after
316 it has remained idle (with no client connections) for the
317 specified time.
318
319 DynamicForward
320 Specifies that a TCP port on the local machine be forwarded over
321 the secure channel, and the application protocol is then used to
322 determine where to connect to from the remote machine.
323
324 The argument must be [bind_address:]port. IPv6 addresses can be
325 specified by enclosing addresses in square brackets. By default,
326 the local port is bound in accordance with the GatewayPorts
327 setting. However, an explicit bind_address may be used to bind
328 the connection to a specific address. The bind_address of
329 localhost indicates that the listening port be bound for local
330 use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port
331 should be available from all interfaces.
332
333 Currently the SOCKS4 and SOCKS5 protocols are supported, and
334 ssh(1) will act as a SOCKS server. Multiple forwardings may be
335 specified, and additional forwardings can be given on the command
336 line. Only the superuser can forward privileged ports.
337
338 EnableSSHKeysign
339 Setting this option to yes in the global client configuration
340 file /etc/ssh/ssh_config enables the use of the helper program
341 ssh-keysign(8) during HostbasedAuthentication. The argument must
342 be yes or no (the default). This option should be placed in the
343 non-hostspecific section. See ssh-keysign(8) for more
344 information.
345
346 EscapeChar
347 Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character
348 can also be set on the command line. The argument should be a
349 single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable
350 the escape character entirely (making the connection transparent
351 for binary data).
352
353 ExitOnForwardFailure
354 Specifies whether ssh(1) should terminate the connection if it
355 cannot set up all requested dynamic, tunnel, local, and remote
356 port forwardings, (e.g. if either end is unable to bind and
357 listen on a specified port). Note that ExitOnForwardFailure does
358 not apply to connections made over port forwardings and will not,
359 for example, cause ssh(1) to exit if TCP connections to the
360 ultimate forwarding destination fail. The argument must be yes
361 or no (the default).
362
363 FingerprintHash
364 Specifies the hash algorithm used when displaying key
365 fingerprints. Valid options are: md5 and sha256 (the default).
366
367 ForwardAgent
368 Specifies whether the connection to the authentication agent (if
369 any) will be forwarded to the remote machine. The argument must
370 be yes or no (the default).
371
372 Agent forwarding should be enabled with caution. Users with the
373 ability to bypass file permissions on the remote host (for the
374 agent's Unix-domain socket) can access the local agent through
375 the forwarded connection. An attacker cannot obtain key material
376 from the agent, however they can perform operations on the keys
377 that enable them to authenticate using the identities loaded into
378 the agent.
379
380 ForwardX11
381 Specifies whether X11 connections will be automatically
382 redirected over the secure channel and DISPLAY set. The argument
383 must be yes or no (the default).
384
385 X11 forwarding should be enabled with caution. Users with the
386 ability to bypass file permissions on the remote host (for the
387 user's X11 authorization database) can access the local X11
388 display through the forwarded connection. An attacker may then
389 be able to perform activities such as keystroke monitoring if the
390 ForwardX11Trusted option is also enabled.
391
392 ForwardX11Timeout
393 Specify a timeout for untrusted X11 forwarding using the format
394 described in the TIME FORMATS section of sshd_config(5). X11
395 connections received by ssh(1) after this time will be refused.
396 The default is to disable untrusted X11 forwarding after twenty
397 minutes has elapsed.
398
399 ForwardX11Trusted
400 If this option is set to yes, remote X11 clients will have full
401 access to the original X11 display.
402
403 If this option is set to no (the default), remote X11 clients
404 will be considered untrusted and prevented from stealing or
405 tampering with data belonging to trusted X11 clients.
406 Furthermore, the xauth(1) token used for the session will be set
407 to expire after 20 minutes. Remote clients will be refused
408 access after this time.
409
410 See the X11 SECURITY extension specification for full details on
411 the restrictions imposed on untrusted clients.
412
413 GatewayPorts
414 Specifies whether remote hosts are allowed to connect to local
415 forwarded ports. By default, ssh(1) binds local port forwardings
416 to the loopback address. This prevents other remote hosts from
417 connecting to forwarded ports. GatewayPorts can be used to
418 specify that ssh should bind local port forwardings to the
419 wildcard address, thus allowing remote hosts to connect to
420 forwarded ports. The argument must be yes or no (the default).
421
422 GlobalKnownHostsFile
423 Specifies one or more files to use for the global host key
424 database, separated by whitespace. The default is
425 /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2.
426
427 GSSAPIAuthentication
428 Specifies whether user authentication based on GSSAPI is allowed.
429 The default is no.
430
431 GSSAPIDelegateCredentials
432 Forward (delegate) credentials to the server. The default is no.
433
434 HashKnownHosts
435 Indicates that ssh(1) should hash host names and addresses when
436 they are added to ~/.ssh/known_hosts. These hashed names may be
437 used normally by ssh(1) and sshd(8), but they do not reveal
438 identifying information should the file's contents be disclosed.
439 The default is no. Note that existing names and addresses in
440 known hosts files will not be converted automatically, but may be
441 manually hashed using ssh-keygen(1).
442
443 HostbasedAuthentication
444 Specifies whether to try rhosts based authentication with public
445 key authentication. The argument must be yes or no (the
446 default).
447
448 HostbasedKeyTypes
449 Specifies the key types that will be used for hostbased
450 authentication as a comma-separated pattern list. Alternately if
451 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
452 specified key types will be appended to the default set instead
453 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
454 character, then the specified key types (including wildcards)
455 will be removed from the default set instead of replacing them.
456 The default for this option is:
457
458 ecdsa-sha2-nistp256-cert-v01@openssh.com,
459 ecdsa-sha2-nistp384-cert-v01@openssh.com,
460 ecdsa-sha2-nistp521-cert-v01@openssh.com,
461 ssh-ed25519-cert-v01@openssh.com,
462 ssh-rsa-cert-v01@openssh.com,
463 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
464 ssh-ed25519,ssh-rsa
465
466 The -Q option of ssh(1) may be used to list supported key types.
467
468 HostKeyAlgorithms
469 Specifies the host key algorithms that the client wants to use in
470 order of preference. Alternately if the specified value begins
471 with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
472 appended to the default set instead of replacing them. If the
473 specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
474 key types (including wildcards) will be removed from the default
475 set instead of replacing them. The default for this option is:
476
477 ecdsa-sha2-nistp256-cert-v01@openssh.com,
478 ecdsa-sha2-nistp384-cert-v01@openssh.com,
479 ecdsa-sha2-nistp521-cert-v01@openssh.com,
480 ssh-ed25519-cert-v01@openssh.com,
481 ssh-rsa-cert-v01@openssh.com,
482 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
483 ssh-ed25519,ssh-rsa
484
485 If hostkeys are known for the destination host then this default
486 is modified to prefer their algorithms.
487
488 The list of available key types may also be obtained using "ssh
489 -Q key".
490
491 HostKeyAlias
492 Specifies an alias that should be used instead of the real host
493 name when looking up or saving the host key in the host key
494 database files. This option is useful for tunneling SSH
495 connections or for multiple servers running on a single host.
496
497 HostName
498 Specifies the real host name to log into. This can be used to
499 specify nicknames or abbreviations for hosts. Arguments to
500 HostName accept the tokens described in the TOKENS section.
501 Numeric IP addresses are also permitted (both on the command line
502 and in HostName specifications). The default is the name given
503 on the command line.
504
505 IdentitiesOnly
506 Specifies that ssh(1) should only use the authentication identity
507 and certificate files explicitly configured in the ssh_config
508 files or passed on the ssh(1) command-line, even if ssh-agent(1)
509 or a PKCS11Provider offers more identities. The argument to this
510 keyword must be yes or no (the default). This option is intended
511 for situations where ssh-agent offers many different identities.
512
513 IdentityAgent
514 Specifies the UNIX-domain socket used to communicate with the
515 authentication agent.
516
517 This option overrides the SSH_AUTH_SOCK environment variable and
518 can be used to select a specific agent. Setting the socket name
519 to none disables the use of an authentication agent. If the
520 string "SSH_AUTH_SOCK" is specified, the location of the socket
521 will be read from the SSH_AUTH_SOCK environment variable.
522
523 Arguments to IdentityAgent may use the tilde syntax to refer to a
524 user's home directory or the tokens described in the TOKENS
525 section.
526
527 IdentityFile
528 Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
529 authentication identity is read. The default is ~/.ssh/identity
530 for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
531 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
532 Additionally, any identities represented by the authentication
533 agent will be used for authentication unless IdentitiesOnly is
534 set. If no certificates have been explicitly specified by
535 CertificateFile, ssh(1) will try to load certificate information
536 from the filename obtained by appending -cert.pub to the path of
537 a specified IdentityFile.
538
539 Arguments to IdentityFile may use the tilde syntax to refer to a
540 user's home directory or the tokens described in the TOKENS
541 section.
542
543 It is possible to have multiple identity files specified in
544 configuration files; all these identities will be tried in
545 sequence. Multiple IdentityFile directives will add to the list
546 of identities tried (this behaviour differs from that of other
547 configuration directives).
548
549 IdentityFile may be used in conjunction with IdentitiesOnly to
550 select which identities in an agent are offered during
551 authentication. IdentityFile may also be used in conjunction
552 with CertificateFile in order to provide any certificate also
553 needed for authentication with the identity.
554
555 IgnoreUnknown
556 Specifies a pattern-list of unknown options to be ignored if they
557 are encountered in configuration parsing. This may be used to
558 suppress errors if ssh_config contains options that are
559 unrecognised by ssh(1). It is recommended that IgnoreUnknown be
560 listed early in the configuration file as it will not be applied
561 to unknown options that appear before it.
562
563 Include
564 Include the specified configuration file(s). Multiple pathnames
565 may be specified and each pathname may contain glob(3) wildcards
566 and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user
567 home directories. Files without absolute paths are assumed to be
568 in ~/.ssh if included in a user configuration file or /etc/ssh if
569 included from the system configuration file. Include directive
570 may appear inside a Match or Host block to perform conditional
571 inclusion.
572
573 IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
574 Accepted values are af11, af12, af13, af21, af22, af23, af31,
575 af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6,
576 cs7, ef, lowdelay, throughput, reliability, or a numeric value.
577 This option may take one or two arguments, separated by
578 whitespace. If one argument is specified, it is used as the
579 packet class unconditionally. If two values are specified, the
580 first is automatically selected for interactive sessions and the
581 second for non-interactive sessions. The default is lowdelay for
582 interactive sessions and throughput for non-interactive sessions.
583
584 KbdInteractiveAuthentication
585 Specifies whether to use keyboard-interactive authentication.
586 The argument to this keyword must be yes (the default) or no.
587
588 KbdInteractiveDevices
589 Specifies the list of methods to use in keyboard-interactive
590 authentication. Multiple method names must be comma-separated.
591 The default is to use the server specified list. The methods
592 available vary depending on what the server supports. For an
593 OpenSSH server, it may be zero or more of: bsdauth, pam, and
594 skey.
595
596 KexAlgorithms
597 Specifies the available KEX (Key Exchange) algorithms. Multiple
598 algorithms must be comma-separated. Alternately if the specified
599 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
600 will be appended to the default set instead of replacing them.
601 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
602 specified methods (including wildcards) will be removed from the
603 default set instead of replacing them. The default is:
604
605 curve25519-sha256,curve25519-sha256@libssh.org,
606 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
607 diffie-hellman-group-exchange-sha256,
608 diffie-hellman-group-exchange-sha1,
609 diffie-hellman-group14-sha1
610
611 The list of available key exchange algorithms may also be
612 obtained using "ssh -Q kex".
