diff options
-rw-r--r-- | ChangeLog | 9394 | ||||
-rw-r--r-- | config.h.in | 1770 | ||||
-rwxr-xr-x | configure | 20446 | ||||
-rw-r--r-- | moduli.0 | 74 | ||||
-rw-r--r-- | scp.0 | 168 | ||||
-rw-r--r-- | sftp-server.0 | 96 | ||||
-rw-r--r-- | sftp.0 | 386 | ||||
-rw-r--r-- | ssh-add.0 | 129 | ||||
-rw-r--r-- | ssh-agent.0 | 120 | ||||
-rw-r--r-- | ssh-keygen.0 | 570 | ||||
-rw-r--r-- | ssh-keyscan.0 | 111 | ||||
-rw-r--r-- | ssh-keysign.0 | 52 | ||||
-rw-r--r-- | ssh-pkcs11-helper.0 | 25 | ||||
-rw-r--r-- | ssh.0 | 971 | ||||
-rw-r--r-- | ssh_config.0 | 1092 | ||||
-rw-r--r-- | sshd.0 | 626 | ||||
-rw-r--r-- | sshd_config.0 | 1020 |
17 files changed, 37050 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 000000000..48f648d78 --- /dev/null +++ b/ChangeLog | |||
@@ -0,0 +1,9394 @@ | |||
1 | commit d38f05dbdd291212bc95ea80648b72b7177e9f4e | ||
2 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3 | Date: Mon Mar 20 13:38:27 2017 +1100 | ||
4 | |||
5 | Add llabs() implementation. | ||
6 | |||
7 | commit 72536316a219b7394996a74691a5d4ec197480f7 | ||
8 | Author: Damien Miller <djm@mindrot.org> | ||
9 | Date: Mon Mar 20 12:23:04 2017 +1100 | ||
10 | |||
11 | crank version numbers | ||
12 | |||
13 | commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f | ||
14 | Author: djm@openbsd.org <djm@openbsd.org> | ||
15 | Date: Mon Mar 20 01:18:59 2017 +0000 | ||
16 | |||
17 | upstream commit | ||
18 | |||
19 | openssh-7.5 | ||
20 | |||
21 | Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 | ||
22 | |||
23 | commit db84e52fe9cfad57f22e7e23c5fbf00092385129 | ||
24 | Author: Damien Miller <djm@mindrot.org> | ||
25 | Date: Mon Mar 20 12:07:20 2017 +1100 | ||
26 | |||
27 | I'm a doofus. | ||
28 | |||
29 | Unbreak obvious syntax error. | ||
30 | |||
31 | commit 89f04852db27643717c9c3a2b0dde97ae50099ee | ||
32 | Author: Damien Miller <djm@mindrot.org> | ||
33 | Date: Mon Mar 20 11:53:34 2017 +1100 | ||
34 | |||
35 | on Cygwin, check paths from server for backslashes | ||
36 | |||
37 | Pointed out by Jann Horn of Google Project Zero | ||
38 | |||
39 | commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 | ||
40 | Author: Damien Miller <djm@mindrot.org> | ||
41 | Date: Mon Mar 20 11:48:34 2017 +1100 | ||
42 | |||
43 | Yet another synonym for ASCII: "646" | ||
44 | |||
45 | Used by NetBSD; this unbreaks mprintf() and friends there for the C | ||
46 | locale (caught by dtucker@ and his menagerie of test systems). | ||
47 | |||
48 | commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b | ||
49 | Author: Damien Miller <djm@mindrot.org> | ||
50 | Date: Mon Mar 20 09:58:34 2017 +1100 | ||
51 | |||
52 | create test mux socket in /tmp | ||
53 | |||
54 | Creating the socket in $OBJ could blow past the (quite limited) | ||
55 | path limit for Unix domain sockets. As a bandaid for bz#2660, | ||
56 | reported by Colin Watson; ok dtucker@ | ||
57 | |||
58 | commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 | ||
59 | Author: markus@openbsd.org <markus@openbsd.org> | ||
60 | Date: Wed Mar 15 07:07:39 2017 +0000 | ||
61 | |||
62 | upstream commit | ||
63 | |||
64 | disallow KEXINIT before NEWKEYS; ok djm; report by | ||
65 | vegard.nossum at oracle.com | ||
66 | |||
67 | Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 | ||
68 | |||
69 | commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c | ||
70 | Author: Darren Tucker <dtucker@zip.com.au> | ||
71 | Date: Thu Mar 16 14:05:46 2017 +1100 | ||
72 | |||
73 | Include includes.h for compat bits. | ||
74 | |||
75 | commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad | ||
76 | Author: Darren Tucker <dtucker@zip.com.au> | ||
77 | Date: Thu Mar 16 13:45:17 2017 +1100 | ||
78 | |||
79 | Wrap stdint.h in #ifdef HAVE_STDINT_H | ||
80 | |||
81 | commit 55a1117d7342a0bf8b793250cf314bab6b482b99 | ||
82 | Author: Damien Miller <djm@mindrot.org> | ||
83 | Date: Thu Mar 16 11:22:42 2017 +1100 | ||
84 | |||
85 | Adapt Cygwin config script to privsep knob removal | ||
86 | |||
87 | Patch from Corinna Vinschen. | ||
88 | |||
89 | commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 | ||
90 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
91 | Date: Wed Mar 15 03:52:30 2017 +0000 | ||
92 | |||
93 | upstream commit | ||
94 | |||
95 | accidents happen to the best of us; ok djm | ||
96 | |||
97 | Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 | ||
98 | |||
99 | commit 25f837646be8c2017c914d34be71ca435dfc0e07 | ||
100 | Author: djm@openbsd.org <djm@openbsd.org> | ||
101 | Date: Wed Mar 15 02:25:09 2017 +0000 | ||
102 | |||
103 | upstream commit | ||
104 | |||
105 | fix regression in 7.4: deletion of PKCS#11-hosted keys | ||
106 | would fail unless they were specified by full physical pathname. Report and | ||
107 | fix from Jakub Jelen via bz#2682; ok dtucker@ | ||
108 | |||
109 | Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 | ||
110 | |||
111 | commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f | ||
112 | Author: djm@openbsd.org <djm@openbsd.org> | ||
113 | Date: Wed Mar 15 02:19:09 2017 +0000 | ||
114 | |||
115 | upstream commit | ||
116 | |||
117 | Fix segfault when sshd attempts to load RSA1 keys (can | ||
118 | only happen when protocol v.1 support is enabled for the client). Reported by | ||
119 | Jakub Jelen in bz#2686; ok dtucker | ||
120 | |||
121 | Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 | ||
122 | |||
123 | commit 66705948c0639a7061a0d0753266da7685badfec | ||
124 | Author: djm@openbsd.org <djm@openbsd.org> | ||
125 | Date: Tue Mar 14 07:19:07 2017 +0000 | ||
126 | |||
127 | upstream commit | ||
128 | |||
129 | Mark the sshd_config UsePrivilegeSeparation option as | ||
130 | deprecated, effectively making privsep mandatory in sandboxing mode. ok | ||
131 | markus@ deraadt@ | ||
132 | |||
133 | (note: this doesn't remove the !privsep code paths, though that will | ||
134 | happen eventually). | ||
135 | |||
136 | Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a | ||
137 | |||
138 | commit f86586b03fe6cd8f595289bde200a94bc2c191af | ||
139 | Author: Damien Miller <djm@mindrot.org> | ||
140 | Date: Tue Mar 14 18:26:29 2017 +1100 | ||
141 | |||
142 | Make seccomp-bpf sandbox work on Linux/X32 | ||
143 | |||
144 | Allow clock_gettime syscall with X32 bit masked off. Apparently | ||
145 | this is required for at least some kernel versions. bz#2142 | ||
146 | Patch mostly by Colin Watson. ok dtucker@ | ||
147 | |||
148 | commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 | ||
149 | Author: Damien Miller <djm@mindrot.org> | ||
150 | Date: Tue Mar 14 18:01:52 2017 +1100 | ||
151 | |||
152 | require OpenSSL >=1.0.1 | ||
153 | |||
154 | commit e3ea335abeab731c68f2b2141bee85a4b0bf680f | ||
155 | Author: Damien Miller <djm@mindrot.org> | ||
156 | Date: Tue Mar 14 17:48:43 2017 +1100 | ||
157 | |||
158 | Remove macro trickery; no binary change | ||
159 | |||
160 | This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros | ||
161 | prepending __NR_ to the syscall number parameter and just makes | ||
162 | them explicit in the macro invocations. | ||
163 | |||
164 | No binary change in stripped object file before/after. | ||
165 | |||
166 | commit 5f1596e11d55539678c41f68aed358628d33d86f | ||
167 | Author: Damien Miller <djm@mindrot.org> | ||
168 | Date: Tue Mar 14 13:15:18 2017 +1100 | ||
169 | |||
170 | support ioctls for ICA crypto card on Linux/s390 | ||
171 | |||
172 | Based on patch from Eduardo Barretto; ok dtucker@ | ||
173 | |||
174 | commit b1b22dd0df2668b322dda174e501dccba2cf5c44 | ||
175 | Author: Darren Tucker <dtucker@zip.com.au> | ||
176 | Date: Tue Mar 14 14:19:36 2017 +1100 | ||
177 | |||
178 | Plumb conversion test into makefile. | ||
179 | |||
180 | commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 | ||
181 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
182 | Date: Tue Mar 14 01:20:29 2017 +0000 | ||
183 | |||
184 | upstream commit | ||
185 | |||
186 | Add unit test for convtime(). | ||
187 | |||
188 | Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 | ||
189 | |||
190 | commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c | ||
191 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
192 | Date: Tue Mar 14 01:10:07 2017 +0000 | ||
193 | |||
194 | upstream commit | ||
195 | |||
196 | Add ASSERT_LONG_* helpers. | ||
197 | |||
198 | Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 | ||
199 | |||
200 | commit c6774d21185220c0ba11e8fd204bf0ad1a432071 | ||
201 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
202 | Date: Tue Mar 14 00:55:37 2017 +0000 | ||
203 | |||
204 | upstream commit | ||
205 | |||
206 | Fix convtime() overflow test on boundary condition, | ||
207 | spotted by & ok djm. | ||
208 | |||
209 | Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 | ||
210 | |||
211 | commit f5746b40cfe6d767c8e128fe50c43274b31cd594 | ||
212 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
213 | Date: Tue Mar 14 00:25:03 2017 +0000 | ||
214 | |||
215 | upstream commit | ||
216 | |||
217 | Check for integer overflow when parsing times in | ||
218 | convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ | ||
219 | |||
220 | Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 | ||
221 | |||
222 | commit f5907982f42a8d88a430b8a46752cbb7859ba979 | ||
223 | Author: Darren Tucker <dtucker@zip.com.au> | ||
224 | Date: Tue Mar 14 13:38:15 2017 +1100 | ||
225 | |||
226 | Add a "unit" target to run only unit tests. | ||
227 | |||
228 | commit 9e96b41682aed793fadbea5ccd472f862179fb02 | ||
229 | Author: Damien Miller <djm@mindrot.org> | ||
230 | Date: Tue Mar 14 12:24:47 2017 +1100 | ||
231 | |||
232 | Fix weakness in seccomp-bpf sandbox arg inspection | ||
233 | |||
234 | Syscall arguments are passed via an array of 64-bit values in struct | ||
235 | seccomp_data, but we were only inspecting the bottom 32 bits and not | ||
236 | even those correctly for BE systems. | ||
237 | |||
238 | Fortunately, the only case argument inspection was used was in the | ||
239 | socketcall filtering so using this for sandbox escape seems | ||
240 | impossible. | ||
241 | |||
242 | ok dtucker | ||
243 | |||
244 | commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 | ||
245 | Author: djm@openbsd.org <djm@openbsd.org> | ||
246 | Date: Sat Mar 11 23:44:16 2017 +0000 | ||
247 | |||
248 | upstream commit | ||
249 | |||
250 | regress tests for loading certificates without public keys; | ||
251 | bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ | ||
252 | |||
253 | Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 | ||
254 | |||
255 | commit 1e24552716194db8f2f620587b876158a9ef56ad | ||
256 | Author: djm@openbsd.org <djm@openbsd.org> | ||
257 | Date: Sat Mar 11 23:40:26 2017 +0000 | ||
258 | |||
259 | upstream commit | ||
260 | |||
261 | allow ssh to use certificates accompanied by a private | ||
262 | key file but no corresponding plain *.pub public key. bz#2617 based on patch | ||
263 | from Adam Eijdenberg; ok dtucker@ markus@ | ||
264 | |||
265 | Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 | ||
266 | |||
267 | commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e | ||
268 | Author: markus@openbsd.org <markus@openbsd.org> | ||
269 | Date: Sat Mar 11 13:07:35 2017 +0000 | ||
270 | |||
271 | upstream commit | ||
272 | |||
273 | Don't count the initial block twice when computing how | ||
274 | many bytes to discard for the work around for the attacks against CBC-mode. | ||
275 | ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL | ||
276 | |||
277 | Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 | ||
278 | |||
279 | commit ef653dd5bd5777132d9f9ee356225f9ee3379504 | ||
280 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
281 | Date: Fri Mar 10 07:18:32 2017 +0000 | ||
282 | |||
283 | upstream commit | ||
284 | |||
285 | krl.c | ||
286 | |||
287 | Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 | ||
288 | |||
289 | commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 | ||
290 | Author: Damien Miller <djm@mindrot.org> | ||
291 | Date: Sun Mar 12 10:48:14 2017 +1100 | ||
292 | |||
293 | sync fmt_scaled.c with OpenBSD | ||
294 | |||
295 | revision 1.13 | ||
296 | date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; | ||
297 | fix signed integer overflow in scan_scaled. Found by Nicolas Iooss | ||
298 | using AFL against ssh_config. ok deraadt@ millert@ | ||
299 | ---------------------------- | ||
300 | revision 1.12 | ||
301 | date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; | ||
302 | fairly simple unsigned char casts for ctype | ||
303 | ok krw | ||
304 | ---------------------------- | ||
305 | revision 1.11 | ||
306 | date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; | ||
307 | make scan_scaled set errno to EINVAL rather than ERANGE if it encounters | ||
308 | an invalid multiplier, like the man page says it should | ||
309 | |||
310 | "looks sensible" deraadt@, ok ian@ | ||
311 | ---------------------------- | ||
312 | revision 1.10 | ||
313 | date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; | ||
314 | use llabs instead of the home-grown version; and some comment changes | ||
315 | ok ian@, millert@ | ||
316 | ---------------------------- | ||
317 | |||
318 | commit 894221a63fa061e52e414ca58d47edc5fe645968 | ||
319 | Author: djm@openbsd.org <djm@openbsd.org> | ||
320 | Date: Fri Mar 10 05:01:13 2017 +0000 | ||
321 | |||
322 | upstream commit | ||
323 | |||
324 | When updating hostkeys, accept RSA keys if | ||
325 | HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA | ||
326 | keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms | ||
327 | nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok | ||
328 | dtucker@ | ||
329 | |||
330 | Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 | ||
331 | |||
332 | commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c | ||
333 | Author: djm@openbsd.org <djm@openbsd.org> | ||
334 | Date: Fri Mar 10 04:24:55 2017 +0000 | ||
335 | |||
336 | upstream commit | ||
337 | |||
338 | make hostname matching really insensitive to case; | ||
339 | bz#2685, reported by Petr Cerny; ok dtucker@ | ||
340 | |||
341 | Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 | ||
342 | |||
343 | commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f | ||
344 | Author: djm@openbsd.org <djm@openbsd.org> | ||
345 | Date: Fri Mar 10 03:52:48 2017 +0000 | ||
346 | |||
347 | upstream commit | ||
348 | |||
349 | reword a comment to make it fit 80 columns | ||
350 | |||
351 | Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 | ||
352 | |||
353 | commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc | ||
354 | Author: djm@openbsd.org <djm@openbsd.org> | ||
355 | Date: Fri Mar 10 04:27:32 2017 +0000 | ||
356 | |||
357 | upstream commit | ||
358 | |||
359 | better match sshd config parser behaviour: fatal() if | ||
360 | line is overlong, increase line buffer to match sshd's; bz#2651 reported by | ||
361 | Don Fong; ok dtucker@ | ||
362 | |||
363 | Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 | ||
364 | |||
365 | commit db2597207e69912f2592cd86a1de8e948a9d7ffb | ||
366 | Author: djm@openbsd.org <djm@openbsd.org> | ||
367 | Date: Fri Mar 10 04:26:06 2017 +0000 | ||
368 | |||
369 | upstream commit | ||
370 | |||
371 | ensure hostname is lower-case before hashing it; | ||
372 | bz#2591 reported by Griff Miller II; ok dtucker@ | ||
373 | |||
374 | Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 | ||
375 | |||
376 | commit df9936936c695f85c1038bd706d62edf752aca4b | ||
377 | Author: djm@openbsd.org <djm@openbsd.org> | ||
378 | Date: Fri Mar 10 04:24:55 2017 +0000 | ||
379 | |||
380 | upstream commit | ||
381 | |||
382 | make hostname matching really insensitive to case; | ||
383 | bz#2685, reported by Petr Cerny; ok dtucker@ | ||
384 | |||
385 | Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 | ||
386 | |||
387 | commit 67eed24bfa7645d88fa0b883745fccb22a0e527e | ||
388 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
389 | Date: Fri Mar 10 04:11:00 2017 +0000 | ||
390 | |||
391 | upstream commit | ||
392 | |||
393 | Remove old null check from config dumper. Patch from | ||
394 | jjelen at redhat.com vi bz#2687, ok djm@ | ||
395 | |||
396 | Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 | ||
397 | |||
398 | commit 183ba55aaaecca0206184b854ad6155df237adbe | ||
399 | Author: djm@openbsd.org <djm@openbsd.org> | ||
400 | Date: Fri Mar 10 04:07:20 2017 +0000 | ||
401 | |||
402 | upstream commit | ||
403 | |||
404 | fix regression in 7.4 server-sig-algs, where we were | ||
405 | accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno | ||
406 | Goncalves; ok dtucker@ | ||
407 | |||
408 | Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 | ||
409 | |||
410 | commit 66be4fe8c4435af5bbc82998501a142a831f1181 | ||
411 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
412 | Date: Fri Mar 10 03:53:11 2017 +0000 | ||
413 | |||
414 | upstream commit | ||
415 | |||
416 | Check for NULL return value from key_new. Patch from | ||
417 | jjelen at redhat.com via bz#2687, ok djm@ | ||
418 | |||
419 | Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e | ||
420 | |||
421 | commit ec2892b5c7fea199914cb3a6afb3af38f84990bf | ||
422 | Author: djm@openbsd.org <djm@openbsd.org> | ||
423 | Date: Fri Mar 10 03:52:48 2017 +0000 | ||
424 | |||
425 | upstream commit | ||
426 | |||
427 | reword a comment to make it fit 80 columns | ||
428 | |||
429 | Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 | ||
430 | |||
431 | commit 7fadbb6da3f4122de689165651eb39985e1cba85 | ||
432 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
433 | Date: Fri Mar 10 03:48:57 2017 +0000 | ||
434 | |||
435 | upstream commit | ||
436 | |||
437 | Check for NULL argument to sshkey_read. Patch from | ||
438 | jjelen at redhat.com via bz#2687, ok djm@ | ||
439 | |||
440 | Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e | ||
441 | |||
442 | commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 | ||
443 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
444 | Date: Fri Mar 10 03:45:40 2017 +0000 | ||
445 | |||
446 | upstream commit | ||
447 | |||
448 | Plug some mem leaks mostly on error paths. From jjelen | ||
449 | at redhat.com via bz#2687, ok djm@ | ||
450 | |||
451 | Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 | ||
452 | |||
453 | commit f6edbe9febff8121f26835996b1229b5064d31b7 | ||
454 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
455 | Date: Fri Mar 10 03:24:48 2017 +0000 | ||
456 | |||
457 | upstream commit | ||
458 | |||
459 | Plug mem leak on GLOB_NOMATCH case. From jjelen at | ||
460 | redhat.com via bz#2687, ok djm@ | ||
461 | |||
462 | Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d | ||
463 | |||
464 | commit 566b3a46e89a2fda2db46f04f2639e92da64a120 | ||
465 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
466 | Date: Fri Mar 10 03:22:40 2017 +0000 | ||
467 | |||
468 | upstream commit | ||
469 | |||
470 | Plug descriptor leaks of auth_sock. From jjelen at | ||
471 | redhat.com via bz#2687, ok djm@ | ||
472 | |||
473 | Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 | ||
474 | |||
475 | commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 | ||
476 | Author: djm@openbsd.org <djm@openbsd.org> | ||
477 | Date: Fri Mar 10 03:18:24 2017 +0000 | ||
478 | |||
479 | upstream commit | ||
480 | |||
481 | correctly hash hosts with a port number. Reported by Josh | ||
482 | Powers in bz#2692; ok dtucker@ | ||
483 | |||
484 | Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 | ||
485 | |||
486 | commit 9747b9c742de409633d4753bf1a752cbd211e2d3 | ||
487 | Author: djm@openbsd.org <djm@openbsd.org> | ||
488 | Date: Fri Mar 10 03:15:58 2017 +0000 | ||
489 | |||
490 | upstream commit | ||
491 | |||
492 | don't truncate off \r\n from long stderr lines; bz#2688, | ||
493 | reported by Brian Dyson; ok dtucker@ | ||
494 | |||
495 | Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 | ||
496 | |||
497 | commit 4a4b75adac862029a1064577eb5af299b1580cdd | ||
498 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
499 | Date: Fri Mar 10 02:59:51 2017 +0000 | ||
500 | |||
501 | upstream commit | ||
502 | |||
503 | Validate digest arg in ssh_digest_final; from jjelen at | ||
504 | redhat.com via bz#2687, ok djm@ | ||
505 | |||
506 | Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 | ||
507 | |||
508 | commit bee0167be2340d8de4bdc1ab1064ec957c85a447 | ||
509 | Author: Darren Tucker <dtucker@zip.com.au> | ||
510 | Date: Fri Mar 10 13:40:18 2017 +1100 | ||
511 | |||
512 | Check for NULL from malloc. | ||
513 | |||
514 | Part of bz#2687, from jjelen at redhat.com. | ||
515 | |||
516 | commit da39b09d43b137a5a3d071b51589e3efb3701238 | ||
517 | Author: Darren Tucker <dtucker@zip.com.au> | ||
518 | Date: Fri Mar 10 13:22:32 2017 +1100 | ||
519 | |||
520 | If OSX is using launchd, remove screen no. | ||
521 | |||
522 | Check for socket with and without screen number. From Apple and Jakob | ||
523 | Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ | ||
524 | |||
525 | commit 8fb15311a011517eb2394bb95a467c209b8b336c | ||
526 | Author: djm@openbsd.org <djm@openbsd.org> | ||
527 | Date: Wed Mar 8 12:07:47 2017 +0000 | ||
528 | |||
529 | upstream commit | ||
530 | |||
531 | quote [host]:port in generated ProxyJump commandline; the | ||
532 | [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri | ||
533 | Tirkkonen via bugs@ | ||
534 | |||
535 | Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 | ||
536 | |||
537 | commit 18501151cf272a15b5f2c5e777f2e0933633c513 | ||
538 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
539 | Date: Mon Mar 6 02:03:20 2017 +0000 | ||
540 | |||
541 | upstream commit | ||
542 | |||
543 | Check l->hosts before dereferencing; fixes potential null | ||
544 | pointer deref. ok djm@ | ||
545 | |||
546 | Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 | ||
547 | |||
548 | commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 | ||
549 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
550 | Date: Mon Mar 6 00:44:51 2017 +0000 | ||
551 | |||
552 | upstream commit | ||
553 | |||
554 | linenum is unsigned long so use %lu in log formats. ok | ||
555 | deraadt@ | ||
556 | |||
557 | Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 | ||
558 | |||
559 | commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 | ||
560 | Author: djm@openbsd.org <djm@openbsd.org> | ||
561 | Date: Fri Mar 3 06:13:11 2017 +0000 | ||
562 | |||
563 | upstream commit | ||
564 | |||
565 | fix ssh-keygen -H accidentally corrupting known_hosts that | ||
566 | contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by | ||
567 | hostkeys_foreach() when hostname matching is in use, so we need to look for | ||
568 | the hash marker explicitly. | ||
569 | |||
570 | Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 | ||
571 | |||
572 | commit d7abb771bd5a941b26144ba400a34563a1afa589 | ||
573 | Author: djm@openbsd.org <djm@openbsd.org> | ||
574 | Date: Tue Feb 28 06:10:08 2017 +0000 | ||
575 | |||
576 | upstream commit | ||
577 | |||
578 | small memleak: free fd_set on connection timeout (though | ||
579 | we are heading to exit anyway). From Tom Rix in bz#2683 | ||
580 | |||
581 | Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 | ||
582 | |||
583 | commit 78142e3ab3887e53a968d6e199bcb18daaf2436e | ||
584 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
585 | Date: Mon Feb 27 14:30:33 2017 +0000 | ||
586 | |||
587 | upstream commit | ||
588 | |||
589 | errant dot; from klemens nanni | ||
590 | |||
591 | Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 | ||
592 | |||
593 | commit 8071a6924c12bb51406a9a64a4b2892675112c87 | ||
594 | Author: djm@openbsd.org <djm@openbsd.org> | ||
595 | Date: Fri Feb 24 03:16:34 2017 +0000 | ||
596 | |||
597 | upstream commit | ||
598 | |||
599 | might as well set the listener socket CLOEXEC | ||
600 | |||
601 | Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 | ||
602 | |||
603 | commit d5499190559ebe374bcdfa8805408646ceffad64 | ||
604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
605 | Date: Sun Feb 19 00:11:29 2017 +0000 | ||
606 | |||
607 | upstream commit | ||
608 | |||
609 | add test cases for C locale; ok schwarze@ | ||
610 | |||
611 | Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 | ||
612 | |||
613 | commit 011c8ffbb0275281a0cf330054cf21be10c43e37 | ||
614 | Author: djm@openbsd.org <djm@openbsd.org> | ||
615 | Date: Sun Feb 19 00:10:57 2017 +0000 | ||
616 | |||
617 | upstream commit | ||
618 | |||
619 | Add a common nl_langinfo(CODESET) alias for US-ASCII | ||
620 | "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for | ||
621 | non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ | ||
622 | |||
623 | Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 | ||
624 | |||
625 | commit 0c4430a19b73058a569573492f55e4c9eeaae67b | ||
626 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
627 | Date: Tue Feb 7 23:03:11 2017 +0000 | ||
628 | |||
629 | upstream commit | ||
630 | |||
631 | Remove deprecated SSH1 options RSAAuthentication and | ||
632 | RhostsRSAAuthentication from regression test sshd_config. | ||
633 | |||
634 | Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 | ||
635 | |||
636 | commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 | ||
637 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
638 | Date: Fri Feb 17 02:32:05 2017 +0000 | ||
639 | |||
640 | upstream commit | ||
641 | |||
642 | Do not show rsa1 key type in usage when compiled without | ||
643 | SSH1 support. | ||
644 | |||
645 | Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 | ||
646 | |||
647 | commit ecc35893715f969e98fee118481f404772de4132 | ||
648 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
649 | Date: Fri Feb 17 02:31:14 2017 +0000 | ||
650 | |||
651 | upstream commit | ||
652 | |||
653 | ifdef out "rsa1" from the list of supported keytypes when | ||
654 | compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ | ||
655 | |||
656 | Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f | ||
657 | |||
658 | commit 10577c6d96a55b877a960b2d0b75edef1b9945af | ||
659 | Author: djm@openbsd.org <djm@openbsd.org> | ||
660 | Date: Fri Feb 17 02:04:15 2017 +0000 | ||
661 | |||
662 | upstream commit | ||
663 | |||
664 | For ProxyJump/-J, surround host name with brackets to | ||
665 | allow literal IPv6 addresses. From Dick Visser; ok dtucker@ | ||
666 | |||
667 | Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 | ||
668 | |||
669 | commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 | ||
670 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
671 | Date: Wed Feb 15 23:38:31 2017 +0000 | ||
672 | |||
673 | upstream commit | ||
674 | |||
675 | Fix memory leaks in match_filter_list() error paths. | ||
676 | |||
677 | ok dtucker@ markus@ | ||
678 | |||
679 | Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e | ||
680 | |||
681 | commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 | ||
682 | Author: djm@openbsd.org <djm@openbsd.org> | ||
683 | Date: Wed Feb 15 01:46:47 2017 +0000 | ||
684 | |||
685 | upstream commit | ||
686 | |||
687 | fix division by zero crash in "df" output when server | ||
688 | returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok | ||
689 | dtucker@ | ||
690 | |||
691 | Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f | ||
692 | |||
693 | commit bd5d7d239525d595ecea92765334af33a45d9d63 | ||
694 | Author: Darren Tucker <dtucker@zip.com.au> | ||
695 | Date: Sun Feb 12 15:45:15 2017 +1100 | ||
696 | |||
697 | ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR | ||
698 | |||
699 | EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out | ||
700 | for the benefit of OpenSSL versions prior to that. | ||
701 | |||
702 | commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe | ||
703 | Author: djm@openbsd.org <djm@openbsd.org> | ||
704 | Date: Fri Feb 10 04:34:50 2017 +0000 | ||
705 | |||
706 | upstream commit | ||
707 | |||
708 | bring back r1.34 that was backed out for problems loading | ||
709 | public keys: | ||
710 | |||
711 | translate OpenSSL error codes to something more | ||
712 | meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ | ||
713 | |||
714 | with additional fix from Jakub Jelen to solve the backout. | ||
715 | bz#2525 bz#2523 re-ok dtucker@ | ||
716 | |||
717 | Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 | ||
718 | |||
719 | commit a287c5ad1e0bf9811c7b9221979b969255076019 | ||
720 | Author: djm@openbsd.org <djm@openbsd.org> | ||
721 | Date: Fri Feb 10 03:36:40 2017 +0000 | ||
722 | |||
723 | upstream commit | ||
724 | |||
725 | Sanitise escape sequences in key comments sent to printf | ||
726 | but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ | ||
727 | |||
728 | Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e | ||
729 | |||
730 | commit e40269be388972848aafcca7060111c70aab5b87 | ||
731 | Author: millert@openbsd.org <millert@openbsd.org> | ||
732 | Date: Wed Feb 8 20:32:43 2017 +0000 | ||
733 | |||
734 | upstream commit | ||
735 | |||
736 | Avoid printf %s NULL. From semarie@, OK djm@ | ||
737 | |||
738 | Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c | ||
739 | |||
740 | commit 5b90709ab8704dafdb31e5651073b259d98352bc | ||
741 | Author: djm@openbsd.org <djm@openbsd.org> | ||
742 | Date: Mon Feb 6 09:22:51 2017 +0000 | ||
743 | |||
744 | upstream commit | ||
745 | |||
746 | Restore \r\n newline sequence for server ident string. The CR | ||
747 | got lost in the flensing of SSHv1. Pointed out by Stef Bon | ||
748 | |||
749 | Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac | ||
750 | |||
751 | commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc | ||
752 | Author: djm@openbsd.org <djm@openbsd.org> | ||
753 | Date: Fri Feb 3 23:01:42 2017 +0000 | ||
754 | |||
755 | upstream commit | ||
756 | |||
757 | unit test for match_filter_list() function; still want a | ||
758 | better name for this... | ||
759 | |||
760 | Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a | ||
761 | |||
762 | commit f1a193464a7b77646f0d0cedc929068e4a413ab4 | ||
763 | Author: djm@openbsd.org <djm@openbsd.org> | ||
764 | Date: Fri Feb 3 23:05:57 2017 +0000 | ||
765 | |||
766 | upstream commit | ||
767 | |||
768 | use ssh_packet_set_log_preamble() to include connection | ||
769 | username in packet log messages, e.g. | ||
770 | |||
771 | Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] | ||
772 | |||
773 | ok markus@ bz#113 | ||
774 | |||
775 | Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 | ||
776 | |||
777 | commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 | ||
778 | Author: djm@openbsd.org <djm@openbsd.org> | ||
779 | Date: Fri Feb 3 23:03:33 2017 +0000 | ||
780 | |||
781 | upstream commit | ||
782 | |||
783 | add ssh_packet_set_log_preamble() to allow inclusion of a | ||
784 | preamble string in disconnect messages; ok markus@ | ||
785 | |||
786 | Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead | ||
787 | |||
788 | commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 | ||
789 | Author: djm@openbsd.org <djm@openbsd.org> | ||
790 | Date: Fri Feb 3 23:01:19 2017 +0000 | ||
791 | |||
792 | upstream commit | ||
793 | |||
794 | support =- for removing methods from algorithms lists, | ||
795 | e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like | ||
796 | it" markus@ | ||
797 | |||
798 | Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d | ||
799 | |||
800 | commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e | ||
801 | Author: djm@openbsd.org <djm@openbsd.org> | ||
802 | Date: Fri Feb 3 05:05:56 2017 +0000 | ||
803 | |||
804 | upstream commit | ||
805 | |||
806 | allow form-feed characters at EOL; bz#2431 ok dtucker@ | ||
807 | |||
808 | Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 | ||
809 | |||
810 | commit 523db8540b720c4d21ab0ff6f928476c70c38aab | ||
811 | Author: Damien Miller <djm@mindrot.org> | ||
812 | Date: Fri Feb 3 16:01:22 2017 +1100 | ||
813 | |||
814 | prefer to use ldns-config to find libldns | ||
815 | |||
816 | Should fix bz#2603 - "Build with ldns and without kerberos support | ||
817 | fails if ldns compiled with kerberos support" by including correct | ||
818 | cflags/libs | ||
819 | |||
820 | ok dtucker@ | ||
821 | |||
822 | commit c998bf0afa1a01257a53793eba57941182e9e0b7 | ||
823 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
824 | Date: Fri Feb 3 02:56:00 2017 +0000 | ||
825 | |||
826 | upstream commit | ||
827 | |||
828 | Make ssh_packet_set_rekey_limits take u32 for the number of | ||
829 | seconds until rekeying (negative values are rejected at config parse time). | ||
830 | This allows the removal of some casts and a signed vs unsigned comparison | ||
831 | warning. | ||
832 | |||
833 | rekey_time is cast to int64 for the comparison which is a no-op | ||
834 | on OpenBSD, but should also do the right thing in -portable on | ||
835 | anything still using 32bit time_t (until the system time actually | ||
836 | wraps, anyway). | ||
837 | |||
838 | some early guidance deraadt@, ok djm@ | ||
839 | |||
840 | Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c | ||
841 | |||
842 | commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 | ||
843 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
844 | Date: Thu Feb 2 10:54:25 2017 +0000 | ||
845 | |||
846 | upstream commit | ||
847 | |||
848 | In vasnmprintf() return an error if malloc fails and | ||
849 | don't set a function argument to the address of free'd memory. | ||
850 | |||
851 | ok djm@ | ||
852 | |||
853 | Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 | ||
854 | |||
855 | commit 858252fb1d451ebb0969cf9749116c8f0ee42753 | ||
856 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
857 | Date: Wed Feb 1 02:59:09 2017 +0000 | ||
858 | |||
859 | upstream commit | ||
860 | |||
861 | Return true reason for port forwarding failures where | ||
862 | feasible rather than always "administratively prohibited". bz#2674, ok djm@ | ||
863 | |||
864 | Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 | ||
865 | |||
866 | commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 | ||
867 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
868 | Date: Mon Jan 30 23:27:39 2017 +0000 | ||
869 | |||
870 | upstream commit | ||
871 | |||
872 | Small correction to the known_hosts section on when it is | ||
873 | updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at | ||
874 | sdf.org | ||
875 | |||
876 | Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 | ||
877 | |||
878 | commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 | ||
879 | Author: Darren Tucker <dtucker@zip.com.au> | ||
880 | Date: Fri Feb 3 14:10:34 2017 +1100 | ||
881 | |||
882 | Remove _XOPEN_SOURCE from wide char detection. | ||
883 | |||
884 | Having _XOPEN_SOURCE unconditionally causes problems on some platforms | ||
885 | and configurations, notably Solaris 64-bit binaries. It was there for | ||
886 | the benefit of Linux put the required bits in the *-*linux* section. | ||
887 | |||
888 | Patch from yvoinov at gmail.com. | ||
889 | |||
890 | commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd | ||
891 | Author: djm@openbsd.org <djm@openbsd.org> | ||
892 | Date: Mon Jan 30 05:22:14 2017 +0000 | ||
893 | |||
894 | upstream commit | ||
895 | |||
896 | fully unbreak: some $SSH invocations did not have -F | ||
897 | specified and could pick up the ~/.ssh/config of the user running the tests | ||
898 | |||
899 | Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 | ||
900 | |||
901 | commit 6956e21fb26652887475fe77ea40d2efcf25908b | ||
902 | Author: djm@openbsd.org <djm@openbsd.org> | ||
903 | Date: Mon Jan 30 04:54:07 2017 +0000 | ||
904 | |||
905 | upstream commit | ||
906 | |||
907 | partially unbreak: was not specifying hostname on some | ||
908 | $SSH invocations | ||
909 | |||
910 | Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc | ||
911 | |||
912 | commit 52763dd3fe0a4678dafdf7aeb32286e514130afc | ||
913 | Author: djm@openbsd.org <djm@openbsd.org> | ||
914 | Date: Mon Jan 30 01:03:00 2017 +0000 | ||
915 | |||
916 | upstream commit | ||
917 | |||
918 | revise keys/principals command hang fix (bz#2655) to | ||
919 | consume entire output, avoiding sending SIGPIPE to subprocesses early; ok | ||
920 | dtucker@ | ||
921 | |||
922 | Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc | ||
923 | |||
924 | commit 381a2615a154a82c4c53b787f4a564ef894fe9ac | ||
925 | Author: djm@openbsd.org <djm@openbsd.org> | ||
926 | Date: Mon Jan 30 00:38:50 2017 +0000 | ||
927 | |||
928 | upstream commit | ||
929 | |||
930 | small cleanup post SSHv1 removal: | ||
931 | |||
932 | remove SSHv1-isms in commented examples | ||
933 | |||
934 | reorder token table to group deprecated and compile-time conditional tokens | ||
935 | better | ||
936 | |||
937 | fix config dumping code for some compile-time conditional options that | ||
938 | weren't being correctly skipped (SSHv1 and PKCS#11) | ||
939 | |||
940 | Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 | ||
941 | |||
942 | commit 4833d01591b7eb049489d9558b65f5553387ed43 | ||
943 | Author: djm@openbsd.org <djm@openbsd.org> | ||
944 | Date: Mon Jan 30 00:34:01 2017 +0000 | ||
945 | |||
946 | upstream commit | ||
947 | |||
948 | some explicit NULL tests when dumping configured | ||
949 | forwardings; from Karsten Weiss | ||
950 | |||
951 | Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d | ||
952 | |||
953 | commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 | ||
954 | Author: djm@openbsd.org <djm@openbsd.org> | ||
955 | Date: Mon Jan 30 00:32:28 2017 +0000 | ||
956 | |||
957 | upstream commit | ||
958 | |||
959 | misplaced braces in test; from Karsten Weiss | ||
960 | |||
961 | Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae | ||
962 | |||
963 | commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb | ||
964 | Author: djm@openbsd.org <djm@openbsd.org> | ||
965 | Date: Mon Jan 30 00:32:03 2017 +0000 | ||
966 | |||
967 | upstream commit | ||
968 | |||
969 | don't dereference authctxt before testing != NULL, it | ||
970 | causes compilers to make assumptions; from Karsten Weiss | ||
971 | |||
972 | Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 | ||
973 | |||
974 | commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 | ||
975 | Author: djm@openbsd.org <djm@openbsd.org> | ||
976 | Date: Fri Jan 6 02:51:16 2017 +0000 | ||
977 | |||
978 | upstream commit | ||
979 | |||
980 | use correct ssh-add program; bz#2654, from Colin Watson | ||
981 | |||
982 | Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 | ||
983 | |||
984 | commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 | ||
985 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
986 | Date: Fri Jan 6 02:26:10 2017 +0000 | ||
987 | |||
988 | upstream commit | ||
989 | |||
990 | Account for timeouts in the integrity tests as failures. | ||
991 | |||
992 | If the first test in a series for a given MAC happens to modify the low | ||
993 | bytes of a packet length, then ssh will time out and this will be | ||
994 | interpreted as a test failure. Patch from cjwatson at debian.org via | ||
995 | bz#2658. | ||
996 | |||
997 | Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 | ||
998 | |||
999 | commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 | ||
1000 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1001 | Date: Fri Jan 6 02:09:25 2017 +0000 | ||
1002 | |||
1003 | upstream commit | ||
1004 | |||
1005 | Make forwarding test less racy by using unix domain | ||
1006 | sockets instead of TCP ports where possible. Patch from cjwatson at | ||
1007 | debian.org via bz#2659. | ||
1008 | |||
1009 | Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 | ||
1010 | |||
1011 | commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 | ||
1012 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1013 | Date: Sun Jan 29 21:35:23 2017 +0000 | ||
1014 | |||
1015 | upstream commit | ||
1016 | |||
1017 | Fix typo in ~C error message for bad port forward | ||
1018 | cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's | ||
1019 | bugtracker. | ||
1020 | |||
1021 | Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af | ||
1022 | |||
1023 | commit 4ba15462ca38883b8a61a1eccc093c79462d5414 | ||
1024 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
1025 | Date: Sat Jan 21 11:32:04 2017 +0000 | ||
1026 | |||
1027 | upstream commit | ||
1028 | |||
1029 | The POSIX APIs that that sockaddrs all ignore the s*_len | ||
1030 | field in the incoming socket, so userspace doesn't need to set it unless it | ||
1031 | has its own reasons for tracking the size along with the sockaddr. | ||
1032 | |||
1033 | ok phessler@ deraadt@ florian@ | ||
1034 | |||
1035 | Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 | ||
1036 | |||
1037 | commit a1187bd3ef3e4940af849ca953a1b849dae78445 | ||
1038 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1039 | Date: Fri Jan 6 16:28:12 2017 +0000 | ||
1040 | |||
1041 | upstream commit | ||
1042 | |||
1043 | keep the tokens list sorted; | ||
1044 | |||
1045 | Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 | ||
1046 | |||
1047 | commit b64077f9767634715402014f509e58decf1e140d | ||
1048 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1049 | Date: Fri Jan 6 09:27:52 2017 +0000 | ||
1050 | |||
1051 | upstream commit | ||
1052 | |||
1053 | fix previous | ||
1054 | |||
1055 | Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 | ||
1056 | |||
1057 | commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de | ||
1058 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1059 | Date: Fri Jan 6 03:53:58 2017 +0000 | ||
1060 | |||
1061 | upstream commit | ||
1062 | |||
1063 | show a useful error message when included config files | ||
1064 | can't be opened; bz#2653, ok dtucker@ | ||
1065 | |||
1066 | Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b | ||
1067 | |||
1068 | commit 13bd2e2d622d01dc85d22b94520a5b243d006049 | ||
1069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1070 | Date: Fri Jan 6 03:45:41 2017 +0000 | ||
1071 | |||
1072 | upstream commit | ||
1073 | |||
1074 | sshd_config is documented to set | ||
1075 | GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. | ||
1076 | bz#2637 ok dtucker | ||
1077 | |||
1078 | Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 | ||
1079 | |||
1080 | commit f89b928534c9e77f608806a217d39a2960cc7fd0 | ||
1081 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1082 | Date: Fri Jan 6 03:41:58 2017 +0000 | ||
1083 | |||
1084 | upstream commit | ||
1085 | |||
1086 | Avoid confusing error message when attempting to use | ||
1087 | ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 | ||
1088 | |||
1089 | Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 | ||
1090 | |||
1091 | commit 0999533014784579aa6f01c2d3a06e3e8804b680 | ||
1092 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1093 | Date: Fri Jan 6 02:34:54 2017 +0000 | ||
1094 | |||
1095 | upstream commit | ||
1096 | |||
1097 | Re-add '%k' token for AuthorizedKeysCommand which was | ||
1098 | lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. | ||
1099 | |||
1100 | Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 | ||
1101 | |||
1102 | commit 51045869fa084cdd016fdd721ea760417c0a3bf3 | ||
1103 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1104 | Date: Wed Jan 4 05:37:40 2017 +0000 | ||
1105 | |||
1106 | upstream commit | ||
1107 | |||
1108 | unbreak Unix domain socket forwarding for root; ok | ||
1109 | markus@ | ||
1110 | |||
1111 | Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 | ||
1112 | |||
1113 | commit 58fca12ba967ea5c768653535604e1522d177e44 | ||
1114 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1115 | Date: Mon Jan 16 09:08:32 2017 +1100 | ||
1116 | |||
1117 | Remove LOGIN_PROGRAM. | ||
1118 | |||
1119 | UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org | ||
1120 | |||
1121 | commit b108ce92aae0ca0376dce9513d953be60e449ae1 | ||
1122 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1123 | Date: Wed Jan 4 02:21:43 2017 +0000 | ||
1124 | |||
1125 | upstream commit | ||
1126 | |||
1127 | relax PKCS#11 whitelist a bit to allow libexec as well as | ||
1128 | lib directories. | ||
1129 | |||
1130 | Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 | ||
1131 | |||
1132 | commit c7995f296b9222df2846f56ecf61e5ae13d7a53d | ||
1133 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1134 | Date: Tue Jan 3 05:46:51 2017 +0000 | ||
1135 | |||
1136 | upstream commit | ||
1137 | |||
1138 | check number of entries in SSH2_FXP_NAME response; avoids | ||
1139 | unreachable overflow later. Reported by Jann Horn | ||
1140 | |||
1141 | Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f | ||
1142 | |||
1143 | commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 | ||
1144 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1145 | Date: Fri Dec 30 22:08:02 2016 +0000 | ||
1146 | |||
1147 | upstream commit | ||
1148 | |||
1149 | fix deadlock when keys/principals command produces a lot of | ||
1150 | output and a key is matched early; bz#2655, patch from jboning AT gmail.com | ||
1151 | |||
1152 | Upstream-ID: e19456429bf99087ea994432c16d00a642060afe | ||
1153 | |||
1154 | commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f | ||
1155 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1156 | Date: Tue Dec 20 12:16:11 2016 +1100 | ||
1157 | |||
1158 | Re-add missing "Prerequisites" header and fix typo | ||
1159 | |||
1160 | Patch from HARUYAMA Seigo <haruyama at unixuser org>. | ||
1161 | |||
1162 | commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 | ||
1163 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1164 | Date: Mon Dec 19 22:35:23 2016 +0000 | ||
1165 | |||
1166 | upstream commit | ||
1167 | |||
1168 | use standard /bin/sh equality test; from Mike Frysinger | ||
1169 | |||
1170 | Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 | ||
1171 | |||
1172 | commit 4a354fc231174901f2629437c2a6e924a2dd6772 | ||
1173 | Author: Damien Miller <djm@mindrot.org> | ||
1174 | Date: Mon Dec 19 15:59:26 2016 +1100 | ||
1175 | |||
1176 | crank version numbers for release | ||
1177 | |||
1178 | commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 | ||
1179 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1180 | Date: Mon Dec 19 04:55:51 2016 +0000 | ||
1181 | |||
1182 | upstream commit | ||
1183 | |||
1184 | openssh-7.4 | ||
1185 | |||
1186 | Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 | ||
1187 | |||
1188 | commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b | ||
1189 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1190 | Date: Mon Dec 19 04:55:18 2016 +0000 | ||
1191 | |||
1192 | upstream commit | ||
1193 | |||
1194 | remove testcase that depends on exact output and | ||
1195 | behaviour of snprintf(..., "%s", NULL) | ||
1196 | |||
1197 | Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f | ||
1198 | |||
1199 | commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 | ||
1200 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1201 | Date: Mon Dec 19 03:32:57 2016 +0000 | ||
1202 | |||
1203 | upstream commit | ||
1204 | |||
1205 | Use LOGNAME to get current user and fall back to whoami if | ||
1206 | not set. Mainly to benefit -portable since some platforms don't have whoami. | ||
1207 | |||
1208 | Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa | ||
1209 | |||
1210 | commit 0d2f88428487518eea60602bd593989013831dcf | ||
1211 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1212 | Date: Fri Dec 16 03:51:19 2016 +0000 | ||
1213 | |||
1214 | upstream commit | ||
1215 | |||
1216 | Add regression test for AllowUsers and DenyUsers. Patch from | ||
1217 | Zev Weiss <zev at bewilderbeest.net> | ||
1218 | |||
1219 | Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 | ||
1220 | |||
1221 | commit 3bc8180a008929f6fe98af4a56fb37d04444b417 | ||
1222 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1223 | Date: Fri Dec 16 15:02:24 2016 +1100 | ||
1224 | |||
1225 | Add missing monitor.h include. | ||
1226 | |||
1227 | Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net> | ||
1228 | |||
1229 | commit 410681f9015d76cc7b137dd90dac897f673244a0 | ||
1230 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1231 | Date: Fri Dec 16 02:48:55 2016 +0000 | ||
1232 | |||
1233 | upstream commit | ||
1234 | |||
1235 | revert to rev1.2; the new bits in this test depend on changes | ||
1236 | to ssh that aren't yet committed | ||
1237 | |||
1238 | Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 | ||
1239 | |||
1240 | commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e | ||
1241 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1242 | Date: Fri Dec 16 01:06:27 2016 +0000 | ||
1243 | |||
1244 | upstream commit | ||
1245 | |||
1246 | Move the "stop sshd" code into its own helper function. | ||
1247 | Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@ | ||
1248 | |||
1249 | Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 | ||
1250 | |||
1251 | commit e15e7152331e3976b35475fd4e9c72897ad0f074 | ||
1252 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1253 | Date: Fri Dec 16 01:01:07 2016 +0000 | ||
1254 | |||
1255 | upstream commit | ||
1256 | |||
1257 | regression test for certificates along with private key | ||
1258 | with no public half. bz#2617, mostly from Adam Eijdenberg | ||
1259 | |||
1260 | Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 | ||
1261 | |||
1262 | commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 | ||
1263 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1264 | Date: Thu Dec 15 23:50:37 2016 +0000 | ||
1265 | |||
1266 | upstream commit | ||
1267 | |||
1268 | Use $SUDO to read pidfile in case root's umask is | ||
1269 | restricted. From portable. | ||
1270 | |||
1271 | Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 | ||
1272 | |||
1273 | commit fe06b68f824f8f55670442fb31f2c03526dd326c | ||
1274 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1275 | Date: Thu Dec 15 21:29:05 2016 +0000 | ||
1276 | |||
1277 | upstream commit | ||
1278 | |||
1279 | Add missing braces in DenyUsers code. Patch from zev at | ||
1280 | bewilderbeest.net, ok deraadt@ | ||
1281 | |||
1282 | Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e | ||
1283 | |||
1284 | commit dcc7d74242a574fd5c4afbb4224795b1644321e7 | ||
1285 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1286 | Date: Thu Dec 15 21:20:41 2016 +0000 | ||
1287 | |||
1288 | upstream commit | ||
1289 | |||
1290 | Fix text in error message. Patch from zev at | ||
1291 | bewilderbeest.net. | ||
1292 | |||
1293 | Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 | ||
1294 | |||
1295 | commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 | ||
1296 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1297 | Date: Wed Dec 14 00:36:34 2016 +0000 | ||
1298 | |||
1299 | upstream commit | ||
1300 | |||
1301 | disable Unix-domain socket forwarding when privsep is | ||
1302 | disabled | ||
1303 | |||
1304 | Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 | ||
1305 | |||
1306 | commit 08a1e7014d65c5b59416a0e138c1f73f417496eb | ||
1307 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1308 | Date: Fri Dec 9 03:04:29 2016 +0000 | ||
1309 | |||
1310 | upstream commit | ||
1311 | |||
1312 | log connections dropped in excess of MaxStartups at | ||
1313 | verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ | ||
1314 | |||
1315 | Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b | ||
1316 | |||
1317 | commit 10e290ec00964b2bf70faab15a10a5574bb80527 | ||
1318 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1319 | Date: Tue Dec 13 13:51:32 2016 +1100 | ||
1320 | |||
1321 | Get default of TEST_SSH_UTF8 from environment. | ||
1322 | |||
1323 | commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 | ||
1324 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1325 | Date: Tue Dec 13 12:56:40 2016 +1100 | ||
1326 | |||
1327 | Remove commented-out includes. | ||
1328 | |||
1329 | These commented-out includes have "Still needed?" comments. Since | ||
1330 | they've been commented out for ~13 years I assert that they're not. | ||
1331 | |||
1332 | commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 | ||
1333 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1334 | Date: Tue Dec 13 12:54:23 2016 +1100 | ||
1335 | |||
1336 | Add prototype for strcasestr in compat library. | ||
1337 | |||
1338 | commit afec07732aa2985142f3e0b9a01eb6391f523dec | ||
1339 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1340 | Date: Tue Dec 13 10:23:03 2016 +1100 | ||
1341 | |||
1342 | Add strcasestr to compat library. | ||
1343 | |||
1344 | Fixes build on (at least) Solaris 10. | ||
1345 | |||
1346 | commit dda78a03af32e7994f132d923c2046e98b7c56c8 | ||
1347 | Author: Damien Miller <djm@mindrot.org> | ||
1348 | Date: Mon Dec 12 13:57:10 2016 +1100 | ||
1349 | |||
1350 | Force Turkish locales back to C/POSIX; bz#2643 | ||
1351 | |||
1352 | Turkish locales are unique in their handling of the letters 'i' and | ||
1353 | 'I' (yes, they are different letters) and OpenSSH isn't remotely | ||
1354 | prepared to deal with that. For now, the best we can do is to force | ||
1355 | OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 | ||
1356 | encoding if possible. | ||
1357 | |||
1358 | ok dtucker@ | ||
1359 | |||
1360 | commit c35995048f41239fc8895aadc3374c5f75180554 | ||
1361 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1362 | Date: Fri Dec 9 12:52:02 2016 +1100 | ||
1363 | |||
1364 | exit is in stdlib.h not unistd.h (that's _exit). | ||
1365 | |||
1366 | commit d399a8b914aace62418c0cfa20341aa37a192f98 | ||
1367 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1368 | Date: Fri Dec 9 12:33:25 2016 +1100 | ||
1369 | |||
1370 | Include <unistd.h> for exit in utf8 locale test. | ||
1371 | |||
1372 | commit 47b8c99ab3221188ad3926108dd9d36da3b528ec | ||
1373 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1374 | Date: Thu Dec 8 15:48:34 2016 +1100 | ||
1375 | |||
1376 | Check for utf8 local support before testing it. | ||
1377 | |||
1378 | Check for utf8 local support and if not found, do not attempt to run the | ||
1379 | utf8 tests. Suggested by djm@ | ||
1380 | |||
1381 | commit 4089fc1885b3a2822204effbb02b74e3da58240d | ||
1382 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1383 | Date: Thu Dec 8 12:57:24 2016 +1100 | ||
1384 | |||
1385 | Use AC_PATH_TOOL for krb5-config. | ||
1386 | |||
1387 | This will use the host-prefixed version when cross compiling; patch from | ||
1388 | david.michael at coreos.com. | ||
1389 | |||
1390 | commit b4867e0712c89b93be905220c82f0a15e6865d1e | ||
1391 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1392 | Date: Tue Dec 6 07:48:01 2016 +0000 | ||
1393 | |||
1394 | upstream commit | ||
1395 | |||
1396 | make IdentityFile successfully load and use certificates that | ||
1397 | have no corresponding bare public key. E.g. just a private id_rsa and | ||
1398 | certificate id_rsa-cert.pub (and no id_rsa.pub). | ||
1399 | |||
1400 | bz#2617 ok dtucker@ | ||
1401 | |||
1402 | Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 | ||
1403 | |||
1404 | commit c9792783a98881eb7ed295680013ca97a958f8ac | ||
1405 | Author: Damien Miller <djm@mindrot.org> | ||
1406 | Date: Fri Nov 25 14:04:21 2016 +1100 | ||
1407 | |||
1408 | Add a gnome-ssh-askpass3 target for GTK+3 version | ||
1409 | |||
1410 | Based on patch from Colin Watson via bz#2640 | ||
1411 | |||
1412 | commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 | ||
1413 | Author: Damien Miller <djm@mindrot.org> | ||
1414 | Date: Fri Nov 25 14:03:53 2016 +1100 | ||
1415 | |||
1416 | Make gnome-ssh-askpass2.c GTK+3-friendly | ||
1417 | |||
1418 | Patch from Colin Watson via bz#2640 | ||
1419 | |||
1420 | commit b9844a45c7f0162fd1b5465683879793d4cc4aaa | ||
1421 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1422 | Date: Sun Dec 4 23:54:02 2016 +0000 | ||
1423 | |||
1424 | upstream commit | ||
1425 | |||
1426 | Fix public key authentication when multiple | ||
1427 | authentication is in use. Instead of deleting and re-preparing the entire | ||
1428 | keys list, just reset the 'used' flags; the keys list is already in a good | ||
1429 | order (with already- tried keys at the back) | ||
1430 | |||
1431 | Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ | ||
1432 | |||
1433 | Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 | ||
1434 | |||
1435 | commit f2398eb774075c687b13af5bc22009eb08889abe | ||
1436 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1437 | Date: Sun Dec 4 22:27:25 2016 +0000 | ||
1438 | |||
1439 | upstream commit | ||
1440 | |||
1441 | Unlink PidFile on SIGHUP and always recreate it when the | ||
1442 | new sshd starts. Regression tests (and possibly other things) depend on the | ||
1443 | pidfile being recreated after SIGHUP, and unlinking it means it won't contain | ||
1444 | a stale pid if sshd fails to restart. ok djm@ markus@ | ||
1445 | |||
1446 | Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 | ||
1447 | |||
1448 | commit 85aa2efeba51a96bf6834f9accf2935d96150296 | ||
1449 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1450 | Date: Wed Nov 30 03:01:33 2016 +0000 | ||
1451 | |||
1452 | upstream commit | ||
1453 | |||
1454 | test new behaviour of cert force-command restriction vs. | ||
1455 | authorized_key/ principals | ||
1456 | |||
1457 | Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c | ||
1458 | |||
1459 | commit 5d333131cd8519d022389cfd3236280818dae1bc | ||
1460 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1461 | Date: Wed Nov 30 06:54:26 2016 +0000 | ||
1462 | |||
1463 | upstream commit | ||
1464 | |||
1465 | tweak previous; while here fix up FILES and AUTHORS; | ||
1466 | |||
1467 | Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa | ||
1468 | |||
1469 | commit 786d5994da79151180cb14a6cf157ebbba61c0cc | ||
1470 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1471 | Date: Wed Nov 30 03:07:37 2016 +0000 | ||
1472 | |||
1473 | upstream commit | ||
1474 | |||
1475 | add a whitelist of paths from which ssh-agent will load | ||
1476 | (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ | ||
1477 | |||
1478 | Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f | ||
1479 | |||
1480 | commit 7844f357cdd90530eec81340847783f1f1da010b | ||
1481 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1482 | Date: Wed Nov 30 03:00:05 2016 +0000 | ||
1483 | |||
1484 | upstream commit | ||
1485 | |||
1486 | Add a sshd_config DisableForwaring option that disables | ||
1487 | X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as | ||
1488 | anything else we might implement in the future. | ||
1489 | |||
1490 | This, like the 'restrict' authorized_keys flag, is intended to be a | ||
1491 | simple and future-proof way of restricting an account. Suggested as | ||
1492 | a complement to 'restrict' by Jann Horn; ok markus@ | ||
1493 | |||
1494 | Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 | ||
1495 | |||
1496 | commit fd6dcef2030d23c43f986d26979f84619c10589d | ||
1497 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1498 | Date: Wed Nov 30 02:57:40 2016 +0000 | ||
1499 | |||
1500 | upstream commit | ||
1501 | |||
1502 | When a forced-command appears in both a certificate and | ||
1503 | an authorized keys/principals command= restriction, refuse to accept the | ||
1504 | certificate unless they are identical. | ||
1505 | |||
1506 | The previous (documented) behaviour of having the certificate forced- | ||
1507 | command override the other could be a bit confused and more error-prone. | ||
1508 | |||
1509 | Pointed out by Jann Horn of Project Zero; ok dtucker@ | ||
1510 | |||
1511 | Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f | ||
1512 | |||
1513 | commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 | ||
1514 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1515 | Date: Wed Nov 30 00:28:31 2016 +0000 | ||
1516 | |||
1517 | upstream commit | ||
1518 | |||
1519 | On startup, check to see if sshd is already daemonized | ||
1520 | and if so, skip the call to daemon() and do not rewrite the PidFile. This | ||
1521 | means that when sshd re-execs itself on SIGHUP the process ID will no longer | ||
1522 | change. Should address bz#2641. ok djm@ markus@. | ||
1523 | |||
1524 | Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 | ||
1525 | |||
1526 | commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc | ||
1527 | Author: Damien Miller <djm@mindrot.org> | ||
1528 | Date: Wed Nov 30 13:51:49 2016 +1100 | ||
1529 | |||
1530 | factor out common PRNG reseed before privdrop | ||
1531 | |||
1532 | Add a call to RAND_poll() to ensure than more than pid+time gets | ||
1533 | stirred into child processes states. Prompted by analysis from Jann | ||
1534 | Horn at Project Zero. ok dtucker@ | ||
1535 | |||
1536 | commit 79e4829ec81dead1b30999e1626eca589319a47f | ||
1537 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1538 | Date: Fri Nov 25 03:02:01 2016 +0000 | ||
1539 | |||
1540 | upstream commit | ||
1541 | |||
1542 | Allow PuTTY interop tests to run unattended. bz#2639, | ||
1543 | patch from cjwatson at debian.org. | ||
1544 | |||
1545 | Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 | ||
1546 | |||
1547 | commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc | ||
1548 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1549 | Date: Fri Nov 25 02:56:49 2016 +0000 | ||
1550 | |||
1551 | upstream commit | ||
1552 | |||
1553 | Reverse args to sshd-log-wrapper. Matches change in | ||
1554 | portable, where it allows sshd do be optionally run under Valgrind. | ||
1555 | |||
1556 | Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 | ||
1557 | |||
1558 | commit bd13017736ec2f8f9ca498fe109fb0035f322733 | ||
1559 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1560 | Date: Fri Nov 25 02:49:18 2016 +0000 | ||
1561 | |||
1562 | upstream commit | ||
1563 | |||
1564 | Fix typo in trace message; from portable. | ||
1565 | |||
1566 | Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a | ||
1567 | |||
1568 | commit 7da751d8b007c7f3e814fd5737c2351440d78b4c | ||
1569 | Author: tb@openbsd.org <tb@openbsd.org> | ||
1570 | Date: Tue Nov 1 13:43:27 2016 +0000 | ||
1571 | |||
1572 | upstream commit | ||
1573 | |||
1574 | Clean up MALLOC_OPTIONS. For the unittests, move | ||
1575 | MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. | ||
1576 | |||
1577 | ok otto | ||
1578 | |||
1579 | Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 | ||
1580 | |||
1581 | commit 36f58e68221bced35e06d1cca8d97c48807a8b71 | ||
1582 | Author: tb@openbsd.org <tb@openbsd.org> | ||
1583 | Date: Mon Oct 31 23:45:08 2016 +0000 | ||
1584 | |||
1585 | upstream commit | ||
1586 | |||
1587 | Remove the obsolete A and P flags from MALLOC_OPTIONS. | ||
1588 | |||
1589 | ok dtucker | ||
1590 | |||
1591 | Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 | ||
1592 | |||
1593 | commit b0899ee26a6630883c0f2350098b6a35e647f512 | ||
1594 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1595 | Date: Tue Nov 29 03:54:50 2016 +0000 | ||
1596 | |||
1597 | upstream commit | ||
1598 | |||
1599 | Factor out code to disconnect from controlling terminal | ||
1600 | into its own function. ok djm@ | ||
1601 | |||
1602 | Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 | ||
1603 | |||
1604 | commit 54d022026aae4f53fa74cc636e4a032d9689b64d | ||
1605 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1606 | Date: Fri Nov 25 23:24:45 2016 +0000 | ||
1607 | |||
1608 | upstream commit | ||
1609 | |||
1610 | use sshbuf_allocate() to pre-allocate the buffer used for | ||
1611 | loading keys. This avoids implicit realloc inside the buffer code, which | ||
1612 | might theoretically leave fragments of the key on the heap. This doesn't | ||
1613 | appear to happen in practice for normal sized keys, but was observed for | ||
1614 | novelty oversize ones. | ||
1615 | |||
1616 | Pointed out by Jann Horn of Project Zero; ok markus@ | ||
1617 | |||
1618 | Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 | ||
1619 | |||
1620 | commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e | ||
1621 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1622 | Date: Fri Nov 25 23:22:04 2016 +0000 | ||
1623 | |||
1624 | upstream commit | ||
1625 | |||
1626 | split allocation out of sshbuf_reserve() into a separate | ||
1627 | sshbuf_allocate() function; ok markus@ | ||
1628 | |||
1629 | Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 | ||
1630 | |||
1631 | commit f0ddedee460486fa0e32fefb2950548009e5026e | ||
1632 | Author: markus@openbsd.org <markus@openbsd.org> | ||
1633 | Date: Wed Nov 23 23:14:15 2016 +0000 | ||
1634 | |||
1635 | upstream commit | ||
1636 | |||
1637 | allow ClientAlive{Interval,CountMax} in Match; ok dtucker, | ||
1638 | djm | ||
1639 | |||
1640 | Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 | ||
1641 | |||
1642 | commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a | ||
1643 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1644 | Date: Tue Nov 8 22:04:34 2016 +0000 | ||
1645 | |||
1646 | upstream commit | ||
1647 | |||
1648 | unbreak DenyUsers; reported by henning@ | ||
1649 | |||
1650 | Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 | ||
1651 | |||
1652 | commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a | ||
1653 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1654 | Date: Sun Nov 6 05:46:37 2016 +0000 | ||
1655 | |||
1656 | upstream commit | ||
1657 | |||
1658 | Validate address ranges for AllowUser/DenyUsers at | ||
1659 | configuration load time and refuse to accept bad ones. It was previously | ||
1660 | possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and | ||
1661 | these would always match. | ||
1662 | |||
1663 | Thanks to Laurence Parry for a detailed bug report. ok markus (for | ||
1664 | a previous diff version) | ||
1665 | |||
1666 | Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb | ||
1667 | |||
1668 | commit efb494e81d1317209256b38b49f4280897c61e69 | ||
1669 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1670 | Date: Fri Oct 28 03:33:52 2016 +0000 | ||
1671 | |||
1672 | upstream commit | ||
1673 | |||
1674 | Improve pkcs11_add_provider() logging: demote some | ||
1675 | excessively verbose error()s to debug()s, include PKCS#11 provider name and | ||
1676 | slot in log messages where possible. bz#2610, based on patch from Jakub Jelen | ||
1677 | |||
1678 | Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d | ||
1679 | |||
1680 | commit 5ee3fb5affd7646f141749483205ade5fc54adaf | ||
1681 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1682 | Date: Tue Nov 1 08:12:33 2016 +1100 | ||
1683 | |||
1684 | Use ptrace(PT_DENY_ATTACH, ..) on OS X. | ||
1685 | |||
1686 | commit 315d2a4e674d0b7115574645cb51f968420ebb34 | ||
1687 | Author: Damien Miller <djm@mindrot.org> | ||
1688 | Date: Fri Oct 28 14:34:07 2016 +1100 | ||
1689 | |||
1690 | Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL | ||
1691 | |||
1692 | ok dtucker@ | ||
1693 | |||
1694 | commit a9ff3950b8e80ff971b4d44bbce96df27aed28af | ||
1695 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1696 | Date: Fri Oct 28 14:26:58 2016 +1100 | ||
1697 | |||
1698 | Move OPENSSL_NO_RIPEMD160 to compat. | ||
1699 | |||
1700 | Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the | ||
1701 | ripemd160 MACs. | ||
1702 | |||
1703 | commit bce58885160e5db2adda3054c3b81fe770f7285a | ||
1704 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1705 | Date: Fri Oct 28 13:52:31 2016 +1100 | ||
1706 | |||
1707 | Check if RIPEMD160 is disabled in OpenSSL. | ||
1708 | |||
1709 | commit d924640d4c355d1b5eca1f4cc60146a9975dbbff | ||
1710 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1711 | Date: Fri Oct 28 13:38:19 2016 +1100 | ||
1712 | |||
1713 | Skip ssh1 specfic ciphers. | ||
1714 | |||
1715 | cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try | ||
1716 | to compile them when Protocol 1 is not enabled. | ||
1717 | |||
1718 | commit 79d078e7a49caef746516d9710ec369ba45feab6 | ||
1719 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
1720 | Date: Tue Oct 25 04:08:13 2016 +0000 | ||
1721 | |||
1722 | upstream commit | ||
1723 | |||
1724 | Fix logic in add_local_forward() that inverted a test | ||
1725 | when code was refactored out into bind_permitted(). This broke ssh port | ||
1726 | forwarding for non-priv ports as a non root user. | ||
1727 | |||
1728 | ok dtucker@ 'looks good' deraadt@ | ||
1729 | |||
1730 | Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 | ||
1731 | |||
1732 | commit a903e315dee483e555c8a3a02c2946937f9b4e5d | ||
1733 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1734 | Date: Mon Oct 24 01:09:17 2016 +0000 | ||
1735 | |||
1736 | upstream commit | ||
1737 | |||
1738 | Remove dead breaks, found via opencoverage.net. ok | ||
1739 | deraadt@ | ||
1740 | |||
1741 | Upstream-ID: ad9cc655829d67fad219762810770787ba913069 | ||
1742 | |||
1743 | commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 | ||
1744 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1745 | Date: Wed Oct 26 08:43:25 2016 +1100 | ||
1746 | |||
1747 | Use !=NULL instead of >0 for getdefaultproj. | ||
1748 | |||
1749 | getdefaultproj() returns a pointer so test it for NULL inequality | ||
1750 | instead of >0. Fixes compiler warning and is more correct. Patch from | ||
1751 | David Binderman. | ||
1752 | |||
1753 | commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 | ||
1754 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1755 | Date: Sun Oct 23 22:04:05 2016 +0000 | ||
1756 | |||
1757 | upstream commit | ||
1758 | |||
1759 | Factor out "can bind to low ports" check into its own function. This will | ||
1760 | make it easier for Portable to support platforms with permissions models | ||
1761 | other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" | ||
1762 | deraadt@. | ||
1763 | |||
1764 | Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface | ||
1765 | |||
1766 | commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 | ||
1767 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1768 | Date: Wed Oct 19 23:21:56 2016 +0000 | ||
1769 | |||
1770 | upstream commit | ||
1771 | |||
1772 | When tearing down ControlMaster connecctions, don't | ||
1773 | pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. | ||
1774 | |||
1775 | Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced | ||
1776 | |||
1777 | commit 09e6a7d8354224933febc08ddcbc2010f542284e | ||
1778 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1779 | Date: Mon Oct 24 09:06:18 2016 +1100 | ||
1780 | |||
1781 | Wrap stdint.h include in ifdef. | ||
1782 | |||
1783 | commit 08d9e9516e587b25127545c029e5464b2e7f2919 | ||
1784 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1785 | Date: Fri Oct 21 09:46:46 2016 +1100 | ||
1786 | |||
1787 | Fix formatting. | ||
1788 | |||
1789 | commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d | ||
1790 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1791 | Date: Fri Oct 21 06:55:58 2016 +1100 | ||
1792 | |||
1793 | Update links to https. | ||
1794 | |||
1795 | www.openssh.com now supports https and ftp.openbsd.org no longer | ||
1796 | supports ftp. Make all links to these https. | ||
1797 | |||
1798 | commit dd4e7212a6141f37742de97795e79db51e4427ad | ||
1799 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1800 | Date: Fri Oct 21 06:48:46 2016 +1100 | ||
1801 | |||
1802 | Update host key generation examples. | ||
1803 | |||
1804 | Remove ssh1 host key generation, add ssh-keygen -A | ||
1805 | |||
1806 | commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 | ||
1807 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1808 | Date: Fri Oct 21 05:22:55 2016 +1100 | ||
1809 | |||
1810 | Update links. | ||
1811 | |||
1812 | Make links to openssh.com HTTPS now that it's supported, point release | ||
1813 | notes link to the HTML release notes page, and update a couple of other | ||
1814 | links and bits of text. | ||
1815 | |||
1816 | commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 | ||
1817 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1818 | Date: Thu Oct 20 03:42:09 2016 +1100 | ||
1819 | |||
1820 | Remote channels .orig and .rej files. | ||
1821 | |||
1822 | These files were incorrectly added during an OpenBSD sync. | ||
1823 | |||
1824 | commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c | ||
1825 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1826 | Date: Tue Oct 18 17:32:54 2016 +0000 | ||
1827 | |||
1828 | upstream commit | ||
1829 | |||
1830 | Remove channel_input_port_forward_request(); the only caller | ||
1831 | was the recently-removed SSH1 server code so it's now dead code. ok markus@ | ||
1832 | |||
1833 | Upstream-ID: 05453983230a1f439562535fec2818f63f297af9 | ||
1834 | |||
1835 | commit 2c6697c443d2c9c908260eed73eb9143223e3ec9 | ||
1836 | Author: millert@openbsd.org <millert@openbsd.org> | ||
1837 | Date: Tue Oct 18 12:41:22 2016 +0000 | ||
1838 | |||
1839 | upstream commit | ||
1840 | |||
1841 | Install a signal handler for tty-generated signals and | ||
1842 | wait for the ssh child to suspend before suspending sftp. This lets ssh | ||
1843 | restore the terminal mode as needed when it is suspended at the password | ||
1844 | prompt. OK dtucker@ | ||
1845 | |||
1846 | Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69 | ||
1847 | |||
1848 | commit fd2a8f1033fa2316fff719fd5176968277560158 | ||
1849 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1850 | Date: Sat Oct 15 19:56:25 2016 +0000 | ||
1851 | |||
1852 | upstream commit | ||
1853 | |||
1854 | various formatting fixes, specifically removing Dq; | ||
1855 | |||
1856 | Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c | ||
1857 | |||
1858 | commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3 | ||
1859 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1860 | Date: Wed Oct 19 03:26:09 2016 +1100 | ||
1861 | |||
1862 | Import readpassphrase.c rev 1.26. | ||
1863 | |||
1864 | Author: miller@openbsd.org: | ||
1865 | Avoid generate SIGTTOU when restoring the terminal mode. If we get | ||
1866 | SIGTTOU it means the process is not in the foreground process group | ||
1867 | which, in most cases, means that the shell has taken control of the tty. | ||
1868 | Requiring the user the fg the process in this case doesn't make sense | ||
1869 | and can result in both SIGTSTP and SIGTTOU being sent which can lead to | ||
1870 | the process being suspended again immediately after being brought into | ||
1871 | the foreground. | ||
1872 | |||
1873 | commit f901440cc844062c9bab0183d133f7ccc58ac3a5 | ||
1874 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1875 | Date: Wed Oct 19 03:23:16 2016 +1100 | ||
1876 | |||
1877 | Import readpassphrase.c rev 1.25. | ||
1878 | |||
1879 | Wrap <readpassphrase.h> so internal calls go direct and | ||
1880 | readpassphrase is weak. | ||
1881 | |||
1882 | (DEF_WEAK is a no-op in portable.) | ||
1883 | |||
1884 | commit 032147b69527e5448a511049b2d43dbcae582624 | ||
1885 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1886 | Date: Sat Oct 15 05:51:12 2016 +1100 | ||
1887 | |||
1888 | Move DEF_WEAK into defines.h. | ||
1889 | |||
1890 | As well pull in more recent changes from OpenBSD these will start to | ||
1891 | arrive so put it where the definition is shared. | ||
1892 | |||
1893 | commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04 | ||
1894 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1895 | Date: Sat Oct 15 04:34:46 2016 +1100 | ||
1896 | |||
1897 | Remove do_pam_set_tty which is dead code. | ||
1898 | |||
1899 | The callers of do_pam_set_tty were removed in 2008, so this is now dead | ||
1900 | code. bz#2604, pointed out by jjelen at redhat.com. | ||
1901 | |||
1902 | commit ca04de83f210959ad2ed870a30ba1732c3ae00e3 | ||
1903 | Author: Damien Miller <djm@mindrot.org> | ||
1904 | Date: Thu Oct 13 18:53:43 2016 +1100 | ||
1905 | |||
1906 | unbreak principals-command test | ||
1907 | |||
1908 | Undo inconsistetly updated variable name. | ||
1909 | |||
1910 | commit 1723ec92eb485ce06b4cbf49712d21975d873909 | ||
1911 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1912 | Date: Tue Oct 11 21:49:54 2016 +0000 | ||
1913 | |||
1914 | upstream commit | ||
1915 | |||
1916 | fix the KEX fuzzer - the previous method of obtaining the | ||
1917 | packet contents was broken. This now uses the new per-packet input hook, so | ||
1918 | it sees exact post-decrypt packets and doesn't have to pass packet integrity | ||
1919 | checks. ok markus@ | ||
1920 | |||
1921 | Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd | ||
1922 | |||
1923 | commit 09f997893f109799cddbfce6d7e67f787045cbb2 | ||
1924 | Author: natano@openbsd.org <natano@openbsd.org> | ||
1925 | Date: Thu Oct 6 09:31:38 2016 +0000 | ||
1926 | |||
1927 | upstream commit | ||
1928 | |||
1929 | Move USER out of the way to unbreak the BUILDUSER | ||
1930 | mechanism. ok tb | ||
1931 | |||
1932 | Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c | ||
1933 | |||
1934 | commit 3049a012c482a7016f674db168f23fd524edce27 | ||
1935 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
1936 | Date: Fri Sep 30 11:55:20 2016 +0000 | ||
1937 | |||
1938 | upstream commit | ||
1939 | |||
1940 | In ssh tests set REGRESS_FAIL_EARLY with ?= so that the | ||
1941 | environment can change it. OK djm@ | ||
1942 | |||
1943 | Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b | ||
1944 | |||
1945 | commit 39af7b444db28c1cb01b7ea468a4f574a44f375b | ||
1946 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1947 | Date: Tue Oct 11 21:47:45 2016 +0000 | ||
1948 | |||
1949 | upstream commit | ||
1950 | |||
1951 | Add a per-packet input hook that is called with the | ||
1952 | decrypted packet contents. This will be used for fuzzing; ok markus@ | ||
1953 | |||
1954 | Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc | ||
1955 | |||
1956 | commit ec165c392ca54317dbe3064a8c200de6531e89ad | ||
1957 | Author: markus@openbsd.org <markus@openbsd.org> | ||
1958 | Date: Mon Oct 10 19:28:48 2016 +0000 | ||
1959 | |||
1960 | upstream commit | ||
1961 | |||
1962 | Unregister the KEXINIT handler after message has been | ||
1963 | received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause | ||
1964 | allocation of up to 128MB -- until the connection is closed. Reported by | ||
1965 | shilei-c at 360.cn | ||
1966 | |||
1967 | Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05 | ||
1968 | |||
1969 | commit 29d40319392e6e19deeca9d45468aa1119846e50 | ||
1970 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1971 | Date: Thu Oct 13 04:07:20 2016 +1100 | ||
1972 | |||
1973 | Import rev 1.24 from OpenBSD. | ||
1974 | |||
1975 | revision 1.24 | ||
1976 | date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4; | ||
1977 | most obvious unsigned char casts for ctype | ||
1978 | ok jca krw ingo | ||
1979 | |||
1980 | commit 12069e56221de207ed666c2449dedb431a2a7ca2 | ||
1981 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1982 | Date: Thu Oct 13 04:04:44 2016 +1100 | ||
1983 | |||
1984 | Import rev 1.23 from OpenBSD. Fixes bz#2619. | ||
1985 | |||
1986 | revision 1.23 | ||
1987 | date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39; | ||
1988 | Defer installing signal handlers until echo is disabled so that we | ||
1989 | get suspended normally when not the foreground process. Fix potential | ||
1990 | infinite loop when restoring terminal settings if process is in the | ||
1991 | background when restore occurs. OK miod@ | ||
1992 | |||
1993 | commit 7508d83eff89af069760b4cc587305588a64e415 | ||
1994 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1995 | Date: Thu Oct 13 03:53:51 2016 +1100 | ||
1996 | |||
1997 | If we don't have TCSASOFT, define it to zero. | ||
1998 | |||
1999 | This makes it a no-op when we use it below, which allows us to re-sync | ||
2000 | those lines with the upstream and make future updates easier. | ||
2001 | |||
2002 | commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377 | ||
2003 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2004 | Date: Fri Oct 7 14:41:52 2016 +0000 | ||
2005 | |||
2006 | upstream commit | ||
2007 | |||
2008 | tidy up the formatting in this file. more specifically, | ||
2009 | replace .Dq, which looks appalling, with .Cm, where appropriate; | ||
2010 | |||
2011 | Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738 | ||
2012 | |||
2013 | commit a571dbcc7b7b25371174569b13df5159bc4c6c7a | ||
2014 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2015 | Date: Tue Oct 4 21:34:40 2016 +0000 | ||
2016 | |||
2017 | upstream commit | ||
2018 | |||
2019 | add a comment about implicitly-expected checks to | ||
2020 | sshkey_ec_validate_public() | ||
2021 | |||
2022 | Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f | ||
2023 | |||
2024 | commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00 | ||
2025 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2026 | Date: Fri Sep 30 20:24:46 2016 +0000 | ||
2027 | |||
2028 | upstream commit | ||
2029 | |||
2030 | fix some -Wpointer-sign warnings in the new mux proxy; ok | ||
2031 | markus@ | ||
2032 | |||
2033 | Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd | ||
2034 | |||
2035 | commit ca71c36645fc26fcd739a8cfdc702cec85607761 | ||
2036 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
2037 | Date: Wed Sep 28 20:09:52 2016 +0000 | ||
2038 | |||
2039 | upstream commit | ||
2040 | |||
2041 | Add a makefile rule to create the ssh library when | ||
2042 | regress needs it. This allows to run the ssh regression tests without doing | ||
2043 | a "make build" before. Discussed with dtucker@ and djm@; OK djm@ | ||
2044 | |||
2045 | Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025 | ||
2046 | |||
2047 | commit ce44c970f913d2a047903dba8670554ac42fc479 | ||
2048 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
2049 | Date: Mon Sep 26 21:34:38 2016 +0000 | ||
2050 | |||
2051 | upstream commit | ||
2052 | |||
2053 | Allow to run ssh regression tests as root. If the user | ||
2054 | is already root, the test should not expect that SUDO is set. If ssh needs | ||
2055 | another user, use sudo or doas to switch from root if necessary. OK dtucker@ | ||
2056 | |||
2057 | Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2 | ||
2058 | |||
2059 | commit 8d0578478586e283e751ca51e7b0690631da139a | ||
2060 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2061 | Date: Fri Sep 30 09:19:13 2016 +0000 | ||
2062 | |||
2063 | upstream commit | ||
2064 | |||
2065 | ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux | ||
2066 | client speaks the ssh-packet protocol directly over unix-domain socket. - mux | ||
2067 | server acts as a proxy, translates channel IDs and relays to the server. - no | ||
2068 | filedescriptor passing necessary. - combined with unix-domain forwarding it's | ||
2069 | even possible to run mux client and server on different machines. feedback | ||
2070 | & ok djm@ | ||
2071 | |||
2072 | Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b | ||
2073 | |||
2074 | commit b7689155f3f5c4999846c07a852b1c7a43b09cec | ||
2075 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2076 | Date: Wed Sep 28 21:44:52 2016 +0000 | ||
2077 | |||
2078 | upstream commit | ||
2079 | |||
2080 | put back some pre-auth zlib bits that I shouldn't have | ||
2081 | removed - they are still used by the client. Spotted by naddy@ | ||
2082 | |||
2083 | Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2 | ||
2084 | |||
2085 | commit 4577adead6a7d600c8e764619d99477a08192c8f | ||
2086 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2087 | Date: Wed Sep 28 20:32:42 2016 +0000 | ||
2088 | |||
2089 | upstream commit | ||
2090 | |||
2091 | restore pre-auth compression support in the client -- the | ||
2092 | previous commit was intended to remove it from the server only. | ||
2093 | |||
2094 | remove a few server-side pre-auth compression bits that escaped | ||
2095 | |||
2096 | adjust wording of Compression directive in sshd_config(5) | ||
2097 | |||
2098 | pointed out by naddy@ ok markus@ | ||
2099 | |||
2100 | Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b | ||
2101 | |||
2102 | commit 80d1c963b4dc84ffd11d09617b39c4bffda08956 | ||
2103 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2104 | Date: Wed Sep 28 17:59:22 2016 +0000 | ||
2105 | |||
2106 | upstream commit | ||
2107 | |||
2108 | use a separate TOKENS section, as we've done for | ||
2109 | sshd_config(5); help/ok djm | ||
2110 | |||
2111 | Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d | ||
2112 | |||
2113 | commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455 | ||
2114 | Author: Damien Miller <djm@mindrot.org> | ||
2115 | Date: Thu Sep 29 03:19:23 2016 +1000 | ||
2116 | |||
2117 | Remove portability support for mmap | ||
2118 | |||
2119 | We no longer need to wrap/replace mmap for portability now that | ||
2120 | pre-auth compression has been removed from OpenSSH. | ||
2121 | |||
2122 | commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f | ||
2123 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2124 | Date: Wed Sep 28 16:33:06 2016 +0000 | ||
2125 | |||
2126 | upstream commit | ||
2127 | |||
2128 | Remove support for pre-authentication compression. Doing | ||
2129 | compression early in the protocol probably seemed reasonable in the 1990s, | ||
2130 | but today it's clearly a bad idea in terms of both cryptography (cf. multiple | ||
2131 | compression oracle attacks in TLS) and attack surface. | ||
2132 | |||
2133 | Moreover, to support it across privilege-separation zlib needed | ||
2134 | the assistance of a complex shared-memory manager that made the | ||
2135 | required attack surface considerably larger. | ||
2136 | |||
2137 | Prompted by Guido Vranken pointing out a compiler-elided security | ||
2138 | check in the shared memory manager found by Stack | ||
2139 | (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ | ||
2140 | |||
2141 | NB. pre-auth authentication has been disabled by default in sshd | ||
2142 | for >10 years. | ||
2143 | |||
2144 | Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf | ||
2145 | |||
2146 | commit 27c3a9c2aede2184856b5de1e6eca414bb751c38 | ||
2147 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2148 | Date: Mon Sep 26 21:16:11 2016 +0000 | ||
2149 | |||
2150 | upstream commit | ||
2151 | |||
2152 | Avoid a theoretical signed integer overflow should | ||
2153 | BN_num_bytes() ever violate its manpage and return a negative value. Improve | ||
2154 | order of tests to avoid confusing increasingly pedantic compilers. | ||
2155 | |||
2156 | Reported by Guido Vranken from stack (css.csail.mit.edu/stack) | ||
2157 | unstable optimisation analyser output. ok deraadt@ | ||
2158 | |||
2159 | Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505 | ||
2160 | |||
2161 | commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be | ||
2162 | Author: Damien Miller <djm@mindrot.org> | ||
2163 | Date: Wed Sep 28 07:40:33 2016 +1000 | ||
2164 | |||
2165 | fix mdoc2man.awk formatting for top-level lists | ||
2166 | |||
2167 | Reported by Glenn Golden | ||
2168 | Diagnosis and fix from Ingo Schwarze | ||
2169 | |||
2170 | commit b97739dc21570209ed9d4e7beee0c669ed23b097 | ||
2171 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2172 | Date: Thu Sep 22 21:15:41 2016 +0000 | ||
2173 | |||
2174 | upstream commit | ||
2175 | |||
2176 | missing bit from previous commit | ||
2177 | |||
2178 | Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37 | ||
2179 | |||
2180 | commit de6a175a99d22444e10d19ad3fffef39bc3ee3bb | ||
2181 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2182 | Date: Thu Sep 22 19:19:01 2016 +0000 | ||
2183 | |||
2184 | upstream commit | ||
2185 | |||
2186 | organise the token stuff into a separate section; ok | ||
2187 | markus for an earlier version of the diff ok/tweaks djm | ||
2188 | |||
2189 | Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8 | ||
2190 | |||
2191 | commit 16277fc45ffc95e4ffc3d45971ff8320b974de2b | ||
2192 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2193 | Date: Thu Sep 22 17:55:13 2016 +0000 | ||
2194 | |||
2195 | upstream commit | ||
2196 | |||
2197 | mention curve25519-sha256 KEX | ||
2198 | |||
2199 | Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf | ||
2200 | |||
2201 | commit 0493766d5676c7ca358824ea8d3c90f6047953df | ||
2202 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2203 | Date: Thu Sep 22 17:52:53 2016 +0000 | ||
2204 | |||
2205 | upstream commit | ||
2206 | |||
2207 | support plain curve25519-sha256 KEX algorithm now that it | ||
2208 | is approaching standardisation (same algorithm is currently supported as | ||
2209 | curve25519-sha256@libssh.org) | ||
2210 | |||
2211 | Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2 | ||
2212 | |||
2213 | commit f31c654b30a6f02ce0b8ea8ab81791b675489628 | ||
2214 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2215 | Date: Thu Sep 22 02:29:57 2016 +0000 | ||
2216 | |||
2217 | upstream commit | ||
2218 | |||
2219 | If ssh receives a PACKET_DISCONNECT during userauth it | ||
2220 | will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the | ||
2221 | session being authenticated. Check for this and exit if necessary. ok djm@ | ||
2222 | |||
2223 | Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903 | ||
2224 | |||
2225 | commit 1622649b7a829fc8dc313042a43a974f0f3e8a99 | ||
2226 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2227 | Date: Wed Sep 21 19:53:12 2016 +0000 | ||
2228 | |||
2229 | upstream commit | ||
2230 | |||
2231 | correctly return errors from kex_send_ext_info(). Fix from | ||
2232 | Sami Farin via https://github.com/openssh/openssh-portable/pull/50 | ||
2233 | |||
2234 | Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c | ||
2235 | |||
2236 | commit f83a0cfe16c7a73627b46a9a94e40087d60f32fb | ||
2237 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2238 | Date: Wed Sep 21 17:44:20 2016 +0000 | ||
2239 | |||
2240 | upstream commit | ||
2241 | |||
2242 | cast uint64_t for printf | ||
2243 | |||
2244 | Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1 | ||
2245 | |||
2246 | commit 5f63ab474f58834feca4f35c498be03b7dd38a16 | ||
2247 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2248 | Date: Wed Sep 21 17:03:54 2016 +0000 | ||
2249 | |||
2250 | upstream commit | ||
2251 | |||
2252 | disable tests for affirmative negated match after backout of | ||
2253 | match change | ||
2254 | |||
2255 | Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd | ||
2256 | |||
2257 | commit a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 | ||
2258 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2259 | Date: Wed Sep 21 16:55:42 2016 +0000 | ||
2260 | |||
2261 | upstream commit | ||
2262 | |||
2263 | Revert two recent changes to negated address matching. The | ||
2264 | new behaviour offers unintuitive surprises. We'll find a better way to deal | ||
2265 | with single negated matches. | ||
2266 | |||
2267 | match.c 1.31: | ||
2268 | > fix matching for pattern lists that contain a single negated match, | ||
2269 | > e.g. "Host !example" | ||
2270 | > | ||
2271 | > report and patch from Robin Becker. bz#1918 ok dtucker@ | ||
2272 | |||
2273 | addrmatch.c 1.11: | ||
2274 | > fix negated address matching where the address list consists of a | ||
2275 | > single negated match, e.g. "Match addr !192.20.0.1" | ||
2276 | > | ||
2277 | > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ | ||
2278 | |||
2279 | Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6 | ||
2280 | |||
2281 | commit 119b7a2ca0ef2bf3f81897ae10301b8ca8cba844 | ||
2282 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2283 | Date: Wed Sep 21 01:35:12 2016 +0000 | ||
2284 | |||
2285 | upstream commit | ||
2286 | |||
2287 | test all the AuthorizedPrincipalsCommand % expansions | ||
2288 | |||
2289 | Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3 | ||
2290 | |||
2291 | commit bfa9d969ab6235d4938ce069d4db7e5825c56a19 | ||
2292 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2293 | Date: Wed Sep 21 01:34:45 2016 +0000 | ||
2294 | |||
2295 | upstream commit | ||
2296 | |||
2297 | add a way for principals command to get see key ID and serial | ||
2298 | too | ||
2299 | |||
2300 | Upstream-ID: 0d30978bdcf7e8eaeee4eea1b030eb2eb1823fcb | ||
2301 | |||
2302 | commit 920585b826af1c639e4ed78b2eba01fd2337b127 | ||
2303 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2304 | Date: Fri Sep 16 06:09:31 2016 +0000 | ||
2305 | |||
2306 | upstream commit | ||
2307 | |||
2308 | add a note on kexfuzz' limitations | ||
2309 | |||
2310 | Upstream-Regress-ID: 03804d4a0dbc5163e1a285a4c8cc0a76a4e864ec | ||
2311 | |||
2312 | commit 0445ff184080b196e12321998b4ce80b0f33f8d1 | ||
2313 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2314 | Date: Fri Sep 16 01:01:41 2016 +0000 | ||
2315 | |||
2316 | upstream commit | ||
2317 | |||
2318 | fix for newer modp DH groups | ||
2319 | (diffie-hellman-group14-sha256 etc) | ||
2320 | |||
2321 | Upstream-Regress-ID: fe942c669959462b507516ae1634fde0725f1c68 | ||
2322 | |||
2323 | commit 28652bca29046f62c7045e933e6b931de1d16737 | ||
2324 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2325 | Date: Mon Sep 19 19:02:19 2016 +0000 | ||
2326 | |||
2327 | upstream commit | ||
2328 | |||
2329 | move inbound NEWKEYS handling to kex layer; otherwise | ||
2330 | early NEWKEYS causes NULL deref; found by Robert Swiecki/honggfuzz; fixed | ||
2331 | with & ok djm@ | ||
2332 | |||
2333 | Upstream-ID: 9a68b882892e9f51dc7bfa9f5a423858af358b2f | ||
2334 | |||
2335 | commit 492710894acfcc2f173d14d1d45bd2e688df605d | ||
2336 | Author: natano@openbsd.org <natano@openbsd.org> | ||
2337 | Date: Mon Sep 19 07:52:42 2016 +0000 | ||
2338 | |||
2339 | upstream commit | ||
2340 | |||
2341 | Replace two more arc4random() loops with | ||
2342 | arc4random_buf(). | ||
2343 | |||
2344 | tweaks and ok dtucker | ||
2345 | ok deraadt | ||
2346 | |||
2347 | Upstream-ID: 738d3229130ccc7eac975c190276ca6fcf0208e4 | ||
2348 | |||
2349 | commit 1036356324fecc13099ac6e986b549f6219327d7 | ||
2350 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
2351 | Date: Sat Sep 17 18:00:27 2016 +0000 | ||
2352 | |||
2353 | upstream commit | ||
2354 | |||
2355 | replace two arc4random loops with arc4random_buf ok | ||
2356 | deraadt natano | ||
2357 | |||
2358 | Upstream-ID: e18ede972d1737df54b49f011fa4f3917a403f48 | ||
2359 | |||
2360 | commit 00df97ff68a49a756d4b977cd02283690f5dfa34 | ||
2361 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2362 | Date: Wed Sep 14 20:11:26 2016 +0000 | ||
2363 | |||
2364 | upstream commit | ||
2365 | |||
2366 | take fingerprint of correct key for | ||
2367 | AuthorizedPrincipalsCommand | ||
2368 | |||
2369 | Upstream-ID: 553581a549cd6a3e73ce9f57559a325cc2cb1f38 | ||
2370 | |||
2371 | commit e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6 | ||
2372 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2373 | Date: Wed Sep 14 05:42:25 2016 +0000 | ||
2374 | |||
2375 | upstream commit | ||
2376 | |||
2377 | add %-escapes to AuthorizedPrincipalsCommand to match those | ||
2378 | supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a | ||
2379 | few more to provide access to the certificate's CA key; 'looks ok' dtucker@ | ||
2380 | |||
2381 | Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb | ||
2382 | |||
2383 | commit 2b939c272a81c4d0c47badeedbcb2ba7c128ccda | ||
2384 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2385 | Date: Wed Sep 14 00:45:31 2016 +0000 | ||
2386 | |||
2387 | upstream commit | ||
2388 | |||
2389 | Improve test coverage of ssh-keygen -T a bit. | ||
2390 | |||
2391 | Upstream-Regress-ID: 8851668c721bcc2b400600cfc5a87644cc024e72 | ||
2392 | |||
2393 | commit 44d82fc83be6c5ccd70881c2dac1a73e5050398b | ||
2394 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2395 | Date: Mon Sep 12 02:25:46 2016 +0000 | ||
2396 | |||
2397 | upstream commit | ||
2398 | |||
2399 | Add testcase for ssh-keygen -j, -J and -K options for | ||
2400 | moduli screening. Does not currently test generation as that is extremely | ||
2401 | slow. | ||
2402 | |||
2403 | Upstream-Regress-ID: 9de6ce801377ed3ce0a63a1413f1cd5fd3c2d062 | ||
2404 | |||
2405 | commit 44e5f756d286bc3a1a5272ea484ee276ba3ac5c2 | ||
2406 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2407 | Date: Tue Aug 23 08:17:04 2016 +0000 | ||
2408 | |||
2409 | upstream commit | ||
2410 | |||
2411 | add tests for addr_match_list() | ||
2412 | |||
2413 | Upstream-Regress-ID: fae2d1fef84687ece584738a924c7bf969616c8e | ||
2414 | |||
2415 | commit 445e218878035b59c704c18406e8aeaff4c8aa25 | ||
2416 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2417 | Date: Mon Sep 12 23:39:34 2016 +0000 | ||
2418 | |||
2419 | upstream commit | ||
2420 | |||
2421 | handle certs in rsa_hash_alg_from_ident(), saving an | ||
2422 | unnecessary special case elsewhere. | ||
2423 | |||
2424 | Upstream-ID: 901cb081c59d6d2698b57901c427f3f6dc7397d4 | ||
2425 | |||
2426 | commit 130f5df4fa37cace8c079dccb690e5cafbf00751 | ||
2427 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2428 | Date: Mon Sep 12 23:31:27 2016 +0000 | ||
2429 | |||
2430 | upstream commit | ||
2431 | |||
2432 | list all supported signature algorithms in the | ||
2433 | server-sig-algs Reported by mb AT smartftp.com in bz#2547 and (independantly) | ||
2434 | Ron Frederick; ok markus@ | ||
2435 | |||
2436 | Upstream-ID: ddf702d721f54646b11ef2cee6d916666cb685cd | ||
2437 | |||
2438 | commit 8f750ccfc07acb8aa98be5a5dd935033a6468cfd | ||
2439 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2440 | Date: Mon Sep 12 14:43:58 2016 +1000 | ||
2441 | |||
2442 | Remove no-op brackets to resync with upstream. | ||
2443 | |||
2444 | commit 7050896e7395866278c19c2ff080c26152619d1d | ||
2445 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2446 | Date: Mon Sep 12 13:57:28 2016 +1000 | ||
2447 | |||
2448 | Resync ssh-keygen -W error message with upstream. | ||
2449 | |||
2450 | commit 43cceff82cc20413cce58ba3375e19684e62cec4 | ||
2451 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2452 | Date: Mon Sep 12 13:55:37 2016 +1000 | ||
2453 | |||
2454 | Move ssh-keygen -W handling code to match upstream | ||
2455 | |||
2456 | commit af48d541360b1d7737b35740a4b1ca34e1652cd9 | ||
2457 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2458 | Date: Mon Sep 12 13:52:17 2016 +1000 | ||
2459 | |||
2460 | Move ssh-keygen -T handling code to match upstream. | ||
2461 | |||
2462 | commit d8c3cfbb018825c6c86547165ddaf11924901c49 | ||
2463 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2464 | Date: Mon Sep 12 13:30:50 2016 +1000 | ||
2465 | |||
2466 | Move -M handling code to match upstream. | ||
2467 | |||
2468 | commit 7b63cf6dbbfa841c003de57d1061acbf2ff22364 | ||
2469 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2470 | Date: Mon Sep 12 03:29:16 2016 +0000 | ||
2471 | |||
2472 | upstream commit | ||
2473 | |||
2474 | Spaces->tabs. | ||
2475 | |||
2476 | Upstream-ID: f4829dfc3f36318273f6082b379ac562eead70b7 | ||
2477 | |||
2478 | commit 11e5e644536821ceb3bb4dd8487fbf0588522887 | ||
2479 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2480 | Date: Mon Sep 12 03:25:20 2016 +0000 | ||
2481 | |||
2482 | upstream commit | ||
2483 | |||
2484 | Style whitespace fix. Also happens to remove a no-op | ||
2485 | diff with portable. | ||
2486 | |||
2487 | Upstream-ID: 45d90f9a62ad56340913a433a9453eb30ceb8bf3 | ||
2488 | |||
2489 | commit 9136ec134c97a8aff2917760c03134f52945ff3c | ||
2490 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
2491 | Date: Mon Sep 12 01:22:38 2016 +0000 | ||
2492 | |||
2493 | upstream commit | ||
2494 | |||
2495 | Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then | ||
2496 | use those definitions rather than pulling <sys/param.h> and unknown namespace | ||
2497 | pollution. ok djm markus dtucker | ||
2498 | |||
2499 | Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8 | ||
2500 | |||
2501 | commit f219fc8f03caca7ac82a38ed74bbd6432a1195e7 | ||
2502 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2503 | Date: Wed Sep 7 18:39:24 2016 +0000 | ||
2504 | |||
2505 | upstream commit | ||
2506 | |||
2507 | sort; from matthew martin | ||
2508 | |||
2509 | Upstream-ID: 73cec7f7ecc82d37a4adffad7745e4684de67ce7 | ||
2510 | |||
2511 | commit 06ce56b05def9460aecc7cdb40e861a346214793 | ||
2512 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2513 | Date: Tue Sep 6 09:22:56 2016 +0000 | ||
2514 | |||
2515 | upstream commit | ||
2516 | |||
2517 | ssh_set_newkeys: print correct block counters on | ||
2518 | rekeying; ok djm@ | ||
2519 | |||
2520 | Upstream-ID: 32bb7a9cb9919ff5bab28d50ecef3a2b2045dd1e | ||
2521 | |||
2522 | commit e5e8d9114ac6837a038f4952994ca95a97fafe8d | ||
2523 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2524 | Date: Tue Sep 6 09:14:05 2016 +0000 | ||
2525 | |||
2526 | upstream commit | ||
2527 | |||
2528 | update ext_info_c every time we receive a kexinit msg; | ||
2529 | fixes sending of ext_info if privsep is disabled; report Aris Adamantiadis & | ||
2530 | Mancha; ok djm@ | ||
2531 | |||
2532 | Upstream-ID: 2ceaa1076e19dbd3542254b4fb8e42d608f28856 | ||
2533 | |||
2534 | commit da95318dbedbaa1335323dba370975c2f251afd8 | ||
2535 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2536 | Date: Mon Sep 5 14:02:42 2016 +0000 | ||
2537 | |||
2538 | upstream commit | ||
2539 | |||
2540 | remove 3des-cbc from the client's default proposal; | ||
2541 | 64-bit block ciphers are not safe in 2016 and we don't want to wait until | ||
2542 | attacks like sweet32 are extended to SSH. | ||
2543 | |||
2544 | As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may | ||
2545 | cause problems connecting to older devices using the defaults, but | ||
2546 | it's highly likely that such devices already need explicit | ||
2547 | configuration for KEX and hostkeys anyway. | ||
2548 | |||
2549 | ok deraadt, markus, dtucker | ||
2550 | |||
2551 | Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f | ||
2552 | |||
2553 | commit b33ad6d997d36edfea65e243cd12ccd01f413549 | ||
2554 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2555 | Date: Mon Sep 5 13:57:31 2016 +0000 | ||
2556 | |||
2557 | upstream commit | ||
2558 | |||
2559 | enforce expected request flow for GSSAPI calls; thanks to | ||
2560 | Jakub Jelen for testing; ok markus@ | ||
2561 | |||
2562 | Upstream-ID: d4bc0e70e1be403735d3d9d7e176309b1fd626b9 | ||
2563 | |||
2564 | commit 0bb2980260fb24e5e0b51adac471395781b66261 | ||
2565 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2566 | Date: Mon Sep 12 11:07:00 2016 +1000 | ||
2567 | |||
2568 | Restore ssh-keygen's -J and -j option handling. | ||
2569 | |||
2570 | These were incorrectly removed in the 1d9a2e28 sync commit. | ||
2571 | |||
2572 | commit 775f8a23f2353f5869003c57a213d14b28e0736e | ||
2573 | Author: Damien Miller <djm@mindrot.org> | ||
2574 | Date: Wed Aug 31 10:48:07 2016 +1000 | ||
2575 | |||
2576 | tighten PAM monitor calls | ||
2577 | |||
2578 | only allow kbd-interactive ones when that authentication method is | ||
2579 | enabled. Prompted by Solar Designer | ||
2580 | |||
2581 | commit 7fd0ea8a1db4bcfb3d8cd9df149e5d571ebea1f4 | ||
2582 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2583 | Date: Tue Aug 30 07:50:21 2016 +0000 | ||
2584 | |||
2585 | upstream commit | ||
2586 | |||
2587 | restrict monitor auth calls to be allowed only when their | ||
2588 | respective authentication methods are enabled in the configuration. | ||
2589 | |||
2590 | prompted by Solar Designer; ok markus dtucker | ||
2591 | |||
2592 | Upstream-ID: 6eb3f89332b3546d41d6dbf5a8e6ff920142b553 | ||
2593 | |||
2594 | commit b38b95f5bcc52278feb839afda2987933f68ff96 | ||
2595 | Author: Damien Miller <djm@mindrot.org> | ||
2596 | Date: Mon Aug 29 11:47:07 2016 +1000 | ||
2597 | |||
2598 | Tighten monitor state-machine flow for PAM calls | ||
2599 | |||
2600 | (attack surface reduction) | ||
2601 | |||
2602 | commit dc664d1bd0fc91b24406a3e9575b81c285b8342b | ||
2603 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2604 | Date: Sun Aug 28 22:28:12 2016 +0000 | ||
2605 | |||
2606 | upstream commit | ||
2607 | |||
2608 | fix uninitialised optlen in getsockopt() call; harmless | ||
2609 | on Unix/BSD but potentially crashy on Cygwin. Reported by James Slepicka ok | ||
2610 | deraadt@ | ||
2611 | |||
2612 | Upstream-ID: 1987ccee508ba5b18f016c85100d7ac3f70ff965 | ||
2613 | |||
2614 | commit 5bcc1e2769f7d6927d41daf0719a9446ceab8dd7 | ||
2615 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
2616 | Date: Sat Aug 27 04:05:12 2016 +0000 | ||
2617 | |||
2618 | upstream commit | ||
2619 | |||
2620 | Pull in <sys/time.h> for struct timeval | ||
2621 | |||
2622 | ok deraadt@ | ||
2623 | |||
2624 | Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6 | ||
2625 | |||
2626 | commit fa4a4c96b19127dc2fd4e92f20d99c0c7f34b538 | ||
2627 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
2628 | Date: Sat Aug 27 04:04:56 2016 +0000 | ||
2629 | |||
2630 | upstream commit | ||
2631 | |||
2632 | Pull in <stdlib.h> for NULL | ||
2633 | |||
2634 | ok deraadt@ | ||
2635 | |||
2636 | Upstream-ID: 7baa6a0f1e049bb3682522b4b95a26c866bfc043 | ||
2637 | |||
2638 | commit ae363d74ccc1451185c0c8bd4631e28c67c7fd36 | ||
2639 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2640 | Date: Thu Aug 25 23:57:54 2016 +0000 | ||
2641 | |||
2642 | upstream commit | ||
2643 | |||
2644 | add a sIgnore opcode that silently ignores options and | ||
2645 | use it to suppress noisy deprecation warnings for the Protocol directive. | ||
2646 | |||
2647 | req henning, ok markus | ||
2648 | |||
2649 | Upstream-ID: 9fe040aca3d6ff393f6f7e60045cdd821dc4cbe0 | ||
2650 | |||
2651 | commit a94c60306643ae904add6e8ed219e4be3494255c | ||
2652 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2653 | Date: Thu Aug 25 23:56:51 2016 +0000 | ||
2654 | |||
2655 | upstream commit | ||
2656 | |||
2657 | remove superfluous NOTREACHED comment | ||
2658 | |||
2659 | Upstream-ID: a7485c1f1be618e8c9e38fd9be46c13b2d03b90c | ||
2660 | |||
2661 | commit fc041c47144ce28cf71353124a8a5d183cd6a251 | ||
2662 | Author: otto@openbsd.org <otto@openbsd.org> | ||
2663 | Date: Tue Aug 23 16:21:45 2016 +0000 | ||
2664 | |||
2665 | upstream commit | ||
2666 | |||
2667 | fix previous, a condition was modified incorrectly; ok | ||
2668 | markus@ deraadt@ | ||
2669 | |||
2670 | Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453 | ||
2671 | |||
2672 | commit 23555eb13a9b0550371a16dcf8beaab7a5806a64 | ||
2673 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2674 | Date: Tue Aug 23 08:17:42 2016 +0000 | ||
2675 | |||
2676 | upstream commit | ||
2677 | |||
2678 | downgrade an error() to a debug2() to match similar cases | ||
2679 | in addr_match_list() | ||
2680 | |||
2681 | Upstream-ID: 07c3d53e357214153d9d08f234411e0d1a3d6f5c | ||
2682 | |||
2683 | commit a39627134f6d90e7009eeb14e9582ecbc7a99192 | ||
2684 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2685 | Date: Tue Aug 23 06:36:23 2016 +0000 | ||
2686 | |||
2687 | upstream commit | ||
2688 | |||
2689 | remove Protocol directive from client/server configs that | ||
2690 | causes spammy deprecation warnings | ||
2691 | |||
2692 | hardcode SSH_PROTOCOLS=2, since that's all we support on the server | ||
2693 | now (the client still may support both, so it could get confused) | ||
2694 | |||
2695 | Upstream-Regress-ID: c16662c631af51633f9fd06aca552a70535de181 | ||
2696 | |||