613
614 LocalCommand
615 Specifies a command to execute on the local machine after
616 successfully connecting to the server. The command string
617 extends to the end of the line, and is executed with the user's
618 shell. Arguments to LocalCommand accept the tokens described in
619 the TOKENS section.
620
621 The command is run synchronously and does not have access to the
622 session of the ssh(1) that spawned it. It should not be used for
623 interactive commands.
624
625 This directive is ignored unless PermitLocalCommand has been
626 enabled.
627
628 LocalForward
629 Specifies that a TCP port on the local machine be forwarded over
630 the secure channel to the specified host and port from the remote
631 machine. The first argument must be [bind_address:]port and the
632 second argument must be host:hostport. IPv6 addresses can be
633 specified by enclosing addresses in square brackets. Multiple
634 forwardings may be specified, and additional forwardings can be
635 given on the command line. Only the superuser can forward
636 privileged ports. By default, the local port is bound in
637 accordance with the GatewayPorts setting. However, an explicit
638 bind_address may be used to bind the connection to a specific
639 address. The bind_address of localhost indicates that the
640 listening port be bound for local use only, while an empty
641 address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from
642 all interfaces.
643
644 LogLevel
645 Gives the verbosity level that is used when logging messages from
646 ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO,
647 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
648 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
649 higher levels of verbose output.
650
651 MACs Specifies the MAC (message authentication code) algorithms in
652 order of preference. The MAC algorithm is used for data
653 integrity protection. Multiple algorithms must be comma-
654 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
655 then the specified algorithms will be appended to the default set
656 instead of replacing them. If the specified value begins with a
657 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including
658 wildcards) will be removed from the default set instead of
659 replacing them.
660
661 The algorithms that contain "-etm" calculate the MAC after
662 encryption (encrypt-then-mac). These are considered safer and
663 their use recommended.
664
665 The default is:
666
667 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
668 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
669 hmac-sha1-etm@openssh.com,
670 umac-64@openssh.com,umac-128@openssh.com,
671 hmac-sha2-256,hmac-sha2-512,hmac-sha1
672
673 The list of available MAC algorithms may also be obtained using
674 "ssh -Q mac".
675
676 NoHostAuthenticationForLocalhost
677 This option can be used if the home directory is shared across
678 machines. In this case localhost will refer to a different
679 machine on each of the machines and the user will get many
680 warnings about changed host keys. However, this option disables
681 host authentication for localhost. The argument to this keyword
682 must be yes or no (the default).
683
684 NumberOfPasswordPrompts
685 Specifies the number of password prompts before giving up. The
686 argument to this keyword must be an integer. The default is 3.
687
688 PasswordAuthentication
689 Specifies whether to use password authentication. The argument
690 to this keyword must be yes (the default) or no.
691
692 PermitLocalCommand
693 Allow local command execution via the LocalCommand option or
694 using the !command escape sequence in ssh(1). The argument must
695 be yes or no (the default).
696
697 PKCS11Provider
698 Specifies which PKCS#11 provider to use. The argument to this
699 keyword is the PKCS#11 shared library ssh(1) should use to
700 communicate with a PKCS#11 token providing the user's private RSA
701 key.
702
703 Port Specifies the port number to connect on the remote host. The
704 default is 22.
705
706 PreferredAuthentications
707 Specifies the order in which the client should try authentication
708 methods. This allows a client to prefer one method (e.g.
709 keyboard-interactive) over another method (e.g. password). The
710 default is:
711
712 gssapi-with-mic,hostbased,publickey,
713 keyboard-interactive,password
714
715 Protocol
716 Specifies the protocol versions ssh(1) should support in order of
717 preference. The possible values are 1 and 2. Multiple versions
718 must be comma-separated. When this option is set to 2,1 ssh will
719 try version 2 and fall back to version 1 if version 2 is not
720 available. The default is version 2. Protocol 1 suffers from a
721 number of cryptographic weaknesses and should not be used. It is
722 only offered to support legacy devices.
723
724 ProxyCommand
725 Specifies the command to use to connect to the server. The
726 command string extends to the end of the line, and is executed
727 using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering
728 shell process.
729
730 Arguments to ProxyCommand accept the tokens described in the
731 TOKENS section. The command can be basically anything, and
732 should read from its standard input and write to its standard
733 output. It should eventually connect an sshd(8) server running
734 on some machine, or execute sshd -i somewhere. Host key
735 management will be done using the HostName of the host being
736 connected (defaulting to the name typed by the user). Setting
737 the command to none disables this option entirely. Note that
738 CheckHostIP is not available for connects with a proxy command.
739
740 This directive is useful in conjunction with nc(1) and its proxy
741 support. For example, the following directive would connect via
742 an HTTP proxy at 192.0.2.0:
743
744 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
745
746 ProxyJump
747 Specifies one or more jump proxies as [user@]host[:port].
748 Multiple proxies may be separated by comma characters and will be
749 visited sequentially. Setting this option will cause ssh(1) to
750 connect to the target host by first making a ssh(1) connection to
751 the specified ProxyJump host and then establishing a TCP
752 forwarding to the ultimate target from there.
753
754 Note that this option will compete with the ProxyCommand option -
755 whichever is specified first will prevent later instances of the
756 other from taking effect.
757
758 ProxyUseFdpass
759 Specifies that ProxyCommand will pass a connected file descriptor
760 back to ssh(1) instead of continuing to execute and pass data.
761 The default is no.
762
763 PubkeyAcceptedKeyTypes
764 Specifies the key types that will be used for public key
765 authentication as a comma-separated pattern list. Alternately if
766 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key
767 types after it will be appended to the default instead of
768 replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
769 character, then the specified key types (including wildcards)
770 will be removed from the default set instead of replacing them.
771 The default for this option is:
772
773 ecdsa-sha2-nistp256-cert-v01@openssh.com,
774 ecdsa-sha2-nistp384-cert-v01@openssh.com,
775 ecdsa-sha2-nistp521-cert-v01@openssh.com,
776 ssh-ed25519-cert-v01@openssh.com,
777 ssh-rsa-cert-v01@openssh.com,
778 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
779 ssh-ed25519,ssh-rsa
780
781 The list of available key types may also be obtained using "ssh
782 -Q key".
783
784 PubkeyAuthentication
785 Specifies whether to try public key authentication. The argument
786 to this keyword must be yes (the default) or no.
787
788 RekeyLimit
789 Specifies the maximum amount of data that may be transmitted
790 before the session key is renegotiated, optionally followed a
791 maximum amount of time that may pass before the session key is
792 renegotiated. The first argument is specified in bytes and may
793 have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes,
794 Megabytes, or Gigabytes, respectively. The default is between
795 M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second
796 value is specified in seconds and may use any of the units
797 documented in the TIME FORMATS section of sshd_config(5). The
798 default value for RekeyLimit is default none, which means that
799 rekeying is performed after the cipher's default amount of data
800 has been sent or received and no time based rekeying is done.
801
802 RemoteForward
803 Specifies that a TCP port on the remote machine be forwarded over
804 the secure channel to the specified host and port from the local
805 machine. The first argument must be [bind_address:]port and the
806 second argument must be host:hostport. IPv6 addresses can be
807 specified by enclosing addresses in square brackets. Multiple
808 forwardings may be specified, and additional forwardings can be
809 given on the command line. Privileged ports can be forwarded
810 only when logging in as root on the remote machine.
811
812 If the port argument is 0, the listen port will be dynamically
813 allocated on the server and reported to the client at run time.
814
815 If the bind_address is not specified, the default is to only bind
816 to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty
817 string, then the forwarding is requested to listen on all
818 interfaces. Specifying a remote bind_address will only succeed
819 if the server's GatewayPorts option is enabled (see
820 sshd_config(5)).
821
822 RequestTTY
823 Specifies whether to request a pseudo-tty for the session. The
824 argument may be one of: no (never request a TTY), yes (always
825 request a TTY when standard input is a TTY), force (always
826 request a TTY) or auto (request a TTY when opening a login
827 session). This option mirrors the -t and -T flags for ssh(1).
828
829 RevokedHostKeys
830 Specifies revoked host public keys. Keys listed in this file
831 will be refused for host authentication. Note that if this file
832 does not exist or is not readable, then host authentication will
833 be refused for all hosts. Keys may be specified as a text file,
834 listing one public key per line, or as an OpenSSH Key Revocation
835 List (KRL) as generated by ssh-keygen(1). For more information
836 on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1).
837
838 RhostsRSAAuthentication
839 Specifies whether to try rhosts based authentication with RSA
840 host authentication. The argument must be yes or no (the
841 default). This option applies to protocol version 1 only and
842 requires ssh(1) to be setuid root.
843
844 RSAAuthentication
845 Specifies whether to try RSA authentication. The argument to
846 this keyword must be yes (the default) or no. RSA authentication
847 will only be attempted if the identity file exists, or an
848 authentication agent is running. Note that this option applies
849 to protocol version 1 only.
850
851 SendEnv
852 Specifies what variables from the local environ(7) should be sent
853 to the server. The server must also support it, and the server
854 must be configured to accept these environment variables. Note
855 that the TERM environment variable is always sent whenever a
856 pseudo-terminal is requested as it is required by the protocol.
857 Refer to AcceptEnv in sshd_config(5) for how to configure the
858 server. Variables are specified by name, which may contain
859 wildcard characters. Multiple environment variables may be
860 separated by whitespace or spread across multiple SendEnv
861 directives. The default is not to send any environment
862 variables.
863
864 See PATTERNS for more information on patterns.
865
866 ServerAliveCountMax
867 Sets the number of server alive messages (see below) which may be
868 sent without ssh(1) receiving any messages back from the server.
869 If this threshold is reached while server alive messages are
870 being sent, ssh will disconnect from the server, terminating the
871 session. It is important to note that the use of server alive
872 messages is very different from TCPKeepAlive (below). The server
873 alive messages are sent through the encrypted channel and
874 therefore will not be spoofable. The TCP keepalive option
875 enabled by TCPKeepAlive is spoofable. The server alive mechanism
876 is valuable when the client or server depend on knowing when a
877 connection has become inactive.
878
879 The default value is 3. If, for example, ServerAliveInterval
880 (see below) is set to 15 and ServerAliveCountMax is left at the
881 default, if the server becomes unresponsive, ssh will disconnect
882 after approximately 45 seconds.
883
884 ServerAliveInterval
885 Sets a timeout interval in seconds after which if no data has
886 been received from the server, ssh(1) will send a message through
887 the encrypted channel to request a response from the server. The
888 default is 0, indicating that these messages will not be sent to
889 the server.
890
891 StreamLocalBindMask
892 Sets the octal file creation mode mask (umask) used when creating
893 a Unix-domain socket file for local or remote port forwarding.
894 This option is only used for port forwarding to a Unix-domain
895 socket file.
896
897 The default value is 0177, which creates a Unix-domain socket
898 file that is readable and writable only by the owner. Note that
899 not all operating systems honor the file mode on Unix-domain
900 socket files.
901
902 StreamLocalBindUnlink
903 Specifies whether to remove an existing Unix-domain socket file
904 for local or remote port forwarding before creating a new one.
905 If the socket file already exists and StreamLocalBindUnlink is
906 not enabled, ssh will be unable to forward the port to the Unix-
907 domain socket file. This option is only used for port forwarding
908 to a Unix-domain socket file.