2697 | commit 6ee4f1c01ee31e65245881d49d4bccf014956066 | ||
2698 | Author: Damien Miller <djm@mindrot.org> | ||
2699 | Date: Tue Aug 23 16:33:48 2016 +1000 | ||
2700 | |||
2701 | hook match and utf8 unittests up to Makefile | ||
2702 | |||
2703 | commit 114efe2bc0dd2842d997940a833f115e6fc04854 | ||
2704 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2705 | Date: Fri Aug 19 06:44:13 2016 +0000 | ||
2706 | |||
2707 | upstream commit | ||
2708 | |||
2709 | add tests for matching functions | ||
2710 | |||
2711 | Upstream-Regress-ID: 0869d4f5c5d627c583c6a929d69c17d5dd65882c | ||
2712 | |||
2713 | commit 857568d2ac81c14bcfd625b27536c1e28c992b3c | ||
2714 | Author: Damien Miller <djm@mindrot.org> | ||
2715 | Date: Tue Aug 23 14:32:37 2016 +1000 | ||
2716 | |||
2717 | removing UseLogin bits from configure.ac | ||
2718 | |||
2719 | commit cc182d01cef8ca35a1d25ea9bf4e2ff72e588208 | ||
2720 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2721 | Date: Tue Aug 23 03:24:10 2016 +0000 | ||
2722 | |||
2723 | upstream commit | ||
2724 | |||
2725 | fix negated address matching where the address list | ||
2726 | consists of a single negated match, e.g. "Match addr !192.20.0.1" | ||
2727 | |||
2728 | Report and patch from Jakub Jelen. bz#2397 ok dtucker@ | ||
2729 | |||
2730 | Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8 | ||
2731 | |||
2732 | commit 4067ec8a4c64ccf16250c35ff577b4422767da64 | ||
2733 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2734 | Date: Tue Aug 23 03:22:49 2016 +0000 | ||
2735 | |||
2736 | upstream commit | ||
2737 | |||
2738 | fix matching for pattern lists that contain a single | ||
2739 | negated match, e.g. "Host !example" | ||
2740 | |||
2741 | report and patch from Robin Becker. bz#1918 ok dtucker@ | ||
2742 | |||
2743 | Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea | ||
2744 | |||
2745 | commit 83b581862a1dbb06fc859959f829dde2654aef3c | ||
2746 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2747 | Date: Fri Aug 19 03:18:06 2016 +0000 | ||
2748 | |||
2749 | upstream commit | ||
2750 | |||
2751 | remove UseLogin option and support for having /bin/login | ||
2752 | manage login sessions; ok deraadt markus dtucker | ||
2753 | |||
2754 | Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712 | ||
2755 | |||
2756 | commit ffe6549c2f7a999cc5264b873a60322e91862581 | ||
2757 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2758 | Date: Mon Aug 15 12:32:04 2016 +0000 | ||
2759 | |||
2760 | upstream commit | ||
2761 | |||
2762 | Catch up with the SSH1 code removal and delete all | ||
2763 | mention of protocol 1 particularities, key files and formats, command line | ||
2764 | options, and configuration keywords from the server documentation and | ||
2765 | examples. ok jmc@ | ||
2766 | |||
2767 | Upstream-ID: 850328854675b4b6a0d4a90f0b4a9dd9ca4e905f | ||
2768 | |||
2769 | commit c38ea634893a1975dbbec798fb968c9488013f4a | ||
2770 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2771 | Date: Mon Aug 15 12:27:56 2016 +0000 | ||
2772 | |||
2773 | upstream commit | ||
2774 | |||
2775 | Remove more SSH1 server code: * Drop sshd's -k option. * | ||
2776 | Retire configuration keywords that only apply to protocol 1, as well as the | ||
2777 | "protocol" keyword. * Remove some related vestiges of protocol 1 support. | ||
2778 | |||
2779 | ok markus@ | ||
2780 | |||
2781 | Upstream-ID: 9402f82886de917779db12f8ee3f03d4decc244d | ||
2782 | |||
2783 | commit 33ba55d9e358c07f069e579bfab80eccaaad52cb | ||
2784 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2785 | Date: Wed Aug 17 16:26:04 2016 +1000 | ||
2786 | |||
2787 | Only check for prctl once. | ||
2788 | |||
2789 | commit 976ba8a8fd66a969bf658280c1e5adf694cc2fc6 | ||
2790 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2791 | Date: Wed Aug 17 15:33:10 2016 +1000 | ||
2792 | |||
2793 | Fix typo. | ||
2794 | |||
2795 | commit 9abf84c25ff4448891edcde60533a6e7b2870de1 | ||
2796 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2797 | Date: Wed Aug 17 14:25:43 2016 +1000 | ||
2798 | |||
2799 | Correct LDFLAGS for clang example. | ||
2800 | |||
2801 | --with-ldflags isn't used until after the -ftrapv test, so mention | ||
2802 | LDFLAGS instead for now. | ||
2803 | |||
2804 | commit 1e8013a17ff11e3c6bd0012fb1fc8d5f1330eb21 | ||
2805 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2806 | Date: Wed Aug 17 14:08:42 2016 +1000 | ||
2807 | |||
2808 | Remove obsolete CVS $Id from source files. | ||
2809 | |||
2810 | Since -portable switched to git the CVS $Id tags are no longer being | ||
2811 | updated and are becoming increasingly misleading. Remove them. | ||
2812 | |||
2813 | commit adab758242121181700e48b4f6c60d6b660411fe | ||
2814 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2815 | Date: Wed Aug 17 13:40:58 2016 +1000 | ||
2816 | |||
2817 | Remove now-obsolete CVS $Id tags from text files. | ||
2818 | |||
2819 | Since -portable switched to git, the CVS $Id tags are no longer being | ||
2820 | updated and are becoming increasingly misleading. Remove them. | ||
2821 | |||
2822 | commit 560c0068541315002ec4c1c00a560bbd30f2d671 | ||
2823 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2824 | Date: Wed Aug 17 13:38:30 2016 +1000 | ||
2825 | |||
2826 | Add a section for compiler specifics. | ||
2827 | |||
2828 | Add a section for compiler specifics and document the runtime requirements | ||
2829 | for clang's integer sanitization. | ||
2830 | |||
2831 | commit a8fc0f42e1eda2fa3393d1ea5e61322d5e07a9cd | ||
2832 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2833 | Date: Wed Aug 17 13:35:43 2016 +1000 | ||
2834 | |||
2835 | Test multiplying two long long ints. | ||
2836 | |||
2837 | When using clang with -ftrapv or -sanitize=integer the tests would pass | ||
2838 | but linking would fail with "undefined reference to __mulodi4". | ||
2839 | Explicitly test for this before enabling -trapv. | ||
2840 | |||
2841 | commit a1cc637e7e11778eb727559634a6ef1c19c619f6 | ||
2842 | Author: Damien Miller <djm@mindrot.org> | ||
2843 | Date: Tue Aug 16 14:47:34 2016 +1000 | ||
2844 | |||
2845 | add a --with-login-program configure argument | ||
2846 | |||
2847 | Saves messing around with LOGIN_PROGRAM env var, which come | ||
2848 | packaging environments make hard to do during configure phase. | ||
2849 | |||
2850 | commit 8bd81e1596ab1bab355146cb65e82fb96ade3b23 | ||
2851 | Author: Damien Miller <djm@mindrot.org> | ||
2852 | Date: Tue Aug 16 13:30:56 2016 +1000 | ||
2853 | |||
2854 | add --with-pam-service to specify PAM service name | ||
2855 | |||
2856 | Saves messing around with CFLAGS to do it. | ||
2857 | |||
2858 | commit 74433a19bb6f4cef607680fa4d1d7d81ca3826aa | ||
2859 | Author: Damien Miller <djm@mindrot.org> | ||
2860 | Date: Tue Aug 16 13:28:23 2016 +1000 | ||
2861 | |||
2862 | fix false positives when compiled with msan | ||
2863 | |||
2864 | Our explicit_bzero successfully confused clang -fsanitize-memory | ||
2865 | in to thinking that memset is never called to initialise memory. | ||
2866 | Ensure that it is called in a way that the compiler recognises. | ||
2867 | |||
2868 | commit 6cb6dcffe1a2204ba9006de20f73255c268fcb6b | ||
2869 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2870 | Date: Sat Aug 13 17:47:40 2016 +0000 | ||
2871 | |||
2872 | upstream commit | ||
2873 | |||
2874 | remove ssh1 server code; ok djm@ | ||
2875 | |||
2876 | Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534 | ||
2877 | |||
2878 | commit 42d47adc5ad1187f22c726cbc52e71d6b1767ca2 | ||
2879 | Author: jca@openbsd.org <jca@openbsd.org> | ||
2880 | Date: Fri Aug 12 19:19:04 2016 +0000 | ||
2881 | |||
2882 | upstream commit | ||
2883 | |||
2884 | Use 2001:db8::/32, the official IPv6 subnet for | ||
2885 | configuration examples. | ||
2886 | |||
2887 | This makes the IPv6 example consistent with IPv4, and removes a dubious | ||
2888 | mention of a 6bone subnet. | ||
2889 | |||
2890 | ok sthen@ millert@ | ||
2891 | |||
2892 | Upstream-ID: b027f3d0e0073419a132fd1bf002e8089b233634 | ||
2893 | |||
2894 | commit b61f53c0c3b43c28e013d3b3696d64d1c0204821 | ||
2895 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2896 | Date: Thu Aug 11 01:42:11 2016 +0000 | ||
2897 | |||
2898 | upstream commit | ||
2899 | |||
2900 | Update moduli file. | ||
2901 | |||
2902 | Upstream-ID: 6da9a37f74aef9f9cc639004345ad893cad582d8 | ||
2903 | |||
2904 | commit f217d9bd42d306f69f56335231036b44502d8191 | ||
2905 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2906 | Date: Thu Aug 11 11:42:48 2016 +1000 | ||
2907 | |||
2908 | Import updated moduli. | ||
2909 | |||
2910 | commit 67dca60fbb4923b7a11c1645b90a5ca57c03d8be | ||
2911 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2912 | Date: Mon Aug 8 22:40:57 2016 +0000 | ||
2913 | |||
2914 | upstream commit | ||
2915 | |||
2916 | Improve error message for overlong ControlPath. ok markus@ | ||
2917 | djm@ | ||
2918 | |||
2919 | Upstream-ID: aed374e2e88dd3eb41390003e5303d0089861eb5 | ||
2920 | |||
2921 | commit 4706c1d8c15cd5565b59512853c2da9bd4ca26c9 | ||
2922 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2923 | Date: Wed Aug 3 05:41:57 2016 +0000 | ||
2924 | |||
2925 | upstream commit | ||
2926 | |||
2927 | small refactor of cipher.c: make ciphercontext opaque to | ||
2928 | callers feedback and ok markus@ | ||
2929 | |||
2930 | Upstream-ID: 094849f8be68c3bdad2c0f3dee551ecf7be87f6f | ||
2931 | |||
2932 | commit e600348a7afd6325cc5cd783cb424065cbc20434 | ||
2933 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2934 | Date: Wed Aug 3 04:23:55 2016 +0000 | ||
2935 | |||
2936 | upstream commit | ||
2937 | |||
2938 | Fix bug introduced in rev 1.467 which causes | ||
2939 | "buffer_get_bignum_ret: incomplete message" errors when built with WITH_SSH1 | ||
2940 | and run such that no Protocol 1 ephemeral host key is generated (eg "Protocol | ||
2941 | 2", no SSH1 host key supplied). Reported by rainer.laatsch at t-online.de, | ||
2942 | ok deraadt@ | ||
2943 | |||
2944 | Upstream-ID: aa6b132da5c325523aed7989cc5a320497c919dc | ||
2945 | |||
2946 | commit d7e7348e72f9b203189e3fffb75605afecba4fda | ||
2947 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2948 | Date: Wed Jul 27 23:18:12 2016 +0000 | ||
2949 | |||
2950 | upstream commit | ||
2951 | |||
2952 | better bounds check on iovcnt (we only ever use fixed, | ||
2953 | positive values) | ||
2954 | |||
2955 | Upstream-ID: 9baa6eb5cd6e30c9dc7398e5fe853721a3a5bdee | ||
2956 | |||
2957 | commit 5faa52d295f764562ed6dd75c4a4ce9134ae71e3 | ||
2958 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2959 | Date: Tue Aug 2 15:22:40 2016 +1000 | ||
2960 | |||
2961 | Use tabs consistently inside "case $host". | ||
2962 | |||
2963 | commit 20e5e8ba9c5d868d897896190542213a60fffbd2 | ||
2964 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2965 | Date: Tue Aug 2 12:16:34 2016 +1000 | ||
2966 | |||
2967 | Explicitly test for broken strnvis. | ||
2968 | |||
2969 | NetBSD added an strnvis and unfortunately made it incompatible with the | ||
2970 | existing one in OpenBSD and Linux's libbsd (the former having existed | ||
2971 | for over ten years). Despite this incompatibility being reported during | ||
2972 | development (see http://gnats.netbsd.org/44977) they still shipped it. | ||
2973 | Even more unfortunately FreeBSD and later MacOS picked up this incompatible | ||
2974 | implementation. Try to detect this mess, and assume the only safe option | ||
2975 | if we're cross compiling. | ||
2976 | |||
2977 | OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); | ||
2978 | NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); | ||
2979 | |||
2980 | ok djm@ | ||
2981 | |||
2982 | commit b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c | ||
2983 | Author: Damien Miller <djm@mindrot.org> | ||
2984 | Date: Tue Aug 2 11:06:23 2016 +1000 | ||
2985 | |||
2986 | update recommended autoconf version | ||
2987 | |||
2988 | commit 23902e31dfd18c6d7bb41ccd73de3b5358a377da | ||
2989 | Author: Damien Miller <djm@mindrot.org> | ||
2990 | Date: Tue Aug 2 10:48:04 2016 +1000 | ||
2991 | |||
2992 | update config.guess and config.sub to current | ||
2993 | |||
2994 | upstream commit 562f3512b3911ba0c77a7f68214881d1f241f46e | ||
2995 | |||
2996 | commit dd1031b78b83083615b68d7163c44f4408635be2 | ||
2997 | Author: Darren Tucker <dtucker@zip.com.au> | ||
2998 | Date: Tue Aug 2 10:01:52 2016 +1000 | ||
2999 | |||
3000 | Replace spaces with tabs. | ||
3001 | |||
3002 | Mechanically replace spaces with tabs in compat files not synced with | ||
3003 | OpenBSD. | ||
3004 | |||
3005 | commit c20dccb5614c5714f4155dda01bcdebf97cfae7e | ||
3006 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3007 | Date: Tue Aug 2 09:44:25 2016 +1000 | ||
3008 | |||
3009 | Strip trailing whitespace. | ||
3010 | |||
3011 | Mechanically strip trailing whitespace on files not synced with OpenBSD | ||
3012 | (or in the case of bsd-snprint.c, rsync). | ||
3013 | |||
3014 | commit 30f9bd1c0963c23bfba8468dfd26aa17609ba42f | ||
3015 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3016 | Date: Tue Aug 2 09:06:27 2016 +1000 | ||
3017 | |||
3018 | Repair $OpenBSD markers. | ||
3019 | |||
3020 | commit 9715d4ad4b53877ec23dc8681dd7a405de9419a6 | ||
3021 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3022 | Date: Tue Aug 2 09:02:42 2016 +1000 | ||
3023 | |||
3024 | Repair $OpenBSD marker. | ||
3025 | |||
3026 | commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c | ||
3027 | Author: Tim Rice <tim@multitalents.net> | ||
3028 | Date: Mon Aug 1 14:31:52 2016 -0700 | ||
3029 | |||
3030 | modified: configure.ac opensshd.init.in | ||
3031 | Skip generating missing RSA1 key on startup unless ssh1 support is enabled. | ||
3032 | Spotted by Jean-Pierre Radley | ||
3033 | |||
3034 | commit 99522ba7ec6963a05c04a156bf20e3ba3605987c | ||
3035 | Author: Damien Miller <djm@mindrot.org> | ||
3036 | Date: Thu Jul 28 08:54:27 2016 +1000 | ||
3037 | |||
3038 | define _OPENBSD_SOURCE for reallocarray on NetBSD | ||
3039 | |||
3040 | Report by and debugged with Hisashi T Fujinaka, dtucker nailed | ||
3041 | the problem (lack of prototype causing return type confusion). | ||
3042 | |||
3043 | commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187 | ||
3044 | Author: Damien Miller <djm@mindrot.org> | ||
3045 | Date: Wed Jul 27 08:25:42 2016 +1000 | ||
3046 | |||
3047 | KNF | ||
3048 | |||
3049 | commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331 | ||
3050 | Author: Damien Miller <djm@mindrot.org> | ||
3051 | Date: Wed Jul 27 08:25:23 2016 +1000 | ||
3052 | |||
3053 | Linux auditing also needs packet.h | ||
3054 | |||
3055 | commit 393bd381a45884b589baa9aed4394f1d250255ca | ||
3056 | Author: Damien Miller <djm@mindrot.org> | ||
3057 | Date: Wed Jul 27 08:18:05 2016 +1000 | ||
3058 | |||
3059 | fix auditing on Linux | ||
3060 | |||
3061 | get_remote_ipaddr() was replaced with ssh_remote_ipaddr() | ||
3062 | |||
3063 | commit 80e766fb089de4f3c92b1600eb99e9495e37c992 | ||
3064 | Author: Damien Miller <djm@mindrot.org> | ||
3065 | Date: Sun Jul 24 21:50:13 2016 +1000 | ||
3066 | |||
3067 | crank version numbers | ||
3068 | |||
3069 | commit b1a478792d458f2e938a302e64bab2b520edc1b3 | ||
3070 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3071 | Date: Sun Jul 24 11:45:36 2016 +0000 | ||
3072 | |||
3073 | upstream commit | ||
3074 | |||
3075 | openssh-7.3 | ||
3076 | |||
3077 | Upstream-ID: af106a7eb665f642648cf1993e162c899f358718 | ||
3078 | |||
3079 | commit 353766e0881f069aeca30275ab706cd60a1a8fdd | ||
3080 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3081 | Date: Sat Jul 23 16:14:42 2016 +1000 | ||
3082 | |||
3083 | Move Cygwin IPPORT_RESERVED overrride to defines.h | ||
3084 | |||
3085 | Patch from vinschen at redhat.com. | ||
3086 | |||
3087 | commit 368dd977ae07afb93f4ecea23615128c95ab2b32 | ||
3088 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3089 | Date: Sat Jul 23 02:54:08 2016 +0000 | ||
3090 | |||
3091 | upstream commit | ||
3092 | |||
3093 | fix pledge violation with ssh -f; reported by Valentin | ||
3094 | Kozamernik ok dtucker@ | ||
3095 | |||
3096 | Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa | ||
3097 | |||
3098 | commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e | ||
3099 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3100 | Date: Fri Jul 22 07:00:46 2016 +0000 | ||
3101 | |||
3102 | upstream commit | ||
3103 | |||
3104 | improve wording; suggested by jmc@ | ||
3105 | |||
3106 | Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8 | ||
3107 | |||
3108 | commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8 | ||
3109 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3110 | Date: Fri Jul 22 05:46:11 2016 +0000 | ||
3111 | |||
3112 | upstream commit | ||
3113 | |||
3114 | Lower loglevel for "Authenticated with partial success" | ||
3115 | message similar to other similar level. bz#2599, patch from cgallek at | ||
3116 | gmail.com, ok markus@ | ||
3117 | |||
3118 | Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd | ||
3119 | |||
3120 | commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6 | ||
3121 | Author: Damien Miller <djm@mindrot.org> | ||
3122 | Date: Fri Jul 22 14:06:36 2016 +1000 | ||
3123 | |||
3124 | retry waitpid on EINTR failure | ||
3125 | |||
3126 | patch from Jakub Jelen on bz#2581; ok dtucker@ | ||
3127 | |||
3128 | commit da88a70a89c800e74ea8e5661ffa127a3cc79a92 | ||
3129 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3130 | Date: Fri Jul 22 03:47:36 2016 +0000 | ||
3131 | |||
3132 | upstream commit | ||
3133 | |||
3134 | constify a few functions' arguments; patch from Jakub | ||
3135 | Jelen bz#2581 | ||
3136 | |||
3137 | Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d | ||
3138 | |||
3139 | commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf | ||
3140 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3141 | Date: Fri Jul 22 03:39:13 2016 +0000 | ||
3142 | |||
3143 | upstream commit | ||
3144 | |||
3145 | move debug("%p", key) to before key is free'd; probable | ||
3146 | undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581 | ||
3147 | |||
3148 | Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a | ||
3149 | |||
3150 | commit 286f5a77c3bfec1e8892ca268087ac885ac871bf | ||
3151 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3152 | Date: Fri Jul 22 03:35:11 2016 +0000 | ||
3153 | |||
3154 | upstream commit | ||
3155 | |||
3156 | reverse the order in which -J/JumpHost proxies are visited to | ||
3157 | be more intuitive and document | ||
3158 | |||
3159 | reported by and manpage bits naddy@ | ||
3160 | |||
3161 | Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a | ||
3162 | |||
3163 | commit fcd135c9df440bcd2d5870405ad3311743d78d97 | ||
3164 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3165 | Date: Thu Jul 21 01:39:35 2016 +0000 | ||
3166 | |||
3167 | upstream commit | ||
3168 | |||
3169 | Skip passwords longer than 1k in length so clients can't | ||
3170 | easily DoS sshd by sending very long passwords, causing it to spend CPU | ||
3171 | hashing them. feedback djm@, ok markus@. | ||
3172 | |||
3173 | Brought to our attention by tomas.kuthan at oracle.com, shilei-c at | ||
3174 | 360.cn and coredump at autistici.org | ||
3175 | |||
3176 | Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333 | ||
3177 | |||
3178 | commit 324583e8fb3935690be58790425793df619c6d4d | ||
3179 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
3180 | Date: Wed Jul 20 10:45:27 2016 +0000 | ||
3181 | |||
3182 | upstream commit | ||
3183 | |||
3184 | Do not clobber the global jump_host variables when | ||
3185 | parsing an inactive configuration. ok djm@ | ||
3186 | |||
3187 | Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31 | ||
3188 | |||
3189 | commit 32d921c323b989d28405e78d0a8923d12913d737 | ||
3190 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3191 | Date: Tue Jul 19 12:59:16 2016 +0000 | ||
3192 | |||
3193 | upstream commit | ||
3194 | |||
3195 | tweak previous; | ||
3196 | |||
3197 | Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534 | ||
3198 | |||
3199 | commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025 | ||
3200 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3201 | Date: Tue Jul 19 11:38:53 2016 +0000 | ||
3202 | |||
3203 | upstream commit | ||
3204 | |||
3205 | Allow wildcard for PermitOpen hosts as well as ports. | ||
3206 | bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok | ||
3207 | markus@ | ||
3208 | |||
3209 | Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2 | ||
3210 | |||
3211 | commit b98a2a8348e907b3d71caafd80f0be8fdd075943 | ||
3212 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3213 | Date: Mon Jul 18 11:35:33 2016 +0000 | ||
3214 | |||
3215 | upstream commit | ||
3216 | |||
3217 | Reduce timing attack against obsolete CBC modes by always | ||
3218 | computing the MAC over a fixed size of data. Reported by Jean Paul | ||
3219 | Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@ | ||
3220 | |||
3221 | Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912 | ||
3222 | |||
3223 | commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc | ||
3224 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3225 | Date: Thu Jul 21 14:17:31 2016 +1000 | ||
3226 | |||
3227 | Search users for one with a valid salt. | ||
3228 | |||
3229 | If the root account is locked (eg password "!!" or "*LK*") keep looking | ||
3230 | until we find a user with a valid salt to use for crypting passwords of | ||
3231 | invalid users. ok djm@ | ||
3232 | |||
3233 | commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782 | ||
3234 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3235 | Date: Mon Jul 18 17:22:49 2016 +1000 | ||
3236 | |||
3237 | Explicitly specify source files for regress tools. | ||
3238 | |||
3239 | Since adding $(REGRESSLIBS), $? is wrong because it includes only the | ||
3240 | changed source files. $< seems like it'd be right however it doesn't | ||
3241 | seem to work on some non-GNU makes, so do what works everywhere. | ||
3242 | |||
3243 | commit eac1bbd06872c273f16ac0f9976b0aef026b701b | ||
3244 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3245 | Date: Mon Jul 18 17:12:22 2016 +1000 | ||
3246 | |||
3247 | Conditionally include err.h. | ||
3248 | |||
3249 | commit 0a454147568746c503f669e1ba861f76a2e7a585 | ||
3250 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3251 | Date: Mon Jul 18 16:26:26 2016 +1000 | ||
3252 | |||
3253 | Remove local implementation of err, errx. | ||
3254 | |||
3255 | We now have a shared implementation in libopenbsd-compat. | ||
3256 | |||
3257 | commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1 | ||
3258 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3259 | Date: Mon Jul 18 06:08:01 2016 +0000 | ||
3260 | |||
3261 | upstream commit | ||
3262 | |||
3263 | Add some unsigned overflow checks for extra_pad. None of | ||
3264 | these are reachable with the amount of padding that we use internally. | ||
3265 | bz#2566, pointed out by Torben Hansen. ok markus@ | ||
3266 | |||
3267 | Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76 | ||
3268 | |||
3269 | commit c71ba790c304545464bb494de974cdf0f4b5cf1e | ||
3270 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3271 | Date: Mon Jul 18 15:43:25 2016 +1000 | ||
3272 | |||
3273 | Add dependency on libs for unit tests. | ||
3274 | |||
3275 | Makes "./configure && make tests" work again. ok djm@ | ||
3276 | |||
3277 | commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8 | ||
3278 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3279 | Date: Mon Jul 18 13:47:39 2016 +1000 | ||
3280 | |||
3281 | Correct location for kexfuzz in clean target. | ||
3282 | |||
3283 | commit 01558b7b07af43da774d3a11a5c51fa9c310849d | ||
3284 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3285 | Date: Mon Jul 18 09:33:25 2016 +1000 | ||
3286 | |||
3287 | Handle PAM_MAXTRIES from modules. | ||
3288 | |||
3289 | bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer | ||
3290 | password and keyboard-interative authentication methods. Should prevent | ||
3291 | "sshd ignoring max retries" warnings in the log. ok djm@ | ||
3292 | |||
3293 | It probably won't trigger with keyboard-interactive in the default | ||
3294 | configuration because the retry counter is stored in module-private | ||
3295 | storage which goes away with the sshd PAM process (see bz#688). On the | ||
3296 | other hand, those cases probably won't log a warning either. | ||
3297 | |||
3298 | commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc | ||
3299 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3300 | Date: Sun Jul 17 04:20:16 2016 +0000 | ||
3301 | |||
3302 | upstream commit | ||
3303 | |||
3304 | support UTF-8 characters in ssh(1) banners using | ||
3305 | schwarze@'s safe fmprintf printer; bz#2058 | ||
3306 | |||
3307 | feedback schwarze@ ok dtucker@ | ||
3308 | |||
3309 | Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7 | ||
3310 | |||
3311 | commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7 | ||
3312 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3313 | Date: Sat Jul 16 06:57:55 2016 +0000 | ||
3314 | |||
3315 | upstream commit | ||
3316 | |||
3317 | - add proxyjump to the options list - formatting fixes - | ||
3318 | update usage() | ||
3319 | |||
3320 | ok djm | ||
3321 | |||
3322 | Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457 | ||
3323 | |||
3324 | commit af1f084857621f14bd9391aba8033d35886c2455 | ||
3325 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3326 | Date: Fri Jul 15 05:01:58 2016 +0000 | ||
3327 | |||
3328 | upstream commit | ||
3329 | |||
3330 | Reduce the syslog level of some relatively common protocol | ||
3331 | events from LOG_CRIT by replacing fatal() calls with logdie(). Part of | ||
3332 | bz#2585, ok djm@ | ||
3333 | |||
3334 | Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5 | ||
3335 | |||
3336 | commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f | ||
3337 | Author: Damien Miller <djm@mindrot.org> | ||
3338 | Date: Fri Jul 15 19:14:48 2016 +1000 | ||
3339 | |||
3340 | missing openssl/dh.h | ||
3341 | |||
3342 | commit 4a984fd342effe5f0aad874a0d538c4322d973c0 | ||
3343 | Author: Damien Miller <djm@mindrot.org> | ||
3344 | Date: Fri Jul 15 18:47:07 2016 +1000 | ||
3345 | |||
3346 | cast to avoid type warning in error message | ||
3347 | |||
3348 | commit 5abfb15ced985c340359ae7fb65a625ed3692b3e | ||
3349 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3350 | Date: Fri Jul 15 14:48:30 2016 +1000 | ||
3351 | |||
3352 | Move VA_COPY macro into compat header. | ||
3353 | |||
3354 | Some AIX compilers unconditionally undefine va_copy but don't set it back | ||
3355 | to an internal function, causing link errors. In some compat code we | ||
3356 | already use VA_COPY instead so move the two existing instances into the | ||
3357 | shared header and use for sshbuf-getput-basic.c too. Should fix building | ||
3358 | with at lease some versions of AIX's compiler. bz#2589, ok djm@ | ||
3359 | |||
3360 | commit 832b7443b7a8e181c95898bc5d73497b7190decd | ||
3361 | Author: Damien Miller <djm@mindrot.org> | ||
3362 | Date: Fri Jul 15 14:45:34 2016 +1000 | ||
3363 | |||
3364 | disable ciphers not supported by OpenSSL | ||
3365 | |||
3366 | bz#2466 ok dtucker@ | ||
3367 | |||
3368 | commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8 | ||
3369 | Author: Damien Miller <djm@mindrot.org> | ||
3370 | Date: Fri Jul 15 13:54:31 2016 +1000 | ||
3371 | |||
3372 | add a --disable-pkcs11 knob | ||
3373 | |||
3374 | commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9 | ||
3375 | Author: Damien Miller <djm@mindrot.org> | ||
3376 | Date: Fri Jul 15 13:44:38 2016 +1000 | ||
3377 | |||
3378 | fix newline escaping for unsupported_algorithms | ||
3379 | |||
3380 | The hmac-ripemd160 was incorrect and could lead to broken | ||
3381 | Makefiles on systems that lacked support for it, but I made | ||
3382 | all the others consistent too. | ||
3383 | |||
3384 | commit ed877ef653847d056bb433975d731b7a1132a979 | ||
3385 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3386 | Date: Fri Jul 15 00:24:30 2016 +0000 | ||
3387 | |||
3388 | upstream commit | ||
3389 | |||
3390 | Add a ProxyJump ssh_config(5) option and corresponding -J | ||
3391 | ssh(1) command-line flag to allow simplified indirection through a SSH | ||
3392 | bastion or "jump host". | ||
3393 | |||
3394 | These options construct a proxy command that connects to the | ||
3395 | specified jump host(s) (more than one may be specified) and uses | ||
3396 | port-forwarding to establish a connection to the next destination. | ||
3397 | |||
3398 | This codifies the safest way of indirecting connections through SSH | ||
3399 | servers and makes it easy to use. | ||
3400 | |||
3401 | ok markus@ | ||
3402 | |||
3403 | Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397 | ||
3404 | |||
3405 | commit 5c02dd126206a26785379e80f2d3848e4470b711 | ||
3406 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3407 | Date: Fri Jul 15 12:56:39 2016 +1000 | ||
3408 | |||
3409 | Map umac_ctx struct name too. | ||
3410 | |||
3411 | Prevents size mismatch linker warnings on Solaris 11. | ||
3412 | |||
3413 | commit 283b97ff33ea2c641161950849931bd578de6946 | ||
3414 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3415 | Date: Fri Jul 15 13:49:44 2016 +1000 | ||
3416 | |||
3417 | Mitigate timing of disallowed users PAM logins. | ||
3418 | |||
3419 | When sshd decides to not allow a login (eg PermitRootLogin=no) and | ||
3420 | it's using PAM, it sends a fake password to PAM so that the timing for | ||
3421 | the failure is not noticeably different whether or not the password | ||
3422 | is correct. This behaviour can be detected by sending a very long | ||
3423 | password string which is slower to hash than the fake password. | ||
3424 | |||
3425 | Mitigate by constructing an invalid password that is the same length | ||
3426 | as the one from the client and thus takes the same time to hash. | ||
3427 | Diff from djm@ | ||
3428 | |||
3429 | commit 9286875a73b2de7736b5e50692739d314cd8d9dc | ||
3430 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3431 | Date: Fri Jul 15 13:32:45 2016 +1000 | ||
3432 | |||
3433 | Determine appropriate salt for invalid users. | ||
3434 | |||
3435 | When sshd is processing a non-PAM login for a non-existent user it uses | ||
3436 | the string from the fakepw structure as the salt for crypt(3)ing the | ||
3437 | password supplied by the client. That string has a Blowfish prefix, so on | ||
3438 | systems that don't understand that crypt will fail fast due to an invalid | ||
3439 | salt, and even on those that do it may have significantly different timing | ||
3440 | from the hash methods used for real accounts (eg sha512). This allows | ||
3441 | user enumeration by, eg, sending large password strings. This was noted | ||
3442 | by EddieEzra.Harari at verint.com (CVE-2016-6210). | ||
3443 | |||
3444 | To mitigate, use the same hash algorithm that root uses for hashing | ||
3445 | passwords for users that do not exist on the system. ok djm@ | ||
3446 | |||
3447 | commit a162dd5e58ca5b224d7500abe35e1ef32b5de071 | ||
3448 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3449 | Date: Thu Jul 14 21:19:59 2016 +1000 | ||
3450 | |||
3451 | OpenSSL 1.1.x not currently supported. | ||
3452 | |||
3453 | commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb | ||
3454 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3455 | Date: Thu Jul 14 12:25:24 2016 +1000 | ||
3456 | |||
3457 | Check for VIS_ALL. | ||
3458 | |||
3459 | If we don't have it, set BROKEN_STRNVIS to activate the compat replacement. | ||
3460 | |||
3461 | commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0 | ||
3462 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3463 | Date: Thu Jul 14 01:24:21 2016 +0000 | ||
3464 | |||
3465 | upstream commit | ||
3466 | |||
3467 | Correct equal in test. | ||
3468 | |||
3469 | Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a | ||
3470 | |||
3471 | commit 372807c2065c8572fdc6478b25cc5ac363743073 | ||
3472 | Author: tb@openbsd.org <tb@openbsd.org> | ||
3473 | Date: Mon Jul 11 21:38:13 2016 +0000 | ||
3474 | |||
3475 | upstream commit | ||
3476 | |||
3477 | Add missing "recvfd" pledge promise: Raf Czlonka reported | ||
3478 | ssh coredumps when Control* keywords were set in ssh_config. This patch also | ||
3479 | fixes similar problems with scp and sftp. | ||
3480 | |||
3481 | ok deraadt, looks good to millert | ||
3482 | |||
3483 | Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b | ||
3484 | |||
3485 | commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd | ||
3486 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
3487 | Date: Mon Jul 11 03:19:44 2016 +0000 | ||
3488 | |||
3489 | upstream commit | ||
3490 | |||
3491 | obsolete note about fascistloggin is obsolete. ok djm | ||
3492 | dtucker | ||
3493 | |||
3494 | Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a | ||
3495 | |||
3496 | commit a2333584170a565adf4f209586772ef8053b10b8 | ||
3497 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3498 | Date: Thu Jul 14 10:59:09 2016 +1000 | ||
3499 | |||
3500 | Add compat code for missing wcwidth. | ||
3501 | |||
3502 | If we don't have wcwidth force fallback implementations of nl_langinfo | ||
3503 | and mbtowc. Based on advice from Ingo Schwarze. | ||
3504 | |||
3505 | commit 8aaec7050614494014c47510b7e94daf6e644c62 | ||
3506 | Author: Damien Miller <djm@mindrot.org> | ||
3507 | Date: Thu Jul 14 09:48:48 2016 +1000 | ||
3508 | |||
3509 | fix missing include for systems with err.h | ||
3510 | |||
3511 | commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243 | ||
3512 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3513 | Date: Wed Jul 13 14:42:35 2016 +1000 | ||
3514 | |||
3515 | Move err.h replacements into compat lib. | ||
3516 | |||
3517 | Move implementations of err.h replacement functions into their own file | ||
3518 | in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@ | ||
3519 | |||
3520 | commit f3f2cc8386868f51440c45210098f65f9787449a | ||
3521 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3522 | Date: Mon Jul 11 17:23:38 2016 +1000 | ||
3523 | |||
3524 | Check for wchar.h and langinfo.h | ||
3525 | |||
3526 | Wrap includes in the appropriate #ifdefs. | ||
3527 | |||
3528 | commit b9c50614eba9d90939b2b119b6e1b7e03b462278 | ||
3529 | Author: Damien Miller <djm@mindrot.org> | ||
3530 | Date: Fri Jul 8 13:59:13 2016 +1000 | ||
3531 | |||
3532 | whitelist more architectures for seccomp-bpf | ||
3533 | |||
3534 | bz#2590 - testing and patch from Jakub Jelen | ||
3535 | |||
3536 | commit 18813a32b6fd964037e0f5e1893cb4468ac6a758 | ||
3537 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
3538 | Date: Mon Jul 4 18:01:44 2016 +0000 | ||
3539 | |||
3540 | upstream commit | ||
3541 | |||
3542 | DEBUGLIBS has been broken since the gcc4 switch, so delete | ||
3543 | it. CFLAGS contains -g by default anyway | ||
3544 | |||
3545 | problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) | ||
3546 | ok millert@ kettenis@ deraadt@ | ||
3547 | |||
3548 | Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542 | ||
3549 | |||
3550 | commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7 | ||
3551 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3552 | Date: Fri Jul 8 03:44:42 2016 +0000 | ||
3553 | |||
3554 | upstream commit | ||
3555 | |||
3556 | Improve crypto ordering for Encrypt-then-MAC (EtM) mode | ||
3557 | MAC algorithms. | ||
3558 | |||
3559 | Previously we were computing the MAC, decrypting the packet and then | ||
3560 | checking the MAC. This gave rise to the possibility of creating a | ||
3561 | side-channel oracle in the decryption step, though no such oracle has | ||
3562 | been identified. | ||
3563 | |||
3564 | This adds a mac_check() function that computes and checks the MAC in | ||
3565 | one pass, and uses it to advance MAC checking for EtM algorithms to | ||
3566 | before payload decryption. | ||
3567 | |||
3568 | Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and | ||
3569 | Martin Albrecht. feedback and ok markus@ | ||
3570 | |||
3571 | Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b | ||
3572 | |||
3573 | commit 71f5598f06941f645a451948c4a5125c83828e1c | ||
3574 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
3575 | Date: Mon Jul 4 18:01:44 2016 +0000 | ||
3576 | |||
3577 | upstream commit | ||
3578 | |||
3579 | DEBUGLIBS has been broken since the gcc4 switch, so | ||
3580 | delete it. CFLAGS contains -g by default anyway | ||
3581 | |||
3582 | problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) | ||
3583 | ok millert@ kettenis@ deraadt@ | ||
3584 | |||
3585 | Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603 | ||
3586 | |||
3587 | commit e683fc6f1c8c7295648dbda679df8307786ec1ce | ||
3588 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3589 | Date: Thu Jun 30 05:17:05 2016 +0000 | ||
3590 | |||
3591 | upstream commit | ||
3592 | |||
3593 | Explicitly check for 100% completion to avoid potential | ||
3594 | floating point rounding error, which could cause progressmeter to report 99% | ||
3595 | on completion. While there invert the test so the 100% case is clearer. with | ||
3596 | & ok djm@ | ||
3597 | |||
3598 | Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d | ||
3599 | |||
3600 | commit 772e6cec0ed740fc7db618dc30b4134f5a358b43 | ||
3601 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3602 | Date: Wed Jun 29 17:14:28 2016 +0000 | ||
3603 | |||
3604 | upstream commit | ||
3605 | |||
3606 | sort the -o list; | ||
3607 | |||
3608 | Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac | ||
3609 | |||
3610 | commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af | ||
3611 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3612 | Date: Thu Jun 23 05:17:51 2016 +0000 | ||
3613 | |||
3614 | upstream commit | ||
3615 | |||
3616 | fix AuthenticationMethods during configuration re-parse; | ||
3617 | reported by Juan Francisco Cantero Hurtado | ||
3618 | |||
3619 | Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4 | ||
3620 | |||
3621 | commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e | ||
3622 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3623 | Date: Sun Jun 19 07:48:02 2016 +0000 | ||
3624 | |||
3625 | upstream commit | ||
3626 | |||
3627 | revert 1.34; causes problems loading public keys | ||
3628 | |||
3629 | reported by semarie@ | ||
3630 | |||
3631 | Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179 | ||
3632 | |||
3633 | commit ad23a75509f4320d43f628c50f0817e3ad12bfa7 | ||
3634 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3635 | Date: Fri Jun 17 06:33:30 2016 +0000 | ||
3636 | |||
3637 | upstream commit | ||
3638 | |||
3639 | grammar fix; | ||
3640 | |||
3641 | Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463 | ||
3642 | |||
3643 | commit 5e28b1a2a3757548b40018cc2493540a17c82e27 | ||
3644 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3645 | Date: Fri Jun 17 05:06:23 2016 +0000 | ||
3646 | |||
3647 | upstream commit | ||
3648 | |||
3649 | translate OpenSSL error codes to something more | ||
3650 | meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ | ||
3651 | |||
3652 | Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5 | ||
3653 | |||
3654 | commit b64faeb5eda7eff8210c754d00464f9fe9d23de5 | ||
3655 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3656 | Date: Fri Jun 17 05:03:40 2016 +0000 | ||
3657 | |||
3658 | upstream commit | ||
3659 | |||
3660 | ban AuthenticationMethods="" and accept | ||
3661 | AuthenticationMethods=any for the default behaviour of not requiring multiple | ||
3662 | authentication | ||
3663 | |||
3664 | bz#2398 from Jakub Jelen; ok dtucker@ | ||
3665 | |||
3666 | Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27 | ||
3667 | |||
3668 | commit 9816fc5daee5ca924dd5c4781825afbaab728877 | ||
3669 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3670 | Date: Thu Jun 16 11:00:17 2016 +0000 | ||
3671 | |||
3672 | upstream commit | ||
3673 | |||
3674 | Include stdarg.h for va_copy as per man page. | ||
3675 | |||
3676 | Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd | ||
3677 | |||
3678 | commit b6cf84b51bc0f5889db48bf29a0c771954ade283 | ||
3679 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3680 | Date: Thu Jun 16 06:10:45 2016 +0000 | ||
3681 | |||
3682 | upstream commit | ||
3683 | |||
3684 | keys stored in openssh format can have comments too; diff | ||
3685 | from yonas yanfa, tweaked a bit; | ||
3686 | |||
3687 | ok djm | ||
3688 | |||
3689 | Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27 | ||
3690 | |||
3691 | commit aa37768f17d01974b6bfa481e5e83841b6c76f86 | ||
3692 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3693 | Date: Mon Jun 20 15:55:34 2016 +1000 | ||
3694 | |||
3695 | get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX | ||
3696 | |||
3697 | Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip | ||
3698 | change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX. | ||
3699 | Fixes build on AIX. | ||
3700 | |||
3701 | commit 009891afc8df37bc2101e15d1e0b6433cfb90549 | ||
3702 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3703 | Date: Fri Jun 17 14:34:09 2016 +1000 | ||
3704 | |||
3705 | Remove duplicate code from PAM. ok djm@ | ||
3706 | |||
3707 | commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba | ||
3708 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3709 | Date: Wed Jun 15 00:40:40 2016 +0000 | ||
3710 | |||
3711 | upstream commit | ||
3712 | |||
3713 | Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message | ||
3714 | about forward and reverse DNS not matching. We haven't supported IP-based | ||
3715 | auth methods for a very long time so it's now misleading. part of bz#2585, | ||
3716 | ok markus@ | ||
3717 | |||
3718 | Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29 | ||
3719 | |||
3720 | commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd | ||
3721 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3722 | Date: Wed Jun 15 11:22:38 2016 +1000 | ||
3723 | |||
3724 | Move platform_disable_tracing into its own file. | ||
3725 | |||
3726 | Prevents link errors resolving the extern "options" when platform.o | ||
3727 | gets linked into ssh-agent when building --with-pam. | ||
3728 | |||
3729 | commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070 | ||
3730 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3731 | Date: Tue Jun 14 13:55:12 2016 +1000 | ||
3732 | |||
3733 | Track skipped upstream commit IDs. | ||
3734 | |||
3735 | There are a small number of "upstream" commits that do not correspond to | ||
3736 | a file in -portable. This file tracks those so that we can reconcile | ||
3737 | OpenBSD and Portable to ensure that no commits are accidentally missed. | ||
3738 | |||
3739 | If you add something to .skipped-commit-ids please also add an upstream | ||
3740 | ID line in the following format when you commit it. | ||
3741 | |||
3742 | Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35 | ||
3743 | Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca | ||
3744 | Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7 | ||
3745 | Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120 | ||
3746 | Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a | ||
3747 | Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef | ||
3748 | Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2 | ||
3749 | Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660 | ||
3750 | Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae | ||
3751 | Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee | ||
3752 | |||
3753 | commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f | ||
3754 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3755 | Date: Tue Jun 14 13:51:01 2016 +1000 | ||
3756 | |||
3757 | Remove now-defunct .cvsignore files. ok djm | ||
3758 | |||
3759 | commit 68777faf271efb2713960605c748f6c8a4b26d55 | ||
3760 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3761 | Date: Wed Jun 8 02:13:01 2016 +0000 | ||
3762 | |||
3763 | upstream commit | ||
3764 | |||
3765 | Back out rev 1.28 "Check min and max sizes sent by the | ||
3766 | client" change. It caused "key_verify failed for server_host_key" in clients | ||
3767 | that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY. | ||
3768 | ok djm@ | ||
3769 | |||
3770 | Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65 | ||
3771 | |||
3772 | commit a86ec4d0737ac5879223e7cd9d68c448df46e169 | ||
3773 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3774 | Date: Tue Jun 14 10:48:27 2016 +1000 | ||
3775 | |||
3776 | Use Solaris setpflags(__PROC_PROTECT, ...). | ||
3777 | |||
3778 | Where possible, use Solaris setpflags to disable process tracing on | ||
3779 | ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee | ||
3780 | at oracle.com, ok djm. | ||
3781 | |||
3782 | commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573 | ||
3783 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3784 | Date: Tue Jun 14 10:43:53 2016 +1000 | ||
3785 | |||
3786 | Shorten prctl code a tiny bit. | ||
3787 | |||
3788 | commit 0fb7f5985351fbbcd2613d8485482c538e5123be | ||
3789 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3790 | Date: Thu Jun 9 16:23:07 2016 +1000 | ||
3791 | |||
3792 | Move prctl PR_SET_DUMPABLE into platform.c. | ||
3793 | |||
3794 | This should make it easier to add additional platform support such as | ||
3795 | Solaris (bz#2584). | ||
3796 | |||
3797 | commit e6508898c3cd838324ecfe1abd0eb8cf802e7106 | ||
3798 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3799 | Date: Fri Jun 3 04:10:41 2016 +0000 | ||
3800 | |||
3801 | upstream commit | ||
3802 | |||
3803 | Add a test for ssh(1)'s config file parsing. | ||
3804 | |||
3805 | Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601 | ||
3806 | |||
3807 | commit ab0a536066dfa32def0bd7272c096ebb5eb25b11 | ||
3808 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3809 | Date: Fri Jun 3 03:47:59 2016 +0000 | ||
3810 | |||
3811 | upstream commit | ||
3812 | |||
3813 | Add 'sshd' to the test ID as I'm about to add a similar | ||
3814 | set for ssh. | ||
3815 | |||
3816 | Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a | ||
3817 | |||
3818 | commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb | ||
3819 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
3820 | Date: Mon May 30 12:14:08 2016 +0000 | ||
3821 | |||
3822 | upstream commit | ||
3823 | |||
3824 | stricter malloc.conf(5) options for utf8 tests | ||
3825 | |||
3826 | Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6 | ||
3827 | |||
3828 | commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc | ||
3829 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
3830 | Date: Mon May 30 12:05:56 2016 +0000 | ||
3831 | |||
3832 | upstream commit | ||
3833 | |||
3834 | Fix two rare edge cases: 1. If vasprintf() returns < 0, | ||
3835 | do not access a NULL pointer in snmprintf(), and do not free() the pointer | ||
3836 | returned from vasprintf() because on some systems other than OpenBSD, it | ||
3837 | might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" | ||
3838 | rather than -1 and NULL. | ||
3839 | |||
3840 | Besides, free(dst) is pointless after failure (not a bug). | ||
3841 | |||
3842 | One half OK martijn@, the other half OK deraadt@; | ||
3843 | committing quickly before people get hurt. | ||
3844 | |||
3845 | Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4 | ||
3846 | |||
3847 | commit 016881eb33a7948028848c90f4c7ac42e3af0e87 | ||
3848 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
3849 | Date: Thu May 26 19:14:25 2016 +0000 | ||
3850 | |||
3851 | upstream commit | ||
3852 | |||
3853 | test the new utf8 module | ||
3854 | |||
3855 | Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3 | ||
3856 | |||
3857 | commit d4219028bdef448e089376f3afe81ef6079da264 | ||
3858 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3859 | Date: Tue May 3 15:30:46 2016 +0000 | ||
3860 | |||
3861 | upstream commit | ||
3862 | |||
3863 | Set umask to prevent "Bad owner or permissions" errors. | ||
3864 | |||
3865 | Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417 | ||
3866 | |||
3867 | commit 07d5608bb237e9b3fe86a2aeaa429392230faebf | ||
3868 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3869 | Date: Tue May 3 14:41:04 2016 +0000 | ||
3870 | |||
3871 | upstream commit | ||
3872 | |||
3873 | support doas | ||
3874 | |||
3875 | Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38 | ||
3876 | |||
3877 | commit 01cabf10adc7676cba5f40536a34d3b246edb73f | ||
3878 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3879 | Date: Tue May 3 13:48:33 2016 +0000 | ||
3880 | |||
3881 | upstream commit | ||
3882 | |||
3883 | unit tests for sshbuf_dup_string() | ||
3884 | |||
3885 | Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d | ||
3886 | |||
3887 | commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372 | ||
3888 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3889 | Date: Fri Jun 3 06:44:12 2016 +0000 | ||
3890 | |||
3891 | upstream commit | ||
3892 | |||
3893 | tweak previous; | ||
3894 | |||
3895 | Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698 | ||
3896 | |||
3897 | commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4 | ||
3898 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3899 | Date: Fri Jun 3 04:09:38 2016 +0000 | ||
3900 | |||
3901 | upstream commit | ||
3902 | |||
3903 | Allow ExitOnForwardFailure and ClearAllForwardings to be | ||
3904 | overridden when using ssh -W (but still default to yes in that case). | ||
3905 | bz#2577, ok djm@. | ||
3906 | |||
3907 | Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4 | ||
3908 | |||
3909 | commit 8543ff3f5020fe659839b15f05b8c522bde6cee5 | ||
3910 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3911 | Date: Fri Jun 3 03:14:41 2016 +0000 | ||
3912 | |||
3913 | upstream commit | ||
3914 | |||
3915 | Move the host and port used by ssh -W into the Options | ||
3916 | struct. This will make future changes a bit easier. ok djm@ | ||
3917 | |||
3918 | Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382 | ||
3919 | |||
3920 | commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368 | ||
3921 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3922 | Date: Wed Jun 1 04:19:49 2016 +0000 | ||
3923 | |||
3924 | upstream commit | ||
3925 | |||
3926 | Check min and max sizes sent by the client against what | ||
3927 | we support before passing them to the monitor. ok djm@ | ||
3928 | |||
3929 | Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece | ||
3930 | |||
3931 | commit 564cd2a8926ccb1dca43a535073540935b5e0373 | ||
3932 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3933 | Date: Tue May 31 23:46:14 2016 +0000 | ||
3934 | |||
3935 | upstream commit | ||
3936 | |||
3937 | Ensure that the client's proposed DH-GEX max value is at | ||
3938 | least as big as the minimum the server will accept. ok djm@ | ||
3939 | |||
3940 | Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775 | ||
3941 | |||
3942 | commit df820722e40309c9b3f360ea4ed47a584ed74333 | ||
3943 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3944 | Date: Mon Jun 6 11:36:13 2016 +1000 | ||
3945 | |||
3946 | Add compat bits to utf8.c. | ||
3947 | |||
3948 | commit 05c6574652571becfe9d924226c967a3f4b3f879 | ||
3949 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3950 | Date: Mon Jun 6 11:33:43 2016 +1000 | ||
3951 | |||
3952 | Fix utf->utf8 typo. | ||
3953 | |||
3954 | commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce | ||
3955 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
3956 | Date: Mon May 30 18:34:41 2016 +0000 | ||
3957 | |||
3958 | upstream commit | ||
3959 | |||
3960 | Backout rev. 1.43 for now. | ||
3961 | |||
3962 | The function update_progress_meter() calls refresh_progress_meter() | ||
3963 | which calls snmprintf() which calls malloc(); but update_progress_meter() | ||
3964 | acts as the SIGALRM signal handler. | ||
3965 | |||
3966 | "malloc(): error: recursive call" reported by sobrado@. | ||
3967 | |||
3968 | Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e | ||
3969 | |||
3970 | commit cd9e1eabeb4137182200035ab6fa4522f8d24044 | ||
3971 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
3972 | Date: Mon May 30 12:57:21 2016 +0000 | ||
3973 | |||
3974 | upstream commit | ||
3975 | |||
3976 | Even when only writing an unescaped character, the dst | ||
3977 | buffer may need to grow, or it would be overrun; issue found by tb@ with | ||
3978 | malloc.conf(5) 'C'. | ||
3979 | |||
3980 | While here, reserve an additional byte for the terminating NUL | ||
3981 | up front such that we don't have to realloc() later just for that. | ||
3982 | |||
3983 | OK tb@ | ||
3984 | |||
3985 | Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff | ||
3986 | |||
3987 | commit ac284a355f8065eaef2a16f446f3c44cdd17371d | ||
3988 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
3989 | Date: Mon May 30 12:05:56 2016 +0000 | ||
3990 | |||
3991 | upstream commit | ||
3992 | |||
3993 | Fix two rare edge cases: 1. If vasprintf() returns < 0, | ||
3994 | do not access a NULL pointer in snmprintf(), and do not free() the pointer | ||
3995 | returned from vasprintf() because on some systems other than OpenBSD, it | ||
3996 | might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" | ||
3997 | rather than -1 and NULL. | ||
3998 | |||
3999 | Besides, free(dst) is pointless after failure (not a bug). | ||
4000 | |||
4001 | One half OK martijn@, the other half OK deraadt@; | ||
4002 | committing quickly before people get hurt. | ||
4003 | |||
4004 | Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0 | ||
4005 | |||
4006 | commit 0e059cdf5fd86297546c63fa8607c24059118832 | ||
4007 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
4008 | Date: Wed May 25 23:48:45 2016 +0000 | ||
4009 | |||
4010 | upstream commit | ||
4011 | |||
4012 | To prevent screwing up terminal settings when printing to | ||
4013 | the terminal, for ASCII and UTF-8, escape bytes not forming characters and | ||
4014 | bytes forming non-printable characters with vis(3) VIS_OCTAL. For other | ||
4015 | character sets, abort printing of the current string in these cases. In | ||
4016 | particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * | ||
4017 | sanitize data received from the remote host; * sanitize filenames, usernames, | ||
4018 | and similar data even locally; * take character display widths into account | ||
4019 | for the progressmeter. | ||
4020 | |||
4021 | This is believed to be sufficient to keep the local terminal safe | ||
4022 | on OpenBSD, but bad things can still happen on other systems with | ||
4023 | state-dependent locales because many places in the code print | ||
4024 | unencoded ASCII characters into the output stream. | ||
4025 | |||
4026 | Using feedback from djm@ and martijn@, | ||
4027 | various aspects discussed with many others. | ||
4028 | |||
4029 | deraadt@ says it should go in now, i probably already hesitated too long | ||
4030 | |||
4031 | Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0 | ||
4032 | |||
4033 | commit 8c02e3639acefe1e447e293dbe23a0917abd3734 | ||
4034 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4035 | Date: Tue May 24 04:43:45 2016 +0000 | ||
4036 | |||
4037 | upstream commit | ||
4038 | |||
4039 | KNF compression proposal and simplify the client side a | ||
4040 | little. ok djm@ | ||
4041 | |||
4042 | Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605 | ||
4043 | |||
4044 | commit 7ec4946fb686813eb5f8c57397e465f5485159f4 | ||
4045 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4046 | Date: Tue May 24 02:31:57 2016 +0000 | ||
4047 | |||
4048 | upstream commit | ||
4049 | |||
4050 | Back out 'plug memleak'. | ||
4051 | |||
4052 | Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0 | ||
4053 | |||
4054 | commit 82f24c3ddc52053aeb7beb3332fa94c92014b0c5 | ||
4055 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4056 | Date: Mon May 23 23:30:50 2016 +0000 | ||
4057 | |||
4058 | upstream commit | ||
4059 | |||
4060 | prefer agent-hosted keys to keys from PKCS#11; ok markus | ||
4061 | |||
4062 | Upstream-ID: 7417f7653d58d6306d9f8c08d0263d050e2fd8f4 | ||
4063 | |||
4064 | commit a0cb7778fbc9b43458f7072eb68dd858766384d1 | ||
4065 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4066 | Date: Mon May 23 00:17:27 2016 +0000 | ||
4067 | |||
4068 | upstream commit | ||
4069 | |||
4070 | Plug mem leak in filter_proposal. ok djm@ | ||
4071 | |||
4072 | Upstream-ID: bf968da7cfcea2a41902832e7d548356a4e2af34 | ||
4073 | |||
4074 | commit ae9c0d4d5c581b3040d1f16b5c5f4b1cd1616743 | ||
4075 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4076 | Date: Fri Jun 3 16:03:44 2016 +1000 | ||
4077 | |||
4078 | Update vis.h and vis.c from OpenBSD. | ||
4079 | |||
4080 | This will be needed for the upcoming utf8 changes. | ||
4081 | |||
4082 | commit e1d93705f8f48f519433d6ca9fc3d0abe92a1b77 | ||
4083 | Author: Tim Rice <tim@multitalents.net> | ||
4084 | Date: Tue May 31 11:13:22 2016 -0700 | ||
4085 | |||
4086 | modified: configure.ac | ||
4087 | whitspace clean up. No code changes. | ||
4088 | |||
4089 | commit 604a037d84e41e31f0aec9075df0b8740c130200 | ||
4090 | Author: Damien Miller <djm@mindrot.org> | ||
4091 | Date: Tue May 31 16:45:28 2016 +1000 | ||
4092 | |||
4093 | whitespace at EOL | ||
4094 | |||
4095 | commit 18424200160ff5c923113e0a37ebe21ab7bcd17c | ||
4096 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4097 | Date: Mon May 30 19:35:28 2016 +1000 | ||
4098 | |||
4099 | Add missing ssh-host-config --name option | ||
4100 | |||
4101 | Patch from vinschen@redhat.com. | ||
4102 | |||
4103 | commit 39c0cecaa188a37a2e134795caa68e03f3ced592 | ||
4104 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4105 | Date: Fri May 20 10:01:58 2016 +1000 | ||
4106 | |||
4107 | Fix comment about sshpam_const and AIX. | ||
4108 | |||
4109 | From mschwager via github. | ||
4110 | |||
4111 | commit f64062b1f74ad5ee20a8a49aab2732efd0f7ce30 | ||
4112 | Author: Damien Miller <djm@mindrot.org> | ||
4113 | Date: Fri May 20 09:56:53 2016 +1000 | ||
4114 | |||
4115 | Deny lstat syscalls in seccomp sandbox | ||
4116 | |||
4117 | Avoids sandbox violations for some krb/gssapi libraries. | ||
4118 | |||
4119 | commit 531c135409b8d8810795b1f3692a4ebfd5c9cae0 | ||
4120 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4121 | Date: Thu May 19 07:45:32 2016 +0000 | ||
4122 | |||
4123 | upstream commit | ||
4124 | |||
4125 | fix type of ed25519 values | ||
4126 | |||
4127 | Upstream-ID: b32d0cb372bbe918ca2de56906901eae225a59b0 | ||
4128 | |||
4129 | commit 75e21688f523799c9e0cc6601d76a9c5ca79f787 | ||
4130 | Author: markus@openbsd.org <markus@openbsd.org> | ||
4131 | Date: Wed May 4 14:32:26 2016 +0000 | ||
4132 | |||
4133 | upstream commit | ||
4134 | |||
4135 | add IdentityAgent; noticed & ok jmc@ | ||
4136 | |||
4137 | Upstream-ID: 4ba9034b00a4cf1beae627f0728da897802df88a | ||
4138 | |||
4139 | commit 1a75d14daf4b60db903e6103cf50e74e0cd0a76b | ||
4140 | Author: markus@openbsd.org <markus@openbsd.org> | ||
4141 | Date: Wed May 4 14:29:58 2016 +0000 | ||
4142 | |||
4143 | upstream commit | ||
4144 | |||
4145 | allow setting IdentityAgent to SSH_AUTH_SOCK; ok djm@ | ||
4146 | |||
4147 | Upstream-ID: 20c508480d8db3eef18942c0fc39b1fcf25652ac | ||
4148 | |||
4149 | commit 0516454151ae722fc8256c3c56115c6baf24c5b0 | ||
4150 | Author: markus@openbsd.org <markus@openbsd.org> | ||
4151 | Date: Wed May 4 14:22:33 2016 +0000 | ||
4152 | |||
4153 | upstream commit | ||
4154 | |||
4155 | move SSH_MSG_NONE, so we don't have to include ssh1.h; | ||
4156 | ok deraadt@ | ||
4157 | |||
4158 | Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e | ||
4159 | |||
4160 | commit 332ff3d770631e7513fea38cf0d3689f673f0e3f | ||
4161 | Author: Damien Miller <djm@mindrot.org> | ||
4162 | Date: Tue May 10 09:51:06 2016 +1000 | ||
4163 | |||
4164 | initialise salen in binresvport_sa | ||
4165 | |||
4166 | avoids failures with UsePrivilegedPort=yes | ||
4167 | |||
4168 | patch from Juan Gallego | ||
4169 | |||
4170 | commit c5c1d5d2f04ce00d2ddd6647e61b32f28be39804 | ||
4171 | Author: markus@openbsd.org <markus@openbsd.org> | ||
4172 | Date: Wed May 4 14:04:40 2016 +0000 | ||
4173 | |||
4174 | upstream commit | ||
4175 | |||
4176 | missing const in prototypes (ssh1) | ||
4177 | |||
4178 | Upstream-ID: 789c6ad4928b5fa557369b88c3a6a34926082c05 | ||
4179 | |||
4180 | commit 9faae50e2e82ba42eb0cb2726bf6830fe7948f28 | ||
4181 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4182 | Date: Wed May 4 14:00:09 2016 +0000 | ||
4183 | |||
4184 | upstream commit | ||
4185 | |||
4186 | Fix inverted logic for updating StreamLocalBindMask which | ||
4187 | would cause the server to set an invalid mask. ok djm@ | ||
4188 | |||
4189 | Upstream-ID: 8a4404c8307a5ef9e07ee2169fc6d8106b527587 | ||
4190 | |||
4191 | commit b02ad1ce9105bfa7394ac7590c0729dd52e26a81 | ||
4192 | Author: markus@openbsd.org <markus@openbsd.org> | ||
4193 | Date: Wed May 4 12:21:53 2016 +0000 | ||
4194 | |||
4195 | upstream commit | ||
4196 | |||
4197 | IdentityAgent for specifying specific agent sockets; ok | ||
4198 | djm@ | ||
4199 | |||
4200 | Upstream-ID: 3e6a15eb89ea0fd406f108826b7dc7dec4fbfac1 | ||
4201 | |||
4202 | commit 910e59bba09ac309d78ce61e356da35292212935 | ||
4203 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4204 | Date: Wed May 4 12:16:39 2016 +0000 | ||
4205 | |||
4206 | upstream commit | ||
4207 | |||
4208 | fix junk characters after quotes | ||
4209 | |||
4210 | Upstream-ID: cc4d0cd32cb6b55a2ef98975d2f7ae857d0dc578 | ||
4211 | |||
4212 | commit 9283884e647b8be50ccd2997537af0065672107d | ||
4213 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
4214 | Date: Tue May 3 18:38:12 2016 +0000 | ||
4215 | |||
4216 | upstream commit | ||
4217 | |||
4218 | correct article; | ||
4219 | |||
4220 | Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168 | ||
4221 | |||
4222 | commit cfefbcea1057c2623e76c579174a4107a0b6e6cd | ||
4223 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4224 | Date: Tue May 3 15:57:39 2016 +0000 | ||
4225 | |||
4226 | upstream commit | ||
4227 | |||
4228 | fix overriding of StreamLocalBindMask and | ||
4229 | StreamLocalBindUnlink in Match blocks; found the hard way Rogan Dawes | ||
4230 | |||
4231 | Upstream-ID: 940bc69ec0249ab428d24ccd0722ce35cb932ee2 | ||
4232 | |||
4233 | commit 771c2f51ffc0c9a2877b7892fada0c77bd1f6549 | ||
4234 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4235 | Date: Tue May 3 15:25:06 2016 +0000 | ||
4236 | |||
4237 | upstream commit | ||
4238 | |||
4239 | don't forget to include StreamLocalBindUnlink in the | ||
4240 | config dump output | ||
4241 | |||
4242 | Upstream-ID: 14a6d970b3b45c8e94272e3c661e9a0b2a0ee7cb | ||
4243 | |||
4244 | commit cdcd941994dc430f50d0a4e6a712d32b66e6199e | ||
4245 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4246 | Date: Tue May 3 14:54:08 2016 +0000 | ||
4247 | |||
4248 | upstream commit | ||
4249 | |||
4250 | make nethack^wrandomart fingerprint flag more readily | ||
4251 | searchable pointed out by Matt Johnston | ||
4252 | |||
4253 | Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb | ||
4254 | |||
4255 | commit 05855bf2ce7d5cd0a6db18bc0b4214ed5ef7516d | ||
4256 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4257 | Date: Tue May 3 13:10:24 2016 +0000 | ||
4258 | |||
4259 | upstream commit | ||
4260 | |||
4261 | clarify ordering of subkeys; pointed out by ietf-ssh AT | ||
4262 | stbuehler.de | ||
4263 | |||
4264 | Upstream-ID: 05ebe9f949449a555ebce8e0aad7c8c9acaf8463 | ||
4265 | |||
4266 | commit cca3b4395807bfb7aaeb83d2838f5c062ce30566 | ||
4267 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4268 | Date: Tue May 3 12:15:49 2016 +0000 | ||
4269 | |||
4270 | upstream commit | ||
4271 | |||
4272 | Use a subshell for constructing key types to work around | ||
4273 | different sed behaviours for -portable. | ||
4274 | |||
4275 | Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d | ||
4276 | |||
4277 | commit fa58208c6502dcce3e0daac0ca991ee657daf1f5 | ||
4278 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4279 | Date: Tue May 3 10:27:59 2016 +0000 | ||
4280 | |||
4281 | upstream commit | ||
4282 | |||
4283 | correct some typos and remove a long-stale XXX note. | ||
4284 | |||
4285 | add specification for ed25519 certificates | ||
4286 | |||
4287 | mention no host certificate options/extensions are currently defined | ||
4288 | |||
4289 | pointed out by Simon Tatham | ||
4290 | |||
4291 | Upstream-ID: 7b535ab7dba3340b7d8210ede6791fdaefdf839a | ||
4292 | |||
4293 | commit b466f956c32cbaff4200bfcd5db6739fe4bc7d04 | ||
4294 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4295 | Date: Tue May 3 10:24:27 2016 +0000 | ||
4296 | |||
4297 | upstream commit | ||
4298 | |||
4299 | add ed25519 keys that are supported but missing from this | ||
4300 | documents; from Peter Moody | ||
4301 | |||
4302 | Upstream-ID: 8caac2d8e8cfd2fca6dc304877346e0a064b014b | ||
4303 | |||
4304 | commit 7f3d76319a69dab2efe3a520a8fef5b97e923636 | ||
4305 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4306 | Date: Tue May 3 09:03:49 2016 +0000 | ||
4307 | |||
4308 | upstream commit | ||
4309 | |||
4310 | Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch | ||
4311 | from Simon Tatham, ok markus@ | ||
4312 | |||
4313 | Upstream-ID: 58268ebdf37d9d467f78216c681705a5e10c58e8 | ||
4314 | |||
4315 | commit 31bc01c05d9f51bee3ebe33dc57c4fafb059fb62 | ||
4316 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4317 | Date: Mon May 2 14:10:58 2016 +0000 | ||
4318 | |||
4319 | upstream commit | ||
4320 | |||
4321 | unbreak config parsing on reexec from previous commit | ||
4322 | |||
4323 | Upstream-ID: bc69932638a291770955bd05ca55a32660a613ab | ||
4324 | |||
4325 | commit 67f1459efd2e85bf03d032539283fa8107218936 | ||
4326 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4327 | Date: Mon May 2 09:52:00 2016 +0000 | ||
4328 | |||
4329 | upstream commit | ||
4330 | |||
4331 | unit and regress tests for SHA256/512; ok markus | ||
4332 | |||
4333 | Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6 | ||
4334 | |||
4335 | commit 0e8eeec8e75f6d0eaf33317376f773160018a9c7 | ||
4336 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4337 | Date: Mon May 2 10:26:04 2016 +0000 | ||
4338 | |||
4339 | upstream commit | ||
4340 | |||
4341 | add support for additional fixed DH groups from | ||
4342 | draft-ietf-curdle-ssh-kex-sha2-03 | ||
4343 | |||
4344 | diffie-hellman-group14-sha256 (2K group) | ||
4345 | diffie-hellman-group16-sha512 (4K group) | ||
4346 | diffie-hellman-group18-sha512 (8K group) | ||
4347 | |||
4348 | based on patch from Mark D. Baushke and Darren Tucker | ||
4349 | ok markus@ | ||
4350 | |||
4351 | Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f | ||
4352 | |||
4353 | commit 57464e3934ba53ad8590ee3ccd840f693407fc1e | ||
4354 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4355 | Date: Mon May 2 09:36:42 2016 +0000 | ||
4356 | |||
4357 | upstream commit | ||
4358 | |||
4359 | support SHA256 and SHA512 RSA signatures in certificates; | ||
4360 | ok markus@ | ||
4361 | |||
4362 | Upstream-ID: b45be2f2ce8cacd794dc5730edaabc90e5eb434a | ||
4363 | |||
4364 | commit 1a31d02b2411c4718de58ce796dbb7b5e14db93e | ||
4365 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4366 | Date: Mon May 2 08:49:03 2016 +0000 | ||
4367 | |||
4368 | upstream commit | ||
4369 | |||
4370 | fix signed/unsigned errors reported by clang-3.7; add | ||
4371 | sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with | ||
4372 | better safety checking; feedback and ok markus@ | ||
4373 | |||
4374 | Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820 | ||
4375 | |||
4376 | commit d2d6bf864e52af8491a60dd507f85b74361f5da3 | ||
4377 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4378 | Date: Fri Apr 29 08:07:53 2016 +0000 | ||
4379 | |||
4380 | upstream commit | ||
4381 | |||
4382 | close ControlPersist background process stderr when not | ||
4383 | in debug mode or when logging to a file or syslog. bz#1988 ok dtucker | ||
4384 | |||
4385 | Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24 | ||
4386 | |||
4387 | commit 9ee692fa1146e887e008a2b9a3d3ea81770c9fc8 | ||
4388 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4389 | Date: Thu Apr 28 14:30:21 2016 +0000 | ||
4390 | |||
4391 | upstream commit | ||
4392 | |||
4393 | fix comment | ||
4394 | |||
4395 | Upstream-ID: 313a385bd7b69a82f8e28ecbaf5789c774457b15 | ||
4396 | |||
4397 | commit ee1e0a16ff2ba41a4d203c7670b54644b6c57fa6 | ||
4398 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
4399 | Date: Wed Apr 27 13:53:48 2016 +0000 | ||
4400 | |||
4401 | upstream commit | ||
4402 | |||
4403 | cidr permitted for {allow,deny}users; from lars nooden ok djm | ||
4404 | |||
4405 | Upstream-ID: 13e7327fe85f6c63f3f7f069e0fdc8c351515d11 | ||
4406 | |||
4407 | commit b6e0140a5aa883c27b98415bd8aa9f65fc04ee22 | ||
4408 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4409 | Date: Thu Apr 21 06:08:02 2016 +0000 | ||
4410 | |||
4411 | upstream commit | ||
4412 | |||
4413 | make argument == NULL tests more consistent | ||
4414 | |||
4415 | Upstream-ID: dc4816678704aa5cbda3a702e0fa2033ff04581d | ||
4416 | |||
4417 | commit 6aaabc2b610e44bae473457ad9556ffb43d90ee3 | ||
4418 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
4419 | Date: Sun Apr 17 14:34:46 2016 +0000 | ||
4420 | |||
4421 | upstream commit | ||
4422 | |||
4423 | tweak previous; | ||
4424 | |||
4425 | Upstream-ID: 46c1bab91c164078edbccd5f7d06b9058edd814f | ||
4426 | |||
4427 | commit 0f839e5969efa3bda615991be8a9d9311554c573 | ||
4428 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4429 | Date: Fri Apr 15 02:57:10 2016 +0000 | ||
4430 | |||
4431 | upstream commit | ||
4432 | |||
4433 | missing bit of Include regress | ||
4434 | |||
4435 | Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f | ||
4436 | |||
4437 | commit 12e4ac46aed681da55c2bba3cd11dfcab23591be | ||
4438 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4439 | Date: Fri Apr 15 02:55:53 2016 +0000 | ||
4440 | |||
4441 | upstream commit | ||
4442 | |||
4443 | remove redundant CLEANFILES section | ||
4444 | |||
4445 | Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587 | ||
4446 | |||
4447 | commit b1d05aa653ae560c44baf8e8a9756e33f98ea75c | ||
4448 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4449 | Date: Fri Apr 15 00:48:01 2016 +0000 | ||
4450 | |||
4451 | upstream commit | ||
4452 | |||
4453 | sync CLEANFILES with portable, sort | ||
4454 | |||
4455 | Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed | ||
4456 | |||
4457 | commit 35f22dad263cce5c61d933ae439998cb965b8748 | ||
4458 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4459 | Date: Fri Apr 15 00:31:10 2016 +0000 | ||
4460 | |||
4461 | upstream commit | ||
4462 | |||
4463 | regression test for ssh_config Include directive | ||
4464 | |||
4465 | Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e | ||
4466 | |||
4467 | commit 6b8a1a87005818d4700ce8b42faef746e82c1f51 | ||
4468 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4469 | Date: Thu Apr 14 23:57:17 2016 +0000 | ||
4470 | |||
4471 | upstream commit | ||
4472 | |||
4473 | unbreak test for recent ssh de-duplicated forwarding | ||
4474 | change | ||
4475 | |||
4476 | Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3 | ||
4477 | |||
4478 | commit 076787702418985a2cc6808212dc28ce7afc01f0 | ||
4479 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4480 | Date: Thu Apr 14 23:21:42 2016 +0000 | ||
4481 | |||
4482 | upstream commit | ||
4483 | |||
4484 | add test knob and warning for StrictModes | ||
4485 | |||
4486 | Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682 | ||
4487 | |||
4488 | commit dc7990be865450574c7940c9880567f5d2555b37 | ||
4489 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4490 | Date: Fri Apr 15 00:30:19 2016 +0000 | ||
4491 | |||
4492 | upstream commit | ||
4493 | |||
4494 | Include directive for ssh_config(5); feedback & ok markus@ | ||
4495 | |||
4496 | Upstream-ID: ae3b76e2e343322b9f74acde6f1e1c5f027d5fff | ||
4497 | |||
4498 | commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 | ||
4499 | Author: Damien Miller <djm@mindrot.org> | ||
4500 | Date: Wed Apr 13 10:39:57 2016 +1000 | ||
4501 | |||
4502 | ignore PAM environment vars when UseLogin=yes | ||
4503 | |||
4504 | If PAM is configured to read user-specified environment variables | ||
4505 | and UseLogin=yes in sshd_config, then a hostile local user may | ||
4506 | attack /bin/login via LD_PRELOAD or similar environment variables | ||
4507 | set via PAM. | ||
4508 | |||
4509 | CVE-2015-8325, found by Shayan Sadigh, via Colin Watson | ||
4510 | |||
4511 | commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9 | ||
4512 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4513 | Date: Sat Apr 9 12:39:30 2016 +0000 | ||
4514 | |||
4515 | upstream commit | ||
4516 | |||
4517 | make private key loading functions consistently handle NULL | ||
4518 | key pointer arguments; ok markus@ | ||
4519 | |||
4520 | Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761 | ||
4521 | |||
4522 | commit 5f41f030e2feb5295657285aa8c6602c7810bc4b | ||
4523 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4524 | Date: Fri Apr 8 21:14:13 2016 +1000 | ||
4525 | |||
4526 | Remove NO_IPPORT_RESERVED_CONCEPT | ||
4527 | |||
4528 | Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have | ||
4529 | the same effect without causing problems syncing patches with OpenBSD. | ||
4530 | Resync the two affected functions with OpenBSD. ok djm, sanity checked | ||
4531 | by Corinna. | ||
4532 | |||
4533 | commit 34a01b2cf737d946ddb140618e28c3048ab7a229 | ||
4534 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4535 | Date: Fri Apr 8 08:19:17 2016 +0000 | ||
4536 | |||
4537 | upstream commit | ||
4538 | |||
4539 | whitespace at EOL | ||
4540 | |||
4541 | Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6 | ||
4542 | |||
4543 | commit 90ee563fa6b54c59896c6c332c5188f866c5e75f | ||
4544 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4545 | Date: Fri Apr 8 06:35:54 2016 +0000 | ||
4546 | |||
4547 | upstream commit | ||
4548 | |||
4549 | We accidentally send an empty string and a zero uint32 with | ||
4550 | every direct-streamlocal@openssh.com channel open, in contravention of our | ||
4551 | own spec. | ||
4552 | |||
4553 | Fixing this is too hard wrt existing versions that expect these | ||
4554 | fields to be present and fatal() if they aren't, so document them | ||
4555 | as "reserved" fields in the PROTOCOL spec as though we always | ||
4556 | intended this and let us never speak of it again. | ||
4557 | |||
4558 | bz#2529, reported by Ron Frederick | ||
4559 | |||
4560 | Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7 | ||
4561 | |||
4562 | commit 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 | ||
4563 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4564 | Date: Wed Apr 6 06:42:17 2016 +0000 | ||
4565 | |||
4566 | upstream commit | ||
4567 | |||
4568 | don't record duplicate LocalForward and RemoteForward | ||
4569 | entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation | ||
4570 | where the same forwards are added on the second pass through the | ||
4571 | configuration file. bz#2562; ok dtucker@ | ||
4572 | |||
4573 | Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1 | ||
4574 | |||
4575 | commit 574def0eb493cd6efeffd4ff2e9257abcffee0c8 | ||
4576 | Author: krw@openbsd.org <krw@openbsd.org> | ||
4577 | Date: Sat Apr 2 14:37:42 2016 +0000 | ||
4578 | |||
4579 | upstream commit | ||
4580 | |||
4581 | Another use for fcntl() and thus of the superfluous 3rd | ||
4582 | parameter is when sanitising standard fd's before calling daemon(). | ||
4583 | |||
4584 | Use a tweaked version of the ssh(1) function in all three places | ||
4585 | found using fcntl() this way. | ||
4586 | |||
4587 | ok jca@ beck@ | ||
4588 | |||
4589 | Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218 | ||
4590 | |||
4591 | commit b3413534aa9d71a941005df2760d1eec2c2b0854 | ||
4592 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4593 | Date: Mon Apr 4 11:09:21 2016 +1000 | ||
4594 | |||
4595 | Tidy up openssl header test. | ||
4596 | |||
4597 | commit 815bcac0b94bb448de5acdd6ba925b8725240b4f | ||
4598 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4599 | Date: Mon Apr 4 11:07:59 2016 +1000 | ||
4600 | |||
4601 | Fix configure-time warnings for openssl test. | ||
4602 | |||
4603 | commit 95687f5831ae680f7959446d8ae4b52452ee05dd | ||
4604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4605 | Date: Fri Apr 1 02:34:10 2016 +0000 | ||
4606 | |||
4607 | upstream commit | ||
4608 | |||
4609 | whitespace at EOL | ||
4610 | |||
4611 | Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a | ||
4612 | |||
4613 | commit fdfbf4580de09d84a974211715e14f88a5704b8e | ||
4614 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4615 | Date: Thu Mar 31 05:24:06 2016 +0000 | ||
4616 | |||
4617 | upstream commit | ||
4618 | |||
4619 | Remove fallback from moduli to "primes" file that was | ||
4620 | deprecated in 2001 and fix log messages referring to primes file. Based on | ||
4621 | patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@ | ||
4622 | |||
4623 | Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713 | ||
4624 | |||
4625 | commit 0235a5fa67fcac51adb564cba69011a535f86f6b | ||
4626 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4627 | Date: Thu Mar 17 17:19:43 2016 +0000 | ||
4628 | |||
4629 | upstream commit | ||
4630 | |||
4631 | UseDNS affects ssh hostname processing in authorized_keys, | ||
4632 | not known_hosts; bz#2554 reported by jjelen AT redhat.com | ||
4633 | |||
4634 | Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591 | ||
4635 | |||
4636 | commit 8c4739338f5e379d05b19d6e544540114965f07e | ||
4637 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4638 | Date: Tue Mar 15 09:24:43 2016 +1100 | ||
4639 | |||
4640 | Don't call Solaris setproject() with UsePAM=yes. | ||
4641 | |||
4642 | When Solaris Projects are enabled along with PAM setting the project | ||
4643 | is PAM's responsiblity. bz#2425, based on patch from | ||
4644 | brent.paulson at gmail.com. | ||
4645 | |||
4646 | commit cff26f373c58457a32cb263e212cfff53fca987b | ||
4647 | Author: Damien Miller <djm@mindrot.org> | ||
4648 | Date: Tue Mar 15 04:30:21 2016 +1100 | ||
4649 | |||
4650 | remove slogin from *.spec | ||
4651 | |||
4652 | commit c38905ba391434834da86abfc988a2b8b9b62477 | ||
4653 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4654 | Date: Mon Mar 14 16:20:54 2016 +0000 | ||
4655 | |||
4656 | upstream commit | ||
4657 | |||
4658 | unbreak authentication using lone certificate keys in | ||
4659 | ssh-agent: when attempting pubkey auth with a certificate, if no separate | ||
4660 | private key is found among the keys then try with the certificate key itself. | ||
4661 | |||
4662 | bz#2550 reported by Peter Moody | ||
4663 | |||
4664 | Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966 | ||
4665 | |||
4666 | commit 4b4bfb01cd40b9ddb948e6026ddd287cc303d871 | ||
4667 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4668 | Date: Thu Mar 10 11:47:57 2016 +0000 | ||
4669 | |||
4670 | upstream commit | ||
4671 | |||
4672 | sanitise characters destined for xauth reported by | ||
4673 | github.com/tintinweb feedback and ok deraadt and markus | ||
4674 | |||
4675 | Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261 | ||
4676 | |||
4677 | commit 732b463d37221722b1206f43aa59563766a6a968 | ||
4678 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4679 | Date: Mon Mar 14 16:04:23 2016 +1100 | ||
4680 | |||
4681 | Pass supported malloc options to connect-privsep. | ||
4682 | |||
4683 | This allows us to activate only the supported options during the malloc | ||
4684 | option portion of the connect-privsep test. | ||
4685 | |||
4686 | commit d29c5b9b3e9f27394ca97a364ed4bb4a55a59744 | ||
4687 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4688 | Date: Mon Mar 14 09:30:58 2016 +1100 | ||
4689 | |||
4690 | Remove leftover roaming.h file. | ||
4691 | |||
4692 | Pointed out by des at des.no. | ||
4693 | |||
4694 | commit 8ff20ec95f4377021ed5e9b2331320f5c5a34cea | ||
4695 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4696 | Date: Mon Mar 14 09:24:03 2016 +1100 | ||
4697 | |||
4698 | Quote variables that may contain whitespace. | ||
4699 | |||
4700 | The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to | ||
4701 | survive paths containing whitespace. bz#2551, from Corinna Vinschen via | ||
4702 | Philip Hands. | ||
4703 | |||
4704 | commit 627824480c01f0b24541842c7206ab9009644d02 | ||
4705 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4706 | Date: Fri Mar 11 14:47:41 2016 +1100 | ||
4707 | |||
4708 | Include priv.h for priv_set_t. | ||
4709 | |||
4710 | From alex at cooperi.net. | ||
4711 | |||
4712 | commit e960051f9a264f682c4d2fefbeecffcfc66b0ddf | ||
4713 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4714 | Date: Wed Mar 9 13:14:18 2016 +1100 | ||
4715 | |||
4716 | Wrap stdint.h inside #ifdef HAVE_STDINT_H. | ||
4717 | |||
4718 | commit 2c48bd344d2c4b5e08dae9aea5ff44fc19a5e363 | ||
4719 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4720 | Date: Wed Mar 9 12:46:50 2016 +1100 | ||
4721 | |||
4722 | Add compat to monotime_double(). | ||
4723 | |||
4724 | Apply all of the portability changes in monotime() to monotime() double. | ||
4725 | Fixes build on at least older FreeBSD systems. | ||
4726 | |||
4727 | commit 7b40ef6c2eef40c339f6ea8920cb8a44838e10c9 | ||
4728 | Author: Damien Miller <djm@mindrot.org> | ||
4729 | Date: Tue Mar 8 14:12:58 2016 -0800 | ||
4730 | |||
4731 | make a regress-binaries target | ||
4732 | |||
4733 | Easier to build all the regression/unit test binaries in one pass | ||
4734 | than going through all of ${REGRESS_BINARIES} | ||
4735 | |||
4736 | commit c425494d6b6181beb54a1b3763ef9e944fd3c214 | ||
4737 | Author: Damien Miller <djm@mindrot.org> | ||
4738 | Date: Tue Mar 8 14:03:54 2016 -0800 | ||
4739 | |||
4740 | unbreak kexfuzz for -Werror without __bounded__ | ||
4741 | |||
4742 | commit 3ed9218c336607846563daea5d5ab4f701f4e042 | ||
4743 | Author: Damien Miller <djm@mindrot.org> | ||
4744 | Date: Tue Mar 8 14:01:29 2016 -0800 | ||
4745 | |||
4746 | unbreak PAM after canohost refactor | ||
4747 | |||
4748 | commit 885fb2a44ff694f01e4f6470f803629e11f62961 | ||
4749 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4750 | Date: Tue Mar 8 11:58:43 2016 +1100 | ||
4751 | |||
4752 | auth_get_canonical_hostname in portable code. | ||
4753 | |||
4754 | "refactor canohost.c" replaced get_canonical_hostname, this makes the | ||
4755 | same change to some portable-specific code. | ||
4756 | |||
4757 | commit 95767262caa6692eff1e1565be1f5cb297949a89 | ||
4758 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4759 | Date: Mon Mar 7 19:02:43 2016 +0000 | ||
4760 | |||
4761 | upstream commit | ||
4762 | |||
4763 | refactor canohost.c: move functions that cache results closer | ||
4764 | to the places that use them (authn and session code). After this, no state is | ||
4765 | cached in canohost.c | ||
4766 | |||
4767 | feedback and ok markus@ | ||
4768 | |||
4769 | Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e | ||
4770 | |||
4771 | commit af0bb38ffd1f2c4f9f43b0029be2efe922815255 | ||
4772 | Author: Damien Miller <djm@mindrot.org> | ||
4773 | Date: Fri Mar 4 15:11:55 2016 +1100 | ||
4774 | |||
4775 | hook unittests/misc/kexfuzz into build | ||
4776 | |||
4777 | commit 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248 | ||
4778 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4779 | Date: Fri Mar 4 02:48:06 2016 +0000 | ||
4780 | |||
4781 | upstream commit | ||
4782 | |||
4783 | Filter debug messages out of log before picking the last | ||
4784 | two lines. Should prevent problems if any more debug output is added late in | ||
4785 | the connection. | ||
4786 | |||
4787 | Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363 | ||
4788 | |||
4789 | commit 0892edaa3ce623381d3a7635544cbc69b31cf9cb | ||
4790 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4791 | Date: Fri Mar 4 02:30:36 2016 +0000 | ||
4792 | |||
4793 | upstream commit | ||
4794 | |||
4795 | add KEX fuzzer harness; ok deraadt@ | ||
4796 | |||
4797 | Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1 | ||
4798 | |||
4799 | commit ae2562c47d41b68dbb00240fd6dd60bed205367a | ||
4800 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4801 | Date: Thu Mar 3 00:46:53 2016 +0000 | ||
4802 | |||
4803 | upstream commit | ||
4804 | |||
4805 | Look back 3 lines for possible error messages. Changes | ||
4806 | to the code mean that "Bad packet length" errors are 3 lines back instead of | ||
4807 | the previous two, which meant we didn't skip some offsets that we intended | ||
4808 | to. | ||
4809 | |||
4810 | Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684 | ||
4811 | |||
4812 | commit 988e429d903acfb298bfddfd75e7994327adfed0 | ||
4813 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4814 | Date: Fri Mar 4 03:35:44 2016 +0000 | ||
4815 | |||
4816 | upstream commit | ||
4817 | |||
4818 | fix ClientAliveInterval when a time-based RekeyLimit is | ||
4819 | set; previously keepalive packets were not being sent. bz#2252 report and | ||
4820 | analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@ | ||
4821 | |||
4822 | Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81 | ||
4823 | |||
4824 | commit 8ef04d7a94bcdb8b0085fdd2a79a844b7d40792d | ||
4825 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4826 | Date: Wed Mar 2 22:43:52 2016 +0000 | ||
4827 | |||
4828 | upstream commit | ||
4829 | |||
4830 | Improve accuracy of reported transfer speeds by waiting | ||
4831 | for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@ | ||
4832 | |||
4833 | Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d | ||
4834 | |||
4835 | commit b8d4eafe29684fe4f5bb587f7eab948e6ed62723 | ||
4836 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
4837 | Date: Wed Mar 2 22:42:40 2016 +0000 | ||
4838 | |||
4839 | upstream commit | ||
4840 | |||
4841 | Improve precision of progressmeter for sftp and scp by | ||
4842 | storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@ | ||
4843 | |||
4844 | Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab | ||
4845 | |||
4846 | commit 18f64b969c70ed00e74b9d8e50359dbe698ce4c0 | ||
4847 | Author: jca@openbsd.org <jca@openbsd.org> | ||
4848 | Date: Mon Feb 29 20:22:36 2016 +0000 | ||
4849 | |||
4850 | upstream commit | ||
4851 | |||
4852 | Print ssize_t with %zd; ok deraadt@ mmcc@ | ||
4853 | |||
4854 | Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd | ||
4855 | |||
4856 | commit 6e7f68ce38130c794ec1fb8d2a6091fbe982628d | ||
4857 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4858 | Date: Sun Feb 28 22:27:00 2016 +0000 | ||
4859 | |||
4860 | upstream commit | ||
4861 | |||
4862 | rearrange DH public value tests to be a little more clear | ||
4863 | |||
4864 | rearrange DH private value generation to explain rationale more | ||
4865 | clearly and include an extra sanity check. | ||
4866 | |||
4867 | ok deraadt | ||
4868 | |||
4869 | Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad | ||
4870 | |||
4871 | commit 2ed17aa34008bdfc8db674315adc425a0712be11 | ||
4872 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4873 | Date: Tue Mar 1 15:24:20 2016 +1100 | ||
4874 | |||
4875 | Import updated moduli file from OpenBSD. | ||
4876 | |||
4877 | Note that 1.5k bit groups have been removed. | ||
4878 | |||
4879 | commit 72b061d4ba0f909501c595d709ea76e06b01e5c9 | ||
4880 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4881 | Date: Fri Feb 26 14:40:04 2016 +1100 | ||
4882 | |||
4883 | Add a note about using xlc on AIX. | ||
4884 | |||
4885 | commit fd4e4f2416baa2e6565ea49d52aade296bad3e28 | ||
4886 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4887 | Date: Wed Feb 24 10:44:25 2016 +1100 | ||
4888 | |||
4889 | Skip PrintLastLog in config dump mode. | ||
4890 | |||
4891 | When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the | ||
4892 | config dump since it'll be reported as UNKNOWN. | ||
4893 | |||
4894 | commit 99135c764fa250801da5ec3b8d06cbd0111caae8 | ||
4895 | Author: Damien Miller <djm@mindrot.org> | ||
4896 | Date: Tue Feb 23 20:17:23 2016 +1100 | ||
4897 | |||
4898 | update spec/README versions ahead of release | ||
4899 | |||
4900 | commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5 | ||
4901 | Author: Damien Miller <djm@mindrot.org> | ||
4902 | Date: Tue Feb 23 20:16:53 2016 +1100 | ||
4903 | |||
4904 | put back portable patchlevel to p1 | ||
4905 | |||
4906 | commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f | ||
4907 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4908 | Date: Tue Feb 23 09:14:34 2016 +0000 | ||
4909 | |||
4910 | upstream commit | ||
4911 | |||
4912 | openssh-7.2 | ||
4913 | |||
4914 | Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78 | ||
4915 | |||
4916 | commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf | ||
4917 | Author: Damien Miller <djm@mindrot.org> | ||
4918 | Date: Tue Feb 23 16:12:13 2016 +1100 | ||
4919 | |||
4920 | Disable tests where fs perms are incorrect | ||
4921 | |||
4922 | Some tests have strict requirements on the filesystem permissions | ||
4923 | for certain files and directories. This adds a regress/check-perm | ||
4924 | tool that copies the relevant logic from sshd to exactly test | ||
4925 | the paths in question. This lets us skip tests when the local | ||
4926 | filesystem doesn't conform to our expectations rather than | ||
4927 | continuing and failing the test run. | ||
4928 | |||
4929 | ok dtucker@ | ||
4930 | |||
4931 | commit 39f303b1f36d934d8410b05625f25c7bcb75db4d | ||
4932 | Author: Damien Miller <djm@mindrot.org> | ||
4933 | Date: Tue Feb 23 12:56:59 2016 +1100 | ||
4934 | |||
4935 | fix sandbox on OSX Lion | ||
4936 | |||
4937 | sshd was failing with: | ||
4938 | |||
4939 | ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw | ||
4940 | image not found [preauth] | ||
4941 | |||
4942 | caused by chroot before sandboxing. Avoid by explicitly linking libsandbox | ||
4943 | to sshd. Spotted by Darren. | ||
4944 | |||
4945 | commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4 | ||
4946 | Author: djm@openbsd.org <djm@openbsd.org> | ||
4947 | Date: Tue Feb 23 01:34:14 2016 +0000 | ||
4948 | |||
4949 | upstream commit | ||
4950 | |||
4951 | fix spurious error message when incorrect passphrase | ||
4952 | entered for keys; reported by espie@ ok deraadt@ | ||
4953 | |||
4954 | Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899 | ||
4955 | |||
4956 | commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc | ||
4957 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
4958 | Date: Sat Feb 20 23:06:23 2016 +0000 | ||
4959 | |||
4960 | upstream commit | ||
4961 | |||
4962 | set ssh(1) protocol version to 2 only. | ||
4963 | |||
4964 | ok djm@ | ||
4965 | |||
4966 | Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10 | ||
4967 | |||
4968 | commit 9262e07826ba5eebf8423f7ac9e47ec488c47869 | ||
4969 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
4970 | Date: Sat Feb 20 23:02:39 2016 +0000 | ||
4971 | |||
4972 | upstream commit | ||
4973 | |||
4974 | add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to | ||
4975 | IdentityFile. | ||
4976 | |||
4977 | ok djm@ | ||
4978 | |||
4979 | Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf | ||
4980 | |||
4981 | commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5 | ||
4982 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
4983 | Date: Sat Feb 20 23:01:46 2016 +0000 | ||
4984 | |||
4985 | upstream commit | ||
4986 | |||
4987 | AddressFamily defaults to any. | ||
4988 | |||
4989 | ok djm@ | ||
4990 | |||
4991 | Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c | ||
4992 | |||
4993 | commit 907091acb188b1057d50c2158f74c3ecf1c2302b | ||
4994 | Author: Darren Tucker <dtucker@zip.com.au> | ||
4995 | Date: Fri Feb 19 09:05:39 2016 +1100 | ||
4996 | |||
4997 | Make Solaris privs code build on older systems. | ||
4998 | |||
4999 | Not all systems with Solaris privs have priv_basicset so factor that | ||
5000 | out and provide backward compatibility code. Similarly, not all have | ||
5001 | PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from | ||
5002 | alex at cooperi.net and djm@ with help from carson at taltos.org and | ||
5003 | wieland at purdue.edu. | ||
5004 | |||
5005 | commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59 | ||
5006 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5007 | Date: Wed Feb 17 22:20:14 2016 +0000 | ||
5008 | |||
5009 | upstream commit | ||
5010 | |||
5011 | rekey refactor broke SSH1; spotted by Tom G. Christensen | ||
5012 | |||
5013 | Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243 | ||
5014 | |||
5015 | commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca | ||
5016 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5017 | Date: Wed Feb 17 08:57:34 2016 +0000 | ||
5018 | |||
5019 | upstream commit | ||
5020 | |||
5021 | rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly | ||
5022 | in *KeyTypes options yet. Remove them from the lists of algorithms for now. | ||
5023 | committing on behalf of markus@ ok djm@ | ||
5024 | |||
5025 | Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7 | ||
5026 | |||
5027 | commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b | ||
5028 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
5029 | Date: Wed Feb 17 07:38:19 2016 +0000 | ||
5030 | |||
5031 | upstream commit | ||
5032 | |||
5033 | since these pages now clearly tell folks to avoid v1, | ||
5034 | normalise the docs from a v2 perspective (i.e. stop pointing out which bits | ||
5035 | are v2 only); | ||
5036 | |||
5037 | ok/tweaks djm ok markus | ||
5038 | |||
5039 | Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129 | ||
5040 | |||
5041 | commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d | ||
5042 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5043 | Date: Wed Feb 17 05:29:04 2016 +0000 | ||
5044 | |||
5045 | upstream commit | ||
5046 | |||
5047 | make sandboxed privilege separation the default, not just | ||
5048 | for new installs; "absolutely" deraadt@ | ||
5049 | |||
5050 | Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b | ||
5051 | |||
5052 | commit eb3f7337a651aa01d5dec019025e6cdc124ed081 | ||
5053 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
5054 | Date: Tue Feb 16 07:47:54 2016 +0000 | ||
5055 | |||
5056 | upstream commit | ||
5057 | |||
5058 | no need to state that protocol 2 is the default twice; | ||
5059 | |||
5060 | Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb | ||
5061 | |||
5062 | commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005 | ||
5063 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5064 | Date: Tue Feb 16 05:11:04 2016 +0000 | ||
5065 | |||
5066 | upstream commit | ||
5067 | |||
5068 | Replace list of ciphers and MACs adjacent to -1/-2 flag | ||
5069 | descriptions in ssh(1) with a strong recommendation not to use protocol 1. | ||
5070 | Add a similar warning to the Protocol option descriptions in ssh_config(5) | ||
5071 | and sshd_config(5); | ||
5072 | |||
5073 | prompted by and ok mmcc@ | ||
5074 | |||
5075 | Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e | ||
5076 | |||
5077 | commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2 | ||
5078 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5079 | Date: Tue Feb 16 03:37:48 2016 +0000 | ||
5080 | |||
5081 | upstream commit | ||
5082 | |||
5083 | add a "Close session" log entry (at loglevel=verbose) to | ||
5084 | correspond to the existing "Starting session" one. Also include the session | ||
5085 | id number to make multiplexed sessions more apparent. | ||
5086 | |||
5087 | feedback and ok dtucker@ | ||
5088 | |||
5089 | Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c | ||
5090 | |||
5091 | commit 624fd395b559820705171f460dd33d67743d13d6 | ||
5092 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5093 | Date: Wed Feb 17 02:24:17 2016 +0000 | ||
5094 | |||
5095 | upstream commit | ||
5096 | |||
5097 | include bad $SSH_CONNECTION in failure output | ||
5098 | |||
5099 | Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529 | ||
5100 | |||
5101 | commit 60d860e54b4f199e5e89963b1c086981309753cb | ||
5102 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5103 | Date: Wed Feb 17 13:37:09 2016 +1100 | ||
5104 | |||
5105 | Rollback addition of va_start. | ||
5106 | |||
5107 | va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however | ||
5108 | it has the wrong number of args and it's not usable in non-variadic | ||
5109 | functions anyway so it breaks things (for example Solaris 2.6 as | ||
5110 | reported by Tom G. Christensen).i ok djm@ | ||
5111 | |||
5112 | commit 2fee909c3cee2472a98b26eb82696297b81e0d38 | ||
5113 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5114 | Date: Wed Feb 17 09:48:15 2016 +1100 | ||
5115 | |||
5116 | Look for gethostbyname in libresolv and libnsl. | ||
5117 | |||
5118 | Should fix build problem on Solaris 2.6 reported by Tom G. Christensen. | ||
5119 | |||
5120 | commit 5ac712d81a84396aab441a272ec429af5b738302 | ||
5121 | Author: Damien Miller <djm@mindrot.org> | ||
5122 | Date: Tue Feb 16 10:45:02 2016 +1100 | ||
5123 | |||
5124 | make existing ssh_malloc_init only for __OpenBSD__ | ||
5125 | |||
5126 | commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec | ||
5127 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5128 | Date: Mon Feb 15 23:32:37 2016 +0000 | ||
5129 | |||
5130 | upstream commit | ||
5131 | |||
5132 | memleak of algorithm name in mm_answer_sign; reported by | ||
5133 | Jakub Jelen | ||
5134 | |||
5135 | Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08 | ||
5136 | |||
5137 | commit ffb1e7e896139a42ceb78676f637658f44612411 | ||
5138 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5139 | Date: Mon Feb 15 09:47:49 2016 +0000 | ||
5140 | |||
5141 | upstream commit | ||
5142 | |||
5143 | Add a function to enable security-related malloc_options. | ||
5144 | With and ok deraadt@, something similar has been in the snaps for a while. | ||
5145 | |||
5146 | Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed | ||
5147 | |||
5148 | commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c | ||
5149 | Author: Damien Miller <djm@mindrot.org> | ||
5150 | Date: Tue Feb 16 10:34:39 2016 +1100 | ||
5151 | |||
5152 | sync ssh-copy-id with upstream 783ef08b0a75 | ||
5153 | |||
5154 | commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd | ||
5155 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5156 | Date: Fri Feb 12 00:20:30 2016 +0000 | ||
5157 | |||
5158 | upstream commit | ||
5159 | |||
5160 | avoid fatal() for PKCS11 tokens that present empty key IDs | ||
5161 | bz#1773, ok markus@ | ||
5162 | |||
5163 | Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54 | ||
5164 | |||
5165 | commit e4c918a6c721410792b287c9fd21356a1bed5805 | ||
5166 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5167 | Date: Thu Feb 11 02:56:32 2016 +0000 | ||
5168 | |||
5169 | upstream commit | ||
5170 | |||
5171 | sync crypto algorithm lists in ssh_config(5) and | ||
5172 | sshd_config(5) with current reality. bz#2527 | ||
5173 | |||
5174 | Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6 | ||
5175 | |||
5176 | commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517 | ||
5177 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5178 | Date: Thu Feb 11 02:21:34 2016 +0000 | ||
5179 | |||
5180 | upstream commit | ||
5181 | |||
5182 | fix regression in openssh-6.8 sftp client: existing | ||
5183 | destination directories would incorrectly terminate recursive uploads; | ||
5184 | bz#2528 | ||
5185 | |||
5186 | Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18 | ||
5187 | |||
5188 | commit 714e367226ded4dc3897078be48b961637350b05 | ||
5189 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5190 | Date: Tue Feb 9 05:30:04 2016 +0000 | ||
5191 | |||
5192 | upstream commit | ||
5193 | |||
5194 | turn off more old crypto in the client: hmac-md5, ripemd, | ||
5195 | truncated HMACs, RC4, blowfish. ok markus@ dtucker@ | ||
5196 | |||
5197 | Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e | ||
5198 | |||
5199 | commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3 | ||
5200 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5201 | Date: Mon Feb 8 23:40:12 2016 +0000 | ||
5202 | |||
5203 | upstream commit | ||
5204 | |||
5205 | don't attempt to percent_expand() already-canonicalised | ||
5206 | addresses, avoiding unnecessary failures when attempting to connect to scoped | ||
5207 | IPv6 addresses (that naturally contain '%' characters) | ||
5208 | |||
5209 | Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a | ||
5210 | |||
5211 | commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a | ||
5212 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5213 | Date: Mon Feb 8 10:57:07 2016 +0000 | ||
5214 | |||
5215 | upstream commit | ||
5216 | |||
5217 | refactor activation of rekeying | ||
5218 | |||
5219 | This makes automatic rekeying internal to the packet code (previously | ||
5220 | the server and client loops needed to assist). In doing to it makes | ||
5221 | application of rekey limits more accurate by accounting for packets | ||
5222 | about to be sent as well as packets queued during rekeying events | ||
5223 | themselves. | ||
5224 | |||
5225 | Based on a patch from dtucker@ which was in turn based on a patch | ||
5226 | Aleksander Adamowski in bz#2521; ok markus@ | ||
5227 | |||
5228 | Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8 | ||
5229 | |||
5230 | commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d | ||
5231 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
5232 | Date: Fri Feb 5 13:28:19 2016 +0000 | ||
5233 | |||
5234 | upstream commit | ||
5235 | |||
5236 | Only check errno if read() has returned an error. EOF is | ||
5237 | not an error. This fixes a problem where the mux master would sporadically | ||
5238 | fail to notice that the client had exited. ok mikeb@ djm@ | ||
5239 | |||
5240 | Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53 | ||
5241 | |||
5242 | commit 56d7dac790693ce420d225119283bc355cff9185 | ||
5243 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
5244 | Date: Fri Feb 5 04:31:21 2016 +0000 | ||
5245 | |||
5246 | upstream commit | ||
5247 | |||
5248 | avoid an uninitialised value when NumberOfPasswordPrompts | ||
5249 | is 0 ok markus@ djm@ | ||
5250 | |||
5251 | Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b | ||
5252 | |||
5253 | commit deae7d52d59c5019c528f977360d87fdda15d20b | ||
5254 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5255 | Date: Fri Feb 5 03:07:06 2016 +0000 | ||
5256 | |||
5257 | upstream commit | ||
5258 | |||
5259 | mention internal DH-GEX fallback groups; bz#2302 | ||
5260 | |||
5261 | Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e | ||
5262 | |||
5263 | commit cac3b6665f884d46192c0dc98a64112e8b11a766 | ||
5264 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5265 | Date: Fri Feb 5 02:37:56 2016 +0000 | ||
5266 | |||
5267 | upstream commit | ||
5268 | |||
5269 | better description for MaxSessions; bz#2531 | ||
5270 | |||
5271 | Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da | ||
5272 | |||
5273 | commit 5ef4b0fdcc7a239577a754829b50022b91ab4712 | ||
5274 | Author: Damien Miller <djm@mindrot.org> | ||
5275 | Date: Wed Jan 27 17:45:56 2016 +1100 | ||
5276 | |||
5277 | avoid FreeBSD RCS Id in comment | ||
5278 | |||
5279 | Change old $FreeBSD version string in comment so it doesn't | ||
5280 | become an RCS ident downstream; requested by des AT des.no | ||
5281 | |||
5282 | commit 696d12683c90d20a0a9c5f4275fc916b7011fb04 | ||
5283 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5284 | Date: Thu Feb 4 23:43:48 2016 +0000 | ||
5285 | |||
5286 | upstream commit | ||
5287 | |||
5288 | printf argument casts to avoid warnings on strict | ||
5289 | compilers | ||
5290 | |||
5291 | Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c | ||
5292 | |||
5293 | commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a | ||
5294 | Author: millert@openbsd.org <millert@openbsd.org> | ||
5295 | Date: Mon Feb 1 21:18:17 2016 +0000 | ||
5296 | |||
5297 | upstream commit | ||
5298 | |||
5299 | Avoid ugly "DISPLAY "(null)" invalid; disabling X11 | ||
5300 | forwarding" message when DISPLAY is not set. This could also result in a | ||
5301 | crash on systems with a printf that doesn't handle NULL. OK djm@ | ||
5302 | |||
5303 | Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412 | ||
5304 | |||
5305 | commit 537f88ec7bcf40bd444ac5584c707c5588c55c43 | ||
5306 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5307 | Date: Fri Jan 29 05:18:15 2016 +0000 | ||
5308 | |||
5309 | upstream commit | ||
5310 | |||
5311 | Add regression test for RekeyLimit parsing of >32bit values | ||
5312 | (4G and 8G). | ||
5313 | |||
5314 | Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328 | ||
5315 | |||
5316 | commit 4c6cb8330460f94e6c7ae28a364236d4188156a3 | ||
5317 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5318 | Date: Fri Jan 29 23:04:46 2016 +0000 | ||
5319 | |||
5320 | upstream commit | ||
5321 | |||
5322 | Remove leftover roaming dead code. ok djm markus. | ||
5323 | |||
5324 | Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be | ||
5325 | |||
5326 | commit 28136471809806d6246ef41e4341467a39fe2f91 | ||
5327 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5328 | Date: Fri Jan 29 05:46:01 2016 +0000 | ||
5329 | |||
5330 | upstream commit | ||
5331 | |||
5332 | include packet type of non-data packets in debug3 output; | ||
5333 | ok markus dtucker | ||
5334 | |||
5335 | Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41 | ||
5336 | |||
5337 | commit 6fd6e28daccafaa35f02741036abe64534c361a1 | ||
5338 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5339 | Date: Fri Jan 29 03:31:03 2016 +0000 | ||
5340 | |||
5341 | upstream commit | ||
5342 | |||
5343 | Revert "account for packets buffered but not yet | ||
5344 | processed" change as it breaks for very small RekeyLimit values due to | ||
5345 | continuous rekeying. ok djm@ | ||
5346 | |||
5347 | Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19 | ||
5348 | |||
5349 | commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb | ||
5350 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5351 | Date: Fri Jan 29 02:54:45 2016 +0000 | ||
5352 | |||
5353 | upstream commit | ||
5354 | |||
5355 | Allow RekeyLimits in excess of 4G up to 2**63 bits | ||
5356 | (limited by the return type of scan_scaled). Part of bz#2521, ok djm. | ||
5357 | |||
5358 | Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979 | ||
5359 | |||
5360 | commit c0060a65296f01d4634f274eee184c0e93ba0f23 | ||
5361 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5362 | Date: Fri Jan 29 02:42:46 2016 +0000 | ||
5363 | |||
5364 | upstream commit | ||
5365 | |||
5366 | Account for packets buffered but not yet processed when | ||
5367 | computing whether or not it is time to perform rekeying. bz#2521, based | ||