909
910 The argument must be yes or no (the default).
911
912 StrictHostKeyChecking
913 If this flag is set to yes, ssh(1) will never automatically add
914 host keys to the ~/.ssh/known_hosts file, and refuses to connect
915 to hosts whose host key has changed. This provides maximum
916 protection against trojan horse attacks, though it can be
917 annoying when the /etc/ssh/ssh_known_hosts file is poorly
918 maintained or when connections to new hosts are frequently made.
919 This option forces the user to manually add all new hosts. If
920 this flag is set to no, ssh will automatically add new host keys
921 to the user known hosts files. If this flag is set to ask (the
922 default), new host keys will be added to the user known host
923 files only after the user has confirmed that is what they really
924 want to do, and ssh will refuse to connect to hosts whose host
925 key has changed. The host keys of known hosts will be verified
926 automatically in all cases.
927
928 TCPKeepAlive
929 Specifies whether the system should send TCP keepalive messages
930 to the other side. If they are sent, death of the connection or
931 crash of one of the machines will be properly noticed. However,
932 this means that connections will die if the route is down
933 temporarily, and some people find it annoying.
934
935 The default is yes (to send TCP keepalive messages), and the
936 client will notice if the network goes down or the remote host
937 dies. This is important in scripts, and many users want it too.
938
939 To disable TCP keepalive messages, the value should be set to no.
940
941 Tunnel Request tun(4) device forwarding between the client and the
942 server. The argument must be yes, point-to-point (layer 3),
943 ethernet (layer 2), or no (the default). Specifying yes requests
944 the default tunnel mode, which is point-to-point.
945
946 TunnelDevice
947 Specifies the tun(4) devices to open on the client (local_tun)
948 and the server (remote_tun).
949
950 The argument must be local_tun[:remote_tun]. The devices may be
951 specified by numerical ID or the keyword any, which uses the next
952 available tunnel device. If remote_tun is not specified, it
953 defaults to any. The default is any:any.
954
955 UpdateHostKeys
956 Specifies whether ssh(1) should accept notifications of
957 additional hostkeys from the server sent after authentication has
958 completed and add them to UserKnownHostsFile. The argument must
959 be yes, no (the default) or ask. Enabling this option allows
960 learning alternate hostkeys for a server and supports graceful
961 key rotation by allowing a server to send replacement public keys
962 before old ones are removed. Additional hostkeys are only
963 accepted if the key used to authenticate the host was already
964 trusted or explicitly accepted by the user. If UpdateHostKeys is
965 set to ask, then the user is asked to confirm the modifications
966 to the known_hosts file. Confirmation is currently incompatible
967 with ControlPersist, and will be disabled if it is enabled.
968
969 Presently, only sshd(8) from OpenSSH 6.8 and greater support the
970 "hostkeys@openssh.com" protocol extension used to inform the
971 client of all the server's hostkeys.
972
973 UsePrivilegedPort
974 Specifies whether to use a privileged port for outgoing
975 connections. The argument must be yes or no (the default). If
976 set to yes, ssh(1) must be setuid root. Note that this option
977 must be set to yes for RhostsRSAAuthentication with older
978 servers.
979
980 User Specifies the user to log in as. This can be useful when a
981 different user name is used on different machines. This saves
982 the trouble of having to remember to give the user name on the
983 command line.
984
985 UserKnownHostsFile
986 Specifies one or more files to use for the user host key
987 database, separated by whitespace. The default is
988 ~/.ssh/known_hosts, ~/.ssh/known_hosts2.
989
990 VerifyHostKeyDNS
991 Specifies whether to verify the remote key using DNS and SSHFP
992 resource records. If this option is set to yes, the client will
993 implicitly trust keys that match a secure fingerprint from DNS.
994 Insecure fingerprints will be handled as if this option was set
995 to ask. If this option is set to ask, information on fingerprint
996 match will be displayed, but the user will still need to confirm
997 new host keys according to the StrictHostKeyChecking option. The
998 default is no.
999
1000 See also VERIFYING HOST KEYS in ssh(1).
1001
1002 VisualHostKey
1003 If this flag is set to yes, an ASCII art representation of the
1004 remote host key fingerprint is printed in addition to the
1005 fingerprint string at login and for unknown host keys. If this
1006 flag is set to no (the default), no fingerprint strings are
1007 printed at login and only the fingerprint string will be printed
1008 for unknown host keys.
1009
1010 XAuthLocation
1011 Specifies the full pathname of the xauth(1) program. The default
1012 is /usr/X11R6/bin/xauth.
1013
1014PATTERNS
1015 A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a
1016 wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that
1017 matches exactly one character). For example, to specify a set of
1018 declarations for any host in the ".co.uk" set of domains, the following
1019 pattern could be used:
1020
1021 Host *.co.uk
1022
1023 The following pattern would match any host in the 192.168.0.[0-9] network
1024 range:
1025
1026 Host 192.168.0.?
1027
1028 A pattern-list is a comma-separated list of patterns. Patterns within
1029 pattern-lists may be negated by preceding them with an exclamation mark
1030 (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an
1031 organization except from the "dialup" pool, the following entry (in
1032 authorized_keys) could be used:
1033
1034 from="!*.dialup.example.com,*.example.com"
1035
1036TOKENS
1037 Arguments to some keywords can make use of tokens, which are expanded at
1038 runtime:
1039
1040 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y.
1041 %C Shorthand for %l%h%p%r.
1042 %d Local user's home directory.
1043 %h The remote hostname.
1044 %i The local user ID.
1045 %L The local hostname.
1046 %l The local hostname, including the domain name.
1047 %n The original remote hostname, as given on the command line.
1048 %p The remote port.
1049 %r The remote username.
1050 %u The local username.
1051
1052 Match exec accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u.
1053
1054 CertificateFile accepts the tokens %%, %d, %h, %l, %r, and %u.
1055
1056 ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and
1057 %u.
1058
1059 HostName accepts the tokens %% and %h.
1060
1061 IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %l, %r, and
1062 %u.
1063
1064 LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
1065
1066 ProxyCommand accepts the tokens %%, %h, %p, and %r.
1067
1068FILES
1069 ~/.ssh/config
1070 This is the per-user configuration file. The format of this file
1071 is described above. This file is used by the SSH client.
1072 Because of the potential for abuse, this file must have strict
1073 permissions: read/write for the user, and not accessible by
1074 others.
1075
1076 /etc/ssh/ssh_config
1077 Systemwide configuration file. This file provides defaults for
1078 those values that are not specified in the user's configuration
1079 file, and for those users who do not have a configuration file.
1080 This file must be world-readable.
1081
1082SEE ALSO
1083 ssh(1)
1084
1085AUTHORS
1086 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1087 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1088 de Raadt and Dug Song removed many bugs, re-added newer features and
1089 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1090 versions 1.5 and 2.0.
1091
1092OpenBSD 6.0 February 27, 2017 OpenBSD 6.0
diff --git a/sshd.0 b/sshd.0
new file mode 100644
index 000000000..6cd5f038c
--- /dev/null
+++ b/sshd.0
@@ -0,0 +1,626 @@
1SSHD(8) System Manager's Manual SSHD(8)
2
3NAME
4 sshd M-bM-^@M-^S OpenSSH SSH daemon
5
6SYNOPSIS
7 sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file]
8 [-E log_file] [-f config_file] [-g login_grace_time]
9 [-h host_key_file] [-o option] [-p port] [-u len]
10
11DESCRIPTION
12 sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
13 programs replace rlogin and rsh, and provide secure encrypted
14 communications between two untrusted hosts over an insecure network.
15
16 sshd listens for connections from clients. It is normally started at
17 boot from /etc/rc. It forks a new daemon for each incoming connection.
18 The forked daemons handle key exchange, encryption, authentication,
19 command execution, and data exchange.
20
21 sshd can be configured using command-line options or a configuration file
22 (by default sshd_config(5)); command-line options override values
23 specified in the configuration file. sshd rereads its configuration file
24 when it receives a hangup signal, SIGHUP, by executing itself with the
25 name and options it was started with, e.g. /usr/sbin/sshd.
26
27 The options are as follows:
28
29 -4 Forces sshd to use IPv4 addresses only.
30
31 -6 Forces sshd to use IPv6 addresses only.
32
33 -C connection_spec
34 Specify the connection parameters to use for the -T extended test
35 mode. If provided, any Match directives in the configuration
36 file that would apply to the specified user, host, and address
37 will be set before the configuration is written to standard
38 output. The connection parameters are supplied as keyword=value
39 pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and
40 M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order,
41 either with multiple -C options or as a comma-separated list.
42
43 -c host_certificate_file
44 Specifies a path to a certificate file to identify sshd during
45 key exchange. The certificate file must match a host key file
46 specified using the -h option or the HostKey configuration
47 directive.
48
49 -D When this option is specified, sshd will not detach and does not
50 become a daemon. This allows easy monitoring of sshd.
51
52 -d Debug mode. The server sends verbose debug output to standard
53 error, and does not put itself in the background. The server
54 also will not fork and will only process one connection. This
55 option is only intended for debugging for the server. Multiple
56 -d options increase the debugging level. Maximum is 3.
57
58 -E log_file
59 Append debug logs to log_file instead of the system log.
60
61 -e Write debug logs to standard error instead of the system log.
62
63 -f config_file
64 Specifies the name of the configuration file. The default is
65 /etc/ssh/sshd_config. sshd refuses to start if there is no
66 configuration file.
67
68 -g login_grace_time
69 Gives the grace time for clients to authenticate themselves
70 (default 120 seconds). If the client fails to authenticate the
71 user within this many seconds, the server disconnects and exits.
72 A value of zero indicates no limit.
73
74 -h host_key_file
75 Specifies a file from which a host key is read. This option must
76 be given if sshd is not run as root (as the normal host key files
77 are normally not readable by anyone but root). The default is
78 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
79 /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It
80 is possible to have multiple host key files for the different
81 host key algorithms.
82
83 -i Specifies that sshd is being run from inetd(8).
84
85 -o option
86 Can be used to give options in the format used in the
87 configuration file. This is useful for specifying options for
88 which there is no separate command-line flag. For full details
89 of the options, and their values, see sshd_config(5).
90
91 -p port
92 Specifies the port on which the server listens for connections
93 (default 22). Multiple port options are permitted. Ports
94 specified in the configuration file with the Port option are
95 ignored when a command-line port is specified. Ports specified
96 using the ListenAddress option override command-line ports.
97
98 -q Quiet mode. Nothing is sent to the system log. Normally the
99 beginning, authentication, and termination of each connection is
100 logged.
101
102 -T Extended test mode. Check the validity of the configuration
103 file, output the effective configuration to stdout and then exit.
104 Optionally, Match rules may be applied by specifying the
105 connection parameters using one or more -C options.
106
107 -t Test mode. Only check the validity of the configuration file and
108 sanity of the keys. This is useful for updating sshd reliably as
109 configuration options may change.
110
111 -u len This option is used to specify the size of the field in the utmp
112 structure that holds the remote host name. If the resolved host
113 name is longer than len, the dotted decimal value will be used
114 instead. This allows hosts with very long host names that
115 overflow this field to still be uniquely identified. Specifying
116 -u0 indicates that only dotted decimal addresses should be put
117 into the utmp file. -u0 may also be used to prevent sshd from
118 making DNS requests unless the authentication mechanism or
119 configuration requires it. Authentication mechanisms that may
120 require DNS include HostbasedAuthentication and using a
121 from="pattern-list" option in a key file. Configuration options
122 that require DNS include using a USER@HOST pattern in AllowUsers
123 or DenyUsers.