5368 | loosely on a patch from olo at fb.com, ok djm@ | ||
5369 | |||
5370 | Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c | ||
5371 | |||
5372 | commit 44cf930e670488c85c9efeb373fa5f4b455692ac | ||
5373 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5374 | Date: Wed Jan 27 06:44:58 2016 +0000 | ||
5375 | |||
5376 | upstream commit | ||
5377 | |||
5378 | change old $FreeBSD version string in comment so it doesn't | ||
5379 | become an RCS ident downstream; requested by des AT des.no | ||
5380 | |||
5381 | Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722 | ||
5382 | |||
5383 | commit ebacd377769ac07d1bf3c75169644336056b7060 | ||
5384 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5385 | Date: Wed Jan 27 00:53:12 2016 +0000 | ||
5386 | |||
5387 | upstream commit | ||
5388 | |||
5389 | make the debug messages a bit more useful here | ||
5390 | |||
5391 | Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64 | ||
5392 | |||
5393 | commit 458abc2934e82034c5c281336d8dc0f910aecad3 | ||
5394 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
5395 | Date: Sat Jan 23 05:31:35 2016 +0000 | ||
5396 | |||
5397 | upstream commit | ||
5398 | |||
5399 | Zero a stack buffer with explicit_bzero() instead of | ||
5400 | memset() when returning from client_loop() for consistency with | ||
5401 | buffer_free()/sshbuf_free(). | ||
5402 | |||
5403 | ok dtucker@ deraadt@ djm@ | ||
5404 | |||
5405 | Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66 | ||
5406 | |||
5407 | commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0 | ||
5408 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5409 | Date: Wed Jan 20 09:22:39 2016 +0000 | ||
5410 | |||
5411 | upstream commit | ||
5412 | |||
5413 | Include sys/time.h for gettimeofday. From sortie at | ||
5414 | maxsi.org. | ||
5415 | |||
5416 | Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b | ||
5417 | |||
5418 | commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a | ||
5419 | Author: markus@openbsd.org <markus@openbsd.org> | ||
5420 | Date: Thu Jan 14 22:56:56 2016 +0000 | ||
5421 | |||
5422 | upstream commit | ||
5423 | |||
5424 | fd leaks; report Qualys Security Advisory team; ok | ||
5425 | deraadt@ | ||
5426 | |||
5427 | Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d | ||
5428 | |||
5429 | commit a306863831c57ec5fad918687cc5d289ee8e2635 | ||
5430 | Author: markus@openbsd.org <markus@openbsd.org> | ||
5431 | Date: Thu Jan 14 16:17:39 2016 +0000 | ||
5432 | |||
5433 | upstream commit | ||
5434 | |||
5435 | remove roaming support; ok djm@ | ||
5436 | |||
5437 | Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56 | ||
5438 | |||
5439 | commit 6ef49e83e30688504552ac10875feabd5521565f | ||
5440 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
5441 | Date: Thu Jan 14 14:34:34 2016 +0000 | ||
5442 | |||
5443 | upstream commit | ||
5444 | |||
5445 | Disable experimental client-side roaming support. Server | ||
5446 | side was disabled/gutted for years already, but this aspect was surprisingly | ||
5447 | forgotten. Thanks for report from Qualys | ||
5448 | |||
5449 | Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df | ||
5450 | |||
5451 | commit 8d7b523b96d3be180572d9d338cedaafc0570f60 | ||
5452 | Author: Damien Miller <djm@mindrot.org> | ||
5453 | Date: Thu Jan 14 11:08:19 2016 +1100 | ||
5454 | |||
5455 | bump version numbers | ||
5456 | |||
5457 | commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca | ||
5458 | Author: Damien Miller <djm@mindrot.org> | ||
5459 | Date: Thu Jan 14 11:04:04 2016 +1100 | ||
5460 | |||
5461 | openssh-7.1p2 | ||
5462 | |||
5463 | commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5 | ||
5464 | Author: Damien Miller <djm@mindrot.org> | ||
5465 | Date: Fri Jan 15 01:30:36 2016 +1100 | ||
5466 | |||
5467 | forcibly disable roaming support in the client | ||
5468 | |||
5469 | commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c | ||
5470 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5471 | Date: Wed Jan 13 23:04:47 2016 +0000 | ||
5472 | |||
5473 | upstream commit | ||
5474 | |||
5475 | eliminate fallback from untrusted X11 forwarding to trusted | ||
5476 | forwarding when the X server disables the SECURITY extension; Reported by | ||
5477 | Thomas Hoger; ok deraadt@ | ||
5478 | |||
5479 | Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938 | ||
5480 | |||
5481 | commit 9a728cc918fad67c8a9a71201088b1e150340ba4 | ||
5482 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5483 | Date: Tue Jan 12 23:42:54 2016 +0000 | ||
5484 | |||
5485 | upstream commit | ||
5486 | |||
5487 | use explicit_bzero() more liberally in the buffer code; ok | ||
5488 | deraadt | ||
5489 | |||
5490 | Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf | ||
5491 | |||
5492 | commit 4626cbaf78767fc8e9c86dd04785386c59ae0839 | ||
5493 | Author: Damien Miller <djm@mindrot.org> | ||
5494 | Date: Fri Jan 8 14:24:56 2016 +1100 | ||
5495 | |||
5496 | Support Illumos/Solaris fine-grained privileges | ||
5497 | |||
5498 | Includes a pre-auth privsep sandbox and several pledge() | ||
5499 | emulations. bz#2511, patch by Alex Wilson. | ||
5500 | |||
5501 | ok dtucker@ | ||
5502 | |||
5503 | commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d | ||
5504 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5505 | Date: Thu Dec 31 00:33:52 2015 +0000 | ||
5506 | |||
5507 | upstream commit | ||
5508 | |||
5509 | fix three bugs in KRL code related to (unused) signature | ||
5510 | support: verification length was being incorrectly calculated, multiple | ||
5511 | signatures were being incorrectly processed and a NULL dereference that | ||
5512 | occurred when signatures were verified. Reported by Carl Jackson | ||
5513 | |||
5514 | Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b | ||
5515 | |||
5516 | commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a | ||
5517 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5518 | Date: Wed Dec 30 23:46:14 2015 +0000 | ||
5519 | |||
5520 | upstream commit | ||
5521 | |||
5522 | unused prototype | ||
5523 | |||
5524 | Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97 | ||
5525 | |||
5526 | commit 6213f0e180e54122bb1ba928e11c784e2b4e5380 | ||
5527 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
5528 | Date: Sat Dec 26 20:51:35 2015 +0000 | ||
5529 | |||
5530 | upstream commit | ||
5531 | |||
5532 | Use pread/pwrite instead separate lseek+read/write for | ||
5533 | lastlog. Cast to off_t before multiplication to avoid truncation on ILP32 | ||
5534 | |||
5535 | ok kettenis@ mmcc@ | ||
5536 | |||
5537 | Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf | ||
5538 | |||
5539 | commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f | ||
5540 | Author: semarie@openbsd.org <semarie@openbsd.org> | ||
5541 | Date: Sat Dec 26 07:46:03 2015 +0000 | ||
5542 | |||
5543 | upstream commit | ||
5544 | |||
5545 | adjust pledge promises for ControlMaster: when using | ||
5546 | "ask" or "autoask", the process will use ssh-askpass for asking confirmation. | ||
5547 | |||
5548 | problem found by halex@ | ||
5549 | |||
5550 | ok halex@ | ||
5551 | |||
5552 | Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80 | ||
5553 | |||
5554 | commit 271df8185d9689b3fb0523f58514481b858f6843 | ||
5555 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5556 | Date: Sun Dec 13 22:42:23 2015 +0000 | ||
5557 | |||
5558 | upstream commit | ||
5559 | |||
5560 | unbreak connections with peers that set | ||
5561 | first_kex_follows; fix from Matt Johnston va bz#2515 | ||
5562 | |||
5563 | Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b | ||
5564 | |||
5565 | commit 43849a47c5f8687699eafbcb5604f6b9c395179f | ||
5566 | Author: doug@openbsd.org <doug@openbsd.org> | ||
5567 | Date: Fri Dec 11 17:41:37 2015 +0000 | ||
5568 | |||
5569 | upstream commit | ||
5570 | |||
5571 | Add "id" to ssh-agent pledge for subprocess support. | ||
5572 | |||
5573 | Found the hard way by Jan Johansson when using ssh-agent with X. Also, | ||
5574 | rearranged proc/exec and retval to match other pledge calls in the tree. | ||
5575 | |||
5576 | ok djm@ | ||
5577 | |||
5578 | Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db | ||
5579 | |||
5580 | commit 52d7078421844b2f88329f5be3de370b0a938636 | ||
5581 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
5582 | Date: Fri Dec 11 04:21:11 2015 +0000 | ||
5583 | |||
5584 | upstream commit | ||
5585 | |||
5586 | Remove NULL-checks before sshbuf_free(). | ||
5587 | |||
5588 | ok djm@ | ||
5589 | |||
5590 | Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917 | ||
5591 | |||
5592 | commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7 | ||
5593 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5594 | Date: Fri Dec 11 03:24:25 2015 +0000 | ||
5595 | |||
5596 | upstream commit | ||
5597 | |||
5598 | include remote port number in a few more messages; makes | ||
5599 | tying log messages together into a session a bit easier; bz#2503 ok dtucker@ | ||
5600 | |||
5601 | Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e | ||
5602 | |||
5603 | commit 6091c362e89079397e68744ae30df121b0a72c07 | ||
5604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5605 | Date: Fri Dec 11 03:20:09 2015 +0000 | ||
5606 | |||
5607 | upstream commit | ||
5608 | |||
5609 | don't try to load SSHv1 private key when compiled without | ||
5610 | SSHv1 support. From Iain Morgan bz#2505 | ||
5611 | |||
5612 | Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7 | ||
5613 | |||
5614 | commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352 | ||
5615 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5616 | Date: Fri Dec 11 03:19:09 2015 +0000 | ||
5617 | |||
5618 | upstream commit | ||
5619 | |||
5620 | use SSH_MAX_PUBKEY_BYTES consistently as buffer size when | ||
5621 | reading key files. Increase it to match the size of the buffers already being | ||
5622 | used. | ||
5623 | |||
5624 | Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae | ||
5625 | |||
5626 | commit 89540b6de025b80404a0cb8418c06377f3f98848 | ||
5627 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
5628 | Date: Fri Dec 11 02:31:47 2015 +0000 | ||
5629 | |||
5630 | upstream commit | ||
5631 | |||
5632 | Remove NULL-checks before sshkey_free(). | ||
5633 | |||
5634 | ok djm@ | ||
5635 | |||
5636 | Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52 | ||
5637 | |||
5638 | commit 79394ed6d74572c2d2643d73937dad33727fc240 | ||
5639 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
5640 | Date: Fri Dec 11 02:29:03 2015 +0000 | ||
5641 | |||
5642 | upstream commit | ||
5643 | |||
5644 | fflush stdout so that output is seen even when running in | ||
5645 | debug mode when output may otherwise not be flushed. Patch from dustin at | ||
5646 | null-ptr.net. | ||
5647 | |||
5648 | Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc | ||
5649 | |||
5650 | commit ee607cccb6636eb543282ba90e0677b0604d8b7a | ||
5651 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5652 | Date: Tue Dec 15 15:23:49 2015 +1100 | ||
5653 | |||
5654 | Increase robustness of redhat/openssh.spec | ||
5655 | |||
5656 | - remove configure --with-rsh, because this option isn't supported anymore | ||
5657 | - replace last occurrence of BuildPreReq by BuildRequires | ||
5658 | - update grep statement to query the krb5 include directory | ||
5659 | |||
5660 | Patch from CarstenGrohmann via github, ok djm. | ||
5661 | |||
5662 | commit b5fa0cd73555b991a543145603658d7088ec6b60 | ||
5663 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5664 | Date: Tue Dec 15 15:10:32 2015 +1100 | ||
5665 | |||
5666 | Allow --without-ssl-engine with --without-openssl | ||
5667 | |||
5668 | Patch from Mike Frysinger via github. | ||
5669 | |||
5670 | commit c1d7e546f6029024f3257cc25c92f2bddf163125 | ||
5671 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5672 | Date: Tue Dec 15 14:27:09 2015 +1100 | ||
5673 | |||
5674 | Include openssl crypto.h for SSLeay. | ||
5675 | |||
5676 | Patch from doughdemon via github. | ||
5677 | |||
5678 | commit c6f5f01651526e88c00d988ce59d71f481ebac62 | ||
5679 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5680 | Date: Tue Dec 15 13:59:12 2015 +1100 | ||
5681 | |||
5682 | Add sys/time.h for gettimeofday. | ||
5683 | |||
5684 | Should allow it it compile with MUSL libc. Based on patch from | ||
5685 | doughdemon via github. | ||
5686 | |||
5687 | commit 39736be06c7498ef57d6970f2d85cf066ae57c82 | ||
5688 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5689 | Date: Fri Dec 11 02:20:28 2015 +0000 | ||
5690 | |||
5691 | upstream commit | ||
5692 | |||
5693 | correct error messages; from Tomas Kuthan bz#2507 | ||
5694 | |||
5695 | Upstream-ID: 7454a0affeab772398052954c79300aa82077093 | ||
5696 | |||
5697 | commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6 | ||
5698 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
5699 | Date: Fri Dec 11 00:20:04 2015 +0000 | ||
5700 | |||
5701 | upstream commit | ||
5702 | |||
5703 | Pass (char *)NULL rather than (char *)0 to execl and | ||
5704 | execlp. | ||
5705 | |||
5706 | ok dtucker@ | ||
5707 | |||
5708 | Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492 | ||
5709 | |||
5710 | commit d59ce08811bf94111c2f442184cf7d1257ffae24 | ||
5711 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
5712 | Date: Thu Dec 10 17:08:40 2015 +0000 | ||
5713 | |||
5714 | upstream commit | ||
5715 | |||
5716 | Remove NULL-checks before free(). | ||
5717 | |||
5718 | ok dtucker@ | ||
5719 | |||
5720 | Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8 | ||
5721 | |||
5722 | commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71 | ||
5723 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
5724 | Date: Thu Dec 10 07:01:35 2015 +0000 | ||
5725 | |||
5726 | upstream commit | ||
5727 | |||
5728 | Fix a couple "the the" typos. ok dtucker@ | ||
5729 | |||
5730 | Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72 | ||
5731 | |||
5732 | commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e | ||
5733 | Author: markus@openbsd.org <markus@openbsd.org> | ||
5734 | Date: Mon Dec 7 20:04:09 2015 +0000 | ||
5735 | |||
5736 | upstream commit | ||
5737 | |||
5738 | stricter encoding type checks for ssh-rsa; ok djm@ | ||
5739 | |||
5740 | Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650 | ||
5741 | |||
5742 | commit d86a3ba7af160c13496102aed861ae48a4297072 | ||
5743 | Author: Damien Miller <djm@mindrot.org> | ||
5744 | Date: Wed Dec 9 09:18:45 2015 +1100 | ||
5745 | |||
5746 | Don't set IPV6_V6ONLY on OpenBSD | ||
5747 | |||
5748 | It isn't necessary and runs afoul of pledge(2) restrictions. | ||
5749 | |||
5750 | commit da98c11d03d819a15429d8fff9688acd7505439f | ||
5751 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5752 | Date: Mon Dec 7 02:20:46 2015 +0000 | ||
5753 | |||
5754 | upstream commit | ||
5755 | |||
5756 | basic unit tests for rsa-sha2-* signature types | ||
5757 | |||
5758 | Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c | ||
5759 | |||
5760 | commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0 | ||
5761 | Author: markus@openbsd.org <markus@openbsd.org> | ||
5762 | Date: Sat Dec 5 20:53:21 2015 +0000 | ||
5763 | |||
5764 | upstream commit | ||
5765 | |||
5766 | prefer rsa-sha2-512 over -256 for hostkeys, too; noticed | ||
5767 | by naddy@ | ||
5768 | |||
5769 | Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe | ||
5770 | |||
5771 | commit 8b56e59714d87181505e4678f0d6d39955caf10e | ||
5772 | Author: tobias@openbsd.org <tobias@openbsd.org> | ||
5773 | Date: Fri Dec 4 21:51:06 2015 +0000 | ||
5774 | |||
5775 | upstream commit | ||
5776 | |||
5777 | Properly handle invalid %-format by calling fatal. | ||
5778 | |||
5779 | ok deraadt, djm | ||
5780 | |||
5781 | Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac | ||
5782 | |||
5783 | commit 76c9fbbe35aabc1db977fb78e827644345e9442e | ||
5784 | Author: markus@openbsd.org <markus@openbsd.org> | ||
5785 | Date: Fri Dec 4 16:41:28 2015 +0000 | ||
5786 | |||
5787 | upstream commit | ||
5788 | |||
5789 | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures | ||
5790 | (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and | ||
5791 | draft-ssh-ext-info-04.txt; with & ok djm@ | ||
5792 | |||
5793 | Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309 | ||
5794 | |||
5795 | commit 6064a8b8295cb5a17b5ebcfade53053377714f40 | ||
5796 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5797 | Date: Fri Dec 4 00:24:55 2015 +0000 | ||
5798 | |||
5799 | upstream commit | ||
5800 | |||
5801 | clean up agent_fd handling; properly initialise it to -1 | ||
5802 | and make tests consistent | ||
5803 | |||
5804 | ok markus@ | ||
5805 | |||
5806 | Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707 | ||
5807 | |||
5808 | commit b91926a97620f3e51761c271ba57aa5db790f48d | ||
5809 | Author: semarie@openbsd.org <semarie@openbsd.org> | ||
5810 | Date: Thu Dec 3 17:00:18 2015 +0000 | ||
5811 | |||
5812 | upstream commit | ||
5813 | |||
5814 | pledges ssh client: - mux client: which is used when | ||
5815 | ControlMaster is in use. will end with "stdio proc tty" (proc is to | ||
5816 | permit sending SIGWINCH to mux master on window resize) | ||
5817 | |||
5818 | - client loop: several levels of pledging depending of your used options | ||
5819 | |||
5820 | ok deraadt@ | ||
5821 | |||
5822 | Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b | ||
5823 | |||
5824 | commit bcce47466bbc974636f588b5e4a9a18ae386f64a | ||
5825 | Author: doug@openbsd.org <doug@openbsd.org> | ||
5826 | Date: Wed Dec 2 08:30:50 2015 +0000 | ||
5827 | |||
5828 | upstream commit | ||
5829 | |||
5830 | Add "cpath" to the ssh-agent pledge so the cleanup | ||
5831 | handler can unlink(). | ||
5832 | |||
5833 | ok djm@ | ||
5834 | |||
5835 | Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d | ||
5836 | |||
5837 | commit a90d001543f46716b6590c6dcc681d5f5322f8cf | ||
5838 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5839 | Date: Wed Dec 2 08:00:58 2015 +0000 | ||
5840 | |||
5841 | upstream commit | ||
5842 | |||
5843 | ssh-agent pledge needs proc for askpass; spotted by todd@ | ||
5844 | |||
5845 | Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a | ||
5846 | |||
5847 | commit d952162b3c158a8f23220587bb6c8fcda75da551 | ||
5848 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5849 | Date: Tue Dec 1 23:29:24 2015 +0000 | ||
5850 | |||
5851 | upstream commit | ||
5852 | |||
5853 | basic pledge() for ssh-agent, more refinement needed | ||
5854 | |||
5855 | Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13 | ||
5856 | |||
5857 | commit f0191d7c8e76e30551084b79341886d9bb38e453 | ||
5858 | Author: Damien Miller <djm@mindrot.org> | ||
5859 | Date: Mon Nov 30 10:53:25 2015 +1100 | ||
5860 | |||
5861 | Revert "stub for pledge(2) for systems that lack it" | ||
5862 | |||
5863 | This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c. | ||
5864 | |||
5865 | dtucker beat me to it :/ | ||
5866 | |||
5867 | commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676 | ||
5868 | Author: Damien Miller <djm@mindrot.org> | ||
5869 | Date: Mon Nov 30 10:37:03 2015 +1100 | ||
5870 | |||
5871 | revert 7d4c7513: bring back S/Key prototypes | ||
5872 | |||
5873 | (but leave RCSID changes) | ||
5874 | |||
5875 | commit 14c887c8393adde2d9fd437d498be30f8c98535c | ||
5876 | Author: Damien Miller <djm@mindrot.org> | ||
5877 | Date: Mon Nov 30 09:45:29 2015 +1100 | ||
5878 | |||
5879 | stub for pledge(2) for systems that lack it | ||
5880 | |||
5881 | commit 452c0b6af5d14c37553e30059bf74456012493f3 | ||
5882 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5883 | Date: Sun Nov 29 22:18:37 2015 +0000 | ||
5884 | |||
5885 | upstream commit | ||
5886 | |||
5887 | pledge, better fatal() messages; feedback deraadt@ | ||
5888 | |||
5889 | Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f | ||
5890 | |||
5891 | commit 6da413c085dba37127687b2617a415602505729b | ||
5892 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
5893 | Date: Sat Nov 28 06:50:52 2015 +0000 | ||
5894 | |||
5895 | upstream commit | ||
5896 | |||
5897 | do not leak temp file if there is no known_hosts file | ||
5898 | from craig leres, ok djm | ||
5899 | |||
5900 | Upstream-ID: c820497fd5574844c782e79405c55860f170e426 | ||
5901 | |||
5902 | commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16 | ||
5903 | Author: Darren Tucker <dtucker@zip.com.au> | ||
5904 | Date: Mon Nov 30 07:23:53 2015 +1100 | ||
5905 | |||
5906 | Add a null implementation of pledge. | ||
5907 | |||
5908 | Fixes builds on almost everything. | ||
5909 | |||
5910 | commit b1d6b3971ef256a08692efc409fc9ada719111cc | ||
5911 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5912 | Date: Sat Nov 28 06:41:03 2015 +0000 | ||
5913 | |||
5914 | upstream commit | ||
5915 | |||
5916 | don't include port number in tcpip-forward replies for | ||
5917 | requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok | ||
5918 | markus | ||
5919 | |||
5920 | Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a | ||
5921 | |||
5922 | commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 | ||
5923 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
5924 | Date: Fri Nov 27 00:49:31 2015 +0000 | ||
5925 | |||
5926 | upstream commit | ||
5927 | |||
5928 | pledge "stdio rpath wpath cpath fattr tty proc exec" | ||
5929 | except for the -p option (which sadly has insane semantics...) ok semarie | ||
5930 | dtucker | ||
5931 | |||
5932 | Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059 | ||
5933 | |||
5934 | commit 4d90625b229cf6b3551d81550a9861897509a65f | ||
5935 | Author: halex@openbsd.org <halex@openbsd.org> | ||
5936 | Date: Fri Nov 20 23:04:01 2015 +0000 | ||
5937 | |||
5938 | upstream commit | ||
5939 | |||
5940 | allow comment change for all supported formats | ||
5941 | |||
5942 | ok djm@ | ||
5943 | |||
5944 | Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b | ||
5945 | |||
5946 | commit 8ca915fc761519dd1f7766a550ec597a81db5646 | ||
5947 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5948 | Date: Fri Nov 20 01:45:29 2015 +0000 | ||
5949 | |||
5950 | upstream commit | ||
5951 | |||
5952 | add cast to make -Werror clean | ||
5953 | |||
5954 | Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d | ||
5955 | |||
5956 | commit ac9473580dcd401f8281305af98635cdaae9bf96 | ||
5957 | Author: Damien Miller <djm@mindrot.org> | ||
5958 | Date: Fri Nov 20 12:35:41 2015 +1100 | ||
5959 | |||
5960 | fix multiple authentication using S/Key w/ privsep | ||
5961 | |||
5962 | bz#2502, patch from Kevin Korb and feandil_ | ||
5963 | |||
5964 | commit 88b6fcdeb87a2fb76767854d9eb15006662dca57 | ||
5965 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5966 | Date: Thu Nov 19 08:23:27 2015 +0000 | ||
5967 | |||
5968 | upstream commit | ||
5969 | |||
5970 | ban ConnectionAttempts=0, it makes no sense and would cause | ||
5971 | ssh_connect_direct() to print an uninitialised stack variable; bz#2500 | ||
5972 | reported by dvw AT phas.ubc.ca | ||
5973 | |||
5974 | Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5 | ||
5975 | |||
5976 | commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7 | ||
5977 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5978 | Date: Thu Nov 19 01:12:32 2015 +0000 | ||
5979 | |||
5980 | upstream commit | ||
5981 | |||
5982 | trailing whitespace | ||
5983 | |||
5984 | Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051 | ||
5985 | |||
5986 | commit f96516d052dbe38561f6b92b0e4365d8e24bb686 | ||
5987 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5988 | Date: Thu Nov 19 01:09:38 2015 +0000 | ||
5989 | |||
5990 | upstream commit | ||
5991 | |||
5992 | print host certificate contents at debug level | ||
5993 | |||
5994 | Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d | ||
5995 | |||
5996 | commit 499cf36fecd6040e30e2912dd25655bc574739a7 | ||
5997 | Author: djm@openbsd.org <djm@openbsd.org> | ||
5998 | Date: Thu Nov 19 01:08:55 2015 +0000 | ||
5999 | |||
6000 | upstream commit | ||
6001 | |||
6002 | move the certificate validity formatting code to | ||
6003 | sshkey.[ch] | ||
6004 | |||
6005 | Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523 | ||
6006 | |||
6007 | commit bcb7bc77bbb1535d1008c7714085556f3065d99d | ||
6008 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6009 | Date: Wed Nov 18 08:37:28 2015 +0000 | ||
6010 | |||
6011 | upstream commit | ||
6012 | |||
6013 | fix "ssh-keygen -l" of private key, broken in support for | ||
6014 | multiple plain keys on stdin | ||
6015 | |||
6016 | Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d | ||
6017 | |||
6018 | commit 259adb6179e23195c8f6913635ea71040d1ccd63 | ||
6019 | Author: millert@openbsd.org <millert@openbsd.org> | ||
6020 | Date: Mon Nov 16 23:47:52 2015 +0000 | ||
6021 | |||
6022 | upstream commit | ||
6023 | |||
6024 | Replace remaining calls to index(3) with strchr(3). OK | ||
6025 | jca@ krw@ | ||
6026 | |||
6027 | Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d | ||
6028 | |||
6029 | commit c56a255162c2166884539c0a1f7511575325b477 | ||
6030 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6031 | Date: Mon Nov 16 22:53:07 2015 +0000 | ||
6032 | |||
6033 | upstream commit | ||
6034 | |||
6035 | Allow fingerprinting from standard input "ssh-keygen -lf | ||
6036 | -" | ||
6037 | |||
6038 | Support fingerprinting multiple plain keys in a file and authorized_keys | ||
6039 | files too (bz#1319) | ||
6040 | |||
6041 | ok markus@ | ||
6042 | |||
6043 | Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77 | ||
6044 | |||
6045 | commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204 | ||
6046 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6047 | Date: Mon Nov 16 22:51:05 2015 +0000 | ||
6048 | |||
6049 | upstream commit | ||
6050 | |||
6051 | always call privsep_preauth_child() regardless of whether | ||
6052 | sshd was started by root; it does important priming before sandboxing and | ||
6053 | failing to call it could result in sandbox violations later; ok markus@ | ||
6054 | |||
6055 | Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383 | ||
6056 | |||
6057 | commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f | ||
6058 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6059 | Date: Mon Nov 16 22:50:01 2015 +0000 | ||
6060 | |||
6061 | upstream commit | ||
6062 | |||
6063 | improve sshkey_read() semantics; only update *cpp when a | ||
6064 | key is successfully read; ok markus@ | ||
6065 | |||
6066 | Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089 | ||
6067 | |||
6068 | commit db6f8dc5dd5655b59368efd074994d4568bc3556 | ||
6069 | Author: logan@openbsd.org <logan@openbsd.org> | ||
6070 | Date: Mon Nov 16 06:13:04 2015 +0000 | ||
6071 | |||
6072 | upstream commit | ||
6073 | |||
6074 | 1) Use xcalloc() instead of xmalloc() to check for | ||
6075 | potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size | ||
6076 | just before the for loop. (suggested by djm@) | ||
6077 | |||
6078 | OK djm@ | ||
6079 | |||
6080 | Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213 | ||
6081 | |||
6082 | commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0 | ||
6083 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6084 | Date: Mon Nov 16 00:30:02 2015 +0000 | ||
6085 | |||
6086 | upstream commit | ||
6087 | |||
6088 | Add a new authorized_keys option "restrict" that | ||
6089 | includes all current and future key restrictions (no-*-forwarding, etc). Also | ||
6090 | add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". | ||
6091 | This simplifies the task of setting up restricted keys and ensures they are | ||
6092 | maximally-restricted, regardless of any permissions we might implement in the | ||
6093 | future. | ||
6094 | |||
6095 | Example: | ||
6096 | |||
6097 | restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1... | ||
6098 | |||
6099 | Idea from Jann Horn; ok markus@ | ||
6100 | |||
6101 | Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0 | ||
6102 | |||
6103 | commit e41a071f7bda6af1fb3f081bed0151235fa61f15 | ||
6104 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6105 | Date: Sun Nov 15 23:58:04 2015 +0000 | ||
6106 | |||
6107 | upstream commit | ||
6108 | |||
6109 | correct section number for ssh-agent; | ||
6110 | |||
6111 | Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6 | ||
6112 | |||
6113 | commit 1a11670286acddcc19f5eff0966c380831fc4638 | ||
6114 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6115 | Date: Sun Nov 15 23:54:15 2015 +0000 | ||
6116 | |||
6117 | upstream commit | ||
6118 | |||
6119 | do not confuse mandoc by presenting "Dd"; | ||
6120 | |||
6121 | Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65 | ||
6122 | |||
6123 | commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b | ||
6124 | Author: jcs@openbsd.org <jcs@openbsd.org> | ||
6125 | Date: Sun Nov 15 22:26:49 2015 +0000 | ||
6126 | |||
6127 | upstream commit | ||
6128 | |||
6129 | Add an AddKeysToAgent client option which can be set to | ||
6130 | 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a | ||
6131 | private key that is used during authentication will be added to ssh-agent if | ||
6132 | it is running (with confirmation enabled if set to 'confirm'). | ||
6133 | |||
6134 | Initial version from Joachim Schipper many years ago. | ||
6135 | |||
6136 | ok markus@ | ||
6137 | |||
6138 | Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4 | ||
6139 | |||
6140 | commit d87063d9baf5479b6e813d47dfb694a97df6f6f5 | ||
6141 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6142 | Date: Fri Nov 13 04:39:35 2015 +0000 | ||
6143 | |||
6144 | upstream commit | ||
6145 | |||
6146 | send SSH2_MSG_UNIMPLEMENTED replies to unexpected | ||
6147 | messages during KEX; bz#2949, ok dtucker@ | ||
6148 | |||
6149 | Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786 | ||
6150 | |||
6151 | commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc | ||
6152 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6153 | Date: Fri Nov 13 04:38:06 2015 +0000 | ||
6154 | |||
6155 | upstream commit | ||
6156 | |||
6157 | Support "none" as an argument for sshd_config | ||
6158 | ForceCommand and ChrootDirectory. Useful inside Match blocks to override a | ||
6159 | global default. bz#2486 ok dtucker@ | ||
6160 | |||
6161 | Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5 | ||
6162 | |||
6163 | commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe | ||
6164 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6165 | Date: Fri Nov 13 04:34:15 2015 +0000 | ||
6166 | |||
6167 | upstream commit | ||
6168 | |||
6169 | support multiple certificates (one per line) and | ||
6170 | reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ | ||
6171 | |||
6172 | Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db | ||
6173 | |||
6174 | commit b6b9108f5b561c83612cb97ece4134eb59fde071 | ||
6175 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6176 | Date: Fri Nov 13 02:57:46 2015 +0000 | ||
6177 | |||
6178 | upstream commit | ||
6179 | |||
6180 | list a couple more options usable in Match blocks; | ||
6181 | bz#2489 | ||
6182 | |||
6183 | Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879 | ||
6184 | |||
6185 | commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb | ||
6186 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6187 | Date: Wed Nov 11 04:56:39 2015 +0000 | ||
6188 | |||
6189 | upstream commit | ||
6190 | |||
6191 | improve PEEK/POKE macros: better casts, don't multiply | ||
6192 | evaluate arguments; ok deraadt@ | ||
6193 | |||
6194 | Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e | ||
6195 | |||
6196 | commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec | ||
6197 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6198 | Date: Wed Nov 11 01:48:01 2015 +0000 | ||
6199 | |||
6200 | upstream commit | ||
6201 | |||
6202 | remove prototypes for long-gone s/key support; ok | ||
6203 | dtucker@ | ||
6204 | |||
6205 | Upstream-ID: db5bed3c57118af986490ab23d399df807359a79 | ||
6206 | |||
6207 | commit 07889c75926c040b8e095949c724e66af26441cb | ||
6208 | Author: Damien Miller <djm@mindrot.org> | ||
6209 | Date: Sat Nov 14 18:44:49 2015 +1100 | ||
6210 | |||
6211 | read back from libcrypto RAND when privdropping | ||
6212 | |||
6213 | makes certain libcrypto implementations cache a /dev/urandom fd | ||
6214 | in preparation of sandboxing. Based on patch by Greg Hartman. | ||
6215 | |||
6216 | commit 1560596f44c01bb0cef977816410950ed17b8ecd | ||
6217 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6218 | Date: Tue Nov 10 11:14:47 2015 +1100 | ||
6219 | |||
6220 | Fix compiler warnings in the openssl header check. | ||
6221 | |||
6222 | Noted by Austin English. | ||
6223 | |||
6224 | commit e72a8575ffe1d8adff42c9abe9ca36938acc036b | ||
6225 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6226 | Date: Sun Nov 8 23:24:03 2015 +0000 | ||
6227 | |||
6228 | upstream commit | ||
6229 | |||
6230 | -c before -H, in SYNOPSIS and usage(); | ||
6231 | |||
6232 | Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404 | ||
6233 | |||
6234 | commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485 | ||
6235 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6236 | Date: Sun Nov 8 22:30:20 2015 +0000 | ||
6237 | |||
6238 | upstream commit | ||
6239 | |||
6240 | Add "ssh-keyscan -c ..." flag to allow fetching | ||
6241 | certificates instead of plain keys; ok markus@ | ||
6242 | |||
6243 | Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82 | ||
6244 | |||
6245 | commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346 | ||
6246 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6247 | Date: Sun Nov 8 22:08:38 2015 +0000 | ||
6248 | |||
6249 | upstream commit | ||
6250 | |||
6251 | remove slogin links; ok deraadt markus djm | ||
6252 | |||
6253 | Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730 | ||
6254 | |||
6255 | commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0 | ||
6256 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6257 | Date: Sun Nov 8 21:59:11 2015 +0000 | ||
6258 | |||
6259 | upstream commit | ||
6260 | |||
6261 | fix OOB read in packet code caused by missing return | ||
6262 | statement found by Ben Hawkes; ok markus@ deraadt@ | ||
6263 | |||
6264 | Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 | ||
6265 | |||
6266 | commit 5e288923a303ca672b686908320bc5368ebec6e6 | ||
6267 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
6268 | Date: Fri Nov 6 00:31:41 2015 +0000 | ||
6269 | |||
6270 | upstream commit | ||
6271 | |||
6272 | 1. rlogin and rsh are long gone 2. protocol version isn't | ||
6273 | of core relevance here, and v1 is going away | ||
6274 | |||
6275 | ok markus@, deraadt@ | ||
6276 | |||
6277 | Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8 | ||
6278 | |||
6279 | commit 8b29008bbe97f33381d9b4b93fcfa304168d0286 | ||
6280 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6281 | Date: Thu Nov 5 09:48:05 2015 +0000 | ||
6282 | |||
6283 | upstream commit | ||
6284 | |||
6285 | "commandline" -> "command line", since there are so few | ||
6286 | examples of the former in the pages, so many of the latter, and in some of | ||
6287 | these pages we had multiple spellings; | ||
6288 | |||
6289 | prompted by tj | ||
6290 | |||
6291 | Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659 | ||
6292 | |||
6293 | commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e | ||
6294 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6295 | Date: Thu Oct 29 20:57:34 2015 +1100 | ||
6296 | |||
6297 | (re)wrap SYS_sendsyslog in ifdef. | ||
6298 | |||
6299 | Replace ifdef that went missing in commit | ||
6300 | c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older | ||
6301 | OpenBSDs. | ||
6302 | |||
6303 | commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff | ||
6304 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6305 | Date: Thu Oct 29 08:05:17 2015 +0000 | ||
6306 | |||
6307 | upstream commit | ||
6308 | |||
6309 | regress test for "PubkeyAcceptedKeyTypes +..." inside a | ||
6310 | Match block | ||
6311 | |||
6312 | Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647 | ||
6313 | |||
6314 | commit abd9dbc3c0d8c8c7561347cfa22166156e78c077 | ||
6315 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6316 | Date: Mon Oct 26 02:50:58 2015 +0000 | ||
6317 | |||
6318 | upstream commit | ||
6319 | |||
6320 | Fix typo certopt->certopts in shell variable. This would | ||
6321 | cause the test to hang at a host key prompt if you have an A or CNAME for | ||
6322 | "proxy" in your local domain. | ||
6323 | |||
6324 | Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a | ||
6325 | |||
6326 | commit ed08510d38aef930a061ae30d10f2a9cf233bafa | ||
6327 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6328 | Date: Thu Oct 29 08:05:01 2015 +0000 | ||
6329 | |||
6330 | upstream commit | ||
6331 | |||
6332 | Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; | ||
6333 | ok dtucker@ | ||
6334 | |||
6335 | Upstream-ID: 853662c4036730b966aab77684390c47b9738c69 | ||
6336 | |||
6337 | commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5 | ||
6338 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6339 | Date: Tue Oct 27 08:54:52 2015 +0000 | ||
6340 | |||
6341 | upstream commit | ||
6342 | |||
6343 | fix execv arguments in a way less likely to cause grief | ||
6344 | for -portable; ok dtucker@ | ||
6345 | |||
6346 | Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5 | ||
6347 | |||
6348 | commit 63d188175accea83305e89fafa011136ff3d96ad | ||
6349 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6350 | Date: Tue Oct 27 01:44:45 2015 +0000 | ||
6351 | |||
6352 | upstream commit | ||
6353 | |||
6354 | log certificate serial in verbose() messages to match the | ||
6355 | main auth success/fail message; ok dtucker@ | ||
6356 | |||
6357 | Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288 | ||
6358 | |||
6359 | commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f | ||
6360 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6361 | Date: Tue Oct 27 00:49:53 2015 +0000 | ||
6362 | |||
6363 | upstream commit | ||
6364 | |||
6365 | avoid de-const warning & shrink; ok dtucker@ | ||
6366 | |||
6367 | Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db | ||
6368 | |||
6369 | commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e | ||
6370 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6371 | Date: Sun Oct 25 23:42:00 2015 +0000 | ||
6372 | |||
6373 | upstream commit | ||
6374 | |||
6375 | Expand tildes in filenames passed to -i before checking | ||
6376 | whether or not the identity file exists. This means that if the shell | ||
6377 | doesn't do the expansion (eg because the option and filename were given as a | ||
6378 | single argument) then we'll still add the key. bz#2481, ok markus@ | ||
6379 | |||
6380 | Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6 | ||
6381 | |||
6382 | commit 97e184e508dd33c37860c732c0eca3fc57698b40 | ||
6383 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6384 | Date: Sun Oct 25 23:14:03 2015 +0000 | ||
6385 | |||
6386 | upstream commit | ||
6387 | |||
6388 | Do not prepend "exec" to the shell command run by "Match | ||
6389 | exec" in a config file. It's an unnecessary optimization from repurposed | ||
6390 | ProxyCommand code and prevents some things working with some shells. | ||
6391 | bz#2471, pointed out by res at qoxp.net. ok markus@ | ||
6392 | |||
6393 | Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3 | ||
6394 | |||
6395 | commit 8db134e7f457bcb069ec72bc4ee722e2af557c69 | ||
6396 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6397 | Date: Thu Oct 29 10:48:23 2015 +1100 | ||
6398 | |||
6399 | Prevent name collisions with system glob (bz#2463) | ||
6400 | |||
6401 | Move glob.h from includes.h to the only caller (sftp) and override the | ||
6402 | names for the symbols. This prevents name collisions with the system glob | ||
6403 | in the case where something other than ssh uses it (eg kerberos). With | ||
6404 | jjelen at redhat.com, ok djm@ | ||
6405 | |||
6406 | commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5 | ||
6407 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6408 | Date: Fri Oct 23 02:22:01 2015 +0000 | ||
6409 | |||
6410 | upstream commit | ||
6411 | |||
6412 | Update expected group sizes to match recent code changes. | ||
6413 | |||
6414 | Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794 | ||
6415 | |||
6416 | commit 9ada37d36003a77902e90a3214981e417457cf13 | ||
6417 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6418 | Date: Sat Oct 24 22:56:19 2015 +0000 | ||
6419 | |||
6420 | upstream commit | ||
6421 | |||
6422 | fix keyscan output for multiple hosts/addrs on one line | ||
6423 | when host hashing or a non standard port is in use; bz#2479 ok dtucker@ | ||
6424 | |||
6425 | Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b | ||
6426 | |||
6427 | commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319 | ||
6428 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6429 | Date: Sat Oct 24 22:52:22 2015 +0000 | ||
6430 | |||
6431 | upstream commit | ||
6432 | |||
6433 | skip "Could not chdir to home directory" message when | ||
6434 | chrooted | ||
6435 | |||
6436 | patch from Christian Hesse in bz#2485 ok dtucker@ | ||
6437 | |||
6438 | Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431 | ||
6439 | |||
6440 | commit a820a8618ec44735dabc688fab96fba38ad66bb2 | ||
6441 | Author: sthen@openbsd.org <sthen@openbsd.org> | ||
6442 | Date: Sat Oct 24 08:34:09 2015 +0000 | ||
6443 | |||
6444 | upstream commit | ||
6445 | |||
6446 | Handle the split of tun(4) "link0" into tap(4) in ssh | ||
6447 | tun-forwarding. Adapted from portable (using separate devices for this is the | ||
6448 | normal case in most OS). ok djm@ | ||
6449 | |||
6450 | Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39 | ||
6451 | |||
6452 | commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b | ||
6453 | Author: gsoares@openbsd.org <gsoares@openbsd.org> | ||
6454 | Date: Wed Oct 21 11:33:03 2015 +0000 | ||
6455 | |||
6456 | upstream commit | ||
6457 | |||
6458 | fix memory leak in error path ok djm@ | ||
6459 | |||
6460 | Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35 | ||
6461 | |||
6462 | commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5 | ||
6463 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
6464 | Date: Tue Oct 20 23:24:25 2015 +0000 | ||
6465 | |||
6466 | upstream commit | ||
6467 | |||
6468 | Compare pointers to NULL rather than 0. | ||
6469 | |||
6470 | ok djm@ | ||
6471 | |||
6472 | Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8 | ||
6473 | |||
6474 | commit f98a09cacff7baad8748c9aa217afd155a4d493f | ||
6475 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
6476 | Date: Tue Oct 20 03:36:35 2015 +0000 | ||
6477 | |||
6478 | upstream commit | ||
6479 | |||
6480 | Replace a function-local allocation with stack memory. | ||
6481 | |||
6482 | ok djm@ | ||
6483 | |||
6484 | Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e | ||
6485 | |||
6486 | commit ac908c1eeacccfa85659594d92428659320fd57e | ||
6487 | Author: Damien Miller <djm@mindrot.org> | ||
6488 | Date: Thu Oct 22 09:35:24 2015 +1100 | ||
6489 | |||
6490 | turn off PrintLastLog when --disable-lastlog | ||
6491 | |||
6492 | bz#2278 from Brent Paulson | ||
6493 | |||
6494 | commit b56deb847f4a0115a8bf488bf6ee8524658162fd | ||
6495 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6496 | Date: Fri Oct 16 22:32:22 2015 +0000 | ||
6497 | |||
6498 | upstream commit | ||
6499 | |||
6500 | increase the minimum modulus that we will send or accept in | ||
6501 | diffie-hellman-group-exchange to 2048 bits; ok markus@ | ||
6502 | |||
6503 | Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a | ||
6504 | |||
6505 | commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9 | ||
6506 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6507 | Date: Fri Oct 16 18:40:49 2015 +0000 | ||
6508 | |||
6509 | upstream commit | ||
6510 | |||
6511 | better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in | ||
6512 | hostname canonicalisation - treat them as already canonical and remove the | ||
6513 | trailing '.' before matching ssh_config; ok markus@ | ||
6514 | |||
6515 | Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a | ||
6516 | |||
6517 | commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7 | ||
6518 | Author: mmcc@openbsd.org <mmcc@openbsd.org> | ||
6519 | Date: Fri Oct 16 17:07:24 2015 +0000 | ||
6520 | |||
6521 | upstream commit | ||
6522 | |||
6523 | 0 -> NULL when comparing with a char*. | ||
6524 | |||
6525 | ok dtucker@, djm@. | ||
6526 | |||
6527 | Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300 | ||
6528 | |||
6529 | commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2 | ||
6530 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6531 | Date: Thu Oct 15 23:51:40 2015 +0000 | ||
6532 | |||
6533 | upstream commit | ||
6534 | |||
6535 | fix some signed/unsigned integer type mismatches in | ||
6536 | format strings; reported by Nicholas Lemonias | ||
6537 | |||
6538 | Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c | ||
6539 | |||
6540 | commit 1a2663a15d356bb188196b6414b4c50dc12fd42b | ||
6541 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6542 | Date: Thu Oct 15 23:08:23 2015 +0000 | ||
6543 | |||
6544 | upstream commit | ||
6545 | |||
6546 | argument to sshkey_from_private() and sshkey_demote() | ||
6547 | can't be NULL | ||
6548 | |||
6549 | Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f | ||
6550 | |||
6551 | commit 0f754e29dd3760fc0b172c1220f18b753fb0957e | ||
6552 | Author: Damien Miller <djm@mindrot.org> | ||
6553 | Date: Fri Oct 16 10:53:14 2015 +1100 | ||
6554 | |||
6555 | need va_copy before va_start | ||
6556 | |||
6557 | reported by Nicholas Lemonias | ||
6558 | |||
6559 | commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd | ||
6560 | Author: Damien Miller <djm@mindrot.org> | ||
6561 | Date: Thu Oct 15 15:48:28 2015 -0700 | ||
6562 | |||
6563 | fix compilation on systems without SYMLOOP_MAX | ||
6564 | |||
6565 | commit fafe1d84a210fb3dae7744f268059cc583db8c12 | ||
6566 | Author: Damien Miller <djm@mindrot.org> | ||
6567 | Date: Wed Oct 14 09:22:15 2015 -0700 | ||
6568 | |||
6569 | s/SANDBOX_TAME/SANDBOX_PLEDGE/g | ||
6570 | |||
6571 | commit 8f22911027ff6c17d7226d232ccd20727f389310 | ||
6572 | Author: Damien Miller <djm@mindrot.org> | ||
6573 | Date: Wed Oct 14 08:28:19 2015 +1100 | ||
6574 | |||
6575 | upstream commit | ||
6576 | |||
6577 | revision 1.20 | ||
6578 | date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp; | ||
6579 | In rev 1.15 the sizeof argument was fixed in a strlcat() call but | ||
6580 | the truncation check immediately following it was not updated to | ||
6581 | match. Not an issue in practice since the buffers are the same | ||
6582 | size. OK deraadt@ | ||
6583 | |||
6584 | commit 23fa695bb735f54f04d46123662609edb6c76767 | ||
6585 | Author: Damien Miller <djm@mindrot.org> | ||
6586 | Date: Wed Oct 14 08:27:51 2015 +1100 | ||
6587 | |||
6588 | upstream commit | ||
6589 | |||
6590 | revision 1.19 | ||
6591 | date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR; | ||
6592 | Move to the <limits.h> universe. | ||
6593 | review by millert, binary checking process with doug, concept with guenther | ||
6594 | |||
6595 | commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b | ||
6596 | Author: Damien Miller <djm@mindrot.org> | ||
6597 | Date: Wed Oct 14 08:27:08 2015 +1100 | ||
6598 | |||
6599 | upstream commit | ||
6600 | |||
6601 | revision 1.18 | ||
6602 | date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5; | ||
6603 | Revert last commit due to changed semantics found by make release. | ||
6604 | |||
6605 | commit c39ad23b06e9aecc3ff788e92f787a08472905b1 | ||
6606 | Author: Damien Miller <djm@mindrot.org> | ||
6607 | Date: Wed Oct 14 08:26:24 2015 +1100 | ||
6608 | |||
6609 | upstream commit | ||
6610 | |||
6611 | revision 1.17 | ||
6612 | date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt; | ||
6613 | Better POSIX compliance in realpath(3). | ||
6614 | |||
6615 | millert@ made changes to realpath.c based on FreeBSD's version. I merged | ||
6616 | Todd's changes into dl_realpath.c. | ||
6617 | |||
6618 | ok millert@, guenther@ | ||
6619 | |||
6620 | commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4 | ||
6621 | Author: Damien Miller <djm@mindrot.org> | ||
6622 | Date: Wed Oct 14 08:25:55 2015 +1100 | ||
6623 | |||
6624 | upstream commit | ||
6625 | |||
6626 | revision 1.16 | ||
6627 | date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1; | ||
6628 | - Add comments regarding copies of these files also in libexec/ld.so | ||
6629 | okay guenther@ | ||
6630 | |||
6631 | commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410 | ||
6632 | Author: Damien Miller <djm@mindrot.org> | ||
6633 | Date: Wed Oct 14 08:25:32 2015 +1100 | ||
6634 | |||
6635 | upstream commit | ||
6636 | |||
6637 | revision 1.15 | ||
6638 | date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2; | ||
6639 | specify the bounds of the dst to strlcat (both values were static and | ||
6640 | equal, but it is more correct) | ||
6641 | from Michal Mazurek | ||
6642 | |||
6643 | commit 7365fe5b4859de2305e40ea132da3823830fa710 | ||
6644 | Author: Damien Miller <djm@mindrot.org> | ||
6645 | Date: Wed Oct 14 08:25:09 2015 +1100 | ||
6646 | |||
6647 | upstream commit | ||
6648 | |||
6649 | revision 1.14 | ||
6650 | date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13; | ||
6651 | Recent Single Unix will malloc memory if the second argument of realpath() | ||
6652 | is NULL, and third-party software is starting to rely upon this. | ||
6653 | Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor | ||
6654 | tweaks from nicm@ and yours truly. | ||
6655 | |||
6656 | commit e679c09cd1951f963793aa3d9748d1c3fdcf808f | ||
6657 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6658 | Date: Tue Oct 13 16:15:21 2015 +0000 | ||
6659 | |||
6660 | upstream commit | ||
6661 | |||
6662 | apply PubkeyAcceptedKeyTypes filtering earlier, so all | ||
6663 | skipped keys are noted before pubkey authentication starts. ok dtucker@ | ||
6664 | |||
6665 | Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8 | ||
6666 | |||
6667 | commit 179c353f564ec7ada64b87730b25fb41107babd7 | ||
6668 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6669 | Date: Tue Oct 13 00:21:27 2015 +0000 | ||
6670 | |||
6671 | upstream commit | ||
6672 | |||
6673 | free the correct IV length, don't assume it's always the | ||
6674 | cipher blocksize; ok dtucker@ | ||
6675 | |||
6676 | Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298 | ||
6677 | |||
6678 | commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3 | ||
6679 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
6680 | Date: Fri Oct 9 01:37:08 2015 +0000 | ||
6681 | |||
6682 | upstream commit | ||
6683 | |||
6684 | Change all tame callers to namechange to pledge(2). | ||
6685 | |||
6686 | Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2 | ||
6687 | |||
6688 | commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73 | ||
6689 | Author: Damien Miller <djm@mindrot.org> | ||
6690 | Date: Thu Oct 8 04:30:48 2015 +1100 | ||
6691 | |||
6692 | hook tame(2) sandbox up to build | ||
6693 | |||
6694 | OpenBSD only for now | ||
6695 | |||
6696 | commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6 | ||
6697 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6698 | Date: Wed Oct 7 15:59:12 2015 +0000 | ||
6699 | |||
6700 | upstream commit | ||
6701 | |||
6702 | include PubkeyAcceptedKeyTypes in ssh -G config dump | ||
6703 | |||
6704 | Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb | ||
6705 | |||
6706 | commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e | ||
6707 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
6708 | Date: Wed Oct 7 14:45:30 2015 +0000 | ||
6709 | |||
6710 | upstream commit | ||
6711 | |||
6712 | UsePrivilegeSeparation defaults to sandbox now. | ||
6713 | |||
6714 | ok djm@ | ||
6715 | |||
6716 | Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f | ||
6717 | |||
6718 | commit 2905d6f99c837bb699b6ebc61711b19acd030709 | ||
6719 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6720 | Date: Wed Oct 7 00:54:06 2015 +0000 | ||
6721 | |||
6722 | upstream commit | ||
6723 | |||
6724 | don't try to change tun device flags if they are already | ||
6725 | what we need; makes it possible to use tun/tap networking as non- root user | ||
6726 | if device permissions and interface flags are pre-established; based on patch | ||
6727 | by Ossi Herrala | ||
6728 | |||
6729 | Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21 | ||
6730 | |||
6731 | commit 0dc74512bdb105b048883f07de538b37e5e024d4 | ||
6732 | Author: Damien Miller <djm@mindrot.org> | ||
6733 | Date: Mon Oct 5 18:33:05 2015 -0700 | ||
6734 | |||
6735 | unbreak merge botch | ||
6736 | |||
6737 | commit fdd020e86439afa7f537e2429d29d4b744c94331 | ||
6738 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6739 | Date: Tue Oct 6 01:20:59 2015 +0000 | ||
6740 | |||
6741 | upstream commit | ||
6742 | |||
6743 | adapt to recent sshkey_parse_private_fileblob() API | ||
6744 | change | ||
6745 | |||
6746 | Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988 | ||
6747 | |||
6748 | commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5 | ||
6749 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6750 | Date: Thu Sep 24 07:15:39 2015 +0000 | ||
6751 | |||
6752 | upstream commit | ||
6753 | |||
6754 | fix command-line option to match what was actually | ||
6755 | committed | ||
6756 | |||
6757 | Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699 | ||
6758 | |||
6759 | commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd | ||
6760 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6761 | Date: Thu Sep 24 06:16:53 2015 +0000 | ||
6762 | |||
6763 | upstream commit | ||
6764 | |||
6765 | regress test for CertificateFile; patch from Meghana Bhat | ||
6766 | via bz#2436 | ||
6767 | |||
6768 | Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25 | ||
6769 | |||
6770 | commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad | ||
6771 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6772 | Date: Mon Oct 5 17:11:21 2015 +0000 | ||
6773 | |||
6774 | upstream commit | ||
6775 | |||
6776 | some more bzero->explicit_bzero, from Michael McConville | ||
6777 | |||
6778 | Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0 | ||
6779 | |||
6780 | commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011 | ||
6781 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
6782 | Date: Fri Oct 2 15:52:55 2015 +0000 | ||
6783 | |||
6784 | upstream commit | ||
6785 | |||
6786 | fix email | ||
6787 | |||
6788 | Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834 | ||
6789 | |||
6790 | commit b19e1b4ab11884c4f62aee9f8ab53127a4732658 | ||
6791 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
6792 | Date: Fri Oct 2 01:39:52 2015 +0000 | ||
6793 | |||
6794 | upstream commit | ||
6795 | |||
6796 | a sandbox using tame ok djm | ||
6797 | |||
6798 | Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3 | ||
6799 | |||
6800 | commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac | ||
6801 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
6802 | Date: Fri Oct 2 01:39:26 2015 +0000 | ||
6803 | |||
6804 | upstream commit | ||
6805 | |||
6806 | re-order system calls in order of risk, ok i'll be | ||
6807 | honest, ordered this way they look like tame... ok djm | ||
6808 | |||
6809 | Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813 | ||
6810 | |||
6811 | commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546 | ||
6812 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6813 | Date: Fri Sep 25 18:19:54 2015 +0000 | ||
6814 | |||
6815 | upstream commit | ||
6816 | |||
6817 | some certificatefile tweaks; ok djm | ||
6818 | |||
6819 | Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0 | ||
6820 | |||
6821 | commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8 | ||
6822 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6823 | Date: Thu Sep 24 06:15:11 2015 +0000 | ||
6824 | |||
6825 | upstream commit | ||
6826 | |||
6827 | add ssh_config CertificateFile option to explicitly list | ||
6828 | a certificate; patch from Meghana Bhat on bz#2436; ok markus@ | ||
6829 | |||
6830 | Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8 | ||
6831 | |||
6832 | commit e3cbb06ade83c72b640a53728d362bbefa0008e2 | ||
6833 | Author: sobrado@openbsd.org <sobrado@openbsd.org> | ||
6834 | Date: Tue Sep 22 08:33:23 2015 +0000 | ||
6835 | |||
6836 | upstream commit | ||
6837 | |||
6838 | fix two typos. | ||
6839 | |||
6840 | Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709 | ||
6841 | |||
6842 | commit 8408218c1ca88cb17d15278174a24a94a6f65fe1 | ||
6843 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6844 | Date: Mon Sep 21 04:31:00 2015 +0000 | ||
6845 | |||
6846 | upstream commit | ||
6847 | |||
6848 | fix possible hang on closed output; bz#2469 reported by Tomas | ||
6849 | Kuthan ok markus@ | ||
6850 | |||
6851 | Upstream-ID: f7afd41810f8540f524284f1be6b970859f94fe3 | ||
6852 | |||
6853 | commit 0097248f90a00865082e8c146b905a6555cc146f | ||
6854 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6855 | Date: Fri Sep 11 04:55:01 2015 +0000 | ||
6856 | |||
6857 | upstream commit | ||
6858 | |||
6859 | skip if running as root; many systems (inc OpenBSD) allow | ||
6860 | root to ptrace arbitrary processes | ||
6861 | |||
6862 | Upstream-Regress-ID: be2b925df89360dff36f972951fa0fa793769038 | ||
6863 | |||
6864 | commit 9c06c814aff925e11a5cc592c06929c258a014f6 | ||
6865 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6866 | Date: Fri Sep 11 03:44:21 2015 +0000 | ||
6867 | |||
6868 | upstream commit | ||
6869 | |||
6870 | try all supported key types here; bz#2455 reported by | ||
6871 | Jakub Jelen | ||
6872 | |||
6873 | Upstream-Regress-ID: 188cb7d9031cdbac3a0fa58b428b8fa2b2482bba | ||
6874 | |||
6875 | commit 3c019a936b43f3e2773f3edbde7c114d73caaa4c | ||
6876 | Author: tim@openbsd.org <tim@openbsd.org> | ||
6877 | Date: Sun Sep 13 14:39:16 2015 +0000 | ||
6878 | |||
6879 | upstream commit | ||
6880 | |||
6881 | - Fix error message: passphrase needs to be at least 5 | ||
6882 | characters, not 4. - Remove unused function argument. - Remove two | ||
6883 | unnecessary variables. | ||
6884 | |||
6885 | OK djm@ | ||
6886 | |||
6887 | Upstream-ID: 13010c05bfa8b523da1c0dc19e81dd180662bc30 | ||
6888 | |||
6889 | commit 2681cdb6e0de7c1af549dac37a9531af202b4434 | ||
6890 | Author: tim@openbsd.org <tim@openbsd.org> | ||
6891 | Date: Sun Sep 13 13:48:19 2015 +0000 | ||
6892 | |||
6893 | upstream commit | ||
6894 | |||
6895 | When adding keys to the agent, don't ignore the comment | ||
6896 | of keys for which the user is prompted for a passphrase. | ||
6897 | |||
6898 | Tweak and OK djm@ | ||
6899 | |||
6900 | Upstream-ID: dc737c620a5a8d282cc4f66e3b9b624e9abefbec | ||
6901 | |||
6902 | commit 14692f7b8251cdda847e648a82735eef8a4d2a33 | ||
6903 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
6904 | Date: Fri Sep 11 08:50:04 2015 +0000 | ||
6905 | |||
6906 | upstream commit | ||
6907 | |||
6908 | Use explicit_bzero() when zeroing before free() | ||
6909 | |||
6910 | from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) | ||
6911 | ok millert@ djm@ | ||
6912 | |||
6913 | Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50 | ||
6914 | |||
6915 | commit 846f6fa4cfa8483a9195971dbdd162220f199d85 | ||
6916 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6917 | Date: Fri Sep 11 06:55:46 2015 +0000 | ||
6918 | |||
6919 | upstream commit | ||
6920 | |||
6921 | sync -Q in usage() to SYNOPSIS; since it's drastically | ||
6922 | shorter, i've reformatted the block to sync with the man (80 cols) and saved | ||
6923 | a line; | ||
6924 | |||
6925 | Upstream-ID: 86e2c65c3989a0777a6258a77e589b9f6f354abd | ||
6926 | |||
6927 | commit 95923e0520a8647417ee6dcdff44694703dfeef0 | ||
6928 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
6929 | Date: Fri Sep 11 06:51:39 2015 +0000 | ||
6930 | |||
6931 | upstream commit | ||
6932 | |||
6933 | tweak previous; | ||
6934 | |||
6935 | Upstream-ID: f29b3cfcfd9aa31fa140c393e7bd48c1c74139d6 | ||
6936 | |||
6937 | commit 86ac462f833b05d8ed9de9c50ccb295d7faa79ff | ||
6938 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
6939 | Date: Fri Sep 11 05:27:02 2015 +0000 | ||
6940 | |||
6941 | upstream commit | ||
6942 | |||
6943 | Update usage to match man page. | ||
6944 | |||
6945 | Upstream-ID: 9e85aefaecfb6aaf34c7cfd0700cd21783a35675 | ||
6946 | |||
6947 | commit 674b3b68c1d36b2562324927cd03857b565e05e8 | ||
6948 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6949 | Date: Fri Sep 11 03:47:28 2015 +0000 | ||
6950 | |||
6951 | upstream commit | ||
6952 | |||
6953 | expand %i in ControlPath to UID; bz#2449 | ||
6954 | |||
6955 | patch from Christian Hesse w/ feedback from dtucker@ | ||
6956 | |||
6957 | Upstream-ID: 2ba8d303e555a84e2f2165ab4b324b41e80ab925 | ||
6958 | |||
6959 | commit c0f55db7ee00c8202b05cb4b9ad4ce72cc45df41 | ||
6960 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6961 | Date: Fri Sep 11 03:42:32 2015 +0000 | ||
6962 | |||
6963 | upstream commit | ||
6964 | |||
6965 | mention -Q key-plain and -Q key-cert; bz#2455 pointed out | ||
6966 | by Jakub Jelen | ||
6967 | |||
6968 | Upstream-ID: c8f1f8169332e4fa73ac96b0043e3b84e01d4896 | ||
6969 | |||
6970 | commit cfffbdb10fdf0f02d3f4232232eef7ec3876c383 | ||
6971 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6972 | Date: Mon Sep 14 16:24:21 2015 +1000 | ||
6973 | |||
6974 | Use ssh-keygen -A when generating host keys. | ||
6975 | |||
6976 | Use ssh-keygen -A instead of per-keytype invocations when generating host | ||
6977 | keys. Add tests when doing host-key-force since we can't use ssh-keygen -A | ||
6978 | since it can't specify alternate locations. bz#2459, ok djm@ | ||
6979 | |||
6980 | commit 366bada1e9e124654aac55b72b6ccf878755b0dc | ||
6981 | Author: Darren Tucker <dtucker@zip.com.au> | ||
6982 | Date: Fri Sep 11 13:29:22 2015 +1000 | ||
6983 | |||
6984 | Correct default value for --with-ssh1. | ||
6985 | |||
6986 | bz#2457, from konto-mindrot.org at walimnieto.com. | ||
6987 | |||
6988 | commit 2bca8a43e7dd9b04d7070824ffebb823c72587b2 | ||
6989 | Author: djm@openbsd.org <djm@openbsd.org> | ||
6990 | Date: Fri Sep 11 03:13:36 2015 +0000 | ||
6991 | |||
6992 | upstream commit | ||
6993 | |||
6994 | more clarity on what AuthorizedKeysFile=none does; based | ||
6995 | on diff by Thiebaud Weksteen | ||
6996 | |||
6997 | Upstream-ID: 78ab87f069080f0cc3bc353bb04eddd9e8ad3704 | ||
6998 | |||
6999 | commit 61942ea4a01e6db4fdf37ad61de81312ffe310e9 | ||
7000 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7001 | Date: Wed Sep 9 00:52:44 2015 +0000 | ||
7002 | |||
7003 | upstream commit | ||
7004 | |||
7005 | openssh_RSA_verify return type is int, so don't make it | ||
7006 | size_t within the function itself with only negative numbers or zero assigned | ||
7007 | to it. bz#2460 | ||
7008 | |||
7009 | Upstream-ID: b6e794b0c7fc4f9f329509263c8668d35f83ea55 | ||
7010 | |||
7011 | commit 4f7cc2f8cc861a21e6dbd7f6c25652afb38b9b96 | ||
7012 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7013 | Date: Fri Sep 4 08:21:47 2015 +0000 | ||
7014 | |||
7015 | upstream commit | ||
7016 | |||
7017 | Plug minor memory leaks when options are used more than | ||
7018 | once. bz#2182, patch from Tiago Cunha, ok deraadt djm | ||
7019 | |||
7020 | Upstream-ID: 5b84d0401e27fe1614c10997010cc55933adb48e | ||
7021 | |||
7022 | commit 7ad8b287c8453a3e61dbc0d34d467632b8b06fc8 | ||
7023 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7024 | Date: Fri Sep 11 13:11:02 2015 +1000 | ||
7025 | |||
7026 | Force resolution of _res for correct detection. | ||
7027 | |||
7028 | bz#2259, from sconeu at yahoo.com. | ||
7029 | |||
7030 | commit 26ad18247213ff72b4438abe7fc660c958810fa2 | ||
7031 | Author: Damien Miller <djm@mindrot.org> | ||
7032 | Date: Thu Sep 10 10:57:41 2015 +1000 | ||
7033 | |||
7034 | allow getrandom syscall; from Felix von Leitner | ||
7035 | |||
7036 | commit 5245bc1e6b129a10a928f73f11c3aa32656c44b4 | ||
7037 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7038 | Date: Fri Sep 4 06:40:45 2015 +0000 | ||
7039 | |||
7040 | upstream commit | ||
7041 | |||
7042 | full stop belongs outside the brackets, not inside; | ||
7043 | |||
7044 | Upstream-ID: 99d098287767799ac33d2442a05b5053fa5a551a | ||
7045 | |||
7046 | commit a85768a9321d74b41219eeb3c9be9f1702cbf6a5 | ||
7047 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7048 | Date: Fri Sep 4 04:56:09 2015 +0000 | ||
7049 | |||
7050 | upstream commit | ||
7051 | |||
7052 | add a debug2() right before DNS resolution; it's a place | ||
7053 | where ssh could previously silently hang for a while. bz#2433 | ||
7054 | |||
7055 | Upstream-ID: 52a1a3e0748db66518e7598352c427145692a6a0 | ||
7056 | |||
7057 | commit 46152af8d27aa34d5d26ed1c371dc8aa142d4730 | ||
7058 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7059 | Date: Fri Sep 4 04:55:24 2015 +0000 | ||
7060 | |||
7061 | upstream commit | ||
7062 | |||
7063 | correct function name in error messages | ||
7064 | |||
7065 | Upstream-ID: 92fb2798617ad9561370897f4ab60adef2ff4c0e | ||
7066 | |||
7067 | commit a954cdb799a4d83c2d40fbf3e7b9f187fbfd72fc | ||
7068 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7069 | Date: Fri Sep 4 04:47:50 2015 +0000 | ||
7070 | |||
7071 | upstream commit | ||
7072 | |||
7073 | better document ExitOnForwardFailure; bz#2444, ok | ||
7074 | dtucker@ | ||
7075 | |||
7076 | Upstream-ID: a126209b5a6d9cb3117ac7ab5bc63d284538bfc2 | ||
7077 | |||
7078 | commit f54d8ac2474b6fc3afa081cf759b48a6c89d3319 | ||
7079 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7080 | Date: Fri Sep 4 04:44:08 2015 +0000 | ||
7081 | |||
7082 | upstream commit | ||
7083 | |||
7084 | don't record hostbased authentication hostkeys as user | ||
7085 | keys in test for multiple authentication with the same key | ||
7086 | |||
7087 | Upstream-ID: 26b368fa2cff481f47f37e01b8da1ae5b57b1adc | ||
7088 | |||
7089 | commit ac3451dd65f27ecf85dc045c46d49e2bbcb8dddd | ||
7090 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7091 | Date: Fri Sep 4 03:57:38 2015 +0000 | ||
7092 | |||
7093 | upstream commit | ||
7094 | |||
7095 | remove extra newline in nethack-mode hostkey; from | ||
7096 | Christian Hesse bz#2686 | ||
7097 | |||
7098 | Upstream-ID: 4f56368b1cc47baeea0531912186f66007fd5b92 | ||
7099 | |||
7100 | commit 9e3ed9ebb1a7e47c155c28399ddf09b306ea05df | ||
7101 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7102 | Date: Fri Sep 4 04:23:10 2015 +0000 | ||
7103 | |||
7104 | upstream commit | ||
7105 | |||
7106 | trim junk from end of file; bz#2455 from Jakub Jelen | ||
7107 | |||
7108 | Upstream-Regress-ID: a4e64e8931e40d23874b047074444eff919cdfe6 | ||
7109 | |||
7110 | commit f3a3ea180afff080bab82087ee0b60db9fd84f6c | ||
7111 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
7112 | Date: Wed Sep 2 07:51:12 2015 +0000 | ||
7113 | |||
7114 | upstream commit | ||
7115 | |||
7116 | Fix occurrences of "r = func() != 0" which result in the | ||
7117 | wrong error codes being returned due to != having higher precedence than =. | ||
7118 | |||
7119 | ok deraadt@ markus@ | ||
7120 | |||
7121 | Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840 | ||
7122 | |||
7123 | commit f498a98cf83feeb7ea01c15cd1c98b3111361f3a | ||
7124 | Author: Damien Miller <djm@mindrot.org> | ||
7125 | Date: Thu Sep 3 09:11:22 2015 +1000 | ||
7126 | |||
7127 | don't check for yp_match; ok tim@ | ||
7128 | |||
7129 | commit 9690b78b7848b0b376980a61d51b1613e187ddb5 | ||
7130 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7131 | Date: Fri Aug 21 23:57:48 2015 +0000 | ||
7132 | |||
7133 | upstream commit | ||
7134 | |||
7135 | Improve printing of KEX offers and decisions | ||
7136 | |||
7137 | The debug output now labels the client and server offers and the | ||
7138 | negotiated options. ok markus@ | ||
7139 | |||
7140 | Upstream-ID: 8db921b3f92a4565271b1c1fbce6e7f508e1a2cb | ||
7141 | |||
7142 | commit 60a92470e21340e1a3fc10f9c7140d8e1519dc55 | ||
7143 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7144 | Date: Fri Aug 21 23:53:08 2015 +0000 | ||
7145 | |||
7146 | upstream commit | ||
7147 | |||
7148 | Fix printing (ssh -G ...) of HostKeyAlgorithms=+... | ||
7149 | Reported by Bryan Drewery | ||
7150 | |||
7151 | Upstream-ID: 19ad20c41bd5971e006289b6f9af829dd46c1293 | ||
7152 | |||
7153 | commit 6310f60fffca2d1e464168e7d1f7e3b6b0268897 | ||
7154 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7155 | Date: Fri Aug 21 23:52:30 2015 +0000 | ||
7156 | |||
7157 | upstream commit | ||
7158 | |||
7159 | Fix expansion of HostkeyAlgorithms=+... | ||
7160 | |||
7161 | Reported by Bryan Drewery | ||
7162 | |||
7163 | Upstream-ID: 70ca1deea39d758ba36d36428ae832e28566f78d | ||
7164 | |||
7165 | commit e774e5ea56237fd626a8161f9005023dff3e76c9 | ||
7166 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
7167 | Date: Fri Aug 21 23:29:31 2015 +0000 | ||
7168 | |||
7169 | upstream commit | ||
7170 | |||
7171 | Improve size == 0, count == 0 checking in mm_zalloc, | ||
7172 | which is "array" like. Discussed with tedu, millert, otto.... and ok djm | ||
7173 | |||
7174 | Upstream-ID: 899b021be43b913fad3eca1aef44efe710c53e29 | ||
7175 | |||
7176 | commit 189de02d9ad6f3645417c0ddf359b923aae5f926 | ||
7177 | Author: Damien Miller <djm@mindrot.org> | ||
7178 | Date: Fri Aug 21 15:45:02 2015 +1000 | ||
7179 | |||
7180 | expose POLLHUP and POLLNVAL for netcat.c | ||
7181 | |||
7182 | commit e91346dc2bbf460246df2ab591b7613908c1b0ad | ||
7183 | Author: Damien Miller <djm@mindrot.org> | ||
7184 | Date: Fri Aug 21 14:49:03 2015 +1000 | ||
7185 | |||
7186 | we don't use Github for issues/pull-requests | ||
7187 | |||
7188 | commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23 | ||
7189 | Author: Damien Miller <djm@mindrot.org> | ||
7190 | Date: Fri Aug 21 14:43:55 2015 +1000 | ||
7191 | |||
7192 | fix URL for connect.c | ||
7193 | |||
7194 | commit d026a8d3da0f8186598442997c7d0a28e7275414 | ||
7195 | Author: Damien Miller <djm@mindrot.org> | ||
7196 | Date: Fri Aug 21 13:47:10 2015 +1000 | ||
7197 | |||
7198 | update version numbers for 7.1 | ||
7199 | |||
7200 | commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed | ||
7201 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7202 | Date: Fri Aug 21 03:45:26 2015 +0000 | ||
7203 | |||
7204 | upstream commit | ||
7205 | |||
7206 | openssh-7.1 | ||
7207 | |||
7208 | Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f | ||
7209 | |||
7210 | commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf | ||
7211 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7212 | Date: Fri Aug 21 03:42:19 2015 +0000 | ||
7213 | |||
7214 | upstream commit | ||
7215 | |||
7216 | fix inverted logic that broke PermitRootLogin; reported | ||
7217 | by Mantas Mikulenas; ok markus@ | ||
7218 | |||
7219 | Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5 | ||
7220 | |||
7221 | commit ce445b0ed927e45bd5bdce8f836eb353998dd65c | ||
7222 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
7223 | Date: Thu Aug 20 22:32:42 2015 +0000 | ||
7224 | |||
7225 | upstream commit | ||
7226 | |||
7227 | Do not cast result of malloc/calloc/realloc* if stdlib.h | ||
7228 | is in scope ok krw millert | ||
7229 | |||
7230 | Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667 | ||
7231 | |||
7232 | commit 05291e5288704d1a98bacda269eb5a0153599146 | ||
7233 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
7234 | Date: Thu Aug 20 19:20:06 2015 +0000 | ||
7235 | |||
7236 | upstream commit | ||
7237 | |||
7238 | In the certificates section, be consistent about using | ||
7239 | "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ | ||
7240 | |||
7241 | Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb | ||
7242 | |||
7243 | commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4 | ||
7244 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7245 | Date: Wed Aug 19 23:21:42 2015 +0000 | ||
7246 | |||
7247 | upstream commit | ||
7248 | |||
7249 | Better compat matching for WinSCP, add compat matching | ||
7250 | for FuTTY (fork of PuTTY); ok markus@ deraadt@ | ||
7251 | |||
7252 | Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389 | ||
7253 | |||
7254 | commit ec6eda16ebab771aa3dfc90629b41953b999cb1e | ||
7255 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7256 | Date: Wed Aug 19 23:19:01 2015 +0000 | ||
7257 | |||
7258 | upstream commit | ||
7259 | |||
7260 | fix double-free() in error path of DSA key generation | ||
7261 | reported by Mateusz Kocielski; ok markus@ | ||
7262 | |||
7263 | Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c | ||
7264 | |||
7265 | commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b | ||
7266 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7267 | Date: Wed Aug 19 23:18:26 2015 +0000 | ||
7268 | |||
7269 | upstream commit | ||
7270 | |||
7271 | fix free() of uninitialised pointer reported by Mateusz | ||
7272 | Kocielski; ok markus@ | ||
7273 | |||
7274 | Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663 | ||
7275 | |||
7276 | commit c837643b93509a3ef538cb6624b678c5fe32ff79 | ||
7277 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7278 | Date: Wed Aug 19 23:17:51 2015 +0000 | ||
7279 | |||
7280 | upstream commit | ||
7281 | |||
7282 | fixed unlink([uninitialised memory]) reported by Mateusz | ||
7283 | Kocielski; ok markus@ | ||
7284 | |||
7285 | Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109 | ||
7286 | |||
7287 | commit 1f8d3d629cd553031021068eb9c646a5f1e50994 | ||
7288 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
7289 | Date: Fri Aug 14 15:32:41 2015 +0000 | ||
7290 | |||
7291 | upstream commit | ||
7292 | |||
7293 | match myproposal.h order; from brian conway (i snuck in a | ||
7294 | tweak while here) | ||
7295 | |||
7296 | ok dtucker | ||
7297 | |||
7298 | Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67 | ||
7299 | |||
7300 | commit 1dc8d93ce69d6565747eb44446ed117187621b26 | ||
7301 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
7302 | Date: Thu Aug 6 14:53:21 2015 +0000 | ||
7303 | |||
7304 | upstream commit | ||
7305 | |||
7306 | add prohibit-password as a synonymn for without-password, | ||
7307 | since the without-password is causing too many questions. Harden it to ban | ||
7308 | all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from | ||
7309 | djm, ok markus | ||
7310 | |||
7311 | Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a | ||
7312 | |||
7313 | commit 90a95a4745a531b62b81ce3b025e892bdc434de5 | ||
7314 | Author: Damien Miller <djm@mindrot.org> | ||
7315 | Date: Tue Aug 11 13:53:41 2015 +1000 | ||
7316 | |||
7317 | update version in README | ||
7318 | |||
7319 | commit 318c37743534b58124f1bab37a8a0087a3a9bd2f | ||
7320 | Author: Damien Miller <djm@mindrot.org> | ||
7321 | Date: Tue Aug 11 13:53:09 2015 +1000 | ||
7322 | |||
7323 | update versions in *.spec | ||
7324 | |||
7325 | commit 5e75f5198769056089fb06c4d738ab0e5abc66f7 | ||
7326 | Author: Damien Miller <djm@mindrot.org> | ||
7327 | Date: Tue Aug 11 13:34:12 2015 +1000 | ||
7328 | |||
7329 | set sshpam_ctxt to NULL after free | ||
7330 | |||
7331 | Avoids use-after-free in monitor when privsep child is compromised. | ||
7332 | Reported by Moritz Jodeit; ok dtucker@ | ||
7333 | |||
7334 | commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b | ||
7335 | Author: Damien Miller <djm@mindrot.org> | ||
7336 | Date: Tue Aug 11 13:33:24 2015 +1000 | ||
7337 | |||
7338 | Don't resend username to PAM; it already has it. | ||
7339 | |||
7340 | Pointed out by Moritz Jodeit; ok dtucker@ | ||
7341 | |||
7342 | commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca | ||
7343 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7344 | Date: Mon Jul 27 12:14:25 2015 +1000 | ||
7345 | |||
7346 | Import updated moduli file from OpenBSD. | ||
7347 | |||
7348 | commit 55b263fb7cfeacb81aaf1c2036e0394c881637da | ||
7349 | Author: Damien Miller <djm@mindrot.org> | ||
7350 | Date: Mon Aug 10 11:13:44 2015 +1000 | ||
7351 | |||
7352 | let principals-command.sh work for noexec /var/run | ||
7353 | |||
7354 | commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897 | ||
7355 | Author: Damien Miller <djm@mindrot.org> | ||
7356 | Date: Thu Aug 6 11:43:42 2015 +1000 | ||
7357 | |||
7358 | work around echo -n / sed behaviour in tests | ||
7359 | |||
7360 | commit d85dad81778c1aa8106acd46930b25fdf0d15b2a | ||
7361 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7362 | Date: Wed Aug 5 05:27:33 2015 +0000 | ||
7363 | |||
7364 | upstream commit | ||
7365 | |||
7366 | adjust for RSA minimum modulus switch; ok deraadt@ | ||
7367 | |||
7368 | Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae | ||
7369 | |||
7370 | commit 57e8e229bad5fe6056b5f1199665f5f7008192c6 | ||
7371 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7372 | Date: Tue Aug 4 05:23:06 2015 +0000 | ||
7373 | |||
7374 | upstream commit | ||
7375 | |||
7376 | backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this | ||
7377 | release; problems spotted by sthen@ ok deraadt@ markus@ | ||
7378 | |||
7379 | Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822 | ||
7380 | |||
7381 | commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a | ||
7382 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7383 | Date: Sun Aug 2 09:56:42 2015 +0000 | ||
7384 | |||
7385 | upstream commit | ||
7386 | |||
7387 | openssh 7.0; ok deraadt@ | ||
7388 | |||
7389 | Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f | ||
7390 | |||
7391 | commit 3d5728a0f6874ce4efb16913a12963595070f3a9 | ||
7392 | Author: chris@openbsd.org <chris@openbsd.org> | ||
7393 | Date: Fri Jul 31 15:38:09 2015 +0000 | ||
7394 | |||
7395 | upstream commit | ||
7396 | |||
7397 | Allow PermitRootLogin to be overridden by config | ||
7398 | |||
7399 | ok markus@ deeradt@ | ||
7400 | |||
7401 | Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4 | ||
7402 | |||
7403 | commit 6f941396b6835ad18018845f515b0c4fe20be21a | ||
7404 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7405 | Date: Thu Jul 30 23:09:15 2015 +0000 | ||
7406 | |||
7407 | upstream commit | ||
7408 | |||
7409 | fix pty permissions; patch from Nikolay Edigaryev; ok | ||
7410 | deraadt | ||
7411 | |||
7412 | Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550 | ||
7413 | |||
7414 | commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0 | ||
7415 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
7416 | Date: Thu Jul 30 19:23:02 2015 +0000 | ||
7417 | |||
7418 | upstream commit | ||
7419 | |||
7420 | change default: PermitRootLogin without-password matching | ||
7421 | install script changes coming as well ok djm markus | ||
7422 | |||
7423 | Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6 | ||
7424 | |||
7425 | commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c | ||
7426 | Author: Damien Miller <djm@mindrot.org> | ||
7427 | Date: Thu Jul 30 12:31:39 2015 +1000 | ||
7428 | |||
7429 | downgrade OOM adjustment logging: verbose -> debug | ||
7430 | |||
7431 | commit f9eca249d4961f28ae4b09186d7dc91de74b5895 | ||
7432 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7433 | Date: Thu Jul 30 00:01:34 2015 +0000 | ||
7434 | |||
7435 | upstream commit | ||
7436 | |||
7437 | Allow ssh_config and sshd_config kex parameters options be | ||
7438 | prefixed by a '+' to indicate that the specified items be appended to the | ||
7439 | default rather than replacing it. | ||
7440 | |||
7441 | approach suggested by dtucker@, feedback dlg@, ok markus@ | ||
7442 | |||
7443 | Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a | ||
7444 | |||
7445 | commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163 | ||
7446 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7447 | Date: Wed Jul 29 08:34:54 2015 +0000 | ||
7448 | |||
7449 | upstream commit | ||
7450 | |||
7451 | fix bug in previous; was printing incorrect string for | ||
7452 | failed host key algorithms negotiation | ||
7453 | |||
7454 | Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e | ||
7455 | |||
7456 | commit f319912b0d0e1675b8bb051ed8213792c788bcb2 | ||
7457 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7458 | Date: Wed Jul 29 04:43:06 2015 +0000 | ||
7459 | |||
7460 | upstream commit | ||
7461 | |||
7462 | include the peer's offer when logging a failure to | ||
7463 | negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@ | ||
7464 | |||
7465 | Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796 | ||
7466 | |||
7467 | commit b6ea0e573042eb85d84defb19227c89eb74cf05a | ||
7468 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7469 | Date: Tue Jul 28 23:20:42 2015 +0000 | ||
7470 | |||
7471 | upstream commit | ||
7472 | |||
7473 | add Cisco to the list of clients that choke on the | ||
7474 | hostkeys update extension. Pointed out by Howard Kash | ||
7475 | |||
7476 | Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84 | ||
7477 | |||
7478 | commit 3f628c7b537291c1019ce86af90756fb4e66d0fd | ||
7479 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
7480 | Date: Mon Jul 27 16:29:23 2015 +0000 | ||
7481 | |||
7482 | upstream commit | ||
7483 | |||
7484 | Permit kbind(2) use in the sandbox now, to ease testing | ||
7485 | of ld.so work using it | ||
7486 | |||
7487 | reminded by miod@, ok deraadt@ | ||
7488 | |||
7489 | Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413 | ||
7490 | |||
7491 | commit ebe27ebe520098bbc0fe58945a87ce8490121edb | ||
7492 | Author: millert@openbsd.org <millert@openbsd.org> | ||
7493 | Date: Mon Jul 20 18:44:12 2015 +0000 | ||
7494 | |||
7495 | upstream commit | ||
7496 | |||
7497 | Move .Pp before .Bl, not after to quiet mandoc -Tlint. | ||
7498 | Noticed by jmc@ | ||
7499 | |||
7500 | Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23 | ||
7501 | |||
7502 | commit d5d91d0da819611167782c66ab629159169d94d4 | ||
7503 | Author: millert@openbsd.org <millert@openbsd.org> | ||
7504 | Date: Mon Jul 20 18:42:35 2015 +0000 | ||
7505 | |||
7506 | upstream commit | ||
7507 | |||
7508 | Sync usage with SYNOPSIS | ||
7509 | |||
7510 | Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7 | ||
7511 | |||
7512 | commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743 | ||
7513 | Author: millert@openbsd.org <millert@openbsd.org> | ||
7514 | Date: Mon Jul 20 15:39:52 2015 +0000 | ||
7515 | |||
7516 | upstream commit | ||
7517 | |||
7518 | Better desciption of Unix domain socket forwarding. | ||
7519 | bz#2423; ok jmc@ | ||
7520 | |||
7521 | Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d | ||
7522 | |||
7523 | commit d56fd1828074a4031b18b8faa0bf949669eb18a0 | ||
7524 | Author: Damien Miller <djm@mindrot.org> | ||
7525 | Date: Mon Jul 20 11:19:51 2015 +1000 | ||
7526 | |||
7527 | make realpath.c compile -Wsign-compare clean | ||
7528 | |||
7529 | commit c63c9a691dca26bb7648827f5a13668832948929 | ||
7530 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7531 | Date: Mon Jul 20 00:30:01 2015 +0000 | ||
7532 | |||
7533 | upstream commit | ||
7534 | |||
7535 | mention that the default of UseDNS=no implies that | ||
7536 | hostnames cannot be used for host matching in sshd_config and | ||
7537 | authorized_keys; bz#2045, ok dtucker@ | ||
7538 | |||
7539 | Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1 | ||
7540 | |||
7541 | commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76 | ||
7542 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7543 | Date: Sat Jul 18 08:02:17 2015 +0000 | ||
7544 | |||
7545 | upstream commit | ||
7546 | |||
7547 | don't ignore PKCS#11 hosted keys that return empty | ||
7548 | CKA_ID; patch by Jakub Jelen via bz#2429; ok markus | ||
7549 | |||
7550 | Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485 | ||
7551 | |||
7552 | commit b15fd989c8c62074397160147a8d5bc34b3f3c63 | ||
7553 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7554 | Date: Sat Jul 18 08:00:21 2015 +0000 | ||
7555 | |||
7556 | upstream commit | ||
7557 | |||
7558 | skip uninitialised PKCS#11 slots; patch from Jakub Jelen | ||
7559 | in bz#2427 ok markus@ | ||
7560 | |||
7561 | Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29 | ||
7562 | |||
7563 | commit 5b64f85bb811246c59ebab70aed331f26ba37b18 | ||
7564 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7565 | Date: Sat Jul 18 07:57:14 2015 +0000 | ||
7566 | |||
7567 | upstream commit | ||
7568 | |||
7569 | only query each keyboard-interactive device once per | ||
7570 | authentication request regardless of how many times it is listed; ok markus@ | ||
7571 | |||
7572 | Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 | ||
7573 | |||
7574 | commit cd7324d0667794eb5c236d8a4e0f236251babc2d | ||
7575 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7576 | Date: Fri Jul 17 03:34:27 2015 +0000 | ||
7577 | |||
7578 | upstream commit | ||
7579 | |||
7580 | remove -u flag to diff (only used for error output) to make | ||
7581 | things easier for -portable | ||
7582 | |||
7583 | Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548 | ||
7584 | |||
7585 | commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a | ||
7586 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7587 | Date: Fri Jul 17 03:09:19 2015 +0000 | ||
7588 | |||
7589 | upstream commit | ||
7590 | |||
7591 | direct-streamlocal@openssh.com Unix domain foward | ||
7592 | messages do not contain a "reserved for future use" field and in fact, | ||
7593 | serverloop.c checks that there isn't one. Remove erroneous mention from | ||
7594 | PROTOCOL description. bz#2421 from Daniel Black | ||
7595 | |||
7596 | Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac | ||
7597 | |||
7598 | commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52 | ||
7599 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7600 | Date: Fri Jul 17 03:04:27 2015 +0000 | ||
7601 | |||
7602 | upstream commit | ||
7603 | |||
7604 | describe magic for setting up Unix domain socket fowards | ||
7605 | via the mux channel; bz#2422 patch from Daniel Black | ||
7606 | |||
7607 | Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861 | ||
7608 | |||
7609 | commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc | ||
7610 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7611 | Date: Fri Jul 17 12:52:34 2015 +1000 | ||
7612 | |||
7613 | Check if realpath works on nonexistent files. | ||
7614 | |||
7615 | On some platforms the native realpath doesn't work with non-existent | ||
7616 | files (this is actually specified in some versions of POSIX), however | ||
7617 | the sftp spec says its realpath with "canonicalize any given path name". | ||
7618 | On those platforms, use realpath from the compat library. | ||
7619 | |||
7620 | In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines | ||
7621 | the realpath symbol to the checked version, so redefine ours to | ||
7622 | something else so we pick up the compat version we want. | ||
7623 | |||
7624 | bz#2428, ok djm@ | ||
7625 | |||
7626 | commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0 | ||
7627 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7628 | Date: Fri Jul 17 02:47:45 2015 +0000 | ||
7629 | |||
7630 | upstream commit | ||
7631 | |||
7632 | fix incorrect test for SSH1 keys when compiled without SSH1 | ||
7633 | support | ||
7634 | |||
7635 | Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451 | ||
7636 | |||
7637 | commit df56a8035d429b2184ee94aaa7e580c1ff67f73a | ||
7638 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7639 | Date: Wed Jul 15 08:00:11 2015 +0000 | ||
7640 | |||
7641 | upstream commit | ||
7642 | |||
7643 | fix NULL-deref when SSH1 reenabled | ||
7644 | |||
7645 | Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295 | ||
7646 | |||
7647 | commit 41e38c4d49dd60908484e6703316651333f16b93 | ||
7648 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7649 | Date: Wed Jul 15 07:19:50 2015 +0000 | ||
7650 | |||
7651 | upstream commit | ||
7652 | |||
7653 | regen RSA1 test keys; the last batch was missing their | ||
7654 | private parts | ||
7655 | |||
7656 | Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a | ||
7657 | |||
7658 | commit 5bf0933184cb622ca3f96d224bf3299fd2285acc | ||
7659 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7660 | Date: Fri Jul 10 06:23:25 2015 +0000 | ||
7661 | |||
7662 | upstream commit | ||
7663 | |||
7664 | Adapt tests, now that DSA if off by default; use | ||
7665 | PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA. | ||
7666 | |||
7667 | Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c | ||
7668 | |||
7669 | commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc | ||
7670 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7671 | Date: Tue Jul 7 14:54:16 2015 +0000 | ||
7672 | |||
7673 | upstream commit | ||
7674 | |||
7675 | regen test data after mktestdata.sh changes | ||
7676 | |||
7677 | Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4 | ||
7678 | |||
7679 | commit 7c8c174c69f681d4910fa41c37646763692b28e2 | ||
7680 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7681 | Date: Tue Jul 7 14:53:30 2015 +0000 | ||
7682 | |||
7683 | upstream commit | ||
7684 | |||
7685 | adapt tests to new minimum RSA size and default FP format | ||
7686 | |||
7687 | Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e | ||
7688 | |||
7689 | commit 6a977a4b68747ade189e43d302f33403fd4a47ac | ||
7690 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7691 | Date: Fri Jul 3 04:39:23 2015 +0000 | ||
7692 | |||
7693 | upstream commit | ||
7694 | |||
7695 | legacy v00 certificates are gone; adapt and don't try to | ||
7696 | test them; "sure" markus@ dtucker@ | ||
7697 | |||
7698 | Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12 | ||
7699 | |||
7700 | commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385 | ||
7701 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7702 | Date: Wed Jul 1 23:11:18 2015 +0000 | ||
7703 | |||
7704 | upstream commit | ||
7705 | |||
7706 | don't expect SSH v.1 in unittests | ||
7707 | |||
7708 | Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397 | ||
7709 | |||
7710 | commit 3c099845798a817cdde513c39074ec2063781f18 | ||
7711 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7712 | Date: Mon Jun 15 06:38:50 2015 +0000 | ||
7713 | |||
7714 | upstream commit | ||
7715 | |||
7716 | turn SSH1 back on to match src/usr.bin/ssh being tested | ||
7717 | |||
7718 | Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333 | ||
7719 | |||
7720 | commit b1dc2b33689668c75e95f873a42d5aea1f4af1db | ||
7721 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7722 | Date: Mon Jul 13 04:57:14 2015 +0000 | ||
7723 | |||
7724 | upstream commit | ||
7725 | |||
7726 | Add "PuTTY_Local:" to the clients to which we do not | ||
7727 | offer DH-GEX. This was the string that was used for development versions | ||
7728 | prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately | ||
7729 | there are some extant products based on those versions. bx2424 from Jay | ||
7730 | Rouman, ok markus@ djm@ | ||
7731 | |||
7732 | Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5 | ||
7733 | |||
7734 | commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 | ||
7735 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7736 | Date: Fri Jul 10 06:21:53 2015 +0000 | ||
7737 | |||
7738 | upstream commit | ||
7739 | |||
7740 | Turn off DSA by default; add HostKeyAlgorithms to the | ||
7741 | server and PubkeyAcceptedKeyTypes to the client side, so it still can be | ||
7742 | tested or turned back on; feedback and ok djm@ | ||
7743 | |||
7744 | Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21 | ||
7745 | |||
7746 | commit 16db0a7ee9a87945cc594d13863cfcb86038db59 | ||
7747 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7748 | Date: Thu Jul 9 09:49:46 2015 +0000 | ||
7749 | |||
7750 | upstream commit | ||
7751 | |||
7752 | re-enable ed25519-certs if compiled w/o openssl; ok djm | ||
7753 | |||
7754 | Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49 | ||
7755 | |||
7756 | commit c355bf306ac33de6545ce9dac22b84a194601e2f | ||
7757 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7758 | Date: Wed Jul 8 20:24:02 2015 +0000 | ||
7759 | |||
7760 | upstream commit | ||
7761 | |||
7762 | no need to include the old buffer/key API | ||
7763 | |||
7764 | Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b | ||
7765 | |||
7766 | commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee | ||
7767 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7768 | Date: Wed Jul 8 19:09:25 2015 +0000 | ||
7769 | |||
7770 | upstream commit | ||
7771 | |||
7772 | typedefs for Cipher&CipherContext are unused | ||
7773 | |||
7774 | Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7 | ||
7775 | |||
7776 | commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0 | ||
7777 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7778 | Date: Wed Jul 8 19:04:21 2015 +0000 | ||
7779 | |||
7780 | upstream commit | ||
7781 | |||
7782 | xmalloc.h is unused | ||
7783 | |||
7784 | Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58 | ||
7785 | |||
7786 | commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31 | ||
7787 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7788 | Date: Wed Jul 8 19:01:15 2015 +0000 | ||
7789 | |||
7790 | upstream commit | ||
7791 | |||
7792 | compress.c is gone | ||
7793 | |||
7794 | Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced | ||
7795 | |||
7796 | commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615 | ||
7797 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7798 | Date: Fri Jul 3 04:05:54 2015 +0000 | ||
7799 | |||
7800 | upstream commit | ||
7801 | |||
7802 | another SSH_RSA_MINIMUM_MODULUS_SIZE that needed | ||
7803 | cranking | ||
7804 | |||
7805 | Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1 | ||
7806 | |||
7807 | commit b1f383da5cd3cb921fc7776f17a14f44b8a31757 | ||
7808 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7809 | Date: Fri Jul 3 03:56:25 2015 +0000 | ||
7810 | |||
7811 | upstream commit | ||
7812 | |||
7813 | add an XXX reminder for getting correct key paths from | ||
7814 | sshd_config | ||
7815 | |||
7816 | Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db | ||
7817 | |||
7818 | commit 933935ce8d093996c34d7efa4d59113163080680 | ||
7819 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7820 | Date: Fri Jul 3 03:49:45 2015 +0000 | ||
7821 | |||
7822 | upstream commit | ||
7823 | |||
7824 | refuse to generate or accept RSA keys smaller than 1024 | ||
7825 | bits; feedback and ok dtucker@ | ||
7826 | |||
7827 | Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba | ||
7828 | |||
7829 | commit bdfd29f60b74f3e678297269dc6247a5699583c1 | ||
7830 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7831 | Date: Fri Jul 3 03:47:00 2015 +0000 | ||
7832 | |||
7833 | upstream commit | ||
7834 | |||
7835 | turn off 1024 bit diffie-hellman-group1-sha1 key | ||
7836 | exchange method (already off in server, this turns it off in the client by | ||
7837 | default too) ok dtucker@ | ||
7838 | |||
7839 | Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa | ||
7840 | |||
7841 | commit c28fc62d789d860c75e23a9fa9fb250eb2beca57 | ||
7842 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7843 | Date: Fri Jul 3 03:43:18 2015 +0000 | ||
7844 | |||
7845 | upstream commit | ||
7846 | |||
7847 | delete support for legacy v00 certificates; "sure" | ||
7848 | markus@ dtucker@ | ||
7849 | |||
7850 | Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f | ||
7851 | |||
7852 | commit 564d63e1b4a9637a209d42a9d49646781fc9caef | ||
7853 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7854 | Date: Wed Jul 1 23:10:47 2015 +0000 | ||
7855 | |||
7856 | upstream commit | ||
7857 | |||
7858 | Compile-time disable SSH v.1 again | ||
7859 | |||
7860 | Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af | ||
7861 | |||
7862 | commit 868109b650504dd9bcccdb1f51d0906f967c20ff | ||
7863 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7864 | Date: Wed Jul 1 02:39:06 2015 +0000 | ||
7865 | |||
7866 | upstream commit | ||
7867 | |||
7868 | twiddle PermitRootLogin back | ||
7869 | |||
7870 | Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2 | ||
7871 | |||
7872 | commit 7de4b03a6e4071d454b72927ffaf52949fa34545 | ||
7873 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7874 | Date: Wed Jul 1 02:32:17 2015 +0000 | ||
7875 | |||
7876 | upstream commit | ||
7877 | |||
7878 | twiddle; (this commit marks the openssh-6.9 release) | ||
7879 | |||
7880 | Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234 | ||
7881 | |||
7882 | commit 1bf477d3cdf1a864646d59820878783d42357a1d | ||
7883 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7884 | Date: Wed Jul 1 02:26:31 2015 +0000 | ||
7885 | |||
7886 | upstream commit | ||
7887 | |||
7888 | better refuse ForwardX11Trusted=no connections attempted | ||
7889 | after ForwardX11Timeout expires; reported by Jann Horn | ||
7890 | |||
7891 | Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21 | ||
7892 | |||
7893 | commit 47aa7a0f8551b471fcae0447c1d78464f6dba869 | ||
7894 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7895 | Date: Wed Jul 1 01:56:13 2015 +0000 | ||
7896 | |||
7897 | upstream commit | ||
7898 | |||
7899 | put back default PermitRootLogin=no | ||
7900 | |||
7901 | Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728 | ||
7902 | |||
7903 | commit 984b064fe2a23733733262f88d2e1b2a1a501662 | ||
7904 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7905 | Date: Wed Jul 1 01:55:13 2015 +0000 | ||
7906 | |||
7907 | upstream commit | ||
7908 | |||
7909 | openssh-6.9 | ||
7910 | |||
7911 | Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45 | ||
7912 | |||
7913 | commit d921082ed670f516652eeba50705e1e9f6325346 | ||
7914 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7915 | Date: Wed Jul 1 01:55:00 2015 +0000 | ||
7916 | |||
7917 | upstream commit | ||
7918 | |||
7919 | reset default PermitRootLogin to 'yes' (momentarily, for | ||
7920 | release) | ||
7921 | |||
7922 | Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24 | ||
7923 | |||
7924 | commit 66295e0e1ba860e527f191b6325d2d77dec4dbce | ||
7925 | Author: Damien Miller <djm@mindrot.org> | ||
7926 | Date: Wed Jul 1 11:49:12 2015 +1000 | ||
7927 | |||
7928 | crank version numbers for release | ||
7929 | |||
7930 | commit 37035c07d4f26bb1fbe000d2acf78efdb008681d | ||
7931 | Author: Damien Miller <djm@mindrot.org> | ||
7932 | Date: Wed Jul 1 10:49:37 2015 +1000 | ||
7933 | |||
7934 | s/--with-ssh1/--without-ssh1/ | ||
7935 | |||
7936 | commit 629df770dbadc2accfbe1c81b3f31f876d0acd84 | ||
7937 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7938 | Date: Tue Jun 30 05:25:07 2015 +0000 | ||
7939 | |||
7940 | upstream commit | ||
7941 | |||
7942 | fatal() when a remote window update causes the window | ||
7943 | value to overflow. Reported by Georg Wicherski, ok markus@ | ||
7944 | |||
7945 | Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351 | ||
7946 | |||
7947 | commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2 | ||
7948 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7949 | Date: Tue Jun 30 05:23:25 2015 +0000 | ||
7950 | |||
7951 | upstream commit | ||
7952 | |||
7953 | Fix math error in remote window calculations that causes | ||
7954 | eventual stalls for datagram channels. Reported by Georg Wicherski, ok | ||
7955 | markus@ | ||
7956 | |||
7957 | Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab | ||
7958 | |||
7959 | commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889 | ||
7960 | Author: Damien Miller <djm@mindrot.org> | ||
7961 | Date: Tue Jun 30 16:05:40 2015 +1000 | ||
7962 | |||
7963 | skip IPv6-related portions on hosts without IPv6 | ||
7964 | |||
7965 | with Tim Rice | ||
7966 | |||
7967 | commit 512caddf590857af6aa12218461b5c0441028cf5 | ||
7968 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7969 | Date: Mon Jun 29 22:35:12 2015 +0000 | ||
7970 | |||
7971 | upstream commit | ||
7972 | |||
7973 | add getpid to sandbox, reachable by grace_alarm_handler | ||
7974 | |||
7975 | reported by Jakub Jelen; bz#2419 | ||
7976 | |||
7977 | Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8 | ||
7978 | |||
7979 | commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93 | ||
7980 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7981 | Date: Fri Jun 26 05:13:20 2015 +0000 | ||
7982 | |||
7983 | upstream commit | ||
7984 | |||
7985 | Fix \-escaping bug that caused forward path parsing to skip | ||
7986 | two characters and skip past the end of the string. | ||
7987 | |||
7988 | Based on patch by Salvador Fandino; ok dtucker@ | ||
7989 | |||
7990 | Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd | ||
7991 | |||
7992 | commit bc20205c91c9920361d12b15d253d4997dba494a | ||
7993 | Author: Damien Miller <djm@mindrot.org> | ||
7994 | Date: Thu Jun 25 09:51:39 2015 +1000 | ||
7995 | |||
7996 | add missing pselect6 | ||
7997 | |||
7998 | patch from Jakub Jelen | ||
7999 | |||
8000 | commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a | ||
8001 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8002 | Date: Wed Jun 24 23:47:23 2015 +0000 | ||
8003 | |||
8004 | upstream commit | ||
8005 | |||
8006 | correct test to sshkey_sign(); spotted by Albert S. | ||
8007 | |||
8008 | Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933 | ||
8009 | |||
8010 | commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3 | ||
8011 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8012 | Date: Wed Jun 24 01:49:19 2015 +0000 | ||
8013 | |||
8014 | upstream commit | ||
8015 | |||
8016 | Revert previous commit. We still want to call setgroups | ||
8017 | in the case where there are zero groups to remove any that we might otherwise | ||
8018 | inherit (as pointed out by grawity at gmail.com) and since the 2nd argument | ||
8019 | to setgroups is always a static global it's always valid to dereference in | ||
8020 | this case. ok deraadt@ djm@ | ||
8021 | |||
8022 | Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 | ||
8023 | |||
8024 | commit 882f8bf94f79528caa65b0ba71c185d705bb7195 | ||
8025 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8026 | Date: Wed Jun 24 01:49:19 2015 +0000 | ||
8027 | |||
8028 | upstream commit | ||
8029 | |||
8030 | Revert previous commit. We still want to call setgroups in | ||
8031 | the case where there are zero groups to remove any that we might otherwise | ||
8032 | inherit (as pointed out by grawity at gmail.com) and since the 2nd argument | ||
8033 | to setgroups is always a static global it's always valid to dereference in | ||
8034 | this case. ok deraadt@ djm@ | ||
8035 | |||
8036 | Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 | ||
8037 | |||
8038 | commit 9488538a726951e82b3a4374f3c558d72c80a89b | ||
8039 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8040 | Date: Mon Jun 22 23:42:16 2015 +0000 | ||
8041 | |||
8042 | upstream commit | ||
8043 | |||
8044 | Don't count successful partial authentication as failures | ||
8045 | in monitor; this may have caused the monitor to refuse multiple | ||
8046 | authentications that would otherwise have successfully completed; ok markus@ | ||
8047 | |||
8048 | Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3 | ||
8049 | |||
8050 | commit 63b78d003bd8ca111a736e6cea6333da50f5f09b | ||
8051 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8052 | Date: Mon Jun 22 12:29:57 2015 +0000 | ||
8053 | |||
8054 | upstream commit | ||
8055 | |||
8056 | Don't call setgroups if we have zero groups; there's no | ||
8057 | guarantee that it won't try to deref the pointer. Based on a patch from mail | ||
8058 | at quitesimple.org, ok djm deraadt | ||
8059 | |||
8060 | Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1 | ||
8061 | |||
8062 | commit 5c15e22c691c79a47747bcf5490126656f97cecd | ||
8063 | Author: Damien Miller <djm@mindrot.org> | ||
8064 | Date: Thu Jun 18 15:07:56 2015 +1000 | ||
8065 | |||
8066 | fix syntax error | ||
8067 | |||
8068 | commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403 | ||
8069 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
8070 | Date: Mon Jun 15 18:44:22 2015 +0000 | ||
8071 | |||
8072 | upstream commit | ||
8073 | |||
8074 | If AuthorizedPrincipalsCommand is specified, however | ||
8075 | AuthorizedPrincipalsFile is not (or is set to "none"), authentication will | ||
8076 | potentially fail due to key_cert_check_authority() failing to locate a | ||
8077 | principal that matches the username, even though an authorized principal has | ||
8078 | already been matched in the output of the subprocess. Fix this by using the | ||
8079 | same logic to determine if pw->pw_name should be passed, as is used to | ||
8080 | determine if a authorized principal must be matched earlier on. | ||
8081 | |||
8082 | ok djm@ | ||
8083 | |||
8084 | Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d | ||
8085 | |||
8086 | commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905 | ||
8087 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
8088 | Date: Mon Jun 15 18:42:19 2015 +0000 | ||
8089 | |||
8090 | upstream commit | ||
8091 | |||
8092 | Make the arguments to match_principals_command() similar | ||
8093 | to match_principals_file(), by changing the last argument a struct | ||
8094 | sshkey_cert * and dereferencing key->cert in the caller. | ||
8095 | |||
8096 | No functional change. | ||
8097 | |||
8098 | ok djm@ | ||
8099 | |||
8100 | Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c | ||
8101 | |||
8102 | commit 97e2e1596c202a4693468378b16b2353fd2d6c5e | ||
8103 | Author: Damien Miller <djm@mindrot.org> | ||
8104 | Date: Wed Jun 17 14:36:54 2015 +1000 | ||
8105 | |||
8106 | trivial optimisation for seccomp-bpf | ||
8107 | |||
8108 | When doing arg inspection and the syscall doesn't match, skip | ||
8109 | past the instruction that reloads the syscall into the accumulator, | ||
8110 | since the accumulator hasn't been modified at this point. | ||
8111 | |||
8112 | commit 99f33d7304893bd9fa04d227cb6e870171cded19 | ||
8113 | Author: Damien Miller <djm@mindrot.org> | ||
8114 | Date: Wed Jun 17 10:50:51 2015 +1000 | ||
8115 | |||
8116 | aarch64 support for seccomp-bpf sandbox | ||
8117 | |||
8118 | Also resort and tidy syscall list. Based on patches by Jakub Jelen | ||
8119 | bz#2361; ok dtucker@ | ||
8120 | |||
8121 | commit 4ef702e1244633c1025ec7cfe044b9ab267097bf | ||
8122 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8123 | Date: Mon Jun 15 01:32:50 2015 +0000 | ||
8124 | |||
8125 | upstream commit | ||
8126 | |||
8127 | return failure on RSA signature error; reported by Albert S | ||
8128 | |||
8129 | Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa | ||
8130 | |||
8131 | commit a170f22baf18af0b1acf2788b8b715605f41a1f9 | ||
8132 | Author: Tim Rice <tim@multitalents.net> | ||
8133 | Date: Tue Jun 9 22:41:13 2015 -0700 | ||
8134 | |||
8135 | Fix t12 rules for out of tree builds. | ||
8136 | |||
8137 | commit ec04dc4a5515c913121bc04ed261857e68fa5c18 | ||
8138 | Author: millert@openbsd.org <millert@openbsd.org> | ||
8139 | Date: Fri Jun 5 15:13:13 2015 +0000 | ||
8140 | |||
8141 | upstream commit | ||
8142 | |||
8143 | For "ssh -L 12345:/tmp/sock" don't fail with "No forward host | ||
8144 | name." (we have a path, not a host name). Based on a diff from Jared | ||
8145 | Yanovich. OK djm@ | ||
8146 | |||
8147 | Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f | ||
8148 | |||
8149 | commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6 | ||
8150 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8151 | Date: Fri Jun 5 03:44:14 2015 +0000 | ||
8152 | |||
8153 | upstream commit | ||
8154 | |||
8155 | typo: accidental repetition; bz#2386 | ||
8156 | |||
8157 | Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b | ||
8158 | |||
8159 | commit adfb24c69d1b6f5e758db200866c711e25a2ba73 | ||
8160 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8161 | Date: Fri Jun 5 14:51:40 2015 +1000 | ||
8162 | |||
8163 | Add Linux powerpc64le and powerpcle entries. | ||
8164 | |||
8165 | Stopgap to resolve bz#2409 because we are so close to release and will | ||
8166 | update config.guess and friends shortly after the release. ok djm@ | ||
8167 | |||
8168 | commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da | ||
8169 | Merge: 6397eed d2480bc | ||
8170 | Author: Tim Rice <tim@multitalents.net> | ||
8171 | Date: Wed Jun 3 21:43:13 2015 -0700 | ||
8172 | |||
8173 | Merge branch 'master' of git.mindrot.org:/var/git/openssh | ||
8174 | |||
8175 | commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc | ||
8176 | Author: Tim Rice <tim@multitalents.net> | ||
8177 | Date: Wed Jun 3 21:41:11 2015 -0700 | ||
8178 | |||
8179 | Remove unneeded backslashes. Patch from Ángel González | ||
8180 | |||
8181 | commit d2480bcac1caf31b03068de877a47d6e1027bf6d | ||
8182 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8183 | Date: Thu Jun 4 14:10:55 2015 +1000 | ||
8184 | |||
8185 | Remove redundant include of stdarg.h. bz#2410 | ||
8186 | |||
8187 | commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb | ||
8188 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8189 | Date: Tue Jun 2 09:10:40 2015 +0000 | ||
8190 | |||
8191 | upstream commit | ||
8192 | |||
8193 | mention CheckHostIP adding addresses to known_hosts; | ||
8194 | bz#1993; ok dtucker@ | ||
8195 | |||
8196 | Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7 | ||
8197 | |||
8198 | commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818 | ||
8199 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8200 | Date: Tue Jun 2 20:15:26 2015 +1000 | ||
8201 | |||
8202 | Replace strcpy with strlcpy. | ||
8203 | |||
8204 | ok djm, sanity check by Corinna Vinschen. | ||
8205 | |||
8206 | commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143 | ||
8207 | Author: Damien Miller <djm@mindrot.org> | ||
8208 | Date: Fri May 29 18:27:21 2015 +1000 | ||
8209 | |||
8210 | skip, rather than fatal when run without SUDO set | ||
8211 | |||
8212 | commit 599f01142a376645b15cbc9349d7e8975e1cf245 | ||
8213 | Author: Damien Miller <djm@mindrot.org> | ||
8214 | Date: Fri May 29 18:03:15 2015 +1000 | ||
8215 | |||
8216 | fix merge botch that left ",," in KEX algs | ||
8217 | |||
8218 | commit 0c2a81dfc21822f2423edd30751e5ec53467b347 | ||
8219 | Author: Damien Miller <djm@mindrot.org> | ||
8220 | Date: Fri May 29 17:08:28 2015 +1000 | ||
8221 | |||
8222 | re-enable SSH protocol 1 at compile time | ||
8223 | |||
8224 | commit db438f9285d64282d3ac9e8c0944f59f037c0151 | ||
8225 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8226 | Date: Fri May 29 03:05:13 2015 +0000 | ||
8227 | |||
8228 | upstream commit | ||
8229 | |||
8230 | make this work without SUDO set; ok dtucker@ | ||
8231 | |||
8232 | Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715 | ||
8233 | |||
8234 | commit 1d9a2e2849c9864fe75daabf433436341c968e14 | ||
8235 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8236 | Date: Thu May 28 07:37:31 2015 +0000 | ||
8237 | |||
8238 | upstream commit | ||
8239 | |||
8240 | wrap all moduli-related code in #ifdef WITH_OPENSSL. | ||
8241 | based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@ | ||
8242 | |||
8243 | Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf | ||
8244 | |||
8245 | commit 496aeb25bc2d6c434171292e4714771b594bd00e | ||
8246 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8247 | Date: Thu May 28 05:41:29 2015 +0000 | ||
8248 | |||
8249 | upstream commit | ||
8250 | |||
8251 | Increase the allowed length of the known host file name | ||
8252 | in the log message to be consistent with other cases. Part of bz#1993, ok | ||
8253 | deraadt. | ||
8254 | |||
8255 | Upstream-ID: a9e97567be49f25daf286721450968251ff78397 | ||
8256 | |||
8257 | commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14 | ||
8258 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8259 | Date: Thu May 28 05:09:45 2015 +0000 | ||
8260 | |||
8261 | upstream commit | ||
8262 | |||
8263 | Fix typo (keywork->keyword) | ||
8264 | |||
8265 | Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534 | ||
8266 | |||
8267 | commit 9cc6842493fbf23025ccc1edab064869640d3bec | ||
8268 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8269 | Date: Thu May 28 04:50:53 2015 +0000 | ||
8270 | |||
8271 | upstream commit | ||
8272 | |||
8273 | add error message on ftruncate failure; bz#2176 | ||
8274 | |||
8275 | Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf | ||
8276 | |||
8277 | commit d1958793a0072c22be26d136dbda5ae263e717a0 | ||
8278 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8279 | Date: Thu May 28 04:40:13 2015 +0000 | ||
8280 | |||
8281 | upstream commit | ||
8282 | |||
8283 | make ssh-keygen default to ed25519 keys when compiled | ||
8284 | without OpenSSL; bz#2388, ok dtucker@ | ||
8285 | |||
8286 | Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71 | ||
8287 | |||
8288 | commit 3ecde664c9fc5fb3667aedf9e6671462600f6496 | ||
8289 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8290 | Date: Wed May 27 23:51:10 2015 +0000 | ||
8291 | |||
8292 | upstream commit | ||
8293 | |||
8294 | Reorder client proposal to prefer | ||
8295 | diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@ | ||
8296 | |||
8297 | Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058 | ||
8298 | |||
8299 | commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68 | ||
8300 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8301 | Date: Wed May 27 23:39:18 2015 +0000 | ||
8302 | |||
8303 | upstream commit | ||
8304 | |||
8305 | Add a stronger (4k bit) fallback group that sshd can use | ||
8306 | when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok | ||
8307 | markus@ (earlier version), djm@ | ||
8308 | |||
8309 | Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4 | ||
8310 | |||
8311 | commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a | ||
8312 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8313 | Date: Thu May 28 10:03:40 2015 +1000 | ||
8314 | |||
8315 | New moduli file from OpenBSD, removing 1k groups. | ||
8316 | |||
8317 | Remove 1k bit groups. ok deraadt@, markus@ | ||
8318 | |||
8319 | commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea | ||
8320 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8321 | Date: Wed May 27 05:15:02 2015 +0000 | ||
8322 | |||
8323 | upstream commit | ||
8324 | |||
8325 | support PKCS#11 devices with external PIN entry devices | ||
8326 | bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@ | ||
8327 | |||
8328 | Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d | ||
8329 | |||
8330 | commit b282fec1aa05246ed3482270eb70fc3ec5f39a00 | ||
8331 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8332 | Date: Tue May 26 23:23:40 2015 +0000 | ||
8333 | |||
8334 | upstream commit | ||
8335 | |||
8336 | Cap DH-GEX group size at 4kbits for Cisco implementations. | ||
8337 | Some of them will choke when asked for preferred sizes >4k instead of | ||
8338 | returning the 4k group that they do have. bz#2209, ok djm@ | ||
8339 | |||
8340 | Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d | ||
8341 | |||
8342 | commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e | ||
8343 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8344 | Date: Sun May 24 23:39:16 2015 +0000 | ||
8345 | |||
8346 | upstream commit | ||
8347 | |||
8348 | add missing 'c' option to getopt(), case statement was | ||
8349 | already there; from Felix Bolte | ||
8350 | |||
8351 | Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081 | ||
8352 | |||
8353 | commit 64a89ec07660abba4d0da7c0095b7371c98bab62 | ||
8354 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
8355 | Date: Sat May 23 14:28:37 2015 +0000 | ||
8356 | |||
8357 | upstream commit | ||
8358 | |||
8359 | fix a memory leak in an error path ok markus@ dtucker@ | ||
8360 | |||
8361 | Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598 | ||
8362 | |||
8363 | commit f948737449257d2cb83ffcfe7275eb79b677fd4a | ||
8364 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8365 | Date: Fri May 22 05:28:45 2015 +0000 | ||
8366 | |||
8367 | upstream commit | ||
8368 | |||
8369 | mention ssh-keygen -E for comparing legacy MD5 | ||
8370 | fingerprints; bz#2332 | ||
8371 | |||
8372 | Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859 | ||
8373 | |||
8374 | commit 0882332616e4f0272c31cc47bf2018f9cb258a4e | ||
8375 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8376 | Date: Fri May 22 04:45:52 2015 +0000 | ||
8377 | |||
8378 | upstream commit | ||
8379 | |||
8380 | Reorder EscapeChar option parsing to avoid a single-byte | ||
8381 | out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@ | ||
8382 | |||
8383 | Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060 | ||
8384 | |||
8385 | commit d7c31da4d42c115843edee2074d7d501f8804420 | ||
8386 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8387 | Date: Fri May 22 03:50:02 2015 +0000 | ||
8388 | |||
8389 | upstream commit | ||
8390 | |||
8391 | add knob to relax GSSAPI host credential check for | ||
8392 | multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker | ||
8393 | (kerberos/GSSAPI is not compiled by default on OpenBSD) | ||
8394 | |||
8395 | Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d | ||
8396 | |||
8397 | commit aa72196a00be6e0b666215edcffbc10af234cb0e | ||
8398 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8399 | Date: Fri May 22 17:49:46 2015 +1000 | ||
8400 | |||
8401 | Include signal.h for sig_atomic_t, used by kex.h. | ||
8402 | |||
8403 | bz#2402, from tomas.kuthan at oracle com. | ||
8404 | |||
8405 | commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a | ||
8406 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8407 | Date: Fri May 22 12:47:24 2015 +1000 | ||
8408 | |||
8409 | Import updated moduli file from OpenBSD. | ||
8410 | |||
8411 | commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9 | ||
8412 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8413 | Date: Thu May 21 12:01:19 2015 +0000 | ||
8414 | |||
8415 | upstream commit | ||
8416 | |||
8417 | Support "ssh-keygen -lF hostname" to find search known_hosts | ||
8418 | and print key hashes. Already advertised by ssh-keygen(1), but not delivered | ||
8419 | by code; ok dtucker@ | ||
8420 | |||
8421 | Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387 | ||
8422 | |||
8423 | commit e97201feca10b5196da35819ae516d0b87cf3a50 | ||
8424 | Author: Damien Miller <djm@mindrot.org> | ||
8425 | Date: Thu May 21 17:55:15 2015 +1000 | ||
8426 | |||
8427 | conditionalise util.h inclusion | ||
8428 | |||
8429 | commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0 | ||
8430 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8431 | Date: Thu May 21 06:44:25 2015 +0000 | ||
8432 | |||
8433 | upstream commit | ||
8434 | |||
8435 | regress test for AuthorizedPrincipalsCommand | ||
8436 | |||
8437 | Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219 | ||
8438 | |||
8439 | commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1 | ||
8440 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8441 | Date: Thu May 21 06:40:02 2015 +0000 | ||
8442 | |||
8443 | upstream commit | ||
8444 | |||
8445 | regress test for AuthorizedKeysCommand arguments | ||
8446 | |||
8447 | Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12 | ||
8448 | |||
8449 | commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1 | ||
8450 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8451 | Date: Thu May 21 06:43:30 2015 +0000 | ||
8452 | |||
8453 | upstream commit | ||
8454 | |||
8455 | add AuthorizedPrincipalsCommand that allows getting | ||
8456 | authorized_principals from a subprocess rather than a file, which is quite | ||
8457 | useful in deployments with large userbases | ||
8458 | |||
8459 | feedback and ok markus@ | ||
8460 | |||
8461 | Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6 | ||
8462 | |||
8463 | commit 24232a3e5ab467678a86aa67968bbb915caffed4 | ||
8464 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8465 | Date: Thu May 21 06:38:35 2015 +0000 | ||
8466 | |||
8467 | upstream commit | ||
8468 | |||
8469 | support arguments to AuthorizedKeysCommand | ||
8470 | |||
8471 | bz#2081 loosely based on patch by Sami Hartikainen | ||
8472 | feedback and ok markus@ | ||
8473 | |||
8474 | Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7 | ||
8475 | |||
8476 | commit d80fbe41a57c72420c87a628444da16d09d66ca7 | ||
8477 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8478 | Date: Thu May 21 04:55:51 2015 +0000 | ||
8479 | |||
8480 | upstream commit | ||
8481 | |||
8482 | refactor: split base64 encoding of pubkey into its own | ||
8483 | sshkey_to_base64() function and out of sshkey_write(); ok markus@ | ||
8484 | |||
8485 | Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a | ||
8486 | |||
8487 | commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5 | ||
8488 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
8489 | Date: Mon May 18 15:06:05 2015 +0000 | ||
8490 | |||
8491 | upstream commit | ||
8492 | |||
8493 | getentropy() and sendsyslog() have been around long | ||
8494 | enough. openssh-portable may want the #ifdef's but not base. discussed with | ||
8495 | djm few weeks back | ||
8496 | |||
8497 | Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926 | ||
8498 | |||
8499 | commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e | ||
8500 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8501 | Date: Fri May 15 05:44:21 2015 +0000 | ||
8502 | |||
8503 | upstream commit | ||
8504 | |||
8505 | Use a salted hash of the lock passphrase instead of plain | ||
8506 | text and do constant-time comparisons of it. Should prevent leaking any | ||
8507 | information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s | ||
8508 | incrementing delay for each failed unlock attempt up to 10s. ok markus@ | ||
8509 | (earlier version), djm@ | ||
8510 | |||
8511 | Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f | ||
8512 | |||
8513 | commit d028d5d3a697c71b21e4066d8672cacab3caa0a8 | ||
8514 | Author: Damien Miller <djm@mindrot.org> | ||
8515 | Date: Tue May 5 19:10:58 2015 +1000 | ||
8516 | |||
8517 | upstream commit | ||
8518 | |||
8519 | - tedu@cvs.openbsd.org 2015/01/12 03:20:04 | ||
8520 | [bcrypt_pbkdf.c] | ||
8521 | rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks, | ||
8522 | nor are they the same size. | ||
8523 | |||
8524 | commit f6391d4e59b058984163ab28f4e317e7a72478f1 | ||
8525 | Author: Damien Miller <djm@mindrot.org> | ||
8526 | Date: Tue May 5 19:10:23 2015 +1000 | ||
8527 | |||
8528 | upstream commit | ||
8529 | |||
8530 | - deraadt@cvs.openbsd.org 2015/01/08 00:30:07 | ||
8531 | [bcrypt_pbkdf.c] | ||
8532 | declare a local version of MIN(), call it MINIMUM() | ||
8533 | |||
8534 | commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f | ||
8535 | Author: Damien Miller <djm@mindrot.org> | ||
8536 | Date: Tue May 5 19:09:46 2015 +1000 | ||
8537 | |||
8538 | upstream commit | ||
8539 | |||
8540 | - djm@cvs.openbsd.org 2014/12/30 01:41:43 | ||
8541 | [bcrypt_pbkdf.c] | ||
8542 | typo in comment: ouput => output | ||
8543 | |||
8544 | commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2 | ||
8545 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8546 | Date: Mon May 4 06:10:48 2015 +0000 | ||
8547 | |||
8548 | upstream commit | ||
8549 | |||
8550 | Remove pattern length argument from match_pattern_list(), we | ||
8551 | only ever use it for strlen(pattern). | ||
8552 | |||
8553 | Prompted by hanno AT hboeck.de pointing an out-of-bound read | ||
8554 | error caused by an incorrect pattern length found using AFL | ||
8555 | and his own tools. | ||
8556 | |||
8557 | ok markus@ | ||
8558 | |||
8559 | commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4 | ||
8560 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8561 | Date: Fri May 1 07:10:01 2015 +0000 | ||
8562 | |||
8563 | upstream commit | ||
8564 | |||
8565 | refactor ssh_dispatch_run_fatal() to use sshpkt_fatal() | ||
8566 | to better report error conditions. Teach sshpkt_fatal() about ECONNRESET. | ||
8567 | |||
8568 | Improves error messages on TCP connection resets. bz#2257 | ||
8569 | |||
8570 | ok dtucker@ | ||
8571 | |||
8572 | commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d | ||
8573 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8574 | Date: Fri May 1 07:08:08 2015 +0000 | ||
8575 | |||
8576 | upstream commit | ||
8577 | |||
8578 | a couple of parse targets were missing activep checks, | ||
8579 | causing them to be misapplied in match context; bz#2272 diagnosis and | ||
8580 | original patch from Sami Hartikainen ok dtucker@ | ||
8581 | |||
8582 | commit 7e8528cad04b2775c3b7db08abf8fb42e47e6b2a | ||
8583 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8584 | Date: Fri May 1 04:17:51 2015 +0000 | ||
8585 | |||
8586 | upstream commit | ||
8587 | |||
8588 | make handling of AuthorizedPrincipalsFile=none more | ||
8589 | consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@ | ||
8590 | |||
8591 | commit ca430d4d9cc0f62eca3b1fb1e2928395b7ce80f7 | ||
8592 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8593 | Date: Fri May 1 04:03:20 2015 +0000 | ||
8594 | |||
8595 | upstream commit | ||
8596 | |||
8597 | remove failed remote forwards established by muliplexing | ||
8598 | from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok | ||
8599 | dtucker@ | ||
8600 | |||
8601 | commit 8312cfb8ad88657517b3e23ac8c56c8e38eb9792 | ||
8602 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8603 | Date: Fri May 1 04:01:58 2015 +0000 | ||
8604 | |||
8605 | upstream commit | ||
8606 | |||
8607 | reduce stderr spam when using ssh -S /path/mux -O forward | ||
8608 | -R 0:... ok dtucker@ | ||
8609 | |||
8610 | commit 179be0f5e62f1f492462571944e45a3da660d82b | ||
8611 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8612 | Date: Fri May 1 03:23:51 2015 +0000 | ||
8613 | |||
8614 | upstream commit | ||
8615 | |||
8616 | prevent authorized_keys options picked up on public key | ||
8617 | tests without a corresponding private key authentication being applied to | ||
8618 | other authentication methods. Reported by halex@, ok markus@ | ||
8619 | |||
8620 | commit a42d67be65b719a430b7fcaba2a4e4118382723a | ||
8621 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8622 | Date: Fri May 1 03:20:54 2015 +0000 | ||
8623 | |||
8624 | upstream commit | ||
8625 | |||
8626 | Don't make parsing of authorized_keys' environment= | ||
8627 | option conditional on PermitUserEnv - always parse it, but only use the | ||
8628 | result if the option is enabled. This prevents the syntax of authorized_keys | ||
8629 | changing depending on which sshd_config options were enabled. | ||
8630 | |||
8631 | bz#2329; based on patch from coladict AT gmail.com, ok dtucker@ | ||
8632 | |||
8633 | commit e661a86353e11592c7ed6a847e19a83609f49e77 | ||
8634 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8635 | Date: Mon May 4 06:10:48 2015 +0000 | ||
8636 | |||
8637 | upstream commit | ||
8638 | |||
8639 | Remove pattern length argument from match_pattern_list(), we | ||
8640 | only ever use it for strlen(pattern). | ||
8641 | |||
8642 | Prompted by hanno AT hboeck.de pointing an out-of-bound read | ||
8643 | error caused by an incorrect pattern length found using AFL | ||
8644 | and his own tools. | ||
8645 | |||
8646 | ok markus@ | ||
8647 | |||
8648 | commit 0ef1de742be2ee4b10381193fe90730925b7f027 | ||
8649 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8650 | Date: Thu Apr 23 05:01:19 2015 +0000 | ||
8651 | |||
8652 | upstream commit | ||
8653 | |||
8654 | Add a simple regression test for sshd's configuration | ||
8655 | parser. Right now, all it does is run the output of sshd -T back through | ||
8656 | itself and ensure the output is valid and invariant. | ||
8657 | |||
8658 | commit 368f83c793275faa2c52f60eaa9bdac155c4254b | ||
8659 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8660 | Date: Wed Apr 22 01:38:36 2015 +0000 | ||
8661 | |||
8662 | upstream commit | ||
8663 | |||
8664 | use correct key for nested certificate test | ||
8665 | |||
8666 | commit 8d4d1bfddbbd7d21f545dc6997081d1ea1fbc99a | ||
8667 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8668 | Date: Fri May 1 07:11:47 2015 +0000 | ||
8669 | |||
8670 | upstream commit | ||
8671 | |||
8672 | mention that the user's shell from /etc/passwd is used | ||
8673 | for commands too; bz#1459 ok dtucker@ | ||
8674 | |||
8675 | commit 5ab283d0016bbc9d4d71e8e5284d011bc5a930cf | ||
8676 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8677 | Date: Fri May 8 07:29:00 2015 +0000 | ||
8678 | |||
8679 | upstream commit | ||
8680 | |||
8681 | whitespace | ||
8682 | |||
8683 | Upstream-Regress-ID: 6b708a3e709d5b7fd37890f874bafdff1f597519 | ||
8684 | |||
8685 | commit 8377d5008ad260048192e1e56ad7d15a56d103dd | ||
8686 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8687 | Date: Fri May 8 07:26:13 2015 +0000 | ||
8688 | |||
8689 | upstream commit | ||
8690 | |||
8691 | whitespace at EOL | ||
8692 | |||
8693 | Upstream-Regress-ID: 9c48911643d5b05173b36a012041bed4080b8554 | ||
8694 | |||
8695 | commit c28a3436fa8737709ea88e4437f8f23a6ab50359 | ||
8696 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8697 | Date: Fri May 8 06:45:13 2015 +0000 | ||
8698 | |||
8699 | upstream commit | ||
8700 | |||
8701 | moar whitespace at eol | ||
8702 | |||
8703 | Upstream-ID: 64eaf872a3ba52ed41e494287e80d40aaba4b515 | ||
8704 | |||
8705 | commit 2b64c490468fd4ca35ac8d5cc31c0520dc1508bb | ||
8706 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8707 | Date: Fri May 8 06:41:56 2015 +0000 | ||
8708 | |||
8709 | upstream commit | ||
8710 | |||
8711 | whitespace at EOL | ||
8712 | |||
8713 | Upstream-ID: 57bcf67d666c6fc1ad798aee448fdc3f70f7ec2c | ||
8714 | |||
8715 | commit 4e636cf201ce6e7e3b9088568218f9d4e2c51712 | ||
8716 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8717 | Date: Fri May 8 03:56:51 2015 +0000 | ||
8718 | |||
8719 | upstream commit | ||
8720 | |||
8721 | whitespace at EOL | ||
8722 | |||
8723 | commit 38b8272f823dc1dd4e29dbcee83943ed48bb12fa | ||
8724 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8725 | Date: Mon May 4 01:47:53 2015 +0000 | ||
8726 | |||
8727 | upstream commit | ||
8728 | |||
8729 | Use diff w/out -u for better portability | ||
8730 | |||
8731 | commit 297060f42d5189a4065ea1b6f0afdf6371fb0507 | ||
8732 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8733 | Date: Fri May 8 03:25:07 2015 +0000 | ||
8734 | |||
8735 | upstream commit | ||
8736 | |||
8737 | Use xcalloc for permitted_adm_opens instead of xmalloc to | ||
8738 | ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok | ||
8739 | djm@ | ||
8740 | |||
8741 | commit 63ebf019be863b2d90492a85e248cf55a6e87403 | ||
8742 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8743 | Date: Fri May 8 03:17:49 2015 +0000 | ||
8744 | |||
8745 | upstream commit | ||
8746 | |||
8747 | don't choke on new-format private keys encrypted with an | ||
8748 | AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@ | ||
8749 | |||
8750 | commit f8484dac678ab3098ae522a5f03bb2530f822987 | ||
8751 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8752 | Date: Wed May 6 05:45:17 2015 +0000 | ||
8753 | |||
8754 | upstream commit | ||
8755 | |||
8756 | Clarify pseudo-terminal request behaviour and use | ||
8757 | "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@. | ||
8758 | |||
8759 | commit ea139507bef8bad26e86ed99a42c7233ad115c38 | ||
8760 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8761 | Date: Wed May 6 04:07:18 2015 +0000 | ||
8762 | |||
8763 | upstream commit | ||
8764 | |||
8765 | Blacklist DH-GEX for specific PuTTY versions known to | ||
8766 | send non-RFC4419 DH-GEX messages rather than all versions of PuTTY. | ||
8767 | According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX | ||
8768 | messages. ok djm@ | ||
8769 | |||
8770 | commit b58234f00ee3872eb84f6e9e572a9a34e902e36e | ||
8771 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8772 | Date: Tue May 5 10:17:49 2015 +0000 | ||
8773 | |||
8774 | upstream commit | ||
8775 | |||
8776 | WinSCP doesn't implement RFC4419 DH-GEX so flag it so we | ||
8777 | don't offer that KEX method. ok markus@ | ||
8778 | |||
8779 | commit d5b1507a207253b39e810e91e68f9598691b7a29 | ||
8780 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
8781 | Date: Tue May 5 02:48:17 2015 +0000 | ||
8782 | |||
8783 | upstream commit | ||
8784 | |||
8785 | use the sizeof the struct not the sizeof a pointer to the | ||
8786 | struct in ssh_digest_start() | ||
8787 | |||
8788 | This file is only used if ssh is built with OPENSSL=no | ||
8789 | |||
8790 | ok markus@ | ||
8791 | |||
8792 | commit a647b9b8e616c231594b2710c925d31b1b8afea3 | ||
8793 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8794 | Date: Fri May 8 11:07:27 2015 +1000 | ||
8795 | |||
8796 | Put brackets around mblen() compat constant. | ||
8797 | |||
8798 | This might help with the reported problem cross compiling for Android | ||
8799 | ("error: expected identifier or '(' before numeric constant") but | ||
8800 | shouldn't hurt in any case. | ||
8801 | |||
8802 | commit d1680d36e17244d9af3843aeb5025cb8e40d6c07 | ||
8803 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8804 | Date: Thu Apr 30 09:18:11 2015 +1000 | ||
8805 | |||
8806 | xrealloc -> xreallocarray in portable code too. | ||
8807 | |||
8808 | commit 531a57a3893f9fcd4aaaba8c312b612bbbcc021e | ||
8809 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8810 | Date: Wed Apr 29 03:48:56 2015 +0000 | ||
8811 | |||
8812 | upstream commit | ||
8813 | |||
8814 | Allow ListenAddress, Port and AddressFamily in any | ||
8815 | order. bz#68, ok djm@, jmc@ (for the man page bit). | ||
8816 | |||
8817 | commit c1d5bcf1aaf1209af02f79e48ba1cbc76a87b56f | ||
8818 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8819 | Date: Tue Apr 28 13:47:38 2015 +0000 | ||
8820 | |||
8821 | upstream commit | ||
8822 | |||
8823 | enviroment -> environment: apologies to darren for not | ||
8824 | spotting that first time round... | ||
8825 | |||
8826 | commit 43beea053db191cac47c2cd8d3dc1930158aff1a | ||
8827 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8828 | Date: Tue Apr 28 10:25:15 2015 +0000 | ||
8829 | |||
8830 | upstream commit | ||
8831 | |||
8832 | Fix typo in previous | ||
8833 | |||
8834 | commit 85b96ef41374f3ddc9139581f87da09b2cd9199e | ||
8835 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8836 | Date: Tue Apr 28 10:17:58 2015 +0000 | ||
8837 | |||
8838 | upstream commit | ||
8839 | |||
8840 | Document that the TERM environment variable is not | ||
8841 | subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from | ||
8842 | jjelen at redhat, help and ok jmc@ | ||
8843 | |||
8844 | commit 88a7c598a94ff53f76df228eeaae238d2d467565 | ||
8845 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8846 | Date: Mon Apr 27 21:42:48 2015 +0000 | ||
8847 | |||
8848 | upstream commit | ||
8849 | |||
8850 | Make sshd default to PermitRootLogin=no; ok deraadt@ | ||
8851 | rpe@ | ||
8852 | |||
8853 | commit 734226b4480a6c736096c729fcf6f391400599c7 | ||
8854 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8855 | Date: Mon Apr 27 01:52:30 2015 +0000 | ||
8856 | |||
8857 | upstream commit | ||
8858 | |||
8859 | fix compilation with OPENSSL=no; ok dtucker@ | ||
8860 | |||
8861 | commit a4b9d2ce1eb7703eaf0809b0c8a82ded8aa4f1c6 | ||
8862 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8863 | Date: Mon Apr 27 00:37:53 2015 +0000 | ||
8864 | |||
8865 | upstream commit | ||
8866 | |||
8867 | Include stdio.h for FILE (used in sshkey.h) so it | ||
8868 | compiles with OPENSSL=no. | ||
8869 | |||
8870 | commit dbcc652f4ca11fe04e5930c7ef18a219318c6cda | ||
8871 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8872 | Date: Mon Apr 27 00:21:21 2015 +0000 | ||
8873 | |||
8874 | upstream commit | ||
8875 | |||
8876 | allow "sshd -f none" to skip reading the config file, | ||
8877 | much like "ssh -F none" does. ok dtucker | ||
8878 | |||
8879 | commit b7ca276fca316c952f0b90f5adb1448c8481eedc | ||
8880 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8881 | Date: Fri Apr 24 06:26:49 2015 +0000 | ||
8882 | |||
8883 | upstream commit | ||
8884 | |||
8885 | combine -Dd onto one line and update usage(); | ||
8886 | |||
8887 | commit 2ea974630d7017e4c7666d14d9dc939707613e96 | ||
8888 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8889 | Date: Fri Apr 24 05:26:44 2015 +0000 | ||
8890 | |||
8891 | upstream commit | ||
8892 | |||
8893 | add ssh-agent -D to leave ssh-agent in foreground | ||
8894 | without enabling debug mode; bz#2381 ok dtucker@ | ||
8895 | |||
8896 | commit 8ac2ffd7aa06042f6b924c87139f2fea5c5682f7 | ||
8897 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
8898 | Date: Fri Apr 24 01:36:24 2015 +0000 | ||
8899 | |||
8900 | upstream commit | ||
8901 | |||
8902 | 2*len -> use xreallocarray() ok djm | ||
8903 | |||
8904 | commit 657a5fbc0d0aff309079ff8fb386f17e964963c2 | ||
8905 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
8906 | Date: Fri Apr 24 01:36:00 2015 +0000 | ||
8907 | |||
8908 | upstream commit | ||
8909 | |||
8910 | rename xrealloc() to xreallocarray() since it follows | ||
8911 | that form. ok djm | ||
8912 | |||
8913 | commit 1108ae242fdd2c304307b68ddf46aebe43ebffaa | ||
8914 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8915 | Date: Thu Apr 23 04:59:10 2015 +0000 | ||
8916 | |||
8917 | upstream commit | ||
8918 | |||
8919 | Two small fixes for sshd -T: ListenAddress'es are added | ||
8920 | to a list head so reverse the order when printing them to ensure the | ||
8921 | behaviour remains the same, and print StreamLocalBindMask as octal with | ||
8922 | leading zero. ok deraadt@ | ||
8923 | |||
8924 | commit bd902b8473e1168f19378d5d0ae68d0c203525df | ||
8925 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8926 | Date: Thu Apr 23 04:53:53 2015 +0000 | ||
8927 | |||
8928 | upstream commit | ||
8929 | |||
8930 | Check for and reject missing arguments for | ||
8931 | VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com, | ||
8932 | ok djm@ | ||
8933 | |||
8934 | commit ca42c1758575e592239de1d5755140e054b91a0d | ||
8935 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8936 | Date: Wed Apr 22 01:24:01 2015 +0000 | ||
8937 | |||
8938 | upstream commit | ||
8939 | |||
8940 | unknown certificate extensions are non-fatal, so don't | ||
8941 | fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok | ||
8942 | dtucker@ | ||
8943 | |||
8944 | commit 39bfbf7caad231cc4bda6909fb1af0705bca04d8 | ||
8945 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
8946 | Date: Tue Apr 21 07:01:00 2015 +0000 | ||
8947 | |||
8948 | upstream commit | ||
8949 | |||
8950 | Add back a backslash removed in rev 1.42 so | ||
8951 | KEX_SERVER_ENCRYPT will include aes again. | ||
8952 | |||
8953 | ok deraadt@ | ||
8954 | |||
8955 | commit 6b0d576bb87eca3efd2b309fcfe4edfefc289f9c | ||
8956 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8957 | Date: Fri Apr 17 13:32:09 2015 +0000 | ||
8958 | |||
8959 | upstream commit | ||
8960 | |||
8961 | s/recommended/required/ that private keys be og-r this | ||
8962 | wording change was made a while ago but got accidentally reverted | ||
8963 | |||
8964 | commit 44a8e7ce6f3ab4c2eb1ae49115c210b98e53c4df | ||
8965 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8966 | Date: Fri Apr 17 13:25:52 2015 +0000 | ||
8967 | |||
8968 | upstream commit | ||
8969 | |||
8970 | don't try to cleanup NULL KEX proposals in | ||
8971 | kex_prop_free(); found by Jukka Taimisto and Markus Hietava | ||
8972 | |||
8973 | commit 3038a191872d2882052306098c1810d14835e704 | ||
8974 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8975 | Date: Fri Apr 17 13:19:22 2015 +0000 | ||
8976 | |||
8977 | upstream commit | ||
8978 | |||
8979 | use error/logit/fatal instead of fprintf(stderr, ...) | ||
8980 | and exit(0), fix a few errors that were being printed to stdout instead of | ||
8981 | stderr and a few non-errors that were going to stderr instead of stdout | ||
8982 | bz#2325; ok dtucker | ||
8983 | |||
8984 | commit a58be33cb6cd24441fa7e634db0e5babdd56f07f | ||
8985 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8986 | Date: Fri Apr 17 13:16:48 2015 +0000 | ||
8987 | |||
8988 | upstream commit | ||
8989 | |||
8990 | debug log missing DISPLAY environment when X11 | ||
8991 | forwarding requested; bz#1682 ok dtucker@ | ||
8992 | |||
8993 | commit 17d4d9d9fbc8fb80e322f94d95eecc604588a474 | ||
8994 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8995 | Date: Fri Apr 17 04:32:31 2015 +0000 | ||
8996 | |||
8997 | upstream commit | ||
8998 | |||
8999 | don't call record_login() in monitor when UseLogin is | ||
9000 | enabled; bz#278 reported by drk AT sgi.com; ok dtucker | ||
9001 | |||
9002 | commit 40132ff87b6cbc3dc05fb5df2e9d8e3afa06aafd | ||
9003 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9004 | Date: Fri Apr 17 04:12:35 2015 +0000 | ||
9005 | |||
9006 | upstream commit | ||
9007 | |||
9008 | Add some missing options to sshd -T and fix the output | ||
9009 | of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat | ||
9010 | com, ok djm. | ||
9011 | |||
9012 | commit 6cc7cfa936afde2d829e56ee6528c7ea47a42441 | ||
9013 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9014 | Date: Thu Apr 16 23:25:50 2015 +0000 | ||
9015 | |||
9016 | upstream commit | ||
9017 | |||
9018 | Document "none" for PidFile XAuthLocation | ||
9019 | TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@ | ||
9020 | |||
9021 | commit 15fdfc9b1c6808b26bc54d4d61a38b54541763ed | ||
9022 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9023 | Date: Wed Apr 15 23:23:25 2015 +0000 | ||
9024 | |||
9025 | upstream commit | ||
9026 | |||
9027 | Plug leak of address passed to logging. bz#2373, patch | ||
9028 | from jjelen at redhat, ok markus@ | ||
9029 | |||
9030 | commit bb2289e2a47d465eaaaeff3dee2a6b7777b4c291 | ||
9031 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9032 | Date: Tue Apr 14 04:17:03 2015 +0000 | ||
9033 | |||
9034 | upstream commit | ||
9035 | |||
9036 | Output remote username in debug output since with Host | ||
9037 | and Match it's not always obvious what it will be. bz#2368, ok djm@ | ||
9038 | |||
9039 | commit 70860b6d07461906730632f9758ff1b7c98c695a | ||
9040 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9041 | Date: Fri Apr 17 10:56:13 2015 +1000 | ||
9042 | |||
9043 | Format UsePAM setting when using sshd -T. | ||
9044 | |||
9045 | Part of bz#2346, patch from jjelen at redhat com. | ||
9046 | |||
9047 | commit ee15d9c9f0720f5a8b0b34e4b10ecf21f9824814 | ||
9048 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9049 | Date: Fri Apr 17 10:40:23 2015 +1000 | ||
9050 | |||
9051 | Wrap endian.h include inside ifdef (bz#2370). | ||
9052 | |||
9053 | commit 408f4c2ad4a4c41baa7b9b2b7423d875abbfa70b | ||
9054 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9055 | Date: Fri Apr 17 09:39:58 2015 +1000 | ||
9056 | |||
9057 | Look for '${host}-ar' before 'ar'. | ||
9058 | |||
9059 | This changes configure.ac to look for '${host}-ar' as set by | ||
9060 | AC_CANONICAL_HOST before looking for the unprefixed 'ar'. | ||
9061 | Useful when cross-compiling when all your binutils are prefixed. | ||
9062 | |||
9063 | Patch from moben at exherbo org via astrand at lysator liu se and | ||
9064 | bz#2352. | ||
9065 | |||
9066 | commit 673a1c16ad078d41558247ce739fe812c960acc8 | ||
9067 | Author: Damien Miller <djm@google.com> | ||
9068 | Date: Thu Apr 16 11:40:20 2015 +1000 | ||
9069 | |||
9070 | remove dependency on arpa/telnet.h | ||
9071 | |||
9072 | commit 202d443eeda1829d336595a3cfc07827e49f45ed | ||
9073 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9074 | Date: Wed Apr 15 15:59:49 2015 +1000 | ||
9075 | |||
9076 | Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits. | ||
9077 | |||
9078 | commit 597986493412c499f2bc2209420cb195f97b3668 | ||
9079 | Author: Damien Miller <djm@google.com> | ||
9080 | Date: Thu Apr 9 10:14:48 2015 +1000 | ||
9081 | |||
9082 | platform's with openpty don't need pty_release | ||
9083 | |||
9084 | commit 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0 | ||
9085 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9086 | Date: Mon Apr 13 02:04:08 2015 +0000 | ||
9087 | |||
9088 | upstream commit | ||
9089 | |||
9090 | deprecate ancient, pre-RFC4419 and undocumented | ||
9091 | SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems | ||
9092 | reasonable" dtucker@ | ||
9093 | |||
9094 | commit d8f391caef62378463a0e6b36f940170dadfe605 | ||
9095 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9096 | Date: Fri Apr 10 05:16:50 2015 +0000 | ||
9097 | |||
9098 | upstream commit | ||
9099 | |||
9100 | Don't send hostkey advertisments | ||
9101 | (hostkeys-00@openssh.com) to current versions of Tera Term as they can't | ||
9102 | handle them. Newer versions should be OK. Patch from Bryan Drewery and | ||
9103 | IWAMOTO Kouichi, ok djm@ | ||
9104 | |||
9105 | commit 2c2cfe1a1c97eb9a08cc9817fd0678209680c636 | ||
9106 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9107 | Date: Fri Apr 10 00:08:55 2015 +0000 | ||
9108 | |||
9109 | upstream commit | ||
9110 | |||
9111 | include port number if a non-default one has been | ||
9112 | specified; based on patch from Michael Handler | ||
9113 | |||
9114 | commit 4492a4f222da4cf1e8eab12689196322e27b08c4 | ||
9115 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9116 | Date: Tue Apr 7 23:00:42 2015 +0000 | ||
9117 | |||
9118 | upstream commit | ||
9119 | |||
9120 | treat Protocol=1,2|2,1 as Protocol=2 when compiled | ||
9121 | without SSH1 support; ok dtucker@ millert@ | ||
9122 | |||
9123 | commit c265e2e6e932efc6d86f6cc885dea33637a67564 | ||
9124 | Author: miod@openbsd.org <miod@openbsd.org> | ||
9125 | Date: Sun Apr 5 15:43:43 2015 +0000 | ||
9126 | |||
9127 | upstream commit | ||
9128 | |||
9129 | Do not use int for sig_atomic_t; spotted by | ||
9130 | christos@netbsd; ok markus@ | ||
9131 | |||
9132 | commit e7bf3a5eda6a1b02bef6096fed78527ee11e54cc | ||
9133 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9134 | Date: Tue Apr 7 10:48:04 2015 +1000 | ||
9135 | |||
9136 | Use do{}while(0) for no-op functions. | ||
9137 | |||
9138 | From FreeBSD. | ||
9139 | |||
9140 | commit bb99844abae2b6447272f79e7fa84134802eb4df | ||
9141 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9142 | Date: Tue Apr 7 10:47:15 2015 +1000 | ||
9143 | |||
9144 | Wrap blf.h include in ifdef. From FreeBSD. | ||
9145 | |||
9146 | commit d9b9b43656091cf0ad55c122f08fadb07dad0abd | ||
9147 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9148 | Date: Tue Apr 7 09:10:00 2015 +1000 | ||
9149 | |||
9150 | Fix misspellings of regress CONFOPTS env variables. | ||
9151 | |||
9152 | Patch from Bryan Drewery. | ||
9153 | |||
9154 | commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156 | ||
9155 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9156 | Date: Fri Apr 3 22:17:27 2015 +0000 | ||
9157 | |||
9158 | upstream commit | ||
9159 | |||
9160 | correct return value in pubkey parsing, spotted by Ben Hawkes | ||
9161 | ok markus@ | ||
9162 | |||
9163 | commit 7da2be0cb9601ed25460c83aa4d44052b967ba0f | ||
9164 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9165 | Date: Tue Mar 31 22:59:01 2015 +0000 | ||
9166 | |||
9167 | upstream commit | ||
9168 | |||
9169 | adapt to recent hostfile.c change: when parsing | ||
9170 | known_hosts without fully parsing the keys therein, hostkeys_foreach() will | ||
9171 | now correctly identify KEY_RSA1 keys; ok markus@ miod@ | ||
9172 | |||
9173 | commit 9e1777a0d1c706714b055811c12ab8cc21033e4a | ||
9174 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9175 | Date: Tue Mar 24 20:19:15 2015 +0000 | ||
9176 | |||
9177 | upstream commit | ||
9178 | |||
9179 | use ${SSH} for -Q instead of installed ssh | ||
9180 | |||
9181 | commit ce1b358ea414a2cc88e4430cd5a2ea7fecd9de57 | ||
9182 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9183 | Date: Mon Mar 16 22:46:14 2015 +0000 | ||
9184 | |||
9185 | upstream commit | ||
9186 | |||
9187 | make CLEANFILES clean up more of the tests' droppings | ||
9188 | |||
9189 | commit 398f9ef192d820b67beba01ec234d66faca65775 | ||
9190 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9191 | Date: Tue Mar 31 22:57:06 2015 +0000 | ||
9192 | |||
9193 | upstream commit | ||
9194 | |||
9195 | downgrade error() for known_hosts parse errors to debug() | ||
9196 | to quiet warnings from ssh1 keys present when compiled !ssh1. | ||
9197 | |||
9198 | also identify ssh1 keys when scanning, even when compiled !ssh1 | ||
9199 | |||
9200 | ok markus@ miod@ | ||
9201 | |||
9202 | commit 9a47ab80030a31f2d122b8fd95bd48c408b9fcd9 | ||
9203 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9204 | Date: Tue Mar 31 22:55:50 2015 +0000 | ||
9205 | |||
9206 | upstream commit | ||
9207 | |||
9208 | fd leak for !ssh1 case; found by unittests; ok markus@ | ||
9209 | |||
9210 | commit c9a0805a6280681901c270755a7cd630d7c5280e | ||
9211 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9212 | Date: Tue Mar 31 22:55:24 2015 +0000 | ||
9213 | |||
9214 | upstream commit | ||
9215 | |||
9216 | don't fatal when a !ssh1 sshd is reexeced from a w/ssh1 | ||
9217 | listener; reported by miod@; ok miod@ markus@ | ||
9218 | |||
9219 | commit 704d8c88988cae38fb755a6243b119731d223222 | ||
9220 | Author: tobias@openbsd.org <tobias@openbsd.org> | ||
9221 | Date: Tue Mar 31 11:06:49 2015 +0000 | ||
9222 | |||
9223 | upstream commit | ||
9224 | |||
9225 | Comments are only supported for RSA1 keys. If a user | ||
9226 | tried to add one and entered his passphrase, explicitly clear it before exit. | ||
9227 | This is done in all other error paths, too. | ||
9228 | |||
9229 | ok djm | ||
9230 | |||
9231 | commit 78de1673c05ea2c33e0d4a4b64ecb5186b6ea2e9 | ||
9232 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9233 | Date: Mon Mar 30 18:28:37 2015 +0000 | ||
9234 | |||
9235 | upstream commit | ||
9236 | |||
9237 | ssh-askpass(1) is the default, overridden by SSH_ASKPASS; | ||
9238 | diff originally from jiri b; | ||
9239 | |||
9240 | commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00 | ||
9241 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9242 | Date: Mon Mar 30 00:00:29 2015 +0000 | ||
9243 | |||
9244 | upstream commit | ||
9245 | |||
9246 | fix uninitialised memory read when parsing a config file | ||
9247 | consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok | ||
9248 | dtucker | ||
9249 | |||
9250 | commit fecede00a76fbb33a349f5121c0b2f9fbc04a777 | ||
9251 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9252 | Date: Thu Mar 26 19:32:19 2015 +0000 | ||
9253 | |||
9254 | upstream commit | ||
9255 | |||
9256 | sigp and lenp are not optional in ssh_agent_sign(); ok | ||
9257 | djm@ | ||
9258 | |||
9259 | commit 1b0ef3813244c78669e6d4d54c624f600945327d | ||
9260 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9261 | Date: Thu Mar 26 12:32:38 2015 +0000 | ||
9262 | |||
9263 | upstream commit | ||
9264 | |||
9265 | don't try to load .ssh/identity by default if SSH1 is | ||
9266 | disabled; ok markus@ | ||
9267 | |||
9268 | commit f9b78852379b74a2d14e6fc94fe52af30b7e9c31 | ||
9269 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9270 | Date: Thu Mar 26 07:00:04 2015 +0000 | ||
9271 | |||
9272 | upstream commit | ||
9273 | |||
9274 | ban all-zero curve25519 keys as recommended by latest | ||
9275 | CFRG curves draft; ok markus | ||
9276 | |||
9277 | commit b8afbe2c1aaf573565e4da775261dfafc8b1ba9c | ||
9278 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9279 | Date: Thu Mar 26 06:59:28 2015 +0000 | ||
9280 | |||
9281 | upstream commit | ||
9282 | |||
9283 | relax bits needed check to allow | ||
9284 | diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was | ||
9285 | selected as symmetric cipher; ok markus | ||
9286 | |||
9287 | commit 47842f71e31da130555353c1d57a1e5a8937f1c0 | ||
9288 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9289 | Date: Wed Mar 25 19:29:58 2015 +0000 | ||
9290 | |||
9291 | upstream commit | ||
9292 | |||
9293 | ignore v1 errors on ssh-add -D; only try v2 keys on | ||
9294 | -l/-L (unless WITH_SSH1) ok djm@ | ||
9295 | |||
9296 | commit 5f57e77f91bf2230c09eca96eb5ecec39e5f2da6 | ||
9297 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9298 | Date: Wed Mar 25 19:21:48 2015 +0000 | ||
9299 | |||
9300 | upstream commit | ||
9301 | |||
9302 | unbreak ssh_agent_sign (lenp vs *lenp) | ||
9303 | |||
9304 | commit 4daeb67181054f2a377677fac919ee8f9ed3490e | ||
9305 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9306 | Date: Tue Mar 24 20:10:08 2015 +0000 | ||
9307 | |||
9308 | upstream commit | ||
9309 | |||
9310 | don't leak 'setp' on error; noted by Nicholas Lemonias; | ||
9311 | ok djm@ | ||
9312 | |||
9313 | commit 7d4f96f9de2a18af0d9fa75ea89a4990de0344f5 | ||
9314 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9315 | Date: Tue Mar 24 20:09:11 2015 +0000 | ||
9316 | |||
9317 | upstream commit | ||
9318 | |||
9319 | consistent check for NULL as noted by Nicholas | ||
9320 | Lemonias; ok djm@ | ||
9321 | |||
9322 | commit df100be51354e447d9345cf1ec22e6013c0eed50 | ||
9323 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9324 | Date: Tue Mar 24 20:03:44 2015 +0000 | ||
9325 | |||
9326 | upstream commit | ||
9327 | |||
9328 | correct fmt-string for size_t as noted by Nicholas | ||
9329 | Lemonias; ok djm@ | ||
9330 | |||
9331 | commit a22b9ef21285e81775732436f7c84a27bd3f71e0 | ||
9332 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9333 | Date: Tue Mar 24 09:17:21 2015 +0000 | ||
9334 | |||
9335 | upstream commit | ||
9336 | |||
9337 | promote chacha20-poly1305@openssh.com to be the default | ||
9338 | cipher; ok markus | ||
9339 | |||
9340 | commit 2aa9da1a3b360cf7b13e96fe1521534b91501fb5 | ||
9341 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9342 | Date: Tue Mar 24 01:29:19 2015 +0000 | ||
9343 | |||
9344 | upstream commit | ||
9345 | |||
9346 | Compile-time disable SSH protocol 1. You can turn it | ||
9347 | back on using the Makefile.inc knob if you need it to talk to ancient | ||
9348 | devices. | ||
9349 | |||
9350 | commit 53097b2022154edf96b4e8526af5666f979503f7 | ||
9351 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9352 | Date: Tue Mar 24 01:11:12 2015 +0000 | ||
9353 | |||
9354 | upstream commit | ||
9355 | |||
9356 | fix double-negative error message "ssh1 is not | ||
9357 | unsupported" | ||
9358 | |||
9359 | commit 5c27e3b6ec2db711dfcd40e6359c0bcdd0b62ea9 | ||
9360 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9361 | Date: Mon Mar 23 06:06:38 2015 +0000 | ||
9362 | |||
9363 | upstream commit | ||
9364 | |||
9365 | for ssh-keygen -A, don't try (and fail) to generate ssh | ||
9366 | v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled | ||
9367 | without OpenSSL based on patch by Mike Frysinger; bz#2369 | ||
9368 | |||
9369 | commit 725fd22a8c41db7de73a638539a5157b7e4424ae | ||
9370 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9371 | Date: Wed Mar 18 01:44:21 2015 +0000 | ||
9372 | |||
9373 | upstream commit | ||
9374 | |||
9375 | KRL support doesn't need OpenSSL anymore, remove #ifdefs | ||
9376 | from around call | ||
9377 | |||
9378 | commit b07011c18e0b2e172c5fd09d21fb159a0bf5fcc7 | ||
9379 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9380 | Date: Mon Mar 16 11:09:52 2015 +0000 | ||
9381 | |||
9382 | upstream commit | ||
9383 | |||
9384 | #if 0 some more arrays used only for decrypting (we don't | ||
9385 | use since we only need encrypt for AES-CTR) | ||
9386 | |||
9387 | commit 1cb3016635898d287e9d58b50c430995652d5358 | ||
9388 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
9389 | Date: Wed Mar 11 00:48:39 2015 +0000 | ||
9390 | |||
9391 | upstream commit | ||
9392 | |||
9393 | add back the changes from rev 1.206, djm reverted this by | ||
9394 | mistake in rev 1.207 | ||
diff --git a/config.h.in b/config.h.in new file mode 100644 index 000000000..b65420e4a --- /dev/null +++ b/config.h.in | |||
@@ -0,0 +1,1770 @@ | |||
1 | /* config.h.in. Generated from configure.ac by autoheader. */ | ||
2 | |||
3 | /* Define if building universal (internal helper macro) */ | ||
4 | #undef AC_APPLE_UNIVERSAL_BUILD | ||
5 | |||
6 | /* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address | ||
7 | */ | ||
8 | #undef AIX_GETNAMEINFO_HACK | ||
9 | |||
10 | /* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ | ||
11 | #undef AIX_LOGINFAILED_4ARG | ||
12 | |||
13 | /* System only supports IPv4 audit records */ | ||
14 | #undef AU_IPv4 | ||
15 | |||
16 | /* Define if your resolver libs need this for getrrsetbyname */ | ||
17 | #undef BIND_8_COMPAT | ||
18 | |||
19 | /* The system has incomplete BSM API */ | ||
20 | #undef BROKEN_BSM_API | ||
21 | |||
22 | /* Define if cmsg_type is not passed correctly */ | ||
23 | #undef BROKEN_CMSG_TYPE | ||
24 | |||
25 | /* getaddrinfo is broken (if present) */ | ||
26 | #undef BROKEN_GETADDRINFO | ||
27 | |||
28 | /* getgroups(0,NULL) will return -1 */ | ||
29 | #undef BROKEN_GETGROUPS | ||
30 | |||
31 | /* FreeBSD glob does not do what we need */ | ||
32 | #undef BROKEN_GLOB | ||
33 | |||
34 | /* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ | ||
35 | #undef BROKEN_INET_NTOA | ||
36 | |||
37 | /* ia_uinfo routines not supported by OS yet */ | ||
38 | #undef BROKEN_LIBIAF | ||
39 | |||
40 | /* Define if your struct dirent expects you to allocate extra space for d_name | ||
41 | */ | ||
42 | #undef BROKEN_ONE_BYTE_DIRENT_D_NAME | ||
43 | |||
44 | /* Can't do comparisons on readv */ | ||
45 | #undef BROKEN_READV_COMPARISON | ||
46 | |||
47 | /* NetBSD read function is sometimes redirected, breaking atomicio comparisons | ||
48 | against it */ | ||
49 | #undef BROKEN_READ_COMPARISON | ||
50 | |||
51 | /* realpath does not work with nonexistent files */ | ||
52 | #undef BROKEN_REALPATH | ||
53 | |||
54 | /* Needed for NeXT */ | ||
55 | #undef BROKEN_SAVED_UIDS | ||
56 | |||
57 | /* Define if your setregid() is broken */ | ||
58 | #undef BROKEN_SETREGID | ||
59 | |||
60 | /* Define if your setresgid() is broken */ | ||
61 | #undef BROKEN_SETRESGID | ||
62 | |||
63 | /* Define if your setresuid() is broken */ | ||
64 | #undef BROKEN_SETRESUID | ||
65 | |||
66 | /* Define if your setreuid() is broken */ | ||
67 | #undef BROKEN_SETREUID | ||
68 | |||
69 | /* LynxOS has broken setvbuf() implementation */ | ||
70 | #undef BROKEN_SETVBUF | ||
71 | |||
72 | /* QNX shadow support is broken */ | ||
73 | #undef BROKEN_SHADOW_EXPIRE | ||
74 | |||
75 | /* Define if your snprintf is busted */ | ||
76 | #undef BROKEN_SNPRINTF | ||
77 | |||
78 | /* strnvis detected broken */ | ||
79 | #undef BROKEN_STRNVIS | ||
80 | |||
81 | /* tcgetattr with ICANON may hang */ | ||
82 | #undef BROKEN_TCGETATTR_ICANON | ||
83 | |||
84 | /* updwtmpx is broken (if present) */ | ||
85 | #undef BROKEN_UPDWTMPX | ||
86 | |||
87 | /* Define if you have BSD auth support */ | ||
88 | #undef BSD_AUTH | ||
89 | |||
90 | /* Define if you want to specify the path to your lastlog file */ | ||
91 | #undef CONF_LASTLOG_FILE | ||
92 | |||
93 | /* Define if you want to specify the path to your utmp file */ | ||
94 | #undef CONF_UTMP_FILE | ||
95 | |||
96 | /* Define if you want to specify the path to your wtmpx file */ | ||
97 | #undef CONF_WTMPX_FILE | ||
98 | |||
99 | /* Define if you want to specify the path to your wtmp file */ | ||
100 | #undef CONF_WTMP_FILE | ||
101 | |||
102 | /* Define if your platform needs to skip post auth file descriptor passing */ | ||
103 | #undef DISABLE_FD_PASSING | ||
104 | |||
105 | /* Define if you don't want to use lastlog */ | ||
106 | #undef DISABLE_LASTLOG | ||
107 | |||
108 | /* Define if you don't want to use your system's login() call */ | ||
109 | #undef DISABLE_LOGIN | ||
110 | |||
111 | /* Define if you don't want to use pututline() etc. to write [uw]tmp */ | ||
112 | #undef DISABLE_PUTUTLINE | ||
113 | |||
114 | /* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ | ||
115 | #undef DISABLE_PUTUTXLINE | ||
116 | |||
117 | /* Define if you want to disable shadow passwords */ | ||
118 | #undef DISABLE_SHADOW | ||
119 | |||
120 | /* Define if you don't want to use utmp */ | ||
121 | #undef DISABLE_UTMP | ||
122 | |||
123 | /* Define if you don't want to use utmpx */ | ||
124 | #undef DISABLE_UTMPX | ||
125 | |||
126 | /* Define if you don't want to use wtmp */ | ||
127 | #undef DISABLE_WTMP | ||
128 | |||
129 | /* Define if you don't want to use wtmpx */ | ||
130 | #undef DISABLE_WTMPX | ||
131 | |||
132 | /* Enable for PKCS#11 support */ | ||
133 | #undef ENABLE_PKCS11 | ||
134 | |||
135 | /* File names may not contain backslash characters */ | ||
136 | #undef FILESYSTEM_NO_BACKSLASH | ||
137 | |||
138 | /* fsid_t has member val */ | ||
139 | #undef FSID_HAS_VAL | ||
140 | |||
141 | /* fsid_t has member __val */ | ||
142 | #undef FSID_HAS___VAL | ||
143 | |||
144 | /* Define to 1 if the `getpgrp' function requires zero arguments. */ | ||
145 | #undef GETPGRP_VOID | ||
146 | |||
147 | /* Conflicting defs for getspnam */ | ||
148 | #undef GETSPNAM_CONFLICTING_DEFS | ||
149 | |||
150 | /* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ | ||
151 | #undef GLOB_HAS_ALTDIRFUNC | ||
152 | |||
153 | /* Define if your system glob() function has gl_matchc options in glob_t */ | ||
154 | #undef GLOB_HAS_GL_MATCHC | ||
155 | |||
156 | /* Define if your system glob() function has gl_statv options in glob_t */ | ||
157 | #undef GLOB_HAS_GL_STATV | ||
158 | |||
159 | /* Define this if you want GSSAPI support in the version 2 protocol */ | ||
160 | #undef GSSAPI | ||
161 | |||
162 | /* Define if you want to use shadow password expire field */ | ||
163 | #undef HAS_SHADOW_EXPIRE | ||
164 | |||
165 | /* Define if your system uses access rights style file descriptor passing */ | ||
166 | #undef HAVE_ACCRIGHTS_IN_MSGHDR | ||
167 | |||
168 | /* Define if you have ut_addr in utmp.h */ | ||
169 | #undef HAVE_ADDR_IN_UTMP | ||
170 | |||
171 | /* Define if you have ut_addr in utmpx.h */ | ||
172 | #undef HAVE_ADDR_IN_UTMPX | ||
173 | |||
174 | /* Define if you have ut_addr_v6 in utmp.h */ | ||
175 | #undef HAVE_ADDR_V6_IN_UTMP | ||
176 | |||
177 | /* Define if you have ut_addr_v6 in utmpx.h */ | ||
178 | #undef HAVE_ADDR_V6_IN_UTMPX | ||
179 | |||
180 | /* Define to 1 if you have the `arc4random' function. */ | ||
181 | #undef HAVE_ARC4RANDOM | ||
182 | |||
183 | /* Define to 1 if you have the `arc4random_buf' function. */ | ||
184 | #undef HAVE_ARC4RANDOM_BUF | ||
185 | |||
186 | /* Define to 1 if you have the `arc4random_stir' function. */ | ||
187 | #undef HAVE_ARC4RANDOM_STIR | ||
188 | |||
189 | /* Define to 1 if you have the `arc4random_uniform' function. */ | ||
190 | #undef HAVE_ARC4RANDOM_UNIFORM | ||
191 | |||
192 | /* Define to 1 if you have the `asprintf' function. */ | ||
193 | #undef HAVE_ASPRINTF | ||
194 | |||
195 | /* OpenBSD's gcc has bounded */ | ||
196 | #undef HAVE_ATTRIBUTE__BOUNDED__ | ||
197 | |||
198 | /* Have attribute nonnull */ | ||
199 | #undef HAVE_ATTRIBUTE__NONNULL__ | ||
200 | |||
201 | /* OpenBSD's gcc has sentinel */ | ||
202 | #undef HAVE_ATTRIBUTE__SENTINEL__ | ||
203 | |||
204 | /* Define to 1 if you have the `aug_get_machine' function. */ | ||
205 | #undef HAVE_AUG_GET_MACHINE | ||
206 | |||
207 | /* Define to 1 if you have the `b64_ntop' function. */ | ||
208 | #undef HAVE_B64_NTOP | ||
209 | |||
210 | /* Define to 1 if you have the `b64_pton' function. */ | ||
211 | #undef HAVE_B64_PTON | ||
212 | |||
213 | /* Define if you have the basename function. */ | ||
214 | #undef HAVE_BASENAME | ||
215 | |||
216 | /* Define to 1 if you have the `bcopy' function. */ | ||
217 | #undef HAVE_BCOPY | ||
218 | |||
219 | /* Define to 1 if you have the `bcrypt_pbkdf' function. */ | ||
220 | #undef HAVE_BCRYPT_PBKDF | ||
221 | |||
222 | /* Define to 1 if you have the `bindresvport_sa' function. */ | ||
223 | #undef HAVE_BINDRESVPORT_SA | ||
224 | |||
225 | /* Define to 1 if you have the `blf_enc' function. */ | ||
226 | #undef HAVE_BLF_ENC | ||
227 | |||
228 | /* Define to 1 if you have the <blf.h> header file. */ | ||
229 | #undef HAVE_BLF_H | ||
230 | |||
231 | /* Define to 1 if you have the `Blowfish_expand0state' function. */ | ||
232 | #undef HAVE_BLOWFISH_EXPAND0STATE | ||
233 | |||
234 | /* Define to 1 if you have the `Blowfish_expandstate' function. */ | ||
235 | #undef HAVE_BLOWFISH_EXPANDSTATE | ||
236 | |||
237 | /* Define to 1 if you have the `Blowfish_initstate' function. */ | ||
238 | #undef HAVE_BLOWFISH_INITSTATE | ||
239 | |||
240 | /* Define to 1 if you have the `Blowfish_stream2word' function. */ | ||
241 | #undef HAVE_BLOWFISH_STREAM2WORD | ||
242 | |||
243 | /* Define to 1 if you have the `BN_is_prime_ex' function. */ | ||
244 | #undef HAVE_BN_IS_PRIME_EX | ||
245 | |||
246 | /* Define to 1 if you have the <bsd/libutil.h> header file. */ | ||
247 | #undef HAVE_BSD_LIBUTIL_H | ||
248 | |||
249 | /* Define to 1 if you have the <bsm/audit.h> header file. */ | ||
250 | #undef HAVE_BSM_AUDIT_H | ||
251 | |||
252 | /* Define to 1 if you have the <bstring.h> header file. */ | ||
253 | #undef HAVE_BSTRING_H | ||
254 | |||
255 | /* Define to 1 if you have the `cap_rights_limit' function. */ | ||
256 | #undef HAVE_CAP_RIGHTS_LIMIT | ||
257 | |||
258 | /* Define to 1 if you have the `clock' function. */ | ||
259 | #undef HAVE_CLOCK | ||
260 | |||
261 | /* Have clock_gettime */ | ||
262 | #undef HAVE_CLOCK_GETTIME | ||
263 | |||
264 | /* define if you have clock_t data type */ | ||
265 | #undef HAVE_CLOCK_T | ||
266 | |||
267 | /* Define to 1 if you have the `closefrom' function. */ | ||
268 | #undef HAVE_CLOSEFROM | ||
269 | |||
270 | /* Define if gai_strerror() returns const char * */ | ||
271 | #undef HAVE_CONST_GAI_STRERROR_PROTO | ||
272 | |||
273 | /* Define if your system uses ancillary data style file descriptor passing */ | ||
274 | #undef HAVE_CONTROL_IN_MSGHDR | ||
275 | |||
276 | /* Define to 1 if you have the `crypt' function. */ | ||
277 | #undef HAVE_CRYPT | ||
278 | |||
279 | /* Define to 1 if you have the <crypto/sha2.h> header file. */ | ||
280 | #undef HAVE_CRYPTO_SHA2_H | ||
281 | |||
282 | /* Define to 1 if you have the <crypt.h> header file. */ | ||
283 | #undef HAVE_CRYPT_H | ||
284 | |||
285 | /* Define if you are on Cygwin */ | ||
286 | #undef HAVE_CYGWIN | ||
287 | |||
288 | /* Define if your libraries define daemon() */ | ||
289 | #undef HAVE_DAEMON | ||
290 | |||
291 | /* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if | ||
292 | you don't. */ | ||
293 | #undef HAVE_DECL_AI_NUMERICSERV | ||
294 | |||
295 | /* Define to 1 if you have the declaration of `authenticate', and to 0 if you | ||
296 | don't. */ | ||
297 | #undef HAVE_DECL_AUTHENTICATE | ||
298 | |||
299 | /* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you | ||
300 | don't. */ | ||
301 | #undef HAVE_DECL_GLOB_NOMATCH | ||
302 | |||
303 | /* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', | ||
304 | and to 0 if you don't. */ | ||
305 | #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE | ||
306 | |||
307 | /* Define to 1 if you have the declaration of `howmany', and to 0 if you | ||
308 | don't. */ | ||
309 | #undef HAVE_DECL_HOWMANY | ||
310 | |||
311 | /* Define to 1 if you have the declaration of `h_errno', and to 0 if you | ||
312 | don't. */ | ||
313 | #undef HAVE_DECL_H_ERRNO | ||
314 | |||
315 | /* Define to 1 if you have the declaration of `loginfailed', and to 0 if you | ||
316 | don't. */ | ||
317 | #undef HAVE_DECL_LOGINFAILED | ||
318 | |||
319 | /* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if | ||
320 | you don't. */ | ||
321 | #undef HAVE_DECL_LOGINRESTRICTIONS | ||
322 | |||
323 | /* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you | ||
324 | don't. */ | ||
325 | #undef HAVE_DECL_LOGINSUCCESS | ||
326 | |||
327 | /* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you | ||
328 | don't. */ | ||
329 | #undef HAVE_DECL_MAXSYMLINKS | ||
330 | |||
331 | /* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you | ||
332 | don't. */ | ||
333 | #undef HAVE_DECL_NFDBITS | ||
334 | |||
335 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you | ||
336 | don't. */ | ||
337 | #undef HAVE_DECL_OFFSETOF | ||
338 | |||
339 | /* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you | ||
340 | don't. */ | ||
341 | #undef HAVE_DECL_O_NONBLOCK | ||
342 | |||
343 | /* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you | ||
344 | don't. */ | ||
345 | #undef HAVE_DECL_PASSWDEXPIRED | ||
346 | |||
347 | /* Define to 1 if you have the declaration of `setauthdb', and to 0 if you | ||
348 | don't. */ | ||
349 | #undef HAVE_DECL_SETAUTHDB | ||
350 | |||
351 | /* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you | ||
352 | don't. */ | ||
353 | #undef HAVE_DECL_SHUT_RD | ||
354 | |||
355 | /* Define to 1 if you have the declaration of `writev', and to 0 if you don't. | ||
356 | */ | ||
357 | #undef HAVE_DECL_WRITEV | ||
358 | |||
359 | /* Define to 1 if you have the declaration of `_getlong', and to 0 if you | ||
360 | don't. */ | ||
361 | #undef HAVE_DECL__GETLONG | ||
362 | |||
363 | /* Define to 1 if you have the declaration of `_getshort', and to 0 if you | ||
364 | don't. */ | ||
365 | #undef HAVE_DECL__GETSHORT | ||
366 | |||
367 | /* Define to 1 if you have the `DES_crypt' function. */ | ||
368 | #undef HAVE_DES_CRYPT | ||
369 | |||
370 | /* Define if you have /dev/ptmx */ | ||
371 | #undef HAVE_DEV_PTMX | ||
372 | |||
373 | /* Define if you have /dev/ptc */ | ||
374 | #undef HAVE_DEV_PTS_AND_PTC | ||
375 | |||
376 | /* Define to 1 if you have the <dirent.h> header file. */ | ||
377 | #undef HAVE_DIRENT_H | ||
378 | |||
379 | /* Define to 1 if you have the `dirfd' function. */ | ||
380 | #undef HAVE_DIRFD | ||
381 | |||
382 | /* Define to 1 if you have the `dirname' function. */ | ||
383 | #undef HAVE_DIRNAME | ||
384 | |||
385 | /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ | ||
386 | #undef HAVE_DSA_GENERATE_PARAMETERS_EX | ||
387 | |||
388 | /* Define to 1 if you have the <elf.h> header file. */ | ||
389 | #undef HAVE_ELF_H | ||
390 | |||
391 | /* Define to 1 if you have the `endgrent' function. */ | ||
392 | #undef HAVE_ENDGRENT | ||
393 | |||
394 | /* Define to 1 if you have the <endian.h> header file. */ | ||
395 | #undef HAVE_ENDIAN_H | ||
396 | |||
397 | /* Define to 1 if you have the `endutent' function. */ | ||
398 | #undef HAVE_ENDUTENT | ||
399 | |||
400 | /* Define to 1 if you have the `endutxent' function. */ | ||
401 | #undef HAVE_ENDUTXENT | ||
402 | |||
403 | /* Define to 1 if you have the `err' function. */ | ||
404 | #undef HAVE_ERR | ||
405 | |||
406 | /* Define to 1 if you have the `errx' function. */ | ||
407 | #undef HAVE_ERRX | ||
408 | |||
409 | /* Define to 1 if you have the <err.h> header file. */ | ||
410 | #undef HAVE_ERR_H | ||
411 | |||
412 | /* Define if your system has /etc/default/login */ | ||
413 | #undef HAVE_ETC_DEFAULT_LOGIN | ||
414 | |||
415 | /* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ | ||
416 | #undef HAVE_EVP_CIPHER_CTX_CTRL | ||
417 | |||
418 | /* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ | ||
419 | #undef HAVE_EVP_DIGESTFINAL_EX | ||
420 | |||
421 | /* Define to 1 if you have the `EVP_DigestInit_ex' function. */ | ||
422 | #undef HAVE_EVP_DIGESTINIT_EX | ||
423 | |||
424 | /* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ | ||
425 | #undef HAVE_EVP_MD_CTX_CLEANUP | ||
426 | |||
427 | /* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ | ||
428 | #undef HAVE_EVP_MD_CTX_COPY_EX | ||
429 | |||
430 | /* Define to 1 if you have the `EVP_MD_CTX_init' function. */ | ||
431 | #undef HAVE_EVP_MD_CTX_INIT | ||
432 | |||
433 | /* Define to 1 if you have the `EVP_ripemd160' function. */ | ||
434 | #undef HAVE_EVP_RIPEMD160 | ||
435 | |||
436 | /* Define to 1 if you have the `EVP_sha256' function. */ | ||
437 | #undef HAVE_EVP_SHA256 | ||
438 | |||
439 | /* Define if you have ut_exit in utmp.h */ | ||
440 | #undef HAVE_EXIT_IN_UTMP | ||
441 | |||
442 | /* Define to 1 if you have the `explicit_bzero' function. */ | ||
443 | #undef HAVE_EXPLICIT_BZERO | ||
444 | |||
445 | /* Define to 1 if you have the `fchmod' function. */ | ||
446 | #undef HAVE_FCHMOD | ||
447 | |||
448 | /* Define to 1 if you have the `fchown' function. */ | ||
449 | #undef HAVE_FCHOWN | ||
450 | |||
451 | /* Use F_CLOSEM fcntl for closefrom */ | ||
452 | #undef HAVE_FCNTL_CLOSEM | ||
453 | |||
454 | /* Define to 1 if you have the <fcntl.h> header file. */ | ||
455 | #undef HAVE_FCNTL_H | ||
456 | |||
457 | /* Define to 1 if the system has the type `fd_mask'. */ | ||
458 | #undef HAVE_FD_MASK | ||
459 | |||
460 | /* Define to 1 if you have the <features.h> header file. */ | ||
461 | #undef HAVE_FEATURES_H | ||
462 | |||
463 | /* Define to 1 if you have the <floatingpoint.h> header file. */ | ||
464 | #undef HAVE_FLOATINGPOINT_H | ||
465 | |||
466 | /* Define to 1 if you have the `fmt_scaled' function. */ | ||
467 | #undef HAVE_FMT_SCALED | ||
468 | |||
469 | /* Define to 1 if you have the `freeaddrinfo' function. */ | ||
470 | #undef HAVE_FREEADDRINFO | ||
471 | |||
472 | /* Define to 1 if the system has the type `fsblkcnt_t'. */ | ||
473 | #undef HAVE_FSBLKCNT_T | ||
474 | |||
475 | /* Define to 1 if the system has the type `fsfilcnt_t'. */ | ||
476 | #undef HAVE_FSFILCNT_T | ||
477 | |||
478 | /* Define to 1 if you have the `fstatfs' function. */ | ||
479 | #undef HAVE_FSTATFS | ||
480 | |||
481 | /* Define to 1 if you have the `fstatvfs' function. */ | ||
482 | #undef HAVE_FSTATVFS | ||
483 | |||
484 | /* Define to 1 if you have the `futimes' function. */ | ||
485 | #undef HAVE_FUTIMES | ||
486 | |||
487 | /* Define to 1 if you have the `gai_strerror' function. */ | ||
488 | #undef HAVE_GAI_STRERROR | ||
489 | |||
490 | /* Define to 1 if you have the `getaddrinfo' function. */ | ||
491 | #undef HAVE_GETADDRINFO | ||
492 | |||
493 | /* Define to 1 if you have the `getaudit' function. */ | ||
494 | #undef HAVE_GETAUDIT | ||
495 | |||
496 | /* Define to 1 if you have the `getaudit_addr' function. */ | ||
497 | #undef HAVE_GETAUDIT_ADDR | ||
498 | |||
499 | /* Define to 1 if you have the `getcwd' function. */ | ||
500 | #undef HAVE_GETCWD | ||
501 | |||
502 | /* Define to 1 if you have the `getgrouplist' function. */ | ||
503 | #undef HAVE_GETGROUPLIST | ||
504 | |||
505 | /* Define to 1 if you have the `getgrset' function. */ | ||
506 | #undef HAVE_GETGRSET | ||
507 | |||
508 | /* Define to 1 if you have the `getlastlogxbyname' function. */ | ||
509 | #undef HAVE_GETLASTLOGXBYNAME | ||
510 | |||
511 | /* Define to 1 if you have the `getluid' function. */ | ||
512 | #undef HAVE_GETLUID | ||
513 | |||
514 | /* Define to 1 if you have the `getnameinfo' function. */ | ||
515 | #undef HAVE_GETNAMEINFO | ||
516 | |||
517 | /* Define to 1 if you have the `getopt' function. */ | ||
518 | #undef HAVE_GETOPT | ||
519 | |||
520 | /* Define to 1 if you have the <getopt.h> header file. */ | ||
521 | #undef HAVE_GETOPT_H | ||
522 | |||
523 | /* Define if your getopt(3) defines and uses optreset */ | ||
524 | #undef HAVE_GETOPT_OPTRESET | ||
525 | |||
526 | /* Define if your libraries define getpagesize() */ | ||
527 | #undef HAVE_GETPAGESIZE | ||
528 | |||
529 | /* Define to 1 if you have the `getpeereid' function. */ | ||
530 | #undef HAVE_GETPEEREID | ||
531 | |||
532 | /* Define to 1 if you have the `getpeerucred' function. */ | ||
533 | #undef HAVE_GETPEERUCRED | ||
534 | |||
535 | /* Define to 1 if you have the `getpgid' function. */ | ||
536 | #undef HAVE_GETPGID | ||
537 | |||
538 | /* Define to 1 if you have the `getpgrp' function. */ | ||
539 | #undef HAVE_GETPGRP | ||
540 | |||
541 | /* Define to 1 if you have the `getpwanam' function. */ | ||
542 | #undef HAVE_GETPWANAM | ||
543 | |||
544 | /* Define to 1 if you have the `getrlimit' function. */ | ||
545 | #undef HAVE_GETRLIMIT | ||
546 | |||
547 | /* Define if getrrsetbyname() exists */ | ||
548 | #undef HAVE_GETRRSETBYNAME | ||
549 | |||
550 | /* Define to 1 if you have the `getrusage' function. */ | ||
551 | #undef HAVE_GETRUSAGE | ||
552 | |||
553 | /* Define to 1 if you have the `getseuserbyname' function. */ | ||
554 | #undef HAVE_GETSEUSERBYNAME | ||
555 | |||
556 | /* Define to 1 if you have the `gettimeofday' function. */ | ||
557 | #undef HAVE_GETTIMEOFDAY | ||
558 | |||
559 | /* Define to 1 if you have the `getttyent' function. */ | ||
560 | #undef HAVE_GETTTYENT | ||
561 | |||
562 | /* Define to 1 if you have the `getutent' function. */ | ||
563 | #undef HAVE_GETUTENT | ||
564 | |||
565 | /* Define to 1 if you have the `getutid' function. */ | ||
566 | #undef HAVE_GETUTID | ||
567 | |||
568 | /* Define to 1 if you have the `getutline' function. */ | ||
569 | #undef HAVE_GETUTLINE | ||
570 | |||
571 | /* Define to 1 if you have the `getutxent' function. */ | ||
572 | #undef HAVE_GETUTXENT | ||
573 | |||
574 | /* Define to 1 if you have the `getutxid' function. */ | ||
575 | #undef HAVE_GETUTXID | ||
576 | |||
577 | /* Define to 1 if you have the `getutxline' function. */ | ||
578 | #undef HAVE_GETUTXLINE | ||
579 | |||
580 | /* Define to 1 if you have the `getutxuser' function. */ | ||
581 | #undef HAVE_GETUTXUSER | ||
582 | |||
583 | /* Define to 1 if you have the `get_default_context_with_level' function. */ | ||
584 | #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL | ||
585 | |||
586 | /* Define to 1 if you have the `glob' function. */ | ||
587 | #undef HAVE_GLOB | ||
588 | |||
589 | /* Define to 1 if you have the <glob.h> header file. */ | ||
590 | #undef HAVE_GLOB_H | ||
591 | |||
592 | /* Define to 1 if you have the `group_from_gid' function. */ | ||
593 | #undef HAVE_GROUP_FROM_GID | ||
594 | |||
595 | /* Define to 1 if you have the <gssapi_generic.h> header file. */ | ||
596 | #undef HAVE_GSSAPI_GENERIC_H | ||
597 | |||
598 | /* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */ | ||
599 | #undef HAVE_GSSAPI_GSSAPI_GENERIC_H | ||
600 | |||
601 | /* Define to 1 if you have the <gssapi/gssapi.h> header file. */ | ||
602 | #undef HAVE_GSSAPI_GSSAPI_H | ||
603 | |||
604 | /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ | ||
605 | #undef HAVE_GSSAPI_GSSAPI_KRB5_H | ||
606 | |||
607 | /* Define to 1 if you have the <gssapi.h> header file. */ | ||
608 | #undef HAVE_GSSAPI_H | ||
609 | |||
610 | /* Define to 1 if you have the <gssapi_krb5.h> header file. */ | ||
611 | #undef HAVE_GSSAPI_KRB5_H | ||
612 | |||
613 | /* Define if HEADER.ad exists in arpa/nameser.h */ | ||
614 | #undef HAVE_HEADER_AD | ||
615 | |||
616 | /* Define to 1 if you have the `HMAC_CTX_init' function. */ | ||
617 | #undef HAVE_HMAC_CTX_INIT | ||
618 | |||
619 | /* Define if you have ut_host in utmp.h */ | ||
620 | #undef HAVE_HOST_IN_UTMP | ||
621 | |||
622 | /* Define if you have ut_host in utmpx.h */ | ||
623 | #undef HAVE_HOST_IN_UTMPX | ||
624 | |||
625 | /* Define to 1 if you have the <iaf.h> header file. */ | ||
626 | #undef HAVE_IAF_H | ||
627 | |||
628 | /* Define to 1 if you have the <ia.h> header file. */ | ||
629 | #undef HAVE_IA_H | ||
630 | |||
631 | /* Define if you have ut_id in utmp.h */ | ||
632 | #undef HAVE_ID_IN_UTMP | ||
633 | |||
634 | /* Define if you have ut_id in utmpx.h */ | ||
635 | #undef HAVE_ID_IN_UTMPX | ||
636 | |||
637 | /* Define to 1 if you have the `inet_aton' function. */ | ||
638 | #undef HAVE_INET_ATON | ||
639 | |||
640 | /* Define to 1 if you have the `inet_ntoa' function. */ | ||
641 | #undef HAVE_INET_NTOA | ||
642 | |||
643 | /* Define to 1 if you have the `inet_ntop' function. */ | ||
644 | #undef HAVE_INET_NTOP | ||
645 | |||
646 | /* Define to 1 if you have the `innetgr' function. */ | ||
647 | #undef HAVE_INNETGR | ||
648 | |||
649 | /* define if you have int64_t data type */ | ||
650 | #undef HAVE_INT64_T | ||
651 | |||
652 | /* Define to 1 if the system has the type `intmax_t'. */ | ||
653 | #undef HAVE_INTMAX_T | ||
654 | |||
655 | /* Define to 1 if you have the <inttypes.h> header file. */ | ||
656 | #undef HAVE_INTTYPES_H | ||
657 | |||
658 | /* define if you have intxx_t data type */ | ||
659 | #undef HAVE_INTXX_T | ||
660 | |||
661 | /* Define to 1 if the system has the type `in_addr_t'. */ | ||
662 | #undef HAVE_IN_ADDR_T | ||
663 | |||
664 | /* Define to 1 if the system has the type `in_port_t'. */ | ||
665 | #undef HAVE_IN_PORT_T | ||
666 | |||
667 | /* Define if you have isblank(3C). */ | ||
668 | #undef HAVE_ISBLANK | ||
669 | |||
670 | /* Define to 1 if you have the `krb5_cc_new_unique' function. */ | ||
671 | #undef HAVE_KRB5_CC_NEW_UNIQUE | ||
672 | |||
673 | /* Define to 1 if you have the `krb5_free_error_message' function. */ | ||
674 | #undef HAVE_KRB5_FREE_ERROR_MESSAGE | ||
675 | |||
676 | /* Define to 1 if you have the `krb5_get_error_message' function. */ | ||
677 | #undef HAVE_KRB5_GET_ERROR_MESSAGE | ||
678 | |||
679 | /* Define to 1 if you have the <langinfo.h> header file. */ | ||
680 | #undef HAVE_LANGINFO_H | ||
681 | |||
682 | /* Define to 1 if you have the <lastlog.h> header file. */ | ||
683 | #undef HAVE_LASTLOG_H | ||
684 | |||
685 | /* Define if you want ldns support */ | ||
686 | #undef HAVE_LDNS | ||
687 | |||
688 | /* Define to 1 if you have the <libaudit.h> header file. */ | ||
689 | #undef HAVE_LIBAUDIT_H | ||
690 | |||
691 | /* Define to 1 if you have the `bsm' library (-lbsm). */ | ||
692 | #undef HAVE_LIBBSM | ||
693 | |||
694 | /* Define to 1 if you have the `crypt' library (-lcrypt). */ | ||
695 | #undef HAVE_LIBCRYPT | ||
696 | |||
697 | /* Define to 1 if you have the `dl' library (-ldl). */ | ||
698 | #undef HAVE_LIBDL | ||
699 | |||
700 | /* Define to 1 if you have the <libgen.h> header file. */ | ||
701 | #undef HAVE_LIBGEN_H | ||
702 | |||
703 | /* Define if system has libiaf that supports set_id */ | ||
704 | #undef HAVE_LIBIAF | ||
705 | |||
706 | /* Define to 1 if you have the `network' library (-lnetwork). */ | ||
707 | #undef HAVE_LIBNETWORK | ||
708 | |||
709 | /* Define to 1 if you have the `pam' library (-lpam). */ | ||
710 | #undef HAVE_LIBPAM | ||
711 | |||
712 | /* Define to 1 if you have the `socket' library (-lsocket). */ | ||
713 | #undef HAVE_LIBSOCKET | ||
714 | |||
715 | /* Define to 1 if you have the <libutil.h> header file. */ | ||
716 | #undef HAVE_LIBUTIL_H | ||
717 | |||
718 | /* Define to 1 if you have the `xnet' library (-lxnet). */ | ||
719 | #undef HAVE_LIBXNET | ||
720 | |||
721 | /* Define to 1 if you have the `z' library (-lz). */ | ||
722 | #undef HAVE_LIBZ | ||
723 | |||
724 | /* Define to 1 if you have the <limits.h> header file. */ | ||
725 | #undef HAVE_LIMITS_H | ||
726 | |||
727 | /* Define to 1 if you have the <linux/audit.h> header file. */ | ||
728 | #undef HAVE_LINUX_AUDIT_H | ||
729 | |||
730 | /* Define to 1 if you have the <linux/filter.h> header file. */ | ||
731 | #undef HAVE_LINUX_FILTER_H | ||
732 | |||
733 | /* Define to 1 if you have the <linux/if_tun.h> header file. */ | ||
734 | #undef HAVE_LINUX_IF_TUN_H | ||
735 | |||
736 | /* Define to 1 if you have the <linux/seccomp.h> header file. */ | ||
737 | #undef HAVE_LINUX_SECCOMP_H | ||
738 | |||
739 | /* Define to 1 if you have the `llabs' function. */ | ||
740 | #undef HAVE_LLABS | ||
741 | |||
742 | /* Define to 1 if you have the <locale.h> header file. */ | ||
743 | #undef HAVE_LOCALE_H | ||
744 | |||
745 | /* Define to 1 if you have the `login' function. */ | ||
746 | #undef HAVE_LOGIN | ||
747 | |||
748 | /* Define to 1 if you have the <login_cap.h> header file. */ | ||
749 | #undef HAVE_LOGIN_CAP_H | ||
750 | |||
751 | /* Define to 1 if you have the `login_getcapbool' function. */ | ||
752 | #undef HAVE_LOGIN_GETCAPBOOL | ||
753 | |||
754 | /* Define to 1 if you have the <login.h> header file. */ | ||
755 | #undef HAVE_LOGIN_H | ||
756 | |||
757 | /* Define to 1 if you have the `logout' function. */ | ||
758 | #undef HAVE_LOGOUT | ||
759 | |||
760 | /* Define to 1 if you have the `logwtmp' function. */ | ||
761 | #undef HAVE_LOGWTMP | ||
762 | |||
763 | /* Define to 1 if the system has the type `long double'. */ | ||
764 | #undef HAVE_LONG_DOUBLE | ||
765 | |||
766 | /* Define to 1 if the system has the type `long long'. */ | ||
767 | #undef HAVE_LONG_LONG | ||
768 | |||
769 | /* Define to 1 if you have the <maillock.h> header file. */ | ||
770 | #undef HAVE_MAILLOCK_H | ||
771 | |||
772 | /* Define to 1 if you have the `mblen' function. */ | ||
773 | #undef HAVE_MBLEN | ||
774 | |||
775 | /* Define to 1 if you have the `mbtowc' function. */ | ||
776 | #undef HAVE_MBTOWC | ||
777 | |||
778 | /* Define to 1 if you have the `md5_crypt' function. */ | ||
779 | #undef HAVE_MD5_CRYPT | ||
780 | |||
781 | /* Define if you want to allow MD5 passwords */ | ||
782 | #undef HAVE_MD5_PASSWORDS | ||
783 | |||
784 | /* Define to 1 if you have the `memmove' function. */ | ||
785 | #undef HAVE_MEMMOVE | ||
786 | |||
787 | /* Define to 1 if you have the <memory.h> header file. */ | ||
788 | #undef HAVE_MEMORY_H | ||
789 | |||
790 | /* Define to 1 if you have the `memset_s' function. */ | ||
791 | #undef HAVE_MEMSET_S | ||
792 | |||
793 | /* Define to 1 if you have the `mkdtemp' function. */ | ||
794 | #undef HAVE_MKDTEMP | ||
795 | |||
796 | /* define if you have mode_t data type */ | ||
797 | #undef HAVE_MODE_T | ||
798 | |||
799 | /* Some systems put nanosleep outside of libc */ | ||
800 | #undef HAVE_NANOSLEEP | ||
801 | |||
802 | /* Define to 1 if you have the <ndir.h> header file. */ | ||
803 | #undef HAVE_NDIR_H | ||
804 | |||
805 | /* Define to 1 if you have the <netdb.h> header file. */ | ||
806 | #undef HAVE_NETDB_H | ||
807 | |||
808 | /* Define to 1 if you have the <netgroup.h> header file. */ | ||
809 | #undef HAVE_NETGROUP_H | ||
810 | |||
811 | /* Define to 1 if you have the <net/if_tun.h> header file. */ | ||
812 | #undef HAVE_NET_IF_TUN_H | ||
813 | |||
814 | /* Define if you are on NeXT */ | ||
815 | #undef HAVE_NEXT | ||
816 | |||
817 | /* Define to 1 if you have the `ngetaddrinfo' function. */ | ||
818 | #undef HAVE_NGETADDRINFO | ||
819 | |||
820 | /* Define to 1 if you have the `nl_langinfo' function. */ | ||
821 | #undef HAVE_NL_LANGINFO | ||
822 | |||
823 | /* Define to 1 if you have the `nsleep' function. */ | ||
824 | #undef HAVE_NSLEEP | ||
825 | |||
826 | /* Define to 1 if you have the `ogetaddrinfo' function. */ | ||
827 | #undef HAVE_OGETADDRINFO | ||
828 | |||
829 | /* Define if you have an old version of PAM which takes only one argument to | ||
830 | pam_strerror */ | ||
831 | #undef HAVE_OLD_PAM | ||
832 | |||
833 | /* Define to 1 if you have the `openlog_r' function. */ | ||
834 | #undef HAVE_OPENLOG_R | ||
835 | |||
836 | /* Define to 1 if you have the `openpty' function. */ | ||
837 | #undef HAVE_OPENPTY | ||
838 | |||
839 | /* Define if your ssl headers are included with #include <openssl/header.h> */ | ||
840 | #undef HAVE_OPENSSL | ||
841 | |||
842 | /* Define if you have Digital Unix Security Integration Architecture */ | ||
843 | #undef HAVE_OSF_SIA | ||
844 | |||
845 | /* Define to 1 if you have the `pam_getenvlist' function. */ | ||
846 | #undef HAVE_PAM_GETENVLIST | ||
847 | |||
848 | /* Define to 1 if you have the <pam/pam_appl.h> header file. */ | ||
849 | #undef HAVE_PAM_PAM_APPL_H | ||
850 | |||
851 | /* Define to 1 if you have the `pam_putenv' function. */ | ||
852 | #undef HAVE_PAM_PUTENV | ||
853 | |||
854 | /* Define to 1 if you have the <paths.h> header file. */ | ||
855 | #undef HAVE_PATHS_H | ||
856 | |||
857 | /* Define if you have ut_pid in utmp.h */ | ||
858 | #undef HAVE_PID_IN_UTMP | ||
859 | |||
860 | /* define if you have pid_t data type */ | ||
861 | #undef HAVE_PID_T | ||
862 | |||
863 | /* Define to 1 if you have the `pledge' function. */ | ||
864 | #undef HAVE_PLEDGE | ||
865 | |||
866 | /* Define to 1 if you have the `poll' function. */ | ||
867 | #undef HAVE_POLL | ||
868 | |||
869 | /* Define to 1 if you have the <poll.h> header file. */ | ||
870 | #undef HAVE_POLL_H | ||
871 | |||
872 | /* Define to 1 if you have the `prctl' function. */ | ||
873 | #undef HAVE_PRCTL | ||
874 | |||
875 | /* Define to 1 if you have the `priv_basicset' function. */ | ||
876 | #undef HAVE_PRIV_BASICSET | ||
877 | |||
878 | /* Define to 1 if you have the <priv.h> header file. */ | ||
879 | #undef HAVE_PRIV_H | ||
880 | |||
881 | /* Define if you have /proc/$pid/fd */ | ||
882 | #undef HAVE_PROC_PID | ||
883 | |||
884 | /* Define to 1 if you have the `pstat' function. */ | ||
885 | #undef HAVE_PSTAT | ||
886 | |||
887 | /* Define to 1 if you have the <pty.h> header file. */ | ||
888 | #undef HAVE_PTY_H | ||
889 | |||
890 | /* Define to 1 if you have the `pututline' function. */ | ||
891 | #undef HAVE_PUTUTLINE | ||
892 | |||
893 | /* Define to 1 if you have the `pututxline' function. */ | ||
894 | #undef HAVE_PUTUTXLINE | ||
895 | |||
896 | /* Define to 1 if you have the `readpassphrase' function. */ | ||
897 | #undef HAVE_READPASSPHRASE | ||
898 | |||
899 | /* Define to 1 if you have the <readpassphrase.h> header file. */ | ||
900 | #undef HAVE_READPASSPHRASE_H | ||
901 | |||
902 | /* Define to 1 if you have the `reallocarray' function. */ | ||
903 | #undef HAVE_REALLOCARRAY | ||
904 | |||
905 | /* Define to 1 if you have the `realpath' function. */ | ||
906 | #undef HAVE_REALPATH | ||
907 | |||
908 | /* Define to 1 if you have the `recvmsg' function. */ | ||
909 | #undef HAVE_RECVMSG | ||
910 | |||
911 | /* sys/resource.h has RLIMIT_NPROC */ | ||
912 | #undef HAVE_RLIMIT_NPROC | ||
913 | |||
914 | /* Define to 1 if you have the <rpc/types.h> header file. */ | ||
915 | #undef HAVE_RPC_TYPES_H | ||
916 | |||
917 | /* Define to 1 if you have the `rresvport_af' function. */ | ||
918 | #undef HAVE_RRESVPORT_AF | ||
919 | |||
920 | /* Define to 1 if you have the `RSA_generate_key_ex' function. */ | ||
921 | #undef HAVE_RSA_GENERATE_KEY_EX | ||
922 | |||
923 | /* Define to 1 if you have the `RSA_get_default_method' function. */ | ||
924 | #undef HAVE_RSA_GET_DEFAULT_METHOD | ||
925 | |||
926 | /* Define to 1 if you have the <sandbox.h> header file. */ | ||
927 | #undef HAVE_SANDBOX_H | ||
928 | |||
929 | /* Define to 1 if you have the `sandbox_init' function. */ | ||
930 | #undef HAVE_SANDBOX_INIT | ||
931 | |||
932 | /* define if you have sa_family_t data type */ | ||
933 | #undef HAVE_SA_FAMILY_T | ||
934 | |||
935 | /* Define to 1 if you have the `scan_scaled' function. */ | ||
936 | #undef HAVE_SCAN_SCALED | ||
937 | |||
938 | /* Define if you have SecureWare-based protected password database */ | ||
939 | #undef HAVE_SECUREWARE | ||
940 | |||
941 | /* Define to 1 if you have the <security/pam_appl.h> header file. */ | ||
942 | #undef HAVE_SECURITY_PAM_APPL_H | ||
943 | |||
944 | /* Define to 1 if you have the `sendmsg' function. */ | ||
945 | #undef HAVE_SENDMSG | ||
946 | |||
947 | /* Define to 1 if you have the `setauthdb' function. */ | ||
948 | #undef HAVE_SETAUTHDB | ||
949 | |||
950 | /* Define to 1 if you have the `setdtablesize' function. */ | ||
951 | #undef HAVE_SETDTABLESIZE | ||
952 | |||
953 | /* Define to 1 if you have the `setegid' function. */ | ||
954 | #undef HAVE_SETEGID | ||
955 | |||
956 | /* Define to 1 if you have the `setenv' function. */ | ||
957 | #undef HAVE_SETENV | ||
958 | |||
959 | /* Define to 1 if you have the `seteuid' function. */ | ||
960 | #undef HAVE_SETEUID | ||
961 | |||
962 | /* Define to 1 if you have the `setgroupent' function. */ | ||
963 | #undef HAVE_SETGROUPENT | ||
964 | |||
965 | /* Define to 1 if you have the `setgroups' function. */ | ||
966 | #undef HAVE_SETGROUPS | ||
967 | |||
968 | /* Define to 1 if you have the `setlinebuf' function. */ | ||
969 | #undef HAVE_SETLINEBUF | ||
970 | |||
971 | /* Define to 1 if you have the `setlogin' function. */ | ||
972 | #undef HAVE_SETLOGIN | ||
973 | |||
974 | /* Define to 1 if you have the `setluid' function. */ | ||
975 | #undef HAVE_SETLUID | ||
976 | |||
977 | /* Define to 1 if you have the `setpassent' function. */ | ||
978 | #undef HAVE_SETPASSENT | ||
979 | |||
980 | /* Define to 1 if you have the `setpcred' function. */ | ||
981 | #undef HAVE_SETPCRED | ||
982 | |||
983 | /* Define to 1 if you have the `setpflags' function. */ | ||
984 | #undef HAVE_SETPFLAGS | ||
985 | |||
986 | /* Define to 1 if you have the `setppriv' function. */ | ||
987 | #undef HAVE_SETPPRIV | ||
988 | |||
989 | /* Define to 1 if you have the `setproctitle' function. */ | ||
990 | #undef HAVE_SETPROCTITLE | ||
991 | |||
992 | /* Define to 1 if you have the `setregid' function. */ | ||
993 | #undef HAVE_SETREGID | ||
994 | |||
995 | /* Define to 1 if you have the `setresgid' function. */ | ||
996 | #undef HAVE_SETRESGID | ||
997 | |||
998 | /* Define to 1 if you have the `setresuid' function. */ | ||
999 | #undef HAVE_SETRESUID | ||
1000 | |||
1001 | /* Define to 1 if you have the `setreuid' function. */ | ||
1002 | #undef HAVE_SETREUID | ||
1003 | |||
1004 | /* Define to 1 if you have the `setrlimit' function. */ | ||
1005 | #undef HAVE_SETRLIMIT | ||
1006 | |||
1007 | /* Define to 1 if you have the `setsid' function. */ | ||
1008 | #undef HAVE_SETSID | ||
1009 | |||
1010 | /* Define to 1 if you have the `setutent' function. */ | ||
1011 | #undef HAVE_SETUTENT | ||
1012 | |||
1013 | /* Define to 1 if you have the `setutxdb' function. */ | ||
1014 | #undef HAVE_SETUTXDB | ||
1015 | |||
1016 | /* Define to 1 if you have the `setutxent' function. */ | ||
1017 | #undef HAVE_SETUTXENT | ||
1018 | |||
1019 | /* Define to 1 if you have the `setvbuf' function. */ | ||
1020 | #undef HAVE_SETVBUF | ||
1021 | |||
1022 | /* Define to 1 if you have the `set_id' function. */ | ||
1023 | #undef HAVE_SET_ID | ||
1024 | |||
1025 | /* Define to 1 if you have the `SHA256_Update' function. */ | ||
1026 | #undef HAVE_SHA256_UPDATE | ||
1027 | |||
1028 | /* Define to 1 if you have the <sha2.h> header file. */ | ||
1029 | #undef HAVE_SHA2_H | ||
1030 | |||
1031 | /* Define to 1 if you have the <shadow.h> header file. */ | ||
1032 | #undef HAVE_SHADOW_H | ||
1033 | |||
1034 | /* Define to 1 if you have the `sigaction' function. */ | ||
1035 | #undef HAVE_SIGACTION | ||
1036 | |||
1037 | /* Define to 1 if you have the `sigvec' function. */ | ||
1038 | #undef HAVE_SIGVEC | ||
1039 | |||
1040 | /* Define to 1 if the system has the type `sig_atomic_t'. */ | ||
1041 | #undef HAVE_SIG_ATOMIC_T | ||
1042 | |||
1043 | /* define if you have size_t data type */ | ||
1044 | #undef HAVE_SIZE_T | ||
1045 | |||
1046 | /* Define to 1 if you have the `snprintf' function. */ | ||
1047 | #undef HAVE_SNPRINTF | ||
1048 | |||
1049 | /* Define to 1 if you have the `socketpair' function. */ | ||
1050 | #undef HAVE_SOCKETPAIR | ||
1051 | |||
1052 | /* Have PEERCRED socket option */ | ||
1053 | #undef HAVE_SO_PEERCRED | ||
1054 | |||
1055 | /* define if you have ssize_t data type */ | ||
1056 | #undef HAVE_SSIZE_T | ||
1057 | |||
1058 | /* Fields in struct sockaddr_storage */ | ||
1059 | #undef HAVE_SS_FAMILY_IN_SS | ||
1060 | |||
1061 | /* Define to 1 if you have the `statfs' function. */ | ||
1062 | #undef HAVE_STATFS | ||
1063 | |||
1064 | /* Define to 1 if you have the `statvfs' function. */ | ||
1065 | #undef HAVE_STATVFS | ||
1066 | |||
1067 | /* Define to 1 if you have the <stddef.h> header file. */ | ||
1068 | #undef HAVE_STDDEF_H | ||
1069 | |||
1070 | /* Define to 1 if you have the <stdint.h> header file. */ | ||
1071 | #undef HAVE_STDINT_H | ||
1072 | |||
1073 | /* Define to 1 if you have the <stdlib.h> header file. */ | ||
1074 | #undef HAVE_STDLIB_H | ||
1075 | |||
1076 | /* Define to 1 if you have the `strcasestr' function. */ | ||
1077 | #undef HAVE_STRCASESTR | ||
1078 | |||
1079 | /* Define to 1 if you have the `strdup' function. */ | ||
1080 | #undef HAVE_STRDUP | ||
1081 | |||
1082 | /* Define to 1 if you have the `strerror' function. */ | ||
1083 | #undef HAVE_STRERROR | ||
1084 | |||
1085 | /* Define to 1 if you have the `strftime' function. */ | ||
1086 | #undef HAVE_STRFTIME | ||
1087 | |||
1088 | /* Silly mkstemp() */ | ||
1089 | #undef HAVE_STRICT_MKSTEMP | ||
1090 | |||
1091 | /* Define to 1 if you have the <strings.h> header file. */ | ||
1092 | #undef HAVE_STRINGS_H | ||
1093 | |||
1094 | /* Define to 1 if you have the <string.h> header file. */ | ||
1095 | #undef HAVE_STRING_H | ||
1096 | |||
1097 | /* Define to 1 if you have the `strlcat' function. */ | ||
1098 | #undef HAVE_STRLCAT | ||
1099 | |||
1100 | /* Define to 1 if you have the `strlcpy' function. */ | ||
1101 | #undef HAVE_STRLCPY | ||
1102 | |||
1103 | /* Define to 1 if you have the `strmode' function. */ | ||
1104 | #undef HAVE_STRMODE | ||
1105 | |||
1106 | /* Define to 1 if you have the `strnlen' function. */ | ||
1107 | #undef HAVE_STRNLEN | ||
1108 | |||
1109 | /* Define to 1 if you have the `strnvis' function. */ | ||
1110 | #undef HAVE_STRNVIS | ||
1111 | |||
1112 | /* Define to 1 if you have the `strptime' function. */ | ||
1113 | #undef HAVE_STRPTIME | ||
1114 | |||
1115 | /* Define to 1 if you have the `strsep' function. */ | ||
1116 | #undef HAVE_STRSEP | ||
1117 | |||
1118 | /* Define to 1 if you have the `strtoll' function. */ | ||
1119 | #undef HAVE_STRTOLL | ||
1120 | |||
1121 | /* Define to 1 if you have the `strtonum' function. */ | ||
1122 | #undef HAVE_STRTONUM | ||
1123 | |||
1124 | /* Define to 1 if you have the `strtoul' function. */ | ||
1125 | #undef HAVE_STRTOUL | ||
1126 | |||
1127 | /* Define to 1 if you have the `strtoull' function. */ | ||
1128 | #undef HAVE_STRTOULL | ||
1129 | |||
1130 | /* define if you have struct addrinfo data type */ | ||
1131 | #undef HAVE_STRUCT_ADDRINFO | ||
1132 | |||
1133 | /* define if you have struct in6_addr data type */ | ||
1134 | #undef HAVE_STRUCT_IN6_ADDR | ||
1135 | |||
1136 | /* Define to 1 if `pw_change' is a member of `struct passwd'. */ | ||
1137 | #undef HAVE_STRUCT_PASSWD_PW_CHANGE | ||
1138 | |||
1139 | /* Define to 1 if `pw_class' is a member of `struct passwd'. */ | ||
1140 | #undef HAVE_STRUCT_PASSWD_PW_CLASS | ||
1141 | |||
1142 | /* Define to 1 if `pw_expire' is a member of `struct passwd'. */ | ||
1143 | #undef HAVE_STRUCT_PASSWD_PW_EXPIRE | ||
1144 | |||
1145 | /* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ | ||
1146 | #undef HAVE_STRUCT_PASSWD_PW_GECOS | ||
1147 | |||
1148 | /* define if you have struct sockaddr_in6 data type */ | ||
1149 | #undef HAVE_STRUCT_SOCKADDR_IN6 | ||
1150 | |||
1151 | /* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ | ||
1152 | #undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID | ||
1153 | |||
1154 | /* define if you have struct sockaddr_storage data type */ | ||
1155 | #undef HAVE_STRUCT_SOCKADDR_STORAGE | ||
1156 | |||
1157 | /* Define to 1 if `st_blksize' is a member of `struct stat'. */ | ||
1158 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE | ||
1159 | |||
1160 | /* Define to 1 if the system has the type `struct timespec'. */ | ||
1161 | #undef HAVE_STRUCT_TIMESPEC | ||
1162 | |||
1163 | /* define if you have struct timeval */ | ||
1164 | #undef HAVE_STRUCT_TIMEVAL | ||
1165 | |||
1166 | /* Define to 1 if you have the `swap32' function. */ | ||
1167 | #undef HAVE_SWAP32 | ||
1168 | |||
1169 | /* Define to 1 if you have the `sysconf' function. */ | ||
1170 | #undef HAVE_SYSCONF | ||
1171 | |||
1172 | /* Define if you have syslen in utmpx.h */ | ||
1173 | #undef HAVE_SYSLEN_IN_UTMPX | ||
1174 | |||
1175 | /* Define to 1 if you have the <sys/audit.h> header file. */ | ||
1176 | #undef HAVE_SYS_AUDIT_H | ||
1177 | |||
1178 | /* Define to 1 if you have the <sys/bitypes.h> header file. */ | ||
1179 | #undef HAVE_SYS_BITYPES_H | ||
1180 | |||
1181 | /* Define to 1 if you have the <sys/bsdtty.h> header file. */ | ||
1182 | #undef HAVE_SYS_BSDTTY_H | ||
1183 | |||
1184 | /* Define to 1 if you have the <sys/capability.h> header file. */ | ||
1185 | #undef HAVE_SYS_CAPABILITY_H | ||
1186 | |||
1187 | /* Define to 1 if you have the <sys/cdefs.h> header file. */ | ||
1188 | #undef HAVE_SYS_CDEFS_H | ||
1189 | |||
1190 | /* Define to 1 if you have the <sys/dir.h> header file. */ | ||
1191 | #undef HAVE_SYS_DIR_H | ||
1192 | |||
1193 | /* Define if your system defines sys_errlist[] */ | ||
1194 | #undef HAVE_SYS_ERRLIST | ||
1195 | |||
1196 | /* Define to 1 if you have the <sys/mman.h> header file. */ | ||
1197 | #undef HAVE_SYS_MMAN_H | ||
1198 | |||
1199 | /* Define to 1 if you have the <sys/mount.h> header file. */ | ||
1200 | #undef HAVE_SYS_MOUNT_H | ||
1201 | |||
1202 | /* Define to 1 if you have the <sys/ndir.h> header file. */ | ||
1203 | #undef HAVE_SYS_NDIR_H | ||
1204 | |||
1205 | /* Define if your system defines sys_nerr */ | ||
1206 | #undef HAVE_SYS_NERR | ||
1207 | |||
1208 | /* Define to 1 if you have the <sys/poll.h> header file. */ | ||
1209 | #undef HAVE_SYS_POLL_H | ||
1210 | |||
1211 | /* Define to 1 if you have the <sys/prctl.h> header file. */ | ||
1212 | #undef HAVE_SYS_PRCTL_H | ||
1213 | |||
1214 | /* Define to 1 if you have the <sys/pstat.h> header file. */ | ||
1215 | #undef HAVE_SYS_PSTAT_H | ||
1216 | |||
1217 | /* Define to 1 if you have the <sys/ptms.h> header file. */ | ||
1218 | #undef HAVE_SYS_PTMS_H | ||
1219 | |||
1220 | /* Define to 1 if you have the <sys/ptrace.h> header file. */ | ||
1221 | #undef HAVE_SYS_PTRACE_H | ||
1222 | |||
1223 | /* Define to 1 if you have the <sys/select.h> header file. */ | ||
1224 | #undef HAVE_SYS_SELECT_H | ||
1225 | |||
1226 | /* Define to 1 if you have the <sys/statvfs.h> header file. */ | ||
1227 | #undef HAVE_SYS_STATVFS_H | ||
1228 | |||
1229 | /* Define to 1 if you have the <sys/stat.h> header file. */ | ||
1230 | #undef HAVE_SYS_STAT_H | ||
1231 | |||
1232 | /* Define to 1 if you have the <sys/stream.h> header file. */ | ||
1233 | #undef HAVE_SYS_STREAM_H | ||
1234 | |||
1235 | /* Define to 1 if you have the <sys/stropts.h> header file. */ | ||
1236 | #undef HAVE_SYS_STROPTS_H | ||
1237 | |||
1238 | /* Define to 1 if you have the <sys/strtio.h> header file. */ | ||
1239 | #undef HAVE_SYS_STRTIO_H | ||
1240 | |||
1241 | /* Force use of sys/syslog.h on Ultrix */ | ||
1242 | #undef HAVE_SYS_SYSLOG_H | ||
1243 | |||
1244 | /* Define to 1 if you have the <sys/sysmacros.h> header file. */ | ||
1245 | #undef HAVE_SYS_SYSMACROS_H | ||
1246 | |||
1247 | /* Define to 1 if you have the <sys/timers.h> header file. */ | ||
1248 | #undef HAVE_SYS_TIMERS_H | ||
1249 | |||
1250 | /* Define to 1 if you have the <sys/time.h> header file. */ | ||
1251 | #undef HAVE_SYS_TIME_H | ||
1252 | |||
1253 | /* Define to 1 if you have the <sys/types.h> header file. */ | ||
1254 | #undef HAVE_SYS_TYPES_H | ||
1255 | |||
1256 | /* Define to 1 if you have the <sys/un.h> header file. */ | ||
1257 | #undef HAVE_SYS_UN_H | ||
1258 | |||
1259 | /* Define to 1 if you have the `tcgetpgrp' function. */ | ||
1260 | #undef HAVE_TCGETPGRP | ||
1261 | |||
1262 | /* Define to 1 if you have the `tcsendbreak' function. */ | ||
1263 | #undef HAVE_TCSENDBREAK | ||
1264 | |||
1265 | /* Define to 1 if you have the `time' function. */ | ||
1266 | #undef HAVE_TIME | ||
1267 | |||
1268 | /* Define to 1 if you have the <time.h> header file. */ | ||
1269 | #undef HAVE_TIME_H | ||
1270 | |||
1271 | /* Define if you have ut_time in utmp.h */ | ||
1272 | #undef HAVE_TIME_IN_UTMP | ||
1273 | |||
1274 | /* Define if you have ut_time in utmpx.h */ | ||
1275 | #undef HAVE_TIME_IN_UTMPX | ||
1276 | |||
1277 | /* Define to 1 if you have the `timingsafe_bcmp' function. */ | ||
1278 | #undef HAVE_TIMINGSAFE_BCMP | ||
1279 | |||
1280 | /* Define to 1 if you have the <tmpdir.h> header file. */ | ||
1281 | #undef HAVE_TMPDIR_H | ||
1282 | |||
1283 | /* Define to 1 if you have the `truncate' function. */ | ||
1284 | #undef HAVE_TRUNCATE | ||
1285 | |||
1286 | /* Define to 1 if you have the <ttyent.h> header file. */ | ||
1287 | #undef HAVE_TTYENT_H | ||
1288 | |||
1289 | /* Define if you have ut_tv in utmp.h */ | ||
1290 | #undef HAVE_TV_IN_UTMP | ||
1291 | |||
1292 | /* Define if you have ut_tv in utmpx.h */ | ||
1293 | #undef HAVE_TV_IN_UTMPX | ||
1294 | |||
1295 | /* Define if you have ut_type in utmp.h */ | ||
1296 | #undef HAVE_TYPE_IN_UTMP | ||
1297 | |||
1298 | /* Define if you have ut_type in utmpx.h */ | ||
1299 | #undef HAVE_TYPE_IN_UTMPX | ||
1300 | |||
1301 | /* Define to 1 if you have the <ucred.h> header file. */ | ||
1302 | #undef HAVE_UCRED_H | ||
1303 | |||
1304 | /* Define to 1 if the system has the type `uintmax_t'. */ | ||
1305 | #undef HAVE_UINTMAX_T | ||
1306 | |||
1307 | /* define if you have uintxx_t data type */ | ||
1308 | #undef HAVE_UINTXX_T | ||
1309 | |||
1310 | /* Define to 1 if you have the <unistd.h> header file. */ | ||
1311 | #undef HAVE_UNISTD_H | ||
1312 | |||
1313 | /* Define to 1 if you have the `unsetenv' function. */ | ||
1314 | #undef HAVE_UNSETENV | ||
1315 | |||
1316 | /* Define to 1 if the system has the type `unsigned long long'. */ | ||
1317 | #undef HAVE_UNSIGNED_LONG_LONG | ||
1318 | |||
1319 | /* Define to 1 if you have the `updwtmp' function. */ | ||
1320 | #undef HAVE_UPDWTMP | ||
1321 | |||
1322 | /* Define to 1 if you have the `updwtmpx' function. */ | ||
1323 | #undef HAVE_UPDWTMPX | ||
1324 | |||
1325 | /* Define to 1 if you have the <usersec.h> header file. */ | ||
1326 | #undef HAVE_USERSEC_H | ||
1327 | |||
1328 | /* Define to 1 if you have the `user_from_uid' function. */ | ||
1329 | #undef HAVE_USER_FROM_UID | ||
1330 | |||
1331 | /* Define to 1 if you have the `usleep' function. */ | ||
1332 | #undef HAVE_USLEEP | ||
1333 | |||
1334 | /* Define to 1 if you have the <util.h> header file. */ | ||
1335 | #undef HAVE_UTIL_H | ||
1336 | |||
1337 | /* Define to 1 if you have the `utimes' function. */ | ||
1338 | #undef HAVE_UTIMES | ||
1339 | |||
1340 | /* Define to 1 if you have the <utime.h> header file. */ | ||
1341 | #undef HAVE_UTIME_H | ||
1342 | |||
1343 | /* Define to 1 if you have the `utmpname' function. */ | ||
1344 | #undef HAVE_UTMPNAME | ||
1345 | |||
1346 | /* Define to 1 if you have the `utmpxname' function. */ | ||
1347 | #undef HAVE_UTMPXNAME | ||
1348 | |||
1349 | /* Define to 1 if you have the <utmpx.h> header file. */ | ||
1350 | #undef HAVE_UTMPX_H | ||
1351 | |||
1352 | /* Define to 1 if you have the <utmp.h> header file. */ | ||
1353 | #undef HAVE_UTMP_H | ||
1354 | |||
1355 | /* define if you have u_char data type */ | ||
1356 | #undef HAVE_U_CHAR | ||
1357 | |||
1358 | /* define if you have u_int data type */ | ||
1359 | #undef HAVE_U_INT | ||
1360 | |||
1361 | /* define if you have u_int64_t data type */ | ||
1362 | #undef HAVE_U_INT64_T | ||
1363 | |||
1364 | /* define if you have u_intxx_t data type */ | ||
1365 | #undef HAVE_U_INTXX_T | ||
1366 | |||
1367 | /* Define to 1 if you have the `vasprintf' function. */ | ||
1368 | #undef HAVE_VASPRINTF | ||
1369 | |||
1370 | /* Define if va_copy exists */ | ||
1371 | #undef HAVE_VA_COPY | ||
1372 | |||
1373 | /* Define to 1 if you have the <vis.h> header file. */ | ||
1374 | #undef HAVE_VIS_H | ||
1375 | |||
1376 | /* Define to 1 if you have the `vsnprintf' function. */ | ||
1377 | #undef HAVE_VSNPRINTF | ||
1378 | |||
1379 | /* Define to 1 if you have the `waitpid' function. */ | ||
1380 | #undef HAVE_WAITPID | ||
1381 | |||
1382 | /* Define to 1 if you have the `warn' function. */ | ||
1383 | #undef HAVE_WARN | ||
1384 | |||
1385 | /* Define to 1 if you have the <wchar.h> header file. */ | ||
1386 | #undef HAVE_WCHAR_H | ||
1387 | |||
1388 | /* Define to 1 if you have the `wcwidth' function. */ | ||
1389 | #undef HAVE_WCWIDTH | ||
1390 | |||
1391 | /* Define to 1 if you have the `_getlong' function. */ | ||
1392 | #undef HAVE__GETLONG | ||
1393 | |||
1394 | /* Define to 1 if you have the `_getpty' function. */ | ||
1395 | #undef HAVE__GETPTY | ||
1396 | |||
1397 | /* Define to 1 if you have the `_getshort' function. */ | ||
1398 | #undef HAVE__GETSHORT | ||
1399 | |||
1400 | /* Define if you have struct __res_state _res as an extern */ | ||
1401 | #undef HAVE__RES_EXTERN | ||
1402 | |||
1403 | /* Define to 1 if you have the `__b64_ntop' function. */ | ||
1404 | #undef HAVE___B64_NTOP | ||
1405 | |||
1406 | /* Define to 1 if you have the `__b64_pton' function. */ | ||
1407 | #undef HAVE___B64_PTON | ||
1408 | |||
1409 | /* Define if compiler implements __FUNCTION__ */ | ||
1410 | #undef HAVE___FUNCTION__ | ||
1411 | |||
1412 | /* Define if libc defines __progname */ | ||
1413 | #undef HAVE___PROGNAME | ||
1414 | |||
1415 | /* Fields in struct sockaddr_storage */ | ||
1416 | #undef HAVE___SS_FAMILY_IN_SS | ||
1417 | |||
1418 | /* Define if __va_copy exists */ | ||
1419 | #undef HAVE___VA_COPY | ||
1420 | |||
1421 | /* Define if compiler implements __func__ */ | ||
1422 | #undef HAVE___func__ | ||
1423 | |||
1424 | /* Define this if you are using the Heimdal version of Kerberos V5 */ | ||
1425 | #undef HEIMDAL | ||
1426 | |||
1427 | /* Define if you need to use IP address instead of hostname in $DISPLAY */ | ||
1428 | #undef IPADDR_IN_DISPLAY | ||
1429 | |||
1430 | /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ | ||
1431 | #undef IPV4_IN_IPV6 | ||
1432 | |||
1433 | /* Define if your system choked on IP TOS setting */ | ||
1434 | #undef IP_TOS_IS_BROKEN | ||
1435 | |||
1436 | /* Define if you want Kerberos 5 support */ | ||
1437 | #undef KRB5 | ||
1438 | |||
1439 | /* Define if pututxline updates lastlog too */ | ||
1440 | #undef LASTLOG_WRITE_PUTUTXLINE | ||
1441 | |||
1442 | /* Define to whatever link() returns for "not supported" if it doesn't return | ||
1443 | EOPNOTSUPP. */ | ||
1444 | #undef LINK_OPNOTSUPP_ERRNO | ||
1445 | |||
1446 | /* Adjust Linux out-of-memory killer */ | ||
1447 | #undef LINUX_OOM_ADJUST | ||
1448 | |||
1449 | /* max value of long long calculated by configure */ | ||
1450 | #undef LLONG_MAX | ||
1451 | |||
1452 | /* min value of long long calculated by configure */ | ||
1453 | #undef LLONG_MIN | ||
1454 | |||
1455 | /* Account locked with pw(1) */ | ||
1456 | #undef LOCKED_PASSWD_PREFIX | ||
1457 | |||
1458 | /* String used in /etc/passwd to denote locked account */ | ||
1459 | #undef LOCKED_PASSWD_STRING | ||
1460 | |||
1461 | /* String used in /etc/passwd to denote locked account */ | ||
1462 | #undef LOCKED_PASSWD_SUBSTR | ||
1463 | |||
1464 | /* Some systems need a utmpx entry for /bin/login to work */ | ||
1465 | #undef LOGIN_NEEDS_UTMPX | ||
1466 | |||
1467 | /* Set this to your mail directory if you do not have _PATH_MAILDIR */ | ||
1468 | #undef MAIL_DIRECTORY | ||
1469 | |||
1470 | /* Need setpgrp to acquire controlling tty */ | ||
1471 | #undef NEED_SETPGRP | ||
1472 | |||
1473 | /* compiler does not accept __attribute__ on return types */ | ||
1474 | #undef NO_ATTRIBUTE_ON_RETURN_TYPE | ||
1475 | |||
1476 | /* Define if you don't want to use lastlog in session.c */ | ||
1477 | #undef NO_SSH_LASTLOG | ||
1478 | |||
1479 | /* Define to disable UID restoration test */ | ||
1480 | #undef NO_UID_RESTORATION_TEST | ||
1481 | |||
1482 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | ||
1483 | #undef NO_X11_UNIX_SOCKETS | ||
1484 | |||
1485 | /* Define if EVP_DigestUpdate returns void */ | ||
1486 | #undef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
1487 | |||
1488 | /* OpenSSL has ECC */ | ||
1489 | #undef OPENSSL_HAS_ECC | ||
1490 | |||
1491 | /* libcrypto has NID_X9_62_prime256v1 */ | ||
1492 | #undef OPENSSL_HAS_NISTP256 | ||
1493 | |||
1494 | /* libcrypto has NID_secp384r1 */ | ||
1495 | #undef OPENSSL_HAS_NISTP384 | ||
1496 | |||
1497 | /* libcrypto has NID_secp521r1 */ | ||
1498 | #undef OPENSSL_HAS_NISTP521 | ||
1499 | |||
1500 | /* libcrypto has EVP AES CTR */ | ||
1501 | #undef OPENSSL_HAVE_EVPCTR | ||
1502 | |||
1503 | /* libcrypto has EVP AES GCM */ | ||
1504 | #undef OPENSSL_HAVE_EVPGCM | ||
1505 | |||
1506 | /* libcrypto is missing AES 192 and 256 bit functions */ | ||
1507 | #undef OPENSSL_LOBOTOMISED_AES | ||
1508 | |||
1509 | /* Define if you want the OpenSSL internally seeded PRNG only */ | ||
1510 | #undef OPENSSL_PRNG_ONLY | ||
1511 | |||
1512 | /* Define to the address where bug reports for this package should be sent. */ | ||
1513 | #undef PACKAGE_BUGREPORT | ||
1514 | |||
1515 | /* Define to the full name of this package. */ | ||
1516 | #undef PACKAGE_NAME | ||
1517 | |||
1518 | /* Define to the full name and version of this package. */ | ||
1519 | #undef PACKAGE_STRING | ||
1520 | |||
1521 | /* Define to the one symbol short name of this package. */ | ||
1522 | #undef PACKAGE_TARNAME | ||
1523 | |||
1524 | /* Define to the home page for this package. */ | ||
1525 | #undef PACKAGE_URL | ||
1526 | |||
1527 | /* Define to the version of this package. */ | ||
1528 | #undef PACKAGE_VERSION | ||
1529 | |||
1530 | /* Define if you are using Solaris-derived PAM which passes pam_messages to | ||
1531 | the conversation function with an extra level of indirection */ | ||
1532 | #undef PAM_SUN_CODEBASE | ||
1533 | |||
1534 | /* Work around problematic Linux PAM modules handling of PAM_TTY */ | ||
1535 | #undef PAM_TTY_KLUDGE | ||
1536 | |||
1537 | /* must supply username to passwd */ | ||
1538 | #undef PASSWD_NEEDS_USERNAME | ||
1539 | |||
1540 | /* System dirs owned by bin (uid 2) */ | ||
1541 | #undef PLATFORM_SYS_DIR_UID | ||
1542 | |||
1543 | /* Port number of PRNGD/EGD random number socket */ | ||
1544 | #undef PRNGD_PORT | ||
1545 | |||
1546 | /* Location of PRNGD/EGD random number socket */ | ||
1547 | #undef PRNGD_SOCKET | ||
1548 | |||
1549 | /* read(1) can return 0 for a non-closed fd */ | ||
1550 | #undef PTY_ZEROREAD | ||
1551 | |||
1552 | /* Sandbox using capsicum */ | ||
1553 | #undef SANDBOX_CAPSICUM | ||
1554 | |||
1555 | /* Sandbox using Darwin sandbox_init(3) */ | ||
1556 | #undef SANDBOX_DARWIN | ||
1557 | |||
1558 | /* no privsep sandboxing */ | ||
1559 | #undef SANDBOX_NULL | ||
1560 | |||
1561 | /* Sandbox using pledge(2) */ | ||
1562 | #undef SANDBOX_PLEDGE | ||
1563 | |||
1564 | /* Sandbox using setrlimit(2) */ | ||
1565 | #undef SANDBOX_RLIMIT | ||
1566 | |||
1567 | /* Sandbox using seccomp filter */ | ||
1568 | #undef SANDBOX_SECCOMP_FILTER | ||
1569 | |||
1570 | /* setrlimit RLIMIT_FSIZE works */ | ||
1571 | #undef SANDBOX_SKIP_RLIMIT_FSIZE | ||
1572 | |||
1573 | /* define if setrlimit RLIMIT_NOFILE breaks things */ | ||
1574 | #undef SANDBOX_SKIP_RLIMIT_NOFILE | ||
1575 | |||
1576 | /* Sandbox using Solaris/Illumos privileges */ | ||
1577 | #undef SANDBOX_SOLARIS | ||
1578 | |||
1579 | /* Sandbox using systrace(4) */ | ||
1580 | #undef SANDBOX_SYSTRACE | ||
1581 | |||
1582 | /* Specify the system call convention in use */ | ||
1583 | #undef SECCOMP_AUDIT_ARCH | ||
1584 | |||
1585 | /* Define if your platform breaks doing a seteuid before a setuid */ | ||
1586 | #undef SETEUID_BREAKS_SETUID | ||
1587 | |||
1588 | /* The size of `int', as computed by sizeof. */ | ||
1589 | #undef SIZEOF_INT | ||