124
125AUTHENTICATION
126 The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a
127 host-specific key, used to identify the host. Whenever a client
128 connects, the daemon responds with its public host key. The client
129 compares the host key against its own database to verify that it has not
130 changed. Forward security is provided through a Diffie-Hellman key
131 agreement. This key agreement results in a shared session key. The rest
132 of the session is encrypted using a symmetric cipher, currently 128-bit
133 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
134 client selects the encryption algorithm to use from those offered by the
135 server. Additionally, session integrity is provided through a
136 cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64,
137 umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512).
138
139 Finally, the server and the client enter an authentication dialog. The
140 client tries to authenticate itself using host-based authentication,
141 public key authentication, challenge-response authentication, or password
142 authentication.
143
144 Regardless of the authentication type, the account is checked to ensure
145 that it is accessible. An account is not accessible if it is locked,
146 listed in DenyUsers or its group is listed in DenyGroups . The
147 definition of a locked account is system dependant. Some platforms have
148 their own account database (eg AIX) and some modify the passwd field (
149 M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on
150 Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most
151 Linuxes). If there is a requirement to disable password authentication
152 for the account while allowing still public-key, then the passwd field
153 should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ).
154
155 If the client successfully authenticates itself, a dialog for preparing
156 the session is entered. At this time the client may request things like
157 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP
158 connections, or forwarding the authentication agent connection over the
159 secure channel.
160
161 After this, the client either requests a shell or execution of a command.
162 The sides then enter session mode. In this mode, either side may send
163 data at any time, and such data is forwarded to/from the shell or command
164 on the server side, and the user terminal in the client side.
165
166 When the user program terminates and all forwarded X11 and other
167 connections have been closed, the server sends command exit status to the
168 client, and both sides exit.
169
170LOGIN PROCESS
171 When a user successfully logs in, sshd does the following:
172
173 1. If the login is on a tty, and no command has been specified,
174 prints last login time and /etc/motd (unless prevented in the
175 configuration file or by ~/.hushlogin; see the FILES section).
176
177 2. If the login is on a tty, records login time.
178
179 3. Checks /etc/nologin; if it exists, prints contents and quits
180 (unless root).
181
182 4. Changes to run with normal user privileges.
183
184 5. Sets up basic environment.
185
186 6. Reads the file ~/.ssh/environment, if it exists, and users are
187 allowed to change their environment. See the
188 PermitUserEnvironment option in sshd_config(5).
189
190 7. Changes to user's home directory.
191
192 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option
193 is set, runs it; else if /etc/ssh/sshrc exists, runs it;
194 otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11
195 authentication protocol and cookie in standard input. See
196 SSHRC, below.
197
198 9. Runs user's shell or command. All commands are run under the
199 user's login shell as specified in the system password
200 database.
201
202SSHRC
203 If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
204 files but before starting the user's shell or command. It must not
205 produce any output on stdout; stderr must be used instead. If X11
206 forwarding is in use, it will receive the "proto cookie" pair in its
207 standard input (and DISPLAY in its environment). The script must call
208 xauth(1) because sshd will not run xauth automatically to add X11
209 cookies.
210
211 The primary purpose of this file is to run any initialization routines
212 which may be needed before the user's home directory becomes accessible;
213 AFS is a particular example of such an environment.
214
215 This file will probably contain some initialization code followed by
216 something similar to:
217
218 if read proto cookie && [ -n "$DISPLAY" ]; then
219 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
220 # X11UseLocalhost=yes
221 echo add unix:`echo $DISPLAY |
222 cut -c11-` $proto $cookie
223 else
224 # X11UseLocalhost=no
225 echo add $DISPLAY $proto $cookie
226 fi | xauth -q -
227 fi
228
229 If this file does not exist, /etc/ssh/sshrc is run, and if that does not
230 exist either, xauth is used to add the cookie.
231
232AUTHORIZED_KEYS FILE FORMAT
233 AuthorizedKeysFile specifies the files containing public keys for public
234 key authentication; if this option is not specified, the default is
235 ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the
236 file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
237 ignored as comments). Public keys consist of the following space-
238 separated fields: options, keytype, base64-encoded key, comment. The
239 options field is optional. The keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
240 M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
241 M-bM-^@M-^\ssh-rsaM-bM-^@M-^]; the comment field is not used for anything (but may be
242 convenient for the user to identify the key).
243
244 Note that lines in this file can be several hundred bytes long (because
245 of the size of the public key encoding) up to a limit of 8 kilobytes,
246 which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits.
247 You don't want to type them in; instead, copy the id_dsa.pub,
248 id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it.
249
250 sshd enforces a minimum RSA key modulus size of 768 bits.
251
252 The options (if present) consist of comma-separated option
253 specifications. No spaces are permitted, except within double quotes.
254 The following option specifications are supported (note that option
255 keywords are case-insensitive):
256
257 agent-forwarding
258 Enable authentication agent forwarding previously disabled by the
259 restrict option.
260
261 cert-authority
262 Specifies that the listed key is a certification authority (CA)
263 that is trusted to validate signed certificates for user
264 authentication.
265
266 Certificates may encode access restrictions similar to these key
267 options. If both certificate restrictions and key options are
268 present, the most restrictive union of the two is applied.
269
270 command="command"
271 Specifies that the command is executed whenever this key is used
272 for authentication. The command supplied by the user (if any) is
273 ignored. The command is run on a pty if the client requests a
274 pty; otherwise it is run without a tty. If an 8-bit clean
275 channel is required, one must not request a pty or should specify
276 no-pty. A quote may be included in the command by quoting it
277 with a backslash.
278
279 This option might be useful to restrict certain public keys to
280 perform just a specific operation. An example might be a key
281 that permits remote backups but nothing else. Note that the
282 client may specify TCP and/or X11 forwarding unless they are
283 explicitly prohibited, e.g. using the restrict key option.
284
285 The command originally supplied by the client is available in the
286 SSH_ORIGINAL_COMMAND environment variable. Note that this option
287 applies to shell, command or subsystem execution. Also note that
288 this command may be superseded by a sshd_config(5) ForceCommand
289 directive.
290
291 If a command is specified and a forced-command is embedded in a
292 certificate used for authentication, then the certificate will be
293 accepted only if the two commands are identical.
294
295 environment="NAME=value"
296 Specifies that the string is to be added to the environment when
297 logging in using this key. Environment variables set this way
298 override other default environment values. Multiple options of
299 this type are permitted. Environment processing is disabled by
300 default and is controlled via the PermitUserEnvironment option.
301
302 from="pattern-list"
303 Specifies that in addition to public key authentication, either
304 the canonical name of the remote host or its IP address must be
305 present in the comma-separated list of patterns. See PATTERNS in
306 ssh_config(5) for more information on patterns.
307
308 In addition to the wildcard matching that may be applied to
309 hostnames or addresses, a from stanza may match IP addresses
310 using CIDR address/masklen notation.
311
312 The purpose of this option is to optionally increase security:
313 public key authentication by itself does not trust the network or
314 name servers or anything (but the key); however, if somebody
315 somehow steals the key, the key permits an intruder to log in
316 from anywhere in the world. This additional option makes using a
317 stolen key more difficult (name servers and/or routers would have
318 to be compromised in addition to just the key).
319
320 no-agent-forwarding
321 Forbids authentication agent forwarding when this key is used for
322 authentication.
323
324 no-port-forwarding
325 Forbids TCP forwarding when this key is used for authentication.
326 Any port forward requests by the client will return an error.
327 This might be used, e.g. in connection with the command option.
328
329 no-pty Prevents tty allocation (a request to allocate a pty will fail).
330
331 no-user-rc
332 Disables execution of ~/.ssh/rc.
333
334 no-X11-forwarding
335 Forbids X11 forwarding when this key is used for authentication.
336 Any X11 forward requests by the client will return an error.
337
338 permitopen="host:port"
339 Limit local port forwarding with ssh(1) -L such that it may only
340 connect to the specified host and port. IPv6 addresses can be
341 specified by enclosing the address in square brackets. Multiple
342 permitopen options may be applied separated by commas. No
343 pattern matching is performed on the specified hostnames, they
344 must be literal domains or addresses. A port specification of *
345 matches any port.
346
347 port-forwarding
348 Enable port forwarding previously disabled by the restrict
349
350 principals="principals"
351 On a cert-authority line, specifies allowed principals for
352 certificate authentication as a comma-separated list. At least
353 one name from the list must appear in the certificate's list of
354 principals for the certificate to be accepted. This option is
355 ignored for keys that are not marked as trusted certificate
356 signers using the cert-authority option.
357
358 pty Permits tty allocation previously disabled by the restrict
359 option.
360
361 restrict
362 Enable all restrictions, i.e. disable port, agent and X11
363 forwarding, as well as disabling PTY allocation and execution of
364 ~/.ssh/rc. If any future restriction capabilities are added to
365 authorized_keys files they will be included in this set.
366
367 tunnel="n"
368 Force a tun(4) device on the server. Without this option, the
369 next available device will be used if the client requests a
370 tunnel.
371
372 user-rc
373 Enables execution of ~/.ssh/rc previously disabled by the
374 restrict option.
375
376 X11-forwarding
377 Permits X11 forwarding previously disabled by the restrict
378 option.
379
380 An example authorized_keys file:
381
382 # Comments allowed at start of line
383 ssh-rsa AAAAB3Nza...LiPk== user@example.net
384 from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
385 AAAAB2...19Q== john@example.net
386 command="dump /home",no-pty,no-port-forwarding ssh-dss
387 AAAAC3...51R== example.net
388 permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
389 AAAAB5...21S==
390 tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
391 jane@example.net
392 restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
393 user@example.net
394 restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
395 user@example.net
396
397SSH_KNOWN_HOSTS FILE FORMAT
398 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
399 public keys for all known hosts. The global file should be prepared by
400 the administrator (optional), and the per-user file is maintained
401 automatically: whenever the user connects to an unknown host, its key is
402 added to the per-user file.
403
404 Each line in these files contains the following fields: markers
405 (optional), hostnames, keytype, base64-encoded key, comment. The fields
406 are separated by spaces.
407
408 The marker is optional, but if it is present then it must be one of
409 M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification
410 authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on
411 the line is revoked and must not ever be accepted. Only one marker
412 should be used on a key line.
413
414 Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as
415 wildcards); each pattern in turn is matched against the canonical host
416 name (when authenticating a client) or against the user-supplied name
417 (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to
418 indicate negation: if the host name matches a negated pattern, it is not
419 accepted (by that line) even if it matched another pattern on the line.
420 A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y
421 brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number.
422
423 Alternately, hostnames may be stored in a hashed form which hides host
424 names and addresses should the file's contents be disclosed. Hashed
425 hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may
426 appear on a single line and none of the above negation or wildcard
427 operators may be applied.
428
429 The keytype and base64-encoded key are taken directly from the host key;
430 they can be obtained, for example, from /etc/ssh/ssh_host_rsa_key.pub.
431 The optional comment field continues to the end of the line, and is not
432 used.
433
434 Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments.
435
436 When performing host authentication, authentication is accepted if any
437 matching line has the proper key; either one that matches exactly or, if
438 the server has presented a certificate for authentication, the key of the
439 certification authority that signed the certificate. For a key to be
440 trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^]
441 marker described above.
442
443 The known hosts file also provides a facility to mark keys as revoked,
444 for example when it is known that the associated private key has been
445 stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at
446 the beginning of the key line, and are never accepted for authentication
447 or as certification authorities, but instead will produce a warning from
448 ssh(1) when they are encountered.
449
450 It is permissible (but not recommended) to have several lines or
451 different host keys for the same names. This will inevitably happen when
452 short forms of host names from different domains are put in the file. It
453 is possible that the files contain conflicting information;
454 authentication is accepted if valid information can be found from either
455 file.
456
457 Note that the lines in these files are typically hundreds of characters
458 long, and you definitely don't want to type in the host keys by hand.
459 Rather, generate them by a script, ssh-keyscan(1) or by taking, for
460 example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the
461 front. ssh-keygen(1) also offers some basic automated editing for
462 ~/.ssh/known_hosts including removing hosts matching a host name and
463 converting all host names to their hashed representations.
464
465 An example ssh_known_hosts file:
466
467 # Comments allowed at start of line
468 closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net
469 cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
470 # A hashed hostname
471 |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
472 AAAA1234.....=
473 # A revoked key
474 @revoked * ssh-rsa AAAAB5W...
475 # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
476 @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
477
478FILES
479 ~/.hushlogin
480 This file is used to suppress printing the last login time and
481 /etc/motd, if PrintLastLog and PrintMotd, respectively, are
482 enabled. It does not suppress printing of the banner specified
483 by Banner.
484
485 ~/.rhosts
486 This file is used for host-based authentication (see ssh(1) for
487 more information). On some machines this file may need to be
488 world-readable if the user's home directory is on an NFS
489 partition, because sshd reads it as root. Additionally, this
490 file must be owned by the user, and must not have write
491 permissions for anyone else. The recommended permission for most
492 machines is read/write for the user, and not accessible by
493 others.
494
495 ~/.shosts
496 This file is used in exactly the same way as .rhosts, but allows
497 host-based authentication without permitting login with
498 rlogin/rsh.
499
500 ~/.ssh/
501 This directory is the default location for all user-specific
502 configuration and authentication information. There is no
503 general requirement to keep the entire contents of this directory
504 secret, but the recommended permissions are read/write/execute
505 for the user, and not accessible by others.
506
507 ~/.ssh/authorized_keys
508 Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
509 for logging in as this user. The format of this file is
510 described above. The content of the file is not highly
511 sensitive, but the recommended permissions are read/write for the
512 user, and not accessible by others.
513
514 If this file, the ~/.ssh directory, or the user's home directory
515 are writable by other users, then the file could be modified or
516 replaced by unauthorized users. In this case, sshd will not
517 allow it to be used unless the StrictModes option has been set to
518 M-bM-^@M-^\noM-bM-^@M-^].
519
520 ~/.ssh/environment
521 This file is read into the environment at login (if it exists).
522 It can only contain empty lines, comment lines (that start with
523 M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
524 should be writable only by the user; it need not be readable by
525 anyone else. Environment processing is disabled by default and
526 is controlled via the PermitUserEnvironment option.
527
528 ~/.ssh/known_hosts
529 Contains a list of host keys for all hosts the user has logged
530 into that are not already in the systemwide list of known host
531 keys. The format of this file is described above. This file
532 should be writable only by root/the owner and can, but need not
533 be, world-readable.
534
535 ~/.ssh/rc
536 Contains initialization routines to be run before the user's home
537 directory becomes accessible. This file should be writable only
538 by the user, and need not be readable by anyone else.
539
540 /etc/hosts.equiv
541 This file is for host-based authentication (see ssh(1)). It
542 should only be writable by root.
543
544 /etc/moduli
545 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
546 Exchange" key exchange method. The file format is described in
547 moduli(5). If no usable groups are found in this file then fixed
548 internal groups will be used.
549
550 /etc/motd
551 See motd(5).
552
553 /etc/nologin
554 If this file exists, sshd refuses to let anyone except root log
555 in. The contents of the file are displayed to anyone trying to
556 log in, and non-root connections are refused. The file should be
557 world-readable.
558
559 /etc/shosts.equiv
560 This file is used in exactly the same way as hosts.equiv, but
561 allows host-based authentication without permitting login with
562 rlogin/rsh.
563
564 /etc/ssh/ssh_host_dsa_key
565 /etc/ssh/ssh_host_ecdsa_key
566 /etc/ssh/ssh_host_ed25519_key
567 /etc/ssh/ssh_host_rsa_key
568 These files contain the private parts of the host keys. These
569 files should only be owned by root, readable only by root, and
570 not accessible to others. Note that sshd does not start if these
571 files are group/world-accessible.
572
573 /etc/ssh/ssh_host_dsa_key.pub
574 /etc/ssh/ssh_host_ecdsa_key.pub
575 /etc/ssh/ssh_host_ed25519_key.pub
576 /etc/ssh/ssh_host_rsa_key.pub
577 These files contain the public parts of the host keys. These
578 files should be world-readable but writable only by root. Their
579 contents should match the respective private parts. These files
580 are not really used for anything; they are provided for the
581 convenience of the user so their contents can be copied to known
582 hosts files. These files are created using ssh-keygen(1).
583
584 /etc/ssh/ssh_known_hosts
585 Systemwide list of known host keys. This file should be prepared
586 by the system administrator to contain the public host keys of
587 all machines in the organization. The format of this file is
588 described above. This file should be writable only by root/the
589 owner and should be world-readable.
590
591 /etc/ssh/sshd_config
592 Contains configuration data for sshd. The file format and
593 configuration options are described in sshd_config(5).
594
595 /etc/ssh/sshrc
596 Similar to ~/.ssh/rc, it can be used to specify machine-specific
597 login-time initializations globally. This file should be
598 writable only by root, and should be world-readable.
599
600 /var/empty
601 chroot(2) directory used by sshd during privilege separation in
602 the pre-authentication phase. The directory should not contain
603 any files and must be owned by root and not group or world-
604 writable.
605
606 /var/run/sshd.pid
607 Contains the process ID of the sshd listening for connections (if
608 there are several daemons running concurrently for different
609 ports, this contains the process ID of the one started last).
610 The content of this file is not sensitive; it can be world-
611 readable.
612
613SEE ALSO
614 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
615 ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5),
616 inetd(8), sftp-server(8)
617
618AUTHORS
619 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
620 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
621 de Raadt and Dug Song removed many bugs, re-added newer features and
622 created OpenSSH. Markus Friedl contributed the support for SSH protocol
623 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
624 for privilege separation.
625
626OpenBSD 6.0 January 30, 2017 OpenBSD 6.0
diff --git a/sshd_config.0 b/sshd_config.0
new file mode 100644
index 000000000..b0160aa87
--- /dev/null
+++ b/sshd_config.0
@@ -0,0 +1,1020 @@
1SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5)
2
3NAME
4 sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file
5
6SYNOPSIS
7 /etc/ssh/sshd_config
8
9DESCRIPTION
10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
11 specified with -f on the command line). The file contains keyword-
12 argument pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines
13 are interpreted as comments. Arguments may optionally be enclosed in
14 double quotes (") in order to represent arguments containing spaces.
15
16 The possible keywords and their meanings are as follows (note that
17 keywords are case-insensitive and arguments are case-sensitive):
18
19 AcceptEnv
20 Specifies what environment variables sent by the client will be
21 copied into the session's environ(7). See SendEnv in
22 ssh_config(5) for how to configure the client. The TERM
23 environment variable is always sent whenever the client requests
24 a pseudo-terminal as it is required by the protocol. Variables
25 are specified by name, which may contain the wildcard characters
26 M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be separated by
27 whitespace or spread across multiple AcceptEnv directives. Be
28 warned that some environment variables could be used to bypass
29 restricted user environments. For this reason, care should be
30 taken in the use of this directive. The default is not to accept
31 any environment variables.
32
33 AddressFamily
34 Specifies which address family should be used by sshd(8). Valid
35 arguments are any (the default), inet (use IPv4 only), or inet6
36 (use IPv6 only).
37
38 AllowAgentForwarding
39 Specifies whether ssh-agent(1) forwarding is permitted. The
40 default is yes. Note that disabling agent forwarding does not
41 improve security unless users are also denied shell access, as
42 they can always install their own forwarders.
43
44 AllowGroups
45 This keyword can be followed by a list of group name patterns,
46 separated by spaces. If specified, login is allowed only for
47 users whose primary group or supplementary group list matches one
48 of the patterns. Only group names are valid; a numerical group
49 ID is not recognized. By default, login is allowed for all
50 groups. The allow/deny directives are processed in the following
51 order: DenyUsers, AllowUsers, DenyGroups, and finally
52 AllowGroups.
53
54 See PATTERNS in ssh_config(5) for more information on patterns.
55
56 AllowStreamLocalForwarding
57 Specifies whether StreamLocal (Unix-domain socket) forwarding is
58 permitted. The available options are yes (the default) or all to
59 allow StreamLocal forwarding, no to prevent all StreamLocal
60 forwarding, local to allow local (from the perspective of ssh(1))
61 forwarding only or remote to allow remote forwarding only. Note
62 that disabling StreamLocal forwarding does not improve security
63 unless users are also denied shell access, as they can always
64 install their own forwarders.
65
66 AllowTcpForwarding
67 Specifies whether TCP forwarding is permitted. The available
68 options are yes (the default) or all to allow TCP forwarding, no
69 to prevent all TCP forwarding, local to allow local (from the
70 perspective of ssh(1)) forwarding only or remote to allow remote
71 forwarding only. Note that disabling TCP forwarding does not
72 improve security unless users are also denied shell access, as
73 they can always install their own forwarders.
74
75 AllowUsers
76 This keyword can be followed by a list of user name patterns,
77 separated by spaces. If specified, login is allowed only for
78 user names that match one of the patterns. Only user names are
79 valid; a numerical user ID is not recognized. By default, login
80 is allowed for all users. If the pattern takes the form
81 USER@HOST then USER and HOST are separately checked, restricting
82 logins to particular users from particular hosts. HOST criteria
83 may additionally contain addresses to match in CIDR
84 address/masklen format. The allow/deny directives are processed
85 in the following order: DenyUsers, AllowUsers, DenyGroups, and
86 finally AllowGroups.
87
88 See PATTERNS in ssh_config(5) for more information on patterns.
89
90 AuthenticationMethods
91 Specifies the authentication methods that must be successfully
92 completed for a user to be granted access. This option must be
93 followed by one or more comma-separated lists of authentication
94 method names, or by the single string any to indicate the default
95 behaviour of accepting any single authentication method. If the
96 default is overridden, then successful authentication requires
97 completion of every method in at least one of these lists.
98
99 For example, "publickey,password publickey,keyboard-interactive"
100 would require the user to complete public key authentication,
101 followed by either password or keyboard interactive
102 authentication. Only methods that are next in one or more lists
103 are offered at each stage, so for this example it would not be
104 possible to attempt password or keyboard-interactive
105 authentication before public key.
106
107 For keyboard interactive authentication it is also possible to
108 restrict authentication to a specific device by appending a colon
109 followed by the device identifier bsdauth, pam, or skey,
110 depending on the server configuration. For example,
111 "keyboard-interactive:bsdauth" would restrict keyboard
112 interactive authentication to the bsdauth device.
113
114 If the publickey method is listed more than once, sshd(8)
115 verifies that keys that have been used successfully are not
116 reused for subsequent authentications. For example,
117 "publickey,publickey" requires successful authentication using
118 two different public keys.