1590 | |||
1591 | /* The size of `long int', as computed by sizeof. */ | ||
1592 | #undef SIZEOF_LONG_INT | ||
1593 | |||
1594 | /* The size of `long long int', as computed by sizeof. */ | ||
1595 | #undef SIZEOF_LONG_LONG_INT | ||
1596 | |||
1597 | /* The size of `short int', as computed by sizeof. */ | ||
1598 | #undef SIZEOF_SHORT_INT | ||
1599 | |||
1600 | /* Define if you want S/Key support */ | ||
1601 | #undef SKEY | ||
1602 | |||
1603 | /* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ | ||
1604 | #undef SKEYCHALLENGE_4ARG | ||
1605 | |||
1606 | /* Define as const if snprintf() can declare const char *fmt */ | ||
1607 | #undef SNPRINTF_CONST | ||
1608 | |||
1609 | /* Define to a Set Process Title type if your system is supported by | ||
1610 | bsd-setproctitle.c */ | ||
1611 | #undef SPT_TYPE | ||
1612 | |||
1613 | /* Define if sshd somehow reacquires a controlling TTY after setsid() */ | ||
1614 | #undef SSHD_ACQUIRES_CTTY | ||
1615 | |||
1616 | /* sshd PAM service name */ | ||
1617 | #undef SSHD_PAM_SERVICE | ||
1618 | |||
1619 | /* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ | ||
1620 | #undef SSHPAM_CHAUTHTOK_NEEDS_RUID | ||
1621 | |||
1622 | /* Use audit debugging module */ | ||
1623 | #undef SSH_AUDIT_EVENTS | ||
1624 | |||
1625 | /* Windows is sensitive to read buffer size */ | ||
1626 | #undef SSH_IOBUFSZ | ||
1627 | |||
1628 | /* non-privileged user for privilege separation */ | ||
1629 | #undef SSH_PRIVSEP_USER | ||
1630 | |||
1631 | /* Use tunnel device compatibility to OpenBSD */ | ||
1632 | #undef SSH_TUN_COMPAT_AF | ||
1633 | |||
1634 | /* Open tunnel devices the FreeBSD way */ | ||
1635 | #undef SSH_TUN_FREEBSD | ||
1636 | |||
1637 | /* Open tunnel devices the Linux tun/tap way */ | ||
1638 | #undef SSH_TUN_LINUX | ||
1639 | |||
1640 | /* No layer 2 tunnel support */ | ||
1641 | #undef SSH_TUN_NO_L2 | ||
1642 | |||
1643 | /* Open tunnel devices the OpenBSD way */ | ||
1644 | #undef SSH_TUN_OPENBSD | ||
1645 | |||
1646 | /* Prepend the address family to IP tunnel traffic */ | ||
1647 | #undef SSH_TUN_PREPEND_AF | ||
1648 | |||
1649 | /* Define to 1 if you have the ANSI C header files. */ | ||
1650 | #undef STDC_HEADERS | ||
1651 | |||
1652 | /* Define if you want a different $PATH for the superuser */ | ||
1653 | #undef SUPERUSER_PATH | ||
1654 | |||
1655 | /* syslog_r function is safe to use in in a signal handler */ | ||
1656 | #undef SYSLOG_R_SAFE_IN_SIGHAND | ||
1657 | |||
1658 | /* Support passwords > 8 chars */ | ||
1659 | #undef UNIXWARE_LONG_PASSWORDS | ||
1660 | |||
1661 | /* Specify default $PATH */ | ||
1662 | #undef USER_PATH | ||
1663 | |||
1664 | /* Define this if you want to use libkafs' AFS support */ | ||
1665 | #undef USE_AFS | ||
1666 | |||
1667 | /* Use BSM audit module */ | ||
1668 | #undef USE_BSM_AUDIT | ||
1669 | |||
1670 | /* Use btmp to log bad logins */ | ||
1671 | #undef USE_BTMP | ||
1672 | |||
1673 | /* Use libedit for sftp */ | ||
1674 | #undef USE_LIBEDIT | ||
1675 | |||
1676 | /* Use Linux audit module */ | ||
1677 | #undef USE_LINUX_AUDIT | ||
1678 | |||
1679 | /* Enable OpenSSL engine support */ | ||
1680 | #undef USE_OPENSSL_ENGINE | ||
1681 | |||
1682 | /* Define if you want to enable PAM support */ | ||
1683 | #undef USE_PAM | ||
1684 | |||
1685 | /* Use PIPES instead of a socketpair() */ | ||
1686 | #undef USE_PIPES | ||
1687 | |||
1688 | /* Define if you have Solaris privileges */ | ||
1689 | #undef USE_SOLARIS_PRIVS | ||
1690 | |||
1691 | /* Define if you have Solaris process contracts */ | ||
1692 | #undef USE_SOLARIS_PROCESS_CONTRACTS | ||
1693 | |||
1694 | /* Define if you have Solaris projects */ | ||
1695 | #undef USE_SOLARIS_PROJECTS | ||
1696 | |||
1697 | /* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ | ||
1698 | #undef WITH_ABBREV_NO_TTY | ||
1699 | |||
1700 | /* Define if you want to enable AIX4's authenticate function */ | ||
1701 | #undef WITH_AIXAUTHENTICATE | ||
1702 | |||
1703 | /* Define if you have/want arrays (cluster-wide session managment, not C | ||
1704 | arrays) */ | ||
1705 | #undef WITH_IRIX_ARRAY | ||
1706 | |||
1707 | /* Define if you want IRIX audit trails */ | ||
1708 | #undef WITH_IRIX_AUDIT | ||
1709 | |||
1710 | /* Define if you want IRIX kernel jobs */ | ||
1711 | #undef WITH_IRIX_JOBS | ||
1712 | |||
1713 | /* Define if you want IRIX project management */ | ||
1714 | #undef WITH_IRIX_PROJECT | ||
1715 | |||
1716 | /* use libcrypto for cryptography */ | ||
1717 | #undef WITH_OPENSSL | ||
1718 | |||
1719 | /* Define if you want SELinux support. */ | ||
1720 | #undef WITH_SELINUX | ||
1721 | |||
1722 | /* include SSH protocol version 1 support */ | ||
1723 | #undef WITH_SSH1 | ||
1724 | |||
1725 | /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most | ||
1726 | significant byte first (like Motorola and SPARC, unlike Intel). */ | ||
1727 | #if defined AC_APPLE_UNIVERSAL_BUILD | ||
1728 | # if defined __BIG_ENDIAN__ | ||
1729 | # define WORDS_BIGENDIAN 1 | ||
1730 | # endif | ||
1731 | #else | ||
1732 | # ifndef WORDS_BIGENDIAN | ||
1733 | # undef WORDS_BIGENDIAN | ||
1734 | # endif | ||
1735 | #endif | ||
1736 | |||
1737 | /* Define if xauth is found in your path */ | ||
1738 | #undef XAUTH_PATH | ||
1739 | |||
1740 | /* Enable large inode numbers on Mac OS X 10.5. */ | ||
1741 | #ifndef _DARWIN_USE_64_BIT_INODE | ||
1742 | # define _DARWIN_USE_64_BIT_INODE 1 | ||
1743 | #endif | ||
1744 | |||
1745 | /* Number of bits in a file offset, on hosts where this is settable. */ | ||
1746 | #undef _FILE_OFFSET_BITS | ||
1747 | |||
1748 | /* Define for large files, on AIX-style hosts. */ | ||
1749 | #undef _LARGE_FILES | ||
1750 | |||
1751 | /* log for bad login attempts */ | ||
1752 | #undef _PATH_BTMP | ||
1753 | |||
1754 | /* Full path of your "passwd" program */ | ||
1755 | #undef _PATH_PASSWD_PROG | ||
1756 | |||
1757 | /* Specify location of ssh.pid */ | ||
1758 | #undef _PATH_SSH_PIDDIR | ||
1759 | |||
1760 | /* Define if we don't have struct __res_state in resolv.h */ | ||
1761 | #undef __res_state | ||
1762 | |||
1763 | /* Define to `__inline__' or `__inline' if that's what the C compiler | ||
1764 | calls it, or to nothing if 'inline' is not supported under any name. */ | ||
1765 | #ifndef __cplusplus | ||
1766 | #undef inline | ||
1767 | #endif | ||
1768 | |||
1769 | /* type to use in place of socklen_t if not defined */ | ||
1770 | #undef socklen_t | ||
diff --git a/configure b/configure new file mode 100755 index 000000000..5eaaa392f --- /dev/null +++ b/configure | |||
@@ -0,0 +1,20446 @@ | |||
1 | #! /bin/sh | ||
2 | # From configure.ac Revision: 1.583 . | ||
3 | # Guess values for system-dependent variables and create Makefiles. | ||
4 | # Generated by GNU Autoconf 2.69 for OpenSSH Portable. | ||
5 | # | ||
6 | # Report bugs to <openssh-unix-dev@mindrot.org>. | ||
7 | # | ||
8 | # | ||
9 | # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. | ||
10 | # | ||
11 | # | ||
12 | # This configure script is free software; the Free Software Foundation | ||
13 | # gives unlimited permission to copy, distribute and modify it. | ||
14 | ## -------------------- ## | ||
15 | ## M4sh Initialization. ## | ||
16 | ## -------------------- ## | ||
17 | |||
18 | # Be more Bourne compatible | ||
19 | DUALCASE=1; export DUALCASE # for MKS sh | ||
20 | if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : | ||
21 | emulate sh | ||
22 | NULLCMD=: | ||
23 | # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which | ||
24 | # is contrary to our usage. Disable this feature. | ||
25 | alias -g '${1+"$@"}'='"$@"' | ||
26 | setopt NO_GLOB_SUBST | ||
27 | else | ||
28 | case `(set -o) 2>/dev/null` in #( | ||
29 | *posix*) : | ||
30 | set -o posix ;; #( | ||
31 | *) : | ||
32 | ;; | ||
33 | esac | ||
34 | fi | ||
35 | |||
36 | |||
37 | as_nl=' | ||
38 | ' | ||
39 | export as_nl | ||
40 | # Printing a long string crashes Solaris 7 /usr/bin/printf. | ||
41 | as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' | ||
42 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo | ||
43 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo | ||
44 | # Prefer a ksh shell builtin over an external printf program on Solaris, | ||
45 | # but without wasting forks for bash or zsh. | ||
46 | if test -z "$BASH_VERSION$ZSH_VERSION" \ | ||
47 | && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
48 | as_echo='print -r --' | ||
49 | as_echo_n='print -rn --' | ||
50 | elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
51 | as_echo='printf %s\n' | ||
52 | as_echo_n='printf %s' | ||
53 | else | ||
54 | if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then | ||
55 | as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' | ||
56 | as_echo_n='/usr/ucb/echo -n' | ||
57 | else | ||
58 | as_echo_body='eval expr "X$1" : "X\\(.*\\)"' | ||
59 | as_echo_n_body='eval | ||
60 | arg=$1; | ||
61 | case $arg in #( | ||
62 | *"$as_nl"*) | ||
63 | expr "X$arg" : "X\\(.*\\)$as_nl"; | ||
64 | arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; | ||
65 | esac; | ||
66 | expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" | ||
67 | ' | ||
68 | export as_echo_n_body | ||
69 | as_echo_n='sh -c $as_echo_n_body as_echo' | ||
70 | fi | ||
71 | export as_echo_body | ||
72 | as_echo='sh -c $as_echo_body as_echo' | ||
73 | fi | ||
74 | |||
75 | # The user is always right. | ||
76 | if test "${PATH_SEPARATOR+set}" != set; then | ||
77 | PATH_SEPARATOR=: | ||
78 | (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { | ||
79 | (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || | ||
80 | PATH_SEPARATOR=';' | ||
81 | } | ||
82 | fi | ||
83 | |||
84 | |||
85 | # IFS | ||
86 | # We need space, tab and new line, in precisely that order. Quoting is | ||
87 | # there to prevent editors from complaining about space-tab. | ||
88 | # (If _AS_PATH_WALK were called with IFS unset, it would disable word | ||
89 | # splitting by setting IFS to empty value.) | ||
90 | IFS=" "" $as_nl" | ||
91 | |||
92 | # Find who we are. Look in the path if we contain no directory separator. | ||
93 | as_myself= | ||
94 | case $0 in #(( | ||
95 | *[\\/]* ) as_myself=$0 ;; | ||
96 | *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
97 | for as_dir in $PATH | ||
98 | do | ||
99 | IFS=$as_save_IFS | ||
100 | test -z "$as_dir" && as_dir=. | ||
101 | test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break | ||
102 | done | ||
103 | IFS=$as_save_IFS | ||
104 | |||
105 | ;; | ||
106 | esac | ||
107 | # We did not find ourselves, most probably we were run as `sh COMMAND' | ||
108 | # in which case we are not to be found in the path. | ||
109 | if test "x$as_myself" = x; then | ||
110 | as_myself=$0 | ||
111 | fi | ||
112 | if test ! -f "$as_myself"; then | ||
113 | $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 | ||
114 | exit 1 | ||
115 | fi | ||
116 | |||
117 | # Unset variables that we do not need and which cause bugs (e.g. in | ||
118 | # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" | ||
119 | # suppresses any "Segmentation fault" message there. '((' could | ||
120 | # trigger a bug in pdksh 5.2.14. | ||
121 | for as_var in BASH_ENV ENV MAIL MAILPATH | ||
122 | do eval test x\${$as_var+set} = xset \ | ||
123 | && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : | ||
124 | done | ||
125 | PS1='$ ' | ||
126 | PS2='> ' | ||
127 | PS4='+ ' | ||
128 | |||
129 | # NLS nuisances. | ||
130 | LC_ALL=C | ||
131 | export LC_ALL | ||
132 | LANGUAGE=C | ||
133 | export LANGUAGE | ||
134 | |||
135 | # CDPATH. | ||
136 | (unset CDPATH) >/dev/null 2>&1 && unset CDPATH | ||
137 | |||
138 | # Use a proper internal environment variable to ensure we don't fall | ||
139 | # into an infinite loop, continuously re-executing ourselves. | ||
140 | if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then | ||
141 | _as_can_reexec=no; export _as_can_reexec; | ||
142 | # We cannot yet assume a decent shell, so we have to provide a | ||
143 | # neutralization value for shells without unset; and this also | ||
144 | # works around shells that cannot unset nonexistent variables. | ||
145 | # Preserve -v and -x to the replacement shell. | ||
146 | BASH_ENV=/dev/null | ||
147 | ENV=/dev/null | ||
148 | (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
149 | case $- in # (((( | ||
150 | *v*x* | *x*v* ) as_opts=-vx ;; | ||
151 | *v* ) as_opts=-v ;; | ||
152 | *x* ) as_opts=-x ;; | ||
153 | * ) as_opts= ;; | ||
154 | esac | ||
155 | exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} | ||
156 | # Admittedly, this is quite paranoid, since all the known shells bail | ||
157 | # out after a failed `exec'. | ||
158 | $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 | ||
159 | as_fn_exit 255 | ||
160 | fi | ||
161 | # We don't want this to propagate to other subprocesses. | ||
162 | { _as_can_reexec=; unset _as_can_reexec;} | ||
163 | if test "x$CONFIG_SHELL" = x; then | ||
164 | as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : | ||
165 | emulate sh | ||
166 | NULLCMD=: | ||
167 | # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which | ||
168 | # is contrary to our usage. Disable this feature. | ||
169 | alias -g '\${1+\"\$@\"}'='\"\$@\"' | ||
170 | setopt NO_GLOB_SUBST | ||
171 | else | ||
172 | case \`(set -o) 2>/dev/null\` in #( | ||
173 | *posix*) : | ||
174 | set -o posix ;; #( | ||
175 | *) : | ||
176 | ;; | ||
177 | esac | ||
178 | fi | ||
179 | " | ||
180 | as_required="as_fn_return () { (exit \$1); } | ||
181 | as_fn_success () { as_fn_return 0; } | ||
182 | as_fn_failure () { as_fn_return 1; } | ||
183 | as_fn_ret_success () { return 0; } | ||
184 | as_fn_ret_failure () { return 1; } | ||
185 | |||
186 | exitcode=0 | ||
187 | as_fn_success || { exitcode=1; echo as_fn_success failed.; } | ||
188 | as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } | ||
189 | as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } | ||
190 | as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } | ||
191 | if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : | ||
192 | |||
193 | else | ||
194 | exitcode=1; echo positional parameters were not saved. | ||
195 | fi | ||
196 | test x\$exitcode = x0 || exit 1 | ||
197 | test -x / || exit 1" | ||
198 | as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO | ||
199 | as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO | ||
200 | eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && | ||
201 | test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 | ||
202 | test \$(( 1 + 1 )) = 2 || exit 1" | ||
203 | if (eval "$as_required") 2>/dev/null; then : | ||
204 | as_have_required=yes | ||
205 | else | ||
206 | as_have_required=no | ||
207 | fi | ||
208 | if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : | ||
209 | |||
210 | else | ||
211 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
212 | as_found=false | ||
213 | for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH | ||
214 | do | ||
215 | IFS=$as_save_IFS | ||
216 | test -z "$as_dir" && as_dir=. | ||
217 | as_found=: | ||
218 | case $as_dir in #( | ||
219 | /*) | ||
220 | for as_base in sh bash ksh sh5; do | ||
221 | # Try only shells that exist, to save several forks. | ||
222 | as_shell=$as_dir/$as_base | ||
223 | if { test -f "$as_shell" || test -f "$as_shell.exe"; } && | ||
224 | { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : | ||
225 | CONFIG_SHELL=$as_shell as_have_required=yes | ||
226 | if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : | ||
227 | break 2 | ||
228 | fi | ||
229 | fi | ||
230 | done;; | ||
231 | esac | ||
232 | as_found=false | ||
233 | done | ||
234 | $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && | ||
235 | { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : | ||
236 | CONFIG_SHELL=$SHELL as_have_required=yes | ||
237 | fi; } | ||
238 | IFS=$as_save_IFS | ||
239 | |||
240 | |||
241 | if test "x$CONFIG_SHELL" != x; then : | ||
242 | export CONFIG_SHELL | ||
243 | # We cannot yet assume a decent shell, so we have to provide a | ||
244 | # neutralization value for shells without unset; and this also | ||
245 | # works around shells that cannot unset nonexistent variables. | ||
246 | # Preserve -v and -x to the replacement shell. | ||
247 | BASH_ENV=/dev/null | ||
248 | ENV=/dev/null | ||
249 | (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
250 | case $- in # (((( | ||
251 | *v*x* | *x*v* ) as_opts=-vx ;; | ||
252 | *v* ) as_opts=-v ;; | ||
253 | *x* ) as_opts=-x ;; | ||
254 | * ) as_opts= ;; | ||
255 | esac | ||
256 | exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} | ||
257 | # Admittedly, this is quite paranoid, since all the known shells bail | ||
258 | # out after a failed `exec'. | ||
259 | $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 | ||
260 | exit 255 | ||
261 | fi | ||
262 | |||
263 | if test x$as_have_required = xno; then : | ||
264 | $as_echo "$0: This script requires a shell more modern than all" | ||
265 | $as_echo "$0: the shells that I found on your system." | ||
266 | if test x${ZSH_VERSION+set} = xset ; then | ||
267 | $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" | ||
268 | $as_echo "$0: be upgraded to zsh 4.3.4 or later." | ||
269 | else | ||
270 | $as_echo "$0: Please tell bug-autoconf@gnu.org and | ||
271 | $0: openssh-unix-dev@mindrot.org about your system, | ||
272 | $0: including any error possibly output before this | ||
273 | $0: message. Then install a modern shell, or manually run | ||
274 | $0: the script under such a shell if you do have one." | ||
275 | fi | ||
276 | exit 1 | ||
277 | fi | ||
278 | fi | ||
279 | fi | ||
280 | SHELL=${CONFIG_SHELL-/bin/sh} | ||
281 | export SHELL | ||
282 | # Unset more variables known to interfere with behavior of common tools. | ||
283 | CLICOLOR_FORCE= GREP_OPTIONS= | ||
284 | unset CLICOLOR_FORCE GREP_OPTIONS | ||
285 | |||
286 | ## --------------------- ## | ||
287 | ## M4sh Shell Functions. ## | ||
288 | ## --------------------- ## | ||
289 | # as_fn_unset VAR | ||
290 | # --------------- | ||
291 | # Portably unset VAR. | ||
292 | as_fn_unset () | ||
293 | { | ||
294 | { eval $1=; unset $1;} | ||
295 | } | ||
296 | as_unset=as_fn_unset | ||
297 | |||
298 | # as_fn_set_status STATUS | ||
299 | # ----------------------- | ||
300 | # Set $? to STATUS, without forking. | ||
301 | as_fn_set_status () | ||
302 | { | ||
303 | return $1 | ||
304 | } # as_fn_set_status | ||
305 | |||
306 | # as_fn_exit STATUS | ||
307 | # ----------------- | ||
308 | # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. | ||
309 | as_fn_exit () | ||
310 | { | ||
311 | set +e | ||
312 | as_fn_set_status $1 | ||
313 | exit $1 | ||
314 | } # as_fn_exit | ||
315 | |||
316 | # as_fn_mkdir_p | ||
317 | # ------------- | ||
318 | # Create "$as_dir" as a directory, including parents if necessary. | ||
319 | as_fn_mkdir_p () | ||
320 | { | ||
321 | |||
322 | case $as_dir in #( | ||
323 | -*) as_dir=./$as_dir;; | ||
324 | esac | ||
325 | test -d "$as_dir" || eval $as_mkdir_p || { | ||
326 | as_dirs= | ||
327 | while :; do | ||
328 | case $as_dir in #( | ||
329 | *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( | ||
330 | *) as_qdir=$as_dir;; | ||
331 | esac | ||
332 | as_dirs="'$as_qdir' $as_dirs" | ||
333 | as_dir=`$as_dirname -- "$as_dir" || | ||
334 | $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
335 | X"$as_dir" : 'X\(//\)[^/]' \| \ | ||
336 | X"$as_dir" : 'X\(//\)$' \| \ | ||
337 | X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || | ||
338 | $as_echo X"$as_dir" | | ||
339 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
340 | s//\1/ | ||
341 | q | ||
342 | } | ||
343 | /^X\(\/\/\)[^/].*/{ | ||
344 | s//\1/ | ||
345 | q | ||
346 | } | ||
347 | /^X\(\/\/\)$/{ | ||
348 | s//\1/ | ||
349 | q | ||
350 | } | ||
351 | /^X\(\/\).*/{ | ||
352 | s//\1/ | ||
353 | q | ||
354 | } | ||
355 | s/.*/./; q'` | ||
356 | test -d "$as_dir" && break | ||
357 | done | ||
358 | test -z "$as_dirs" || eval "mkdir $as_dirs" | ||
359 | } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" | ||
360 | |||
361 | |||
362 | } # as_fn_mkdir_p | ||
363 | |||
364 | # as_fn_executable_p FILE | ||
365 | # ----------------------- | ||
366 | # Test if FILE is an executable regular file. | ||
367 | as_fn_executable_p () | ||
368 | { | ||
369 | test -f "$1" && test -x "$1" | ||
370 | } # as_fn_executable_p | ||
371 | # as_fn_append VAR VALUE | ||
372 | # ---------------------- | ||
373 | # Append the text in VALUE to the end of the definition contained in VAR. Take | ||
374 | # advantage of any shell optimizations that allow amortized linear growth over | ||
375 | # repeated appends, instead of the typical quadratic growth present in naive | ||
376 | # implementations. | ||
377 | if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : | ||
378 | eval 'as_fn_append () | ||
379 | { | ||
380 | eval $1+=\$2 | ||
381 | }' | ||
382 | else | ||
383 | as_fn_append () | ||
384 | { | ||
385 | eval $1=\$$1\$2 | ||
386 | } | ||
387 | fi # as_fn_append | ||
388 | |||
389 | # as_fn_arith ARG... | ||
390 | # ------------------ | ||
391 | # Perform arithmetic evaluation on the ARGs, and store the result in the | ||
392 | # global $as_val. Take advantage of shells that can avoid forks. The arguments | ||
393 | # must be portable across $(()) and expr. | ||
394 | if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : | ||
395 | eval 'as_fn_arith () | ||
396 | { | ||
397 | as_val=$(( $* )) | ||
398 | }' | ||
399 | else | ||
400 | as_fn_arith () | ||
401 | { | ||
402 | as_val=`expr "$@" || test $? -eq 1` | ||
403 | } | ||
404 | fi # as_fn_arith | ||
405 | |||
406 | |||
407 | # as_fn_error STATUS ERROR [LINENO LOG_FD] | ||
408 | # ---------------------------------------- | ||
409 | # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are | ||
410 | # provided, also output the error to LOG_FD, referencing LINENO. Then exit the | ||
411 | # script with STATUS, using 1 if that was 0. | ||
412 | as_fn_error () | ||
413 | { | ||
414 | as_status=$1; test $as_status -eq 0 && as_status=1 | ||
415 | if test "$4"; then | ||
416 | as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
417 | $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 | ||
418 | fi | ||
419 | $as_echo "$as_me: error: $2" >&2 | ||
420 | as_fn_exit $as_status | ||
421 | } # as_fn_error | ||
422 | |||
423 | if expr a : '\(a\)' >/dev/null 2>&1 && | ||
424 | test "X`expr 00001 : '.*\(...\)'`" = X001; then | ||
425 | as_expr=expr | ||
426 | else | ||
427 | as_expr=false | ||
428 | fi | ||
429 | |||
430 | if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then | ||
431 | as_basename=basename | ||
432 | else | ||
433 | as_basename=false | ||
434 | fi | ||
435 | |||
436 | if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then | ||
437 | as_dirname=dirname | ||
438 | else | ||
439 | as_dirname=false | ||
440 | fi | ||
441 | |||
442 | as_me=`$as_basename -- "$0" || | ||
443 | $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ | ||
444 | X"$0" : 'X\(//\)$' \| \ | ||
445 | X"$0" : 'X\(/\)' \| . 2>/dev/null || | ||
446 | $as_echo X/"$0" | | ||
447 | sed '/^.*\/\([^/][^/]*\)\/*$/{ | ||
448 | s//\1/ | ||
449 | q | ||
450 | } | ||
451 | /^X\/\(\/\/\)$/{ | ||
452 | s//\1/ | ||
453 | q | ||
454 | } | ||
455 | /^X\/\(\/\).*/{ | ||
456 | s//\1/ | ||
457 | q | ||
458 | } | ||
459 | s/.*/./; q'` | ||
460 | |||
461 | # Avoid depending upon Character Ranges. | ||
462 | as_cr_letters='abcdefghijklmnopqrstuvwxyz' | ||
463 | as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' | ||
464 | as_cr_Letters=$as_cr_letters$as_cr_LETTERS | ||
465 | as_cr_digits='0123456789' | ||
466 | as_cr_alnum=$as_cr_Letters$as_cr_digits | ||
467 | |||
468 | |||
469 | as_lineno_1=$LINENO as_lineno_1a=$LINENO | ||
470 | as_lineno_2=$LINENO as_lineno_2a=$LINENO | ||
471 | eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && | ||
472 | test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { | ||
473 | # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) | ||
474 | sed -n ' | ||
475 | p | ||
476 | /[$]LINENO/= | ||
477 | ' <$as_myself | | ||
478 | sed ' | ||
479 | s/[$]LINENO.*/&-/ | ||
480 | t lineno | ||
481 | b | ||
482 | :lineno | ||
483 | N | ||
484 | :loop | ||
485 | s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ | ||
486 | t loop | ||
487 | s/-\n.*// | ||
488 | ' >$as_me.lineno && | ||
489 | chmod +x "$as_me.lineno" || | ||
490 | { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } | ||
491 | |||
492 | # If we had to re-execute with $CONFIG_SHELL, we're ensured to have | ||
493 | # already done that, so ensure we don't try to do so again and fall | ||
494 | # in an infinite loop. This has already happened in practice. | ||
495 | _as_can_reexec=no; export _as_can_reexec | ||
496 | # Don't try to exec as it changes $[0], causing all sort of problems | ||
497 | # (the dirname of $[0] is not the place where we might find the | ||
498 | # original and so on. Autoconf is especially sensitive to this). | ||
499 | . "./$as_me.lineno" | ||
500 | # Exit status is that of the last command. | ||
501 | exit | ||
502 | } | ||
503 | |||
504 | ECHO_C= ECHO_N= ECHO_T= | ||
505 | case `echo -n x` in #((((( | ||
506 | -n*) | ||
507 | case `echo 'xy\c'` in | ||
508 | *c*) ECHO_T=' ';; # ECHO_T is single tab character. | ||
509 | xy) ECHO_C='\c';; | ||
510 | *) echo `echo ksh88 bug on AIX 6.1` > /dev/null | ||
511 | ECHO_T=' ';; | ||
512 | esac;; | ||
513 | *) | ||
514 | ECHO_N='-n';; | ||
515 | esac | ||
516 | |||
517 | rm -f conf$$ conf$$.exe conf$$.file | ||
518 | if test -d conf$$.dir; then | ||
519 | rm -f conf$$.dir/conf$$.file | ||
520 | else | ||
521 | rm -f conf$$.dir | ||
522 | mkdir conf$$.dir 2>/dev/null | ||
523 | fi | ||
524 | if (echo >conf$$.file) 2>/dev/null; then | ||
525 | if ln -s conf$$.file conf$$ 2>/dev/null; then | ||
526 | as_ln_s='ln -s' | ||
527 | # ... but there are two gotchas: | ||
528 | # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. | ||
529 | # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. | ||
530 | # In both cases, we have to default to `cp -pR'. | ||
531 | ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || | ||
532 | as_ln_s='cp -pR' | ||
533 | elif ln conf$$.file conf$$ 2>/dev/null; then | ||
534 | as_ln_s=ln | ||
535 | else | ||
536 | as_ln_s='cp -pR' | ||
537 | fi | ||
538 | else | ||
539 | as_ln_s='cp -pR' | ||
540 | fi | ||
541 | rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file | ||
542 | rmdir conf$$.dir 2>/dev/null | ||
543 | |||
544 | if mkdir -p . 2>/dev/null; then | ||
545 | as_mkdir_p='mkdir -p "$as_dir"' | ||
546 | else | ||
547 | test -d ./-p && rmdir ./-p | ||
548 | as_mkdir_p=false | ||
549 | fi | ||
550 | |||
551 | as_test_x='test -x' | ||
552 | as_executable_p=as_fn_executable_p | ||
553 | |||
554 | # Sed expression to map a string onto a valid CPP name. | ||
555 | as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" | ||
556 | |||
557 | # Sed expression to map a string onto a valid variable name. | ||
558 | as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" | ||
559 | |||
560 | |||
561 | test -n "$DJDIR" || exec 7<&0 </dev/null | ||
562 | exec 6>&1 | ||
563 | |||
564 | # Name of the host. | ||
565 | # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, | ||
566 | # so uname gets run too. | ||
567 | ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` | ||
568 | |||
569 | # | ||
570 | # Initializations. | ||
571 | # | ||
572 | ac_default_prefix=/usr/local | ||
573 | ac_clean_files= | ||
574 | ac_config_libobj_dir=. | ||
575 | LIBOBJS= | ||
576 | cross_compiling=no | ||
577 | subdirs= | ||
578 | MFLAGS= | ||
579 | MAKEFLAGS= | ||
580 | |||
581 | # Identity of this package. | ||
582 | PACKAGE_NAME='OpenSSH' | ||
583 | PACKAGE_TARNAME='openssh' | ||
584 | PACKAGE_VERSION='Portable' | ||
585 | PACKAGE_STRING='OpenSSH Portable' | ||
586 | PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org' | ||
587 | PACKAGE_URL='' | ||
588 | |||
589 | ac_unique_file="ssh.c" | ||
590 | # Factoring default headers for most tests. | ||
591 | ac_includes_default="\ | ||
592 | #include <stdio.h> | ||
593 | #ifdef HAVE_SYS_TYPES_H | ||
594 | # include <sys/types.h> | ||
595 | #endif | ||
596 | #ifdef HAVE_SYS_STAT_H | ||
597 | # include <sys/stat.h> | ||
598 | #endif | ||
599 | #ifdef STDC_HEADERS | ||
600 | # include <stdlib.h> | ||
601 | # include <stddef.h> | ||
602 | #else | ||
603 | # ifdef HAVE_STDLIB_H | ||
604 | # include <stdlib.h> | ||
605 | # endif | ||
606 | #endif | ||
607 | #ifdef HAVE_STRING_H | ||
608 | # if !defined STDC_HEADERS && defined HAVE_MEMORY_H | ||
609 | # include <memory.h> | ||
610 | # endif | ||
611 | # include <string.h> | ||
612 | #endif | ||
613 | #ifdef HAVE_STRINGS_H | ||
614 | # include <strings.h> | ||
615 | #endif | ||
616 | #ifdef HAVE_INTTYPES_H | ||
617 | # include <inttypes.h> | ||
618 | #endif | ||
619 | #ifdef HAVE_STDINT_H | ||
620 | # include <stdint.h> | ||
621 | #endif | ||
622 | #ifdef HAVE_UNISTD_H | ||
623 | # include <unistd.h> | ||
624 | #endif" | ||
625 | |||
626 | ac_subst_vars='LTLIBOBJS | ||
627 | LIBOBJS | ||
628 | UNSUPPORTED_ALGORITHMS | ||
629 | TEST_MALLOC_OPTIONS | ||
630 | TEST_SSH_UTF8 | ||
631 | TEST_SSH_IPV6 | ||
632 | piddir | ||
633 | user_path | ||
634 | mansubdir | ||
635 | MANTYPE | ||
636 | XAUTH_PATH | ||
637 | STRIP_OPT | ||
638 | xauth_path | ||
639 | PRIVSEP_PATH | ||
640 | K5LIBS | ||
641 | GSSLIBS | ||
642 | KRB5CONF | ||
643 | SSHDLIBS | ||
644 | SSHLIBS | ||
645 | SSH_PRIVSEP_USER | ||
646 | COMMENT_OUT_ECC | ||
647 | TEST_SSH_ECC | ||
648 | LIBEDIT | ||
649 | PKGCONFIG | ||
650 | LDNSCONFIG | ||
651 | COMMENT_OUT_RSA1 | ||
652 | LD | ||
653 | PATH_PASSWD_PROG | ||
654 | STARTUP_SCRIPT_SHELL | ||
655 | MAKE_PACKAGE_SUPPORTED | ||
656 | PATH_USERADD_PROG | ||
657 | PATH_GROUPADD_PROG | ||
658 | MANFMT | ||
659 | TEST_SHELL | ||
660 | MANDOC | ||
661 | NROFF | ||
662 | GROFF | ||
663 | SH | ||
664 | TEST_MINUS_S_SH | ||
665 | ENT | ||
666 | SED | ||
667 | PERL | ||
668 | KILL | ||
669 | CAT | ||
670 | ac_ct_AR | ||
671 | AR | ||
672 | INSTALL_DATA | ||
673 | INSTALL_SCRIPT | ||
674 | INSTALL_PROGRAM | ||
675 | RANLIB | ||
676 | AWK | ||
677 | EGREP | ||
678 | GREP | ||
679 | CPP | ||
680 | host_os | ||
681 | host_vendor | ||
682 | host_cpu | ||
683 | host | ||
684 | build_os | ||
685 | build_vendor | ||
686 | build_cpu | ||
687 | build | ||
688 | OBJEXT | ||
689 | EXEEXT | ||
690 | ac_ct_CC | ||
691 | CPPFLAGS | ||
692 | LDFLAGS | ||
693 | CFLAGS | ||
694 | CC | ||
695 | target_alias | ||
696 | host_alias | ||
697 | build_alias | ||
698 | LIBS | ||
699 | ECHO_T | ||
700 | ECHO_N | ||
701 | ECHO_C | ||
702 | DEFS | ||
703 | mandir | ||
704 | localedir | ||
705 | libdir | ||
706 | psdir | ||
707 | pdfdir | ||
708 | dvidir | ||
709 | htmldir | ||
710 | infodir | ||
711 | docdir | ||
712 | oldincludedir | ||
713 | includedir | ||
714 | localstatedir | ||
715 | sharedstatedir | ||
716 | sysconfdir | ||
717 | datadir | ||
718 | datarootdir | ||
719 | libexecdir | ||
720 | sbindir | ||
721 | bindir | ||
722 | program_transform_name | ||
723 | prefix | ||
724 | exec_prefix | ||
725 | PACKAGE_URL | ||
726 | PACKAGE_BUGREPORT | ||
727 | PACKAGE_STRING | ||
728 | PACKAGE_VERSION | ||
729 | PACKAGE_TARNAME | ||
730 | PACKAGE_NAME | ||
731 | PATH_SEPARATOR | ||
732 | SHELL' | ||
733 | ac_subst_files='' | ||
734 | ac_user_opts=' | ||
735 | enable_option_checking | ||
736 | enable_largefile | ||
737 | with_openssl | ||
738 | with_ssh1 | ||
739 | with_stackprotect | ||
740 | with_hardening | ||
741 | with_rpath | ||
742 | with_cflags | ||
743 | with_cppflags | ||
744 | with_ldflags | ||
745 | with_libs | ||
746 | with_Werror | ||
747 | with_solaris_contracts | ||
748 | with_solaris_projects | ||
749 | with_solaris_privs | ||
750 | with_osfsia | ||
751 | with_zlib | ||
752 | with_zlib_version_check | ||
753 | with_skey | ||
754 | with_ldns | ||
755 | with_libedit | ||
756 | with_audit | ||
757 | with_pie | ||
758 | enable_pkcs11 | ||
759 | with_ssl_dir | ||
760 | with_openssl_header_check | ||
761 | with_ssl_engine | ||
762 | with_prngd_port | ||
763 | with_prngd_socket | ||
764 | with_pam | ||
765 | with_pam_service | ||
766 | with_privsep_user | ||
767 | with_sandbox | ||
768 | with_selinux | ||
769 | with_kerberos5 | ||
770 | with_privsep_path | ||
771 | with_xauth | ||
772 | enable_strip | ||
773 | with_maildir | ||
774 | with_mantype | ||
775 | with_md5_passwords | ||
776 | with_shadow | ||
777 | with_ipaddr_display | ||
778 | enable_etc_default_login | ||
779 | with_default_path | ||
780 | with_superuser_path | ||
781 | with_4in6 | ||
782 | with_bsd_auth | ||
783 | with_pid_dir | ||
784 | enable_lastlog | ||
785 | enable_utmp | ||
786 | enable_utmpx | ||
787 | enable_wtmp | ||
788 | enable_wtmpx | ||
789 | enable_libutil | ||
790 | enable_pututline | ||
791 | enable_pututxline | ||
792 | with_lastlog | ||
793 | ' | ||
794 | ac_precious_vars='build_alias | ||
795 | host_alias | ||
796 | target_alias | ||
797 | CC | ||
798 | CFLAGS | ||
799 | LDFLAGS | ||
800 | LIBS | ||
801 | CPPFLAGS | ||
802 | CPP' | ||
803 | |||
804 | |||
805 | # Initialize some variables set by options. | ||
806 | ac_init_help= | ||
807 | ac_init_version=false | ||
808 | ac_unrecognized_opts= | ||
809 | ac_unrecognized_sep= | ||
810 | # The variables have the same names as the options, with | ||
811 | # dashes changed to underlines. | ||
812 | cache_file=/dev/null | ||
813 | exec_prefix=NONE | ||
814 | no_create= | ||
815 | no_recursion= | ||
816 | prefix=NONE | ||
817 | program_prefix=NONE | ||
818 | program_suffix=NONE | ||
819 | program_transform_name=s,x,x, | ||
820 | silent= | ||
821 | site= | ||
822 | srcdir= | ||
823 | verbose= | ||
824 | x_includes=NONE | ||
825 | x_libraries=NONE | ||
826 | |||
827 | # Installation directory options. | ||
828 | # These are left unexpanded so users can "make install exec_prefix=/foo" | ||
829 | # and all the variables that are supposed to be based on exec_prefix | ||
830 | # by default will actually change. | ||
831 | # Use braces instead of parens because sh, perl, etc. also accept them. | ||
832 | # (The list follows the same order as the GNU Coding Standards.) | ||
833 | bindir='${exec_prefix}/bin' | ||
834 | sbindir='${exec_prefix}/sbin' | ||
835 | libexecdir='${exec_prefix}/libexec' | ||
836 | datarootdir='${prefix}/share' | ||
837 | datadir='${datarootdir}' | ||
838 | sysconfdir='${prefix}/etc' | ||
839 | sharedstatedir='${prefix}/com' | ||
840 | localstatedir='${prefix}/var' | ||
841 | includedir='${prefix}/include' | ||
842 | oldincludedir='/usr/include' | ||
843 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' | ||
844 | infodir='${datarootdir}/info' | ||
845 | htmldir='${docdir}' | ||
846 | dvidir='${docdir}' | ||
847 | pdfdir='${docdir}' | ||
848 | psdir='${docdir}' | ||
849 | libdir='${exec_prefix}/lib' | ||
850 | localedir='${datarootdir}/locale' | ||
851 | mandir='${datarootdir}/man' | ||
852 | |||
853 | ac_prev= | ||
854 | ac_dashdash= | ||
855 | for ac_option | ||
856 | do | ||
857 | # If the previous option needs an argument, assign it. | ||
858 | if test -n "$ac_prev"; then | ||
859 | eval $ac_prev=\$ac_option | ||
860 | ac_prev= | ||
861 | continue | ||
862 | fi | ||
863 | |||
864 | case $ac_option in | ||
865 | *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; | ||
866 | *=) ac_optarg= ;; | ||
867 | *) ac_optarg=yes ;; | ||
868 | esac | ||
869 | |||
870 | # Accept the important Cygnus configure options, so we can diagnose typos. | ||
871 | |||
872 | case $ac_dashdash$ac_option in | ||
873 | --) | ||
874 | ac_dashdash=yes ;; | ||
875 | |||
876 | -bindir | --bindir | --bindi | --bind | --bin | --bi) | ||
877 | ac_prev=bindir ;; | ||
878 | -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) | ||
879 | bindir=$ac_optarg ;; | ||
880 | |||
881 | -build | --build | --buil | --bui | --bu) | ||
882 | ac_prev=build_alias ;; | ||
883 | -build=* | --build=* | --buil=* | --bui=* | --bu=*) | ||
884 | build_alias=$ac_optarg ;; | ||
885 | |||
886 | -cache-file | --cache-file | --cache-fil | --cache-fi \ | ||
887 | | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) | ||
888 | ac_prev=cache_file ;; | ||
889 | -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | ||
890 | | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) | ||
891 | cache_file=$ac_optarg ;; | ||
892 | |||
893 | --config-cache | -C) | ||
894 | cache_file=config.cache ;; | ||
895 | |||
896 | -datadir | --datadir | --datadi | --datad) | ||
897 | ac_prev=datadir ;; | ||
898 | -datadir=* | --datadir=* | --datadi=* | --datad=*) | ||
899 | datadir=$ac_optarg ;; | ||
900 | |||
901 | -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | ||
902 | | --dataroo | --dataro | --datar) | ||
903 | ac_prev=datarootdir ;; | ||
904 | -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | ||
905 | | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) | ||
906 | datarootdir=$ac_optarg ;; | ||
907 | |||
908 | -disable-* | --disable-*) | ||
909 | ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` | ||
910 | # Reject names that are not valid shell variable names. | ||
911 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
912 | as_fn_error $? "invalid feature name: $ac_useropt" | ||
913 | ac_useropt_orig=$ac_useropt | ||
914 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
915 | case $ac_user_opts in | ||
916 | *" | ||
917 | "enable_$ac_useropt" | ||
918 | "*) ;; | ||
919 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" | ||
920 | ac_unrecognized_sep=', ';; | ||
921 | esac | ||
922 | eval enable_$ac_useropt=no ;; | ||
923 | |||
924 | -docdir | --docdir | --docdi | --doc | --do) | ||
925 | ac_prev=docdir ;; | ||
926 | -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) | ||
927 | docdir=$ac_optarg ;; | ||
928 | |||
929 | -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) | ||
930 | ac_prev=dvidir ;; | ||
931 | -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) | ||
932 | dvidir=$ac_optarg ;; | ||
933 | |||
934 | -enable-* | --enable-*) | ||
935 | ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` | ||
936 | # Reject names that are not valid shell variable names. | ||
937 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
938 | as_fn_error $? "invalid feature name: $ac_useropt" | ||
939 | ac_useropt_orig=$ac_useropt | ||
940 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
941 | case $ac_user_opts in | ||
942 | *" | ||
943 | "enable_$ac_useropt" | ||
944 | "*) ;; | ||
945 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" | ||
946 | ac_unrecognized_sep=', ';; | ||
947 | esac | ||
948 | eval enable_$ac_useropt=\$ac_optarg ;; | ||
949 | |||
950 | -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | ||
951 | | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | ||
952 | | --exec | --exe | --ex) | ||
953 | ac_prev=exec_prefix ;; | ||
954 | -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | ||
955 | | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | ||
956 | | --exec=* | --exe=* | --ex=*) | ||
957 | exec_prefix=$ac_optarg ;; | ||
958 | |||
959 | -gas | --gas | --ga | --g) | ||
960 | # Obsolete; use --with-gas. | ||
961 | with_gas=yes ;; | ||
962 | |||
963 | -help | --help | --hel | --he | -h) | ||
964 | ac_init_help=long ;; | ||
965 | -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) | ||
966 | ac_init_help=recursive ;; | ||
967 | -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) | ||
968 | ac_init_help=short ;; | ||
969 | |||
970 | -host | --host | --hos | --ho) | ||
971 | ac_prev=host_alias ;; | ||
972 | -host=* | --host=* | --hos=* | --ho=*) | ||
973 | host_alias=$ac_optarg ;; | ||
974 | |||
975 | -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) | ||
976 | ac_prev=htmldir ;; | ||
977 | -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | ||
978 | | --ht=*) | ||
979 | htmldir=$ac_optarg ;; | ||
980 | |||
981 | -includedir | --includedir | --includedi | --included | --include \ | ||
982 | | --includ | --inclu | --incl | --inc) | ||
983 | ac_prev=includedir ;; | ||
984 | -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | ||
985 | | --includ=* | --inclu=* | --incl=* | --inc=*) | ||
986 | includedir=$ac_optarg ;; | ||
987 | |||
988 | -infodir | --infodir | --infodi | --infod | --info | --inf) | ||
989 | ac_prev=infodir ;; | ||
990 | -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) | ||
991 | infodir=$ac_optarg ;; | ||
992 | |||
993 | -libdir | --libdir | --libdi | --libd) | ||
994 | ac_prev=libdir ;; | ||
995 | -libdir=* | --libdir=* | --libdi=* | --libd=*) | ||
996 | libdir=$ac_optarg ;; | ||
997 | |||
998 | -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | ||
999 | | --libexe | --libex | --libe) | ||
1000 | ac_prev=libexecdir ;; | ||
1001 | -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | ||
1002 | | --libexe=* | --libex=* | --libe=*) | ||
1003 | libexecdir=$ac_optarg ;; | ||
1004 | |||
1005 | -localedir | --localedir | --localedi | --localed | --locale) | ||
1006 | ac_prev=localedir ;; | ||
1007 | -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) | ||
1008 | localedir=$ac_optarg ;; | ||
1009 | |||
1010 | -localstatedir | --localstatedir | --localstatedi | --localstated \ | ||
1011 | | --localstate | --localstat | --localsta | --localst | --locals) | ||
1012 | ac_prev=localstatedir ;; | ||
1013 | -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | ||
1014 | | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) | ||
1015 | localstatedir=$ac_optarg ;; | ||
1016 | |||
1017 | -mandir | --mandir | --mandi | --mand | --man | --ma | --m) | ||
1018 | ac_prev=mandir ;; | ||
1019 | -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) | ||
1020 | mandir=$ac_optarg ;; | ||
1021 | |||
1022 | -nfp | --nfp | --nf) | ||
1023 | # Obsolete; use --without-fp. | ||
1024 | with_fp=no ;; | ||
1025 | |||
1026 | -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | ||
1027 | | --no-cr | --no-c | -n) | ||
1028 | no_create=yes ;; | ||
1029 | |||
1030 | -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | ||
1031 | | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) | ||
1032 | no_recursion=yes ;; | ||
1033 | |||
1034 | -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | ||
1035 | | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | ||
1036 | | --oldin | --oldi | --old | --ol | --o) | ||
1037 | ac_prev=oldincludedir ;; | ||
1038 | -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | ||
1039 | | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | ||
1040 | | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) | ||
1041 | oldincludedir=$ac_optarg ;; | ||
1042 | |||
1043 | -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) | ||
1044 | ac_prev=prefix ;; | ||
1045 | -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) | ||
1046 | prefix=$ac_optarg ;; | ||
1047 | |||
1048 | -program-prefix | --program-prefix | --program-prefi | --program-pref \ | ||
1049 | | --program-pre | --program-pr | --program-p) | ||
1050 | ac_prev=program_prefix ;; | ||
1051 | -program-prefix=* | --program-prefix=* | --program-prefi=* \ | ||
1052 | | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) | ||
1053 | program_prefix=$ac_optarg ;; | ||
1054 | |||
1055 | -program-suffix | --program-suffix | --program-suffi | --program-suff \ | ||
1056 | | --program-suf | --program-su | --program-s) | ||
1057 | ac_prev=program_suffix ;; | ||
1058 | -program-suffix=* | --program-suffix=* | --program-suffi=* \ | ||
1059 | | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) | ||
1060 | program_suffix=$ac_optarg ;; | ||
1061 | |||
1062 | -program-transform-name | --program-transform-name \ | ||
1063 | | --program-transform-nam | --program-transform-na \ | ||
1064 | | --program-transform-n | --program-transform- \ | ||
1065 | | --program-transform | --program-transfor \ | ||
1066 | | --program-transfo | --program-transf \ | ||
1067 | | --program-trans | --program-tran \ | ||
1068 | | --progr-tra | --program-tr | --program-t) | ||
1069 | ac_prev=program_transform_name ;; | ||
1070 | -program-transform-name=* | --program-transform-name=* \ | ||
1071 | | --program-transform-nam=* | --program-transform-na=* \ | ||
1072 | | --program-transform-n=* | --program-transform-=* \ | ||
1073 | | --program-transform=* | --program-transfor=* \ | ||
1074 | | --program-transfo=* | --program-transf=* \ | ||
1075 | | --program-trans=* | --program-tran=* \ | ||
1076 | | --progr-tra=* | --program-tr=* | --program-t=*) | ||
1077 | program_transform_name=$ac_optarg ;; | ||
1078 | |||
1079 | -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) | ||
1080 | ac_prev=pdfdir ;; | ||
1081 | -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) | ||
1082 | pdfdir=$ac_optarg ;; | ||
1083 | |||
1084 | -psdir | --psdir | --psdi | --psd | --ps) | ||
1085 | ac_prev=psdir ;; | ||
1086 | -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) | ||
1087 | psdir=$ac_optarg ;; | ||
1088 | |||
1089 | -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | ||
1090 | | -silent | --silent | --silen | --sile | --sil) | ||
1091 | silent=yes ;; | ||
1092 | |||
1093 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) | ||
1094 | ac_prev=sbindir ;; | ||
1095 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | ||
1096 | | --sbi=* | --sb=*) | ||
1097 | sbindir=$ac_optarg ;; | ||
1098 | |||
1099 | -sharedstatedir | --sharedstatedir | --sharedstatedi \ | ||
1100 | | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | ||
1101 | | --sharedst | --shareds | --shared | --share | --shar \ | ||
1102 | | --sha | --sh) | ||
1103 | ac_prev=sharedstatedir ;; | ||
1104 | -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | ||
1105 | | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | ||
1106 | | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | ||
1107 | | --sha=* | --sh=*) | ||
1108 | sharedstatedir=$ac_optarg ;; | ||
1109 | |||
1110 | -site | --site | --sit) | ||
1111 | ac_prev=site ;; | ||
1112 | -site=* | --site=* | --sit=*) | ||
1113 | site=$ac_optarg ;; | ||
1114 | |||
1115 | -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) | ||
1116 | ac_prev=srcdir ;; | ||
1117 | -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) | ||
1118 | srcdir=$ac_optarg ;; | ||
1119 | |||
1120 | -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | ||
1121 | | --syscon | --sysco | --sysc | --sys | --sy) | ||
1122 | ac_prev=sysconfdir ;; | ||
1123 | -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | ||
1124 | | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) | ||
1125 | sysconfdir=$ac_optarg ;; | ||
1126 | |||
1127 | -target | --target | --targe | --targ | --tar | --ta | --t) | ||
1128 | ac_prev=target_alias ;; | ||
1129 | -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) | ||
1130 | target_alias=$ac_optarg ;; | ||
1131 | |||
1132 | -v | -verbose | --verbose | --verbos | --verbo | --verb) | ||
1133 | verbose=yes ;; | ||
1134 | |||
1135 | -version | --version | --versio | --versi | --vers | -V) | ||
1136 | ac_init_version=: ;; | ||
1137 | |||
1138 | -with-* | --with-*) | ||
1139 | ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` | ||
1140 | # Reject names that are not valid shell variable names. | ||
1141 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
1142 | as_fn_error $? "invalid package name: $ac_useropt" | ||
1143 | ac_useropt_orig=$ac_useropt | ||
1144 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
1145 | case $ac_user_opts in | ||
1146 | *" | ||
1147 | "with_$ac_useropt" | ||
1148 | "*) ;; | ||
1149 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" | ||
1150 | ac_unrecognized_sep=', ';; | ||
1151 | esac | ||
1152 | eval with_$ac_useropt=\$ac_optarg ;; | ||
1153 | |||
1154 | -without-* | --without-*) | ||
1155 | ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` | ||
1156 | # Reject names that are not valid shell variable names. | ||
1157 | expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && | ||
1158 | as_fn_error $? "invalid package name: $ac_useropt" | ||
1159 | ac_useropt_orig=$ac_useropt | ||
1160 | ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` | ||
1161 | case $ac_user_opts in | ||
1162 | *" | ||
1163 | "with_$ac_useropt" | ||
1164 | "*) ;; | ||
1165 | *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" | ||
1166 | ac_unrecognized_sep=', ';; | ||
1167 | esac | ||
1168 | eval with_$ac_useropt=no ;; | ||
1169 | |||
1170 | --x) | ||
1171 | # Obsolete; use --with-x. | ||
1172 | with_x=yes ;; | ||
1173 | |||
1174 | -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | ||
1175 | | --x-incl | --x-inc | --x-in | --x-i) | ||
1176 | ac_prev=x_includes ;; | ||
1177 | -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | ||
1178 | | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) | ||
1179 | x_includes=$ac_optarg ;; | ||
1180 | |||
1181 | -x-libraries | --x-libraries | --x-librarie | --x-librari \ | ||
1182 | | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) | ||
1183 | ac_prev=x_libraries ;; | ||
1184 | -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | ||
1185 | | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) | ||
1186 | x_libraries=$ac_optarg ;; | ||
1187 | |||
1188 | -*) as_fn_error $? "unrecognized option: \`$ac_option' | ||
1189 | Try \`$0 --help' for more information" | ||
1190 | ;; | ||
1191 | |||
1192 | *=*) | ||
1193 | ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` | ||
1194 | # Reject names that are not valid shell variable names. | ||
1195 | case $ac_envvar in #( | ||
1196 | '' | [0-9]* | *[!_$as_cr_alnum]* ) | ||
1197 | as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; | ||
1198 | esac | ||
1199 | eval $ac_envvar=\$ac_optarg | ||
1200 | export $ac_envvar ;; | ||
1201 | |||
1202 | *) | ||
1203 | # FIXME: should be removed in autoconf 3.0. | ||
1204 | $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 | ||
1205 | expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && | ||
1206 | $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 | ||
1207 | : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" | ||
1208 | ;; | ||
1209 | |||
1210 | esac | ||
1211 | done | ||
1212 | |||
1213 | if test -n "$ac_prev"; then | ||
1214 | ac_option=--`echo $ac_prev | sed 's/_/-/g'` | ||
1215 | as_fn_error $? "missing argument to $ac_option" | ||
1216 | fi | ||
1217 | |||
1218 | if test -n "$ac_unrecognized_opts"; then | ||
1219 | case $enable_option_checking in | ||
1220 | no) ;; | ||
1221 | fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; | ||
1222 | *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; | ||
1223 | esac | ||
1224 | fi | ||
1225 | |||
1226 | # Check all directory arguments for consistency. | ||
1227 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ | ||
1228 | datadir sysconfdir sharedstatedir localstatedir includedir \ | ||
1229 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ | ||
1230 | libdir localedir mandir | ||
1231 | do | ||
1232 | eval ac_val=\$$ac_var | ||
1233 | # Remove trailing slashes. | ||
1234 | case $ac_val in | ||
1235 | */ ) | ||
1236 | ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` | ||
1237 | eval $ac_var=\$ac_val;; | ||
1238 | esac | ||
1239 | # Be sure to have absolute directory names. | ||
1240 | case $ac_val in | ||
1241 | [\\/$]* | ?:[\\/]* ) continue;; | ||
1242 | NONE | '' ) case $ac_var in *prefix ) continue;; esac;; | ||
1243 | esac | ||
1244 | as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" | ||
1245 | done | ||
1246 | |||
1247 | # There might be people who depend on the old broken behavior: `$host' | ||
1248 | # used to hold the argument of --host etc. | ||
1249 | # FIXME: To remove some day. | ||
1250 | build=$build_alias | ||
1251 | host=$host_alias | ||
1252 | target=$target_alias | ||
1253 | |||
1254 | # FIXME: To remove some day. | ||
1255 | if test "x$host_alias" != x; then | ||
1256 | if test "x$build_alias" = x; then | ||
1257 | cross_compiling=maybe | ||
1258 | elif test "x$build_alias" != "x$host_alias"; then | ||
1259 | cross_compiling=yes | ||
1260 | fi | ||
1261 | fi | ||
1262 | |||
1263 | ac_tool_prefix= | ||
1264 | test -n "$host_alias" && ac_tool_prefix=$host_alias- | ||
1265 | |||
1266 | test "$silent" = yes && exec 6>/dev/null | ||
1267 | |||
1268 | |||
1269 | ac_pwd=`pwd` && test -n "$ac_pwd" && | ||
1270 | ac_ls_di=`ls -di .` && | ||
1271 | ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || | ||
1272 | as_fn_error $? "working directory cannot be determined" | ||
1273 | test "X$ac_ls_di" = "X$ac_pwd_ls_di" || | ||
1274 | as_fn_error $? "pwd does not report name of working directory" | ||
1275 | |||
1276 | |||
1277 | # Find the source files, if location was not specified. | ||
1278 | if test -z "$srcdir"; then | ||
1279 | ac_srcdir_defaulted=yes | ||
1280 | # Try the directory containing this script, then the parent directory. | ||
1281 | ac_confdir=`$as_dirname -- "$as_myself" || | ||
1282 | $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
1283 | X"$as_myself" : 'X\(//\)[^/]' \| \ | ||
1284 | X"$as_myself" : 'X\(//\)$' \| \ | ||
1285 | X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || | ||
1286 | $as_echo X"$as_myself" | | ||
1287 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
1288 | s//\1/ | ||
1289 | q | ||
1290 | } | ||
1291 | /^X\(\/\/\)[^/].*/{ | ||
1292 | s//\1/ | ||
1293 | q | ||
1294 | } | ||
1295 | /^X\(\/\/\)$/{ | ||
1296 | s//\1/ | ||
1297 | q | ||
1298 | } | ||
1299 | /^X\(\/\).*/{ | ||
1300 | s//\1/ | ||
1301 | q | ||
1302 | } | ||
1303 | s/.*/./; q'` | ||
1304 | srcdir=$ac_confdir | ||
1305 | if test ! -r "$srcdir/$ac_unique_file"; then | ||
1306 | srcdir=.. | ||
1307 | fi | ||
1308 | else | ||
1309 | ac_srcdir_defaulted=no | ||
1310 | fi | ||
1311 | if test ! -r "$srcdir/$ac_unique_file"; then | ||
1312 | test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." | ||
1313 | as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" | ||
1314 | fi | ||
1315 | ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" | ||
1316 | ac_abs_confdir=`( | ||
1317 | cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" | ||
1318 | pwd)` | ||
1319 | # When building in place, set srcdir=. | ||
1320 | if test "$ac_abs_confdir" = "$ac_pwd"; then | ||
1321 | srcdir=. | ||
1322 | fi | ||
1323 | # Remove unnecessary trailing slashes from srcdir. | ||
1324 | # Double slashes in file names in object file debugging info | ||
1325 | # mess up M-x gdb in Emacs. | ||
1326 | case $srcdir in | ||
1327 | */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; | ||
1328 | esac | ||
1329 | for ac_var in $ac_precious_vars; do | ||
1330 | eval ac_env_${ac_var}_set=\${${ac_var}+set} | ||
1331 | eval ac_env_${ac_var}_value=\$${ac_var} | ||
1332 | eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} | ||
1333 | eval ac_cv_env_${ac_var}_value=\$${ac_var} | ||
1334 | done | ||
1335 | |||
1336 | # | ||
1337 | # Report the --help message. | ||
1338 | # | ||
1339 | if test "$ac_init_help" = "long"; then | ||
1340 | # Omit some internal or obsolete options to make the list less imposing. | ||
1341 | # This message is too long to be a string in the A/UX 3.1 sh. | ||
1342 | cat <<_ACEOF | ||
1343 | \`configure' configures OpenSSH Portable to adapt to many kinds of systems. | ||
1344 | |||
1345 | Usage: $0 [OPTION]... [VAR=VALUE]... | ||
1346 | |||
1347 | To assign environment variables (e.g., CC, CFLAGS...), specify them as | ||
1348 | VAR=VALUE. See below for descriptions of some of the useful variables. | ||
1349 | |||
1350 | Defaults for the options are specified in brackets. | ||
1351 | |||
1352 | Configuration: | ||
1353 | -h, --help display this help and exit | ||
1354 | --help=short display options specific to this package | ||
1355 | --help=recursive display the short help of all the included packages | ||
1356 | -V, --version display version information and exit | ||
1357 | -q, --quiet, --silent do not print \`checking ...' messages | ||
1358 | --cache-file=FILE cache test results in FILE [disabled] | ||
1359 | -C, --config-cache alias for \`--cache-file=config.cache' | ||
1360 | -n, --no-create do not create output files | ||
1361 | --srcdir=DIR find the sources in DIR [configure dir or \`..'] | ||
1362 | |||
1363 | Installation directories: | ||
1364 | --prefix=PREFIX install architecture-independent files in PREFIX | ||
1365 | [$ac_default_prefix] | ||
1366 | --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX | ||
1367 | [PREFIX] | ||
1368 | |||
1369 | By default, \`make install' will install all the files in | ||
1370 | \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify | ||
1371 | an installation prefix other than \`$ac_default_prefix' using \`--prefix', | ||
1372 | for instance \`--prefix=\$HOME'. | ||
1373 | |||
1374 | For better control, use the options below. | ||
1375 | |||
1376 | Fine tuning of the installation directories: | ||
1377 | --bindir=DIR user executables [EPREFIX/bin] | ||
1378 | --sbindir=DIR system admin executables [EPREFIX/sbin] | ||
1379 | --libexecdir=DIR program executables [EPREFIX/libexec] | ||
1380 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | ||
1381 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | ||
1382 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | ||
1383 | --libdir=DIR object code libraries [EPREFIX/lib] | ||
1384 | --includedir=DIR C header files [PREFIX/include] | ||
1385 | --oldincludedir=DIR C header files for non-gcc [/usr/include] | ||
1386 | --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] | ||
1387 | --datadir=DIR read-only architecture-independent data [DATAROOTDIR] | ||
1388 | --infodir=DIR info documentation [DATAROOTDIR/info] | ||
1389 | --localedir=DIR locale-dependent data [DATAROOTDIR/locale] | ||
1390 | --mandir=DIR man documentation [DATAROOTDIR/man] | ||
1391 | --docdir=DIR documentation root [DATAROOTDIR/doc/openssh] | ||
1392 | --htmldir=DIR html documentation [DOCDIR] | ||
1393 | --dvidir=DIR dvi documentation [DOCDIR] | ||
1394 | --pdfdir=DIR pdf documentation [DOCDIR] | ||
1395 | --psdir=DIR ps documentation [DOCDIR] | ||
1396 | _ACEOF | ||
1397 | |||
1398 | cat <<\_ACEOF | ||
1399 | |||
1400 | System types: | ||
1401 | --build=BUILD configure for building on BUILD [guessed] | ||
1402 | --host=HOST cross-compile to build programs to run on HOST [BUILD] | ||
1403 | _ACEOF | ||
1404 | fi | ||
1405 | |||
1406 | if test -n "$ac_init_help"; then | ||
1407 | case $ac_init_help in | ||
1408 | short | recursive ) echo "Configuration of OpenSSH Portable:";; | ||
1409 | esac | ||
1410 | cat <<\_ACEOF | ||
1411 | |||
1412 | Optional Features: | ||
1413 | --disable-option-checking ignore unrecognized --enable/--with options | ||
1414 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) | ||
1415 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | ||
1416 | --disable-largefile omit support for large files | ||
1417 | --disable-pkcs11 disable PKCS#11 support code [no] | ||
1418 | --disable-strip Disable calling strip(1) on install | ||
1419 | --disable-etc-default-login Disable using PATH from /etc/default/login no | ||
1420 | --disable-lastlog disable use of lastlog even if detected no | ||
1421 | --disable-utmp disable use of utmp even if detected no | ||
1422 | --disable-utmpx disable use of utmpx even if detected no | ||
1423 | --disable-wtmp disable use of wtmp even if detected no | ||
1424 | --disable-wtmpx disable use of wtmpx even if detected no | ||
1425 | --disable-libutil disable use of libutil (login() etc.) no | ||
1426 | --disable-pututline disable use of pututline() etc. (uwtmp) no | ||
1427 | --disable-pututxline disable use of pututxline() etc. (uwtmpx) no | ||
1428 | |||
1429 | Optional Packages: | ||
1430 | --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] | ||
1431 | --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) | ||
1432 | --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** | ||
1433 | --with-ssh1 Enable support for SSH protocol 1 | ||
1434 | --without-stackprotect Don't use compiler's stack protection | ||
1435 | --without-hardening Don't use toolchain hardening flags | ||
1436 | --without-rpath Disable auto-added -R linker paths | ||
1437 | --with-cflags Specify additional flags to pass to compiler | ||
1438 | --with-cppflags Specify additional flags to pass to preprocessor | ||
1439 | --with-ldflags Specify additional flags to pass to linker | ||
1440 | --with-libs Specify additional libraries to link with | ||
1441 | --with-Werror Build main code with -Werror | ||
1442 | --with-solaris-contracts Enable Solaris process contracts (experimental) | ||
1443 | --with-solaris-projects Enable Solaris projects (experimental) | ||
1444 | --with-solaris-privs Enable Solaris/Illumos privileges (experimental) | ||
1445 | --with-osfsia Enable Digital Unix SIA | ||
1446 | --with-zlib=PATH Use zlib in PATH | ||
1447 | --without-zlib-version-check Disable zlib version check | ||
1448 | --with-skey[=PATH] Enable S/Key support (optionally in PATH) | ||
1449 | --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) | ||
1450 | --with-libedit[=PATH] Enable libedit support for sftp | ||
1451 | --with-audit=module Enable audit support (modules=debug,bsm,linux) | ||
1452 | --with-pie Build Position Independent Executables if possible | ||
1453 | --with-ssl-dir=PATH Specify path to OpenSSL installation | ||
1454 | --without-openssl-header-check Disable OpenSSL version consistency check | ||
1455 | --with-ssl-engine Enable OpenSSL (hardware) ENGINE support | ||
1456 | --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT | ||
1457 | --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) | ||
1458 | --with-pam Enable PAM support | ||
1459 | --with-pam-service=name Specify PAM service name | ||
1460 | --with-privsep-user=user Specify non-privileged user for privilege separation | ||
1461 | --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge) | ||
1462 | --with-selinux Enable SELinux support | ||
1463 | --with-kerberos5=PATH Enable Kerberos 5 support | ||
1464 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | ||
1465 | --with-xauth=PATH Specify path to xauth program | ||
1466 | --with-maildir=/path/to/mail Specify your system mail directory | ||
1467 | --with-mantype=man|cat|doc Set man page type | ||
1468 | --with-md5-passwords Enable use of MD5 passwords | ||
1469 | --without-shadow Disable shadow password support | ||
1470 | --with-ipaddr-display Use ip address instead of hostname in $DISPLAY | ||
1471 | --with-default-path= Specify default $PATH environment for server | ||
1472 | --with-superuser-path= Specify different path for super-user | ||
1473 | --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses | ||
1474 | --with-bsd-auth Enable BSD auth support | ||
1475 | --with-pid-dir=PATH Specify location of ssh.pid file | ||
1476 | --with-lastlog=FILE|DIR specify lastlog location common locations | ||
1477 | |||
1478 | Some influential environment variables: | ||
1479 | CC C compiler command | ||
1480 | CFLAGS C compiler flags | ||
1481 | LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a | ||
1482 | nonstandard directory <lib dir> | ||
1483 | LIBS libraries to pass to the linker, e.g. -l<library> | ||
1484 | CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if | ||
1485 | you have headers in a nonstandard directory <include dir> | ||
1486 | CPP C preprocessor | ||
1487 | |||
1488 | Use these variables to override the choices made by `configure' or to help | ||
1489 | it to find libraries and programs with nonstandard names/locations. | ||
1490 | |||
1491 | Report bugs to <openssh-unix-dev@mindrot.org>. | ||
1492 | _ACEOF | ||
1493 | ac_status=$? | ||
1494 | fi | ||
1495 | |||
1496 | if test "$ac_init_help" = "recursive"; then | ||
1497 | # If there are subdirs, report their specific --help. | ||
1498 | for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue | ||
1499 | test -d "$ac_dir" || | ||
1500 | { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || | ||
1501 | continue | ||
1502 | ac_builddir=. | ||
1503 | |||
1504 | case "$ac_dir" in | ||
1505 | .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
1506 | *) | ||
1507 | ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` | ||
1508 | # A ".." for each directory in $ac_dir_suffix. | ||
1509 | ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` | ||
1510 | case $ac_top_builddir_sub in | ||
1511 | "") ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
1512 | *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; | ||
1513 | esac ;; | ||
1514 | esac | ||
1515 | ac_abs_top_builddir=$ac_pwd | ||
1516 | ac_abs_builddir=$ac_pwd$ac_dir_suffix | ||
1517 | # for backward compatibility: | ||
1518 | ac_top_builddir=$ac_top_build_prefix | ||
1519 | |||
1520 | case $srcdir in | ||
1521 | .) # We are building in place. | ||
1522 | ac_srcdir=. | ||
1523 | ac_top_srcdir=$ac_top_builddir_sub | ||
1524 | ac_abs_top_srcdir=$ac_pwd ;; | ||
1525 | [\\/]* | ?:[\\/]* ) # Absolute name. | ||
1526 | ac_srcdir=$srcdir$ac_dir_suffix; | ||
1527 | ac_top_srcdir=$srcdir | ||
1528 | ac_abs_top_srcdir=$srcdir ;; | ||
1529 | *) # Relative name. | ||
1530 | ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix | ||
1531 | ac_top_srcdir=$ac_top_build_prefix$srcdir | ||
1532 | ac_abs_top_srcdir=$ac_pwd/$srcdir ;; | ||
1533 | esac | ||
1534 | ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix | ||
1535 | |||
1536 | cd "$ac_dir" || { ac_status=$?; continue; } | ||
1537 | # Check for guested configure. | ||
1538 | if test -f "$ac_srcdir/configure.gnu"; then | ||
1539 | echo && | ||
1540 | $SHELL "$ac_srcdir/configure.gnu" --help=recursive | ||
1541 | elif test -f "$ac_srcdir/configure"; then | ||
1542 | echo && | ||
1543 | $SHELL "$ac_srcdir/configure" --help=recursive | ||
1544 | else | ||
1545 | $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 | ||
1546 | fi || ac_status=$? | ||
1547 | cd "$ac_pwd" || { ac_status=$?; break; } | ||
1548 | done | ||
1549 | fi | ||
1550 | |||
1551 | test -n "$ac_init_help" && exit $ac_status | ||
1552 | if $ac_init_version; then | ||
1553 | cat <<\_ACEOF | ||
1554 | OpenSSH configure Portable | ||
1555 | generated by GNU Autoconf 2.69 | ||
1556 | |||
1557 | Copyright (C) 2012 Free Software Foundation, Inc. | ||
1558 | This configure script is free software; the Free Software Foundation | ||
1559 | gives unlimited permission to copy, distribute and modify it. | ||
1560 | _ACEOF | ||
1561 | exit | ||
1562 | fi | ||
1563 | |||
1564 | ## ------------------------ ## | ||
1565 | ## Autoconf initialization. ## | ||
1566 | ## ------------------------ ## | ||
1567 | |||
1568 | # ac_fn_c_try_compile LINENO | ||
1569 | # -------------------------- | ||
1570 | # Try to compile conftest.$ac_ext, and return whether this succeeded. | ||
1571 | ac_fn_c_try_compile () | ||
1572 | { | ||
1573 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1574 | rm -f conftest.$ac_objext | ||
1575 | if { { ac_try="$ac_compile" | ||
1576 | case "(($ac_try" in | ||
1577 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1578 | *) ac_try_echo=$ac_try;; | ||
1579 | esac | ||
1580 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1581 | $as_echo "$ac_try_echo"; } >&5 | ||
1582 | (eval "$ac_compile") 2>conftest.err | ||
1583 | ac_status=$? | ||
1584 | if test -s conftest.err; then | ||
1585 | grep -v '^ *+' conftest.err >conftest.er1 | ||
1586 | cat conftest.er1 >&5 | ||
1587 | mv -f conftest.er1 conftest.err | ||
1588 | fi | ||
1589 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1590 | test $ac_status = 0; } && { | ||
1591 | test -z "$ac_c_werror_flag" || | ||
1592 | test ! -s conftest.err | ||
1593 | } && test -s conftest.$ac_objext; then : | ||
1594 | ac_retval=0 | ||
1595 | else | ||
1596 | $as_echo "$as_me: failed program was:" >&5 | ||
1597 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1598 | |||
1599 | ac_retval=1 | ||
1600 | fi | ||
1601 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1602 | as_fn_set_status $ac_retval | ||
1603 | |||
1604 | } # ac_fn_c_try_compile | ||
1605 | |||
1606 | # ac_fn_c_try_run LINENO | ||
1607 | # ---------------------- | ||
1608 | # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes | ||
1609 | # that executables *can* be run. | ||
1610 | ac_fn_c_try_run () | ||
1611 | { | ||
1612 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1613 | if { { ac_try="$ac_link" | ||
1614 | case "(($ac_try" in | ||
1615 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1616 | *) ac_try_echo=$ac_try;; | ||
1617 | esac | ||
1618 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1619 | $as_echo "$ac_try_echo"; } >&5 | ||
1620 | (eval "$ac_link") 2>&5 | ||
1621 | ac_status=$? | ||
1622 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1623 | test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' | ||
1624 | { { case "(($ac_try" in | ||
1625 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1626 | *) ac_try_echo=$ac_try;; | ||
1627 | esac | ||
1628 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1629 | $as_echo "$ac_try_echo"; } >&5 | ||
1630 | (eval "$ac_try") 2>&5 | ||
1631 | ac_status=$? | ||
1632 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1633 | test $ac_status = 0; }; }; then : | ||
1634 | ac_retval=0 | ||
1635 | else | ||
1636 | $as_echo "$as_me: program exited with status $ac_status" >&5 | ||
1637 | $as_echo "$as_me: failed program was:" >&5 | ||
1638 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1639 | |||
1640 | ac_retval=$ac_status | ||
1641 | fi | ||
1642 | rm -rf conftest.dSYM conftest_ipa8_conftest.oo | ||
1643 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1644 | as_fn_set_status $ac_retval | ||
1645 | |||
1646 | } # ac_fn_c_try_run | ||
1647 | |||
1648 | # ac_fn_c_try_cpp LINENO | ||
1649 | # ---------------------- | ||
1650 | # Try to preprocess conftest.$ac_ext, and return whether this succeeded. | ||
1651 | ac_fn_c_try_cpp () | ||
1652 | { | ||
1653 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1654 | if { { ac_try="$ac_cpp conftest.$ac_ext" | ||
1655 | case "(($ac_try" in | ||
1656 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1657 | *) ac_try_echo=$ac_try;; | ||
1658 | esac | ||
1659 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1660 | $as_echo "$ac_try_echo"; } >&5 | ||
1661 | (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err | ||
1662 | ac_status=$? | ||
1663 | if test -s conftest.err; then | ||
1664 | grep -v '^ *+' conftest.err >conftest.er1 | ||
1665 | cat conftest.er1 >&5 | ||
1666 | mv -f conftest.er1 conftest.err | ||
1667 | fi | ||
1668 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1669 | test $ac_status = 0; } > conftest.i && { | ||
1670 | test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || | ||
1671 | test ! -s conftest.err | ||
1672 | }; then : | ||
1673 | ac_retval=0 | ||
1674 | else | ||
1675 | $as_echo "$as_me: failed program was:" >&5 | ||
1676 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1677 | |||
1678 | ac_retval=1 | ||
1679 | fi | ||
1680 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1681 | as_fn_set_status $ac_retval | ||
1682 | |||
1683 | } # ac_fn_c_try_cpp | ||
1684 | |||
1685 | # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES | ||
1686 | # ------------------------------------------------------- | ||
1687 | # Tests whether HEADER exists and can be compiled using the include files in | ||
1688 | # INCLUDES, setting the cache variable VAR accordingly. | ||
1689 | ac_fn_c_check_header_compile () | ||
1690 | { | ||
1691 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1692 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1693 | $as_echo_n "checking for $2... " >&6; } | ||
1694 | if eval \${$3+:} false; then : | ||
1695 | $as_echo_n "(cached) " >&6 | ||
1696 | else | ||
1697 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1698 | /* end confdefs.h. */ | ||
1699 | $4 | ||
1700 | #include <$2> | ||
1701 | _ACEOF | ||
1702 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1703 | eval "$3=yes" | ||
1704 | else | ||
1705 | eval "$3=no" | ||
1706 | fi | ||
1707 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
1708 | fi | ||
1709 | eval ac_res=\$$3 | ||
1710 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1711 | $as_echo "$ac_res" >&6; } | ||
1712 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1713 | |||
1714 | } # ac_fn_c_check_header_compile | ||
1715 | |||
1716 | # ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES | ||
1717 | # --------------------------------------------- | ||
1718 | # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR | ||
1719 | # accordingly. | ||
1720 | ac_fn_c_check_decl () | ||
1721 | { | ||
1722 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1723 | as_decl_name=`echo $2|sed 's/ *(.*//'` | ||
1724 | as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` | ||
1725 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 | ||
1726 | $as_echo_n "checking whether $as_decl_name is declared... " >&6; } | ||
1727 | if eval \${$3+:} false; then : | ||
1728 | $as_echo_n "(cached) " >&6 | ||
1729 | else | ||
1730 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1731 | /* end confdefs.h. */ | ||
1732 | $4 | ||
1733 | int | ||
1734 | main () | ||
1735 | { | ||
1736 | #ifndef $as_decl_name | ||
1737 | #ifdef __cplusplus | ||
1738 | (void) $as_decl_use; | ||
1739 | #else | ||
1740 | (void) $as_decl_name; | ||
1741 | #endif | ||
1742 | #endif | ||
1743 | |||
1744 | ; | ||
1745 | return 0; | ||
1746 | } | ||
1747 | _ACEOF | ||
1748 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1749 | eval "$3=yes" | ||
1750 | else | ||
1751 | eval "$3=no" | ||
1752 | fi | ||
1753 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
1754 | fi | ||
1755 | eval ac_res=\$$3 | ||
1756 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1757 | $as_echo "$ac_res" >&6; } | ||
1758 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1759 | |||
1760 | } # ac_fn_c_check_decl | ||
1761 | |||
1762 | # ac_fn_c_try_link LINENO | ||
1763 | # ----------------------- | ||
1764 | # Try to link conftest.$ac_ext, and return whether this succeeded. | ||
1765 | ac_fn_c_try_link () | ||
1766 | { | ||
1767 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1768 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
1769 | if { { ac_try="$ac_link" | ||
1770 | case "(($ac_try" in | ||
1771 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
1772 | *) ac_try_echo=$ac_try;; | ||
1773 | esac | ||
1774 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
1775 | $as_echo "$ac_try_echo"; } >&5 | ||
1776 | (eval "$ac_link") 2>conftest.err | ||
1777 | ac_status=$? | ||
1778 | if test -s conftest.err; then | ||
1779 | grep -v '^ *+' conftest.err >conftest.er1 | ||
1780 | cat conftest.er1 >&5 | ||
1781 | mv -f conftest.er1 conftest.err | ||
1782 | fi | ||
1783 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
1784 | test $ac_status = 0; } && { | ||
1785 | test -z "$ac_c_werror_flag" || | ||
1786 | test ! -s conftest.err | ||
1787 | } && test -s conftest$ac_exeext && { | ||
1788 | test "$cross_compiling" = yes || | ||
1789 | test -x conftest$ac_exeext | ||
1790 | }; then : | ||
1791 | ac_retval=0 | ||
1792 | else | ||
1793 | $as_echo "$as_me: failed program was:" >&5 | ||
1794 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
1795 | |||
1796 | ac_retval=1 | ||
1797 | fi | ||
1798 | # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information | ||
1799 | # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would | ||
1800 | # interfere with the next link command; also delete a directory that is | ||
1801 | # left behind by Apple's compiler. We do this before executing the actions. | ||
1802 | rm -rf conftest.dSYM conftest_ipa8_conftest.oo | ||
1803 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1804 | as_fn_set_status $ac_retval | ||
1805 | |||
1806 | } # ac_fn_c_try_link | ||
1807 | |||
1808 | # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES | ||
1809 | # ------------------------------------------------------- | ||
1810 | # Tests whether HEADER exists, giving a warning if it cannot be compiled using | ||
1811 | # the include files in INCLUDES and setting the cache variable VAR | ||
1812 | # accordingly. | ||
1813 | ac_fn_c_check_header_mongrel () | ||
1814 | { | ||
1815 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1816 | if eval \${$3+:} false; then : | ||
1817 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1818 | $as_echo_n "checking for $2... " >&6; } | ||
1819 | if eval \${$3+:} false; then : | ||
1820 | $as_echo_n "(cached) " >&6 | ||
1821 | fi | ||
1822 | eval ac_res=\$$3 | ||
1823 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1824 | $as_echo "$ac_res" >&6; } | ||
1825 | else | ||
1826 | # Is the header compilable? | ||
1827 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 | ||
1828 | $as_echo_n "checking $2 usability... " >&6; } | ||
1829 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1830 | /* end confdefs.h. */ | ||
1831 | $4 | ||
1832 | #include <$2> | ||
1833 | _ACEOF | ||
1834 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1835 | ac_header_compiler=yes | ||
1836 | else | ||
1837 | ac_header_compiler=no | ||
1838 | fi | ||
1839 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
1840 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 | ||
1841 | $as_echo "$ac_header_compiler" >&6; } | ||
1842 | |||
1843 | # Is the header present? | ||
1844 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 | ||
1845 | $as_echo_n "checking $2 presence... " >&6; } | ||
1846 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1847 | /* end confdefs.h. */ | ||
1848 | #include <$2> | ||
1849 | _ACEOF | ||
1850 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
1851 | ac_header_preproc=yes | ||
1852 | else | ||
1853 | ac_header_preproc=no | ||
1854 | fi | ||
1855 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
1856 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 | ||
1857 | $as_echo "$ac_header_preproc" >&6; } | ||
1858 | |||
1859 | # So? What about this header? | ||
1860 | case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( | ||
1861 | yes:no: ) | ||
1862 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 | ||
1863 | $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} | ||
1864 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 | ||
1865 | $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} | ||
1866 | ;; | ||
1867 | no:yes:* ) | ||
1868 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 | ||
1869 | $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} | ||
1870 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 | ||
1871 | $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} | ||
1872 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 | ||
1873 | $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} | ||
1874 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 | ||
1875 | $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} | ||
1876 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 | ||
1877 | $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} | ||
1878 | ( $as_echo "## ------------------------------------------- ## | ||
1879 | ## Report this to openssh-unix-dev@mindrot.org ## | ||
1880 | ## ------------------------------------------- ##" | ||
1881 | ) | sed "s/^/$as_me: WARNING: /" >&2 | ||
1882 | ;; | ||
1883 | esac | ||
1884 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1885 | $as_echo_n "checking for $2... " >&6; } | ||
1886 | if eval \${$3+:} false; then : | ||
1887 | $as_echo_n "(cached) " >&6 | ||
1888 | else | ||
1889 | eval "$3=\$ac_header_compiler" | ||
1890 | fi | ||
1891 | eval ac_res=\$$3 | ||
1892 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1893 | $as_echo "$ac_res" >&6; } | ||
1894 | fi | ||
1895 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1896 | |||
1897 | } # ac_fn_c_check_header_mongrel | ||
1898 | |||
1899 | # ac_fn_c_check_func LINENO FUNC VAR | ||
1900 | # ---------------------------------- | ||
1901 | # Tests whether FUNC exists, setting the cache variable VAR accordingly | ||
1902 | ac_fn_c_check_func () | ||
1903 | { | ||
1904 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1905 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1906 | $as_echo_n "checking for $2... " >&6; } | ||
1907 | if eval \${$3+:} false; then : | ||
1908 | $as_echo_n "(cached) " >&6 | ||
1909 | else | ||
1910 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1911 | /* end confdefs.h. */ | ||
1912 | /* Define $2 to an innocuous variant, in case <limits.h> declares $2. | ||
1913 | For example, HP-UX 11i <limits.h> declares gettimeofday. */ | ||
1914 | #define $2 innocuous_$2 | ||
1915 | |||
1916 | /* System header to define __stub macros and hopefully few prototypes, | ||
1917 | which can conflict with char $2 (); below. | ||
1918 | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
1919 | <limits.h> exists even on freestanding compilers. */ | ||
1920 | |||
1921 | #ifdef __STDC__ | ||
1922 | # include <limits.h> | ||
1923 | #else | ||
1924 | # include <assert.h> | ||
1925 | #endif | ||
1926 | |||
1927 | #undef $2 | ||
1928 | |||
1929 | /* Override any GCC internal prototype to avoid an error. | ||
1930 | Use char because int might match the return type of a GCC | ||
1931 | builtin and then its argument prototype would still apply. */ | ||
1932 | #ifdef __cplusplus | ||
1933 | extern "C" | ||
1934 | #endif | ||
1935 | char $2 (); | ||
1936 | /* The GNU C library defines this for functions which it implements | ||
1937 | to always fail with ENOSYS. Some functions are actually named | ||
1938 | something starting with __ and the normal name is an alias. */ | ||
1939 | #if defined __stub_$2 || defined __stub___$2 | ||
1940 | choke me | ||
1941 | #endif | ||
1942 | |||
1943 | int | ||
1944 | main () | ||
1945 | { | ||
1946 | return $2 (); | ||
1947 | ; | ||
1948 | return 0; | ||
1949 | } | ||
1950 | _ACEOF | ||
1951 | if ac_fn_c_try_link "$LINENO"; then : | ||
1952 | eval "$3=yes" | ||
1953 | else | ||
1954 | eval "$3=no" | ||
1955 | fi | ||
1956 | rm -f core conftest.err conftest.$ac_objext \ | ||
1957 | conftest$ac_exeext conftest.$ac_ext | ||
1958 | fi | ||
1959 | eval ac_res=\$$3 | ||
1960 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
1961 | $as_echo "$ac_res" >&6; } | ||
1962 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
1963 | |||
1964 | } # ac_fn_c_check_func | ||
1965 | |||
1966 | # ac_fn_c_check_type LINENO TYPE VAR INCLUDES | ||
1967 | # ------------------------------------------- | ||
1968 | # Tests whether TYPE exists after having included INCLUDES, setting cache | ||
1969 | # variable VAR accordingly. | ||
1970 | ac_fn_c_check_type () | ||
1971 | { | ||
1972 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
1973 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 | ||
1974 | $as_echo_n "checking for $2... " >&6; } | ||
1975 | if eval \${$3+:} false; then : | ||
1976 | $as_echo_n "(cached) " >&6 | ||
1977 | else | ||
1978 | eval "$3=no" | ||
1979 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1980 | /* end confdefs.h. */ | ||
1981 | $4 | ||
1982 | int | ||
1983 | main () | ||
1984 | { | ||
1985 | if (sizeof ($2)) | ||
1986 | return 0; | ||
1987 | ; | ||
1988 | return 0; | ||
1989 | } | ||
1990 | _ACEOF | ||
1991 | if ac_fn_c_try_compile "$LINENO"; then : | ||
1992 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
1993 | /* end confdefs.h. */ | ||
1994 | $4 | ||
1995 | int | ||
1996 | main () | ||
1997 | { | ||
1998 | if (sizeof (($2))) | ||
1999 | return 0; | ||
2000 | ; | ||
2001 | return 0; | ||
2002 | } | ||
2003 | _ACEOF | ||
2004 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2005 | |||
2006 | else | ||
2007 | eval "$3=yes" | ||
2008 | fi | ||
2009 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2010 | fi | ||
2011 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2012 | fi | ||
2013 | eval ac_res=\$$3 | ||
2014 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
2015 | $as_echo "$ac_res" >&6; } | ||
2016 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
2017 | |||
2018 | } # ac_fn_c_check_type | ||
2019 | |||
2020 | # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES | ||
2021 | # -------------------------------------------- | ||
2022 | # Tries to find the compile-time value of EXPR in a program that includes | ||
2023 | # INCLUDES, setting VAR accordingly. Returns whether the value could be | ||
2024 | # computed | ||
2025 | ac_fn_c_compute_int () | ||
2026 | { | ||
2027 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
2028 | if test "$cross_compiling" = yes; then | ||
2029 | # Depending upon the size, compute the lo and hi bounds. | ||
2030 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2031 | /* end confdefs.h. */ | ||
2032 | $4 | ||
2033 | int | ||
2034 | main () | ||
2035 | { | ||
2036 | static int test_array [1 - 2 * !(($2) >= 0)]; | ||
2037 | test_array [0] = 0; | ||
2038 | return test_array [0]; | ||
2039 | |||
2040 | ; | ||
2041 | return 0; | ||
2042 | } | ||
2043 | _ACEOF | ||
2044 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2045 | ac_lo=0 ac_mid=0 | ||
2046 | while :; do | ||
2047 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2048 | /* end confdefs.h. */ | ||
2049 | $4 | ||
2050 | int | ||
2051 | main () | ||
2052 | { | ||
2053 | static int test_array [1 - 2 * !(($2) <= $ac_mid)]; | ||
2054 | test_array [0] = 0; | ||
2055 | return test_array [0]; | ||
2056 | |||
2057 | ; | ||
2058 | return 0; | ||
2059 | } | ||
2060 | _ACEOF | ||
2061 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2062 | ac_hi=$ac_mid; break | ||
2063 | else | ||
2064 | as_fn_arith $ac_mid + 1 && ac_lo=$as_val | ||
2065 | if test $ac_lo -le $ac_mid; then | ||
2066 | ac_lo= ac_hi= | ||
2067 | break | ||
2068 | fi | ||
2069 | as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val | ||
2070 | fi | ||
2071 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2072 | done | ||
2073 | else | ||
2074 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2075 | /* end confdefs.h. */ | ||
2076 | $4 | ||
2077 | int | ||
2078 | main () | ||
2079 | { | ||
2080 | static int test_array [1 - 2 * !(($2) < 0)]; | ||
2081 | test_array [0] = 0; | ||
2082 | return test_array [0]; | ||
2083 | |||
2084 | ; | ||
2085 | return 0; | ||
2086 | } | ||
2087 | _ACEOF | ||
2088 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2089 | ac_hi=-1 ac_mid=-1 | ||
2090 | while :; do | ||
2091 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2092 | /* end confdefs.h. */ | ||
2093 | $4 | ||
2094 | int | ||
2095 | main () | ||
2096 | { | ||
2097 | static int test_array [1 - 2 * !(($2) >= $ac_mid)]; | ||
2098 | test_array [0] = 0; | ||
2099 | return test_array [0]; | ||
2100 | |||
2101 | ; | ||
2102 | return 0; | ||
2103 | } | ||
2104 | _ACEOF | ||
2105 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2106 | ac_lo=$ac_mid; break | ||
2107 | else | ||
2108 | as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val | ||
2109 | if test $ac_mid -le $ac_hi; then | ||
2110 | ac_lo= ac_hi= | ||
2111 | break | ||
2112 | fi | ||
2113 | as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val | ||
2114 | fi | ||
2115 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2116 | done | ||
2117 | else | ||
2118 | ac_lo= ac_hi= | ||
2119 | fi | ||
2120 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2121 | fi | ||
2122 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2123 | # Binary search between lo and hi bounds. | ||
2124 | while test "x$ac_lo" != "x$ac_hi"; do | ||
2125 | as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val | ||
2126 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2127 | /* end confdefs.h. */ | ||
2128 | $4 | ||
2129 | int | ||
2130 | main () | ||
2131 | { | ||
2132 | static int test_array [1 - 2 * !(($2) <= $ac_mid)]; | ||
2133 | test_array [0] = 0; | ||
2134 | return test_array [0]; | ||
2135 | |||
2136 | ; | ||
2137 | return 0; | ||
2138 | } | ||
2139 | _ACEOF | ||
2140 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2141 | ac_hi=$ac_mid | ||
2142 | else | ||
2143 | as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val | ||
2144 | fi | ||
2145 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2146 | done | ||
2147 | case $ac_lo in #(( | ||
2148 | ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; | ||
2149 | '') ac_retval=1 ;; | ||
2150 | esac | ||
2151 | else | ||
2152 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2153 | /* end confdefs.h. */ | ||
2154 | $4 | ||
2155 | static long int longval () { return $2; } | ||
2156 | static unsigned long int ulongval () { return $2; } | ||
2157 | #include <stdio.h> | ||
2158 | #include <stdlib.h> | ||
2159 | int | ||
2160 | main () | ||
2161 | { | ||
2162 | |||
2163 | FILE *f = fopen ("conftest.val", "w"); | ||
2164 | if (! f) | ||
2165 | return 1; | ||
2166 | if (($2) < 0) | ||
2167 | { | ||
2168 | long int i = longval (); | ||
2169 | if (i != ($2)) | ||
2170 | return 1; | ||
2171 | fprintf (f, "%ld", i); | ||
2172 | } | ||
2173 | else | ||
2174 | { | ||
2175 | unsigned long int i = ulongval (); | ||
2176 | if (i != ($2)) | ||
2177 | return 1; | ||
2178 | fprintf (f, "%lu", i); | ||
2179 | } | ||
2180 | /* Do not output a trailing newline, as this causes \r\n confusion | ||
2181 | on some platforms. */ | ||
2182 | return ferror (f) || fclose (f) != 0; | ||
2183 | |||
2184 | ; | ||
2185 | return 0; | ||
2186 | } | ||
2187 | _ACEOF | ||
2188 | if ac_fn_c_try_run "$LINENO"; then : | ||
2189 | echo >>conftest.val; read $3 <conftest.val; ac_retval=0 | ||
2190 | else | ||
2191 | ac_retval=1 | ||
2192 | fi | ||
2193 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
2194 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
2195 | rm -f conftest.val | ||
2196 | |||
2197 | fi | ||
2198 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
2199 | as_fn_set_status $ac_retval | ||
2200 | |||
2201 | } # ac_fn_c_compute_int | ||
2202 | |||
2203 | # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES | ||
2204 | # ---------------------------------------------------- | ||
2205 | # Tries to find if the field MEMBER exists in type AGGR, after including | ||
2206 | # INCLUDES, setting cache variable VAR accordingly. | ||
2207 | ac_fn_c_check_member () | ||
2208 | { | ||
2209 | as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
2210 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 | ||
2211 | $as_echo_n "checking for $2.$3... " >&6; } | ||
2212 | if eval \${$4+:} false; then : | ||
2213 | $as_echo_n "(cached) " >&6 | ||
2214 | else | ||
2215 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2216 | /* end confdefs.h. */ | ||
2217 | $5 | ||
2218 | int | ||
2219 | main () | ||
2220 | { | ||
2221 | static $2 ac_aggr; | ||
2222 | if (ac_aggr.$3) | ||
2223 | return 0; | ||
2224 | ; | ||
2225 | return 0; | ||
2226 | } | ||
2227 | _ACEOF | ||
2228 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2229 | eval "$4=yes" | ||
2230 | else | ||
2231 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2232 | /* end confdefs.h. */ | ||
2233 | $5 | ||
2234 | int | ||
2235 | main () | ||
2236 | { | ||
2237 | static $2 ac_aggr; | ||
2238 | if (sizeof ac_aggr.$3) | ||
2239 | return 0; | ||
2240 | ; | ||
2241 | return 0; | ||
2242 | } | ||
2243 | _ACEOF | ||
2244 | if ac_fn_c_try_compile "$LINENO"; then : | ||
2245 | eval "$4=yes" | ||
2246 | else | ||
2247 | eval "$4=no" | ||
2248 | fi | ||
2249 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2250 | fi | ||
2251 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
2252 | fi | ||
2253 | eval ac_res=\$$4 | ||
2254 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
2255 | $as_echo "$ac_res" >&6; } | ||
2256 | eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno | ||
2257 | |||
2258 | } # ac_fn_c_check_member | ||
2259 | cat >config.log <<_ACEOF | ||
2260 | This file contains any messages produced by compilers while | ||
2261 | running configure, to aid debugging if configure makes a mistake. | ||
2262 | |||
2263 | It was created by OpenSSH $as_me Portable, which was | ||
2264 | generated by GNU Autoconf 2.69. Invocation command line was | ||
2265 | |||
2266 | $ $0 $@ | ||
2267 | |||
2268 | _ACEOF | ||
2269 | exec 5>>config.log | ||
2270 | { | ||
2271 | cat <<_ASUNAME | ||
2272 | ## --------- ## | ||
2273 | ## Platform. ## | ||
2274 | ## --------- ## | ||
2275 | |||
2276 | hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` | ||
2277 | uname -m = `(uname -m) 2>/dev/null || echo unknown` | ||
2278 | uname -r = `(uname -r) 2>/dev/null || echo unknown` | ||
2279 | uname -s = `(uname -s) 2>/dev/null || echo unknown` | ||
2280 | uname -v = `(uname -v) 2>/dev/null || echo unknown` | ||
2281 | |||
2282 | /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` | ||
2283 | /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` | ||
2284 | |||
2285 | /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` | ||
2286 | /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` | ||
2287 | /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` | ||
2288 | /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` | ||
2289 | /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` | ||
2290 | /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` | ||
2291 | /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` | ||
2292 | |||
2293 | _ASUNAME | ||
2294 | |||
2295 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2296 | for as_dir in $PATH | ||
2297 | do | ||
2298 | IFS=$as_save_IFS | ||
2299 | test -z "$as_dir" && as_dir=. | ||
2300 | $as_echo "PATH: $as_dir" | ||
2301 | done | ||
2302 | IFS=$as_save_IFS | ||
2303 | |||
2304 | } >&5 | ||
2305 | |||
2306 | cat >&5 <<_ACEOF | ||
2307 | |||
2308 | |||
2309 | ## ----------- ## | ||
2310 | ## Core tests. ## | ||
2311 | ## ----------- ## | ||
2312 | |||
2313 | _ACEOF | ||
2314 | |||
2315 | |||
2316 | # Keep a trace of the command line. | ||
2317 | # Strip out --no-create and --no-recursion so they do not pile up. | ||
2318 | # Strip out --silent because we don't want to record it for future runs. | ||
2319 | # Also quote any args containing shell meta-characters. | ||
2320 | # Make two passes to allow for proper duplicate-argument suppression. | ||
2321 | ac_configure_args= | ||
2322 | ac_configure_args0= | ||
2323 | ac_configure_args1= | ||
2324 | ac_must_keep_next=false | ||
2325 | for ac_pass in 1 2 | ||
2326 | do | ||
2327 | for ac_arg | ||
2328 | do | ||
2329 | case $ac_arg in | ||
2330 | -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; | ||
2331 | -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | ||
2332 | | -silent | --silent | --silen | --sile | --sil) | ||
2333 | continue ;; | ||
2334 | *\'*) | ||
2335 | ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
2336 | esac | ||
2337 | case $ac_pass in | ||
2338 | 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; | ||
2339 | 2) | ||
2340 | as_fn_append ac_configure_args1 " '$ac_arg'" | ||
2341 | if test $ac_must_keep_next = true; then | ||
2342 | ac_must_keep_next=false # Got value, back to normal. | ||
2343 | else | ||
2344 | case $ac_arg in | ||
2345 | *=* | --config-cache | -C | -disable-* | --disable-* \ | ||
2346 | | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | ||
2347 | | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | ||
2348 | | -with-* | --with-* | -without-* | --without-* | --x) | ||
2349 | case "$ac_configure_args0 " in | ||
2350 | "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; | ||
2351 | esac | ||
2352 | ;; | ||
2353 | -* ) ac_must_keep_next=true ;; | ||
2354 | esac | ||
2355 | fi | ||
2356 | as_fn_append ac_configure_args " '$ac_arg'" | ||
2357 | ;; | ||
2358 | esac | ||
2359 | done | ||
2360 | done | ||
2361 | { ac_configure_args0=; unset ac_configure_args0;} | ||
2362 | { ac_configure_args1=; unset ac_configure_args1;} | ||
2363 | |||
2364 | # When interrupted or exit'd, cleanup temporary files, and complete | ||
2365 | # config.log. We remove comments because anyway the quotes in there | ||
2366 | # would cause problems or look ugly. | ||
2367 | # WARNING: Use '\'' to represent an apostrophe within the trap. | ||
2368 | # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. | ||
2369 | trap 'exit_status=$? | ||
2370 | # Save into config.log some information that might help in debugging. | ||
2371 | { | ||
2372 | echo | ||
2373 | |||
2374 | $as_echo "## ---------------- ## | ||
2375 | ## Cache variables. ## | ||
2376 | ## ---------------- ##" | ||
2377 | echo | ||
2378 | # The following way of writing the cache mishandles newlines in values, | ||
2379 | ( | ||
2380 | for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do | ||
2381 | eval ac_val=\$$ac_var | ||
2382 | case $ac_val in #( | ||
2383 | *${as_nl}*) | ||
2384 | case $ac_var in #( | ||
2385 | *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 | ||
2386 | $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; | ||
2387 | esac | ||
2388 | case $ac_var in #( | ||
2389 | _ | IFS | as_nl) ;; #( | ||
2390 | BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( | ||
2391 | *) { eval $ac_var=; unset $ac_var;} ;; | ||
2392 | esac ;; | ||
2393 | esac | ||
2394 | done | ||
2395 | (set) 2>&1 | | ||
2396 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( | ||
2397 | *${as_nl}ac_space=\ *) | ||
2398 | sed -n \ | ||
2399 | "s/'\''/'\''\\\\'\'''\''/g; | ||
2400 | s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" | ||
2401 | ;; #( | ||
2402 | *) | ||
2403 | sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" | ||
2404 | ;; | ||
2405 | esac | | ||
2406 | sort | ||
2407 | ) | ||
2408 | echo | ||
2409 | |||
2410 | $as_echo "## ----------------- ## | ||
2411 | ## Output variables. ## | ||
2412 | ## ----------------- ##" | ||
2413 | echo | ||
2414 | for ac_var in $ac_subst_vars | ||
2415 | do | ||
2416 | eval ac_val=\$$ac_var | ||
2417 | case $ac_val in | ||
2418 | *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; | ||
2419 | esac | ||
2420 | $as_echo "$ac_var='\''$ac_val'\''" | ||
2421 | done | sort | ||
2422 | echo | ||
2423 | |||
2424 | if test -n "$ac_subst_files"; then | ||
2425 | $as_echo "## ------------------- ## | ||
2426 | ## File substitutions. ## | ||
2427 | ## ------------------- ##" | ||
2428 | echo | ||
2429 | for ac_var in $ac_subst_files | ||
2430 | do | ||
2431 | eval ac_val=\$$ac_var | ||
2432 | case $ac_val in | ||
2433 | *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; | ||
2434 | esac | ||
2435 | $as_echo "$ac_var='\''$ac_val'\''" | ||
2436 | done | sort | ||
2437 | echo | ||
2438 | fi | ||
2439 | |||
2440 | if test -s confdefs.h; then | ||
2441 | $as_echo "## ----------- ## | ||
2442 | ## confdefs.h. ## | ||
2443 | ## ----------- ##" | ||
2444 | echo | ||
2445 | cat confdefs.h | ||
2446 | echo | ||
2447 | fi | ||
2448 | test "$ac_signal" != 0 && | ||
2449 | $as_echo "$as_me: caught signal $ac_signal" | ||
2450 | $as_echo "$as_me: exit $exit_status" | ||
2451 | } >&5 | ||
2452 | rm -f core *.core core.conftest.* && | ||
2453 | rm -f -r conftest* confdefs* conf$$* $ac_clean_files && | ||
2454 | exit $exit_status | ||
2455 | ' 0 | ||
2456 | for ac_signal in 1 2 13 15; do | ||
2457 | trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal | ||
2458 | done | ||
2459 | ac_signal=0 | ||
2460 | |||
2461 | # confdefs.h avoids OS command line length limits that DEFS can exceed. | ||
2462 | rm -f -r conftest* confdefs.h | ||
2463 | |||
2464 | $as_echo "/* confdefs.h */" > confdefs.h | ||
2465 | |||
2466 | # Predefined preprocessor variables. | ||
2467 | |||
2468 | cat >>confdefs.h <<_ACEOF | ||
2469 | #define PACKAGE_NAME "$PACKAGE_NAME" | ||
2470 | _ACEOF | ||
2471 | |||
2472 | cat >>confdefs.h <<_ACEOF | ||
2473 | #define PACKAGE_TARNAME "$PACKAGE_TARNAME" | ||
2474 | _ACEOF | ||
2475 | |||
2476 | cat >>confdefs.h <<_ACEOF | ||
2477 | #define PACKAGE_VERSION "$PACKAGE_VERSION" | ||
2478 | _ACEOF | ||
2479 | |||
2480 | cat >>confdefs.h <<_ACEOF | ||
2481 | #define PACKAGE_STRING "$PACKAGE_STRING" | ||
2482 | _ACEOF | ||
2483 | |||
2484 | cat >>confdefs.h <<_ACEOF | ||
2485 | #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" | ||
2486 | _ACEOF | ||
2487 | |||
2488 | cat >>confdefs.h <<_ACEOF | ||
2489 | #define PACKAGE_URL "$PACKAGE_URL" | ||
2490 | _ACEOF | ||
2491 | |||
2492 | |||
2493 | # Let the site file select an alternate cache file if it wants to. | ||
2494 | # Prefer an explicitly selected file to automatically selected ones. | ||
2495 | ac_site_file1=NONE | ||
2496 | ac_site_file2=NONE | ||
2497 | if test -n "$CONFIG_SITE"; then | ||
2498 | # We do not want a PATH search for config.site. | ||
2499 | case $CONFIG_SITE in #(( | ||
2500 | -*) ac_site_file1=./$CONFIG_SITE;; | ||
2501 | */*) ac_site_file1=$CONFIG_SITE;; | ||
2502 | *) ac_site_file1=./$CONFIG_SITE;; | ||
2503 | esac | ||
2504 | elif test "x$prefix" != xNONE; then | ||
2505 | ac_site_file1=$prefix/share/config.site | ||
2506 | ac_site_file2=$prefix/etc/config.site | ||
2507 | else | ||
2508 | ac_site_file1=$ac_default_prefix/share/config.site | ||
2509 | ac_site_file2=$ac_default_prefix/etc/config.site | ||
2510 | fi | ||
2511 | for ac_site_file in "$ac_site_file1" "$ac_site_file2" | ||
2512 | do | ||
2513 | test "x$ac_site_file" = xNONE && continue | ||
2514 | if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then | ||
2515 | { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 | ||
2516 | $as_echo "$as_me: loading site script $ac_site_file" >&6;} | ||
2517 | sed 's/^/| /' "$ac_site_file" >&5 | ||
2518 | . "$ac_site_file" \ | ||
2519 | || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2520 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2521 | as_fn_error $? "failed to load site script $ac_site_file | ||
2522 | See \`config.log' for more details" "$LINENO" 5; } | ||
2523 | fi | ||
2524 | done | ||
2525 | |||
2526 | if test -r "$cache_file"; then | ||
2527 | # Some versions of bash will fail to source /dev/null (special files | ||
2528 | # actually), so we avoid doing that. DJGPP emulates it as a regular file. | ||
2529 | if test /dev/null != "$cache_file" && test -f "$cache_file"; then | ||
2530 | { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 | ||
2531 | $as_echo "$as_me: loading cache $cache_file" >&6;} | ||
2532 | case $cache_file in | ||
2533 | [\\/]* | ?:[\\/]* ) . "$cache_file";; | ||
2534 | *) . "./$cache_file";; | ||
2535 | esac | ||
2536 | fi | ||
2537 | else | ||
2538 | { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 | ||
2539 | $as_echo "$as_me: creating cache $cache_file" >&6;} | ||
2540 | >$cache_file | ||
2541 | fi | ||
2542 | |||
2543 | # Check that the precious variables saved in the cache have kept the same | ||
2544 | # value. | ||
2545 | ac_cache_corrupted=false | ||
2546 | for ac_var in $ac_precious_vars; do | ||
2547 | eval ac_old_set=\$ac_cv_env_${ac_var}_set | ||
2548 | eval ac_new_set=\$ac_env_${ac_var}_set | ||
2549 | eval ac_old_val=\$ac_cv_env_${ac_var}_value | ||
2550 | eval ac_new_val=\$ac_env_${ac_var}_value | ||
2551 | case $ac_old_set,$ac_new_set in | ||
2552 | set,) | ||
2553 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 | ||
2554 | $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} | ||
2555 | ac_cache_corrupted=: ;; | ||
2556 | ,set) | ||
2557 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 | ||
2558 | $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} | ||
2559 | ac_cache_corrupted=: ;; | ||
2560 | ,);; | ||
2561 | *) | ||
2562 | if test "x$ac_old_val" != "x$ac_new_val"; then | ||
2563 | # differences in whitespace do not lead to failure. | ||
2564 | ac_old_val_w=`echo x $ac_old_val` | ||
2565 | ac_new_val_w=`echo x $ac_new_val` | ||
2566 | if test "$ac_old_val_w" != "$ac_new_val_w"; then | ||
2567 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 | ||
2568 | $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} | ||
2569 | ac_cache_corrupted=: | ||
2570 | else | ||
2571 | { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 | ||
2572 | $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} | ||
2573 | eval $ac_var=\$ac_old_val | ||
2574 | fi | ||
2575 | { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 | ||
2576 | $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} | ||
2577 | { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 | ||
2578 | $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} | ||
2579 | fi;; | ||
2580 | esac | ||
2581 | # Pass precious variables to config.status. | ||
2582 | if test "$ac_new_set" = set; then | ||
2583 | case $ac_new_val in | ||
2584 | *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
2585 | *) ac_arg=$ac_var=$ac_new_val ;; | ||
2586 | esac | ||
2587 | case " $ac_configure_args " in | ||
2588 | *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. | ||
2589 | *) as_fn_append ac_configure_args " '$ac_arg'" ;; | ||
2590 | esac | ||
2591 | fi | ||
2592 | done | ||
2593 | if $ac_cache_corrupted; then | ||
2594 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2595 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2596 | { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 | ||
2597 | $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} | ||
2598 | as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 | ||
2599 | fi | ||
2600 | ## -------------------- ## | ||
2601 | ## Main body of script. ## | ||
2602 | ## -------------------- ## | ||
2603 | |||
2604 | ac_ext=c | ||
2605 | ac_cpp='$CPP $CPPFLAGS' | ||
2606 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
2607 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
2608 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
2609 | |||
2610 | |||
2611 | |||
2612 | |||
2613 | ac_ext=c | ||
2614 | ac_cpp='$CPP $CPPFLAGS' | ||
2615 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
2616 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
2617 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
2618 | |||
2619 | |||
2620 | ac_config_headers="$ac_config_headers config.h" | ||
2621 | |||
2622 | ac_ext=c | ||
2623 | ac_cpp='$CPP $CPPFLAGS' | ||
2624 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
2625 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
2626 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
2627 | if test -n "$ac_tool_prefix"; then | ||
2628 | # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. | ||
2629 | set dummy ${ac_tool_prefix}gcc; ac_word=$2 | ||
2630 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2631 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2632 | if ${ac_cv_prog_CC+:} false; then : | ||
2633 | $as_echo_n "(cached) " >&6 | ||
2634 | else | ||
2635 | if test -n "$CC"; then | ||
2636 | ac_cv_prog_CC="$CC" # Let the user override the test. | ||
2637 | else | ||
2638 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2639 | for as_dir in $PATH | ||
2640 | do | ||
2641 | IFS=$as_save_IFS | ||
2642 | test -z "$as_dir" && as_dir=. | ||
2643 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2644 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2645 | ac_cv_prog_CC="${ac_tool_prefix}gcc" | ||
2646 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2647 | break 2 | ||
2648 | fi | ||
2649 | done | ||
2650 | done | ||
2651 | IFS=$as_save_IFS | ||
2652 | |||
2653 | fi | ||
2654 | fi | ||
2655 | CC=$ac_cv_prog_CC | ||
2656 | if test -n "$CC"; then | ||
2657 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 | ||
2658 | $as_echo "$CC" >&6; } | ||
2659 | else | ||
2660 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2661 | $as_echo "no" >&6; } | ||
2662 | fi | ||
2663 | |||
2664 | |||
2665 | fi | ||
2666 | if test -z "$ac_cv_prog_CC"; then | ||
2667 | ac_ct_CC=$CC | ||