119
120 Note that each authentication method listed should also be
121 explicitly enabled in the configuration.
122
123 AuthorizedKeysCommand
124 Specifies a program to be used to look up the user's public keys.
125 The program must be owned by root, not writable by group or
126 others and specified by an absolute path. Arguments to
127 AuthorizedKeysCommand accept the tokens described in the TOKENS
128 section. If no arguments are specified then the username of the
129 target user is used.
130
131 The program should produce on standard output zero or more lines
132 of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a
133 key supplied by AuthorizedKeysCommand does not successfully
134 authenticate and authorize the user then public key
135 authentication continues using the usual AuthorizedKeysFile
136 files. By default, no AuthorizedKeysCommand is run.
137
138 AuthorizedKeysCommandUser
139 Specifies the user under whose account the AuthorizedKeysCommand
140 is run. It is recommended to use a dedicated user that has no
141 other role on the host than running authorized keys commands. If
142 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser
143 is not, then sshd(8) will refuse to start.
144
145 AuthorizedKeysFile
146 Specifies the file that contains the public keys used for user
147 authentication. The format is described in the AUTHORIZED_KEYS
148 FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile
149 accept the tokens described in the TOKENS section. After
150 expansion, AuthorizedKeysFile is taken to be an absolute path or
151 one relative to the user's home directory. Multiple files may be
152 listed, separated by whitespace. Alternately this option may be
153 set to none to skip checking for user keys in files. The default
154 is ".ssh/authorized_keys .ssh/authorized_keys2".
155
156 AuthorizedPrincipalsCommand
157 Specifies a program to be used to generate the list of allowed
158 certificate principals as per AuthorizedPrincipalsFile. The
159 program must be owned by root, not writable by group or others
160 and specified by an absolute path. Arguments to
161 AuthorizedPrincipalsCommand accept the tokens described in the
162 TOKENS section. If no arguments are specified then the username
163 of the target user is used.
164
165 The program should produce on standard output zero or more lines
166 of AuthorizedPrincipalsFile output. If either
167 AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is
168 specified, then certificates offered by the client for
169 authentication must contain a principal that is listed. By
170 default, no AuthorizedPrincipalsCommand is run.
171
172 AuthorizedPrincipalsCommandUser
173 Specifies the user under whose account the
174 AuthorizedPrincipalsCommand is run. It is recommended to use a
175 dedicated user that has no other role on the host than running
176 authorized principals commands. If AuthorizedPrincipalsCommand
177 is specified but AuthorizedPrincipalsCommandUser is not, then
178 sshd(8) will refuse to start.
179
180 AuthorizedPrincipalsFile
181 Specifies a file that lists principal names that are accepted for
182 certificate authentication. When using certificates signed by a
183 key listed in TrustedUserCAKeys, this file lists names, one of
184 which must appear in the certificate for it to be accepted for
185 authentication. Names are listed one per line preceded by key
186 options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
187 Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored.
188
189 Arguments to AuthorizedPrincipalsFile accept the tokens described
190 in the TOKENS section. After expansion, AuthorizedPrincipalsFile
191 is taken to be an absolute path or one relative to the user's
192 home directory. The default is none, i.e. not to use a
193 principals file M-bM-^@M-^S in this case, the username of the user must
194 appear in a certificate's principals list for it to be accepted.
195
196 Note that AuthorizedPrincipalsFile is only used when
197 authentication proceeds using a CA listed in TrustedUserCAKeys
198 and is not consulted for certification authorities trusted via
199 ~/.ssh/authorized_keys, though the principals= key option offers
200 a similar facility (see sshd(8) for details).
201
202 Banner The contents of the specified file are sent to the remote user
203 before authentication is allowed. If the argument is none then
204 no banner is displayed. By default, no banner is displayed.
205
206 ChallengeResponseAuthentication
207 Specifies whether challenge-response authentication is allowed
208 (e.g. via PAM or through authentication styles supported in
209 login.conf(5)) The default is yes.
210
211 ChrootDirectory
212 Specifies the pathname of a directory to chroot(2) to after
213 authentication. At session startup sshd(8) checks that all
214 components of the pathname are root-owned directories which are
215 not writable by any other user or group. After the chroot,
216 sshd(8) changes the working directory to the user's home
217 directory. Arguments to ChrootDirectory accept the tokens
218 described in the TOKENS section.
219
220 The ChrootDirectory must contain the necessary files and
221 directories to support the user's session. For an interactive
222 session this requires at least a shell, typically sh(1), and
223 basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4),
224 stderr(4), and tty(4) devices. For file transfer sessions using
225 SFTP no additional configuration of the environment is necessary
226 if the in-process sftp-server is used, though sessions which use
227 logging may require /dev/log inside the chroot directory on some
228 operating systems (see sftp-server(8) for details).
229
230 For safety, it is very important that the directory hierarchy be
231 prevented from modification by other processes on the system
232 (especially those outside the jail). Misconfiguration can lead
233 to unsafe environments which sshd(8) cannot detect.
234
235 The default is none, indicating not to chroot(2).
236
237 Ciphers
238 Specifies the ciphers allowed. Multiple ciphers must be comma-
239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
240 then the specified ciphers will be appended to the default set
241 instead of replacing them. If the specified value begins with a
242 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards)
243 will be removed from the default set instead of replacing them.
244
245 The supported ciphers are:
246
247 3des-cbc
248 aes128-cbc
249 aes192-cbc
250 aes256-cbc
251 aes128-ctr
252 aes192-ctr
253 aes256-ctr
254 aes128-gcm@openssh.com
255 aes256-gcm@openssh.com
256 arcfour
257 arcfour128
258 arcfour256
259 blowfish-cbc
260 cast128-cbc
261 chacha20-poly1305@openssh.com
262
263 The default is:
264
265 chacha20-poly1305@openssh.com,
266 aes128-ctr,aes192-ctr,aes256-ctr,
267 aes128-gcm@openssh.com,aes256-gcm@openssh.com
268
269 The list of available ciphers may also be obtained using "ssh -Q
270 cipher".
271
272 ClientAliveCountMax
273 Sets the number of client alive messages which may be sent
274 without sshd(8) receiving any messages back from the client. If
275 this threshold is reached while client alive messages are being
276 sent, sshd will disconnect the client, terminating the session.
277 It is important to note that the use of client alive messages is
278 very different from TCPKeepAlive. The client alive messages are
279 sent through the encrypted channel and therefore will not be
280 spoofable. The TCP keepalive option enabled by TCPKeepAlive is
281 spoofable. The client alive mechanism is valuable when the
282 client or server depend on knowing when a connection has become
283 inactive.
284
285 The default value is 3. If ClientAliveInterval is set to 15, and
286 ClientAliveCountMax is left at the default, unresponsive SSH
287 clients will be disconnected after approximately 45 seconds.
288
289 ClientAliveInterval
290 Sets a timeout interval in seconds after which if no data has
291 been received from the client, sshd(8) will send a message
292 through the encrypted channel to request a response from the
293 client. The default is 0, indicating that these messages will
294 not be sent to the client.
295
296 Compression
297 Specifies whether compression is enabled after the user has
298 authenticated successfully. The argument must be yes, delayed (a
299 legacy synonym for yes) or no. The default is yes.
300
301 DenyGroups
302 This keyword can be followed by a list of group name patterns,
303 separated by spaces. Login is disallowed for users whose primary
304 group or supplementary group list matches one of the patterns.
305 Only group names are valid; a numerical group ID is not
306 recognized. By default, login is allowed for all groups. The
307 allow/deny directives are processed in the following order:
308 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
309
310 See PATTERNS in ssh_config(5) for more information on patterns.
311
312 DenyUsers
313 This keyword can be followed by a list of user name patterns,
314 separated by spaces. Login is disallowed for user names that
315 match one of the patterns. Only user names are valid; a
316 numerical user ID is not recognized. By default, login is
317 allowed for all users. If the pattern takes the form USER@HOST
318 then USER and HOST are separately checked, restricting logins to
319 particular users from particular hosts. HOST criteria may
320 additionally contain addresses to match in CIDR address/masklen
321 format. The allow/deny directives are processed in the following
322 order: DenyUsers, AllowUsers, DenyGroups, and finally
323 AllowGroups.
324
325 See PATTERNS in ssh_config(5) for more information on patterns.
326
327 DisableForwarding
328 Disables all forwarding features, including X11, ssh-agent(1),
329 TCP and StreamLocal. This option overrides all other forwarding-
330 related options and may simplify restricted configurations.
331
332 FingerprintHash
333 Specifies the hash algorithm used when logging key fingerprints.
334 Valid options are: md5 and sha256. The default is sha256.
335
336 ForceCommand
337 Forces the execution of the command specified by ForceCommand,
338 ignoring any command supplied by the client and ~/.ssh/rc if
339 present. The command is invoked by using the user's login shell
340 with the -c option. This applies to shell, command, or subsystem
341 execution. It is most useful inside a Match block. The command
342 originally supplied by the client is available in the
343 SSH_ORIGINAL_COMMAND environment variable. Specifying a command
344 of internal-sftp will force the use of an in-process SFTP server
345 that requires no support files when used with ChrootDirectory.
346 The default is none.
347
348 GatewayPorts
349 Specifies whether remote hosts are allowed to connect to ports
350 forwarded for the client. By default, sshd(8) binds remote port
351 forwardings to the loopback address. This prevents other remote
352 hosts from connecting to forwarded ports. GatewayPorts can be
353 used to specify that sshd should allow remote port forwardings to
354 bind to non-loopback addresses, thus allowing other hosts to
355 connect. The argument may be no to force remote port forwardings
356 to be available to the local host only, yes to force remote port
357 forwardings to bind to the wildcard address, or clientspecified
358 to allow the client to select the address to which the forwarding
359 is bound. The default is no.
360
361 GSSAPIAuthentication
362 Specifies whether user authentication based on GSSAPI is allowed.
363 The default is no.
364
365 GSSAPICleanupCredentials
366 Specifies whether to automatically destroy the user's credentials
367 cache on logout. The default is yes.
368
369 GSSAPIStrictAcceptorCheck
370 Determines whether to be strict about the identity of the GSSAPI
371 acceptor a client authenticates against. If set to yes then the
372 client must authenticate against the host service on the current
373 hostname. If set to no then the client may authenticate against
374 any service key stored in the machine's default store. This
375 facility is provided to assist with operation on multi homed
376 machines. The default is yes.
377
378 HostbasedAcceptedKeyTypes
379 Specifies the key types that will be accepted for hostbased
380 authentication as a comma-separated pattern list. Alternately if
381 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
382 specified key types will be appended to the default set instead
383 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
384 character, then the specified key types (including wildcards)
385 will be removed from the default set instead of replacing them.
386 The default for this option is:
387
388 ecdsa-sha2-nistp256-cert-v01@openssh.com,
389 ecdsa-sha2-nistp384-cert-v01@openssh.com,
390 ecdsa-sha2-nistp521-cert-v01@openssh.com,
391 ssh-ed25519-cert-v01@openssh.com,
392 ssh-rsa-cert-v01@openssh.com,
393 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
394 ssh-ed25519,ssh-rsa
395
396 The list of available key types may also be obtained using "ssh
397 -Q key".
398
399 HostbasedAuthentication
400 Specifies whether rhosts or /etc/hosts.equiv authentication
401 together with successful public key client host authentication is
402 allowed (host-based authentication). The default is no.