2668 | # Extract the first word of "gcc", so it can be a program name with args. | ||
2669 | set dummy gcc; ac_word=$2 | ||
2670 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2671 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2672 | if ${ac_cv_prog_ac_ct_CC+:} false; then : | ||
2673 | $as_echo_n "(cached) " >&6 | ||
2674 | else | ||
2675 | if test -n "$ac_ct_CC"; then | ||
2676 | ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. | ||
2677 | else | ||
2678 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2679 | for as_dir in $PATH | ||
2680 | do | ||
2681 | IFS=$as_save_IFS | ||
2682 | test -z "$as_dir" && as_dir=. | ||
2683 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2684 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2685 | ac_cv_prog_ac_ct_CC="gcc" | ||
2686 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2687 | break 2 | ||
2688 | fi | ||
2689 | done | ||
2690 | done | ||
2691 | IFS=$as_save_IFS | ||
2692 | |||
2693 | fi | ||
2694 | fi | ||
2695 | ac_ct_CC=$ac_cv_prog_ac_ct_CC | ||
2696 | if test -n "$ac_ct_CC"; then | ||
2697 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 | ||
2698 | $as_echo "$ac_ct_CC" >&6; } | ||
2699 | else | ||
2700 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2701 | $as_echo "no" >&6; } | ||
2702 | fi | ||
2703 | |||
2704 | if test "x$ac_ct_CC" = x; then | ||
2705 | CC="" | ||
2706 | else | ||
2707 | case $cross_compiling:$ac_tool_warned in | ||
2708 | yes:) | ||
2709 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
2710 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
2711 | ac_tool_warned=yes ;; | ||
2712 | esac | ||
2713 | CC=$ac_ct_CC | ||
2714 | fi | ||
2715 | else | ||
2716 | CC="$ac_cv_prog_CC" | ||
2717 | fi | ||
2718 | |||
2719 | if test -z "$CC"; then | ||
2720 | if test -n "$ac_tool_prefix"; then | ||
2721 | # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. | ||
2722 | set dummy ${ac_tool_prefix}cc; ac_word=$2 | ||
2723 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2724 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2725 | if ${ac_cv_prog_CC+:} false; then : | ||
2726 | $as_echo_n "(cached) " >&6 | ||
2727 | else | ||
2728 | if test -n "$CC"; then | ||
2729 | ac_cv_prog_CC="$CC" # Let the user override the test. | ||
2730 | else | ||
2731 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2732 | for as_dir in $PATH | ||
2733 | do | ||
2734 | IFS=$as_save_IFS | ||
2735 | test -z "$as_dir" && as_dir=. | ||
2736 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2737 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2738 | ac_cv_prog_CC="${ac_tool_prefix}cc" | ||
2739 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2740 | break 2 | ||
2741 | fi | ||
2742 | done | ||
2743 | done | ||
2744 | IFS=$as_save_IFS | ||
2745 | |||
2746 | fi | ||
2747 | fi | ||
2748 | CC=$ac_cv_prog_CC | ||
2749 | if test -n "$CC"; then | ||
2750 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 | ||
2751 | $as_echo "$CC" >&6; } | ||
2752 | else | ||
2753 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2754 | $as_echo "no" >&6; } | ||
2755 | fi | ||
2756 | |||
2757 | |||
2758 | fi | ||
2759 | fi | ||
2760 | if test -z "$CC"; then | ||
2761 | # Extract the first word of "cc", so it can be a program name with args. | ||
2762 | set dummy cc; ac_word=$2 | ||
2763 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2764 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2765 | if ${ac_cv_prog_CC+:} false; then : | ||
2766 | $as_echo_n "(cached) " >&6 | ||
2767 | else | ||
2768 | if test -n "$CC"; then | ||
2769 | ac_cv_prog_CC="$CC" # Let the user override the test. | ||
2770 | else | ||
2771 | ac_prog_rejected=no | ||
2772 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2773 | for as_dir in $PATH | ||
2774 | do | ||
2775 | IFS=$as_save_IFS | ||
2776 | test -z "$as_dir" && as_dir=. | ||
2777 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2778 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2779 | if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then | ||
2780 | ac_prog_rejected=yes | ||
2781 | continue | ||
2782 | fi | ||
2783 | ac_cv_prog_CC="cc" | ||
2784 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2785 | break 2 | ||
2786 | fi | ||
2787 | done | ||
2788 | done | ||
2789 | IFS=$as_save_IFS | ||
2790 | |||
2791 | if test $ac_prog_rejected = yes; then | ||
2792 | # We found a bogon in the path, so make sure we never use it. | ||
2793 | set dummy $ac_cv_prog_CC | ||
2794 | shift | ||
2795 | if test $# != 0; then | ||
2796 | # We chose a different compiler from the bogus one. | ||
2797 | # However, it has the same basename, so the bogon will be chosen | ||
2798 | # first if we set CC to just the basename; use the full file name. | ||
2799 | shift | ||
2800 | ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" | ||
2801 | fi | ||
2802 | fi | ||
2803 | fi | ||
2804 | fi | ||
2805 | CC=$ac_cv_prog_CC | ||
2806 | if test -n "$CC"; then | ||
2807 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 | ||
2808 | $as_echo "$CC" >&6; } | ||
2809 | else | ||
2810 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2811 | $as_echo "no" >&6; } | ||
2812 | fi | ||
2813 | |||
2814 | |||
2815 | fi | ||
2816 | if test -z "$CC"; then | ||
2817 | if test -n "$ac_tool_prefix"; then | ||
2818 | for ac_prog in cl.exe | ||
2819 | do | ||
2820 | # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. | ||
2821 | set dummy $ac_tool_prefix$ac_prog; ac_word=$2 | ||
2822 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2823 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2824 | if ${ac_cv_prog_CC+:} false; then : | ||
2825 | $as_echo_n "(cached) " >&6 | ||
2826 | else | ||
2827 | if test -n "$CC"; then | ||
2828 | ac_cv_prog_CC="$CC" # Let the user override the test. | ||
2829 | else | ||
2830 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2831 | for as_dir in $PATH | ||
2832 | do | ||
2833 | IFS=$as_save_IFS | ||
2834 | test -z "$as_dir" && as_dir=. | ||
2835 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2836 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2837 | ac_cv_prog_CC="$ac_tool_prefix$ac_prog" | ||
2838 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2839 | break 2 | ||
2840 | fi | ||
2841 | done | ||
2842 | done | ||
2843 | IFS=$as_save_IFS | ||
2844 | |||
2845 | fi | ||
2846 | fi | ||
2847 | CC=$ac_cv_prog_CC | ||
2848 | if test -n "$CC"; then | ||
2849 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 | ||
2850 | $as_echo "$CC" >&6; } | ||
2851 | else | ||
2852 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2853 | $as_echo "no" >&6; } | ||
2854 | fi | ||
2855 | |||
2856 | |||
2857 | test -n "$CC" && break | ||
2858 | done | ||
2859 | fi | ||
2860 | if test -z "$CC"; then | ||
2861 | ac_ct_CC=$CC | ||
2862 | for ac_prog in cl.exe | ||
2863 | do | ||
2864 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
2865 | set dummy $ac_prog; ac_word=$2 | ||
2866 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
2867 | $as_echo_n "checking for $ac_word... " >&6; } | ||
2868 | if ${ac_cv_prog_ac_ct_CC+:} false; then : | ||
2869 | $as_echo_n "(cached) " >&6 | ||
2870 | else | ||
2871 | if test -n "$ac_ct_CC"; then | ||
2872 | ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. | ||
2873 | else | ||
2874 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2875 | for as_dir in $PATH | ||
2876 | do | ||
2877 | IFS=$as_save_IFS | ||
2878 | test -z "$as_dir" && as_dir=. | ||
2879 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2880 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2881 | ac_cv_prog_ac_ct_CC="$ac_prog" | ||
2882 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2883 | break 2 | ||
2884 | fi | ||
2885 | done | ||
2886 | done | ||
2887 | IFS=$as_save_IFS | ||
2888 | |||
2889 | fi | ||
2890 | fi | ||
2891 | ac_ct_CC=$ac_cv_prog_ac_ct_CC | ||
2892 | if test -n "$ac_ct_CC"; then | ||
2893 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 | ||
2894 | $as_echo "$ac_ct_CC" >&6; } | ||
2895 | else | ||
2896 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
2897 | $as_echo "no" >&6; } | ||
2898 | fi | ||
2899 | |||
2900 | |||
2901 | test -n "$ac_ct_CC" && break | ||
2902 | done | ||
2903 | |||
2904 | if test "x$ac_ct_CC" = x; then | ||
2905 | CC="" | ||
2906 | else | ||
2907 | case $cross_compiling:$ac_tool_warned in | ||
2908 | yes:) | ||
2909 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
2910 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
2911 | ac_tool_warned=yes ;; | ||
2912 | esac | ||
2913 | CC=$ac_ct_CC | ||
2914 | fi | ||
2915 | fi | ||
2916 | |||
2917 | fi | ||
2918 | |||
2919 | |||
2920 | test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
2921 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
2922 | as_fn_error $? "no acceptable C compiler found in \$PATH | ||
2923 | See \`config.log' for more details" "$LINENO" 5; } | ||
2924 | |||
2925 | # Provide some information about the compiler. | ||
2926 | $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 | ||
2927 | set X $ac_compile | ||
2928 | ac_compiler=$2 | ||
2929 | for ac_option in --version -v -V -qversion; do | ||
2930 | { { ac_try="$ac_compiler $ac_option >&5" | ||
2931 | case "(($ac_try" in | ||
2932 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2933 | *) ac_try_echo=$ac_try;; | ||
2934 | esac | ||
2935 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2936 | $as_echo "$ac_try_echo"; } >&5 | ||
2937 | (eval "$ac_compiler $ac_option >&5") 2>conftest.err | ||
2938 | ac_status=$? | ||
2939 | if test -s conftest.err; then | ||
2940 | sed '10a\ | ||
2941 | ... rest of stderr output deleted ... | ||
2942 | 10q' conftest.err >conftest.er1 | ||
2943 | cat conftest.er1 >&5 | ||
2944 | fi | ||
2945 | rm -f conftest.er1 conftest.err | ||
2946 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2947 | test $ac_status = 0; } | ||
2948 | done | ||
2949 | |||
2950 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
2951 | /* end confdefs.h. */ | ||
2952 | |||
2953 | int | ||
2954 | main () | ||
2955 | { | ||
2956 | |||
2957 | ; | ||
2958 | return 0; | ||
2959 | } | ||
2960 | _ACEOF | ||
2961 | ac_clean_files_save=$ac_clean_files | ||
2962 | ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" | ||
2963 | # Try to create an executable without -o first, disregard a.out. | ||
2964 | # It will help us diagnose broken compilers, and finding out an intuition | ||
2965 | # of exeext. | ||
2966 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 | ||
2967 | $as_echo_n "checking whether the C compiler works... " >&6; } | ||
2968 | ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` | ||
2969 | |||
2970 | # The possible output files: | ||
2971 | ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" | ||
2972 | |||
2973 | ac_rmfiles= | ||
2974 | for ac_file in $ac_files | ||
2975 | do | ||
2976 | case $ac_file in | ||
2977 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; | ||
2978 | * ) ac_rmfiles="$ac_rmfiles $ac_file";; | ||
2979 | esac | ||
2980 | done | ||
2981 | rm -f $ac_rmfiles | ||
2982 | |||
2983 | if { { ac_try="$ac_link_default" | ||
2984 | case "(($ac_try" in | ||
2985 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
2986 | *) ac_try_echo=$ac_try;; | ||
2987 | esac | ||
2988 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
2989 | $as_echo "$ac_try_echo"; } >&5 | ||
2990 | (eval "$ac_link_default") 2>&5 | ||
2991 | ac_status=$? | ||
2992 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
2993 | test $ac_status = 0; }; then : | ||
2994 | # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. | ||
2995 | # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' | ||
2996 | # in a Makefile. We should not override ac_cv_exeext if it was cached, | ||
2997 | # so that the user can short-circuit this test for compilers unknown to | ||
2998 | # Autoconf. | ||
2999 | for ac_file in $ac_files '' | ||
3000 | do | ||
3001 | test -f "$ac_file" || continue | ||
3002 | case $ac_file in | ||
3003 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) | ||
3004 | ;; | ||
3005 | [ab].out ) | ||
3006 | # We found the default executable, but exeext='' is most | ||
3007 | # certainly right. | ||
3008 | break;; | ||
3009 | *.* ) | ||
3010 | if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; | ||
3011 | then :; else | ||
3012 | ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` | ||
3013 | fi | ||
3014 | # We set ac_cv_exeext here because the later test for it is not | ||
3015 | # safe: cross compilers may not add the suffix if given an `-o' | ||
3016 | # argument, so we may need to know it at that point already. | ||
3017 | # Even if this section looks crufty: it has the advantage of | ||
3018 | # actually working. | ||
3019 | break;; | ||
3020 | * ) | ||
3021 | break;; | ||
3022 | esac | ||
3023 | done | ||
3024 | test "$ac_cv_exeext" = no && ac_cv_exeext= | ||
3025 | |||
3026 | else | ||
3027 | ac_file='' | ||
3028 | fi | ||
3029 | if test -z "$ac_file"; then : | ||
3030 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
3031 | $as_echo "no" >&6; } | ||
3032 | $as_echo "$as_me: failed program was:" >&5 | ||
3033 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
3034 | |||
3035 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
3036 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
3037 | as_fn_error 77 "C compiler cannot create executables | ||
3038 | See \`config.log' for more details" "$LINENO" 5; } | ||
3039 | else | ||
3040 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
3041 | $as_echo "yes" >&6; } | ||
3042 | fi | ||
3043 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 | ||
3044 | $as_echo_n "checking for C compiler default output file name... " >&6; } | ||
3045 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 | ||
3046 | $as_echo "$ac_file" >&6; } | ||
3047 | ac_exeext=$ac_cv_exeext | ||
3048 | |||
3049 | rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out | ||
3050 | ac_clean_files=$ac_clean_files_save | ||
3051 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 | ||
3052 | $as_echo_n "checking for suffix of executables... " >&6; } | ||
3053 | if { { ac_try="$ac_link" | ||
3054 | case "(($ac_try" in | ||
3055 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
3056 | *) ac_try_echo=$ac_try;; | ||
3057 | esac | ||
3058 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
3059 | $as_echo "$ac_try_echo"; } >&5 | ||
3060 | (eval "$ac_link") 2>&5 | ||
3061 | ac_status=$? | ||
3062 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
3063 | test $ac_status = 0; }; then : | ||
3064 | # If both `conftest.exe' and `conftest' are `present' (well, observable) | ||
3065 | # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will | ||
3066 | # work properly (i.e., refer to `conftest.exe'), while it won't with | ||
3067 | # `rm'. | ||
3068 | for ac_file in conftest.exe conftest conftest.*; do | ||
3069 | test -f "$ac_file" || continue | ||
3070 | case $ac_file in | ||
3071 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; | ||
3072 | *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` | ||
3073 | break;; | ||
3074 | * ) break;; | ||
3075 | esac | ||
3076 | done | ||
3077 | else | ||
3078 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
3079 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
3080 | as_fn_error $? "cannot compute suffix of executables: cannot compile and link | ||
3081 | See \`config.log' for more details" "$LINENO" 5; } | ||
3082 | fi | ||
3083 | rm -f conftest conftest$ac_cv_exeext | ||
3084 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 | ||
3085 | $as_echo "$ac_cv_exeext" >&6; } | ||
3086 | |||
3087 | rm -f conftest.$ac_ext | ||
3088 | EXEEXT=$ac_cv_exeext | ||
3089 | ac_exeext=$EXEEXT | ||
3090 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3091 | /* end confdefs.h. */ | ||
3092 | #include <stdio.h> | ||
3093 | int | ||
3094 | main () | ||
3095 | { | ||
3096 | FILE *f = fopen ("conftest.out", "w"); | ||
3097 | return ferror (f) || fclose (f) != 0; | ||
3098 | |||
3099 | ; | ||
3100 | return 0; | ||
3101 | } | ||
3102 | _ACEOF | ||
3103 | ac_clean_files="$ac_clean_files conftest.out" | ||
3104 | # Check that the compiler produces executables we can run. If not, either | ||
3105 | # the compiler is broken, or we cross compile. | ||
3106 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 | ||
3107 | $as_echo_n "checking whether we are cross compiling... " >&6; } | ||
3108 | if test "$cross_compiling" != yes; then | ||
3109 | { { ac_try="$ac_link" | ||
3110 | case "(($ac_try" in | ||
3111 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
3112 | *) ac_try_echo=$ac_try;; | ||
3113 | esac | ||
3114 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
3115 | $as_echo "$ac_try_echo"; } >&5 | ||
3116 | (eval "$ac_link") 2>&5 | ||
3117 | ac_status=$? | ||
3118 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
3119 | test $ac_status = 0; } | ||
3120 | if { ac_try='./conftest$ac_cv_exeext' | ||
3121 | { { case "(($ac_try" in | ||
3122 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
3123 | *) ac_try_echo=$ac_try;; | ||
3124 | esac | ||
3125 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
3126 | $as_echo "$ac_try_echo"; } >&5 | ||
3127 | (eval "$ac_try") 2>&5 | ||
3128 | ac_status=$? | ||
3129 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
3130 | test $ac_status = 0; }; }; then | ||
3131 | cross_compiling=no | ||
3132 | else | ||
3133 | if test "$cross_compiling" = maybe; then | ||
3134 | cross_compiling=yes | ||
3135 | else | ||
3136 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
3137 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
3138 | as_fn_error $? "cannot run C compiled programs. | ||
3139 | If you meant to cross compile, use \`--host'. | ||
3140 | See \`config.log' for more details" "$LINENO" 5; } | ||
3141 | fi | ||
3142 | fi | ||
3143 | fi | ||
3144 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 | ||
3145 | $as_echo "$cross_compiling" >&6; } | ||
3146 | |||
3147 | rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out | ||
3148 | ac_clean_files=$ac_clean_files_save | ||
3149 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 | ||
3150 | $as_echo_n "checking for suffix of object files... " >&6; } | ||
3151 | if ${ac_cv_objext+:} false; then : | ||
3152 | $as_echo_n "(cached) " >&6 | ||
3153 | else | ||
3154 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3155 | /* end confdefs.h. */ | ||
3156 | |||
3157 | int | ||
3158 | main () | ||
3159 | { | ||
3160 | |||
3161 | ; | ||
3162 | return 0; | ||
3163 | } | ||
3164 | _ACEOF | ||
3165 | rm -f conftest.o conftest.obj | ||
3166 | if { { ac_try="$ac_compile" | ||
3167 | case "(($ac_try" in | ||
3168 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
3169 | *) ac_try_echo=$ac_try;; | ||
3170 | esac | ||
3171 | eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" | ||
3172 | $as_echo "$ac_try_echo"; } >&5 | ||
3173 | (eval "$ac_compile") 2>&5 | ||
3174 | ac_status=$? | ||
3175 | $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 | ||
3176 | test $ac_status = 0; }; then : | ||
3177 | for ac_file in conftest.o conftest.obj conftest.*; do | ||
3178 | test -f "$ac_file" || continue; | ||
3179 | case $ac_file in | ||
3180 | *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; | ||
3181 | *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` | ||
3182 | break;; | ||
3183 | esac | ||
3184 | done | ||
3185 | else | ||
3186 | $as_echo "$as_me: failed program was:" >&5 | ||
3187 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
3188 | |||
3189 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
3190 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
3191 | as_fn_error $? "cannot compute suffix of object files: cannot compile | ||
3192 | See \`config.log' for more details" "$LINENO" 5; } | ||
3193 | fi | ||
3194 | rm -f conftest.$ac_cv_objext conftest.$ac_ext | ||
3195 | fi | ||
3196 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 | ||
3197 | $as_echo "$ac_cv_objext" >&6; } | ||
3198 | OBJEXT=$ac_cv_objext | ||
3199 | ac_objext=$OBJEXT | ||
3200 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 | ||
3201 | $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } | ||
3202 | if ${ac_cv_c_compiler_gnu+:} false; then : | ||
3203 | $as_echo_n "(cached) " >&6 | ||
3204 | else | ||
3205 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3206 | /* end confdefs.h. */ | ||
3207 | |||
3208 | int | ||
3209 | main () | ||
3210 | { | ||
3211 | #ifndef __GNUC__ | ||
3212 | choke me | ||
3213 | #endif | ||
3214 | |||
3215 | ; | ||
3216 | return 0; | ||
3217 | } | ||
3218 | _ACEOF | ||
3219 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3220 | ac_compiler_gnu=yes | ||
3221 | else | ||
3222 | ac_compiler_gnu=no | ||
3223 | fi | ||
3224 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3225 | ac_cv_c_compiler_gnu=$ac_compiler_gnu | ||
3226 | |||
3227 | fi | ||
3228 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 | ||
3229 | $as_echo "$ac_cv_c_compiler_gnu" >&6; } | ||
3230 | if test $ac_compiler_gnu = yes; then | ||
3231 | GCC=yes | ||
3232 | else | ||
3233 | GCC= | ||
3234 | fi | ||
3235 | ac_test_CFLAGS=${CFLAGS+set} | ||
3236 | ac_save_CFLAGS=$CFLAGS | ||
3237 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 | ||
3238 | $as_echo_n "checking whether $CC accepts -g... " >&6; } | ||
3239 | if ${ac_cv_prog_cc_g+:} false; then : | ||
3240 | $as_echo_n "(cached) " >&6 | ||
3241 | else | ||
3242 | ac_save_c_werror_flag=$ac_c_werror_flag | ||
3243 | ac_c_werror_flag=yes | ||
3244 | ac_cv_prog_cc_g=no | ||
3245 | CFLAGS="-g" | ||
3246 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3247 | /* end confdefs.h. */ | ||
3248 | |||
3249 | int | ||
3250 | main () | ||
3251 | { | ||
3252 | |||
3253 | ; | ||
3254 | return 0; | ||
3255 | } | ||
3256 | _ACEOF | ||
3257 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3258 | ac_cv_prog_cc_g=yes | ||
3259 | else | ||
3260 | CFLAGS="" | ||
3261 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3262 | /* end confdefs.h. */ | ||
3263 | |||
3264 | int | ||
3265 | main () | ||
3266 | { | ||
3267 | |||
3268 | ; | ||
3269 | return 0; | ||
3270 | } | ||
3271 | _ACEOF | ||
3272 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3273 | |||
3274 | else | ||
3275 | ac_c_werror_flag=$ac_save_c_werror_flag | ||
3276 | CFLAGS="-g" | ||
3277 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3278 | /* end confdefs.h. */ | ||
3279 | |||
3280 | int | ||
3281 | main () | ||
3282 | { | ||
3283 | |||
3284 | ; | ||
3285 | return 0; | ||
3286 | } | ||
3287 | _ACEOF | ||
3288 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3289 | ac_cv_prog_cc_g=yes | ||
3290 | fi | ||
3291 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3292 | fi | ||
3293 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3294 | fi | ||
3295 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3296 | ac_c_werror_flag=$ac_save_c_werror_flag | ||
3297 | fi | ||
3298 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 | ||
3299 | $as_echo "$ac_cv_prog_cc_g" >&6; } | ||
3300 | if test "$ac_test_CFLAGS" = set; then | ||
3301 | CFLAGS=$ac_save_CFLAGS | ||
3302 | elif test $ac_cv_prog_cc_g = yes; then | ||
3303 | if test "$GCC" = yes; then | ||
3304 | CFLAGS="-g -O2" | ||
3305 | else | ||
3306 | CFLAGS="-g" | ||
3307 | fi | ||
3308 | else | ||
3309 | if test "$GCC" = yes; then | ||
3310 | CFLAGS="-O2" | ||
3311 | else | ||
3312 | CFLAGS= | ||
3313 | fi | ||
3314 | fi | ||
3315 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 | ||
3316 | $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } | ||
3317 | if ${ac_cv_prog_cc_c89+:} false; then : | ||
3318 | $as_echo_n "(cached) " >&6 | ||
3319 | else | ||
3320 | ac_cv_prog_cc_c89=no | ||
3321 | ac_save_CC=$CC | ||
3322 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3323 | /* end confdefs.h. */ | ||
3324 | #include <stdarg.h> | ||
3325 | #include <stdio.h> | ||
3326 | struct stat; | ||
3327 | /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ | ||
3328 | struct buf { int x; }; | ||
3329 | FILE * (*rcsopen) (struct buf *, struct stat *, int); | ||
3330 | static char *e (p, i) | ||
3331 | char **p; | ||
3332 | int i; | ||
3333 | { | ||
3334 | return p[i]; | ||
3335 | } | ||
3336 | static char *f (char * (*g) (char **, int), char **p, ...) | ||
3337 | { | ||
3338 | char *s; | ||
3339 | va_list v; | ||
3340 | va_start (v,p); | ||
3341 | s = g (p, va_arg (v,int)); | ||
3342 | va_end (v); | ||
3343 | return s; | ||
3344 | } | ||
3345 | |||
3346 | /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has | ||
3347 | function prototypes and stuff, but not '\xHH' hex character constants. | ||
3348 | These don't provoke an error unfortunately, instead are silently treated | ||
3349 | as 'x'. The following induces an error, until -std is added to get | ||
3350 | proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an | ||
3351 | array size at least. It's necessary to write '\x00'==0 to get something | ||
3352 | that's true only with -std. */ | ||
3353 | int osf4_cc_array ['\x00' == 0 ? 1 : -1]; | ||
3354 | |||
3355 | /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters | ||
3356 | inside strings and character constants. */ | ||
3357 | #define FOO(x) 'x' | ||
3358 | int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; | ||
3359 | |||
3360 | int test (int i, double x); | ||
3361 | struct s1 {int (*f) (int a);}; | ||
3362 | struct s2 {int (*f) (double a);}; | ||
3363 | int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); | ||
3364 | int argc; | ||
3365 | char **argv; | ||
3366 | int | ||
3367 | main () | ||
3368 | { | ||
3369 | return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; | ||
3370 | ; | ||
3371 | return 0; | ||
3372 | } | ||
3373 | _ACEOF | ||
3374 | for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ | ||
3375 | -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" | ||
3376 | do | ||
3377 | CC="$ac_save_CC $ac_arg" | ||
3378 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3379 | ac_cv_prog_cc_c89=$ac_arg | ||
3380 | fi | ||
3381 | rm -f core conftest.err conftest.$ac_objext | ||
3382 | test "x$ac_cv_prog_cc_c89" != "xno" && break | ||
3383 | done | ||
3384 | rm -f conftest.$ac_ext | ||
3385 | CC=$ac_save_CC | ||
3386 | |||
3387 | fi | ||
3388 | # AC_CACHE_VAL | ||
3389 | case "x$ac_cv_prog_cc_c89" in | ||
3390 | x) | ||
3391 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 | ||
3392 | $as_echo "none needed" >&6; } ;; | ||
3393 | xno) | ||
3394 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 | ||
3395 | $as_echo "unsupported" >&6; } ;; | ||
3396 | *) | ||
3397 | CC="$CC $ac_cv_prog_cc_c89" | ||
3398 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 | ||
3399 | $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; | ||
3400 | esac | ||
3401 | if test "x$ac_cv_prog_cc_c89" != xno; then : | ||
3402 | |||
3403 | fi | ||
3404 | |||
3405 | ac_ext=c | ||
3406 | ac_cpp='$CPP $CPPFLAGS' | ||
3407 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3408 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3409 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3410 | |||
3411 | ac_aux_dir= | ||
3412 | for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do | ||
3413 | if test -f "$ac_dir/install-sh"; then | ||
3414 | ac_aux_dir=$ac_dir | ||
3415 | ac_install_sh="$ac_aux_dir/install-sh -c" | ||
3416 | break | ||
3417 | elif test -f "$ac_dir/install.sh"; then | ||
3418 | ac_aux_dir=$ac_dir | ||
3419 | ac_install_sh="$ac_aux_dir/install.sh -c" | ||
3420 | break | ||
3421 | elif test -f "$ac_dir/shtool"; then | ||
3422 | ac_aux_dir=$ac_dir | ||
3423 | ac_install_sh="$ac_aux_dir/shtool install -c" | ||
3424 | break | ||
3425 | fi | ||
3426 | done | ||
3427 | if test -z "$ac_aux_dir"; then | ||
3428 | as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 | ||
3429 | fi | ||
3430 | |||
3431 | # These three variables are undocumented and unsupported, | ||
3432 | # and are intended to be withdrawn in a future Autoconf release. | ||
3433 | # They can cause serious problems if a builder's source tree is in a directory | ||
3434 | # whose full name contains unusual characters. | ||
3435 | ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. | ||
3436 | ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. | ||
3437 | ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. | ||
3438 | |||
3439 | |||
3440 | # Make sure we can run config.sub. | ||
3441 | $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || | ||
3442 | as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 | ||
3443 | |||
3444 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 | ||
3445 | $as_echo_n "checking build system type... " >&6; } | ||
3446 | if ${ac_cv_build+:} false; then : | ||
3447 | $as_echo_n "(cached) " >&6 | ||
3448 | else | ||
3449 | ac_build_alias=$build_alias | ||
3450 | test "x$ac_build_alias" = x && | ||
3451 | ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` | ||
3452 | test "x$ac_build_alias" = x && | ||
3453 | as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 | ||
3454 | ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || | ||
3455 | as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 | ||
3456 | |||
3457 | fi | ||
3458 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 | ||
3459 | $as_echo "$ac_cv_build" >&6; } | ||
3460 | case $ac_cv_build in | ||
3461 | *-*-*) ;; | ||
3462 | *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; | ||
3463 | esac | ||
3464 | build=$ac_cv_build | ||
3465 | ac_save_IFS=$IFS; IFS='-' | ||
3466 | set x $ac_cv_build | ||
3467 | shift | ||
3468 | build_cpu=$1 | ||
3469 | build_vendor=$2 | ||
3470 | shift; shift | ||
3471 | # Remember, the first character of IFS is used to create $*, | ||
3472 | # except with old shells: | ||
3473 | build_os=$* | ||
3474 | IFS=$ac_save_IFS | ||
3475 | case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac | ||
3476 | |||
3477 | |||
3478 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 | ||
3479 | $as_echo_n "checking host system type... " >&6; } | ||
3480 | if ${ac_cv_host+:} false; then : | ||
3481 | $as_echo_n "(cached) " >&6 | ||
3482 | else | ||
3483 | if test "x$host_alias" = x; then | ||
3484 | ac_cv_host=$ac_cv_build | ||
3485 | else | ||
3486 | ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || | ||
3487 | as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 | ||
3488 | fi | ||
3489 | |||
3490 | fi | ||
3491 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 | ||
3492 | $as_echo "$ac_cv_host" >&6; } | ||
3493 | case $ac_cv_host in | ||
3494 | *-*-*) ;; | ||
3495 | *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; | ||
3496 | esac | ||
3497 | host=$ac_cv_host | ||
3498 | ac_save_IFS=$IFS; IFS='-' | ||
3499 | set x $ac_cv_host | ||
3500 | shift | ||
3501 | host_cpu=$1 | ||
3502 | host_vendor=$2 | ||
3503 | shift; shift | ||
3504 | # Remember, the first character of IFS is used to create $*, | ||
3505 | # except with old shells: | ||
3506 | host_os=$* | ||
3507 | IFS=$ac_save_IFS | ||
3508 | case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac | ||
3509 | |||
3510 | |||
3511 | |||
3512 | ac_ext=c | ||
3513 | ac_cpp='$CPP $CPPFLAGS' | ||
3514 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3515 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3516 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3517 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 | ||
3518 | $as_echo_n "checking how to run the C preprocessor... " >&6; } | ||
3519 | # On Suns, sometimes $CPP names a directory. | ||
3520 | if test -n "$CPP" && test -d "$CPP"; then | ||
3521 | CPP= | ||
3522 | fi | ||
3523 | if test -z "$CPP"; then | ||
3524 | if ${ac_cv_prog_CPP+:} false; then : | ||
3525 | $as_echo_n "(cached) " >&6 | ||
3526 | else | ||
3527 | # Double quotes because CPP needs to be expanded | ||
3528 | for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" | ||
3529 | do | ||
3530 | ac_preproc_ok=false | ||
3531 | for ac_c_preproc_warn_flag in '' yes | ||
3532 | do | ||
3533 | # Use a header file that comes with gcc, so configuring glibc | ||
3534 | # with a fresh cross-compiler works. | ||
3535 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
3536 | # <limits.h> exists even on freestanding compilers. | ||
3537 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
3538 | # not just through cpp. "Syntax error" is here to catch this case. | ||
3539 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3540 | /* end confdefs.h. */ | ||
3541 | #ifdef __STDC__ | ||
3542 | # include <limits.h> | ||
3543 | #else | ||
3544 | # include <assert.h> | ||
3545 | #endif | ||
3546 | Syntax error | ||
3547 | _ACEOF | ||
3548 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3549 | |||
3550 | else | ||
3551 | # Broken: fails on valid input. | ||
3552 | continue | ||
3553 | fi | ||
3554 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3555 | |||
3556 | # OK, works on sane cases. Now check whether nonexistent headers | ||
3557 | # can be detected and how. | ||
3558 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3559 | /* end confdefs.h. */ | ||
3560 | #include <ac_nonexistent.h> | ||
3561 | _ACEOF | ||
3562 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3563 | # Broken: success on invalid input. | ||
3564 | continue | ||
3565 | else | ||
3566 | # Passes both tests. | ||
3567 | ac_preproc_ok=: | ||
3568 | break | ||
3569 | fi | ||
3570 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3571 | |||
3572 | done | ||
3573 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
3574 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
3575 | if $ac_preproc_ok; then : | ||
3576 | break | ||
3577 | fi | ||
3578 | |||
3579 | done | ||
3580 | ac_cv_prog_CPP=$CPP | ||
3581 | |||
3582 | fi | ||
3583 | CPP=$ac_cv_prog_CPP | ||
3584 | else | ||
3585 | ac_cv_prog_CPP=$CPP | ||
3586 | fi | ||
3587 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 | ||
3588 | $as_echo "$CPP" >&6; } | ||
3589 | ac_preproc_ok=false | ||
3590 | for ac_c_preproc_warn_flag in '' yes | ||
3591 | do | ||
3592 | # Use a header file that comes with gcc, so configuring glibc | ||
3593 | # with a fresh cross-compiler works. | ||
3594 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
3595 | # <limits.h> exists even on freestanding compilers. | ||
3596 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
3597 | # not just through cpp. "Syntax error" is here to catch this case. | ||
3598 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3599 | /* end confdefs.h. */ | ||
3600 | #ifdef __STDC__ | ||
3601 | # include <limits.h> | ||
3602 | #else | ||
3603 | # include <assert.h> | ||
3604 | #endif | ||
3605 | Syntax error | ||
3606 | _ACEOF | ||
3607 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3608 | |||
3609 | else | ||
3610 | # Broken: fails on valid input. | ||
3611 | continue | ||
3612 | fi | ||
3613 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3614 | |||
3615 | # OK, works on sane cases. Now check whether nonexistent headers | ||
3616 | # can be detected and how. | ||
3617 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3618 | /* end confdefs.h. */ | ||
3619 | #include <ac_nonexistent.h> | ||
3620 | _ACEOF | ||
3621 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
3622 | # Broken: success on invalid input. | ||
3623 | continue | ||
3624 | else | ||
3625 | # Passes both tests. | ||
3626 | ac_preproc_ok=: | ||
3627 | break | ||
3628 | fi | ||
3629 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
3630 | |||
3631 | done | ||
3632 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
3633 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
3634 | if $ac_preproc_ok; then : | ||
3635 | |||
3636 | else | ||
3637 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
3638 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
3639 | as_fn_error $? "C preprocessor \"$CPP\" fails sanity check | ||
3640 | See \`config.log' for more details" "$LINENO" 5; } | ||
3641 | fi | ||
3642 | |||
3643 | ac_ext=c | ||
3644 | ac_cpp='$CPP $CPPFLAGS' | ||
3645 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
3646 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
3647 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
3648 | |||
3649 | |||
3650 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 | ||
3651 | $as_echo_n "checking for grep that handles long lines and -e... " >&6; } | ||
3652 | if ${ac_cv_path_GREP+:} false; then : | ||
3653 | $as_echo_n "(cached) " >&6 | ||
3654 | else | ||
3655 | if test -z "$GREP"; then | ||
3656 | ac_path_GREP_found=false | ||
3657 | # Loop through the user's path and test for each of PROGNAME-LIST | ||
3658 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
3659 | for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin | ||
3660 | do | ||
3661 | IFS=$as_save_IFS | ||
3662 | test -z "$as_dir" && as_dir=. | ||
3663 | for ac_prog in grep ggrep; do | ||
3664 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
3665 | ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" | ||
3666 | as_fn_executable_p "$ac_path_GREP" || continue | ||
3667 | # Check for GNU ac_path_GREP and select it if it is found. | ||
3668 | # Check for GNU $ac_path_GREP | ||
3669 | case `"$ac_path_GREP" --version 2>&1` in | ||
3670 | *GNU*) | ||
3671 | ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; | ||
3672 | *) | ||
3673 | ac_count=0 | ||
3674 | $as_echo_n 0123456789 >"conftest.in" | ||
3675 | while : | ||
3676 | do | ||
3677 | cat "conftest.in" "conftest.in" >"conftest.tmp" | ||
3678 | mv "conftest.tmp" "conftest.in" | ||
3679 | cp "conftest.in" "conftest.nl" | ||
3680 | $as_echo 'GREP' >> "conftest.nl" | ||
3681 | "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break | ||
3682 | diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break | ||
3683 | as_fn_arith $ac_count + 1 && ac_count=$as_val | ||
3684 | if test $ac_count -gt ${ac_path_GREP_max-0}; then | ||
3685 | # Best one so far, save it but keep looking for a better one | ||
3686 | ac_cv_path_GREP="$ac_path_GREP" | ||
3687 | ac_path_GREP_max=$ac_count | ||
3688 | fi | ||
3689 | # 10*(2^10) chars as input seems more than enough | ||
3690 | test $ac_count -gt 10 && break | ||
3691 | done | ||
3692 | rm -f conftest.in conftest.tmp conftest.nl conftest.out;; | ||
3693 | esac | ||
3694 | |||
3695 | $ac_path_GREP_found && break 3 | ||
3696 | done | ||
3697 | done | ||
3698 | done | ||
3699 | IFS=$as_save_IFS | ||
3700 | if test -z "$ac_cv_path_GREP"; then | ||
3701 | as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 | ||
3702 | fi | ||
3703 | else | ||
3704 | ac_cv_path_GREP=$GREP | ||
3705 | fi | ||
3706 | |||
3707 | fi | ||
3708 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 | ||
3709 | $as_echo "$ac_cv_path_GREP" >&6; } | ||
3710 | GREP="$ac_cv_path_GREP" | ||
3711 | |||
3712 | |||
3713 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 | ||
3714 | $as_echo_n "checking for egrep... " >&6; } | ||
3715 | if ${ac_cv_path_EGREP+:} false; then : | ||
3716 | $as_echo_n "(cached) " >&6 | ||
3717 | else | ||
3718 | if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 | ||
3719 | then ac_cv_path_EGREP="$GREP -E" | ||
3720 | else | ||
3721 | if test -z "$EGREP"; then | ||
3722 | ac_path_EGREP_found=false | ||
3723 | # Loop through the user's path and test for each of PROGNAME-LIST | ||
3724 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
3725 | for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin | ||
3726 | do | ||
3727 | IFS=$as_save_IFS | ||
3728 | test -z "$as_dir" && as_dir=. | ||
3729 | for ac_prog in egrep; do | ||
3730 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
3731 | ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" | ||
3732 | as_fn_executable_p "$ac_path_EGREP" || continue | ||
3733 | # Check for GNU ac_path_EGREP and select it if it is found. | ||
3734 | # Check for GNU $ac_path_EGREP | ||
3735 | case `"$ac_path_EGREP" --version 2>&1` in | ||
3736 | *GNU*) | ||
3737 | ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; | ||
3738 | *) | ||
3739 | ac_count=0 | ||
3740 | $as_echo_n 0123456789 >"conftest.in" | ||
3741 | while : | ||
3742 | do | ||
3743 | cat "conftest.in" "conftest.in" >"conftest.tmp" | ||
3744 | mv "conftest.tmp" "conftest.in" | ||
3745 | cp "conftest.in" "conftest.nl" | ||
3746 | $as_echo 'EGREP' >> "conftest.nl" | ||
3747 | "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break | ||
3748 | diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break | ||
3749 | as_fn_arith $ac_count + 1 && ac_count=$as_val | ||
3750 | if test $ac_count -gt ${ac_path_EGREP_max-0}; then | ||
3751 | # Best one so far, save it but keep looking for a better one | ||
3752 | ac_cv_path_EGREP="$ac_path_EGREP" | ||
3753 | ac_path_EGREP_max=$ac_count | ||
3754 | fi | ||
3755 | # 10*(2^10) chars as input seems more than enough | ||
3756 | test $ac_count -gt 10 && break | ||
3757 | done | ||
3758 | rm -f conftest.in conftest.tmp conftest.nl conftest.out;; | ||
3759 | esac | ||
3760 | |||
3761 | $ac_path_EGREP_found && break 3 | ||
3762 | done | ||
3763 | done | ||
3764 | done | ||
3765 | IFS=$as_save_IFS | ||
3766 | if test -z "$ac_cv_path_EGREP"; then | ||
3767 | as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 | ||
3768 | fi | ||
3769 | else | ||
3770 | ac_cv_path_EGREP=$EGREP | ||
3771 | fi | ||
3772 | |||
3773 | fi | ||
3774 | fi | ||
3775 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 | ||
3776 | $as_echo "$ac_cv_path_EGREP" >&6; } | ||
3777 | EGREP="$ac_cv_path_EGREP" | ||
3778 | |||
3779 | |||
3780 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 | ||
3781 | $as_echo_n "checking for ANSI C header files... " >&6; } | ||
3782 | if ${ac_cv_header_stdc+:} false; then : | ||
3783 | $as_echo_n "(cached) " >&6 | ||
3784 | else | ||
3785 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3786 | /* end confdefs.h. */ | ||
3787 | #include <stdlib.h> | ||
3788 | #include <stdarg.h> | ||
3789 | #include <string.h> | ||
3790 | #include <float.h> | ||
3791 | |||
3792 | int | ||
3793 | main () | ||
3794 | { | ||
3795 | |||
3796 | ; | ||
3797 | return 0; | ||
3798 | } | ||
3799 | _ACEOF | ||
3800 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3801 | ac_cv_header_stdc=yes | ||
3802 | else | ||
3803 | ac_cv_header_stdc=no | ||
3804 | fi | ||
3805 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3806 | |||
3807 | if test $ac_cv_header_stdc = yes; then | ||
3808 | # SunOS 4.x string.h does not declare mem*, contrary to ANSI. | ||
3809 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3810 | /* end confdefs.h. */ | ||
3811 | #include <string.h> | ||
3812 | |||
3813 | _ACEOF | ||
3814 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
3815 | $EGREP "memchr" >/dev/null 2>&1; then : | ||
3816 | |||
3817 | else | ||
3818 | ac_cv_header_stdc=no | ||
3819 | fi | ||
3820 | rm -f conftest* | ||
3821 | |||
3822 | fi | ||
3823 | |||
3824 | if test $ac_cv_header_stdc = yes; then | ||
3825 | # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. | ||
3826 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3827 | /* end confdefs.h. */ | ||
3828 | #include <stdlib.h> | ||
3829 | |||
3830 | _ACEOF | ||
3831 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
3832 | $EGREP "free" >/dev/null 2>&1; then : | ||
3833 | |||
3834 | else | ||
3835 | ac_cv_header_stdc=no | ||
3836 | fi | ||
3837 | rm -f conftest* | ||
3838 | |||
3839 | fi | ||
3840 | |||
3841 | if test $ac_cv_header_stdc = yes; then | ||
3842 | # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. | ||
3843 | if test "$cross_compiling" = yes; then : | ||
3844 | : | ||
3845 | else | ||
3846 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3847 | /* end confdefs.h. */ | ||
3848 | #include <ctype.h> | ||
3849 | #include <stdlib.h> | ||
3850 | #if ((' ' & 0x0FF) == 0x020) | ||
3851 | # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') | ||
3852 | # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) | ||
3853 | #else | ||
3854 | # define ISLOWER(c) \ | ||
3855 | (('a' <= (c) && (c) <= 'i') \ | ||
3856 | || ('j' <= (c) && (c) <= 'r') \ | ||
3857 | || ('s' <= (c) && (c) <= 'z')) | ||
3858 | # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) | ||
3859 | #endif | ||
3860 | |||
3861 | #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) | ||
3862 | int | ||
3863 | main () | ||
3864 | { | ||
3865 | int i; | ||
3866 | for (i = 0; i < 256; i++) | ||
3867 | if (XOR (islower (i), ISLOWER (i)) | ||
3868 | || toupper (i) != TOUPPER (i)) | ||
3869 | return 2; | ||
3870 | return 0; | ||
3871 | } | ||
3872 | _ACEOF | ||
3873 | if ac_fn_c_try_run "$LINENO"; then : | ||
3874 | |||
3875 | else | ||
3876 | ac_cv_header_stdc=no | ||
3877 | fi | ||
3878 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
3879 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
3880 | fi | ||
3881 | |||
3882 | fi | ||
3883 | fi | ||
3884 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 | ||
3885 | $as_echo "$ac_cv_header_stdc" >&6; } | ||
3886 | if test $ac_cv_header_stdc = yes; then | ||
3887 | |||
3888 | $as_echo "#define STDC_HEADERS 1" >>confdefs.h | ||
3889 | |||
3890 | fi | ||
3891 | |||
3892 | # On IRIX 5.3, sys/types and inttypes.h are conflicting. | ||
3893 | for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ | ||
3894 | inttypes.h stdint.h unistd.h | ||
3895 | do : | ||
3896 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
3897 | ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default | ||
3898 | " | ||
3899 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
3900 | cat >>confdefs.h <<_ACEOF | ||
3901 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
3902 | _ACEOF | ||
3903 | |||
3904 | fi | ||
3905 | |||
3906 | done | ||
3907 | |||
3908 | |||
3909 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 | ||
3910 | $as_echo_n "checking whether byte ordering is bigendian... " >&6; } | ||
3911 | if ${ac_cv_c_bigendian+:} false; then : | ||
3912 | $as_echo_n "(cached) " >&6 | ||
3913 | else | ||
3914 | ac_cv_c_bigendian=unknown | ||
3915 | # See if we're dealing with a universal compiler. | ||
3916 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3917 | /* end confdefs.h. */ | ||
3918 | #ifndef __APPLE_CC__ | ||
3919 | not a universal capable compiler | ||
3920 | #endif | ||
3921 | typedef int dummy; | ||
3922 | |||
3923 | _ACEOF | ||
3924 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3925 | |||
3926 | # Check for potential -arch flags. It is not universal unless | ||
3927 | # there are at least two -arch flags with different values. | ||
3928 | ac_arch= | ||
3929 | ac_prev= | ||
3930 | for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do | ||
3931 | if test -n "$ac_prev"; then | ||
3932 | case $ac_word in | ||
3933 | i?86 | x86_64 | ppc | ppc64) | ||
3934 | if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then | ||
3935 | ac_arch=$ac_word | ||
3936 | else | ||
3937 | ac_cv_c_bigendian=universal | ||
3938 | break | ||
3939 | fi | ||
3940 | ;; | ||
3941 | esac | ||
3942 | ac_prev= | ||
3943 | elif test "x$ac_word" = "x-arch"; then | ||
3944 | ac_prev=arch | ||
3945 | fi | ||
3946 | done | ||
3947 | fi | ||
3948 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3949 | if test $ac_cv_c_bigendian = unknown; then | ||
3950 | # See if sys/param.h defines the BYTE_ORDER macro. | ||
3951 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3952 | /* end confdefs.h. */ | ||
3953 | #include <sys/types.h> | ||
3954 | #include <sys/param.h> | ||
3955 | |||
3956 | int | ||
3957 | main () | ||
3958 | { | ||
3959 | #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ | ||
3960 | && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ | ||
3961 | && LITTLE_ENDIAN) | ||
3962 | bogus endian macros | ||
3963 | #endif | ||
3964 | |||
3965 | ; | ||
3966 | return 0; | ||
3967 | } | ||
3968 | _ACEOF | ||
3969 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3970 | # It does; now see whether it defined to BIG_ENDIAN or not. | ||
3971 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3972 | /* end confdefs.h. */ | ||
3973 | #include <sys/types.h> | ||
3974 | #include <sys/param.h> | ||
3975 | |||
3976 | int | ||
3977 | main () | ||
3978 | { | ||
3979 | #if BYTE_ORDER != BIG_ENDIAN | ||
3980 | not big endian | ||
3981 | #endif | ||
3982 | |||
3983 | ; | ||
3984 | return 0; | ||
3985 | } | ||
3986 | _ACEOF | ||
3987 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3988 | ac_cv_c_bigendian=yes | ||
3989 | else | ||
3990 | ac_cv_c_bigendian=no | ||
3991 | fi | ||
3992 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3993 | fi | ||
3994 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3995 | fi | ||
3996 | if test $ac_cv_c_bigendian = unknown; then | ||
3997 | # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). | ||
3998 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3999 | /* end confdefs.h. */ | ||
4000 | #include <limits.h> | ||
4001 | |||
4002 | int | ||
4003 | main () | ||
4004 | { | ||
4005 | #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) | ||
4006 | bogus endian macros | ||
4007 | #endif | ||
4008 | |||
4009 | ; | ||
4010 | return 0; | ||
4011 | } | ||
4012 | _ACEOF | ||
4013 | if ac_fn_c_try_compile "$LINENO"; then : | ||
4014 | # It does; now see whether it defined to _BIG_ENDIAN or not. | ||
4015 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4016 | /* end confdefs.h. */ | ||
4017 | #include <limits.h> | ||
4018 | |||
4019 | int | ||
4020 | main () | ||
4021 | { | ||
4022 | #ifndef _BIG_ENDIAN | ||
4023 | not big endian | ||
4024 | #endif | ||
4025 | |||
4026 | ; | ||
4027 | return 0; | ||
4028 | } | ||
4029 | _ACEOF | ||
4030 | if ac_fn_c_try_compile "$LINENO"; then : | ||
4031 | ac_cv_c_bigendian=yes | ||
4032 | else | ||
4033 | ac_cv_c_bigendian=no | ||
4034 | fi | ||
4035 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
4036 | fi | ||
4037 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
4038 | fi | ||
4039 | if test $ac_cv_c_bigendian = unknown; then | ||
4040 | # Compile a test program. | ||
4041 | if test "$cross_compiling" = yes; then : | ||
4042 | # Try to guess by grepping values from an object file. | ||
4043 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4044 | /* end confdefs.h. */ | ||
4045 | short int ascii_mm[] = | ||
4046 | { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; | ||
4047 | short int ascii_ii[] = | ||
4048 | { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; | ||
4049 | int use_ascii (int i) { | ||
4050 | return ascii_mm[i] + ascii_ii[i]; | ||
4051 | } | ||
4052 | short int ebcdic_ii[] = | ||
4053 | { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; | ||
4054 | short int ebcdic_mm[] = | ||
4055 | { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; | ||
4056 | int use_ebcdic (int i) { | ||
4057 | return ebcdic_mm[i] + ebcdic_ii[i]; | ||
4058 | } | ||
4059 | extern int foo; | ||
4060 | |||
4061 | int | ||
4062 | main () | ||
4063 | { | ||
4064 | return use_ascii (foo) == use_ebcdic (foo); | ||
4065 | ; | ||
4066 | return 0; | ||
4067 | } | ||
4068 | _ACEOF | ||
4069 | if ac_fn_c_try_compile "$LINENO"; then : | ||
4070 | if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then | ||
4071 | ac_cv_c_bigendian=yes | ||
4072 | fi | ||
4073 | if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then | ||
4074 | if test "$ac_cv_c_bigendian" = unknown; then | ||
4075 | ac_cv_c_bigendian=no | ||
4076 | else | ||
4077 | # finding both strings is unlikely to happen, but who knows? | ||
4078 | ac_cv_c_bigendian=unknown | ||
4079 | fi | ||
4080 | fi | ||
4081 | fi | ||
4082 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
4083 | else | ||
4084 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4085 | /* end confdefs.h. */ | ||
4086 | $ac_includes_default | ||
4087 | int | ||
4088 | main () | ||
4089 | { | ||
4090 | |||
4091 | /* Are we little or big endian? From Harbison&Steele. */ | ||
4092 | union | ||
4093 | { | ||
4094 | long int l; | ||
4095 | char c[sizeof (long int)]; | ||
4096 | } u; | ||
4097 | u.l = 1; | ||
4098 | return u.c[sizeof (long int) - 1] == 1; | ||
4099 | |||
4100 | ; | ||
4101 | return 0; | ||
4102 | } | ||
4103 | _ACEOF | ||
4104 | if ac_fn_c_try_run "$LINENO"; then : | ||
4105 | ac_cv_c_bigendian=no | ||
4106 | else | ||
4107 | ac_cv_c_bigendian=yes | ||
4108 | fi | ||
4109 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
4110 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
4111 | fi | ||
4112 | |||
4113 | fi | ||
4114 | fi | ||
4115 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 | ||
4116 | $as_echo "$ac_cv_c_bigendian" >&6; } | ||
4117 | case $ac_cv_c_bigendian in #( | ||
4118 | yes) | ||
4119 | $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h | ||
4120 | ;; #( | ||
4121 | no) | ||
4122 | ;; #( | ||
4123 | universal) | ||
4124 | |||
4125 | $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h | ||
4126 | |||
4127 | ;; #( | ||
4128 | *) | ||
4129 | as_fn_error $? "unknown endianness | ||
4130 | presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; | ||
4131 | esac | ||
4132 | |||
4133 | |||
4134 | # Checks for programs. | ||
4135 | for ac_prog in gawk mawk nawk awk | ||
4136 | do | ||
4137 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
4138 | set dummy $ac_prog; ac_word=$2 | ||
4139 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4140 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4141 | if ${ac_cv_prog_AWK+:} false; then : | ||
4142 | $as_echo_n "(cached) " >&6 | ||
4143 | else | ||
4144 | if test -n "$AWK"; then | ||
4145 | ac_cv_prog_AWK="$AWK" # Let the user override the test. | ||
4146 | else | ||
4147 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4148 | for as_dir in $PATH | ||
4149 | do | ||
4150 | IFS=$as_save_IFS | ||
4151 | test -z "$as_dir" && as_dir=. | ||
4152 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4153 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4154 | ac_cv_prog_AWK="$ac_prog" | ||
4155 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4156 | break 2 | ||
4157 | fi | ||
4158 | done | ||
4159 | done | ||
4160 | IFS=$as_save_IFS | ||
4161 | |||
4162 | fi | ||
4163 | fi | ||
4164 | AWK=$ac_cv_prog_AWK | ||
4165 | if test -n "$AWK"; then | ||
4166 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 | ||
4167 | $as_echo "$AWK" >&6; } | ||
4168 | else | ||
4169 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4170 | $as_echo "no" >&6; } | ||
4171 | fi | ||
4172 | |||
4173 | |||
4174 | test -n "$AWK" && break | ||
4175 | done | ||
4176 | |||
4177 | ac_ext=c | ||
4178 | ac_cpp='$CPP $CPPFLAGS' | ||
4179 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
4180 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
4181 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
4182 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 | ||
4183 | $as_echo_n "checking how to run the C preprocessor... " >&6; } | ||
4184 | # On Suns, sometimes $CPP names a directory. | ||
4185 | if test -n "$CPP" && test -d "$CPP"; then | ||
4186 | CPP= | ||
4187 | fi | ||
4188 | if test -z "$CPP"; then | ||
4189 | if ${ac_cv_prog_CPP+:} false; then : | ||
4190 | $as_echo_n "(cached) " >&6 | ||
4191 | else | ||
4192 | # Double quotes because CPP needs to be expanded | ||
4193 | for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" | ||
4194 | do | ||
4195 | ac_preproc_ok=false | ||
4196 | for ac_c_preproc_warn_flag in '' yes | ||
4197 | do | ||
4198 | # Use a header file that comes with gcc, so configuring glibc | ||
4199 | # with a fresh cross-compiler works. | ||
4200 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
4201 | # <limits.h> exists even on freestanding compilers. | ||
4202 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
4203 | # not just through cpp. "Syntax error" is here to catch this case. | ||
4204 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4205 | /* end confdefs.h. */ | ||
4206 | #ifdef __STDC__ | ||
4207 | # include <limits.h> | ||
4208 | #else | ||
4209 | # include <assert.h> | ||
4210 | #endif | ||
4211 | Syntax error | ||
4212 | _ACEOF | ||
4213 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4214 | |||
4215 | else | ||
4216 | # Broken: fails on valid input. | ||
4217 | continue | ||
4218 | fi | ||
4219 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4220 | |||
4221 | # OK, works on sane cases. Now check whether nonexistent headers | ||
4222 | # can be detected and how. | ||
4223 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4224 | /* end confdefs.h. */ | ||
4225 | #include <ac_nonexistent.h> | ||
4226 | _ACEOF | ||
4227 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4228 | # Broken: success on invalid input. | ||
4229 | continue | ||
4230 | else | ||
4231 | # Passes both tests. | ||
4232 | ac_preproc_ok=: | ||
4233 | break | ||
4234 | fi | ||
4235 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4236 | |||
4237 | done | ||
4238 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
4239 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
4240 | if $ac_preproc_ok; then : | ||
4241 | break | ||
4242 | fi | ||
4243 | |||
4244 | done | ||
4245 | ac_cv_prog_CPP=$CPP | ||
4246 | |||
4247 | fi | ||
4248 | CPP=$ac_cv_prog_CPP | ||
4249 | else | ||
4250 | ac_cv_prog_CPP=$CPP | ||
4251 | fi | ||
4252 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 | ||
4253 | $as_echo "$CPP" >&6; } | ||
4254 | ac_preproc_ok=false | ||
4255 | for ac_c_preproc_warn_flag in '' yes | ||
4256 | do | ||
4257 | # Use a header file that comes with gcc, so configuring glibc | ||
4258 | # with a fresh cross-compiler works. | ||
4259 | # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since | ||
4260 | # <limits.h> exists even on freestanding compilers. | ||
4261 | # On the NeXT, cc -E runs the code through the compiler's parser, | ||
4262 | # not just through cpp. "Syntax error" is here to catch this case. | ||
4263 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4264 | /* end confdefs.h. */ | ||
4265 | #ifdef __STDC__ | ||
4266 | # include <limits.h> | ||
4267 | #else | ||
4268 | # include <assert.h> | ||
4269 | #endif | ||
4270 | Syntax error | ||
4271 | _ACEOF | ||
4272 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4273 | |||
4274 | else | ||
4275 | # Broken: fails on valid input. | ||
4276 | continue | ||
4277 | fi | ||
4278 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4279 | |||
4280 | # OK, works on sane cases. Now check whether nonexistent headers | ||
4281 | # can be detected and how. | ||
4282 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
4283 | /* end confdefs.h. */ | ||
4284 | #include <ac_nonexistent.h> | ||
4285 | _ACEOF | ||
4286 | if ac_fn_c_try_cpp "$LINENO"; then : | ||
4287 | # Broken: success on invalid input. | ||
4288 | continue | ||
4289 | else | ||
4290 | # Passes both tests. | ||
4291 | ac_preproc_ok=: | ||
4292 | break | ||
4293 | fi | ||
4294 | rm -f conftest.err conftest.i conftest.$ac_ext | ||
4295 | |||
4296 | done | ||
4297 | # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. | ||
4298 | rm -f conftest.i conftest.err conftest.$ac_ext | ||
4299 | if $ac_preproc_ok; then : | ||
4300 | |||
4301 | else | ||
4302 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
4303 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
4304 | as_fn_error $? "C preprocessor \"$CPP\" fails sanity check | ||
4305 | See \`config.log' for more details" "$LINENO" 5; } | ||
4306 | fi | ||
4307 | |||
4308 | ac_ext=c | ||
4309 | ac_cpp='$CPP $CPPFLAGS' | ||
4310 | ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' | ||
4311 | ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' | ||
4312 | ac_compiler_gnu=$ac_cv_c_compiler_gnu | ||
4313 | |||
4314 | if test -n "$ac_tool_prefix"; then | ||
4315 | # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. | ||
4316 | set dummy ${ac_tool_prefix}ranlib; ac_word=$2 | ||
4317 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4318 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4319 | if ${ac_cv_prog_RANLIB+:} false; then : | ||
4320 | $as_echo_n "(cached) " >&6 | ||
4321 | else | ||
4322 | if test -n "$RANLIB"; then | ||
4323 | ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. | ||
4324 | else | ||
4325 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4326 | for as_dir in $PATH | ||
4327 | do | ||
4328 | IFS=$as_save_IFS | ||
4329 | test -z "$as_dir" && as_dir=. | ||
4330 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4331 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4332 | ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" | ||
4333 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4334 | break 2 | ||
4335 | fi | ||
4336 | done | ||
4337 | done | ||
4338 | IFS=$as_save_IFS | ||
4339 | |||
4340 | fi | ||
4341 | fi | ||
4342 | RANLIB=$ac_cv_prog_RANLIB | ||
4343 | if test -n "$RANLIB"; then | ||
4344 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 | ||
4345 | $as_echo "$RANLIB" >&6; } | ||
4346 | else | ||
4347 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4348 | $as_echo "no" >&6; } | ||
4349 | fi | ||
4350 | |||
4351 | |||
4352 | fi | ||
4353 | if test -z "$ac_cv_prog_RANLIB"; then | ||
4354 | ac_ct_RANLIB=$RANLIB | ||
4355 | # Extract the first word of "ranlib", so it can be a program name with args. | ||
4356 | set dummy ranlib; ac_word=$2 | ||
4357 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4358 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4359 | if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : | ||
4360 | $as_echo_n "(cached) " >&6 | ||
4361 | else | ||
4362 | if test -n "$ac_ct_RANLIB"; then | ||
4363 | ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. | ||
4364 | else | ||
4365 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4366 | for as_dir in $PATH | ||
4367 | do | ||
4368 | IFS=$as_save_IFS | ||
4369 | test -z "$as_dir" && as_dir=. | ||
4370 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4371 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4372 | ac_cv_prog_ac_ct_RANLIB="ranlib" | ||
4373 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4374 | break 2 | ||
4375 | fi | ||
4376 | done | ||
4377 | done | ||
4378 | IFS=$as_save_IFS | ||
4379 | |||
4380 | fi | ||
4381 | fi | ||
4382 | ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB | ||
4383 | if test -n "$ac_ct_RANLIB"; then | ||
4384 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 | ||
4385 | $as_echo "$ac_ct_RANLIB" >&6; } | ||
4386 | else | ||
4387 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4388 | $as_echo "no" >&6; } | ||
4389 | fi | ||
4390 | |||
4391 | if test "x$ac_ct_RANLIB" = x; then | ||
4392 | RANLIB=":" | ||
4393 | else | ||
4394 | case $cross_compiling:$ac_tool_warned in | ||
4395 | yes:) | ||
4396 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
4397 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
4398 | ac_tool_warned=yes ;; | ||
4399 | esac | ||
4400 | RANLIB=$ac_ct_RANLIB | ||
4401 | fi | ||
4402 | else | ||
4403 | RANLIB="$ac_cv_prog_RANLIB" | ||
4404 | fi | ||
4405 | |||
4406 | # Find a good install program. We prefer a C program (faster), | ||
4407 | # so one script is as good as another. But avoid the broken or | ||
4408 | # incompatible versions: | ||
4409 | # SysV /etc/install, /usr/sbin/install | ||
4410 | # SunOS /usr/etc/install | ||
4411 | # IRIX /sbin/install | ||
4412 | # AIX /bin/install | ||
4413 | # AmigaOS /C/install, which installs bootblocks on floppy discs | ||
4414 | # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag | ||
4415 | # AFS /usr/afsws/bin/install, which mishandles nonexistent args | ||
4416 | # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" | ||
4417 | # OS/2's system install, which has a completely different semantic | ||
4418 | # ./install, which can be erroneously created by make from ./install.sh. | ||
4419 | # Reject install programs that cannot install multiple files. | ||
4420 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 | ||
4421 | $as_echo_n "checking for a BSD-compatible install... " >&6; } | ||
4422 | if test -z "$INSTALL"; then | ||
4423 | if ${ac_cv_path_install+:} false; then : | ||
4424 | $as_echo_n "(cached) " >&6 | ||
4425 | else | ||
4426 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4427 | for as_dir in $PATH | ||
4428 | do | ||
4429 | IFS=$as_save_IFS | ||
4430 | test -z "$as_dir" && as_dir=. | ||
4431 | # Account for people who put trailing slashes in PATH elements. | ||
4432 | case $as_dir/ in #(( | ||
4433 | ./ | .// | /[cC]/* | \ | ||
4434 | /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ | ||
4435 | ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ | ||
4436 | /usr/ucb/* ) ;; | ||
4437 | *) | ||
4438 | # OSF1 and SCO ODT 3.0 have their own names for install. | ||
4439 | # Don't use installbsd from OSF since it installs stuff as root | ||
4440 | # by default. | ||
4441 | for ac_prog in ginstall scoinst install; do | ||
4442 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4443 | if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then | ||
4444 | if test $ac_prog = install && | ||
4445 | grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then | ||
4446 | # AIX install. It has an incompatible calling convention. | ||
4447 | : | ||
4448 | elif test $ac_prog = install && | ||
4449 | grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then | ||
4450 | # program-specific install script used by HP pwplus--don't use. | ||
4451 | : | ||
4452 | else | ||
4453 | rm -rf conftest.one conftest.two conftest.dir | ||
4454 | echo one > conftest.one | ||
4455 | echo two > conftest.two | ||
4456 | mkdir conftest.dir | ||
4457 | if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && | ||
4458 | test -s conftest.one && test -s conftest.two && | ||
4459 | test -s conftest.dir/conftest.one && | ||
4460 | test -s conftest.dir/conftest.two | ||
4461 | then | ||
4462 | ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" | ||
4463 | break 3 | ||
4464 | fi | ||
4465 | fi | ||
4466 | fi | ||
4467 | done | ||
4468 | done | ||
4469 | ;; | ||
4470 | esac | ||
4471 | |||
4472 | done | ||
4473 | IFS=$as_save_IFS | ||
4474 | |||
4475 | rm -rf conftest.one conftest.two conftest.dir | ||
4476 | |||
4477 | fi | ||
4478 | if test "${ac_cv_path_install+set}" = set; then | ||
4479 | INSTALL=$ac_cv_path_install | ||
4480 | else | ||
4481 | # As a last resort, use the slow shell script. Don't cache a | ||
4482 | # value for INSTALL within a source directory, because that will | ||
4483 | # break other packages using the cache if that directory is | ||
4484 | # removed, or if the value is a relative name. | ||
4485 | INSTALL=$ac_install_sh | ||
4486 | fi | ||
4487 | fi | ||
4488 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 | ||
4489 | $as_echo "$INSTALL" >&6; } | ||
4490 | |||
4491 | # Use test -z because SunOS4 sh mishandles braces in ${var-val}. | ||
4492 | # It thinks the first close brace ends the variable substitution. | ||
4493 | test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' | ||
4494 | |||
4495 | test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' | ||
4496 | |||
4497 | test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' | ||
4498 | |||
4499 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 | ||
4500 | $as_echo_n "checking for egrep... " >&6; } | ||
4501 | if ${ac_cv_path_EGREP+:} false; then : | ||
4502 | $as_echo_n "(cached) " >&6 | ||
4503 | else | ||
4504 | if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 | ||
4505 | then ac_cv_path_EGREP="$GREP -E" | ||
4506 | else | ||
4507 | if test -z "$EGREP"; then | ||
4508 | ac_path_EGREP_found=false | ||
4509 | # Loop through the user's path and test for each of PROGNAME-LIST | ||
4510 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4511 | for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin | ||
4512 | do | ||
4513 | IFS=$as_save_IFS | ||
4514 | test -z "$as_dir" && as_dir=. | ||
4515 | for ac_prog in egrep; do | ||
4516 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4517 | ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" | ||
4518 | as_fn_executable_p "$ac_path_EGREP" || continue | ||
4519 | # Check for GNU ac_path_EGREP and select it if it is found. | ||
4520 | # Check for GNU $ac_path_EGREP | ||
4521 | case `"$ac_path_EGREP" --version 2>&1` in | ||
4522 | *GNU*) | ||
4523 | ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; | ||
4524 | *) | ||
4525 | ac_count=0 | ||
4526 | $as_echo_n 0123456789 >"conftest.in" | ||
4527 | while : | ||
4528 | do | ||
4529 | cat "conftest.in" "conftest.in" >"conftest.tmp" | ||
4530 | mv "conftest.tmp" "conftest.in" | ||
4531 | cp "conftest.in" "conftest.nl" | ||
4532 | $as_echo 'EGREP' >> "conftest.nl" | ||
4533 | "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break | ||
4534 | diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break | ||
4535 | as_fn_arith $ac_count + 1 && ac_count=$as_val | ||
4536 | if test $ac_count -gt ${ac_path_EGREP_max-0}; then | ||
4537 | # Best one so far, save it but keep looking for a better one | ||
4538 | ac_cv_path_EGREP="$ac_path_EGREP" | ||
4539 | ac_path_EGREP_max=$ac_count | ||
4540 | fi | ||
4541 | # 10*(2^10) chars as input seems more than enough | ||
4542 | test $ac_count -gt 10 && break | ||
4543 | done | ||
4544 | rm -f conftest.in conftest.tmp conftest.nl conftest.out;; | ||
4545 | esac | ||
4546 | |||
4547 | $ac_path_EGREP_found && break 3 | ||
4548 | done | ||
4549 | done | ||
4550 | done | ||
4551 | IFS=$as_save_IFS | ||
4552 | if test -z "$ac_cv_path_EGREP"; then | ||
4553 | as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 | ||
4554 | fi | ||
4555 | else | ||
4556 | ac_cv_path_EGREP=$EGREP | ||
4557 | fi | ||
4558 | |||
4559 | fi | ||
4560 | fi | ||
4561 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 | ||
4562 | $as_echo "$ac_cv_path_EGREP" >&6; } | ||
4563 | EGREP="$ac_cv_path_EGREP" | ||
4564 | |||
4565 | |||
4566 | if test -n "$ac_tool_prefix"; then | ||
4567 | for ac_prog in ar | ||
4568 | do | ||
4569 | # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. | ||
4570 | set dummy $ac_tool_prefix$ac_prog; ac_word=$2 | ||
4571 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4572 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4573 | if ${ac_cv_prog_AR+:} false; then : | ||
4574 | $as_echo_n "(cached) " >&6 | ||
4575 | else | ||
4576 | if test -n "$AR"; then | ||
4577 | ac_cv_prog_AR="$AR" # Let the user override the test. | ||
4578 | else | ||
4579 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4580 | for as_dir in $PATH | ||
4581 | do | ||
4582 | IFS=$as_save_IFS | ||
4583 | test -z "$as_dir" && as_dir=. | ||
4584 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4585 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4586 | ac_cv_prog_AR="$ac_tool_prefix$ac_prog" | ||
4587 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4588 | break 2 | ||
4589 | fi | ||
4590 | done | ||
4591 | done | ||
4592 | IFS=$as_save_IFS | ||
4593 | |||
4594 | fi | ||
4595 | fi | ||
4596 | AR=$ac_cv_prog_AR | ||
4597 | if test -n "$AR"; then | ||
4598 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 | ||
4599 | $as_echo "$AR" >&6; } | ||
4600 | else | ||
4601 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4602 | $as_echo "no" >&6; } | ||
4603 | fi | ||
4604 | |||
4605 | |||
4606 | test -n "$AR" && break | ||
4607 | done | ||
4608 | fi | ||
4609 | if test -z "$AR"; then | ||
4610 | ac_ct_AR=$AR | ||
4611 | for ac_prog in ar | ||
4612 | do | ||
4613 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
4614 | set dummy $ac_prog; ac_word=$2 | ||
4615 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4616 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4617 | if ${ac_cv_prog_ac_ct_AR+:} false; then : | ||
4618 | $as_echo_n "(cached) " >&6 | ||
4619 | else | ||
4620 | if test -n "$ac_ct_AR"; then | ||
4621 | ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. | ||
4622 | else | ||
4623 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4624 | for as_dir in $PATH | ||
4625 | do | ||
4626 | IFS=$as_save_IFS | ||
4627 | test -z "$as_dir" && as_dir=. | ||
4628 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4629 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4630 | ac_cv_prog_ac_ct_AR="$ac_prog" | ||
4631 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4632 | break 2 | ||
4633 | fi | ||
4634 | done | ||
4635 | done | ||
4636 | IFS=$as_save_IFS | ||
4637 | |||
4638 | fi | ||
4639 | fi | ||
4640 | ac_ct_AR=$ac_cv_prog_ac_ct_AR | ||
4641 | if test -n "$ac_ct_AR"; then | ||
4642 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 | ||
4643 | $as_echo "$ac_ct_AR" >&6; } | ||
4644 | else | ||
4645 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4646 | $as_echo "no" >&6; } | ||
4647 | fi | ||
4648 | |||
4649 | |||
4650 | test -n "$ac_ct_AR" && break | ||
4651 | done | ||
4652 | |||
4653 | if test "x$ac_ct_AR" = x; then | ||
4654 | AR="" | ||
4655 | else | ||
4656 | case $cross_compiling:$ac_tool_warned in | ||
4657 | yes:) | ||
4658 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
4659 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
4660 | ac_tool_warned=yes ;; | ||
4661 | esac | ||
4662 | AR=$ac_ct_AR | ||
4663 | fi | ||
4664 | fi | ||
4665 | |||
4666 | # Extract the first word of "cat", so it can be a program name with args. | ||
4667 | set dummy cat; ac_word=$2 | ||
4668 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4669 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4670 | if ${ac_cv_path_CAT+:} false; then : | ||
4671 | $as_echo_n "(cached) " >&6 | ||
4672 | else | ||
4673 | case $CAT in | ||
4674 | [\\/]* | ?:[\\/]*) | ||
4675 | ac_cv_path_CAT="$CAT" # Let the user override the test with a path. | ||
4676 | ;; | ||
4677 | *) | ||
4678 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4679 | for as_dir in $PATH | ||
4680 | do | ||
4681 | IFS=$as_save_IFS | ||
4682 | test -z "$as_dir" && as_dir=. | ||
4683 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4684 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4685 | ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext" | ||
4686 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4687 | break 2 | ||
4688 | fi | ||
4689 | done | ||
4690 | done | ||
4691 | IFS=$as_save_IFS | ||
4692 | |||
4693 | ;; | ||
4694 | esac | ||
4695 | fi | ||
4696 | CAT=$ac_cv_path_CAT | ||
4697 | if test -n "$CAT"; then | ||
4698 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5 | ||
4699 | $as_echo "$CAT" >&6; } | ||
4700 | else | ||
4701 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4702 | $as_echo "no" >&6; } | ||
4703 | fi | ||
4704 | |||
4705 | |||
4706 | # Extract the first word of "kill", so it can be a program name with args. | ||
4707 | set dummy kill; ac_word=$2 | ||
4708 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4709 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4710 | if ${ac_cv_path_KILL+:} false; then : | ||
4711 | $as_echo_n "(cached) " >&6 | ||
4712 | else | ||
4713 | case $KILL in | ||
4714 | [\\/]* | ?:[\\/]*) | ||
4715 | ac_cv_path_KILL="$KILL" # Let the user override the test with a path. | ||
4716 | ;; | ||
4717 | *) | ||
4718 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4719 | for as_dir in $PATH | ||
4720 | do | ||
4721 | IFS=$as_save_IFS | ||
4722 | test -z "$as_dir" && as_dir=. | ||
4723 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4724 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4725 | ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" | ||
4726 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4727 | break 2 | ||
4728 | fi | ||
4729 | done | ||
4730 | done | ||
4731 | IFS=$as_save_IFS | ||
4732 | |||
4733 | ;; | ||
4734 | esac | ||
4735 | fi | ||
4736 | KILL=$ac_cv_path_KILL | ||
4737 | if test -n "$KILL"; then | ||
4738 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 | ||
4739 | $as_echo "$KILL" >&6; } | ||
4740 | else | ||
4741 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4742 | $as_echo "no" >&6; } | ||
4743 | fi | ||
4744 | |||
4745 | |||
4746 | for ac_prog in perl5 perl | ||
4747 | do | ||
4748 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
4749 | set dummy $ac_prog; ac_word=$2 | ||
4750 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4751 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4752 | if ${ac_cv_path_PERL+:} false; then : | ||
4753 | $as_echo_n "(cached) " >&6 | ||
4754 | else | ||
4755 | case $PERL in | ||
4756 | [\\/]* | ?:[\\/]*) | ||
4757 | ac_cv_path_PERL="$PERL" # Let the user override the test with a path. | ||
4758 | ;; | ||
4759 | *) | ||
4760 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4761 | for as_dir in $PATH | ||
4762 | do | ||
4763 | IFS=$as_save_IFS | ||
4764 | test -z "$as_dir" && as_dir=. | ||
4765 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4766 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4767 | ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" | ||
4768 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4769 | break 2 | ||
4770 | fi | ||
4771 | done | ||
4772 | done | ||
4773 | IFS=$as_save_IFS | ||
4774 | |||
4775 | ;; | ||
4776 | esac | ||
4777 | fi | ||
4778 | PERL=$ac_cv_path_PERL | ||
4779 | if test -n "$PERL"; then | ||
4780 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 | ||
4781 | $as_echo "$PERL" >&6; } | ||
4782 | else | ||
4783 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4784 | $as_echo "no" >&6; } | ||
4785 | fi | ||
4786 | |||
4787 | |||
4788 | test -n "$PERL" && break | ||
4789 | done | ||
4790 | |||
4791 | # Extract the first word of "sed", so it can be a program name with args. | ||
4792 | set dummy sed; ac_word=$2 | ||
4793 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4794 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4795 | if ${ac_cv_path_SED+:} false; then : | ||
4796 | $as_echo_n "(cached) " >&6 | ||
4797 | else | ||
4798 | case $SED in | ||
4799 | [\\/]* | ?:[\\/]*) | ||
4800 | ac_cv_path_SED="$SED" # Let the user override the test with a path. | ||
4801 | ;; | ||
4802 | *) | ||
4803 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4804 | for as_dir in $PATH | ||
4805 | do | ||
4806 | IFS=$as_save_IFS | ||
4807 | test -z "$as_dir" && as_dir=. | ||
4808 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4809 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4810 | ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" | ||
4811 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4812 | break 2 | ||
4813 | fi | ||
4814 | done | ||
4815 | done | ||
4816 | IFS=$as_save_IFS | ||
4817 | |||
4818 | ;; | ||
4819 | esac | ||
4820 | fi | ||
4821 | SED=$ac_cv_path_SED | ||
4822 | if test -n "$SED"; then | ||
4823 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5 | ||
4824 | $as_echo "$SED" >&6; } | ||
4825 | else | ||
4826 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4827 | $as_echo "no" >&6; } | ||
4828 | fi | ||
4829 | |||
4830 | |||
4831 | |||
4832 | # Extract the first word of "ent", so it can be a program name with args. | ||
4833 | set dummy ent; ac_word=$2 | ||
4834 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4835 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4836 | if ${ac_cv_path_ENT+:} false; then : | ||
4837 | $as_echo_n "(cached) " >&6 | ||
4838 | else | ||
4839 | case $ENT in | ||
4840 | [\\/]* | ?:[\\/]*) | ||
4841 | ac_cv_path_ENT="$ENT" # Let the user override the test with a path. | ||
4842 | ;; | ||
4843 | *) | ||
4844 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4845 | for as_dir in $PATH | ||
4846 | do | ||
4847 | IFS=$as_save_IFS | ||
4848 | test -z "$as_dir" && as_dir=. | ||
4849 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4850 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4851 | ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext" | ||
4852 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4853 | break 2 | ||
4854 | fi | ||
4855 | done | ||
4856 | done | ||
4857 | IFS=$as_save_IFS | ||
4858 | |||
4859 | ;; | ||
4860 | esac | ||
4861 | fi | ||
4862 | ENT=$ac_cv_path_ENT | ||
4863 | if test -n "$ENT"; then | ||
4864 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5 | ||
4865 | $as_echo "$ENT" >&6; } | ||
4866 | else | ||
4867 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4868 | $as_echo "no" >&6; } | ||
4869 | fi | ||
4870 | |||
4871 | |||
4872 | |||
4873 | # Extract the first word of "bash", so it can be a program name with args. | ||
4874 | set dummy bash; ac_word=$2 | ||
4875 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4876 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4877 | if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : | ||
4878 | $as_echo_n "(cached) " >&6 | ||
4879 | else | ||
4880 | case $TEST_MINUS_S_SH in | ||
4881 | [\\/]* | ?:[\\/]*) | ||
4882 | ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. | ||
4883 | ;; | ||
4884 | *) | ||
4885 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4886 | for as_dir in $PATH | ||
4887 | do | ||
4888 | IFS=$as_save_IFS | ||
4889 | test -z "$as_dir" && as_dir=. | ||
4890 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4891 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4892 | ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4893 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4894 | break 2 | ||
4895 | fi | ||
4896 | done | ||
4897 | done | ||
4898 | IFS=$as_save_IFS | ||
4899 | |||
4900 | ;; | ||
4901 | esac | ||
4902 | fi | ||
4903 | TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH | ||
4904 | if test -n "$TEST_MINUS_S_SH"; then | ||
4905 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 | ||
4906 | $as_echo "$TEST_MINUS_S_SH" >&6; } | ||
4907 | else | ||
4908 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4909 | $as_echo "no" >&6; } | ||
4910 | fi | ||
4911 | |||
4912 | |||
4913 | # Extract the first word of "ksh", so it can be a program name with args. | ||
4914 | set dummy ksh; ac_word=$2 | ||
4915 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4916 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4917 | if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : | ||
4918 | $as_echo_n "(cached) " >&6 | ||
4919 | else | ||
4920 | case $TEST_MINUS_S_SH in | ||
4921 | [\\/]* | ?:[\\/]*) | ||
4922 | ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. | ||
4923 | ;; | ||
4924 | *) | ||
4925 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4926 | for as_dir in $PATH | ||
4927 | do | ||
4928 | IFS=$as_save_IFS | ||
4929 | test -z "$as_dir" && as_dir=. | ||
4930 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4931 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4932 | ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4933 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4934 | break 2 | ||
4935 | fi | ||
4936 | done | ||
4937 | done | ||
4938 | IFS=$as_save_IFS | ||
4939 | |||
4940 | ;; | ||
4941 | esac | ||
4942 | fi | ||
4943 | TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH | ||
4944 | if test -n "$TEST_MINUS_S_SH"; then | ||
4945 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 | ||
4946 | $as_echo "$TEST_MINUS_S_SH" >&6; } | ||
4947 | else | ||
4948 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4949 | $as_echo "no" >&6; } | ||
4950 | fi | ||
4951 | |||
4952 | |||
4953 | # Extract the first word of "sh", so it can be a program name with args. | ||
4954 | set dummy sh; ac_word=$2 | ||
4955 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4956 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4957 | if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : | ||
4958 | $as_echo_n "(cached) " >&6 | ||
4959 | else | ||
4960 | case $TEST_MINUS_S_SH in | ||
4961 | [\\/]* | ?:[\\/]*) | ||
4962 | ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. | ||
4963 | ;; | ||
4964 | *) | ||
4965 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
4966 | for as_dir in $PATH | ||
4967 | do | ||
4968 | IFS=$as_save_IFS | ||
4969 | test -z "$as_dir" && as_dir=. | ||
4970 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
4971 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
4972 | ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" | ||
4973 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
4974 | break 2 | ||
4975 | fi | ||
4976 | done | ||
4977 | done | ||
4978 | IFS=$as_save_IFS | ||
4979 | |||
4980 | ;; | ||
4981 | esac | ||
4982 | fi | ||
4983 | TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH | ||
4984 | if test -n "$TEST_MINUS_S_SH"; then | ||
4985 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 | ||
4986 | $as_echo "$TEST_MINUS_S_SH" >&6; } | ||
4987 | else | ||
4988 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
4989 | $as_echo "no" >&6; } | ||
4990 | fi | ||
4991 | |||
4992 | |||
4993 | # Extract the first word of "sh", so it can be a program name with args. | ||
4994 | set dummy sh; ac_word=$2 | ||
4995 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
4996 | $as_echo_n "checking for $ac_word... " >&6; } | ||
4997 | if ${ac_cv_path_SH+:} false; then : | ||
4998 | $as_echo_n "(cached) " >&6 | ||
4999 | else | ||
5000 | case $SH in | ||
5001 | [\\/]* | ?:[\\/]*) | ||
5002 | ac_cv_path_SH="$SH" # Let the user override the test with a path. | ||
5003 | ;; | ||
5004 | *) | ||
5005 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5006 | for as_dir in $PATH | ||
5007 | do | ||
5008 | IFS=$as_save_IFS | ||
5009 | test -z "$as_dir" && as_dir=. | ||
5010 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5011 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5012 | ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext" | ||
5013 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5014 | break 2 | ||
5015 | fi | ||
5016 | done | ||
5017 | done | ||
5018 | IFS=$as_save_IFS | ||
5019 | |||
5020 | ;; | ||
5021 | esac | ||
5022 | fi | ||
5023 | SH=$ac_cv_path_SH | ||
5024 | if test -n "$SH"; then | ||
5025 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 | ||
5026 | $as_echo "$SH" >&6; } | ||
5027 | else | ||
5028 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5029 | $as_echo "no" >&6; } | ||
5030 | fi | ||
5031 | |||
5032 | |||
5033 | # Extract the first word of "groff", so it can be a program name with args. | ||
5034 | set dummy groff; ac_word=$2 | ||
5035 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5036 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5037 | if ${ac_cv_path_GROFF+:} false; then : | ||
5038 | $as_echo_n "(cached) " >&6 | ||
5039 | else | ||
5040 | case $GROFF in | ||
5041 | [\\/]* | ?:[\\/]*) | ||
5042 | ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. | ||
5043 | ;; | ||
5044 | *) | ||
5045 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5046 | for as_dir in $PATH | ||
5047 | do | ||
5048 | IFS=$as_save_IFS | ||
5049 | test -z "$as_dir" && as_dir=. | ||
5050 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5051 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5052 | ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" | ||
5053 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5054 | break 2 | ||
5055 | fi | ||
5056 | done | ||
5057 | done | ||
5058 | IFS=$as_save_IFS | ||
5059 | |||
5060 | ;; | ||
5061 | esac | ||
5062 | fi | ||
5063 | GROFF=$ac_cv_path_GROFF | ||
5064 | if test -n "$GROFF"; then | ||
5065 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 | ||
5066 | $as_echo "$GROFF" >&6; } | ||
5067 | else | ||
5068 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5069 | $as_echo "no" >&6; } | ||
5070 | fi | ||
5071 | |||
5072 | |||
5073 | # Extract the first word of "nroff", so it can be a program name with args. | ||
5074 | set dummy nroff; ac_word=$2 | ||
5075 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5076 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5077 | if ${ac_cv_path_NROFF+:} false; then : | ||
5078 | $as_echo_n "(cached) " >&6 | ||
5079 | else | ||
5080 | case $NROFF in | ||
5081 | [\\/]* | ?:[\\/]*) | ||
5082 | ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. | ||
5083 | ;; | ||
5084 | *) | ||
5085 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5086 | for as_dir in $PATH | ||
5087 | do | ||
5088 | IFS=$as_save_IFS | ||
5089 | test -z "$as_dir" && as_dir=. | ||
5090 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5091 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5092 | ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" | ||
5093 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5094 | break 2 | ||
5095 | fi | ||
5096 | done | ||
5097 | done | ||
5098 | IFS=$as_save_IFS | ||
5099 | |||
5100 | ;; | ||
5101 | esac | ||
5102 | fi | ||
5103 | NROFF=$ac_cv_path_NROFF | ||
5104 | if test -n "$NROFF"; then | ||
5105 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 | ||
5106 | $as_echo "$NROFF" >&6; } | ||
5107 | else | ||
5108 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5109 | $as_echo "no" >&6; } | ||
5110 | fi | ||
5111 | |||
5112 | |||
5113 | # Extract the first word of "mandoc", so it can be a program name with args. | ||
5114 | set dummy mandoc; ac_word=$2 | ||
5115 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5116 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5117 | if ${ac_cv_path_MANDOC+:} false; then : | ||
5118 | $as_echo_n "(cached) " >&6 | ||
5119 | else | ||
5120 | case $MANDOC in | ||
5121 | [\\/]* | ?:[\\/]*) | ||
5122 | ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path. | ||
5123 | ;; | ||
5124 | *) | ||
5125 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5126 | for as_dir in $PATH | ||
5127 | do | ||
5128 | IFS=$as_save_IFS | ||
5129 | test -z "$as_dir" && as_dir=. | ||
5130 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5131 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5132 | ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext" | ||
5133 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5134 | break 2 | ||
5135 | fi | ||
5136 | done | ||
5137 | done | ||
5138 | IFS=$as_save_IFS | ||
5139 | |||
5140 | ;; | ||
5141 | esac | ||
5142 | fi | ||
5143 | MANDOC=$ac_cv_path_MANDOC | ||
5144 | if test -n "$MANDOC"; then | ||
5145 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5 | ||
5146 | $as_echo "$MANDOC" >&6; } | ||
5147 | else | ||
5148 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5149 | $as_echo "no" >&6; } | ||
5150 | fi | ||
5151 | |||
5152 | |||
5153 | TEST_SHELL=sh | ||
5154 | |||
5155 | |||
5156 | if test "x$MANDOC" != "x" ; then | ||
5157 | MANFMT="$MANDOC" | ||
5158 | elif test "x$NROFF" != "x" ; then | ||
5159 | MANFMT="$NROFF -mandoc" | ||
5160 | elif test "x$GROFF" != "x" ; then | ||
5161 | MANFMT="$GROFF -mandoc -Tascii" | ||
5162 | else | ||
5163 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5 | ||
5164 | $as_echo "$as_me: WARNING: no manpage formatted found" >&2;} | ||
5165 | MANFMT="false" | ||
5166 | fi | ||
5167 | |||
5168 | |||
5169 | # Extract the first word of "groupadd", so it can be a program name with args. | ||
5170 | set dummy groupadd; ac_word=$2 | ||
5171 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5172 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5173 | if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then : | ||
5174 | $as_echo_n "(cached) " >&6 | ||
5175 | else | ||
5176 | case $PATH_GROUPADD_PROG in | ||
5177 | [\\/]* | ?:[\\/]*) | ||
5178 | ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path. | ||
5179 | ;; | ||
5180 | *) | ||
5181 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5182 | for as_dir in /usr/sbin${PATH_SEPARATOR}/etc | ||
5183 | do | ||
5184 | IFS=$as_save_IFS | ||
5185 | test -z "$as_dir" && as_dir=. | ||
5186 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5187 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5188 | ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext" | ||
5189 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5190 | break 2 | ||
5191 | fi | ||
5192 | done | ||
5193 | done | ||
5194 | IFS=$as_save_IFS | ||
5195 | |||
5196 | test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd" | ||
5197 | ;; | ||
5198 | esac | ||
5199 | fi | ||
5200 | PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG | ||
5201 | if test -n "$PATH_GROUPADD_PROG"; then | ||
5202 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5 | ||
5203 | $as_echo "$PATH_GROUPADD_PROG" >&6; } | ||
5204 | else | ||
5205 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5206 | $as_echo "no" >&6; } | ||
5207 | fi | ||
5208 | |||
5209 | |||
5210 | # Extract the first word of "useradd", so it can be a program name with args. | ||
5211 | set dummy useradd; ac_word=$2 | ||
5212 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5213 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5214 | if ${ac_cv_path_PATH_USERADD_PROG+:} false; then : | ||
5215 | $as_echo_n "(cached) " >&6 | ||
5216 | else | ||
5217 | case $PATH_USERADD_PROG in | ||
5218 | [\\/]* | ?:[\\/]*) | ||
5219 | ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path. | ||
5220 | ;; | ||
5221 | *) | ||
5222 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5223 | for as_dir in /usr/sbin${PATH_SEPARATOR}/etc | ||
5224 | do | ||
5225 | IFS=$as_save_IFS | ||
5226 | test -z "$as_dir" && as_dir=. | ||
5227 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5228 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5229 | ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext" | ||
5230 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5231 | break 2 | ||
5232 | fi | ||
5233 | done | ||
5234 | done | ||
5235 | IFS=$as_save_IFS | ||
5236 | |||
5237 | test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd" | ||
5238 | ;; | ||
5239 | esac | ||
5240 | fi | ||
5241 | PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG | ||
5242 | if test -n "$PATH_USERADD_PROG"; then | ||
5243 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5 | ||
5244 | $as_echo "$PATH_USERADD_PROG" >&6; } | ||
5245 | else | ||
5246 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5247 | $as_echo "no" >&6; } | ||
5248 | fi | ||
5249 | |||
5250 | |||
5251 | # Extract the first word of "pkgmk", so it can be a program name with args. | ||
5252 | set dummy pkgmk; ac_word=$2 | ||
5253 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5254 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5255 | if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then : | ||
5256 | $as_echo_n "(cached) " >&6 | ||
5257 | else | ||
5258 | if test -n "$MAKE_PACKAGE_SUPPORTED"; then | ||
5259 | ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test. | ||
5260 | else | ||
5261 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5262 | for as_dir in $PATH | ||
5263 | do | ||
5264 | IFS=$as_save_IFS | ||
5265 | test -z "$as_dir" && as_dir=. | ||
5266 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5267 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5268 | ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes" | ||
5269 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5270 | break 2 | ||
5271 | fi | ||
5272 | done | ||
5273 | done | ||
5274 | IFS=$as_save_IFS | ||
5275 | |||
5276 | test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no" | ||
5277 | fi | ||
5278 | fi | ||
5279 | MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED | ||
5280 | if test -n "$MAKE_PACKAGE_SUPPORTED"; then | ||
5281 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5 | ||
5282 | $as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; } | ||
5283 | else | ||
5284 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5285 | $as_echo "no" >&6; } | ||
5286 | fi | ||
5287 | |||
5288 | |||
5289 | if test -x /sbin/sh; then | ||
5290 | STARTUP_SCRIPT_SHELL=/sbin/sh | ||
5291 | |||
5292 | else | ||
5293 | STARTUP_SCRIPT_SHELL=/bin/sh | ||
5294 | |||
5295 | fi | ||
5296 | |||
5297 | # System features | ||
5298 | # Check whether --enable-largefile was given. | ||
5299 | if test "${enable_largefile+set}" = set; then : | ||
5300 | enableval=$enable_largefile; | ||
5301 | fi | ||
5302 | |||
5303 | if test "$enable_largefile" != no; then | ||
5304 | |||
5305 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 | ||
5306 | $as_echo_n "checking for special C compiler options needed for large files... " >&6; } | ||
5307 | if ${ac_cv_sys_largefile_CC+:} false; then : | ||
5308 | $as_echo_n "(cached) " >&6 | ||
5309 | else | ||
5310 | ac_cv_sys_largefile_CC=no | ||
5311 | if test "$GCC" != yes; then | ||
5312 | ac_save_CC=$CC | ||
5313 | while :; do | ||
5314 | # IRIX 6.2 and later do not support large files by default, | ||
5315 | # so use the C compiler's -n32 option if that helps. | ||
5316 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5317 | /* end confdefs.h. */ | ||
5318 | #include <sys/types.h> | ||
5319 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5320 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5321 | since some C++ compilers masquerading as C compilers | ||
5322 | incorrectly reject 9223372036854775807. */ | ||
5323 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5324 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5325 | && LARGE_OFF_T % 2147483647 == 1) | ||
5326 | ? 1 : -1]; | ||
5327 | int | ||
5328 | main () | ||
5329 | { | ||
5330 | |||
5331 | ; | ||
5332 | return 0; | ||
5333 | } | ||
5334 | _ACEOF | ||
5335 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5336 | break | ||
5337 | fi | ||
5338 | rm -f core conftest.err conftest.$ac_objext | ||
5339 | CC="$CC -n32" | ||
5340 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5341 | ac_cv_sys_largefile_CC=' -n32'; break | ||
5342 | fi | ||
5343 | rm -f core conftest.err conftest.$ac_objext | ||
5344 | break | ||
5345 | done | ||
5346 | CC=$ac_save_CC | ||
5347 | rm -f conftest.$ac_ext | ||
5348 | fi | ||
5349 | fi | ||
5350 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 | ||
5351 | $as_echo "$ac_cv_sys_largefile_CC" >&6; } | ||
5352 | if test "$ac_cv_sys_largefile_CC" != no; then | ||
5353 | CC=$CC$ac_cv_sys_largefile_CC | ||
5354 | fi | ||
5355 | |||
5356 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 | ||
5357 | $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } | ||
5358 | if ${ac_cv_sys_file_offset_bits+:} false; then : | ||
5359 | $as_echo_n "(cached) " >&6 | ||
5360 | else | ||
5361 | while :; do | ||
5362 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5363 | /* end confdefs.h. */ | ||
5364 | #include <sys/types.h> | ||
5365 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5366 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5367 | since some C++ compilers masquerading as C compilers | ||
5368 | incorrectly reject 9223372036854775807. */ | ||
5369 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5370 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5371 | && LARGE_OFF_T % 2147483647 == 1) | ||
5372 | ? 1 : -1]; | ||
5373 | int | ||
5374 | main () | ||
5375 | { | ||
5376 | |||
5377 | ; | ||
5378 | return 0; | ||
5379 | } | ||
5380 | _ACEOF | ||
5381 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5382 | ac_cv_sys_file_offset_bits=no; break | ||
5383 | fi | ||
5384 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5385 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5386 | /* end confdefs.h. */ | ||
5387 | #define _FILE_OFFSET_BITS 64 | ||
5388 | #include <sys/types.h> | ||
5389 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5390 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5391 | since some C++ compilers masquerading as C compilers | ||
5392 | incorrectly reject 9223372036854775807. */ | ||
5393 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5394 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5395 | && LARGE_OFF_T % 2147483647 == 1) | ||
5396 | ? 1 : -1]; | ||
5397 | int | ||
5398 | main () | ||
5399 | { | ||
5400 | |||
5401 | ; | ||
5402 | return 0; | ||
5403 | } | ||
5404 | _ACEOF | ||
5405 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5406 | ac_cv_sys_file_offset_bits=64; break | ||
5407 | fi | ||
5408 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5409 | ac_cv_sys_file_offset_bits=unknown | ||
5410 | break | ||
5411 | done | ||
5412 | fi | ||
5413 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 | ||
5414 | $as_echo "$ac_cv_sys_file_offset_bits" >&6; } | ||
5415 | case $ac_cv_sys_file_offset_bits in #( | ||
5416 | no | unknown) ;; | ||
5417 | *) | ||
5418 | cat >>confdefs.h <<_ACEOF | ||
5419 | #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits | ||
5420 | _ACEOF | ||
5421 | ;; | ||
5422 | esac | ||
5423 | rm -rf conftest* | ||
5424 | if test $ac_cv_sys_file_offset_bits = unknown; then | ||
5425 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 | ||
5426 | $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } | ||
5427 | if ${ac_cv_sys_large_files+:} false; then : | ||
5428 | $as_echo_n "(cached) " >&6 | ||
5429 | else | ||
5430 | while :; do | ||
5431 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5432 | /* end confdefs.h. */ | ||
5433 | #include <sys/types.h> | ||
5434 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5435 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5436 | since some C++ compilers masquerading as C compilers | ||
5437 | incorrectly reject 9223372036854775807. */ | ||
5438 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5439 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5440 | && LARGE_OFF_T % 2147483647 == 1) | ||
5441 | ? 1 : -1]; | ||
5442 | int | ||
5443 | main () | ||
5444 | { | ||
5445 | |||
5446 | ; | ||
5447 | return 0; | ||
5448 | } | ||
5449 | _ACEOF | ||
5450 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5451 | ac_cv_sys_large_files=no; break | ||
5452 | fi | ||
5453 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5454 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5455 | /* end confdefs.h. */ | ||
5456 | #define _LARGE_FILES 1 | ||
5457 | #include <sys/types.h> | ||
5458 | /* Check that off_t can represent 2**63 - 1 correctly. | ||
5459 | We can't simply define LARGE_OFF_T to be 9223372036854775807, | ||
5460 | since some C++ compilers masquerading as C compilers | ||
5461 | incorrectly reject 9223372036854775807. */ | ||
5462 | #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) | ||
5463 | int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 | ||
5464 | && LARGE_OFF_T % 2147483647 == 1) | ||
5465 | ? 1 : -1]; | ||
5466 | int | ||
5467 | main () | ||
5468 | { | ||
5469 | |||
5470 | ; | ||
5471 | return 0; | ||
5472 | } | ||
5473 | _ACEOF | ||
5474 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5475 | ac_cv_sys_large_files=1; break | ||
5476 | fi | ||
5477 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5478 | ac_cv_sys_large_files=unknown | ||
5479 | break | ||
5480 | done | ||
5481 | fi | ||
5482 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 | ||
5483 | $as_echo "$ac_cv_sys_large_files" >&6; } | ||
5484 | case $ac_cv_sys_large_files in #( | ||
5485 | no | unknown) ;; | ||
5486 | *) | ||
5487 | cat >>confdefs.h <<_ACEOF | ||
5488 | #define _LARGE_FILES $ac_cv_sys_large_files | ||
5489 | _ACEOF | ||
5490 | ;; | ||
5491 | esac | ||
5492 | rm -rf conftest* | ||
5493 | fi | ||
5494 | |||
5495 | |||
5496 | fi | ||
5497 | |||
5498 | |||
5499 | if test -z "$AR" ; then | ||
5500 | as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5 | ||
5501 | fi | ||
5502 | |||
5503 | # Extract the first word of "passwd", so it can be a program name with args. | ||
5504 | set dummy passwd; ac_word=$2 | ||
5505 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
5506 | $as_echo_n "checking for $ac_word... " >&6; } | ||
5507 | if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then : | ||
5508 | $as_echo_n "(cached) " >&6 | ||
5509 | else | ||
5510 | case $PATH_PASSWD_PROG in | ||
5511 | [\\/]* | ?:[\\/]*) | ||
5512 | ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path. | ||
5513 | ;; | ||
5514 | *) | ||
5515 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
5516 | for as_dir in $PATH | ||
5517 | do | ||
5518 | IFS=$as_save_IFS | ||
5519 | test -z "$as_dir" && as_dir=. | ||
5520 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
5521 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
5522 | ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext" | ||
5523 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
5524 | break 2 | ||
5525 | fi | ||
5526 | done | ||
5527 | done | ||
5528 | IFS=$as_save_IFS | ||
5529 | |||
5530 | ;; | ||
5531 | esac | ||
5532 | fi | ||
5533 | PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG | ||
5534 | if test -n "$PATH_PASSWD_PROG"; then | ||
5535 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5 | ||
5536 | $as_echo "$PATH_PASSWD_PROG" >&6; } | ||
5537 | else | ||
5538 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5539 | $as_echo "no" >&6; } | ||
5540 | fi | ||
5541 | |||
5542 | |||
5543 | if test ! -z "$PATH_PASSWD_PROG" ; then | ||
5544 | |||
5545 | cat >>confdefs.h <<_ACEOF | ||
5546 | #define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG" | ||
5547 | _ACEOF | ||
5548 | |||
5549 | fi | ||
5550 | |||
5551 | if test -z "$LD" ; then | ||
5552 | LD=$CC | ||
5553 | fi | ||
5554 | |||
5555 | |||
5556 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 | ||
5557 | $as_echo_n "checking for inline... " >&6; } | ||
5558 | if ${ac_cv_c_inline+:} false; then : | ||
5559 | $as_echo_n "(cached) " >&6 | ||
5560 | else | ||
5561 | ac_cv_c_inline=no | ||
5562 | for ac_kw in inline __inline__ __inline; do | ||
5563 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5564 | /* end confdefs.h. */ | ||
5565 | #ifndef __cplusplus | ||
5566 | typedef int foo_t; | ||
5567 | static $ac_kw foo_t static_foo () {return 0; } | ||
5568 | $ac_kw foo_t foo () {return 0; } | ||
5569 | #endif | ||
5570 | |||
5571 | _ACEOF | ||
5572 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5573 | ac_cv_c_inline=$ac_kw | ||
5574 | fi | ||
5575 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5576 | test "$ac_cv_c_inline" != no && break | ||
5577 | done | ||
5578 | |||
5579 | fi | ||
5580 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 | ||
5581 | $as_echo "$ac_cv_c_inline" >&6; } | ||
5582 | |||
5583 | case $ac_cv_c_inline in | ||
5584 | inline | yes) ;; | ||
5585 | *) | ||
5586 | case $ac_cv_c_inline in | ||
5587 | no) ac_val=;; | ||
5588 | *) ac_val=$ac_cv_c_inline;; | ||
5589 | esac | ||
5590 | cat >>confdefs.h <<_ACEOF | ||
5591 | #ifndef __cplusplus | ||
5592 | #define inline $ac_val | ||
5593 | #endif | ||
5594 | _ACEOF | ||
5595 | ;; | ||
5596 | esac | ||
5597 | |||
5598 | |||
5599 | ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h> | ||
5600 | " | ||
5601 | if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : | ||
5602 | have_llong_max=1 | ||
5603 | fi | ||
5604 | |||
5605 | ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" " | ||
5606 | #include <sys/types.h> | ||
5607 | #include <sys/param.h> | ||
5608 | #include <dev/systrace.h> | ||
5609 | |||
5610 | " | ||
5611 | if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then : | ||
5612 | have_systr_policy_kill=1 | ||
5613 | fi | ||
5614 | |||
5615 | ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" " | ||
5616 | #include <sys/types.h> | ||
5617 | #include <sys/resource.h> | ||
5618 | |||
5619 | " | ||
5620 | if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then : | ||
5621 | |||
5622 | $as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h | ||
5623 | |||
5624 | fi | ||
5625 | |||
5626 | ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" " | ||
5627 | #include <sys/types.h> | ||