403
404 HostbasedUsesNameFromPacketOnly
405 Specifies whether or not the server will attempt to perform a
406 reverse name lookup when matching the name in the ~/.shosts,
407 ~/.rhosts, and /etc/hosts.equiv files during
408 HostbasedAuthentication. A setting of yes means that sshd(8)
409 uses the name supplied by the client rather than attempting to
410 resolve the name from the TCP connection itself. The default is
411 no.
412
413 HostCertificate
414 Specifies a file containing a public host certificate. The
415 certificate's public key must match a private host key already
416 specified by HostKey. The default behaviour of sshd(8) is not to
417 load any certificates.
418
419 HostKey
420 Specifies a file containing a private host key used by SSH. The
421 defaults are /etc/ssh/ssh_host_dsa_key,
422 /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and
423 /etc/ssh/ssh_host_rsa_key.
424
425 Note that sshd(8) will refuse to use a file if it is group/world-
426 accessible and that the HostKeyAlgorithms option restricts which
427 of the keys are actually used by sshd(8).
428
429 It is possible to have multiple host key files. It is also
430 possible to specify public host key files instead. In this case
431 operations on the private key will be delegated to an
432 ssh-agent(1).
433
434 HostKeyAgent
435 Identifies the UNIX-domain socket used to communicate with an
436 agent that has access to the private host keys. If the string
437 "SSH_AUTH_SOCK" is specified, the location of the socket will be
438 read from the SSH_AUTH_SOCK environment variable.
439
440 HostKeyAlgorithms
441 Specifies the host key algorithms that the server offers. The
442 default for this option is:
443
444 ecdsa-sha2-nistp256-cert-v01@openssh.com,
445 ecdsa-sha2-nistp384-cert-v01@openssh.com,
446 ecdsa-sha2-nistp521-cert-v01@openssh.com,
447 ssh-ed25519-cert-v01@openssh.com,
448 ssh-rsa-cert-v01@openssh.com,
449 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
450 ssh-ed25519,ssh-rsa
451
452 The list of available key types may also be obtained using "ssh
453 -Q key".
454
455 IgnoreRhosts
456 Specifies that .rhosts and .shosts files will not be used in
457 HostbasedAuthentication.
458
459 /etc/hosts.equiv and /etc/shosts.equiv are still used. The
460 default is yes.
461
462 IgnoreUserKnownHosts
463 Specifies whether sshd(8) should ignore the user's
464 ~/.ssh/known_hosts during HostbasedAuthentication. The default
465 is no.
466
467 IPQoS Specifies the IPv4 type-of-service or DSCP class for the
468 connection. Accepted values are af11, af12, af13, af21, af22,
469 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3,
470 cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, or a
471 numeric value. This option may take one or two arguments,
472 separated by whitespace. If one argument is specified, it is
473 used as the packet class unconditionally. If two values are
474 specified, the first is automatically selected for interactive
475 sessions and the second for non-interactive sessions. The
476 default is lowdelay for interactive sessions and throughput for
477 non-interactive sessions.
478
479 KbdInteractiveAuthentication
480 Specifies whether to allow keyboard-interactive authentication.
481 The argument to this keyword must be yes or no. The default is
482 to use whatever value ChallengeResponseAuthentication is set to
483 (by default yes).
484
485 KerberosAuthentication
486 Specifies whether the password provided by the user for
487 PasswordAuthentication will be validated through the Kerberos
488 KDC. To use this option, the server needs a Kerberos servtab
489 which allows the verification of the KDC's identity. The default
490 is no.
491
492 KerberosGetAFSToken
493 If AFS is active and the user has a Kerberos 5 TGT, attempt to
494 acquire an AFS token before accessing the user's home directory.
495 The default is no.
496
497 KerberosOrLocalPasswd
498 If password authentication through Kerberos fails then the
499 password will be validated via any additional local mechanism
500 such as /etc/passwd. The default is yes.
501
502 KerberosTicketCleanup
503 Specifies whether to automatically destroy the user's ticket
504 cache file on logout. The default is yes.
505
506 KexAlgorithms
507 Specifies the available KEX (Key Exchange) algorithms. Multiple
508 algorithms must be comma-separated. Alternately if the specified
509 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
510 will be appended to the default set instead of replacing them.
511 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
512 specified methods (including wildcards) will be removed from the
513 default set instead of replacing them. The supported algorithms
514 are:
515
516 curve25519-sha256
517 curve25519-sha256@libssh.org
518 diffie-hellman-group1-sha1
519 diffie-hellman-group14-sha1
520 diffie-hellman-group-exchange-sha1
521 diffie-hellman-group-exchange-sha256
522 ecdh-sha2-nistp256
523 ecdh-sha2-nistp384
524 ecdh-sha2-nistp521
525
526 The default is:
527
528 curve25519-sha256,curve25519-sha256@libssh.org,
529 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
530 diffie-hellman-group-exchange-sha256,
531 diffie-hellman-group14-sha1
532
533 The list of available key exchange algorithms may also be
534 obtained using "ssh -Q kex".
535
536 ListenAddress
537 Specifies the local addresses sshd(8) should listen on. The
538 following forms may be used:
539
540 ListenAddress host|IPv4_addr|IPv6_addr
541 ListenAddress host|IPv4_addr:port
542 ListenAddress [host|IPv6_addr]:port
543
544 If port is not specified, sshd will listen on the address and all
545 Port options specified. The default is to listen on all local
546 addresses. Multiple ListenAddress options are permitted.
547
548 LoginGraceTime
549 The server disconnects after this time if the user has not
550 successfully logged in. If the value is 0, there is no time
551 limit. The default is 120 seconds.
552
553 LogLevel
554 Gives the verbosity level that is used when logging messages from
555 sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
556 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
557 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
558 higher levels of debugging output. Logging with a DEBUG level
559 violates the privacy of users and is not recommended.
560
561 MACs Specifies the available MAC (message authentication code)
562 algorithms. The MAC algorithm is used for data integrity
563 protection. Multiple algorithms must be comma-separated. If the
564 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
565 algorithms will be appended to the default set instead of
566 replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
567 character, then the specified algorithms (including wildcards)
568 will be removed from the default set instead of replacing them.
569
570 The algorithms that contain "-etm" calculate the MAC after
571 encryption (encrypt-then-mac). These are considered safer and
572 their use recommended. The supported MACs are:
573
574 hmac-md5
575 hmac-md5-96
576 hmac-ripemd160
577 hmac-sha1
578 hmac-sha1-96
579 hmac-sha2-256
580 hmac-sha2-512
581 umac-64@openssh.com
582 umac-128@openssh.com
583 hmac-md5-etm@openssh.com
584 hmac-md5-96-etm@openssh.com
585 hmac-ripemd160-etm@openssh.com
586 hmac-sha1-etm@openssh.com
587 hmac-sha1-96-etm@openssh.com
588 hmac-sha2-256-etm@openssh.com
589 hmac-sha2-512-etm@openssh.com
590 umac-64-etm@openssh.com
591 umac-128-etm@openssh.com
592
593 The default is:
594
595 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
596 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
597 hmac-sha1-etm@openssh.com,
598 umac-64@openssh.com,umac-128@openssh.com,
599 hmac-sha2-256,hmac-sha2-512,hmac-sha1
600
601 The list of available MAC algorithms may also be obtained using
602 "ssh -Q mac".
603
604 Match Introduces a conditional block. If all of the criteria on the
605 Match line are satisfied, the keywords on the following lines
606 override those set in the global section of the config file,
607 until either another Match line or the end of the file. If a
608 keyword appears in multiple Match blocks that are satisfied, only
609 the first instance of the keyword is applied.
610
611 The arguments to Match are one or more criteria-pattern pairs or
612 the single token All which matches all criteria. The available
613 criteria are User, Group, Host, LocalAddress, LocalPort, and
614 Address. The match patterns may consist of single entries or
615 comma-separated lists and may use the wildcard and negation
616 operators described in the PATTERNS section of ssh_config(5).
617
618 The patterns in an Address criteria may additionally contain
619 addresses to match in CIDR address/masklen format, such as
620 192.0.2.0/24 or 2001:db8::/32. Note that the mask length
621 provided must be consistent with the address - it is an error to
622 specify a mask length that is too long for the address or one
623 with bits set in this host portion of the address. For example,
624 192.0.2.0/33 and 192.0.2.0/8, respectively.
625
626 Only a subset of keywords may be used on the lines following a
627 Match keyword. Available keywords are AcceptEnv,
628 AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding,
629 AllowTcpForwarding, AllowUsers, AuthenticationMethods,
630 AuthorizedKeysCommand, AuthorizedKeysCommandUser,
631 AuthorizedKeysFile, AuthorizedPrincipalsCommand,
632 AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile,
633 Banner, ChrootDirectory, ClientAliveCountMax,
634 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
635 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
636 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS,
637 KbdInteractiveAuthentication, KerberosAuthentication,
638 MaxAuthTries, MaxSessions, PasswordAuthentication,
639 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY,
640 PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes,
641 PubkeyAuthentication, RekeyLimit, RevokedKeys,
642 StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys,
643 X11DisplayOffset, X11Forwarding and X11UseLocalHost.
644
645 MaxAuthTries
646 Specifies the maximum number of authentication attempts permitted
647 per connection. Once the number of failures reaches half this
648 value, additional failures are logged. The default is 6.
649
650 MaxSessions
651 Specifies the maximum number of open shell, login or subsystem
652 (e.g. sftp) sessions permitted per network connection. Multiple
653 sessions may be established by clients that support connection
654 multiplexing. Setting MaxSessions to 1 will effectively disable
655 session multiplexing, whereas setting it to 0 will prevent all
656 shell, login and subsystem sessions while still permitting
657 forwarding. The default is 10.
658
659 MaxStartups
660 Specifies the maximum number of concurrent unauthenticated
661 connections to the SSH daemon. Additional connections will be
662 dropped until authentication succeeds or the LoginGraceTime
663 expires for a connection. The default is 10:30:100.
664
665 Alternatively, random early drop can be enabled by specifying the
666 three colon separated values start:rate:full (e.g. "10:30:60").
667 sshd(8) will refuse connection attempts with a probability of
668 rate/100 (30%) if there are currently start (10) unauthenticated
669 connections. The probability increases linearly and all
670 connection attempts are refused if the number of unauthenticated
671 connections reaches full (60).
672
673 PasswordAuthentication
674 Specifies whether password authentication is allowed. The
675 default is yes.
676
677 PermitEmptyPasswords
678 When password authentication is allowed, it specifies whether the
679 server allows login to accounts with empty password strings. The
680 default is no.
681
682 PermitOpen
683 Specifies the destinations to which TCP port forwarding is
684 permitted. The forwarding specification must be one of the
685 following forms:
686
687 PermitOpen host:port
688 PermitOpen IPv4_addr:port
689 PermitOpen [IPv6_addr]:port
690
691 Multiple forwards may be specified by separating them with
692 whitespace. An argument of any can be used to remove all
693 restrictions and permit any forwarding requests. An argument of
694 none can be used to prohibit all forwarding requests. The
695 wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or
696 ports, respectively. By default all port forwarding requests are
697 permitted.
698
699 PermitRootLogin
700 Specifies whether root can log in using ssh(1). The argument
701 must be yes, prohibit-password, without-password,
702 forced-commands-only, or no. The default is prohibit-password.
703
704 If this option is set to prohibit-password or without-password,
705 password and keyboard-interactive authentication are disabled for
706 root.