5628 | #include <linux/prctl.h> | ||
5629 | |||
5630 | " | ||
5631 | if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then : | ||
5632 | have_linux_no_new_privs=1 | ||
5633 | fi | ||
5634 | |||
5635 | |||
5636 | openssl=yes | ||
5637 | ssh1=no | ||
5638 | COMMENT_OUT_RSA1="#no ssh1#" | ||
5639 | |||
5640 | # Check whether --with-openssl was given. | ||
5641 | if test "${with_openssl+set}" = set; then : | ||
5642 | withval=$with_openssl; if test "x$withval" = "xno" ; then | ||
5643 | openssl=no | ||
5644 | ssh1=no | ||
5645 | fi | ||
5646 | |||
5647 | |||
5648 | fi | ||
5649 | |||
5650 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL will be used for cryptography" >&5 | ||
5651 | $as_echo_n "checking whether OpenSSL will be used for cryptography... " >&6; } | ||
5652 | if test "x$openssl" = "xyes" ; then | ||
5653 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5654 | $as_echo "yes" >&6; } | ||
5655 | |||
5656 | cat >>confdefs.h <<_ACEOF | ||
5657 | #define WITH_OPENSSL 1 | ||
5658 | _ACEOF | ||
5659 | |||
5660 | else | ||
5661 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5662 | $as_echo "no" >&6; } | ||
5663 | fi | ||
5664 | |||
5665 | |||
5666 | # Check whether --with-ssh1 was given. | ||
5667 | if test "${with_ssh1+set}" = set; then : | ||
5668 | withval=$with_ssh1; | ||
5669 | if test "x$withval" = "xyes" ; then | ||
5670 | if test "x$openssl" = "xno" ; then | ||
5671 | as_fn_error $? "Cannot enable SSH protocol 1 with OpenSSL disabled" "$LINENO" 5 | ||
5672 | fi | ||
5673 | ssh1=yes | ||
5674 | COMMENT_OUT_RSA1="" | ||
5675 | elif test "x$withval" = "xno" ; then | ||
5676 | ssh1=no | ||
5677 | else | ||
5678 | as_fn_error $? "unknown --with-ssh1 argument" "$LINENO" 5 | ||
5679 | fi | ||
5680 | |||
5681 | |||
5682 | fi | ||
5683 | |||
5684 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SSH protocol 1 support is enabled" >&5 | ||
5685 | $as_echo_n "checking whether SSH protocol 1 support is enabled... " >&6; } | ||
5686 | if test "x$ssh1" = "xyes" ; then | ||
5687 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5688 | $as_echo "yes" >&6; } | ||
5689 | |||
5690 | cat >>confdefs.h <<_ACEOF | ||
5691 | #define WITH_SSH1 1 | ||
5692 | _ACEOF | ||
5693 | |||
5694 | |||
5695 | else | ||
5696 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5697 | $as_echo "no" >&6; } | ||
5698 | fi | ||
5699 | |||
5700 | use_stack_protector=1 | ||
5701 | use_toolchain_hardening=1 | ||
5702 | |||
5703 | # Check whether --with-stackprotect was given. | ||
5704 | if test "${with_stackprotect+set}" = set; then : | ||
5705 | withval=$with_stackprotect; | ||
5706 | if test "x$withval" = "xno"; then | ||
5707 | use_stack_protector=0 | ||
5708 | fi | ||
5709 | fi | ||
5710 | |||
5711 | |||
5712 | # Check whether --with-hardening was given. | ||
5713 | if test "${with_hardening+set}" = set; then : | ||
5714 | withval=$with_hardening; | ||
5715 | if test "x$withval" = "xno"; then | ||
5716 | use_toolchain_hardening=0 | ||
5717 | fi | ||
5718 | fi | ||
5719 | |||
5720 | |||
5721 | # We use -Werror for the tests only so that we catch warnings like "this is | ||
5722 | # on by default" for things like -fPIE. | ||
5723 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5 | ||
5724 | $as_echo_n "checking if $CC supports -Werror... " >&6; } | ||
5725 | saved_CFLAGS="$CFLAGS" | ||
5726 | CFLAGS="$CFLAGS -Werror" | ||
5727 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5728 | /* end confdefs.h. */ | ||
5729 | int main(void) { return 0; } | ||
5730 | _ACEOF | ||
5731 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5732 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5733 | $as_echo "yes" >&6; } | ||
5734 | WERROR="-Werror" | ||
5735 | else | ||
5736 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5737 | $as_echo "no" >&6; } | ||
5738 | WERROR="" | ||
5739 | |||
5740 | fi | ||
5741 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5742 | CFLAGS="$saved_CFLAGS" | ||
5743 | |||
5744 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | ||
5745 | { | ||
5746 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5 | ||
5747 | $as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; } | ||
5748 | saved_CFLAGS="$CFLAGS" | ||
5749 | CFLAGS="$CFLAGS $WERROR -Qunused-arguments" | ||
5750 | _define_flag="" | ||
5751 | test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments" | ||
5752 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5753 | /* end confdefs.h. */ | ||
5754 | |||
5755 | #include <stdlib.h> | ||
5756 | #include <stdio.h> | ||
5757 | int main(int argc, char **argv) { | ||
5758 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5759 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5760 | float l = i * 2.1; | ||
5761 | double m = l / 0.5; | ||
5762 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5763 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5764 | exit(0); | ||
5765 | } | ||
5766 | |||
5767 | _ACEOF | ||
5768 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5769 | |||
5770 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5771 | then | ||
5772 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5773 | $as_echo "no" >&6; } | ||
5774 | CFLAGS="$saved_CFLAGS" | ||
5775 | else | ||
5776 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5777 | $as_echo "yes" >&6; } | ||
5778 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5779 | fi | ||
5780 | else | ||
5781 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5782 | $as_echo "no" >&6; } | ||
5783 | CFLAGS="$saved_CFLAGS" | ||
5784 | |||
5785 | fi | ||
5786 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5787 | } | ||
5788 | { | ||
5789 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5 | ||
5790 | $as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; } | ||
5791 | saved_CFLAGS="$CFLAGS" | ||
5792 | CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option" | ||
5793 | _define_flag="" | ||
5794 | test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option" | ||
5795 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5796 | /* end confdefs.h. */ | ||
5797 | |||
5798 | #include <stdlib.h> | ||
5799 | #include <stdio.h> | ||
5800 | int main(int argc, char **argv) { | ||
5801 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5802 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5803 | float l = i * 2.1; | ||
5804 | double m = l / 0.5; | ||
5805 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5806 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5807 | exit(0); | ||
5808 | } | ||
5809 | |||
5810 | _ACEOF | ||
5811 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5812 | |||
5813 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5814 | then | ||
5815 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5816 | $as_echo "no" >&6; } | ||
5817 | CFLAGS="$saved_CFLAGS" | ||
5818 | else | ||
5819 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5820 | $as_echo "yes" >&6; } | ||
5821 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5822 | fi | ||
5823 | else | ||
5824 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5825 | $as_echo "no" >&6; } | ||
5826 | CFLAGS="$saved_CFLAGS" | ||
5827 | |||
5828 | fi | ||
5829 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5830 | } | ||
5831 | { | ||
5832 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5 | ||
5833 | $as_echo_n "checking if $CC supports compile flag -Wall... " >&6; } | ||
5834 | saved_CFLAGS="$CFLAGS" | ||
5835 | CFLAGS="$CFLAGS $WERROR -Wall" | ||
5836 | _define_flag="" | ||
5837 | test "x$_define_flag" = "x" && _define_flag="-Wall" | ||
5838 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5839 | /* end confdefs.h. */ | ||
5840 | |||
5841 | #include <stdlib.h> | ||
5842 | #include <stdio.h> | ||
5843 | int main(int argc, char **argv) { | ||
5844 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5845 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5846 | float l = i * 2.1; | ||
5847 | double m = l / 0.5; | ||
5848 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5849 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5850 | exit(0); | ||
5851 | } | ||
5852 | |||
5853 | _ACEOF | ||
5854 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5855 | |||
5856 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5857 | then | ||
5858 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5859 | $as_echo "no" >&6; } | ||
5860 | CFLAGS="$saved_CFLAGS" | ||
5861 | else | ||
5862 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5863 | $as_echo "yes" >&6; } | ||
5864 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5865 | fi | ||
5866 | else | ||
5867 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5868 | $as_echo "no" >&6; } | ||
5869 | CFLAGS="$saved_CFLAGS" | ||
5870 | |||
5871 | fi | ||
5872 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5873 | } | ||
5874 | { | ||
5875 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5 | ||
5876 | $as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; } | ||
5877 | saved_CFLAGS="$CFLAGS" | ||
5878 | CFLAGS="$CFLAGS $WERROR -Wpointer-arith" | ||
5879 | _define_flag="" | ||
5880 | test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith" | ||
5881 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5882 | /* end confdefs.h. */ | ||
5883 | |||
5884 | #include <stdlib.h> | ||
5885 | #include <stdio.h> | ||
5886 | int main(int argc, char **argv) { | ||
5887 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5888 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5889 | float l = i * 2.1; | ||
5890 | double m = l / 0.5; | ||
5891 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5892 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5893 | exit(0); | ||
5894 | } | ||
5895 | |||
5896 | _ACEOF | ||
5897 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5898 | |||
5899 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5900 | then | ||
5901 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5902 | $as_echo "no" >&6; } | ||
5903 | CFLAGS="$saved_CFLAGS" | ||
5904 | else | ||
5905 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5906 | $as_echo "yes" >&6; } | ||
5907 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5908 | fi | ||
5909 | else | ||
5910 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5911 | $as_echo "no" >&6; } | ||
5912 | CFLAGS="$saved_CFLAGS" | ||
5913 | |||
5914 | fi | ||
5915 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5916 | } | ||
5917 | { | ||
5918 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wuninitialized" >&5 | ||
5919 | $as_echo_n "checking if $CC supports compile flag -Wuninitialized... " >&6; } | ||
5920 | saved_CFLAGS="$CFLAGS" | ||
5921 | CFLAGS="$CFLAGS $WERROR -Wuninitialized" | ||
5922 | _define_flag="" | ||
5923 | test "x$_define_flag" = "x" && _define_flag="-Wuninitialized" | ||
5924 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5925 | /* end confdefs.h. */ | ||
5926 | |||
5927 | #include <stdlib.h> | ||
5928 | #include <stdio.h> | ||
5929 | int main(int argc, char **argv) { | ||
5930 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5931 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5932 | float l = i * 2.1; | ||
5933 | double m = l / 0.5; | ||
5934 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5935 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5936 | exit(0); | ||
5937 | } | ||
5938 | |||
5939 | _ACEOF | ||
5940 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5941 | |||
5942 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5943 | then | ||
5944 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5945 | $as_echo "no" >&6; } | ||
5946 | CFLAGS="$saved_CFLAGS" | ||
5947 | else | ||
5948 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5949 | $as_echo "yes" >&6; } | ||
5950 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5951 | fi | ||
5952 | else | ||
5953 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5954 | $as_echo "no" >&6; } | ||
5955 | CFLAGS="$saved_CFLAGS" | ||
5956 | |||
5957 | fi | ||
5958 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5959 | } | ||
5960 | { | ||
5961 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsign-compare" >&5 | ||
5962 | $as_echo_n "checking if $CC supports compile flag -Wsign-compare... " >&6; } | ||
5963 | saved_CFLAGS="$CFLAGS" | ||
5964 | CFLAGS="$CFLAGS $WERROR -Wsign-compare" | ||
5965 | _define_flag="" | ||
5966 | test "x$_define_flag" = "x" && _define_flag="-Wsign-compare" | ||
5967 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5968 | /* end confdefs.h. */ | ||
5969 | |||
5970 | #include <stdlib.h> | ||
5971 | #include <stdio.h> | ||
5972 | int main(int argc, char **argv) { | ||
5973 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
5974 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
5975 | float l = i * 2.1; | ||
5976 | double m = l / 0.5; | ||
5977 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
5978 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
5979 | exit(0); | ||
5980 | } | ||
5981 | |||
5982 | _ACEOF | ||
5983 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5984 | |||
5985 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5986 | then | ||
5987 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5988 | $as_echo "no" >&6; } | ||
5989 | CFLAGS="$saved_CFLAGS" | ||
5990 | else | ||
5991 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5992 | $as_echo "yes" >&6; } | ||
5993 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5994 | fi | ||
5995 | else | ||
5996 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5997 | $as_echo "no" >&6; } | ||
5998 | CFLAGS="$saved_CFLAGS" | ||
5999 | |||
6000 | fi | ||
6001 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6002 | } | ||
6003 | { | ||
6004 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wformat-security" >&5 | ||
6005 | $as_echo_n "checking if $CC supports compile flag -Wformat-security... " >&6; } | ||
6006 | saved_CFLAGS="$CFLAGS" | ||
6007 | CFLAGS="$CFLAGS $WERROR -Wformat-security" | ||
6008 | _define_flag="" | ||
6009 | test "x$_define_flag" = "x" && _define_flag="-Wformat-security" | ||
6010 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6011 | /* end confdefs.h. */ | ||
6012 | |||
6013 | #include <stdlib.h> | ||
6014 | #include <stdio.h> | ||
6015 | int main(int argc, char **argv) { | ||
6016 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6017 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6018 | float l = i * 2.1; | ||
6019 | double m = l / 0.5; | ||
6020 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6021 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6022 | exit(0); | ||
6023 | } | ||
6024 | |||
6025 | _ACEOF | ||
6026 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6027 | |||
6028 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6029 | then | ||
6030 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6031 | $as_echo "no" >&6; } | ||
6032 | CFLAGS="$saved_CFLAGS" | ||
6033 | else | ||
6034 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6035 | $as_echo "yes" >&6; } | ||
6036 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6037 | fi | ||
6038 | else | ||
6039 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6040 | $as_echo "no" >&6; } | ||
6041 | CFLAGS="$saved_CFLAGS" | ||
6042 | |||
6043 | fi | ||
6044 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6045 | } | ||
6046 | { | ||
6047 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5 | ||
6048 | $as_echo_n "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... " >&6; } | ||
6049 | saved_CFLAGS="$CFLAGS" | ||
6050 | CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess" | ||
6051 | _define_flag="" | ||
6052 | test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" | ||
6053 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6054 | /* end confdefs.h. */ | ||
6055 | |||
6056 | #include <stdlib.h> | ||
6057 | #include <stdio.h> | ||
6058 | int main(int argc, char **argv) { | ||
6059 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6060 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6061 | float l = i * 2.1; | ||
6062 | double m = l / 0.5; | ||
6063 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6064 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6065 | exit(0); | ||
6066 | } | ||
6067 | |||
6068 | _ACEOF | ||
6069 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6070 | |||
6071 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6072 | then | ||
6073 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6074 | $as_echo "no" >&6; } | ||
6075 | CFLAGS="$saved_CFLAGS" | ||
6076 | else | ||
6077 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6078 | $as_echo "yes" >&6; } | ||
6079 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6080 | fi | ||
6081 | else | ||
6082 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6083 | $as_echo "no" >&6; } | ||
6084 | CFLAGS="$saved_CFLAGS" | ||
6085 | |||
6086 | fi | ||
6087 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6088 | } | ||
6089 | { | ||
6090 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-sign" >&5 | ||
6091 | $as_echo_n "checking if $CC supports compile flag -Wpointer-sign... " >&6; } | ||
6092 | saved_CFLAGS="$CFLAGS" | ||
6093 | CFLAGS="$CFLAGS $WERROR -Wpointer-sign" | ||
6094 | _define_flag="-Wno-pointer-sign" | ||
6095 | test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign" | ||
6096 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6097 | /* end confdefs.h. */ | ||
6098 | |||
6099 | #include <stdlib.h> | ||
6100 | #include <stdio.h> | ||
6101 | int main(int argc, char **argv) { | ||
6102 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6103 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6104 | float l = i * 2.1; | ||
6105 | double m = l / 0.5; | ||
6106 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6107 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6108 | exit(0); | ||
6109 | } | ||
6110 | |||
6111 | _ACEOF | ||
6112 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6113 | |||
6114 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6115 | then | ||
6116 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6117 | $as_echo "no" >&6; } | ||
6118 | CFLAGS="$saved_CFLAGS" | ||
6119 | else | ||
6120 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6121 | $as_echo "yes" >&6; } | ||
6122 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6123 | fi | ||
6124 | else | ||
6125 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6126 | $as_echo "no" >&6; } | ||
6127 | CFLAGS="$saved_CFLAGS" | ||
6128 | |||
6129 | fi | ||
6130 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6131 | } | ||
6132 | { | ||
6133 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunused-result" >&5 | ||
6134 | $as_echo_n "checking if $CC supports compile flag -Wunused-result... " >&6; } | ||
6135 | saved_CFLAGS="$CFLAGS" | ||
6136 | CFLAGS="$CFLAGS $WERROR -Wunused-result" | ||
6137 | _define_flag="-Wno-unused-result" | ||
6138 | test "x$_define_flag" = "x" && _define_flag="-Wunused-result" | ||
6139 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6140 | /* end confdefs.h. */ | ||
6141 | |||
6142 | #include <stdlib.h> | ||
6143 | #include <stdio.h> | ||
6144 | int main(int argc, char **argv) { | ||
6145 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6146 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6147 | float l = i * 2.1; | ||
6148 | double m = l / 0.5; | ||
6149 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6150 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6151 | exit(0); | ||
6152 | } | ||
6153 | |||
6154 | _ACEOF | ||
6155 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6156 | |||
6157 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6158 | then | ||
6159 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6160 | $as_echo "no" >&6; } | ||
6161 | CFLAGS="$saved_CFLAGS" | ||
6162 | else | ||
6163 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6164 | $as_echo "yes" >&6; } | ||
6165 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6166 | fi | ||
6167 | else | ||
6168 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6169 | $as_echo "no" >&6; } | ||
6170 | CFLAGS="$saved_CFLAGS" | ||
6171 | |||
6172 | fi | ||
6173 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6174 | } | ||
6175 | { | ||
6176 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fno-strict-aliasing" >&5 | ||
6177 | $as_echo_n "checking if $CC supports compile flag -fno-strict-aliasing... " >&6; } | ||
6178 | saved_CFLAGS="$CFLAGS" | ||
6179 | CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing" | ||
6180 | _define_flag="" | ||
6181 | test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing" | ||
6182 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6183 | /* end confdefs.h. */ | ||
6184 | |||
6185 | #include <stdlib.h> | ||
6186 | #include <stdio.h> | ||
6187 | int main(int argc, char **argv) { | ||
6188 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6189 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6190 | float l = i * 2.1; | ||
6191 | double m = l / 0.5; | ||
6192 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6193 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6194 | exit(0); | ||
6195 | } | ||
6196 | |||
6197 | _ACEOF | ||
6198 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6199 | |||
6200 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6201 | then | ||
6202 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6203 | $as_echo "no" >&6; } | ||
6204 | CFLAGS="$saved_CFLAGS" | ||
6205 | else | ||
6206 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6207 | $as_echo "yes" >&6; } | ||
6208 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6209 | fi | ||
6210 | else | ||
6211 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6212 | $as_echo "no" >&6; } | ||
6213 | CFLAGS="$saved_CFLAGS" | ||
6214 | |||
6215 | fi | ||
6216 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6217 | } | ||
6218 | { | ||
6219 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 | ||
6220 | $as_echo_n "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } | ||
6221 | saved_CFLAGS="$CFLAGS" | ||
6222 | CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" | ||
6223 | _define_flag="" | ||
6224 | test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" | ||
6225 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6226 | /* end confdefs.h. */ | ||
6227 | |||
6228 | #include <stdlib.h> | ||
6229 | #include <stdio.h> | ||
6230 | int main(int argc, char **argv) { | ||
6231 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6232 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6233 | float l = i * 2.1; | ||
6234 | double m = l / 0.5; | ||
6235 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6236 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
6237 | exit(0); | ||
6238 | } | ||
6239 | |||
6240 | _ACEOF | ||
6241 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6242 | |||
6243 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6244 | then | ||
6245 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6246 | $as_echo "no" >&6; } | ||
6247 | CFLAGS="$saved_CFLAGS" | ||
6248 | else | ||
6249 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6250 | $as_echo "yes" >&6; } | ||
6251 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6252 | fi | ||
6253 | else | ||
6254 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6255 | $as_echo "no" >&6; } | ||
6256 | CFLAGS="$saved_CFLAGS" | ||
6257 | |||
6258 | fi | ||
6259 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6260 | } | ||
6261 | if test "x$use_toolchain_hardening" = "x1"; then | ||
6262 | { | ||
6263 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5 | ||
6264 | $as_echo_n "checking if $LD supports link flag -Wl,-z,relro... " >&6; } | ||
6265 | saved_LDFLAGS="$LDFLAGS" | ||
6266 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" | ||
6267 | _define_flag="" | ||
6268 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" | ||
6269 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6270 | /* end confdefs.h. */ | ||
6271 | |||
6272 | #include <stdlib.h> | ||
6273 | #include <stdio.h> | ||
6274 | int main(int argc, char **argv) { | ||
6275 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6276 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6277 | float l = i * 2.1; | ||
6278 | double m = l / 0.5; | ||
6279 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6280 | long long p = n * o; | ||
6281 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6282 | exit(0); | ||
6283 | } | ||
6284 | |||
6285 | _ACEOF | ||
6286 | if ac_fn_c_try_link "$LINENO"; then : | ||
6287 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6288 | $as_echo "yes" >&6; } | ||
6289 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6290 | else | ||
6291 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6292 | $as_echo "no" >&6; } | ||
6293 | LDFLAGS="$saved_LDFLAGS" | ||
6294 | |||
6295 | fi | ||
6296 | rm -f core conftest.err conftest.$ac_objext \ | ||
6297 | conftest$ac_exeext conftest.$ac_ext | ||
6298 | } | ||
6299 | { | ||
6300 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5 | ||
6301 | $as_echo_n "checking if $LD supports link flag -Wl,-z,now... " >&6; } | ||
6302 | saved_LDFLAGS="$LDFLAGS" | ||
6303 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" | ||
6304 | _define_flag="" | ||
6305 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" | ||
6306 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6307 | /* end confdefs.h. */ | ||
6308 | |||
6309 | #include <stdlib.h> | ||
6310 | #include <stdio.h> | ||
6311 | int main(int argc, char **argv) { | ||
6312 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6313 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6314 | float l = i * 2.1; | ||
6315 | double m = l / 0.5; | ||
6316 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6317 | long long p = n * o; | ||
6318 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6319 | exit(0); | ||
6320 | } | ||
6321 | |||
6322 | _ACEOF | ||
6323 | if ac_fn_c_try_link "$LINENO"; then : | ||
6324 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6325 | $as_echo "yes" >&6; } | ||
6326 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6327 | else | ||
6328 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6329 | $as_echo "no" >&6; } | ||
6330 | LDFLAGS="$saved_LDFLAGS" | ||
6331 | |||
6332 | fi | ||
6333 | rm -f core conftest.err conftest.$ac_objext \ | ||
6334 | conftest$ac_exeext conftest.$ac_ext | ||
6335 | } | ||
6336 | { | ||
6337 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 | ||
6338 | $as_echo_n "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; } | ||
6339 | saved_LDFLAGS="$LDFLAGS" | ||
6340 | LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" | ||
6341 | _define_flag="" | ||
6342 | test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" | ||
6343 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6344 | /* end confdefs.h. */ | ||
6345 | |||
6346 | #include <stdlib.h> | ||
6347 | #include <stdio.h> | ||
6348 | int main(int argc, char **argv) { | ||
6349 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6350 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6351 | float l = i * 2.1; | ||
6352 | double m = l / 0.5; | ||
6353 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6354 | long long p = n * o; | ||
6355 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6356 | exit(0); | ||
6357 | } | ||
6358 | |||
6359 | _ACEOF | ||
6360 | if ac_fn_c_try_link "$LINENO"; then : | ||
6361 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6362 | $as_echo "yes" >&6; } | ||
6363 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
6364 | else | ||
6365 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6366 | $as_echo "no" >&6; } | ||
6367 | LDFLAGS="$saved_LDFLAGS" | ||
6368 | |||
6369 | fi | ||
6370 | rm -f core conftest.err conftest.$ac_objext \ | ||
6371 | conftest$ac_exeext conftest.$ac_ext | ||
6372 | } | ||
6373 | # NB. -ftrapv expects certain support functions to be present in | ||
6374 | # the compiler library (libgcc or similar) to detect integer operations | ||
6375 | # that can overflow. We must check that the result of enabling it | ||
6376 | # actually links. The test program compiled/linked includes a number | ||
6377 | # of integer operations that should exercise this. | ||
6378 | { | ||
6379 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 | ||
6380 | $as_echo_n "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; } | ||
6381 | saved_CFLAGS="$CFLAGS" | ||
6382 | CFLAGS="$CFLAGS $WERROR -ftrapv" | ||
6383 | _define_flag="" | ||
6384 | test "x$_define_flag" = "x" && _define_flag="-ftrapv" | ||
6385 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6386 | /* end confdefs.h. */ | ||
6387 | |||
6388 | #include <stdlib.h> | ||
6389 | #include <stdio.h> | ||
6390 | int main(int argc, char **argv) { | ||
6391 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
6392 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
6393 | float l = i * 2.1; | ||
6394 | double m = l / 0.5; | ||
6395 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
6396 | long long int p = n * o; | ||
6397 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
6398 | exit(0); | ||
6399 | } | ||
6400 | |||
6401 | _ACEOF | ||
6402 | if ac_fn_c_try_link "$LINENO"; then : | ||
6403 | |||
6404 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
6405 | then | ||
6406 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6407 | $as_echo "no" >&6; } | ||
6408 | CFLAGS="$saved_CFLAGS" | ||
6409 | else | ||
6410 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6411 | $as_echo "yes" >&6; } | ||
6412 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
6413 | fi | ||
6414 | else | ||
6415 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6416 | $as_echo "no" >&6; } | ||
6417 | CFLAGS="$saved_CFLAGS" | ||
6418 | |||
6419 | fi | ||
6420 | rm -f core conftest.err conftest.$ac_objext \ | ||
6421 | conftest$ac_exeext conftest.$ac_ext | ||
6422 | } | ||
6423 | fi | ||
6424 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 | ||
6425 | $as_echo_n "checking gcc version... " >&6; } | ||
6426 | GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` | ||
6427 | case $GCC_VER in | ||
6428 | 1.*) no_attrib_nonnull=1 ;; | ||
6429 | 2.8* | 2.9*) | ||
6430 | no_attrib_nonnull=1 | ||
6431 | ;; | ||
6432 | 2.*) no_attrib_nonnull=1 ;; | ||
6433 | *) ;; | ||
6434 | esac | ||
6435 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 | ||
6436 | $as_echo "$GCC_VER" >&6; } | ||
6437 | |||
6438 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5 | ||
6439 | $as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; } | ||
6440 | saved_CFLAGS="$CFLAGS" | ||
6441 | CFLAGS="$CFLAGS -fno-builtin-memset" | ||
6442 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6443 | /* end confdefs.h. */ | ||
6444 | #include <string.h> | ||
6445 | int | ||
6446 | main () | ||
6447 | { | ||
6448 | char b[10]; memset(b, 0, sizeof(b)); | ||
6449 | ; | ||
6450 | return 0; | ||
6451 | } | ||
6452 | _ACEOF | ||
6453 | if ac_fn_c_try_link "$LINENO"; then : | ||
6454 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6455 | $as_echo "yes" >&6; } | ||
6456 | else | ||
6457 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6458 | $as_echo "no" >&6; } | ||
6459 | CFLAGS="$saved_CFLAGS" | ||
6460 | |||
6461 | fi | ||
6462 | rm -f core conftest.err conftest.$ac_objext \ | ||
6463 | conftest$ac_exeext conftest.$ac_ext | ||
6464 | |||
6465 | # -fstack-protector-all doesn't always work for some GCC versions | ||
6466 | # and/or platforms, so we test if we can. If it's not supported | ||
6467 | # on a given platform gcc will emit a warning so we use -Werror. | ||
6468 | if test "x$use_stack_protector" = "x1"; then | ||
6469 | for t in -fstack-protector-strong -fstack-protector-all \ | ||
6470 | -fstack-protector; do | ||
6471 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5 | ||
6472 | $as_echo_n "checking if $CC supports $t... " >&6; } | ||
6473 | saved_CFLAGS="$CFLAGS" | ||
6474 | saved_LDFLAGS="$LDFLAGS" | ||
6475 | CFLAGS="$CFLAGS $t -Werror" | ||
6476 | LDFLAGS="$LDFLAGS $t -Werror" | ||
6477 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6478 | /* end confdefs.h. */ | ||
6479 | #include <stdio.h> | ||
6480 | int | ||
6481 | main () | ||
6482 | { | ||
6483 | |||
6484 | char x[256]; | ||
6485 | snprintf(x, sizeof(x), "XXX"); | ||
6486 | |||
6487 | ; | ||
6488 | return 0; | ||
6489 | } | ||
6490 | _ACEOF | ||
6491 | if ac_fn_c_try_link "$LINENO"; then : | ||
6492 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6493 | $as_echo "yes" >&6; } | ||
6494 | CFLAGS="$saved_CFLAGS $t" | ||
6495 | LDFLAGS="$saved_LDFLAGS $t" | ||
6496 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5 | ||
6497 | $as_echo_n "checking if $t works... " >&6; } | ||
6498 | if test "$cross_compiling" = yes; then : | ||
6499 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5 | ||
6500 | $as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;} | ||
6501 | break | ||
6502 | |||
6503 | else | ||
6504 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6505 | /* end confdefs.h. */ | ||
6506 | #include <stdio.h> | ||
6507 | int | ||
6508 | main () | ||
6509 | { | ||
6510 | |||
6511 | char x[256]; | ||
6512 | snprintf(x, sizeof(x), "XXX"); | ||
6513 | |||
6514 | ; | ||
6515 | return 0; | ||
6516 | } | ||
6517 | _ACEOF | ||
6518 | if ac_fn_c_try_run "$LINENO"; then : | ||
6519 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6520 | $as_echo "yes" >&6; } | ||
6521 | break | ||
6522 | else | ||
6523 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6524 | $as_echo "no" >&6; } | ||
6525 | fi | ||
6526 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
6527 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
6528 | fi | ||
6529 | |||
6530 | |||
6531 | else | ||
6532 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6533 | $as_echo "no" >&6; } | ||
6534 | |||
6535 | fi | ||
6536 | rm -f core conftest.err conftest.$ac_objext \ | ||
6537 | conftest$ac_exeext conftest.$ac_ext | ||
6538 | CFLAGS="$saved_CFLAGS" | ||
6539 | LDFLAGS="$saved_LDFLAGS" | ||
6540 | done | ||
6541 | fi | ||
6542 | |||
6543 | if test -z "$have_llong_max"; then | ||
6544 | # retry LLONG_MAX with -std=gnu99, needed on some Linuxes | ||
6545 | unset ac_cv_have_decl_LLONG_MAX | ||
6546 | saved_CFLAGS="$CFLAGS" | ||
6547 | CFLAGS="$CFLAGS -std=gnu99" | ||
6548 | ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h> | ||
6549 | |||
6550 | " | ||
6551 | if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : | ||
6552 | have_llong_max=1 | ||
6553 | else | ||
6554 | CFLAGS="$saved_CFLAGS" | ||
6555 | fi | ||
6556 | |||
6557 | fi | ||
6558 | fi | ||
6559 | |||
6560 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5 | ||
6561 | $as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; } | ||
6562 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6563 | /* end confdefs.h. */ | ||
6564 | |||
6565 | #include <stdlib.h> | ||
6566 | __attribute__((__unused__)) static void foo(void){return;} | ||
6567 | int | ||
6568 | main () | ||
6569 | { | ||
6570 | exit(0); | ||
6571 | ; | ||
6572 | return 0; | ||
6573 | } | ||
6574 | _ACEOF | ||
6575 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6576 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6577 | $as_echo "yes" >&6; } | ||
6578 | else | ||
6579 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6580 | $as_echo "no" >&6; } | ||
6581 | |||
6582 | $as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h | ||
6583 | |||
6584 | |||
6585 | fi | ||
6586 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6587 | |||
6588 | if test "x$no_attrib_nonnull" != "x1" ; then | ||
6589 | |||
6590 | $as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h | ||
6591 | |||
6592 | fi | ||
6593 | |||
6594 | |||
6595 | # Check whether --with-rpath was given. | ||
6596 | if test "${with_rpath+set}" = set; then : | ||
6597 | withval=$with_rpath; | ||
6598 | if test "x$withval" = "xno" ; then | ||
6599 | need_dash_r="" | ||
6600 | fi | ||
6601 | if test "x$withval" = "xyes" ; then | ||
6602 | need_dash_r=1 | ||
6603 | fi | ||
6604 | |||
6605 | |||
6606 | fi | ||
6607 | |||
6608 | |||
6609 | # Allow user to specify flags | ||
6610 | |||
6611 | # Check whether --with-cflags was given. | ||
6612 | if test "${with_cflags+set}" = set; then : | ||
6613 | withval=$with_cflags; | ||
6614 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6615 | test "x${withval}" != "xyes"; then | ||
6616 | CFLAGS="$CFLAGS $withval" | ||
6617 | fi | ||
6618 | |||
6619 | |||
6620 | fi | ||
6621 | |||
6622 | |||
6623 | # Check whether --with-cppflags was given. | ||
6624 | if test "${with_cppflags+set}" = set; then : | ||
6625 | withval=$with_cppflags; | ||
6626 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6627 | test "x${withval}" != "xyes"; then | ||
6628 | CPPFLAGS="$CPPFLAGS $withval" | ||
6629 | fi | ||
6630 | |||
6631 | |||
6632 | fi | ||
6633 | |||
6634 | |||
6635 | # Check whether --with-ldflags was given. | ||
6636 | if test "${with_ldflags+set}" = set; then : | ||
6637 | withval=$with_ldflags; | ||
6638 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6639 | test "x${withval}" != "xyes"; then | ||
6640 | LDFLAGS="$LDFLAGS $withval" | ||
6641 | fi | ||
6642 | |||
6643 | |||
6644 | fi | ||
6645 | |||
6646 | |||
6647 | # Check whether --with-libs was given. | ||
6648 | if test "${with_libs+set}" = set; then : | ||
6649 | withval=$with_libs; | ||
6650 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
6651 | test "x${withval}" != "xyes"; then | ||
6652 | LIBS="$LIBS $withval" | ||
6653 | fi | ||
6654 | |||
6655 | |||
6656 | fi | ||
6657 | |||
6658 | |||
6659 | # Check whether --with-Werror was given. | ||
6660 | if test "${with_Werror+set}" = set; then : | ||
6661 | withval=$with_Werror; | ||
6662 | if test -n "$withval" && test "x$withval" != "xno"; then | ||
6663 | werror_flags="-Werror" | ||
6664 | if test "x${withval}" != "xyes"; then | ||
6665 | werror_flags="$withval" | ||
6666 | fi | ||
6667 | fi | ||
6668 | |||
6669 | |||
6670 | fi | ||
6671 | |||
6672 | |||
6673 | for ac_header in \ | ||
6674 | blf.h \ | ||
6675 | bstring.h \ | ||
6676 | crypt.h \ | ||
6677 | crypto/sha2.h \ | ||
6678 | dirent.h \ | ||
6679 | endian.h \ | ||
6680 | elf.h \ | ||
6681 | err.h \ | ||
6682 | features.h \ | ||
6683 | fcntl.h \ | ||
6684 | floatingpoint.h \ | ||
6685 | getopt.h \ | ||
6686 | glob.h \ | ||
6687 | ia.h \ | ||
6688 | iaf.h \ | ||
6689 | inttypes.h \ | ||
6690 | langinfo.h \ | ||
6691 | limits.h \ | ||
6692 | locale.h \ | ||
6693 | login.h \ | ||
6694 | maillock.h \ | ||
6695 | ndir.h \ | ||
6696 | net/if_tun.h \ | ||
6697 | netdb.h \ | ||
6698 | netgroup.h \ | ||
6699 | pam/pam_appl.h \ | ||
6700 | paths.h \ | ||
6701 | poll.h \ | ||
6702 | pty.h \ | ||
6703 | readpassphrase.h \ | ||
6704 | rpc/types.h \ | ||
6705 | security/pam_appl.h \ | ||
6706 | sha2.h \ | ||
6707 | shadow.h \ | ||
6708 | stddef.h \ | ||
6709 | stdint.h \ | ||
6710 | string.h \ | ||
6711 | strings.h \ | ||
6712 | sys/audit.h \ | ||
6713 | sys/bitypes.h \ | ||
6714 | sys/bsdtty.h \ | ||
6715 | sys/capability.h \ | ||
6716 | sys/cdefs.h \ | ||
6717 | sys/dir.h \ | ||
6718 | sys/mman.h \ | ||
6719 | sys/ndir.h \ | ||
6720 | sys/poll.h \ | ||
6721 | sys/prctl.h \ | ||
6722 | sys/pstat.h \ | ||
6723 | sys/ptrace.h \ | ||
6724 | sys/select.h \ | ||
6725 | sys/stat.h \ | ||
6726 | sys/stream.h \ | ||
6727 | sys/stropts.h \ | ||
6728 | sys/strtio.h \ | ||
6729 | sys/statvfs.h \ | ||
6730 | sys/sysmacros.h \ | ||
6731 | sys/time.h \ | ||
6732 | sys/timers.h \ | ||
6733 | time.h \ | ||
6734 | tmpdir.h \ | ||
6735 | ttyent.h \ | ||
6736 | ucred.h \ | ||
6737 | unistd.h \ | ||
6738 | usersec.h \ | ||
6739 | util.h \ | ||
6740 | utime.h \ | ||
6741 | utmp.h \ | ||
6742 | utmpx.h \ | ||
6743 | vis.h \ | ||
6744 | wchar.h \ | ||
6745 | |||
6746 | do : | ||
6747 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
6748 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
6749 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
6750 | cat >>confdefs.h <<_ACEOF | ||
6751 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
6752 | _ACEOF | ||
6753 | |||
6754 | fi | ||
6755 | |||
6756 | done | ||
6757 | |||
6758 | |||
6759 | # lastlog.h requires sys/time.h to be included first on Solaris | ||
6760 | for ac_header in lastlog.h | ||
6761 | do : | ||
6762 | ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" " | ||
6763 | #ifdef HAVE_SYS_TIME_H | ||
6764 | # include <sys/time.h> | ||
6765 | #endif | ||
6766 | |||
6767 | " | ||
6768 | if test "x$ac_cv_header_lastlog_h" = xyes; then : | ||
6769 | cat >>confdefs.h <<_ACEOF | ||
6770 | #define HAVE_LASTLOG_H 1 | ||
6771 | _ACEOF | ||
6772 | |||
6773 | fi | ||
6774 | |||
6775 | done | ||
6776 | |||
6777 | |||
6778 | # sys/ptms.h requires sys/stream.h to be included first on Solaris | ||
6779 | for ac_header in sys/ptms.h | ||
6780 | do : | ||
6781 | ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" " | ||
6782 | #ifdef HAVE_SYS_STREAM_H | ||
6783 | # include <sys/stream.h> | ||
6784 | #endif | ||
6785 | |||
6786 | " | ||
6787 | if test "x$ac_cv_header_sys_ptms_h" = xyes; then : | ||
6788 | cat >>confdefs.h <<_ACEOF | ||
6789 | #define HAVE_SYS_PTMS_H 1 | ||
6790 | _ACEOF | ||
6791 | |||
6792 | fi | ||
6793 | |||
6794 | done | ||
6795 | |||
6796 | |||
6797 | # login_cap.h requires sys/types.h on NetBSD | ||
6798 | for ac_header in login_cap.h | ||
6799 | do : | ||
6800 | ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" " | ||
6801 | #include <sys/types.h> | ||
6802 | |||
6803 | " | ||
6804 | if test "x$ac_cv_header_login_cap_h" = xyes; then : | ||
6805 | cat >>confdefs.h <<_ACEOF | ||
6806 | #define HAVE_LOGIN_CAP_H 1 | ||
6807 | _ACEOF | ||
6808 | |||
6809 | fi | ||
6810 | |||
6811 | done | ||
6812 | |||
6813 | |||
6814 | # older BSDs need sys/param.h before sys/mount.h | ||
6815 | for ac_header in sys/mount.h | ||
6816 | do : | ||
6817 | ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" " | ||
6818 | #include <sys/param.h> | ||
6819 | |||
6820 | " | ||
6821 | if test "x$ac_cv_header_sys_mount_h" = xyes; then : | ||
6822 | cat >>confdefs.h <<_ACEOF | ||
6823 | #define HAVE_SYS_MOUNT_H 1 | ||
6824 | _ACEOF | ||
6825 | |||
6826 | fi | ||
6827 | |||
6828 | done | ||
6829 | |||
6830 | |||
6831 | # Android requires sys/socket.h to be included before sys/un.h | ||
6832 | for ac_header in sys/un.h | ||
6833 | do : | ||
6834 | ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" " | ||
6835 | #include <sys/types.h> | ||
6836 | #include <sys/socket.h> | ||
6837 | |||
6838 | " | ||
6839 | if test "x$ac_cv_header_sys_un_h" = xyes; then : | ||
6840 | cat >>confdefs.h <<_ACEOF | ||
6841 | #define HAVE_SYS_UN_H 1 | ||
6842 | _ACEOF | ||
6843 | |||
6844 | fi | ||
6845 | |||
6846 | done | ||
6847 | |||
6848 | |||
6849 | # Messages for features tested for in target-specific section | ||
6850 | SIA_MSG="no" | ||
6851 | SPC_MSG="no" | ||
6852 | SP_MSG="no" | ||
6853 | SPP_MSG="no" | ||
6854 | |||
6855 | # Support for Solaris/Illumos privileges (this test is used by both | ||
6856 | # the --with-solaris-privs option and --with-sandbox=solaris). | ||
6857 | SOLARIS_PRIVS="no" | ||
6858 | |||
6859 | # Check for some target-specific stuff | ||
6860 | case "$host" in | ||
6861 | *-*-aix*) | ||
6862 | # Some versions of VAC won't allow macro redefinitions at | ||
6863 | # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that | ||
6864 | # particularly with older versions of vac or xlc. | ||
6865 | # It also throws errors about null macro argments, but these are | ||
6866 | # not fatal. | ||
6867 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5 | ||
6868 | $as_echo_n "checking if compiler allows macro redefinitions... " >&6; } | ||
6869 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6870 | /* end confdefs.h. */ | ||
6871 | |||
6872 | #define testmacro foo | ||
6873 | #define testmacro bar | ||
6874 | int | ||
6875 | main () | ||
6876 | { | ||
6877 | exit(0); | ||
6878 | ; | ||
6879 | return 0; | ||
6880 | } | ||
6881 | _ACEOF | ||
6882 | if ac_fn_c_try_compile "$LINENO"; then : | ||
6883 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
6884 | $as_echo "yes" >&6; } | ||
6885 | else | ||
6886 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
6887 | $as_echo "no" >&6; } | ||
6888 | CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" | ||
6889 | LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" | ||
6890 | CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" | ||
6891 | CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" | ||
6892 | |||
6893 | |||
6894 | fi | ||
6895 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
6896 | |||
6897 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5 | ||
6898 | $as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; } | ||
6899 | if (test -z "$blibpath"); then | ||
6900 | blibpath="/usr/lib:/lib" | ||
6901 | fi | ||
6902 | saved_LDFLAGS="$LDFLAGS" | ||
6903 | if test "$GCC" = "yes"; then | ||
6904 | flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" | ||
6905 | else | ||
6906 | flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," | ||
6907 | fi | ||
6908 | for tryflags in $flags ;do | ||
6909 | if (test -z "$blibflags"); then | ||
6910 | LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" | ||
6911 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6912 | /* end confdefs.h. */ | ||
6913 | |||
6914 | int | ||
6915 | main () | ||
6916 | { | ||
6917 | |||
6918 | ; | ||
6919 | return 0; | ||
6920 | } | ||
6921 | _ACEOF | ||
6922 | if ac_fn_c_try_link "$LINENO"; then : | ||
6923 | blibflags=$tryflags | ||
6924 | fi | ||
6925 | rm -f core conftest.err conftest.$ac_objext \ | ||
6926 | conftest$ac_exeext conftest.$ac_ext | ||
6927 | fi | ||
6928 | done | ||
6929 | if (test -z "$blibflags"); then | ||
6930 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
6931 | $as_echo "not found" >&6; } | ||
6932 | as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5 | ||
6933 | else | ||
6934 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5 | ||
6935 | $as_echo "$blibflags" >&6; } | ||
6936 | fi | ||
6937 | LDFLAGS="$saved_LDFLAGS" | ||
6938 | ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" | ||
6939 | if test "x$ac_cv_func_authenticate" = xyes; then : | ||
6940 | |||
6941 | $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h | ||
6942 | |||
6943 | else | ||
6944 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5 | ||
6945 | $as_echo_n "checking for authenticate in -ls... " >&6; } | ||
6946 | if ${ac_cv_lib_s_authenticate+:} false; then : | ||
6947 | $as_echo_n "(cached) " >&6 | ||
6948 | else | ||
6949 | ac_check_lib_save_LIBS=$LIBS | ||
6950 | LIBS="-ls $LIBS" | ||
6951 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
6952 | /* end confdefs.h. */ | ||
6953 | |||
6954 | /* Override any GCC internal prototype to avoid an error. | ||
6955 | Use char because int might match the return type of a GCC | ||
6956 | builtin and then its argument prototype would still apply. */ | ||
6957 | #ifdef __cplusplus | ||
6958 | extern "C" | ||
6959 | #endif | ||
6960 | char authenticate (); | ||
6961 | int | ||
6962 | main () | ||
6963 | { | ||
6964 | return authenticate (); | ||
6965 | ; | ||
6966 | return 0; | ||
6967 | } | ||
6968 | _ACEOF | ||
6969 | if ac_fn_c_try_link "$LINENO"; then : | ||
6970 | ac_cv_lib_s_authenticate=yes | ||
6971 | else | ||
6972 | ac_cv_lib_s_authenticate=no | ||
6973 | fi | ||
6974 | rm -f core conftest.err conftest.$ac_objext \ | ||
6975 | conftest$ac_exeext conftest.$ac_ext | ||
6976 | LIBS=$ac_check_lib_save_LIBS | ||
6977 | fi | ||
6978 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5 | ||
6979 | $as_echo "$ac_cv_lib_s_authenticate" >&6; } | ||
6980 | if test "x$ac_cv_lib_s_authenticate" = xyes; then : | ||
6981 | $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h | ||
6982 | |||
6983 | LIBS="$LIBS -ls" | ||
6984 | |||
6985 | fi | ||
6986 | |||
6987 | |||
6988 | fi | ||
6989 | |||
6990 | ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h> | ||
6991 | " | ||
6992 | if test "x$ac_cv_have_decl_authenticate" = xyes; then : | ||
6993 | ac_have_decl=1 | ||
6994 | else | ||
6995 | ac_have_decl=0 | ||
6996 | fi | ||
6997 | |||
6998 | cat >>confdefs.h <<_ACEOF | ||
6999 | #define HAVE_DECL_AUTHENTICATE $ac_have_decl | ||
7000 | _ACEOF | ||
7001 | ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h> | ||
7002 | " | ||
7003 | if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then : | ||
7004 | ac_have_decl=1 | ||
7005 | else | ||
7006 | ac_have_decl=0 | ||
7007 | fi | ||
7008 | |||
7009 | cat >>confdefs.h <<_ACEOF | ||
7010 | #define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl | ||
7011 | _ACEOF | ||
7012 | ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h> | ||
7013 | " | ||
7014 | if test "x$ac_cv_have_decl_loginsuccess" = xyes; then : | ||
7015 | ac_have_decl=1 | ||
7016 | else | ||
7017 | ac_have_decl=0 | ||
7018 | fi | ||
7019 | |||
7020 | cat >>confdefs.h <<_ACEOF | ||
7021 | #define HAVE_DECL_LOGINSUCCESS $ac_have_decl | ||
7022 | _ACEOF | ||
7023 | ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h> | ||
7024 | " | ||
7025 | if test "x$ac_cv_have_decl_passwdexpired" = xyes; then : | ||
7026 | ac_have_decl=1 | ||
7027 | else | ||
7028 | ac_have_decl=0 | ||
7029 | fi | ||
7030 | |||
7031 | cat >>confdefs.h <<_ACEOF | ||
7032 | #define HAVE_DECL_PASSWDEXPIRED $ac_have_decl | ||
7033 | _ACEOF | ||
7034 | ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h> | ||
7035 | " | ||
7036 | if test "x$ac_cv_have_decl_setauthdb" = xyes; then : | ||
7037 | ac_have_decl=1 | ||
7038 | else | ||
7039 | ac_have_decl=0 | ||
7040 | fi | ||
7041 | |||
7042 | cat >>confdefs.h <<_ACEOF | ||
7043 | #define HAVE_DECL_SETAUTHDB $ac_have_decl | ||
7044 | _ACEOF | ||
7045 | |||
7046 | ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h> | ||
7047 | |||
7048 | " | ||
7049 | if test "x$ac_cv_have_decl_loginfailed" = xyes; then : | ||
7050 | ac_have_decl=1 | ||
7051 | else | ||
7052 | ac_have_decl=0 | ||
7053 | fi | ||
7054 | |||
7055 | cat >>confdefs.h <<_ACEOF | ||
7056 | #define HAVE_DECL_LOGINFAILED $ac_have_decl | ||
7057 | _ACEOF | ||
7058 | if test $ac_have_decl = 1; then : | ||
7059 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5 | ||
7060 | $as_echo_n "checking if loginfailed takes 4 arguments... " >&6; } | ||
7061 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7062 | /* end confdefs.h. */ | ||
7063 | #include <usersec.h> | ||
7064 | int | ||
7065 | main () | ||
7066 | { | ||
7067 | (void)loginfailed("user","host","tty",0); | ||
7068 | ; | ||
7069 | return 0; | ||
7070 | } | ||
7071 | _ACEOF | ||
7072 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7073 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
7074 | $as_echo "yes" >&6; } | ||
7075 | |||
7076 | $as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h | ||
7077 | |||
7078 | else | ||
7079 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7080 | $as_echo "no" >&6; } | ||
7081 | |||
7082 | fi | ||
7083 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7084 | fi | ||
7085 | |||
7086 | for ac_func in getgrset setauthdb | ||
7087 | do : | ||
7088 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
7089 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
7090 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
7091 | cat >>confdefs.h <<_ACEOF | ||
7092 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
7093 | _ACEOF | ||
7094 | |||
7095 | fi | ||
7096 | done | ||
7097 | |||
7098 | ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h> | ||
7099 | #include <fcntl.h> | ||
7100 | |||
7101 | " | ||
7102 | if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then : | ||
7103 | |||
7104 | $as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h | ||
7105 | |||
7106 | fi | ||
7107 | |||
7108 | check_for_aix_broken_getaddrinfo=1 | ||
7109 | |||
7110 | $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h | ||
7111 | |||
7112 | |||
7113 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7114 | |||
7115 | |||
7116 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7117 | |||
7118 | |||
7119 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7120 | |||
7121 | |||
7122 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
7123 | |||
7124 | |||
7125 | $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h | ||
7126 | |||
7127 | |||
7128 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7129 | |||
7130 | |||
7131 | $as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h | ||
7132 | |||
7133 | |||
7134 | $as_echo "#define PTY_ZEROREAD 1" >>confdefs.h | ||
7135 | |||
7136 | |||
7137 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h | ||
7138 | |||
7139 | ;; | ||
7140 | *-*-android*) | ||
7141 | |||
7142 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
7143 | |||
7144 | |||
7145 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
7146 | |||
7147 | ;; | ||
7148 | *-*-cygwin*) | ||
7149 | check_for_libcrypt_later=1 | ||
7150 | LIBS="$LIBS /usr/lib/textreadmode.o" | ||
7151 | |||
7152 | $as_echo "#define HAVE_CYGWIN 1" >>confdefs.h | ||
7153 | |||
7154 | |||
7155 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
7156 | |||
7157 | |||
7158 | $as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h | ||
7159 | |||
7160 | |||
7161 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
7162 | |||
7163 | |||
7164 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h | ||
7165 | |||
7166 | |||
7167 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
7168 | |||
7169 | |||
7170 | $as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h | ||
7171 | |||
7172 | |||
7173 | $as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h | ||
7174 | |||
7175 | # Cygwin defines optargs, optargs as declspec(dllimport) for historical | ||
7176 | # reasons which cause compile warnings, so we disable those warnings. | ||
7177 | { | ||
7178 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-attributes" >&5 | ||
7179 | $as_echo_n "checking if $CC supports compile flag -Wno-attributes... " >&6; } | ||
7180 | saved_CFLAGS="$CFLAGS" | ||
7181 | CFLAGS="$CFLAGS $WERROR -Wno-attributes" | ||
7182 | _define_flag="" | ||
7183 | test "x$_define_flag" = "x" && _define_flag="-Wno-attributes" | ||
7184 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7185 | /* end confdefs.h. */ | ||
7186 | |||
7187 | #include <stdlib.h> | ||
7188 | #include <stdio.h> | ||
7189 | int main(int argc, char **argv) { | ||
7190 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
7191 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
7192 | float l = i * 2.1; | ||
7193 | double m = l / 0.5; | ||
7194 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
7195 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
7196 | exit(0); | ||
7197 | } | ||
7198 | |||
7199 | _ACEOF | ||
7200 | if ac_fn_c_try_compile "$LINENO"; then : | ||
7201 | |||
7202 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
7203 | then | ||
7204 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7205 | $as_echo "no" >&6; } | ||
7206 | CFLAGS="$saved_CFLAGS" | ||
7207 | else | ||
7208 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
7209 | $as_echo "yes" >&6; } | ||
7210 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
7211 | fi | ||
7212 | else | ||
7213 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7214 | $as_echo "no" >&6; } | ||
7215 | CFLAGS="$saved_CFLAGS" | ||
7216 | |||
7217 | fi | ||
7218 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
7219 | } | ||
7220 | ;; | ||
7221 | *-*-dgux*) | ||
7222 | |||
7223 | $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h | ||
7224 | |||
7225 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7226 | |||
7227 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7228 | |||
7229 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7230 | |||
7231 | ;; | ||
7232 | *-*-darwin*) | ||
7233 | use_pie=auto | ||
7234 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5 | ||
7235 | $as_echo_n "checking if we have working getaddrinfo... " >&6; } | ||
7236 | if test "$cross_compiling" = yes; then : | ||
7237 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5 | ||
7238 | $as_echo "assume it is working" >&6; } | ||
7239 | else | ||
7240 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7241 | /* end confdefs.h. */ | ||
7242 | #include <mach-o/dyld.h> | ||
7243 | main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
7244 | exit(0); | ||
7245 | else | ||
7246 | exit(1); | ||
7247 | } | ||
7248 | |||
7249 | _ACEOF | ||
7250 | if ac_fn_c_try_run "$LINENO"; then : | ||
7251 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5 | ||
7252 | $as_echo "working" >&6; } | ||
7253 | else | ||
7254 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5 | ||
7255 | $as_echo "buggy" >&6; } | ||
7256 | |||
7257 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
7258 | |||
7259 | |||
7260 | fi | ||
7261 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
7262 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
7263 | fi | ||
7264 | |||
7265 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7266 | |||
7267 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7268 | |||
7269 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7270 | |||
7271 | |||
7272 | $as_echo "#define BROKEN_GLOB 1" >>confdefs.h | ||
7273 | |||
7274 | |||
7275 | cat >>confdefs.h <<_ACEOF | ||
7276 | #define BIND_8_COMPAT 1 | ||
7277 | _ACEOF | ||
7278 | |||
7279 | |||
7280 | $as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h | ||
7281 | |||
7282 | |||
7283 | $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h | ||
7284 | |||
7285 | |||
7286 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | ||
7287 | |||
7288 | |||
7289 | ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" | ||
7290 | if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then : | ||
7291 | |||
7292 | else | ||
7293 | |||
7294 | $as_echo "#define AU_IPv4 0" >>confdefs.h | ||
7295 | |||
7296 | #include <bsm/audit.h> | ||
7297 | |||
7298 | $as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h | ||
7299 | |||
7300 | |||
7301 | fi | ||
7302 | |||
7303 | |||
7304 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7305 | |||
7306 | for ac_func in sandbox_init | ||
7307 | do : | ||
7308 | ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init" | ||
7309 | if test "x$ac_cv_func_sandbox_init" = xyes; then : | ||
7310 | cat >>confdefs.h <<_ACEOF | ||
7311 | #define HAVE_SANDBOX_INIT 1 | ||
7312 | _ACEOF | ||
7313 | |||
7314 | fi | ||
7315 | done | ||
7316 | |||
7317 | for ac_header in sandbox.h | ||
7318 | do : | ||
7319 | ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default" | ||
7320 | if test "x$ac_cv_header_sandbox_h" = xyes; then : | ||
7321 | cat >>confdefs.h <<_ACEOF | ||
7322 | #define HAVE_SANDBOX_H 1 | ||
7323 | _ACEOF | ||
7324 | |||
7325 | fi | ||
7326 | |||
7327 | done | ||
7328 | |||
7329 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sandbox_apply in -lsandbox" >&5 | ||
7330 | $as_echo_n "checking for sandbox_apply in -lsandbox... " >&6; } | ||
7331 | if ${ac_cv_lib_sandbox_sandbox_apply+:} false; then : | ||
7332 | $as_echo_n "(cached) " >&6 | ||
7333 | else | ||
7334 | ac_check_lib_save_LIBS=$LIBS | ||
7335 | LIBS="-lsandbox $LIBS" | ||
7336 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7337 | /* end confdefs.h. */ | ||
7338 | |||
7339 | /* Override any GCC internal prototype to avoid an error. | ||
7340 | Use char because int might match the return type of a GCC | ||
7341 | builtin and then its argument prototype would still apply. */ | ||
7342 | #ifdef __cplusplus | ||
7343 | extern "C" | ||
7344 | #endif | ||
7345 | char sandbox_apply (); | ||
7346 | int | ||
7347 | main () | ||
7348 | { | ||
7349 | return sandbox_apply (); | ||
7350 | ; | ||
7351 | return 0; | ||
7352 | } | ||
7353 | _ACEOF | ||
7354 | if ac_fn_c_try_link "$LINENO"; then : | ||
7355 | ac_cv_lib_sandbox_sandbox_apply=yes | ||
7356 | else | ||
7357 | ac_cv_lib_sandbox_sandbox_apply=no | ||
7358 | fi | ||
7359 | rm -f core conftest.err conftest.$ac_objext \ | ||
7360 | conftest$ac_exeext conftest.$ac_ext | ||
7361 | LIBS=$ac_check_lib_save_LIBS | ||
7362 | fi | ||
7363 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sandbox_sandbox_apply" >&5 | ||
7364 | $as_echo "$ac_cv_lib_sandbox_sandbox_apply" >&6; } | ||
7365 | if test "x$ac_cv_lib_sandbox_sandbox_apply" = xyes; then : | ||
7366 | |||
7367 | SSHDLIBS="$SSHDLIBS -lsandbox" | ||
7368 | |||
7369 | fi | ||
7370 | |||
7371 | ;; | ||
7372 | *-*-dragonfly*) | ||
7373 | SSHDLIBS="$SSHDLIBS -lcrypt" | ||
7374 | TEST_MALLOC_OPTIONS="AFGJPRX" | ||
7375 | ;; | ||
7376 | *-*-haiku*) | ||
7377 | LIBS="$LIBS -lbsd " | ||
7378 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5 | ||
7379 | $as_echo_n "checking for socket in -lnetwork... " >&6; } | ||
7380 | if ${ac_cv_lib_network_socket+:} false; then : | ||
7381 | $as_echo_n "(cached) " >&6 | ||
7382 | else | ||
7383 | ac_check_lib_save_LIBS=$LIBS | ||
7384 | LIBS="-lnetwork $LIBS" | ||
7385 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7386 | /* end confdefs.h. */ | ||
7387 | |||
7388 | /* Override any GCC internal prototype to avoid an error. | ||
7389 | Use char because int might match the return type of a GCC | ||
7390 | builtin and then its argument prototype would still apply. */ | ||
7391 | #ifdef __cplusplus | ||
7392 | extern "C" | ||
7393 | #endif | ||
7394 | char socket (); | ||
7395 | int | ||
7396 | main () | ||
7397 | { | ||
7398 | return socket (); | ||
7399 | ; | ||
7400 | return 0; | ||
7401 | } | ||
7402 | _ACEOF | ||
7403 | if ac_fn_c_try_link "$LINENO"; then : | ||
7404 | ac_cv_lib_network_socket=yes | ||
7405 | else | ||
7406 | ac_cv_lib_network_socket=no | ||
7407 | fi | ||
7408 | rm -f core conftest.err conftest.$ac_objext \ | ||
7409 | conftest$ac_exeext conftest.$ac_ext | ||
7410 | LIBS=$ac_check_lib_save_LIBS | ||
7411 | fi | ||
7412 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5 | ||
7413 | $as_echo "$ac_cv_lib_network_socket" >&6; } | ||
7414 | if test "x$ac_cv_lib_network_socket" = xyes; then : | ||
7415 | cat >>confdefs.h <<_ACEOF | ||
7416 | #define HAVE_LIBNETWORK 1 | ||
7417 | _ACEOF | ||
7418 | |||
7419 | LIBS="-lnetwork $LIBS" | ||
7420 | |||
7421 | fi | ||
7422 | |||
7423 | $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h | ||
7424 | |||
7425 | MANTYPE=man | ||
7426 | ;; | ||
7427 | *-*-hpux*) | ||
7428 | # first we define all of the options common to all HP-UX releases | ||
7429 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | ||
7430 | IPADDR_IN_DISPLAY=yes | ||
7431 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
7432 | |||
7433 | $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h | ||
7434 | |||
7435 | |||
7436 | $as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h | ||
7437 | |||
7438 | $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h | ||
7439 | |||
7440 | |||
7441 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h | ||
7442 | |||
7443 | maildir="/var/mail" | ||
7444 | LIBS="$LIBS -lsec" | ||
7445 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5 | ||
7446 | $as_echo_n "checking for t_error in -lxnet... " >&6; } | ||
7447 | if ${ac_cv_lib_xnet_t_error+:} false; then : | ||
7448 | $as_echo_n "(cached) " >&6 | ||
7449 | else | ||
7450 | ac_check_lib_save_LIBS=$LIBS | ||
7451 | LIBS="-lxnet $LIBS" | ||
7452 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7453 | /* end confdefs.h. */ | ||
7454 | |||
7455 | /* Override any GCC internal prototype to avoid an error. | ||
7456 | Use char because int might match the return type of a GCC | ||
7457 | builtin and then its argument prototype would still apply. */ | ||
7458 | #ifdef __cplusplus | ||
7459 | extern "C" | ||
7460 | #endif | ||
7461 | char t_error (); | ||
7462 | int | ||
7463 | main () | ||
7464 | { | ||
7465 | return t_error (); | ||
7466 | ; | ||
7467 | return 0; | ||
7468 | } | ||
7469 | _ACEOF | ||
7470 | if ac_fn_c_try_link "$LINENO"; then : | ||
7471 | ac_cv_lib_xnet_t_error=yes | ||
7472 | else | ||
7473 | ac_cv_lib_xnet_t_error=no | ||
7474 | fi | ||
7475 | rm -f core conftest.err conftest.$ac_objext \ | ||
7476 | conftest$ac_exeext conftest.$ac_ext | ||
7477 | LIBS=$ac_check_lib_save_LIBS | ||
7478 | fi | ||
7479 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5 | ||
7480 | $as_echo "$ac_cv_lib_xnet_t_error" >&6; } | ||
7481 | if test "x$ac_cv_lib_xnet_t_error" = xyes; then : | ||
7482 | cat >>confdefs.h <<_ACEOF | ||
7483 | #define HAVE_LIBXNET 1 | ||
7484 | _ACEOF | ||
7485 | |||
7486 | LIBS="-lxnet $LIBS" | ||
7487 | |||
7488 | else | ||
7489 | as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5 | ||
7490 | fi | ||
7491 | |||
7492 | |||
7493 | # next, we define all of the options specific to major releases | ||
7494 | case "$host" in | ||
7495 | *-*-hpux10*) | ||
7496 | if test -z "$GCC"; then | ||
7497 | CFLAGS="$CFLAGS -Ae" | ||
7498 | fi | ||
7499 | ;; | ||
7500 | *-*-hpux11*) | ||
7501 | |||
7502 | $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h | ||
7503 | |||
7504 | |||
7505 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
7506 | |||
7507 | |||
7508 | $as_echo "#define USE_BTMP 1" >>confdefs.h | ||
7509 | |||
7510 | check_for_hpux_broken_getaddrinfo=1 | ||
7511 | check_for_conflicting_getspnam=1 | ||
7512 | ;; | ||
7513 | esac | ||
7514 | |||
7515 | # lastly, we define options specific to minor releases | ||
7516 | case "$host" in | ||
7517 | *-*-hpux10.26) | ||
7518 | |||
7519 | $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h | ||
7520 | |||
7521 | disable_ptmx_check=yes | ||
7522 | LIBS="$LIBS -lsecpw" | ||
7523 | ;; | ||
7524 | esac | ||
7525 | ;; | ||
7526 | *-*-irix5*) | ||
7527 | PATH="$PATH:/usr/etc" | ||
7528 | |||
7529 | $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h | ||
7530 | |||
7531 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7532 | |||
7533 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7534 | |||
7535 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7536 | |||
7537 | |||
7538 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
7539 | |||
7540 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
7541 | |||
7542 | ;; | ||
7543 | *-*-irix6*) | ||
7544 | PATH="$PATH:/usr/etc" | ||
7545 | |||
7546 | $as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h | ||
7547 | |||
7548 | |||
7549 | $as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h | ||
7550 | |||
7551 | |||
7552 | $as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h | ||
7553 | |||
7554 | ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob" | ||
7555 | if test "x$ac_cv_func_jlimit_startjob" = xyes; then : | ||
7556 | |||
7557 | $as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h | ||
7558 | |||
7559 | fi | ||
7560 | |||
7561 | $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h | ||
7562 | |||
7563 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7564 | |||
7565 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7566 | |||
7567 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7568 | |||
7569 | |||
7570 | $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h | ||
7571 | |||
7572 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
7573 | |||
7574 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
7575 | |||
7576 | ;; | ||
7577 | *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) | ||
7578 | check_for_libcrypt_later=1 | ||
7579 | $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h | ||
7580 | |||
7581 | $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h | ||
7582 | |||
7583 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7584 | |||
7585 | |||
7586 | $as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h | ||
7587 | |||
7588 | |||
7589 | $as_echo "#define USE_BTMP 1" >>confdefs.h | ||
7590 | |||
7591 | ;; | ||
7592 | *-*-linux*) | ||
7593 | no_dev_ptmx=1 | ||
7594 | use_pie=auto | ||
7595 | check_for_libcrypt_later=1 | ||
7596 | check_for_openpty_ctty_bug=1 | ||
7597 | CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" | ||
7598 | |||
7599 | $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h | ||
7600 | |||
7601 | |||
7602 | $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h | ||
7603 | |||
7604 | $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h | ||
7605 | |||
7606 | |||
7607 | $as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h | ||
7608 | |||
7609 | |||
7610 | $as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h | ||
7611 | |||
7612 | $as_echo "#define USE_BTMP 1" >>confdefs.h | ||
7613 | |||
7614 | |||
7615 | $as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h | ||
7616 | |||
7617 | inet6_default_4in6=yes | ||
7618 | case `uname -r` in | ||
7619 | 1.*|2.0.*) | ||
7620 | |||
7621 | $as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h | ||
7622 | |||
7623 | ;; | ||
7624 | esac | ||
7625 | # tun(4) forwarding compat code | ||
7626 | for ac_header in linux/if_tun.h | ||
7627 | do : | ||
7628 | ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default" | ||
7629 | if test "x$ac_cv_header_linux_if_tun_h" = xyes; then : | ||
7630 | cat >>confdefs.h <<_ACEOF | ||
7631 | #define HAVE_LINUX_IF_TUN_H 1 | ||
7632 | _ACEOF | ||
7633 | |||
7634 | fi | ||
7635 | |||
7636 | done | ||
7637 | |||
7638 | if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then | ||
7639 | |||
7640 | $as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h | ||
7641 | |||
7642 | |||
7643 | $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h | ||
7644 | |||
7645 | |||
7646 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | ||
7647 | |||
7648 | fi | ||
7649 | for ac_header in linux/seccomp.h linux/filter.h linux/audit.h | ||
7650 | do : | ||
7651 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
7652 | ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h> | ||
7653 | " | ||
7654 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
7655 | cat >>confdefs.h <<_ACEOF | ||
7656 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
7657 | _ACEOF | ||
7658 | |||
7659 | fi | ||
7660 | |||
7661 | done | ||
7662 | |||
7663 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5 | ||
7664 | $as_echo_n "checking for seccomp architecture... " >&6; } | ||
7665 | seccomp_audit_arch= | ||
7666 | case "$host" in | ||
7667 | x86_64-*) | ||
7668 | seccomp_audit_arch=AUDIT_ARCH_X86_64 | ||
7669 | ;; | ||
7670 | i*86-*) | ||
7671 | seccomp_audit_arch=AUDIT_ARCH_I386 | ||
7672 | ;; | ||
7673 | arm*-*) | ||
7674 | seccomp_audit_arch=AUDIT_ARCH_ARM | ||
7675 | ;; | ||
7676 | aarch64*-*) | ||
7677 | seccomp_audit_arch=AUDIT_ARCH_AARCH64 | ||
7678 | ;; | ||
7679 | s390x-*) | ||
7680 | seccomp_audit_arch=AUDIT_ARCH_S390X | ||
7681 | ;; | ||
7682 | s390-*) | ||
7683 | seccomp_audit_arch=AUDIT_ARCH_S390 | ||
7684 | ;; | ||
7685 | powerpc64-*) | ||
7686 | seccomp_audit_arch=AUDIT_ARCH_PPC64 | ||
7687 | ;; | ||
7688 | powerpc64le-*) | ||
7689 | seccomp_audit_arch=AUDIT_ARCH_PPC64LE | ||
7690 | ;; | ||
7691 | mips-*) | ||
7692 | seccomp_audit_arch=AUDIT_ARCH_MIPS | ||
7693 | ;; | ||
7694 | mipsel-*) | ||
7695 | seccomp_audit_arch=AUDIT_ARCH_MIPSEL | ||
7696 | ;; | ||
7697 | mips64-*) | ||
7698 | seccomp_audit_arch=AUDIT_ARCH_MIPS64 | ||
7699 | ;; | ||
7700 | mips64el-*) | ||
7701 | seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 | ||
7702 | ;; | ||
7703 | esac | ||
7704 | if test "x$seccomp_audit_arch" != "x" ; then | ||
7705 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5 | ||
7706 | $as_echo "\"$seccomp_audit_arch\"" >&6; } | ||
7707 | |||
7708 | cat >>confdefs.h <<_ACEOF | ||
7709 | #define SECCOMP_AUDIT_ARCH $seccomp_audit_arch | ||
7710 | _ACEOF | ||
7711 | |||
7712 | else | ||
7713 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5 | ||
7714 | $as_echo "architecture not supported" >&6; } | ||
7715 | fi | ||
7716 | ;; | ||
7717 | mips-sony-bsd|mips-sony-newsos4) | ||
7718 | |||
7719 | $as_echo "#define NEED_SETPGRP 1" >>confdefs.h | ||
7720 | |||
7721 | SONY=1 | ||
7722 | ;; | ||
7723 | *-*-netbsd*) | ||
7724 | check_for_libcrypt_before=1 | ||
7725 | if test "x$withval" != "xno" ; then | ||
7726 | need_dash_r=1 | ||
7727 | fi | ||
7728 | CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" | ||
7729 | |||
7730 | $as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h | ||
7731 | |||
7732 | ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" | ||
7733 | if test "x$ac_cv_header_net_if_tap_h" = xyes; then : | ||
7734 | |||
7735 | else | ||
7736 | |||
7737 | $as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h | ||
7738 | |||
7739 | fi | ||
7740 | |||
7741 | |||
7742 | |||
7743 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | ||
7744 | |||
7745 | TEST_MALLOC_OPTIONS="AJRX" | ||
7746 | |||
7747 | $as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h | ||
7748 | |||
7749 | ;; | ||
7750 | *-*-freebsd*) | ||
7751 | check_for_libcrypt_later=1 | ||
7752 | |||
7753 | $as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h | ||
7754 | |||
7755 | |||
7756 | $as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h | ||
7757 | |||
7758 | ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" | ||
7759 | if test "x$ac_cv_header_net_if_tap_h" = xyes; then : | ||
7760 | |||
7761 | else | ||
7762 | |||
7763 | $as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h | ||
7764 | |||
7765 | fi | ||
7766 | |||
7767 | |||
7768 | |||
7769 | $as_echo "#define BROKEN_GLOB 1" >>confdefs.h | ||
7770 | |||
7771 | TEST_MALLOC_OPTIONS="AJRX" | ||
7772 | # Preauth crypto occasionally uses file descriptors for crypto offload | ||
7773 | # and will crash if they cannot be opened. | ||
7774 | |||
7775 | $as_echo "#define SANDBOX_SKIP_RLIMIT_NOFILE 1" >>confdefs.h | ||
7776 | |||
7777 | ;; | ||
7778 | *-*-bsdi*) | ||
7779 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
7780 | |||
7781 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
7782 | |||
7783 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
7784 | |||
7785 | ;; | ||
7786 | *-next-*) | ||
7787 | conf_lastlog_location="/usr/adm/lastlog" | ||
7788 | conf_utmp_location=/etc/utmp | ||
7789 | conf_wtmp_location=/usr/adm/wtmp | ||
7790 | maildir=/usr/spool/mail | ||
7791 | |||
7792 | $as_echo "#define HAVE_NEXT 1" >>confdefs.h | ||
7793 | |||
7794 | $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h | ||
7795 | |||
7796 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
7797 | |||
7798 | |||
7799 | $as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h | ||
7800 | |||
7801 | ;; | ||
7802 | *-*-openbsd*) | ||
7803 | use_pie=auto | ||
7804 | |||
7805 | $as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h | ||
7806 | |||
7807 | |||
7808 | $as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h | ||
7809 | |||
7810 | |||
7811 | $as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h | ||
7812 | |||
7813 | |||
7814 | $as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h | ||
7815 | |||
7816 | TEST_MALLOC_OPTIONS="AFGJPRX" | ||
7817 | ;; | ||
7818 | *-*-solaris*) | ||
7819 | if test "x$withval" != "xno" ; then | ||
7820 | need_dash_r=1 | ||
7821 | fi | ||
7822 | $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h | ||
7823 | |||
7824 | $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h | ||
7825 | |||
7826 | $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h | ||
7827 | |||
7828 | |||
7829 | $as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h | ||
7830 | |||
7831 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
7832 | |||
7833 | # Pushing STREAMS modules will cause sshd to acquire a controlling tty. | ||
7834 | |||
7835 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
7836 | |||
7837 | |||
7838 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
7839 | |||
7840 | |||
7841 | $as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h | ||
7842 | |||
7843 | external_path_file=/etc/default/login | ||
7844 | # hardwire lastlog location (can't detect it on some versions) | ||
7845 | conf_lastlog_location="/var/adm/lastlog" | ||
7846 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5 | ||
7847 | $as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; } | ||
7848 | sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` | ||
7849 | if test "$sol2ver" -ge 8; then | ||
7850 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
7851 | $as_echo "yes" >&6; } | ||
7852 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
7853 | |||
7854 | |||
7855 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
7856 | |||
7857 | else | ||
7858 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
7859 | $as_echo "no" >&6; } | ||
7860 | fi | ||
7861 | for ac_func in setpflags | ||
7862 | do : | ||
7863 | ac_fn_c_check_func "$LINENO" "setpflags" "ac_cv_func_setpflags" | ||
7864 | if test "x$ac_cv_func_setpflags" = xyes; then : | ||
7865 | cat >>confdefs.h <<_ACEOF | ||
7866 | #define HAVE_SETPFLAGS 1 | ||
7867 | _ACEOF | ||
7868 | |||
7869 | fi | ||
7870 | done | ||
7871 | |||
7872 | for ac_func in setppriv | ||
7873 | do : | ||
7874 | ac_fn_c_check_func "$LINENO" "setppriv" "ac_cv_func_setppriv" | ||
7875 | if test "x$ac_cv_func_setppriv" = xyes; then : | ||
7876 | cat >>confdefs.h <<_ACEOF | ||
7877 | #define HAVE_SETPPRIV 1 | ||
7878 | _ACEOF | ||
7879 | |||
7880 | fi | ||
7881 | done | ||
7882 | |||
7883 | for ac_func in priv_basicset | ||
7884 | do : | ||
7885 | ac_fn_c_check_func "$LINENO" "priv_basicset" "ac_cv_func_priv_basicset" | ||
7886 | if test "x$ac_cv_func_priv_basicset" = xyes; then : | ||
7887 | cat >>confdefs.h <<_ACEOF | ||
7888 | #define HAVE_PRIV_BASICSET 1 | ||
7889 | _ACEOF | ||
7890 | |||
7891 | fi | ||
7892 | done | ||
7893 | |||
7894 | for ac_header in priv.h | ||
7895 | do : | ||
7896 | ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default" | ||
7897 | if test "x$ac_cv_header_priv_h" = xyes; then : | ||
7898 | cat >>confdefs.h <<_ACEOF | ||
7899 | #define HAVE_PRIV_H 1 | ||
7900 | _ACEOF | ||
7901 | |||
7902 | fi | ||
7903 | |||
7904 | done | ||
7905 | |||
7906 | |||
7907 | # Check whether --with-solaris-contracts was given. | ||
7908 | if test "${with_solaris_contracts+set}" = set; then : | ||
7909 | withval=$with_solaris_contracts; | ||
7910 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5 | ||
7911 | $as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; } | ||
7912 | if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then : | ||
7913 | $as_echo_n "(cached) " >&6 | ||
7914 | else | ||
7915 | ac_check_lib_save_LIBS=$LIBS | ||
7916 | LIBS="-lcontract $LIBS" | ||
7917 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7918 | /* end confdefs.h. */ | ||
7919 | |||
7920 | /* Override any GCC internal prototype to avoid an error. | ||
7921 | Use char because int might match the return type of a GCC | ||
7922 | builtin and then its argument prototype would still apply. */ | ||
7923 | #ifdef __cplusplus | ||
7924 | extern "C" | ||
7925 | #endif | ||
7926 | char ct_tmpl_activate (); | ||
7927 | int | ||
7928 | main () | ||
7929 | { | ||
7930 | return ct_tmpl_activate (); | ||
7931 | ; | ||
7932 | return 0; | ||
7933 | } | ||
7934 | _ACEOF | ||
7935 | if ac_fn_c_try_link "$LINENO"; then : | ||
7936 | ac_cv_lib_contract_ct_tmpl_activate=yes | ||
7937 | else | ||
7938 | ac_cv_lib_contract_ct_tmpl_activate=no | ||
7939 | fi | ||
7940 | rm -f core conftest.err conftest.$ac_objext \ | ||
7941 | conftest$ac_exeext conftest.$ac_ext | ||
7942 | LIBS=$ac_check_lib_save_LIBS | ||
7943 | fi | ||
7944 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5 | ||
7945 | $as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; } | ||
7946 | if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then : | ||
7947 | |||
7948 | $as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h | ||
7949 | |||
7950 | LIBS="$LIBS -lcontract" | ||
7951 | SPC_MSG="yes" | ||
7952 | fi | ||
7953 | |||
7954 | |||
7955 | fi | ||
7956 | |||
7957 | |||
7958 | # Check whether --with-solaris-projects was given. | ||
7959 | if test "${with_solaris_projects+set}" = set; then : | ||
7960 | withval=$with_solaris_projects; | ||
7961 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 | ||
7962 | $as_echo_n "checking for setproject in -lproject... " >&6; } | ||
7963 | if ${ac_cv_lib_project_setproject+:} false; then : | ||
7964 | $as_echo_n "(cached) " >&6 | ||
7965 | else | ||
7966 | ac_check_lib_save_LIBS=$LIBS | ||
7967 | LIBS="-lproject $LIBS" | ||
7968 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
7969 | /* end confdefs.h. */ | ||
7970 | |||
7971 | /* Override any GCC internal prototype to avoid an error. | ||
7972 | Use char because int might match the return type of a GCC | ||
7973 | builtin and then its argument prototype would still apply. */ | ||
7974 | #ifdef __cplusplus | ||
7975 | extern "C" | ||
7976 | #endif | ||
7977 | char setproject (); | ||
7978 | int | ||
7979 | main () | ||
7980 | { | ||
7981 | return setproject (); | ||
7982 | ; | ||
7983 | return 0; | ||
7984 | } | ||
7985 | _ACEOF | ||
7986 | if ac_fn_c_try_link "$LINENO"; then : | ||
7987 | ac_cv_lib_project_setproject=yes | ||
7988 | else | ||
7989 | ac_cv_lib_project_setproject=no | ||
7990 | fi | ||
7991 | rm -f core conftest.err conftest.$ac_objext \ | ||
7992 | conftest$ac_exeext conftest.$ac_ext | ||
7993 | LIBS=$ac_check_lib_save_LIBS | ||
7994 | fi | ||
7995 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 | ||
7996 | $as_echo "$ac_cv_lib_project_setproject" >&6; } | ||
7997 | if test "x$ac_cv_lib_project_setproject" = xyes; then : | ||
7998 | |||
7999 | $as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h | ||
8000 | |||
8001 | LIBS="$LIBS -lproject" | ||
8002 | SP_MSG="yes" | ||
8003 | fi | ||
8004 | |||
8005 | |||
8006 | fi | ||
8007 | |||
8008 | |||
8009 | # Check whether --with-solaris-privs was given. | ||
8010 | if test "${with_solaris_privs+set}" = set; then : | ||
8011 | withval=$with_solaris_privs; | ||
8012 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Solaris/Illumos privilege support" >&5 | ||
8013 | $as_echo_n "checking for Solaris/Illumos privilege support... " >&6; } | ||
8014 | if test "x$ac_cv_func_setppriv" = "xyes" -a \ | ||
8015 | "x$ac_cv_header_priv_h" = "xyes" ; then | ||
8016 | SOLARIS_PRIVS=yes | ||
8017 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 | ||
8018 | $as_echo "found" >&6; } | ||
8019 | |||
8020 | $as_echo "#define NO_UID_RESTORATION_TEST 1" >>confdefs.h | ||
8021 | |||
8022 | |||
8023 | $as_echo "#define USE_SOLARIS_PRIVS 1" >>confdefs.h | ||
8024 | |||
8025 | SPP_MSG="yes" | ||
8026 | else | ||
8027 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
8028 | $as_echo "not found" >&6; } | ||
8029 | as_fn_error $? "*** must have support for Solaris privileges to use --with-solaris-privs" "$LINENO" 5 | ||
8030 | fi | ||
8031 | |||
8032 | fi | ||
8033 | |||
8034 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8035 | ;; | ||
8036 | *-*-sunos4*) | ||
8037 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | ||
8038 | for ac_func in getpwanam | ||
8039 | do : | ||
8040 | ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam" | ||
8041 | if test "x$ac_cv_func_getpwanam" = xyes; then : | ||
8042 | cat >>confdefs.h <<_ACEOF | ||
8043 | #define HAVE_GETPWANAM 1 | ||
8044 | _ACEOF | ||
8045 | |||
8046 | fi | ||
8047 | done | ||
8048 | |||
8049 | $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h | ||
8050 | |||
8051 | conf_utmp_location=/etc/utmp | ||
8052 | conf_wtmp_location=/var/adm/wtmp | ||
8053 | conf_lastlog_location=/var/adm/lastlog | ||
8054 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8055 | |||
8056 | ;; | ||
8057 | *-ncr-sysv*) | ||
8058 | LIBS="$LIBS -lc89" | ||
8059 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8060 | |||
8061 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8062 | |||
8063 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8064 | |||
8065 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8066 | |||
8067 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8068 | |||
8069 | ;; | ||
8070 | *-sni-sysv*) | ||
8071 | # /usr/ucblib MUST NOT be searched on ReliantUNIX | ||
8072 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5 | ||
8073 | $as_echo_n "checking for dlsym in -ldl... " >&6; } | ||
8074 | if ${ac_cv_lib_dl_dlsym+:} false; then : | ||
8075 | $as_echo_n "(cached) " >&6 | ||
8076 | else | ||
8077 | ac_check_lib_save_LIBS=$LIBS | ||
8078 | LIBS="-ldl $LIBS" | ||
8079 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8080 | /* end confdefs.h. */ | ||
8081 | |||
8082 | /* Override any GCC internal prototype to avoid an error. | ||
8083 | Use char because int might match the return type of a GCC | ||
8084 | builtin and then its argument prototype would still apply. */ | ||
8085 | #ifdef __cplusplus | ||
8086 | extern "C" | ||
8087 | #endif | ||
8088 | char dlsym (); | ||
8089 | int | ||
8090 | main () | ||
8091 | { | ||
8092 | return dlsym (); | ||
8093 | ; | ||
8094 | return 0; | ||
8095 | } | ||
8096 | _ACEOF | ||
8097 | if ac_fn_c_try_link "$LINENO"; then : | ||
8098 | ac_cv_lib_dl_dlsym=yes | ||
8099 | else | ||
8100 | ac_cv_lib_dl_dlsym=no | ||
8101 | fi | ||
8102 | rm -f core conftest.err conftest.$ac_objext \ | ||
8103 | conftest$ac_exeext conftest.$ac_ext | ||
8104 | LIBS=$ac_check_lib_save_LIBS | ||
8105 | fi | ||
8106 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5 | ||
8107 | $as_echo "$ac_cv_lib_dl_dlsym" >&6; } | ||
8108 | if test "x$ac_cv_lib_dl_dlsym" = xyes; then : | ||
8109 | cat >>confdefs.h <<_ACEOF | ||
8110 | #define HAVE_LIBDL 1 | ||
8111 | _ACEOF | ||
8112 | |||
8113 | LIBS="-ldl $LIBS" | ||
8114 | |||
8115 | fi | ||
8116 | |||
8117 | # -lresolv needs to be at the end of LIBS or DNS lookups break | ||
8118 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 | ||
8119 | $as_echo_n "checking for res_query in -lresolv... " >&6; } | ||
8120 | if ${ac_cv_lib_resolv_res_query+:} false; then : | ||
8121 | $as_echo_n "(cached) " >&6 | ||
8122 | else | ||
8123 | ac_check_lib_save_LIBS=$LIBS | ||
8124 | LIBS="-lresolv $LIBS" | ||
8125 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8126 | /* end confdefs.h. */ | ||
8127 | |||
8128 | /* Override any GCC internal prototype to avoid an error. | ||
8129 | Use char because int might match the return type of a GCC | ||
8130 | builtin and then its argument prototype would still apply. */ | ||
8131 | #ifdef __cplusplus | ||
8132 | extern "C" | ||
8133 | #endif | ||
8134 | char res_query (); | ||
8135 | int | ||
8136 | main () | ||
8137 | { | ||
8138 | return res_query (); | ||
8139 | ; | ||
8140 | return 0; | ||
8141 | } | ||
8142 | _ACEOF | ||
8143 | if ac_fn_c_try_link "$LINENO"; then : | ||
8144 | ac_cv_lib_resolv_res_query=yes | ||
8145 | else | ||
8146 | ac_cv_lib_resolv_res_query=no | ||
8147 | fi | ||
8148 | rm -f core conftest.err conftest.$ac_objext \ | ||
8149 | conftest$ac_exeext conftest.$ac_ext | ||
8150 | LIBS=$ac_check_lib_save_LIBS | ||
8151 | fi | ||
8152 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5 | ||
8153 | $as_echo "$ac_cv_lib_resolv_res_query" >&6; } | ||
8154 | if test "x$ac_cv_lib_resolv_res_query" = xyes; then : | ||
8155 | LIBS="$LIBS -lresolv" | ||
8156 | fi | ||
8157 | |||
8158 | IPADDR_IN_DISPLAY=yes | ||
8159 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8160 | |||
8161 | $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h | ||
8162 | |||
8163 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8164 | |||
8165 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8166 | |||
8167 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8168 | |||
8169 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8170 | |||
8171 | external_path_file=/etc/default/login | ||
8172 | # /usr/ucblib/libucb.a no longer needed on ReliantUNIX | ||
8173 | # Attention: always take care to bind libsocket and libnsl before libc, | ||
8174 | # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog | ||
8175 | ;; | ||
8176 | # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. | ||
8177 | *-*-sysv4.2*) | ||
8178 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8179 | |||
8180 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8181 | |||
8182 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8183 | |||
8184 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8185 | |||
8186 | |||
8187 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8188 | |||
8189 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
8190 | |||
8191 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8192 | ;; | ||
8193 | # UnixWare 7.x, OpenUNIX 8 | ||
8194 | *-*-sysv5*) | ||
8195 | CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" | ||
8196 | |||
8197 | $as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h | ||
8198 | |||
8199 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8200 | |||
8201 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8202 | |||
8203 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
8204 | |||
8205 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8206 | |||
8207 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8208 | |||
8209 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8210 | |||
8211 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8212 | case "$host" in | ||
8213 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x | ||
8214 | maildir=/var/spool/mail | ||
8215 | |||
8216 | $as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h | ||
8217 | |||
8218 | $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h | ||
8219 | |||
8220 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5 | ||
8221 | $as_echo_n "checking for getluid in -lprot... " >&6; } | ||
8222 | if ${ac_cv_lib_prot_getluid+:} false; then : | ||
8223 | $as_echo_n "(cached) " >&6 | ||
8224 | else | ||
8225 | ac_check_lib_save_LIBS=$LIBS | ||
8226 | LIBS="-lprot $LIBS" | ||
8227 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8228 | /* end confdefs.h. */ | ||
8229 | |||
8230 | /* Override any GCC internal prototype to avoid an error. | ||
8231 | Use char because int might match the return type of a GCC | ||
8232 | builtin and then its argument prototype would still apply. */ | ||
8233 | #ifdef __cplusplus | ||
8234 | extern "C" | ||
8235 | #endif | ||
8236 | char getluid (); | ||
8237 | int | ||
8238 | main () | ||
8239 | { | ||
8240 | return getluid (); | ||
8241 | ; | ||
8242 | return 0; | ||
8243 | } | ||
8244 | _ACEOF | ||
8245 | if ac_fn_c_try_link "$LINENO"; then : | ||
8246 | ac_cv_lib_prot_getluid=yes | ||
8247 | else | ||
8248 | ac_cv_lib_prot_getluid=no | ||
8249 | fi | ||
8250 | rm -f core conftest.err conftest.$ac_objext \ | ||
8251 | conftest$ac_exeext conftest.$ac_ext | ||
8252 | LIBS=$ac_check_lib_save_LIBS | ||
8253 | fi | ||
8254 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5 | ||
8255 | $as_echo "$ac_cv_lib_prot_getluid" >&6; } | ||
8256 | if test "x$ac_cv_lib_prot_getluid" = xyes; then : | ||
8257 | LIBS="$LIBS -lprot" | ||
8258 | for ac_func in getluid setluid | ||
8259 | do : | ||
8260 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
8261 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
8262 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
8263 | cat >>confdefs.h <<_ACEOF | ||
8264 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
8265 | _ACEOF | ||
8266 | |||
8267 | fi | ||
8268 | done | ||
8269 | |||
8270 | $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h | ||
8271 | |||
8272 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
8273 | |||
8274 | |||
8275 | fi | ||
8276 | |||
8277 | ;; | ||
8278 | *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | ||
8279 | |||
8280 | check_for_libcrypt_later=1 | ||
8281 | ;; | ||
8282 | esac | ||
8283 | ;; | ||
8284 | *-*-sysv*) | ||
8285 | ;; | ||
8286 | # SCO UNIX and OEM versions of SCO UNIX | ||
8287 | *-*-sco3.2v4*) | ||
8288 | as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5 | ||
8289 | ;; | ||
8290 | # SCO OpenServer 5.x | ||
8291 | *-*-sco3.2v5*) | ||
8292 | if test -z "$GCC"; then | ||
8293 | CFLAGS="$CFLAGS -belf" | ||
8294 | fi | ||
8295 | LIBS="$LIBS -lprot -lx -ltinfo -lm" | ||
8296 | no_dev_ptmx=1 | ||
8297 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8298 | |||
8299 | $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h | ||
8300 | |||
8301 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
8302 | |||
8303 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8304 | |||
8305 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8306 | |||
8307 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
8308 | |||
8309 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8310 | |||
8311 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8312 | |||
8313 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
8314 | |||
8315 | $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h | ||
8316 | |||
8317 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | ||
8318 | |||
8319 | for ac_func in getluid setluid | ||
8320 | do : | ||
8321 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
8322 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
8323 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
8324 | cat >>confdefs.h <<_ACEOF | ||
8325 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
8326 | _ACEOF | ||
8327 | |||
8328 | fi | ||
8329 | done | ||
8330 | |||
8331 | MANTYPE=man | ||
8332 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
8333 | SKIP_DISABLE_LASTLOG_DEFINE=yes | ||
8334 | ;; | ||
8335 | *-*-unicosmk*) | ||
8336 | |||
8337 | $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h | ||
8338 | |||
8339 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8340 | |||
8341 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8342 | |||
8343 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8344 | |||
8345 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8346 | |||
8347 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8348 | |||
8349 | LDFLAGS="$LDFLAGS" | ||
8350 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" | ||
8351 | MANTYPE=cat | ||
8352 | ;; | ||
8353 | *-*-unicosmp*) | ||
8354 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8355 | |||
8356 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8357 | |||
8358 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8359 | |||
8360 | $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h | ||
8361 | |||
8362 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8363 | |||
8364 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8365 | |||
8366 | LDFLAGS="$LDFLAGS" | ||
8367 | LIBS="$LIBS -lgen -lacid -ldb" | ||
8368 | MANTYPE=cat | ||
8369 | ;; | ||
8370 | *-*-unicos*) | ||
8371 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8372 | |||
8373 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8374 | |||
8375 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8376 | |||
8377 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8378 | |||
8379 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8380 | |||
8381 | $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h | ||
8382 | |||
8383 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" | ||
8384 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" | ||
8385 | MANTYPE=cat | ||
8386 | ;; | ||
8387 | *-dec-osf*) | ||
8388 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5 | ||
8389 | $as_echo_n "checking for Digital Unix SIA... " >&6; } | ||
8390 | no_osfsia="" | ||
8391 | |||
8392 | # Check whether --with-osfsia was given. | ||
8393 | if test "${with_osfsia+set}" = set; then : | ||
8394 | withval=$with_osfsia; | ||
8395 | if test "x$withval" = "xno" ; then | ||
8396 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 | ||
8397 | $as_echo "disabled" >&6; } | ||
8398 | no_osfsia=1 | ||
8399 | fi | ||
8400 | |||
8401 | fi | ||
8402 | |||
8403 | if test -z "$no_osfsia" ; then | ||
8404 | if test -f /etc/sia/matrix.conf; then | ||
8405 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
8406 | $as_echo "yes" >&6; } | ||
8407 | |||
8408 | $as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h | ||
8409 | |||
8410 | |||
8411 | $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h | ||
8412 | |||
8413 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8414 | |||
8415 | LIBS="$LIBS -lsecurity -ldb -lm -laud" | ||
8416 | SIA_MSG="yes" | ||
8417 | else | ||
8418 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
8419 | $as_echo "no" >&6; } | ||
8420 | |||
8421 | $as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h | ||
8422 | |||
8423 | fi | ||
8424 | fi | ||
8425 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
8426 | |||
8427 | $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h | ||
8428 | |||
8429 | $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h | ||
8430 | |||
8431 | $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h | ||
8432 | |||
8433 | |||
8434 | $as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h | ||
8435 | |||
8436 | ;; | ||
8437 | |||
8438 | *-*-nto-qnx*) | ||
8439 | $as_echo "#define USE_PIPES 1" >>confdefs.h | ||
8440 | |||
8441 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h | ||
8442 | |||
8443 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
8444 | |||
8445 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
8446 | |||
8447 | |||
8448 | $as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h | ||
8449 | |||
8450 | enable_etc_default_login=no # has incompatible /etc/default/login | ||
8451 | case "$host" in | ||
8452 | *-*-nto-qnx6*) | ||
8453 | $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h | ||
8454 | |||
8455 | ;; | ||
8456 | esac | ||
8457 | ;; | ||
8458 | |||
8459 | *-*-ultrix*) | ||
8460 | |||
8461 | $as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h | ||
8462 | |||
8463 | $as_echo "#define NEED_SETPGRP 1" >>confdefs.h | ||
8464 | |||
8465 | |||
8466 | $as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h | ||
8467 | |||
8468 | ;; | ||
8469 | |||
8470 | *-*-lynxos) | ||
8471 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | ||
8472 | |||
8473 | $as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h | ||
8474 | |||
8475 | ;; | ||
8476 | esac | ||
8477 | |||
8478 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5 | ||
8479 | $as_echo_n "checking compiler and flags for sanity... " >&6; } | ||
8480 | if test "$cross_compiling" = yes; then : | ||
8481 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5 | ||
8482 | $as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;} | ||
8483 | |||
8484 | else | ||
8485 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8486 | /* end confdefs.h. */ | ||
8487 | #include <stdio.h> | ||
8488 | int | ||
8489 | main () | ||
8490 | { | ||
8491 | exit(0); | ||
8492 | ; | ||
8493 | return 0; | ||
8494 | } | ||
8495 | _ACEOF | ||
8496 | if ac_fn_c_try_run "$LINENO"; then : | ||
8497 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
8498 | $as_echo "yes" >&6; } | ||
8499 | else | ||
8500 | |||
8501 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
8502 | $as_echo "no" >&6; } | ||
8503 | as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5 | ||
8504 | |||
8505 | fi | ||
8506 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
8507 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
8508 | fi | ||
8509 | |||
8510 | |||
8511 | # Checks for libraries. | ||
8512 | ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" | ||
8513 | if test "x$ac_cv_func_setsockopt" = xyes; then : | ||
8514 | |||
8515 | else | ||
8516 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5 | ||
8517 | $as_echo_n "checking for setsockopt in -lsocket... " >&6; } | ||
8518 | if ${ac_cv_lib_socket_setsockopt+:} false; then : | ||
8519 | $as_echo_n "(cached) " >&6 | ||
8520 | else | ||
8521 | ac_check_lib_save_LIBS=$LIBS | ||
8522 | LIBS="-lsocket $LIBS" | ||
8523 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8524 | /* end confdefs.h. */ | ||
8525 | |||
8526 | /* Override any GCC internal prototype to avoid an error. | ||
8527 | Use char because int might match the return type of a GCC | ||
8528 | builtin and then its argument prototype would still apply. */ | ||
8529 | #ifdef __cplusplus | ||
8530 | extern "C" | ||
8531 | #endif | ||
8532 | char setsockopt (); | ||
8533 | int | ||
8534 | main () | ||
8535 | { | ||
8536 | return setsockopt (); | ||
8537 | ; | ||
8538 | return 0; | ||
8539 | } | ||
8540 | _ACEOF | ||
8541 | if ac_fn_c_try_link "$LINENO"; then : | ||
8542 | ac_cv_lib_socket_setsockopt=yes | ||
8543 | else | ||
8544 | ac_cv_lib_socket_setsockopt=no | ||
8545 | fi | ||
8546 | rm -f core conftest.err conftest.$ac_objext \ | ||
8547 | conftest$ac_exeext conftest.$ac_ext | ||
8548 | LIBS=$ac_check_lib_save_LIBS | ||
8549 | fi | ||
8550 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5 | ||
8551 | $as_echo "$ac_cv_lib_socket_setsockopt" >&6; } | ||
8552 | if test "x$ac_cv_lib_socket_setsockopt" = xyes; then : | ||
8553 | cat >>confdefs.h <<_ACEOF | ||
8554 | #define HAVE_LIBSOCKET 1 | ||
8555 | _ACEOF | ||
8556 | |||
8557 | LIBS="-lsocket $LIBS" | ||
8558 | |||
8559 | fi | ||
8560 | |||
8561 | fi | ||
8562 | |||
8563 | |||
8564 | for ac_func in dirname | ||
8565 | do : | ||
8566 | ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname" | ||
8567 | if test "x$ac_cv_func_dirname" = xyes; then : | ||
8568 | cat >>confdefs.h <<_ACEOF | ||
8569 | #define HAVE_DIRNAME 1 | ||
8570 | _ACEOF | ||
8571 | for ac_header in libgen.h | ||
8572 | do : | ||
8573 | ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" | ||
8574 | if test "x$ac_cv_header_libgen_h" = xyes; then : | ||
8575 | cat >>confdefs.h <<_ACEOF | ||
8576 | #define HAVE_LIBGEN_H 1 | ||
8577 | _ACEOF | ||
8578 | |||
8579 | fi | ||
8580 | |||
8581 | done | ||
8582 | |||
8583 | else | ||
8584 | |||
8585 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5 | ||
8586 | $as_echo_n "checking for dirname in -lgen... " >&6; } | ||
8587 | if ${ac_cv_lib_gen_dirname+:} false; then : | ||
8588 | $as_echo_n "(cached) " >&6 | ||
8589 | else | ||
8590 | ac_check_lib_save_LIBS=$LIBS | ||
8591 | LIBS="-lgen $LIBS" | ||
8592 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8593 | /* end confdefs.h. */ | ||
8594 | |||
8595 | /* Override any GCC internal prototype to avoid an error. | ||
8596 | Use char because int might match the return type of a GCC | ||
8597 | builtin and then its argument prototype would still apply. */ | ||
8598 | #ifdef __cplusplus | ||
8599 | extern "C" | ||
8600 | #endif | ||
8601 | char dirname (); | ||
8602 | int | ||
8603 | main () | ||
8604 | { | ||
8605 | return dirname (); | ||
8606 | ; | ||
8607 | return 0; | ||
8608 | } | ||
8609 | _ACEOF | ||
8610 | if ac_fn_c_try_link "$LINENO"; then : | ||
8611 | ac_cv_lib_gen_dirname=yes | ||
8612 | else | ||
8613 | ac_cv_lib_gen_dirname=no | ||
8614 | fi | ||
8615 | rm -f core conftest.err conftest.$ac_objext \ | ||
8616 | conftest$ac_exeext conftest.$ac_ext | ||
8617 | LIBS=$ac_check_lib_save_LIBS | ||
8618 | fi | ||
8619 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5 | ||
8620 | $as_echo "$ac_cv_lib_gen_dirname" >&6; } | ||
8621 | if test "x$ac_cv_lib_gen_dirname" = xyes; then : | ||
8622 | |||
8623 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5 | ||
8624 | $as_echo_n "checking for broken dirname... " >&6; } | ||
8625 | if ${ac_cv_have_broken_dirname+:} false; then : | ||
8626 | $as_echo_n "(cached) " >&6 | ||
8627 | else | ||
8628 | |||
8629 | save_LIBS="$LIBS" | ||
8630 | LIBS="$LIBS -lgen" | ||
8631 | if test "$cross_compiling" = yes; then : | ||
8632 | ac_cv_have_broken_dirname="no" | ||
8633 | else | ||
8634 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8635 | /* end confdefs.h. */ | ||
8636 | |||
8637 | #include <libgen.h> | ||
8638 | #include <string.h> | ||
8639 | |||
8640 | int main(int argc, char **argv) { | ||
8641 | char *s, buf[32]; | ||
8642 | |||
8643 | strncpy(buf,"/etc", 32); | ||
8644 | s = dirname(buf); | ||
8645 | if (!s || strncmp(s, "/", 32) != 0) { | ||
8646 | exit(1); | ||
8647 | } else { | ||
8648 | exit(0); | ||
8649 | } | ||
8650 | } | ||
8651 | |||
8652 | _ACEOF | ||
8653 | if ac_fn_c_try_run "$LINENO"; then : | ||
8654 | ac_cv_have_broken_dirname="no" | ||
8655 | else | ||
8656 | ac_cv_have_broken_dirname="yes" | ||
8657 | fi | ||
8658 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
8659 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
8660 | fi | ||
8661 | |||
8662 | LIBS="$save_LIBS" | ||
8663 | |||
8664 | fi | ||
8665 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5 | ||
8666 | $as_echo "$ac_cv_have_broken_dirname" >&6; } | ||
8667 | if test "x$ac_cv_have_broken_dirname" = "xno" ; then | ||
8668 | LIBS="$LIBS -lgen" | ||
8669 | $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h | ||
8670 | |||
8671 | for ac_header in libgen.h | ||
8672 | do : | ||
8673 | ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" | ||
8674 | if test "x$ac_cv_header_libgen_h" = xyes; then : | ||
8675 | cat >>confdefs.h <<_ACEOF | ||
8676 | #define HAVE_LIBGEN_H 1 | ||
8677 | _ACEOF | ||
8678 | |||
8679 | fi | ||
8680 | |||
8681 | done | ||
8682 | |||
8683 | fi | ||
8684 | |||
8685 | fi | ||
8686 | |||
8687 | |||
8688 | fi | ||
8689 | done | ||
8690 | |||
8691 | |||
8692 | ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam" | ||
8693 | if test "x$ac_cv_func_getspnam" = xyes; then : | ||
8694 | |||
8695 | else | ||
8696 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5 | ||
8697 | $as_echo_n "checking for getspnam in -lgen... " >&6; } | ||
8698 | if ${ac_cv_lib_gen_getspnam+:} false; then : | ||
8699 | $as_echo_n "(cached) " >&6 | ||
8700 | else | ||
8701 | ac_check_lib_save_LIBS=$LIBS | ||
8702 | LIBS="-lgen $LIBS" | ||
8703 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8704 | /* end confdefs.h. */ | ||
8705 | |||
8706 | /* Override any GCC internal prototype to avoid an error. | ||
8707 | Use char because int might match the return type of a GCC | ||
8708 | builtin and then its argument prototype would still apply. */ | ||
8709 | #ifdef __cplusplus | ||
8710 | extern "C" | ||
8711 | #endif | ||
8712 | char getspnam (); | ||
8713 | int | ||
8714 | main () | ||
8715 | { | ||
8716 | return getspnam (); | ||
8717 | ; | ||
8718 | return 0; | ||
8719 | } | ||
8720 | _ACEOF | ||
8721 | if ac_fn_c_try_link "$LINENO"; then : | ||
8722 | ac_cv_lib_gen_getspnam=yes | ||
8723 | else | ||
8724 | ac_cv_lib_gen_getspnam=no | ||
8725 | fi | ||
8726 | rm -f core conftest.err conftest.$ac_objext \ | ||
8727 | conftest$ac_exeext conftest.$ac_ext | ||
8728 | LIBS=$ac_check_lib_save_LIBS | ||
8729 | fi | ||
8730 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5 | ||
8731 | $as_echo "$ac_cv_lib_gen_getspnam" >&6; } | ||
8732 | if test "x$ac_cv_lib_gen_getspnam" = xyes; then : | ||
8733 | LIBS="$LIBS -lgen" | ||
8734 | fi | ||
8735 | |||
8736 | fi | ||
8737 | |||
8738 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5 | ||
8739 | $as_echo_n "checking for library containing basename... " >&6; } | ||
8740 | if ${ac_cv_search_basename+:} false; then : | ||
8741 | $as_echo_n "(cached) " >&6 | ||
8742 | else | ||
8743 | ac_func_search_save_LIBS=$LIBS | ||
8744 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8745 | /* end confdefs.h. */ | ||
8746 | |||
8747 | /* Override any GCC internal prototype to avoid an error. | ||