707
708 If this option is set to forced-commands-only, root login with
709 public key authentication will be allowed, but only if the
710 command option has been specified (which may be useful for taking
711 remote backups even if root login is normally not allowed). All
712 other authentication methods are disabled for root.
713
714 If this option is set to no, root is not allowed to log in.
715
716 PermitTTY
717 Specifies whether pty(4) allocation is permitted. The default is
718 yes.
719
720 PermitTunnel
721 Specifies whether tun(4) device forwarding is allowed. The
722 argument must be yes, point-to-point (layer 3), ethernet (layer
723 2), or no. Specifying yes permits both point-to-point and
724 ethernet. The default is no.
725
726 Independent of this setting, the permissions of the selected
727 tun(4) device must allow access to the user.
728
729 PermitUserEnvironment
730 Specifies whether ~/.ssh/environment and environment= options in
731 ~/.ssh/authorized_keys are processed by sshd(8). The default is
732 no. Enabling environment processing may enable users to bypass
733 access restrictions in some configurations using mechanisms such
734 as LD_PRELOAD.
735
736 PermitUserRC
737 Specifies whether any ~/.ssh/rc file is executed. The default is
738 yes.
739
740 PidFile
741 Specifies the file that contains the process ID of the SSH
742 daemon, or none to not write one. The default is
743 /var/run/sshd.pid.
744
745 Port Specifies the port number that sshd(8) listens on. The default
746 is 22. Multiple options of this type are permitted. See also
747 ListenAddress.
748
749 PrintLastLog
750 Specifies whether sshd(8) should print the date and time of the
751 last user login when a user logs in interactively. The default
752 is yes.
753
754 PrintMotd
755 Specifies whether sshd(8) should print /etc/motd when a user logs
756 in interactively. (On some systems it is also printed by the
757 shell, /etc/profile, or equivalent.) The default is yes.
758
759 PubkeyAcceptedKeyTypes
760 Specifies the key types that will be accepted for public key
761 authentication as a comma-separated pattern list. Alternately if
762 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
763 specified key types will be appended to the default set instead
764 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
765 character, then the specified key types (including wildcards)
766 will be removed from the default set instead of replacing them.
767 The default for this option is:
768
769 ecdsa-sha2-nistp256-cert-v01@openssh.com,
770 ecdsa-sha2-nistp384-cert-v01@openssh.com,
771 ecdsa-sha2-nistp521-cert-v01@openssh.com,
772 ssh-ed25519-cert-v01@openssh.com,
773 ssh-rsa-cert-v01@openssh.com,
774 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
775 ssh-ed25519,ssh-rsa
776
777 The list of available key types may also be obtained using "ssh
778 -Q key".
779
780 PubkeyAuthentication
781 Specifies whether public key authentication is allowed. The
782 default is yes.
783
784 RekeyLimit
785 Specifies the maximum amount of data that may be transmitted
786 before the session key is renegotiated, optionally followed a
787 maximum amount of time that may pass before the session key is
788 renegotiated. The first argument is specified in bytes and may
789 have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes,
790 Megabytes, or Gigabytes, respectively. The default is between
791 M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second
792 value is specified in seconds and may use any of the units
793 documented in the TIME FORMATS section. The default value for
794 RekeyLimit is default none, which means that rekeying is
795 performed after the cipher's default amount of data has been sent
796 or received and no time based rekeying is done.
797
798 RevokedKeys
799 Specifies revoked public keys file, or none to not use one. Keys
800 listed in this file will be refused for public key
801 authentication. Note that if this file is not readable, then
802 public key authentication will be refused for all users. Keys
803 may be specified as a text file, listing one public key per line,
804 or as an OpenSSH Key Revocation List (KRL) as generated by
805 ssh-keygen(1). For more information on KRLs, see the KEY
806 REVOCATION LISTS section in ssh-keygen(1).
807
808 StreamLocalBindMask
809 Sets the octal file creation mode mask (umask) used when creating
810 a Unix-domain socket file for local or remote port forwarding.
811 This option is only used for port forwarding to a Unix-domain
812 socket file.
813
814 The default value is 0177, which creates a Unix-domain socket
815 file that is readable and writable only by the owner. Note that
816 not all operating systems honor the file mode on Unix-domain
817 socket files.
818
819 StreamLocalBindUnlink
820 Specifies whether to remove an existing Unix-domain socket file
821 for local or remote port forwarding before creating a new one.
822 If the socket file already exists and StreamLocalBindUnlink is
823 not enabled, sshd will be unable to forward the port to the Unix-
824 domain socket file. This option is only used for port forwarding
825 to a Unix-domain socket file.
826
827 The argument must be yes or no. The default is no.
828
829 StrictModes
830 Specifies whether sshd(8) should check file modes and ownership
831 of the user's files and home directory before accepting login.
832 This is normally desirable because novices sometimes accidentally
833 leave their directory or files world-writable. The default is
834 yes. Note that this does not apply to ChrootDirectory, whose
835 permissions and ownership are checked unconditionally.
836
837 Subsystem
838 Configures an external subsystem (e.g. file transfer daemon).
839 Arguments should be a subsystem name and a command (with optional
840 arguments) to execute upon subsystem request.
841
842 The command sftp-server implements the SFTP file transfer
843 subsystem.
844
845 Alternately the name internal-sftp implements an in-process SFTP
846 server. This may simplify configurations using ChrootDirectory
847 to force a different filesystem root on clients.
848
849 By default no subsystems are defined.
850
851 SyslogFacility
852 Gives the facility code that is used when logging messages from
853 sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
854 LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
855 default is AUTH.
856
857 TCPKeepAlive
858 Specifies whether the system should send TCP keepalive messages
859 to the other side. If they are sent, death of the connection or
860 crash of one of the machines will be properly noticed. However,
861 this means that connections will die if the route is down
862 temporarily, and some people find it annoying. On the other
863 hand, if TCP keepalives are not sent, sessions may hang
864 indefinitely on the server, leaving "ghost" users and consuming
865 server resources.
866
867 The default is yes (to send TCP keepalive messages), and the
868 server will notice if the network goes down or the client host
869 crashes. This avoids infinitely hanging sessions.
870
871 To disable TCP keepalive messages, the value should be set to no.
872
873 TrustedUserCAKeys
874 Specifies a file containing public keys of certificate
875 authorities that are trusted to sign user certificates for
876 authentication, or none to not use one. Keys are listed one per
877 line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If
878 a certificate is presented for authentication and has its signing
879 CA key listed in this file, then it may be used for
880 authentication for any user listed in the certificate's
881 principals list. Note that certificates that lack a list of
882 principals will not be permitted for authentication using
883 TrustedUserCAKeys. For more details on certificates, see the
884 CERTIFICATES section in ssh-keygen(1).
885
886 UseDNS Specifies whether sshd(8) should look up the remote host name,
887 and to check that the resolved host name for the remote IP
888 address maps back to the very same IP address.
889
890 If this option is set to no (the default) then only addresses and
891 not host names may be used in ~/.ssh/authorized_keys from and
892 sshd_config Match Host directives.
893
894 UsePAM Enables the Pluggable Authentication Module interface. If set to
895 yes this will enable PAM authentication using
896 ChallengeResponseAuthentication and PasswordAuthentication in
897 addition to PAM account and session module processing for all
898 authentication types.
899
900 Because PAM challenge-response authentication usually serves an
901 equivalent role to password authentication, you should disable
902 either PasswordAuthentication or ChallengeResponseAuthentication.
903
904 If UsePAM is enabled, you will not be able to run sshd(8) as a
905 non-root user. The default is no.
906
907 VersionAddendum
908 Optionally specifies additional text to append to the SSH
909 protocol banner sent by the server upon connection. The default
910 is none.
911
912 X11DisplayOffset
913 Specifies the first display number available for sshd(8)'s X11
914 forwarding. This prevents sshd from interfering with real X11
915 servers. The default is 10.
916
917 X11Forwarding
918 Specifies whether X11 forwarding is permitted. The argument must
919 be yes or no. The default is no.
920
921 When X11 forwarding is enabled, there may be additional exposure
922 to the server and to client displays if the sshd(8) proxy display
923 is configured to listen on the wildcard address (see
924 X11UseLocalhost), though this is not the default. Additionally,
925 the authentication spoofing and authentication data verification
926 and substitution occur on the client side. The security risk of
927 using X11 forwarding is that the client's X11 display server may
928 be exposed to attack when the SSH client requests forwarding (see
929 the warnings for ForwardX11 in ssh_config(5)). A system
930 administrator may have a stance in which they want to protect
931 clients that may expose themselves to attack by unwittingly
932 requesting X11 forwarding, which can warrant a no setting.
933
934 Note that disabling X11 forwarding does not prevent users from
935 forwarding X11 traffic, as users can always install their own
936 forwarders.
937
938 X11UseLocalhost
939 Specifies whether sshd(8) should bind the X11 forwarding server
940 to the loopback address or to the wildcard address. By default,
941 sshd binds the forwarding server to the loopback address and sets
942 the hostname part of the DISPLAY environment variable to
943 localhost. This prevents remote hosts from connecting to the
944 proxy display. However, some older X11 clients may not function
945 with this configuration. X11UseLocalhost may be set to no to
946 specify that the forwarding server should be bound to the
947 wildcard address. The argument must be yes or no. The default
948 is yes.
949
950 XAuthLocation
951 Specifies the full pathname of the xauth(1) program, or none to
952 not use one. The default is /usr/X11R6/bin/xauth.
953
954TIME FORMATS
955 sshd(8) command-line arguments and configuration file options that
956 specify time may be expressed using a sequence of the form:
957 time[qualifier], where time is a positive integer value and qualifier is
958 one of the following:
959
960 M-bM-^_M-(noneM-bM-^_M-) seconds
961 s | S seconds
962 m | M minutes
963 h | H hours
964 d | D days
965 w | W weeks
966
967 Each member of the sequence is added together to calculate the total time
968 value.
969
970 Time format examples:
971
972 600 600 seconds (10 minutes)
973 10m 10 minutes
974 1h30m 1 hour 30 minutes (90 minutes)
975
976TOKENS
977 Arguments to some keywords can make use of tokens, which are expanded at
978 runtime:
979
980 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y.
981 %F The fingerprint of the CA key.
982 %f The fingerprint of the key or certificate.
983 %h The home directory of the user.
984 %i The key ID in the certificate.
985 %K The base64-encoded CA key.
986 %k The base64-encoded key or certificate for authentication.
987 %s The serial number of the certificate.
988 %T The type of the CA key.
989 %t The key or certificate type.
990 %u The username.
991
992 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u.
993
994 AuthorizedKeysFile accepts the tokens %%, %h, and %u.
995
996 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K,
997 %k, %s, %T, %t, and %u.
998
999 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u.
1000
1001 ChrootDirectory accepts the tokens %%, %h, and %u.
1002
1003FILES
1004 /etc/ssh/sshd_config
1005 Contains configuration data for sshd(8). This file should be
1006 writable by root only, but it is recommended (though not
1007 necessary) that it be world-readable.
1008
1009SEE ALSO
1010 sftp-server(8), sshd(8)
1011
1012AUTHORS
1013 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1014 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1015 de Raadt and Dug Song removed many bugs, re-added newer features and
1016 created OpenSSH. Markus Friedl contributed the support for SSH protocol
1017 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1018 for privilege separation.
1019
1020OpenBSD 6.0 March 14, 2017 OpenBSD 6.0
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:50:26 +0000