8748 | Use char because int might match the return type of a GCC | ||
8749 | builtin and then its argument prototype would still apply. */ | ||
8750 | #ifdef __cplusplus | ||
8751 | extern "C" | ||
8752 | #endif | ||
8753 | char basename (); | ||
8754 | int | ||
8755 | main () | ||
8756 | { | ||
8757 | return basename (); | ||
8758 | ; | ||
8759 | return 0; | ||
8760 | } | ||
8761 | _ACEOF | ||
8762 | for ac_lib in '' gen; do | ||
8763 | if test -z "$ac_lib"; then | ||
8764 | ac_res="none required" | ||
8765 | else | ||
8766 | ac_res=-l$ac_lib | ||
8767 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
8768 | fi | ||
8769 | if ac_fn_c_try_link "$LINENO"; then : | ||
8770 | ac_cv_search_basename=$ac_res | ||
8771 | fi | ||
8772 | rm -f core conftest.err conftest.$ac_objext \ | ||
8773 | conftest$ac_exeext | ||
8774 | if ${ac_cv_search_basename+:} false; then : | ||
8775 | break | ||
8776 | fi | ||
8777 | done | ||
8778 | if ${ac_cv_search_basename+:} false; then : | ||
8779 | |||
8780 | else | ||
8781 | ac_cv_search_basename=no | ||
8782 | fi | ||
8783 | rm conftest.$ac_ext | ||
8784 | LIBS=$ac_func_search_save_LIBS | ||
8785 | fi | ||
8786 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5 | ||
8787 | $as_echo "$ac_cv_search_basename" >&6; } | ||
8788 | ac_res=$ac_cv_search_basename | ||
8789 | if test "$ac_res" != no; then : | ||
8790 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
8791 | |||
8792 | $as_echo "#define HAVE_BASENAME 1" >>confdefs.h | ||
8793 | |||
8794 | fi | ||
8795 | |||
8796 | |||
8797 | |||
8798 | # Check whether --with-zlib was given. | ||
8799 | if test "${with_zlib+set}" = set; then : | ||
8800 | withval=$with_zlib; if test "x$withval" = "xno" ; then | ||
8801 | as_fn_error $? "*** zlib is required ***" "$LINENO" 5 | ||
8802 | elif test "x$withval" != "xyes"; then | ||
8803 | if test -d "$withval/lib"; then | ||
8804 | if test -n "${need_dash_r}"; then | ||
8805 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | ||
8806 | else | ||
8807 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | ||
8808 | fi | ||
8809 | else | ||
8810 | if test -n "${need_dash_r}"; then | ||
8811 | LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" | ||
8812 | else | ||
8813 | LDFLAGS="-L${withval} ${LDFLAGS}" | ||
8814 | fi | ||
8815 | fi | ||
8816 | if test -d "$withval/include"; then | ||
8817 | CPPFLAGS="-I${withval}/include ${CPPFLAGS}" | ||
8818 | else | ||
8819 | CPPFLAGS="-I${withval} ${CPPFLAGS}" | ||
8820 | fi | ||
8821 | fi | ||
8822 | |||
8823 | fi | ||
8824 | |||
8825 | |||
8826 | ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" | ||
8827 | if test "x$ac_cv_header_zlib_h" = xyes; then : | ||
8828 | |||
8829 | else | ||
8830 | as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5 | ||
8831 | fi | ||
8832 | |||
8833 | |||
8834 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5 | ||
8835 | $as_echo_n "checking for deflate in -lz... " >&6; } | ||
8836 | if ${ac_cv_lib_z_deflate+:} false; then : | ||
8837 | $as_echo_n "(cached) " >&6 | ||
8838 | else | ||
8839 | ac_check_lib_save_LIBS=$LIBS | ||
8840 | LIBS="-lz $LIBS" | ||
8841 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8842 | /* end confdefs.h. */ | ||
8843 | |||
8844 | /* Override any GCC internal prototype to avoid an error. | ||
8845 | Use char because int might match the return type of a GCC | ||
8846 | builtin and then its argument prototype would still apply. */ | ||
8847 | #ifdef __cplusplus | ||
8848 | extern "C" | ||
8849 | #endif | ||
8850 | char deflate (); | ||
8851 | int | ||
8852 | main () | ||
8853 | { | ||
8854 | return deflate (); | ||
8855 | ; | ||
8856 | return 0; | ||
8857 | } | ||
8858 | _ACEOF | ||
8859 | if ac_fn_c_try_link "$LINENO"; then : | ||
8860 | ac_cv_lib_z_deflate=yes | ||
8861 | else | ||
8862 | ac_cv_lib_z_deflate=no | ||
8863 | fi | ||
8864 | rm -f core conftest.err conftest.$ac_objext \ | ||
8865 | conftest$ac_exeext conftest.$ac_ext | ||
8866 | LIBS=$ac_check_lib_save_LIBS | ||
8867 | fi | ||
8868 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5 | ||
8869 | $as_echo "$ac_cv_lib_z_deflate" >&6; } | ||
8870 | if test "x$ac_cv_lib_z_deflate" = xyes; then : | ||
8871 | cat >>confdefs.h <<_ACEOF | ||
8872 | #define HAVE_LIBZ 1 | ||
8873 | _ACEOF | ||
8874 | |||
8875 | LIBS="-lz $LIBS" | ||
8876 | |||
8877 | else | ||
8878 | |||
8879 | saved_CPPFLAGS="$CPPFLAGS" | ||
8880 | saved_LDFLAGS="$LDFLAGS" | ||
8881 | save_LIBS="$LIBS" | ||
8882 | if test -n "${need_dash_r}"; then | ||
8883 | LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" | ||
8884 | else | ||
8885 | LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" | ||
8886 | fi | ||
8887 | CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" | ||
8888 | LIBS="$LIBS -lz" | ||
8889 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8890 | /* end confdefs.h. */ | ||
8891 | |||
8892 | /* Override any GCC internal prototype to avoid an error. | ||
8893 | Use char because int might match the return type of a GCC | ||
8894 | builtin and then its argument prototype would still apply. */ | ||
8895 | #ifdef __cplusplus | ||
8896 | extern "C" | ||
8897 | #endif | ||
8898 | char deflate (); | ||
8899 | int | ||
8900 | main () | ||
8901 | { | ||
8902 | return deflate (); | ||
8903 | ; | ||
8904 | return 0; | ||
8905 | } | ||
8906 | _ACEOF | ||
8907 | if ac_fn_c_try_link "$LINENO"; then : | ||
8908 | $as_echo "#define HAVE_LIBZ 1" >>confdefs.h | ||
8909 | |||
8910 | else | ||
8911 | |||
8912 | as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5 | ||
8913 | |||
8914 | |||
8915 | fi | ||
8916 | rm -f core conftest.err conftest.$ac_objext \ | ||
8917 | conftest$ac_exeext conftest.$ac_ext | ||
8918 | |||
8919 | |||
8920 | fi | ||
8921 | |||
8922 | |||
8923 | |||
8924 | # Check whether --with-zlib-version-check was given. | ||
8925 | if test "${with_zlib_version_check+set}" = set; then : | ||
8926 | withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then | ||
8927 | zlib_check_nonfatal=1 | ||
8928 | fi | ||
8929 | |||
8930 | |||
8931 | fi | ||
8932 | |||
8933 | |||
8934 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5 | ||
8935 | $as_echo_n "checking for possibly buggy zlib... " >&6; } | ||
8936 | if test "$cross_compiling" = yes; then : | ||
8937 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5 | ||
8938 | $as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} | ||
8939 | |||
8940 | else | ||
8941 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8942 | /* end confdefs.h. */ | ||
8943 | |||
8944 | #include <stdio.h> | ||
8945 | #include <stdlib.h> | ||
8946 | #include <zlib.h> | ||
8947 | |||
8948 | int | ||
8949 | main () | ||
8950 | { | ||
8951 | |||
8952 | int a=0, b=0, c=0, d=0, n, v; | ||
8953 | n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); | ||
8954 | if (n != 3 && n != 4) | ||
8955 | exit(1); | ||
8956 | v = a*1000000 + b*10000 + c*100 + d; | ||
8957 | fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); | ||
8958 | |||
8959 | /* 1.1.4 is OK */ | ||
8960 | if (a == 1 && b == 1 && c >= 4) | ||
8961 | exit(0); | ||
8962 | |||
8963 | /* 1.2.3 and up are OK */ | ||
8964 | if (v >= 1020300) | ||
8965 | exit(0); | ||
8966 | |||
8967 | exit(2); | ||
8968 | |||
8969 | ; | ||
8970 | return 0; | ||
8971 | } | ||
8972 | _ACEOF | ||
8973 | if ac_fn_c_try_run "$LINENO"; then : | ||
8974 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
8975 | $as_echo "no" >&6; } | ||
8976 | else | ||
8977 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
8978 | $as_echo "yes" >&6; } | ||
8979 | if test -z "$zlib_check_nonfatal" ; then | ||
8980 | as_fn_error $? "*** zlib too old - check config.log *** | ||
8981 | Your reported zlib version has known security problems. It's possible your | ||
8982 | vendor has fixed these problems without changing the version number. If you | ||
8983 | are sure this is the case, you can disable the check by running | ||
8984 | \"./configure --without-zlib-version-check\". | ||
8985 | If you are in doubt, upgrade zlib to version 1.2.3 or greater. | ||
8986 | See http://www.gzip.org/zlib/ for details." "$LINENO" 5 | ||
8987 | else | ||
8988 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5 | ||
8989 | $as_echo "$as_me: WARNING: zlib version may have security problems" >&2;} | ||
8990 | fi | ||
8991 | |||
8992 | fi | ||
8993 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
8994 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
8995 | fi | ||
8996 | |||
8997 | |||
8998 | ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" | ||
8999 | if test "x$ac_cv_func_strcasecmp" = xyes; then : | ||
9000 | |||
9001 | else | ||
9002 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5 | ||
9003 | $as_echo_n "checking for strcasecmp in -lresolv... " >&6; } | ||
9004 | if ${ac_cv_lib_resolv_strcasecmp+:} false; then : | ||
9005 | $as_echo_n "(cached) " >&6 | ||
9006 | else | ||
9007 | ac_check_lib_save_LIBS=$LIBS | ||
9008 | LIBS="-lresolv $LIBS" | ||
9009 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9010 | /* end confdefs.h. */ | ||
9011 | |||
9012 | /* Override any GCC internal prototype to avoid an error. | ||
9013 | Use char because int might match the return type of a GCC | ||
9014 | builtin and then its argument prototype would still apply. */ | ||
9015 | #ifdef __cplusplus | ||
9016 | extern "C" | ||
9017 | #endif | ||
9018 | char strcasecmp (); | ||
9019 | int | ||
9020 | main () | ||
9021 | { | ||
9022 | return strcasecmp (); | ||
9023 | ; | ||
9024 | return 0; | ||
9025 | } | ||
9026 | _ACEOF | ||
9027 | if ac_fn_c_try_link "$LINENO"; then : | ||
9028 | ac_cv_lib_resolv_strcasecmp=yes | ||
9029 | else | ||
9030 | ac_cv_lib_resolv_strcasecmp=no | ||
9031 | fi | ||
9032 | rm -f core conftest.err conftest.$ac_objext \ | ||
9033 | conftest$ac_exeext conftest.$ac_ext | ||
9034 | LIBS=$ac_check_lib_save_LIBS | ||
9035 | fi | ||
9036 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5 | ||
9037 | $as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; } | ||
9038 | if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then : | ||
9039 | LIBS="$LIBS -lresolv" | ||
9040 | fi | ||
9041 | |||
9042 | |||
9043 | fi | ||
9044 | |||
9045 | for ac_func in utimes | ||
9046 | do : | ||
9047 | ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" | ||
9048 | if test "x$ac_cv_func_utimes" = xyes; then : | ||
9049 | cat >>confdefs.h <<_ACEOF | ||
9050 | #define HAVE_UTIMES 1 | ||
9051 | _ACEOF | ||
9052 | |||
9053 | else | ||
9054 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5 | ||
9055 | $as_echo_n "checking for utimes in -lc89... " >&6; } | ||
9056 | if ${ac_cv_lib_c89_utimes+:} false; then : | ||
9057 | $as_echo_n "(cached) " >&6 | ||
9058 | else | ||
9059 | ac_check_lib_save_LIBS=$LIBS | ||
9060 | LIBS="-lc89 $LIBS" | ||
9061 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9062 | /* end confdefs.h. */ | ||
9063 | |||
9064 | /* Override any GCC internal prototype to avoid an error. | ||
9065 | Use char because int might match the return type of a GCC | ||
9066 | builtin and then its argument prototype would still apply. */ | ||
9067 | #ifdef __cplusplus | ||
9068 | extern "C" | ||
9069 | #endif | ||
9070 | char utimes (); | ||
9071 | int | ||
9072 | main () | ||
9073 | { | ||
9074 | return utimes (); | ||
9075 | ; | ||
9076 | return 0; | ||
9077 | } | ||
9078 | _ACEOF | ||
9079 | if ac_fn_c_try_link "$LINENO"; then : | ||
9080 | ac_cv_lib_c89_utimes=yes | ||
9081 | else | ||
9082 | ac_cv_lib_c89_utimes=no | ||
9083 | fi | ||
9084 | rm -f core conftest.err conftest.$ac_objext \ | ||
9085 | conftest$ac_exeext conftest.$ac_ext | ||
9086 | LIBS=$ac_check_lib_save_LIBS | ||
9087 | fi | ||
9088 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5 | ||
9089 | $as_echo "$ac_cv_lib_c89_utimes" >&6; } | ||
9090 | if test "x$ac_cv_lib_c89_utimes" = xyes; then : | ||
9091 | $as_echo "#define HAVE_UTIMES 1" >>confdefs.h | ||
9092 | |||
9093 | LIBS="$LIBS -lc89" | ||
9094 | fi | ||
9095 | |||
9096 | |||
9097 | fi | ||
9098 | done | ||
9099 | |||
9100 | |||
9101 | for ac_header in bsd/libutil.h libutil.h | ||
9102 | do : | ||
9103 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
9104 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
9105 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
9106 | cat >>confdefs.h <<_ACEOF | ||
9107 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
9108 | _ACEOF | ||
9109 | |||
9110 | fi | ||
9111 | |||
9112 | done | ||
9113 | |||
9114 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5 | ||
9115 | $as_echo_n "checking for library containing fmt_scaled... " >&6; } | ||
9116 | if ${ac_cv_search_fmt_scaled+:} false; then : | ||
9117 | $as_echo_n "(cached) " >&6 | ||
9118 | else | ||
9119 | ac_func_search_save_LIBS=$LIBS | ||
9120 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9121 | /* end confdefs.h. */ | ||
9122 | |||
9123 | /* Override any GCC internal prototype to avoid an error. | ||
9124 | Use char because int might match the return type of a GCC | ||
9125 | builtin and then its argument prototype would still apply. */ | ||
9126 | #ifdef __cplusplus | ||
9127 | extern "C" | ||
9128 | #endif | ||
9129 | char fmt_scaled (); | ||
9130 | int | ||
9131 | main () | ||
9132 | { | ||
9133 | return fmt_scaled (); | ||
9134 | ; | ||
9135 | return 0; | ||
9136 | } | ||
9137 | _ACEOF | ||
9138 | for ac_lib in '' util bsd; do | ||
9139 | if test -z "$ac_lib"; then | ||
9140 | ac_res="none required" | ||
9141 | else | ||
9142 | ac_res=-l$ac_lib | ||
9143 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9144 | fi | ||
9145 | if ac_fn_c_try_link "$LINENO"; then : | ||
9146 | ac_cv_search_fmt_scaled=$ac_res | ||
9147 | fi | ||
9148 | rm -f core conftest.err conftest.$ac_objext \ | ||
9149 | conftest$ac_exeext | ||
9150 | if ${ac_cv_search_fmt_scaled+:} false; then : | ||
9151 | break | ||
9152 | fi | ||
9153 | done | ||
9154 | if ${ac_cv_search_fmt_scaled+:} false; then : | ||
9155 | |||
9156 | else | ||
9157 | ac_cv_search_fmt_scaled=no | ||
9158 | fi | ||
9159 | rm conftest.$ac_ext | ||
9160 | LIBS=$ac_func_search_save_LIBS | ||
9161 | fi | ||
9162 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5 | ||
9163 | $as_echo "$ac_cv_search_fmt_scaled" >&6; } | ||
9164 | ac_res=$ac_cv_search_fmt_scaled | ||
9165 | if test "$ac_res" != no; then : | ||
9166 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9167 | |||
9168 | fi | ||
9169 | |||
9170 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5 | ||
9171 | $as_echo_n "checking for library containing scan_scaled... " >&6; } | ||
9172 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
9173 | $as_echo_n "(cached) " >&6 | ||
9174 | else | ||
9175 | ac_func_search_save_LIBS=$LIBS | ||
9176 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9177 | /* end confdefs.h. */ | ||
9178 | |||
9179 | /* Override any GCC internal prototype to avoid an error. | ||
9180 | Use char because int might match the return type of a GCC | ||
9181 | builtin and then its argument prototype would still apply. */ | ||
9182 | #ifdef __cplusplus | ||
9183 | extern "C" | ||
9184 | #endif | ||
9185 | char scan_scaled (); | ||
9186 | int | ||
9187 | main () | ||
9188 | { | ||
9189 | return scan_scaled (); | ||
9190 | ; | ||
9191 | return 0; | ||
9192 | } | ||
9193 | _ACEOF | ||
9194 | for ac_lib in '' util bsd; do | ||
9195 | if test -z "$ac_lib"; then | ||
9196 | ac_res="none required" | ||
9197 | else | ||
9198 | ac_res=-l$ac_lib | ||
9199 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9200 | fi | ||
9201 | if ac_fn_c_try_link "$LINENO"; then : | ||
9202 | ac_cv_search_scan_scaled=$ac_res | ||
9203 | fi | ||
9204 | rm -f core conftest.err conftest.$ac_objext \ | ||
9205 | conftest$ac_exeext | ||
9206 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
9207 | break | ||
9208 | fi | ||
9209 | done | ||
9210 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
9211 | |||
9212 | else | ||
9213 | ac_cv_search_scan_scaled=no | ||
9214 | fi | ||
9215 | rm conftest.$ac_ext | ||
9216 | LIBS=$ac_func_search_save_LIBS | ||
9217 | fi | ||
9218 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5 | ||
9219 | $as_echo "$ac_cv_search_scan_scaled" >&6; } | ||
9220 | ac_res=$ac_cv_search_scan_scaled | ||
9221 | if test "$ac_res" != no; then : | ||
9222 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9223 | |||
9224 | fi | ||
9225 | |||
9226 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 | ||
9227 | $as_echo_n "checking for library containing login... " >&6; } | ||
9228 | if ${ac_cv_search_login+:} false; then : | ||
9229 | $as_echo_n "(cached) " >&6 | ||
9230 | else | ||
9231 | ac_func_search_save_LIBS=$LIBS | ||
9232 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9233 | /* end confdefs.h. */ | ||
9234 | |||
9235 | /* Override any GCC internal prototype to avoid an error. | ||
9236 | Use char because int might match the return type of a GCC | ||
9237 | builtin and then its argument prototype would still apply. */ | ||
9238 | #ifdef __cplusplus | ||
9239 | extern "C" | ||
9240 | #endif | ||
9241 | char login (); | ||
9242 | int | ||
9243 | main () | ||
9244 | { | ||
9245 | return login (); | ||
9246 | ; | ||
9247 | return 0; | ||
9248 | } | ||
9249 | _ACEOF | ||
9250 | for ac_lib in '' util bsd; do | ||
9251 | if test -z "$ac_lib"; then | ||
9252 | ac_res="none required" | ||
9253 | else | ||
9254 | ac_res=-l$ac_lib | ||
9255 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9256 | fi | ||
9257 | if ac_fn_c_try_link "$LINENO"; then : | ||
9258 | ac_cv_search_login=$ac_res | ||
9259 | fi | ||
9260 | rm -f core conftest.err conftest.$ac_objext \ | ||
9261 | conftest$ac_exeext | ||
9262 | if ${ac_cv_search_login+:} false; then : | ||
9263 | break | ||
9264 | fi | ||
9265 | done | ||
9266 | if ${ac_cv_search_login+:} false; then : | ||
9267 | |||
9268 | else | ||
9269 | ac_cv_search_login=no | ||
9270 | fi | ||
9271 | rm conftest.$ac_ext | ||
9272 | LIBS=$ac_func_search_save_LIBS | ||
9273 | fi | ||
9274 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5 | ||
9275 | $as_echo "$ac_cv_search_login" >&6; } | ||
9276 | ac_res=$ac_cv_search_login | ||
9277 | if test "$ac_res" != no; then : | ||
9278 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9279 | |||
9280 | fi | ||
9281 | |||
9282 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5 | ||
9283 | $as_echo_n "checking for library containing logout... " >&6; } | ||
9284 | if ${ac_cv_search_logout+:} false; then : | ||
9285 | $as_echo_n "(cached) " >&6 | ||
9286 | else | ||
9287 | ac_func_search_save_LIBS=$LIBS | ||
9288 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9289 | /* end confdefs.h. */ | ||
9290 | |||
9291 | /* Override any GCC internal prototype to avoid an error. | ||
9292 | Use char because int might match the return type of a GCC | ||
9293 | builtin and then its argument prototype would still apply. */ | ||
9294 | #ifdef __cplusplus | ||
9295 | extern "C" | ||
9296 | #endif | ||
9297 | char logout (); | ||
9298 | int | ||
9299 | main () | ||
9300 | { | ||
9301 | return logout (); | ||
9302 | ; | ||
9303 | return 0; | ||
9304 | } | ||
9305 | _ACEOF | ||
9306 | for ac_lib in '' util bsd; do | ||
9307 | if test -z "$ac_lib"; then | ||
9308 | ac_res="none required" | ||
9309 | else | ||
9310 | ac_res=-l$ac_lib | ||
9311 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9312 | fi | ||
9313 | if ac_fn_c_try_link "$LINENO"; then : | ||
9314 | ac_cv_search_logout=$ac_res | ||
9315 | fi | ||
9316 | rm -f core conftest.err conftest.$ac_objext \ | ||
9317 | conftest$ac_exeext | ||
9318 | if ${ac_cv_search_logout+:} false; then : | ||
9319 | break | ||
9320 | fi | ||
9321 | done | ||
9322 | if ${ac_cv_search_logout+:} false; then : | ||
9323 | |||
9324 | else | ||
9325 | ac_cv_search_logout=no | ||
9326 | fi | ||
9327 | rm conftest.$ac_ext | ||
9328 | LIBS=$ac_func_search_save_LIBS | ||
9329 | fi | ||
9330 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5 | ||
9331 | $as_echo "$ac_cv_search_logout" >&6; } | ||
9332 | ac_res=$ac_cv_search_logout | ||
9333 | if test "$ac_res" != no; then : | ||
9334 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9335 | |||
9336 | fi | ||
9337 | |||
9338 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5 | ||
9339 | $as_echo_n "checking for library containing logwtmp... " >&6; } | ||
9340 | if ${ac_cv_search_logwtmp+:} false; then : | ||
9341 | $as_echo_n "(cached) " >&6 | ||
9342 | else | ||
9343 | ac_func_search_save_LIBS=$LIBS | ||
9344 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9345 | /* end confdefs.h. */ | ||
9346 | |||
9347 | /* Override any GCC internal prototype to avoid an error. | ||
9348 | Use char because int might match the return type of a GCC | ||
9349 | builtin and then its argument prototype would still apply. */ | ||
9350 | #ifdef __cplusplus | ||
9351 | extern "C" | ||
9352 | #endif | ||
9353 | char logwtmp (); | ||
9354 | int | ||
9355 | main () | ||
9356 | { | ||
9357 | return logwtmp (); | ||
9358 | ; | ||
9359 | return 0; | ||
9360 | } | ||
9361 | _ACEOF | ||
9362 | for ac_lib in '' util bsd; do | ||
9363 | if test -z "$ac_lib"; then | ||
9364 | ac_res="none required" | ||
9365 | else | ||
9366 | ac_res=-l$ac_lib | ||
9367 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9368 | fi | ||
9369 | if ac_fn_c_try_link "$LINENO"; then : | ||
9370 | ac_cv_search_logwtmp=$ac_res | ||
9371 | fi | ||
9372 | rm -f core conftest.err conftest.$ac_objext \ | ||
9373 | conftest$ac_exeext | ||
9374 | if ${ac_cv_search_logwtmp+:} false; then : | ||
9375 | break | ||
9376 | fi | ||
9377 | done | ||
9378 | if ${ac_cv_search_logwtmp+:} false; then : | ||
9379 | |||
9380 | else | ||
9381 | ac_cv_search_logwtmp=no | ||
9382 | fi | ||
9383 | rm conftest.$ac_ext | ||
9384 | LIBS=$ac_func_search_save_LIBS | ||
9385 | fi | ||
9386 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5 | ||
9387 | $as_echo "$ac_cv_search_logwtmp" >&6; } | ||
9388 | ac_res=$ac_cv_search_logwtmp | ||
9389 | if test "$ac_res" != no; then : | ||
9390 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9391 | |||
9392 | fi | ||
9393 | |||
9394 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 | ||
9395 | $as_echo_n "checking for library containing openpty... " >&6; } | ||
9396 | if ${ac_cv_search_openpty+:} false; then : | ||
9397 | $as_echo_n "(cached) " >&6 | ||
9398 | else | ||
9399 | ac_func_search_save_LIBS=$LIBS | ||
9400 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9401 | /* end confdefs.h. */ | ||
9402 | |||
9403 | /* Override any GCC internal prototype to avoid an error. | ||
9404 | Use char because int might match the return type of a GCC | ||
9405 | builtin and then its argument prototype would still apply. */ | ||
9406 | #ifdef __cplusplus | ||
9407 | extern "C" | ||
9408 | #endif | ||
9409 | char openpty (); | ||
9410 | int | ||
9411 | main () | ||
9412 | { | ||
9413 | return openpty (); | ||
9414 | ; | ||
9415 | return 0; | ||
9416 | } | ||
9417 | _ACEOF | ||
9418 | for ac_lib in '' util bsd; do | ||
9419 | if test -z "$ac_lib"; then | ||
9420 | ac_res="none required" | ||
9421 | else | ||
9422 | ac_res=-l$ac_lib | ||
9423 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9424 | fi | ||
9425 | if ac_fn_c_try_link "$LINENO"; then : | ||
9426 | ac_cv_search_openpty=$ac_res | ||
9427 | fi | ||
9428 | rm -f core conftest.err conftest.$ac_objext \ | ||
9429 | conftest$ac_exeext | ||
9430 | if ${ac_cv_search_openpty+:} false; then : | ||
9431 | break | ||
9432 | fi | ||
9433 | done | ||
9434 | if ${ac_cv_search_openpty+:} false; then : | ||
9435 | |||
9436 | else | ||
9437 | ac_cv_search_openpty=no | ||
9438 | fi | ||
9439 | rm conftest.$ac_ext | ||
9440 | LIBS=$ac_func_search_save_LIBS | ||
9441 | fi | ||
9442 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 | ||
9443 | $as_echo "$ac_cv_search_openpty" >&6; } | ||
9444 | ac_res=$ac_cv_search_openpty | ||
9445 | if test "$ac_res" != no; then : | ||
9446 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9447 | |||
9448 | fi | ||
9449 | |||
9450 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5 | ||
9451 | $as_echo_n "checking for library containing updwtmp... " >&6; } | ||
9452 | if ${ac_cv_search_updwtmp+:} false; then : | ||
9453 | $as_echo_n "(cached) " >&6 | ||
9454 | else | ||
9455 | ac_func_search_save_LIBS=$LIBS | ||
9456 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9457 | /* end confdefs.h. */ | ||
9458 | |||
9459 | /* Override any GCC internal prototype to avoid an error. | ||
9460 | Use char because int might match the return type of a GCC | ||
9461 | builtin and then its argument prototype would still apply. */ | ||
9462 | #ifdef __cplusplus | ||
9463 | extern "C" | ||
9464 | #endif | ||
9465 | char updwtmp (); | ||
9466 | int | ||
9467 | main () | ||
9468 | { | ||
9469 | return updwtmp (); | ||
9470 | ; | ||
9471 | return 0; | ||
9472 | } | ||
9473 | _ACEOF | ||
9474 | for ac_lib in '' util bsd; do | ||
9475 | if test -z "$ac_lib"; then | ||
9476 | ac_res="none required" | ||
9477 | else | ||
9478 | ac_res=-l$ac_lib | ||
9479 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9480 | fi | ||
9481 | if ac_fn_c_try_link "$LINENO"; then : | ||
9482 | ac_cv_search_updwtmp=$ac_res | ||
9483 | fi | ||
9484 | rm -f core conftest.err conftest.$ac_objext \ | ||
9485 | conftest$ac_exeext | ||
9486 | if ${ac_cv_search_updwtmp+:} false; then : | ||
9487 | break | ||
9488 | fi | ||
9489 | done | ||
9490 | if ${ac_cv_search_updwtmp+:} false; then : | ||
9491 | |||
9492 | else | ||
9493 | ac_cv_search_updwtmp=no | ||
9494 | fi | ||
9495 | rm conftest.$ac_ext | ||
9496 | LIBS=$ac_func_search_save_LIBS | ||
9497 | fi | ||
9498 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5 | ||
9499 | $as_echo "$ac_cv_search_updwtmp" >&6; } | ||
9500 | ac_res=$ac_cv_search_updwtmp | ||
9501 | if test "$ac_res" != no; then : | ||
9502 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9503 | |||
9504 | fi | ||
9505 | |||
9506 | for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp | ||
9507 | do : | ||
9508 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
9509 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
9510 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
9511 | cat >>confdefs.h <<_ACEOF | ||
9512 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
9513 | _ACEOF | ||
9514 | |||
9515 | fi | ||
9516 | done | ||
9517 | |||
9518 | |||
9519 | # On some platforms, inet_ntop and gethostbyname may be found in libresolv | ||
9520 | # or libnsl. | ||
9521 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 | ||
9522 | $as_echo_n "checking for library containing inet_ntop... " >&6; } | ||
9523 | if ${ac_cv_search_inet_ntop+:} false; then : | ||
9524 | $as_echo_n "(cached) " >&6 | ||
9525 | else | ||
9526 | ac_func_search_save_LIBS=$LIBS | ||
9527 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9528 | /* end confdefs.h. */ | ||
9529 | |||
9530 | /* Override any GCC internal prototype to avoid an error. | ||
9531 | Use char because int might match the return type of a GCC | ||
9532 | builtin and then its argument prototype would still apply. */ | ||
9533 | #ifdef __cplusplus | ||
9534 | extern "C" | ||
9535 | #endif | ||
9536 | char inet_ntop (); | ||
9537 | int | ||
9538 | main () | ||
9539 | { | ||
9540 | return inet_ntop (); | ||
9541 | ; | ||
9542 | return 0; | ||
9543 | } | ||
9544 | _ACEOF | ||
9545 | for ac_lib in '' resolv nsl; do | ||
9546 | if test -z "$ac_lib"; then | ||
9547 | ac_res="none required" | ||
9548 | else | ||
9549 | ac_res=-l$ac_lib | ||
9550 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9551 | fi | ||
9552 | if ac_fn_c_try_link "$LINENO"; then : | ||
9553 | ac_cv_search_inet_ntop=$ac_res | ||
9554 | fi | ||
9555 | rm -f core conftest.err conftest.$ac_objext \ | ||
9556 | conftest$ac_exeext | ||
9557 | if ${ac_cv_search_inet_ntop+:} false; then : | ||
9558 | break | ||
9559 | fi | ||
9560 | done | ||
9561 | if ${ac_cv_search_inet_ntop+:} false; then : | ||
9562 | |||
9563 | else | ||
9564 | ac_cv_search_inet_ntop=no | ||
9565 | fi | ||
9566 | rm conftest.$ac_ext | ||
9567 | LIBS=$ac_func_search_save_LIBS | ||
9568 | fi | ||
9569 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 | ||
9570 | $as_echo "$ac_cv_search_inet_ntop" >&6; } | ||
9571 | ac_res=$ac_cv_search_inet_ntop | ||
9572 | if test "$ac_res" != no; then : | ||
9573 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9574 | |||
9575 | fi | ||
9576 | |||
9577 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 | ||
9578 | $as_echo_n "checking for library containing gethostbyname... " >&6; } | ||
9579 | if ${ac_cv_search_gethostbyname+:} false; then : | ||
9580 | $as_echo_n "(cached) " >&6 | ||
9581 | else | ||
9582 | ac_func_search_save_LIBS=$LIBS | ||
9583 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9584 | /* end confdefs.h. */ | ||
9585 | |||
9586 | /* Override any GCC internal prototype to avoid an error. | ||
9587 | Use char because int might match the return type of a GCC | ||
9588 | builtin and then its argument prototype would still apply. */ | ||
9589 | #ifdef __cplusplus | ||
9590 | extern "C" | ||
9591 | #endif | ||
9592 | char gethostbyname (); | ||
9593 | int | ||
9594 | main () | ||
9595 | { | ||
9596 | return gethostbyname (); | ||
9597 | ; | ||
9598 | return 0; | ||
9599 | } | ||
9600 | _ACEOF | ||
9601 | for ac_lib in '' resolv nsl; do | ||
9602 | if test -z "$ac_lib"; then | ||
9603 | ac_res="none required" | ||
9604 | else | ||
9605 | ac_res=-l$ac_lib | ||
9606 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
9607 | fi | ||
9608 | if ac_fn_c_try_link "$LINENO"; then : | ||
9609 | ac_cv_search_gethostbyname=$ac_res | ||
9610 | fi | ||
9611 | rm -f core conftest.err conftest.$ac_objext \ | ||
9612 | conftest$ac_exeext | ||
9613 | if ${ac_cv_search_gethostbyname+:} false; then : | ||
9614 | break | ||
9615 | fi | ||
9616 | done | ||
9617 | if ${ac_cv_search_gethostbyname+:} false; then : | ||
9618 | |||
9619 | else | ||
9620 | ac_cv_search_gethostbyname=no | ||
9621 | fi | ||
9622 | rm conftest.$ac_ext | ||
9623 | LIBS=$ac_func_search_save_LIBS | ||
9624 | fi | ||
9625 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 | ||
9626 | $as_echo "$ac_cv_search_gethostbyname" >&6; } | ||
9627 | ac_res=$ac_cv_search_gethostbyname | ||
9628 | if test "$ac_res" != no; then : | ||
9629 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
9630 | |||
9631 | fi | ||
9632 | |||
9633 | |||
9634 | for ac_func in strftime | ||
9635 | do : | ||
9636 | ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" | ||
9637 | if test "x$ac_cv_func_strftime" = xyes; then : | ||
9638 | cat >>confdefs.h <<_ACEOF | ||
9639 | #define HAVE_STRFTIME 1 | ||
9640 | _ACEOF | ||
9641 | |||
9642 | else | ||
9643 | # strftime is in -lintl on SCO UNIX. | ||
9644 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 | ||
9645 | $as_echo_n "checking for strftime in -lintl... " >&6; } | ||
9646 | if ${ac_cv_lib_intl_strftime+:} false; then : | ||
9647 | $as_echo_n "(cached) " >&6 | ||
9648 | else | ||
9649 | ac_check_lib_save_LIBS=$LIBS | ||
9650 | LIBS="-lintl $LIBS" | ||
9651 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9652 | /* end confdefs.h. */ | ||
9653 | |||
9654 | /* Override any GCC internal prototype to avoid an error. | ||
9655 | Use char because int might match the return type of a GCC | ||
9656 | builtin and then its argument prototype would still apply. */ | ||
9657 | #ifdef __cplusplus | ||
9658 | extern "C" | ||
9659 | #endif | ||
9660 | char strftime (); | ||
9661 | int | ||
9662 | main () | ||
9663 | { | ||
9664 | return strftime (); | ||
9665 | ; | ||
9666 | return 0; | ||
9667 | } | ||
9668 | _ACEOF | ||
9669 | if ac_fn_c_try_link "$LINENO"; then : | ||
9670 | ac_cv_lib_intl_strftime=yes | ||
9671 | else | ||
9672 | ac_cv_lib_intl_strftime=no | ||
9673 | fi | ||
9674 | rm -f core conftest.err conftest.$ac_objext \ | ||
9675 | conftest$ac_exeext conftest.$ac_ext | ||
9676 | LIBS=$ac_check_lib_save_LIBS | ||
9677 | fi | ||
9678 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 | ||
9679 | $as_echo "$ac_cv_lib_intl_strftime" >&6; } | ||
9680 | if test "x$ac_cv_lib_intl_strftime" = xyes; then : | ||
9681 | $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h | ||
9682 | |||
9683 | LIBS="-lintl $LIBS" | ||
9684 | fi | ||
9685 | |||
9686 | fi | ||
9687 | done | ||
9688 | |||
9689 | |||
9690 | # Check for ALTDIRFUNC glob() extension | ||
9691 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5 | ||
9692 | $as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; } | ||
9693 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9694 | /* end confdefs.h. */ | ||
9695 | |||
9696 | #include <glob.h> | ||
9697 | #ifdef GLOB_ALTDIRFUNC | ||
9698 | FOUNDIT | ||
9699 | #endif | ||
9700 | |||
9701 | _ACEOF | ||
9702 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
9703 | $EGREP "FOUNDIT" >/dev/null 2>&1; then : | ||
9704 | |||
9705 | |||
9706 | $as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h | ||
9707 | |||
9708 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9709 | $as_echo "yes" >&6; } | ||
9710 | |||
9711 | else | ||
9712 | |||
9713 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9714 | $as_echo "no" >&6; } | ||
9715 | |||
9716 | |||
9717 | fi | ||
9718 | rm -f conftest* | ||
9719 | |||
9720 | |||
9721 | # Check for g.gl_matchc glob() extension | ||
9722 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5 | ||
9723 | $as_echo_n "checking for gl_matchc field in glob_t... " >&6; } | ||
9724 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9725 | /* end confdefs.h. */ | ||
9726 | #include <glob.h> | ||
9727 | int | ||
9728 | main () | ||
9729 | { | ||
9730 | glob_t g; g.gl_matchc = 1; | ||
9731 | ; | ||
9732 | return 0; | ||
9733 | } | ||
9734 | _ACEOF | ||
9735 | if ac_fn_c_try_compile "$LINENO"; then : | ||
9736 | |||
9737 | |||
9738 | $as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h | ||
9739 | |||
9740 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9741 | $as_echo "yes" >&6; } | ||
9742 | |||
9743 | else | ||
9744 | |||
9745 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9746 | $as_echo "no" >&6; } | ||
9747 | |||
9748 | fi | ||
9749 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
9750 | |||
9751 | # Check for g.gl_statv glob() extension | ||
9752 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5 | ||
9753 | $as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; } | ||
9754 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9755 | /* end confdefs.h. */ | ||
9756 | #include <glob.h> | ||
9757 | int | ||
9758 | main () | ||
9759 | { | ||
9760 | |||
9761 | #ifndef GLOB_KEEPSTAT | ||
9762 | #error "glob does not support GLOB_KEEPSTAT extension" | ||
9763 | #endif | ||
9764 | glob_t g; | ||
9765 | g.gl_statv = NULL; | ||
9766 | |||
9767 | ; | ||
9768 | return 0; | ||
9769 | } | ||
9770 | _ACEOF | ||
9771 | if ac_fn_c_try_compile "$LINENO"; then : | ||
9772 | |||
9773 | |||
9774 | $as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h | ||
9775 | |||
9776 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9777 | $as_echo "yes" >&6; } | ||
9778 | |||
9779 | else | ||
9780 | |||
9781 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9782 | $as_echo "no" >&6; } | ||
9783 | |||
9784 | |||
9785 | fi | ||
9786 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
9787 | |||
9788 | ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h> | ||
9789 | " | ||
9790 | if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then : | ||
9791 | ac_have_decl=1 | ||
9792 | else | ||
9793 | ac_have_decl=0 | ||
9794 | fi | ||
9795 | |||
9796 | cat >>confdefs.h <<_ACEOF | ||
9797 | #define HAVE_DECL_GLOB_NOMATCH $ac_have_decl | ||
9798 | _ACEOF | ||
9799 | |||
9800 | |||
9801 | ac_fn_c_check_decl "$LINENO" "VIS_ALL" "ac_cv_have_decl_VIS_ALL" "#include <vis.h> | ||
9802 | " | ||
9803 | if test "x$ac_cv_have_decl_VIS_ALL" = xyes; then : | ||
9804 | |||
9805 | else | ||
9806 | |||
9807 | $as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h | ||
9808 | |||
9809 | fi | ||
9810 | |||
9811 | |||
9812 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5 | ||
9813 | $as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; } | ||
9814 | if test "$cross_compiling" = yes; then : | ||
9815 | |||
9816 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5 | ||
9817 | $as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;} | ||
9818 | $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h | ||
9819 | |||
9820 | |||
9821 | |||
9822 | else | ||
9823 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9824 | /* end confdefs.h. */ | ||
9825 | |||
9826 | #include <sys/types.h> | ||
9827 | #include <dirent.h> | ||
9828 | int | ||
9829 | main () | ||
9830 | { | ||
9831 | |||
9832 | struct dirent d; | ||
9833 | exit(sizeof(d.d_name)<=sizeof(char)); | ||
9834 | |||
9835 | ; | ||
9836 | return 0; | ||
9837 | } | ||
9838 | _ACEOF | ||
9839 | if ac_fn_c_try_run "$LINENO"; then : | ||
9840 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9841 | $as_echo "yes" >&6; } | ||
9842 | else | ||
9843 | |||
9844 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9845 | $as_echo "no" >&6; } | ||
9846 | |||
9847 | $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h | ||
9848 | |||
9849 | |||
9850 | fi | ||
9851 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
9852 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
9853 | fi | ||
9854 | |||
9855 | |||
9856 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5 | ||
9857 | $as_echo_n "checking for /proc/pid/fd directory... " >&6; } | ||
9858 | if test -d "/proc/$$/fd" ; then | ||
9859 | |||
9860 | $as_echo "#define HAVE_PROC_PID 1" >>confdefs.h | ||
9861 | |||
9862 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9863 | $as_echo "yes" >&6; } | ||
9864 | else | ||
9865 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9866 | $as_echo "no" >&6; } | ||
9867 | fi | ||
9868 | |||
9869 | # Check whether user wants S/Key support | ||
9870 | SKEY_MSG="no" | ||
9871 | |||
9872 | # Check whether --with-skey was given. | ||
9873 | if test "${with_skey+set}" = set; then : | ||
9874 | withval=$with_skey; | ||
9875 | if test "x$withval" != "xno" ; then | ||
9876 | |||
9877 | if test "x$withval" != "xyes" ; then | ||
9878 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
9879 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
9880 | fi | ||
9881 | |||
9882 | |||
9883 | $as_echo "#define SKEY 1" >>confdefs.h | ||
9884 | |||
9885 | LIBS="-lskey $LIBS" | ||
9886 | SKEY_MSG="yes" | ||
9887 | |||
9888 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5 | ||
9889 | $as_echo_n "checking for s/key support... " >&6; } | ||
9890 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9891 | /* end confdefs.h. */ | ||
9892 | |||
9893 | #include <stdio.h> | ||
9894 | #include <skey.h> | ||
9895 | |||
9896 | int | ||
9897 | main () | ||
9898 | { | ||
9899 | |||
9900 | char *ff = skey_keyinfo(""); ff=""; | ||
9901 | exit(0); | ||
9902 | |||
9903 | ; | ||
9904 | return 0; | ||
9905 | } | ||
9906 | _ACEOF | ||
9907 | if ac_fn_c_try_link "$LINENO"; then : | ||
9908 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9909 | $as_echo "yes" >&6; } | ||
9910 | else | ||
9911 | |||
9912 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9913 | $as_echo "no" >&6; } | ||
9914 | as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5 | ||
9915 | |||
9916 | fi | ||
9917 | rm -f core conftest.err conftest.$ac_objext \ | ||
9918 | conftest$ac_exeext conftest.$ac_ext | ||
9919 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5 | ||
9920 | $as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; } | ||
9921 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
9922 | /* end confdefs.h. */ | ||
9923 | |||
9924 | #include <stdio.h> | ||
9925 | #include <skey.h> | ||
9926 | |||
9927 | int | ||
9928 | main () | ||
9929 | { | ||
9930 | |||
9931 | (void)skeychallenge(NULL,"name","",0); | ||
9932 | |||
9933 | ; | ||
9934 | return 0; | ||
9935 | } | ||
9936 | _ACEOF | ||
9937 | if ac_fn_c_try_compile "$LINENO"; then : | ||
9938 | |||
9939 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
9940 | $as_echo "yes" >&6; } | ||
9941 | |||
9942 | $as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h | ||
9943 | |||
9944 | else | ||
9945 | |||
9946 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
9947 | $as_echo "no" >&6; } | ||
9948 | |||
9949 | fi | ||
9950 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
9951 | fi | ||
9952 | |||
9953 | |||
9954 | fi | ||
9955 | |||
9956 | |||
9957 | # Check whether user wants to use ldns | ||
9958 | LDNS_MSG="no" | ||
9959 | |||
9960 | # Check whether --with-ldns was given. | ||
9961 | if test "${with_ldns+set}" = set; then : | ||
9962 | withval=$with_ldns; | ||
9963 | ldns="" | ||
9964 | if test "x$withval" = "xyes" ; then | ||
9965 | if test -n "$ac_tool_prefix"; then | ||
9966 | # Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args. | ||
9967 | set dummy ${ac_tool_prefix}ldns-config; ac_word=$2 | ||
9968 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
9969 | $as_echo_n "checking for $ac_word... " >&6; } | ||
9970 | if ${ac_cv_path_LDNSCONFIG+:} false; then : | ||
9971 | $as_echo_n "(cached) " >&6 | ||
9972 | else | ||
9973 | case $LDNSCONFIG in | ||
9974 | [\\/]* | ?:[\\/]*) | ||
9975 | ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path. | ||
9976 | ;; | ||
9977 | *) | ||
9978 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
9979 | for as_dir in $PATH | ||
9980 | do | ||
9981 | IFS=$as_save_IFS | ||
9982 | test -z "$as_dir" && as_dir=. | ||
9983 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
9984 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
9985 | ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
9986 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
9987 | break 2 | ||
9988 | fi | ||
9989 | done | ||
9990 | done | ||
9991 | IFS=$as_save_IFS | ||
9992 | |||
9993 | ;; | ||
9994 | esac | ||
9995 | fi | ||
9996 | LDNSCONFIG=$ac_cv_path_LDNSCONFIG | ||
9997 | if test -n "$LDNSCONFIG"; then | ||
9998 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5 | ||
9999 | $as_echo "$LDNSCONFIG" >&6; } | ||
10000 | else | ||
10001 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10002 | $as_echo "no" >&6; } | ||
10003 | fi | ||
10004 | |||
10005 | |||
10006 | fi | ||
10007 | if test -z "$ac_cv_path_LDNSCONFIG"; then | ||
10008 | ac_pt_LDNSCONFIG=$LDNSCONFIG | ||
10009 | # Extract the first word of "ldns-config", so it can be a program name with args. | ||
10010 | set dummy ldns-config; ac_word=$2 | ||
10011 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10012 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10013 | if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then : | ||
10014 | $as_echo_n "(cached) " >&6 | ||
10015 | else | ||
10016 | case $ac_pt_LDNSCONFIG in | ||
10017 | [\\/]* | ?:[\\/]*) | ||
10018 | ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path. | ||
10019 | ;; | ||
10020 | *) | ||
10021 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10022 | for as_dir in $PATH | ||
10023 | do | ||
10024 | IFS=$as_save_IFS | ||
10025 | test -z "$as_dir" && as_dir=. | ||
10026 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10027 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10028 | ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10029 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10030 | break 2 | ||
10031 | fi | ||
10032 | done | ||
10033 | done | ||
10034 | IFS=$as_save_IFS | ||
10035 | |||
10036 | ;; | ||
10037 | esac | ||
10038 | fi | ||
10039 | ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG | ||
10040 | if test -n "$ac_pt_LDNSCONFIG"; then | ||
10041 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5 | ||
10042 | $as_echo "$ac_pt_LDNSCONFIG" >&6; } | ||
10043 | else | ||
10044 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10045 | $as_echo "no" >&6; } | ||
10046 | fi | ||
10047 | |||
10048 | if test "x$ac_pt_LDNSCONFIG" = x; then | ||
10049 | LDNSCONFIG="no" | ||
10050 | else | ||
10051 | case $cross_compiling:$ac_tool_warned in | ||
10052 | yes:) | ||
10053 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
10054 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
10055 | ac_tool_warned=yes ;; | ||
10056 | esac | ||
10057 | LDNSCONFIG=$ac_pt_LDNSCONFIG | ||
10058 | fi | ||
10059 | else | ||
10060 | LDNSCONFIG="$ac_cv_path_LDNSCONFIG" | ||
10061 | fi | ||
10062 | |||
10063 | if test "x$PKGCONFIG" = "xno"; then | ||
10064 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
10065 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
10066 | LIBS="-lldns $LIBS" | ||
10067 | ldns=yes | ||
10068 | else | ||
10069 | LIBS="$LIBS `$LDNSCONFIG --libs`" | ||
10070 | CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" | ||
10071 | fi | ||
10072 | elif test "x$withval" != "xno" ; then | ||
10073 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
10074 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
10075 | LIBS="-lldns $LIBS" | ||
10076 | ldns=yes | ||
10077 | fi | ||
10078 | |||
10079 | # Verify that it works. | ||
10080 | if test "x$ldns" = "xyes" ; then | ||
10081 | |||
10082 | $as_echo "#define HAVE_LDNS 1" >>confdefs.h | ||
10083 | |||
10084 | LDNS_MSG="yes" | ||
10085 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5 | ||
10086 | $as_echo_n "checking for ldns support... " >&6; } | ||
10087 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10088 | /* end confdefs.h. */ | ||
10089 | |||
10090 | #include <stdio.h> | ||
10091 | #include <stdlib.h> | ||
10092 | #include <stdint.h> | ||
10093 | #include <ldns/ldns.h> | ||
10094 | int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } | ||
10095 | |||
10096 | |||
10097 | _ACEOF | ||
10098 | if ac_fn_c_try_link "$LINENO"; then : | ||
10099 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10100 | $as_echo "yes" >&6; } | ||
10101 | else | ||
10102 | |||
10103 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10104 | $as_echo "no" >&6; } | ||
10105 | as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5 | ||
10106 | |||
10107 | fi | ||
10108 | rm -f core conftest.err conftest.$ac_objext \ | ||
10109 | conftest$ac_exeext conftest.$ac_ext | ||
10110 | fi | ||
10111 | |||
10112 | fi | ||
10113 | |||
10114 | |||
10115 | # Check whether user wants libedit support | ||
10116 | LIBEDIT_MSG="no" | ||
10117 | |||
10118 | # Check whether --with-libedit was given. | ||
10119 | if test "${with_libedit+set}" = set; then : | ||
10120 | withval=$with_libedit; if test "x$withval" != "xno" ; then | ||
10121 | if test "x$withval" = "xyes" ; then | ||
10122 | if test -n "$ac_tool_prefix"; then | ||
10123 | # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. | ||
10124 | set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 | ||
10125 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10126 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10127 | if ${ac_cv_path_PKGCONFIG+:} false; then : | ||
10128 | $as_echo_n "(cached) " >&6 | ||
10129 | else | ||
10130 | case $PKGCONFIG in | ||
10131 | [\\/]* | ?:[\\/]*) | ||
10132 | ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. | ||
10133 | ;; | ||
10134 | *) | ||
10135 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10136 | for as_dir in $PATH | ||
10137 | do | ||
10138 | IFS=$as_save_IFS | ||
10139 | test -z "$as_dir" && as_dir=. | ||
10140 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10141 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10142 | ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10143 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10144 | break 2 | ||
10145 | fi | ||
10146 | done | ||
10147 | done | ||
10148 | IFS=$as_save_IFS | ||
10149 | |||
10150 | ;; | ||
10151 | esac | ||
10152 | fi | ||
10153 | PKGCONFIG=$ac_cv_path_PKGCONFIG | ||
10154 | if test -n "$PKGCONFIG"; then | ||
10155 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 | ||
10156 | $as_echo "$PKGCONFIG" >&6; } | ||
10157 | else | ||
10158 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10159 | $as_echo "no" >&6; } | ||
10160 | fi | ||
10161 | |||
10162 | |||
10163 | fi | ||
10164 | if test -z "$ac_cv_path_PKGCONFIG"; then | ||
10165 | ac_pt_PKGCONFIG=$PKGCONFIG | ||
10166 | # Extract the first word of "pkg-config", so it can be a program name with args. | ||
10167 | set dummy pkg-config; ac_word=$2 | ||
10168 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
10169 | $as_echo_n "checking for $ac_word... " >&6; } | ||
10170 | if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : | ||
10171 | $as_echo_n "(cached) " >&6 | ||
10172 | else | ||
10173 | case $ac_pt_PKGCONFIG in | ||
10174 | [\\/]* | ?:[\\/]*) | ||
10175 | ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. | ||
10176 | ;; | ||
10177 | *) | ||
10178 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
10179 | for as_dir in $PATH | ||
10180 | do | ||
10181 | IFS=$as_save_IFS | ||
10182 | test -z "$as_dir" && as_dir=. | ||
10183 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
10184 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
10185 | ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
10186 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
10187 | break 2 | ||
10188 | fi | ||
10189 | done | ||
10190 | done | ||
10191 | IFS=$as_save_IFS | ||
10192 | |||
10193 | ;; | ||
10194 | esac | ||
10195 | fi | ||
10196 | ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG | ||
10197 | if test -n "$ac_pt_PKGCONFIG"; then | ||
10198 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 | ||
10199 | $as_echo "$ac_pt_PKGCONFIG" >&6; } | ||
10200 | else | ||
10201 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10202 | $as_echo "no" >&6; } | ||
10203 | fi | ||
10204 | |||
10205 | if test "x$ac_pt_PKGCONFIG" = x; then | ||
10206 | PKGCONFIG="no" | ||
10207 | else | ||
10208 | case $cross_compiling:$ac_tool_warned in | ||
10209 | yes:) | ||
10210 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
10211 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
10212 | ac_tool_warned=yes ;; | ||
10213 | esac | ||
10214 | PKGCONFIG=$ac_pt_PKGCONFIG | ||
10215 | fi | ||
10216 | else | ||
10217 | PKGCONFIG="$ac_cv_path_PKGCONFIG" | ||
10218 | fi | ||
10219 | |||
10220 | if test "x$PKGCONFIG" != "xno"; then | ||
10221 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 | ||
10222 | $as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; } | ||
10223 | if "$PKGCONFIG" libedit; then | ||
10224 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10225 | $as_echo "yes" >&6; } | ||
10226 | use_pkgconfig_for_libedit=yes | ||
10227 | else | ||
10228 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10229 | $as_echo "no" >&6; } | ||
10230 | fi | ||
10231 | fi | ||
10232 | else | ||
10233 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
10234 | if test -n "${need_dash_r}"; then | ||
10235 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | ||
10236 | else | ||
10237 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | ||
10238 | fi | ||
10239 | fi | ||
10240 | if test "x$use_pkgconfig_for_libedit" = "xyes"; then | ||
10241 | LIBEDIT=`$PKGCONFIG --libs libedit` | ||
10242 | CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" | ||
10243 | else | ||
10244 | LIBEDIT="-ledit -lcurses" | ||
10245 | fi | ||
10246 | OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` | ||
10247 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5 | ||
10248 | $as_echo_n "checking for el_init in -ledit... " >&6; } | ||
10249 | if ${ac_cv_lib_edit_el_init+:} false; then : | ||
10250 | $as_echo_n "(cached) " >&6 | ||
10251 | else | ||
10252 | ac_check_lib_save_LIBS=$LIBS | ||
10253 | LIBS="-ledit $OTHERLIBS | ||
10254 | $LIBS" | ||
10255 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10256 | /* end confdefs.h. */ | ||
10257 | |||
10258 | /* Override any GCC internal prototype to avoid an error. | ||
10259 | Use char because int might match the return type of a GCC | ||
10260 | builtin and then its argument prototype would still apply. */ | ||
10261 | #ifdef __cplusplus | ||
10262 | extern "C" | ||
10263 | #endif | ||
10264 | char el_init (); | ||
10265 | int | ||
10266 | main () | ||
10267 | { | ||
10268 | return el_init (); | ||
10269 | ; | ||
10270 | return 0; | ||
10271 | } | ||
10272 | _ACEOF | ||
10273 | if ac_fn_c_try_link "$LINENO"; then : | ||
10274 | ac_cv_lib_edit_el_init=yes | ||
10275 | else | ||
10276 | ac_cv_lib_edit_el_init=no | ||
10277 | fi | ||
10278 | rm -f core conftest.err conftest.$ac_objext \ | ||
10279 | conftest$ac_exeext conftest.$ac_ext | ||
10280 | LIBS=$ac_check_lib_save_LIBS | ||
10281 | fi | ||
10282 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5 | ||
10283 | $as_echo "$ac_cv_lib_edit_el_init" >&6; } | ||
10284 | if test "x$ac_cv_lib_edit_el_init" = xyes; then : | ||
10285 | |||
10286 | $as_echo "#define USE_LIBEDIT 1" >>confdefs.h | ||
10287 | |||
10288 | LIBEDIT_MSG="yes" | ||
10289 | |||
10290 | |||
10291 | else | ||
10292 | as_fn_error $? "libedit not found" "$LINENO" 5 | ||
10293 | fi | ||
10294 | |||
10295 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5 | ||
10296 | $as_echo_n "checking if libedit version is compatible... " >&6; } | ||
10297 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10298 | /* end confdefs.h. */ | ||
10299 | #include <histedit.h> | ||
10300 | int | ||
10301 | main () | ||
10302 | { | ||
10303 | |||
10304 | int i = H_SETSIZE; | ||
10305 | el_init("", NULL, NULL, NULL); | ||
10306 | exit(0); | ||
10307 | |||
10308 | ; | ||
10309 | return 0; | ||
10310 | } | ||
10311 | _ACEOF | ||
10312 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10313 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10314 | $as_echo "yes" >&6; } | ||
10315 | else | ||
10316 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10317 | $as_echo "no" >&6; } | ||
10318 | as_fn_error $? "libedit version is not compatible" "$LINENO" 5 | ||
10319 | |||
10320 | fi | ||
10321 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10322 | fi | ||
10323 | |||
10324 | fi | ||
10325 | |||
10326 | |||
10327 | AUDIT_MODULE=none | ||
10328 | |||
10329 | # Check whether --with-audit was given. | ||
10330 | if test "${with_audit+set}" = set; then : | ||
10331 | withval=$with_audit; | ||
10332 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5 | ||
10333 | $as_echo_n "checking for supported audit module... " >&6; } | ||
10334 | case "$withval" in | ||
10335 | bsm) | ||
10336 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5 | ||
10337 | $as_echo "bsm" >&6; } | ||
10338 | AUDIT_MODULE=bsm | ||
10339 | for ac_header in bsm/audit.h | ||
10340 | do : | ||
10341 | ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" " | ||
10342 | #ifdef HAVE_TIME_H | ||
10343 | # include <time.h> | ||
10344 | #endif | ||
10345 | |||
10346 | |||
10347 | " | ||
10348 | if test "x$ac_cv_header_bsm_audit_h" = xyes; then : | ||
10349 | cat >>confdefs.h <<_ACEOF | ||
10350 | #define HAVE_BSM_AUDIT_H 1 | ||
10351 | _ACEOF | ||
10352 | |||
10353 | else | ||
10354 | as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5 | ||
10355 | fi | ||
10356 | |||
10357 | done | ||
10358 | |||
10359 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5 | ||
10360 | $as_echo_n "checking for getaudit in -lbsm... " >&6; } | ||
10361 | if ${ac_cv_lib_bsm_getaudit+:} false; then : | ||
10362 | $as_echo_n "(cached) " >&6 | ||
10363 | else | ||
10364 | ac_check_lib_save_LIBS=$LIBS | ||
10365 | LIBS="-lbsm $LIBS" | ||
10366 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10367 | /* end confdefs.h. */ | ||
10368 | |||
10369 | /* Override any GCC internal prototype to avoid an error. | ||
10370 | Use char because int might match the return type of a GCC | ||
10371 | builtin and then its argument prototype would still apply. */ | ||
10372 | #ifdef __cplusplus | ||
10373 | extern "C" | ||
10374 | #endif | ||
10375 | char getaudit (); | ||
10376 | int | ||
10377 | main () | ||
10378 | { | ||
10379 | return getaudit (); | ||
10380 | ; | ||
10381 | return 0; | ||
10382 | } | ||
10383 | _ACEOF | ||
10384 | if ac_fn_c_try_link "$LINENO"; then : | ||
10385 | ac_cv_lib_bsm_getaudit=yes | ||
10386 | else | ||
10387 | ac_cv_lib_bsm_getaudit=no | ||
10388 | fi | ||
10389 | rm -f core conftest.err conftest.$ac_objext \ | ||
10390 | conftest$ac_exeext conftest.$ac_ext | ||
10391 | LIBS=$ac_check_lib_save_LIBS | ||
10392 | fi | ||
10393 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5 | ||
10394 | $as_echo "$ac_cv_lib_bsm_getaudit" >&6; } | ||
10395 | if test "x$ac_cv_lib_bsm_getaudit" = xyes; then : | ||
10396 | cat >>confdefs.h <<_ACEOF | ||
10397 | #define HAVE_LIBBSM 1 | ||
10398 | _ACEOF | ||
10399 | |||
10400 | LIBS="-lbsm $LIBS" | ||
10401 | |||
10402 | else | ||
10403 | as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5 | ||
10404 | fi | ||
10405 | |||
10406 | for ac_func in getaudit | ||
10407 | do : | ||
10408 | ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit" | ||
10409 | if test "x$ac_cv_func_getaudit" = xyes; then : | ||
10410 | cat >>confdefs.h <<_ACEOF | ||
10411 | #define HAVE_GETAUDIT 1 | ||
10412 | _ACEOF | ||
10413 | |||
10414 | else | ||
10415 | as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5 | ||
10416 | fi | ||
10417 | done | ||
10418 | |||
10419 | # These are optional | ||
10420 | for ac_func in getaudit_addr aug_get_machine | ||
10421 | do : | ||
10422 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
10423 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
10424 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
10425 | cat >>confdefs.h <<_ACEOF | ||
10426 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
10427 | _ACEOF | ||
10428 | |||
10429 | fi | ||
10430 | done | ||
10431 | |||
10432 | |||
10433 | $as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h | ||
10434 | |||
10435 | if test "$sol2ver" -ge 11; then | ||
10436 | SSHDLIBS="$SSHDLIBS -lscf" | ||
10437 | |||
10438 | $as_echo "#define BROKEN_BSM_API 1" >>confdefs.h | ||
10439 | |||
10440 | fi | ||
10441 | ;; | ||
10442 | linux) | ||
10443 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5 | ||
10444 | $as_echo "linux" >&6; } | ||
10445 | AUDIT_MODULE=linux | ||
10446 | for ac_header in libaudit.h | ||
10447 | do : | ||
10448 | ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default" | ||
10449 | if test "x$ac_cv_header_libaudit_h" = xyes; then : | ||
10450 | cat >>confdefs.h <<_ACEOF | ||
10451 | #define HAVE_LIBAUDIT_H 1 | ||
10452 | _ACEOF | ||
10453 | |||
10454 | fi | ||
10455 | |||
10456 | done | ||
10457 | |||
10458 | SSHDLIBS="$SSHDLIBS -laudit" | ||
10459 | |||
10460 | $as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h | ||
10461 | |||
10462 | ;; | ||
10463 | debug) | ||
10464 | AUDIT_MODULE=debug | ||
10465 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5 | ||
10466 | $as_echo "debug" >&6; } | ||
10467 | |||
10468 | $as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h | ||
10469 | |||
10470 | ;; | ||
10471 | no) | ||
10472 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10473 | $as_echo "no" >&6; } | ||
10474 | ;; | ||
10475 | *) | ||
10476 | as_fn_error $? "Unknown audit module $withval" "$LINENO" 5 | ||
10477 | ;; | ||
10478 | esac | ||
10479 | |||
10480 | fi | ||
10481 | |||
10482 | |||
10483 | |||
10484 | # Check whether --with-pie was given. | ||
10485 | if test "${with_pie+set}" = set; then : | ||
10486 | withval=$with_pie; | ||
10487 | if test "x$withval" = "xno"; then | ||
10488 | use_pie=no | ||
10489 | fi | ||
10490 | if test "x$withval" = "xyes"; then | ||
10491 | use_pie=yes | ||
10492 | fi | ||
10493 | |||
10494 | |||
10495 | fi | ||
10496 | |||
10497 | if test "x$use_pie" = "x"; then | ||
10498 | use_pie=no | ||
10499 | fi | ||
10500 | if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then | ||
10501 | # Turn off automatic PIE when toolchain hardening is off. | ||
10502 | use_pie=no | ||
10503 | fi | ||
10504 | if test "x$use_pie" = "xauto"; then | ||
10505 | # Automatic PIE requires gcc >= 4.x | ||
10506 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc >= 4.x" >&5 | ||
10507 | $as_echo_n "checking for gcc >= 4.x... " >&6; } | ||
10508 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10509 | /* end confdefs.h. */ | ||
10510 | |||
10511 | #if !defined(__GNUC__) || __GNUC__ < 4 | ||
10512 | #error gcc is too old | ||
10513 | #endif | ||
10514 | |||
10515 | _ACEOF | ||
10516 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10517 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10518 | $as_echo "yes" >&6; } | ||
10519 | else | ||
10520 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10521 | $as_echo "no" >&6; } | ||
10522 | use_pie=no | ||
10523 | |||
10524 | fi | ||
10525 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10526 | fi | ||
10527 | if test "x$use_pie" != "xno"; then | ||
10528 | SAVED_CFLAGS="$CFLAGS" | ||
10529 | SAVED_LDFLAGS="$LDFLAGS" | ||
10530 | { | ||
10531 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fPIE" >&5 | ||
10532 | $as_echo_n "checking if $CC supports compile flag -fPIE... " >&6; } | ||
10533 | saved_CFLAGS="$CFLAGS" | ||
10534 | CFLAGS="$CFLAGS $WERROR -fPIE" | ||
10535 | _define_flag="" | ||
10536 | test "x$_define_flag" = "x" && _define_flag="-fPIE" | ||
10537 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10538 | /* end confdefs.h. */ | ||
10539 | |||
10540 | #include <stdlib.h> | ||
10541 | #include <stdio.h> | ||
10542 | int main(int argc, char **argv) { | ||
10543 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
10544 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
10545 | float l = i * 2.1; | ||
10546 | double m = l / 0.5; | ||
10547 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
10548 | printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); | ||
10549 | exit(0); | ||
10550 | } | ||
10551 | |||
10552 | _ACEOF | ||
10553 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10554 | |||
10555 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
10556 | then | ||
10557 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10558 | $as_echo "no" >&6; } | ||
10559 | CFLAGS="$saved_CFLAGS" | ||
10560 | else | ||
10561 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10562 | $as_echo "yes" >&6; } | ||
10563 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
10564 | fi | ||
10565 | else | ||
10566 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10567 | $as_echo "no" >&6; } | ||
10568 | CFLAGS="$saved_CFLAGS" | ||
10569 | |||
10570 | fi | ||
10571 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10572 | } | ||
10573 | { | ||
10574 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -pie" >&5 | ||
10575 | $as_echo_n "checking if $LD supports link flag -pie... " >&6; } | ||
10576 | saved_LDFLAGS="$LDFLAGS" | ||
10577 | LDFLAGS="$LDFLAGS $WERROR -pie" | ||
10578 | _define_flag="" | ||
10579 | test "x$_define_flag" = "x" && _define_flag="-pie" | ||
10580 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10581 | /* end confdefs.h. */ | ||
10582 | |||
10583 | #include <stdlib.h> | ||
10584 | #include <stdio.h> | ||
10585 | int main(int argc, char **argv) { | ||
10586 | /* Some math to catch -ftrapv problems in the toolchain */ | ||
10587 | int i = 123 * argc, j = 456 + argc, k = 789 - argc; | ||
10588 | float l = i * 2.1; | ||
10589 | double m = l / 0.5; | ||
10590 | long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; | ||
10591 | long long p = n * o; | ||
10592 | printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p); | ||
10593 | exit(0); | ||
10594 | } | ||
10595 | |||
10596 | _ACEOF | ||
10597 | if ac_fn_c_try_link "$LINENO"; then : | ||
10598 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10599 | $as_echo "yes" >&6; } | ||
10600 | LDFLAGS="$saved_LDFLAGS $_define_flag" | ||
10601 | else | ||
10602 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10603 | $as_echo "no" >&6; } | ||
10604 | LDFLAGS="$saved_LDFLAGS" | ||
10605 | |||
10606 | fi | ||
10607 | rm -f core conftest.err conftest.$ac_objext \ | ||
10608 | conftest$ac_exeext conftest.$ac_ext | ||
10609 | } | ||
10610 | # We use both -fPIE and -pie or neither. | ||
10611 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether both -fPIE and -pie are supported" >&5 | ||
10612 | $as_echo_n "checking whether both -fPIE and -pie are supported... " >&6; } | ||
10613 | if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ | ||
10614 | echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then | ||
10615 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10616 | $as_echo "yes" >&6; } | ||
10617 | else | ||
10618 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10619 | $as_echo "no" >&6; } | ||
10620 | CFLAGS="$SAVED_CFLAGS" | ||
10621 | LDFLAGS="$SAVED_LDFLAGS" | ||
10622 | fi | ||
10623 | fi | ||
10624 | |||
10625 | for ac_func in \ | ||
10626 | Blowfish_initstate \ | ||
10627 | Blowfish_expandstate \ | ||
10628 | Blowfish_expand0state \ | ||
10629 | Blowfish_stream2word \ | ||
10630 | asprintf \ | ||
10631 | b64_ntop \ | ||
10632 | __b64_ntop \ | ||
10633 | b64_pton \ | ||
10634 | __b64_pton \ | ||
10635 | bcopy \ | ||
10636 | bcrypt_pbkdf \ | ||
10637 | bindresvport_sa \ | ||
10638 | blf_enc \ | ||
10639 | cap_rights_limit \ | ||
10640 | clock \ | ||
10641 | closefrom \ | ||
10642 | dirfd \ | ||
10643 | endgrent \ | ||
10644 | err \ | ||
10645 | errx \ | ||
10646 | explicit_bzero \ | ||
10647 | fchmod \ | ||
10648 | fchown \ | ||
10649 | freeaddrinfo \ | ||
10650 | fstatfs \ | ||
10651 | fstatvfs \ | ||
10652 | futimes \ | ||
10653 | getaddrinfo \ | ||
10654 | getcwd \ | ||
10655 | getgrouplist \ | ||
10656 | getnameinfo \ | ||
10657 | getopt \ | ||
10658 | getpeereid \ | ||
10659 | getpeerucred \ | ||
10660 | getpgid \ | ||
10661 | getpgrp \ | ||
10662 | _getpty \ | ||
10663 | getrlimit \ | ||
10664 | getttyent \ | ||
10665 | glob \ | ||
10666 | group_from_gid \ | ||
10667 | inet_aton \ | ||
10668 | inet_ntoa \ | ||
10669 | inet_ntop \ | ||
10670 | innetgr \ | ||
10671 | llabs \ | ||
10672 | login_getcapbool \ | ||
10673 | md5_crypt \ | ||
10674 | memmove \ | ||
10675 | memset_s \ | ||
10676 | mkdtemp \ | ||
10677 | ngetaddrinfo \ | ||
10678 | nsleep \ | ||
10679 | ogetaddrinfo \ | ||
10680 | openlog_r \ | ||
10681 | pledge \ | ||
10682 | poll \ | ||
10683 | prctl \ | ||
10684 | pstat \ | ||
10685 | readpassphrase \ | ||
10686 | reallocarray \ | ||
10687 | recvmsg \ | ||
10688 | rresvport_af \ | ||
10689 | sendmsg \ | ||
10690 | setdtablesize \ | ||
10691 | setegid \ | ||
10692 | setenv \ | ||
10693 | seteuid \ | ||
10694 | setgroupent \ | ||
10695 | setgroups \ | ||
10696 | setlinebuf \ | ||
10697 | setlogin \ | ||
10698 | setpassent\ | ||
10699 | setpcred \ | ||
10700 | setproctitle \ | ||
10701 | setregid \ | ||
10702 | setreuid \ | ||
10703 | setrlimit \ | ||
10704 | setsid \ | ||
10705 | setvbuf \ | ||
10706 | sigaction \ | ||
10707 | sigvec \ | ||
10708 | snprintf \ | ||
10709 | socketpair \ | ||
10710 | statfs \ | ||
10711 | statvfs \ | ||
10712 | strcasestr \ | ||
10713 | strdup \ | ||
10714 | strerror \ | ||
10715 | strlcat \ | ||
10716 | strlcpy \ | ||
10717 | strmode \ | ||
10718 | strnlen \ | ||
10719 | strnvis \ | ||
10720 | strptime \ | ||
10721 | strtonum \ | ||
10722 | strtoll \ | ||
10723 | strtoul \ | ||
10724 | strtoull \ | ||
10725 | swap32 \ | ||
10726 | sysconf \ | ||
10727 | tcgetpgrp \ | ||
10728 | timingsafe_bcmp \ | ||
10729 | truncate \ | ||
10730 | unsetenv \ | ||
10731 | updwtmpx \ | ||
10732 | user_from_uid \ | ||
10733 | usleep \ | ||
10734 | vasprintf \ | ||
10735 | vsnprintf \ | ||
10736 | waitpid \ | ||
10737 | warn \ | ||
10738 | |||
10739 | do : | ||
10740 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
10741 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
10742 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
10743 | cat >>confdefs.h <<_ACEOF | ||
10744 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
10745 | _ACEOF | ||
10746 | |||
10747 | fi | ||
10748 | done | ||
10749 | |||
10750 | |||
10751 | for ac_func in mblen mbtowc nl_langinfo wcwidth | ||
10752 | do : | ||
10753 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
10754 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
10755 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
10756 | cat >>confdefs.h <<_ACEOF | ||
10757 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
10758 | _ACEOF | ||
10759 | |||
10760 | fi | ||
10761 | done | ||
10762 | |||
10763 | |||
10764 | TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} | ||
10765 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utf8 locale support" >&5 | ||
10766 | $as_echo_n "checking for utf8 locale support... " >&6; } | ||
10767 | if test "$cross_compiling" = yes; then : | ||
10768 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
10769 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
10770 | |||
10771 | else | ||
10772 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10773 | /* end confdefs.h. */ | ||
10774 | |||
10775 | #include <locale.h> | ||
10776 | #include <stdlib.h> | ||
10777 | |||
10778 | int | ||
10779 | main () | ||
10780 | { | ||
10781 | |||
10782 | char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); | ||
10783 | if (loc != NULL) | ||
10784 | exit(0); | ||
10785 | exit(1); | ||
10786 | |||
10787 | ; | ||
10788 | return 0; | ||
10789 | } | ||
10790 | _ACEOF | ||
10791 | if ac_fn_c_try_run "$LINENO"; then : | ||
10792 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
10793 | $as_echo "yes" >&6; } | ||
10794 | else | ||
10795 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
10796 | $as_echo "no" >&6; } | ||
10797 | TEST_SSH_UTF8=no | ||
10798 | fi | ||
10799 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
10800 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
10801 | fi | ||
10802 | |||
10803 | |||
10804 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10805 | /* end confdefs.h. */ | ||
10806 | #include <ctype.h> | ||
10807 | int | ||
10808 | main () | ||
10809 | { | ||
10810 | return (isblank('a')); | ||
10811 | ; | ||
10812 | return 0; | ||
10813 | } | ||
10814 | _ACEOF | ||
10815 | if ac_fn_c_try_link "$LINENO"; then : | ||
10816 | |||
10817 | $as_echo "#define HAVE_ISBLANK 1" >>confdefs.h | ||
10818 | |||
10819 | |||
10820 | fi | ||
10821 | rm -f core conftest.err conftest.$ac_objext \ | ||
10822 | conftest$ac_exeext conftest.$ac_ext | ||
10823 | |||
10824 | disable_pkcs11= | ||
10825 | # Check whether --enable-pkcs11 was given. | ||
10826 | if test "${enable_pkcs11+set}" = set; then : | ||
10827 | enableval=$enable_pkcs11; | ||
10828 | if test "x$enableval" = "xno" ; then | ||
10829 | disable_pkcs11=1 | ||
10830 | fi | ||
10831 | |||
10832 | |||
10833 | fi | ||
10834 | |||
10835 | |||
10836 | # PKCS11 depends on OpenSSL. | ||
10837 | if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then | ||
10838 | # PKCS#11 support requires dlopen() and co | ||
10839 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 | ||
10840 | $as_echo_n "checking for library containing dlopen... " >&6; } | ||
10841 | if ${ac_cv_search_dlopen+:} false; then : | ||
10842 | $as_echo_n "(cached) " >&6 | ||
10843 | else | ||
10844 | ac_func_search_save_LIBS=$LIBS | ||
10845 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10846 | /* end confdefs.h. */ | ||
10847 | |||
10848 | /* Override any GCC internal prototype to avoid an error. | ||
10849 | Use char because int might match the return type of a GCC | ||
10850 | builtin and then its argument prototype would still apply. */ | ||
10851 | #ifdef __cplusplus | ||
10852 | extern "C" | ||
10853 | #endif | ||
10854 | char dlopen (); | ||
10855 | int | ||
10856 | main () | ||
10857 | { | ||
10858 | return dlopen (); | ||
10859 | ; | ||
10860 | return 0; | ||
10861 | } | ||
10862 | _ACEOF | ||
10863 | for ac_lib in '' dl; do | ||
10864 | if test -z "$ac_lib"; then | ||
10865 | ac_res="none required" | ||
10866 | else | ||
10867 | ac_res=-l$ac_lib | ||
10868 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
10869 | fi | ||
10870 | if ac_fn_c_try_link "$LINENO"; then : | ||
10871 | ac_cv_search_dlopen=$ac_res | ||
10872 | fi | ||
10873 | rm -f core conftest.err conftest.$ac_objext \ | ||
10874 | conftest$ac_exeext | ||
10875 | if ${ac_cv_search_dlopen+:} false; then : | ||
10876 | break | ||
10877 | fi | ||
10878 | done | ||
10879 | if ${ac_cv_search_dlopen+:} false; then : | ||
10880 | |||
10881 | else | ||
10882 | ac_cv_search_dlopen=no | ||
10883 | fi | ||
10884 | rm conftest.$ac_ext | ||
10885 | LIBS=$ac_func_search_save_LIBS | ||
10886 | fi | ||
10887 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 | ||
10888 | $as_echo "$ac_cv_search_dlopen" >&6; } | ||
10889 | ac_res=$ac_cv_search_dlopen | ||
10890 | if test "$ac_res" != no; then : | ||
10891 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
10892 | |||
10893 | $as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h | ||
10894 | |||
10895 | |||
10896 | fi | ||
10897 | |||
10898 | fi | ||
10899 | |||
10900 | # IRIX has a const char return value for gai_strerror() | ||
10901 | for ac_func in gai_strerror | ||
10902 | do : | ||
10903 | ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror" | ||
10904 | if test "x$ac_cv_func_gai_strerror" = xyes; then : | ||
10905 | cat >>confdefs.h <<_ACEOF | ||
10906 | #define HAVE_GAI_STRERROR 1 | ||
10907 | _ACEOF | ||
10908 | |||
10909 | $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h | ||
10910 | |||
10911 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10912 | /* end confdefs.h. */ | ||
10913 | |||
10914 | #include <sys/types.h> | ||
10915 | #include <sys/socket.h> | ||
10916 | #include <netdb.h> | ||
10917 | |||
10918 | const char *gai_strerror(int); | ||
10919 | |||
10920 | int | ||
10921 | main () | ||
10922 | { | ||
10923 | |||
10924 | char *str; | ||
10925 | str = gai_strerror(0); | ||
10926 | |||
10927 | ; | ||
10928 | return 0; | ||
10929 | } | ||
10930 | _ACEOF | ||
10931 | if ac_fn_c_try_compile "$LINENO"; then : | ||
10932 | |||
10933 | |||
10934 | $as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h | ||
10935 | |||
10936 | fi | ||
10937 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
10938 | fi | ||
10939 | done | ||
10940 | |||
10941 | |||
10942 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 | ||
10943 | $as_echo_n "checking for library containing nanosleep... " >&6; } | ||
10944 | if ${ac_cv_search_nanosleep+:} false; then : | ||
10945 | $as_echo_n "(cached) " >&6 | ||
10946 | else | ||
10947 | ac_func_search_save_LIBS=$LIBS | ||
10948 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10949 | /* end confdefs.h. */ | ||
10950 | |||
10951 | /* Override any GCC internal prototype to avoid an error. | ||
10952 | Use char because int might match the return type of a GCC | ||
10953 | builtin and then its argument prototype would still apply. */ | ||
10954 | #ifdef __cplusplus | ||
10955 | extern "C" | ||
10956 | #endif | ||
10957 | char nanosleep (); | ||
10958 | int | ||
10959 | main () | ||
10960 | { | ||
10961 | return nanosleep (); | ||
10962 | ; | ||
10963 | return 0; | ||
10964 | } | ||
10965 | _ACEOF | ||
10966 | for ac_lib in '' rt posix4; do | ||
10967 | if test -z "$ac_lib"; then | ||
10968 | ac_res="none required" | ||
10969 | else | ||
10970 | ac_res=-l$ac_lib | ||
10971 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
10972 | fi | ||
10973 | if ac_fn_c_try_link "$LINENO"; then : | ||
10974 | ac_cv_search_nanosleep=$ac_res | ||
10975 | fi | ||
10976 | rm -f core conftest.err conftest.$ac_objext \ | ||
10977 | conftest$ac_exeext | ||
10978 | if ${ac_cv_search_nanosleep+:} false; then : | ||
10979 | break | ||
10980 | fi | ||
10981 | done | ||
10982 | if ${ac_cv_search_nanosleep+:} false; then : | ||
10983 | |||
10984 | else | ||
10985 | ac_cv_search_nanosleep=no | ||
10986 | fi | ||
10987 | rm conftest.$ac_ext | ||
10988 | LIBS=$ac_func_search_save_LIBS | ||
10989 | fi | ||
10990 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 | ||
10991 | $as_echo "$ac_cv_search_nanosleep" >&6; } | ||
10992 | ac_res=$ac_cv_search_nanosleep | ||
10993 | if test "$ac_res" != no; then : | ||
10994 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
10995 | |||
10996 | $as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h | ||
10997 | |||
10998 | fi | ||
10999 | |||
11000 | |||
11001 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 | ||
11002 | $as_echo_n "checking for library containing clock_gettime... " >&6; } | ||
11003 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
11004 | $as_echo_n "(cached) " >&6 | ||
11005 | else | ||
11006 | ac_func_search_save_LIBS=$LIBS | ||
11007 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11008 | /* end confdefs.h. */ | ||
11009 | |||
11010 | /* Override any GCC internal prototype to avoid an error. | ||
11011 | Use char because int might match the return type of a GCC | ||
11012 | builtin and then its argument prototype would still apply. */ | ||
11013 | #ifdef __cplusplus | ||
11014 | extern "C" | ||
11015 | #endif | ||
11016 | char clock_gettime (); | ||
11017 | int | ||
11018 | main () | ||
11019 | { | ||
11020 | return clock_gettime (); | ||
11021 | ; | ||
11022 | return 0; | ||
11023 | } | ||
11024 | _ACEOF | ||
11025 | for ac_lib in '' rt; do | ||
11026 | if test -z "$ac_lib"; then | ||
11027 | ac_res="none required" | ||
11028 | else | ||
11029 | ac_res=-l$ac_lib | ||
11030 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
11031 | fi | ||
11032 | if ac_fn_c_try_link "$LINENO"; then : | ||
11033 | ac_cv_search_clock_gettime=$ac_res | ||
11034 | fi | ||
11035 | rm -f core conftest.err conftest.$ac_objext \ | ||
11036 | conftest$ac_exeext | ||
11037 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
11038 | break | ||
11039 | fi | ||
11040 | done | ||
11041 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
11042 | |||
11043 | else | ||
11044 | ac_cv_search_clock_gettime=no | ||
11045 | fi | ||
11046 | rm conftest.$ac_ext | ||
11047 | LIBS=$ac_func_search_save_LIBS | ||
11048 | fi | ||
11049 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 | ||
11050 | $as_echo "$ac_cv_search_clock_gettime" >&6; } | ||
11051 | ac_res=$ac_cv_search_clock_gettime | ||
11052 | if test "$ac_res" != no; then : | ||
11053 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
11054 | |||
11055 | $as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h | ||
11056 | |||
11057 | fi | ||
11058 | |||
11059 | |||
11060 | ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" | ||
11061 | if test "x$ac_cv_have_decl_getrusage" = xyes; then : | ||
11062 | for ac_func in getrusage | ||
11063 | do : | ||
11064 | ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage" | ||
11065 | if test "x$ac_cv_func_getrusage" = xyes; then : | ||
11066 | cat >>confdefs.h <<_ACEOF | ||
11067 | #define HAVE_GETRUSAGE 1 | ||
11068 | _ACEOF | ||
11069 | |||
11070 | fi | ||
11071 | done | ||
11072 | |||
11073 | fi | ||
11074 | |||
11075 | ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" " | ||
11076 | #ifdef HAVE_STRING_H | ||
11077 | # include <string.h> | ||
11078 | #endif | ||
11079 | |||
11080 | " | ||
11081 | if test "x$ac_cv_have_decl_strsep" = xyes; then : | ||
11082 | for ac_func in strsep | ||
11083 | do : | ||
11084 | ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" | ||
11085 | if test "x$ac_cv_func_strsep" = xyes; then : | ||
11086 | cat >>confdefs.h <<_ACEOF | ||
11087 | #define HAVE_STRSEP 1 | ||
11088 | _ACEOF | ||
11089 | |||
11090 | fi | ||
11091 | done | ||
11092 | |||
11093 | fi | ||
11094 | |||
11095 | |||
11096 | ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h> | ||
11097 | |||
11098 | " | ||
11099 | if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then : | ||
11100 | $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h | ||
11101 | |||
11102 | else | ||
11103 | for ac_func in tcsendbreak | ||
11104 | do : | ||
11105 | ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak" | ||
11106 | if test "x$ac_cv_func_tcsendbreak" = xyes; then : | ||
11107 | cat >>confdefs.h <<_ACEOF | ||
11108 | #define HAVE_TCSENDBREAK 1 | ||
11109 | _ACEOF | ||
11110 | |||
11111 | fi | ||
11112 | done | ||
11113 | |||
11114 | fi | ||
11115 | |||
11116 | |||
11117 | ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h> | ||
11118 | " | ||
11119 | if test "x$ac_cv_have_decl_h_errno" = xyes; then : | ||
11120 | ac_have_decl=1 | ||
11121 | else | ||
11122 | ac_have_decl=0 | ||
11123 | fi | ||
11124 | |||
11125 | cat >>confdefs.h <<_ACEOF | ||
11126 | #define HAVE_DECL_H_ERRNO $ac_have_decl | ||
11127 | _ACEOF | ||
11128 | |||
11129 | |||
11130 | ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" " | ||
11131 | #include <sys/types.h> | ||
11132 | #include <sys/socket.h> | ||
11133 | |||
11134 | " | ||
11135 | if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then : | ||
11136 | ac_have_decl=1 | ||
11137 | else | ||
11138 | ac_have_decl=0 | ||
11139 | fi | ||
11140 | |||
11141 | cat >>confdefs.h <<_ACEOF | ||
11142 | #define HAVE_DECL_SHUT_RD $ac_have_decl | ||
11143 | _ACEOF | ||
11144 | |||
11145 | |||
11146 | ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" " | ||
11147 | #include <sys/types.h> | ||
11148 | #ifdef HAVE_SYS_STAT_H | ||
11149 | # include <sys/stat.h> | ||
11150 | #endif | ||
11151 | #ifdef HAVE_FCNTL_H | ||
11152 | # include <fcntl.h> | ||
11153 | #endif | ||
11154 | |||
11155 | " | ||
11156 | if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then : | ||
11157 | ac_have_decl=1 | ||
11158 | else | ||
11159 | ac_have_decl=0 | ||
11160 | fi | ||
11161 | |||
11162 | cat >>confdefs.h <<_ACEOF | ||
11163 | #define HAVE_DECL_O_NONBLOCK $ac_have_decl | ||
11164 | _ACEOF | ||
11165 | |||
11166 | |||
11167 | ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" " | ||
11168 | #include <sys/types.h> | ||
11169 | #include <sys/uio.h> | ||
11170 | #include <unistd.h> | ||
11171 | |||
11172 | " | ||
11173 | if test "x$ac_cv_have_decl_writev" = xyes; then : | ||
11174 | ac_have_decl=1 | ||
11175 | else | ||
11176 | ac_have_decl=0 | ||
11177 | fi | ||
11178 | |||
11179 | cat >>confdefs.h <<_ACEOF | ||
11180 | #define HAVE_DECL_WRITEV $ac_have_decl | ||
11181 | _ACEOF | ||
11182 | |||
11183 | |||
11184 | ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" " | ||
11185 | #include <sys/param.h> | ||
11186 | |||
11187 | " | ||
11188 | if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then : | ||
11189 | ac_have_decl=1 | ||
11190 | else | ||
11191 | ac_have_decl=0 | ||
11192 | fi | ||
11193 | |||
11194 | cat >>confdefs.h <<_ACEOF | ||
11195 | #define HAVE_DECL_MAXSYMLINKS $ac_have_decl | ||
11196 | _ACEOF | ||
11197 | |||
11198 | |||
11199 | ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" " | ||
11200 | #include <stddef.h> | ||
11201 | |||
11202 | " | ||
11203 | if test "x$ac_cv_have_decl_offsetof" = xyes; then : | ||
11204 | ac_have_decl=1 | ||
11205 | else | ||
11206 | ac_have_decl=0 | ||
11207 | fi | ||
11208 | |||
11209 | cat >>confdefs.h <<_ACEOF | ||
11210 | #define HAVE_DECL_OFFSETOF $ac_have_decl | ||
11211 | _ACEOF | ||
11212 | |||
11213 | |||
11214 | # extra bits for select(2) | ||
11215 | ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" " | ||
11216 | #include <sys/param.h> | ||
11217 | #include <sys/types.h> | ||
11218 | #ifdef HAVE_SYS_SYSMACROS_H | ||
11219 | #include <sys/sysmacros.h> | ||
11220 | #endif | ||
11221 | #ifdef HAVE_SYS_SELECT_H | ||
11222 | #include <sys/select.h> | ||
11223 | #endif | ||
11224 | #ifdef HAVE_SYS_TIME_H | ||
11225 | #include <sys/time.h> | ||
11226 | #endif | ||
11227 | #ifdef HAVE_UNISTD_H | ||
11228 | #include <unistd.h> | ||
11229 | #endif | ||
11230 | |||
11231 | " | ||
11232 | if test "x$ac_cv_have_decl_howmany" = xyes; then : | ||
11233 | ac_have_decl=1 | ||
11234 | else | ||
11235 | ac_have_decl=0 | ||
11236 | fi | ||
11237 | |||
11238 | cat >>confdefs.h <<_ACEOF | ||
11239 | #define HAVE_DECL_HOWMANY $ac_have_decl | ||
11240 | _ACEOF | ||
11241 | ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" " | ||
11242 | #include <sys/param.h> | ||
11243 | #include <sys/types.h> | ||
11244 | #ifdef HAVE_SYS_SYSMACROS_H | ||
11245 | #include <sys/sysmacros.h> | ||
11246 | #endif | ||
11247 | #ifdef HAVE_SYS_SELECT_H | ||
11248 | #include <sys/select.h> | ||
11249 | #endif | ||
11250 | #ifdef HAVE_SYS_TIME_H | ||
11251 | #include <sys/time.h> | ||
11252 | #endif | ||
11253 | #ifdef HAVE_UNISTD_H | ||
11254 | #include <unistd.h> | ||
11255 | #endif | ||
11256 | |||
11257 | " | ||
11258 | if test "x$ac_cv_have_decl_NFDBITS" = xyes; then : | ||
11259 | ac_have_decl=1 | ||
11260 | else | ||
11261 | ac_have_decl=0 | ||
11262 | fi | ||
11263 | |||
11264 | cat >>confdefs.h <<_ACEOF | ||
11265 | #define HAVE_DECL_NFDBITS $ac_have_decl | ||
11266 | _ACEOF | ||
11267 | |||
11268 | ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" " | ||
11269 | #include <sys/param.h> | ||
11270 | #include <sys/types.h> | ||
11271 | #ifdef HAVE_SYS_SELECT_H | ||
11272 | #include <sys/select.h> | ||
11273 | #endif | ||
11274 | #ifdef HAVE_SYS_TIME_H | ||
11275 | #include <sys/time.h> | ||
11276 | #endif | ||
11277 | #ifdef HAVE_UNISTD_H | ||
11278 | #include <unistd.h> | ||
11279 | #endif | ||
11280 | |||
11281 | " | ||
11282 | if test "x$ac_cv_type_fd_mask" = xyes; then : | ||
11283 | |||
11284 | cat >>confdefs.h <<_ACEOF | ||
11285 | #define HAVE_FD_MASK 1 | ||
11286 | _ACEOF | ||
11287 | |||
11288 | |||
11289 | fi | ||
11290 | |||
11291 | |||
11292 | for ac_func in setresuid | ||
11293 | do : | ||
11294 | ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" | ||
11295 | if test "x$ac_cv_func_setresuid" = xyes; then : | ||
11296 | cat >>confdefs.h <<_ACEOF | ||
11297 | #define HAVE_SETRESUID 1 | ||
11298 | _ACEOF | ||
11299 | |||
11300 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5 | ||
11301 | $as_echo_n "checking if setresuid seems to work... " >&6; } | ||
11302 | if test "$cross_compiling" = yes; then : | ||
11303 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 | ||
11304 | $as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} | ||
11305 | |||
11306 | else | ||
11307 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11308 | /* end confdefs.h. */ | ||
11309 | |||
11310 | #include <stdlib.h> | ||
11311 | #include <errno.h> | ||
11312 | |||
11313 | int | ||
11314 | main () | ||
11315 | { | ||
11316 | |||
11317 | errno=0; | ||
11318 | setresuid(0,0,0); | ||
11319 | if (errno==ENOSYS) | ||
11320 | exit(1); | ||
11321 | else | ||
11322 | exit(0); | ||
11323 | |||
11324 | ; | ||
11325 | return 0; | ||
11326 | } | ||
11327 | _ACEOF | ||
11328 | if ac_fn_c_try_run "$LINENO"; then : | ||
11329 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11330 | $as_echo "yes" >&6; } | ||
11331 | else | ||
11332 | |||
11333 | $as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h | ||
11334 | |||
11335 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 | ||
11336 | $as_echo "not implemented" >&6; } | ||
11337 | fi | ||
11338 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11339 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11340 | fi | ||
11341 | |||
11342 | |||
11343 | fi | ||
11344 | done | ||
11345 | |||
11346 | |||
11347 | for ac_func in setresgid | ||
11348 | do : | ||
11349 | ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" | ||
11350 | if test "x$ac_cv_func_setresgid" = xyes; then : | ||
11351 | cat >>confdefs.h <<_ACEOF | ||
11352 | #define HAVE_SETRESGID 1 | ||
11353 | _ACEOF | ||
11354 | |||
11355 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5 | ||
11356 | $as_echo_n "checking if setresgid seems to work... " >&6; } | ||
11357 | if test "$cross_compiling" = yes; then : | ||
11358 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 | ||
11359 | $as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} | ||
11360 | |||
11361 | else | ||
11362 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11363 | /* end confdefs.h. */ | ||
11364 | |||
11365 | #include <stdlib.h> | ||
11366 | #include <errno.h> | ||
11367 | |||
11368 | int | ||
11369 | main () | ||
11370 | { | ||
11371 | |||
11372 | errno=0; | ||
11373 | setresgid(0,0,0); | ||
11374 | if (errno==ENOSYS) | ||
11375 | exit(1); | ||
11376 | else | ||
11377 | exit(0); | ||
11378 | |||
11379 | ; | ||
11380 | return 0; | ||
11381 | } | ||
11382 | _ACEOF | ||
11383 | if ac_fn_c_try_run "$LINENO"; then : | ||
11384 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11385 | $as_echo "yes" >&6; } | ||
11386 | else | ||
11387 | |||
11388 | $as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h | ||
11389 | |||
11390 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 | ||
11391 | $as_echo "not implemented" >&6; } | ||
11392 | fi | ||
11393 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11394 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11395 | fi | ||
11396 | |||
11397 | |||
11398 | fi | ||
11399 | done | ||
11400 | |||
11401 | |||
11402 | for ac_func in realpath | ||
11403 | do : | ||
11404 | ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath" | ||
11405 | if test "x$ac_cv_func_realpath" = xyes; then : | ||
11406 | cat >>confdefs.h <<_ACEOF | ||
11407 | #define HAVE_REALPATH 1 | ||
11408 | _ACEOF | ||
11409 | |||
11410 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if realpath works with non-existent files" >&5 | ||
11411 | $as_echo_n "checking if realpath works with non-existent files... " >&6; } | ||
11412 | if test "$cross_compiling" = yes; then : | ||
11413 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5 | ||
11414 | $as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;} | ||
11415 | |||
11416 | else | ||
11417 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11418 | /* end confdefs.h. */ | ||
11419 | |||
11420 | #include <limits.h> | ||
11421 | #include <stdlib.h> | ||
11422 | #include <errno.h> | ||
11423 | |||
11424 | int | ||
11425 | main () | ||
11426 | { | ||
11427 | |||
11428 | char buf[PATH_MAX]; | ||
11429 | if (realpath("/opensshnonexistentfilename1234", buf) == NULL) | ||
11430 | if (errno == ENOENT) | ||
11431 | exit(1); | ||
11432 | exit(0); | ||
11433 | |||
11434 | ; | ||
11435 | return 0; | ||
11436 | } | ||
11437 | _ACEOF | ||
11438 | if ac_fn_c_try_run "$LINENO"; then : | ||
11439 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11440 | $as_echo "yes" >&6; } | ||
11441 | else | ||
11442 | |||
11443 | $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h | ||
11444 | |||
11445 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11446 | $as_echo "no" >&6; } | ||
11447 | fi | ||
11448 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11449 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11450 | fi | ||
11451 | |||
11452 | |||
11453 | fi | ||
11454 | done | ||
11455 | |||
11456 | |||
11457 | for ac_func in gettimeofday time | ||
11458 | do : | ||
11459 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11460 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11461 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11462 | cat >>confdefs.h <<_ACEOF | ||
11463 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11464 | _ACEOF | ||
11465 | |||
11466 | fi | ||
11467 | done | ||
11468 | |||
11469 | for ac_func in endutent getutent getutid getutline pututline setutent | ||
11470 | do : | ||
11471 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11472 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11473 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11474 | cat >>confdefs.h <<_ACEOF | ||
11475 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11476 | _ACEOF | ||
11477 | |||
11478 | fi | ||
11479 | done | ||
11480 | |||
11481 | for ac_func in utmpname | ||
11482 | do : | ||
11483 | ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname" | ||
11484 | if test "x$ac_cv_func_utmpname" = xyes; then : | ||
11485 | cat >>confdefs.h <<_ACEOF | ||
11486 | #define HAVE_UTMPNAME 1 | ||
11487 | _ACEOF | ||
11488 | |||
11489 | fi | ||
11490 | done | ||
11491 | |||
11492 | for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline | ||
11493 | do : | ||
11494 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11495 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11496 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11497 | cat >>confdefs.h <<_ACEOF | ||
11498 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11499 | _ACEOF | ||
11500 | |||
11501 | fi | ||
11502 | done | ||
11503 | |||
11504 | for ac_func in setutxdb setutxent utmpxname | ||
11505 | do : | ||
11506 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11507 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11508 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11509 | cat >>confdefs.h <<_ACEOF | ||
11510 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11511 | _ACEOF | ||
11512 | |||
11513 | fi | ||
11514 | done | ||
11515 | |||
11516 | for ac_func in getlastlogxbyname | ||
11517 | do : | ||
11518 | ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname" | ||
11519 | if test "x$ac_cv_func_getlastlogxbyname" = xyes; then : | ||
11520 | cat >>confdefs.h <<_ACEOF | ||
11521 | #define HAVE_GETLASTLOGXBYNAME 1 | ||
11522 | _ACEOF | ||
11523 | |||
11524 | fi | ||
11525 | done | ||
11526 | |||
11527 | |||
11528 | ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" | ||
11529 | if test "x$ac_cv_func_daemon" = xyes; then : | ||
11530 | |||
11531 | $as_echo "#define HAVE_DAEMON 1" >>confdefs.h | ||
11532 | |||
11533 | else | ||
11534 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5 | ||
11535 | $as_echo_n "checking for daemon in -lbsd... " >&6; } | ||
11536 | if ${ac_cv_lib_bsd_daemon+:} false; then : | ||
11537 | $as_echo_n "(cached) " >&6 | ||
11538 | else | ||
11539 | ac_check_lib_save_LIBS=$LIBS | ||
11540 | LIBS="-lbsd $LIBS" | ||
11541 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11542 | /* end confdefs.h. */ | ||
11543 | |||
11544 | /* Override any GCC internal prototype to avoid an error. | ||
11545 | Use char because int might match the return type of a GCC | ||
11546 | builtin and then its argument prototype would still apply. */ | ||
11547 | #ifdef __cplusplus | ||
11548 | extern "C" | ||
11549 | #endif | ||
11550 | char daemon (); | ||
11551 | int | ||
11552 | main () | ||
11553 | { | ||
11554 | return daemon (); | ||
11555 | ; | ||
11556 | return 0; | ||
11557 | } | ||
11558 | _ACEOF | ||
11559 | if ac_fn_c_try_link "$LINENO"; then : | ||
11560 | ac_cv_lib_bsd_daemon=yes | ||
11561 | else | ||
11562 | ac_cv_lib_bsd_daemon=no | ||
11563 | fi | ||
11564 | rm -f core conftest.err conftest.$ac_objext \ | ||
11565 | conftest$ac_exeext conftest.$ac_ext | ||
11566 | LIBS=$ac_check_lib_save_LIBS | ||
11567 | fi | ||
11568 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5 | ||
11569 | $as_echo "$ac_cv_lib_bsd_daemon" >&6; } | ||
11570 | if test "x$ac_cv_lib_bsd_daemon" = xyes; then : | ||
11571 | LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h | ||
11572 | |||
11573 | fi | ||
11574 | |||
11575 | |||
11576 | fi | ||
11577 | |||
11578 | |||
11579 | ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" | ||
11580 | if test "x$ac_cv_func_getpagesize" = xyes; then : | ||
11581 | |||
11582 | $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h | ||
11583 | |||
11584 | else | ||
11585 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5 | ||
11586 | $as_echo_n "checking for getpagesize in -lucb... " >&6; } | ||
11587 | if ${ac_cv_lib_ucb_getpagesize+:} false; then : | ||
11588 | $as_echo_n "(cached) " >&6 | ||
11589 | else | ||
11590 | ac_check_lib_save_LIBS=$LIBS | ||
11591 | LIBS="-lucb $LIBS" | ||
11592 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11593 | /* end confdefs.h. */ | ||
11594 | |||
11595 | /* Override any GCC internal prototype to avoid an error. | ||
11596 | Use char because int might match the return type of a GCC | ||
11597 | builtin and then its argument prototype would still apply. */ | ||
11598 | #ifdef __cplusplus | ||
11599 | extern "C" | ||
11600 | #endif | ||
11601 | char getpagesize (); | ||
11602 | int | ||
11603 | main () | ||
11604 | { | ||
11605 | return getpagesize (); | ||
11606 | ; | ||
11607 | return 0; | ||
11608 | } | ||
11609 | _ACEOF | ||
11610 | if ac_fn_c_try_link "$LINENO"; then : | ||
11611 | ac_cv_lib_ucb_getpagesize=yes | ||
11612 | else | ||
11613 | ac_cv_lib_ucb_getpagesize=no | ||
11614 | fi | ||
11615 | rm -f core conftest.err conftest.$ac_objext \ | ||
11616 | conftest$ac_exeext conftest.$ac_ext | ||
11617 | LIBS=$ac_check_lib_save_LIBS | ||
11618 | fi | ||
11619 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5 | ||
11620 | $as_echo "$ac_cv_lib_ucb_getpagesize" >&6; } | ||
11621 | if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then : | ||
11622 | LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h | ||
11623 | |||
11624 | fi | ||
11625 | |||
11626 | |||
11627 | fi | ||
11628 | |||
11629 | |||
11630 | # Check for broken snprintf | ||
11631 | if test "x$ac_cv_func_snprintf" = "xyes" ; then | ||
11632 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5 | ||
11633 | $as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; } | ||
11634 | if test "$cross_compiling" = yes; then : | ||
11635 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 | ||
11636 | $as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} | ||
11637 | |||
11638 | else | ||
11639 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11640 | /* end confdefs.h. */ | ||
11641 | #include <stdio.h> | ||
11642 | int | ||
11643 | main () | ||
11644 | { | ||
11645 | |||
11646 | char b[5]; | ||
11647 | snprintf(b,5,"123456789"); | ||
11648 | exit(b[4]!='\0'); | ||
11649 | |||
11650 | ; | ||
11651 | return 0; | ||
11652 | } | ||
11653 | _ACEOF | ||
11654 | if ac_fn_c_try_run "$LINENO"; then : | ||
11655 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11656 | $as_echo "yes" >&6; } | ||
11657 | else | ||
11658 | |||
11659 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11660 | $as_echo "no" >&6; } | ||
11661 | |||
11662 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
11663 | |||
11664 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 | ||
11665 | $as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} | ||
11666 | |||
11667 | fi | ||
11668 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11669 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11670 | fi | ||
11671 | |||
11672 | fi | ||
11673 | |||
11674 | # We depend on vsnprintf returning the right thing on overflow: the | ||
11675 | # number of characters it tried to create (as per SUSv3) | ||
11676 | if test "x$ac_cv_func_vsnprintf" = "xyes" ; then | ||
11677 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5 | ||
11678 | $as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; } | ||
11679 | if test "$cross_compiling" = yes; then : | ||
11680 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5 | ||
11681 | $as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;} | ||
11682 | |||
11683 | else | ||
11684 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11685 | /* end confdefs.h. */ | ||
11686 | |||
11687 | #include <sys/types.h> | ||
11688 | #include <stdio.h> | ||
11689 | #include <stdarg.h> | ||
11690 | |||
11691 | int x_snprintf(char *str, size_t count, const char *fmt, ...) | ||
11692 | { | ||
11693 | size_t ret; | ||
11694 | va_list ap; | ||
11695 | |||
11696 | va_start(ap, fmt); | ||
11697 | ret = vsnprintf(str, count, fmt, ap); | ||
11698 | va_end(ap); | ||
11699 | return ret; | ||
11700 | } | ||
11701 | |||
11702 | int | ||
11703 | main () | ||
11704 | { | ||
11705 | |||
11706 | char x[1]; | ||
11707 | if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) | ||
11708 | return 1; | ||
11709 | if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) | ||
11710 | return 1; | ||
11711 | return 0; | ||
11712 | |||
11713 | ; | ||
11714 | return 0; | ||
11715 | } | ||
11716 | _ACEOF | ||
11717 | if ac_fn_c_try_run "$LINENO"; then : | ||
11718 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11719 | $as_echo "yes" >&6; } | ||
11720 | else | ||
11721 | |||
11722 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11723 | $as_echo "no" >&6; } | ||
11724 | |||
11725 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
11726 | |||
11727 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5 | ||
11728 | $as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;} | ||
11729 | |||
11730 | fi | ||
11731 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11732 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11733 | fi | ||
11734 | |||
11735 | fi | ||
11736 | |||
11737 | # On systems where [v]snprintf is broken, but is declared in stdio, | ||
11738 | # check that the fmt argument is const char * or just char *. | ||
11739 | # This is only useful for when BROKEN_SNPRINTF | ||
11740 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5 | ||
11741 | $as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; } | ||
11742 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11743 | /* end confdefs.h. */ | ||
11744 | |||
11745 | #include <stdio.h> | ||
11746 | int snprintf(char *a, size_t b, const char *c, ...) { return 0; } | ||
11747 | |||
11748 | int | ||
11749 | main () | ||
11750 | { | ||
11751 | |||
11752 | snprintf(0, 0, 0); | ||
11753 | |||
11754 | ; | ||
11755 | return 0; | ||
11756 | } | ||
11757 | _ACEOF | ||
11758 | if ac_fn_c_try_compile "$LINENO"; then : | ||
11759 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11760 | $as_echo "yes" >&6; } | ||
11761 | |||
11762 | $as_echo "#define SNPRINTF_CONST const" >>confdefs.h | ||
11763 | |||
11764 | else | ||
11765 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11766 | $as_echo "no" >&6; } | ||
11767 | $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h | ||
11768 | |||
11769 | fi | ||
11770 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
11771 | |||
11772 | # Check for missing getpeereid (or equiv) support | ||
11773 | NO_PEERCHECK="" | ||
11774 | if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then | ||
11775 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5 | ||
11776 | $as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; } | ||
11777 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11778 | /* end confdefs.h. */ | ||
11779 | |||
11780 | #include <sys/types.h> | ||
11781 | #include <sys/socket.h> | ||
11782 | int | ||
11783 | main () | ||
11784 | { | ||
11785 | int i = SO_PEERCRED; | ||
11786 | ; | ||
11787 | return 0; | ||
11788 | } | ||
11789 | _ACEOF | ||
11790 | if ac_fn_c_try_compile "$LINENO"; then : | ||
11791 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11792 | $as_echo "yes" >&6; } | ||
11793 | |||
11794 | $as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h | ||
11795 | |||
11796 | |||
11797 | else | ||
11798 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11799 | $as_echo "no" >&6; } | ||
11800 | NO_PEERCHECK=1 | ||
11801 | |||
11802 | fi | ||
11803 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
11804 | fi | ||
11805 | |||
11806 | if test "x$ac_cv_func_mkdtemp" = "xyes" ; then | ||
11807 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5 | ||
11808 | $as_echo_n "checking for (overly) strict mkstemp... " >&6; } | ||
11809 | if test "$cross_compiling" = yes; then : | ||
11810 | |||
11811 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11812 | $as_echo "yes" >&6; } | ||
11813 | $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h | ||
11814 | |||
11815 | |||
11816 | |||
11817 | else | ||
11818 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11819 | /* end confdefs.h. */ | ||
11820 | |||
11821 | #include <stdlib.h> | ||
11822 | |||
11823 | int | ||
11824 | main () | ||
11825 | { | ||
11826 | |||
11827 | char template[]="conftest.mkstemp-test"; | ||
11828 | if (mkstemp(template) == -1) | ||
11829 | exit(1); | ||
11830 | unlink(template); | ||
11831 | exit(0); | ||
11832 | |||
11833 | ; | ||
11834 | return 0; | ||
11835 | } | ||
11836 | _ACEOF | ||
11837 | if ac_fn_c_try_run "$LINENO"; then : | ||
11838 | |||
11839 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11840 | $as_echo "no" >&6; } | ||
11841 | |||
11842 | else | ||
11843 | |||
11844 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11845 | $as_echo "yes" >&6; } | ||
11846 | |||
11847 | $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h | ||
11848 | |||
11849 | |||
11850 | fi | ||
11851 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11852 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11853 | fi | ||
11854 | |||
11855 | fi | ||
11856 | |||
11857 | if test ! -z "$check_for_openpty_ctty_bug"; then | ||
11858 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5 | ||
11859 | $as_echo_n "checking if openpty correctly handles controlling tty... " >&6; } | ||
11860 | if test "$cross_compiling" = yes; then : | ||
11861 | |||
11862 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 | ||
11863 | $as_echo "cross-compiling, assuming yes" >&6; } | ||
11864 | |||
11865 | |||
11866 | else | ||
11867 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11868 | /* end confdefs.h. */ | ||
11869 | |||
11870 | #include <stdio.h> | ||
11871 | #include <sys/fcntl.h> | ||
11872 | #include <sys/types.h> | ||
11873 | #include <sys/wait.h> | ||
11874 | |||
11875 | int | ||
11876 | main () | ||
11877 | { | ||
11878 | |||
11879 | pid_t pid; | ||
11880 | int fd, ptyfd, ttyfd, status; | ||
11881 | |||
11882 | pid = fork(); | ||
11883 | if (pid < 0) { /* failed */ | ||
11884 | exit(1); | ||
11885 | } else if (pid > 0) { /* parent */ | ||
11886 | waitpid(pid, &status, 0); | ||
11887 | if (WIFEXITED(status)) | ||
11888 | exit(WEXITSTATUS(status)); | ||
11889 | else | ||
11890 | exit(2); | ||
11891 | } else { /* child */ | ||
11892 | close(0); close(1); close(2); | ||
11893 | setsid(); | ||
11894 | openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); | ||
11895 | fd = open("/dev/tty", O_RDWR | O_NOCTTY); | ||
11896 | if (fd >= 0) | ||
11897 | exit(3); /* Acquired ctty: broken */ | ||
11898 | else | ||
11899 | exit(0); /* Did not acquire ctty: OK */ | ||
11900 | } | ||
11901 | |||
11902 | ; | ||
11903 | return 0; | ||
11904 | } | ||
11905 | _ACEOF | ||
11906 | if ac_fn_c_try_run "$LINENO"; then : | ||
11907 | |||
11908 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
11909 | $as_echo "yes" >&6; } | ||
11910 | |||
11911 | else | ||
11912 | |||
11913 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
11914 | $as_echo "no" >&6; } | ||
11915 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | ||
11916 | |||
11917 | |||
11918 | fi | ||
11919 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
11920 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
11921 | fi | ||
11922 | |||
11923 | fi | ||
11924 | |||
11925 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ | ||
11926 | test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then | ||
11927 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 | ||
11928 | $as_echo_n "checking if getaddrinfo seems to work... " >&6; } | ||
11929 | if test "$cross_compiling" = yes; then : | ||
11930 | |||
11931 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 | ||
11932 | $as_echo "cross-compiling, assuming yes" >&6; } | ||
11933 | |||
11934 | |||
11935 | else | ||
11936 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
11937 | /* end confdefs.h. */ | ||
11938 | |||
11939 | #include <stdio.h> | ||
11940 | #include <sys/socket.h> | ||
11941 | #include <netdb.h> | ||
11942 | #include <errno.h> | ||
11943 | #include <netinet/in.h> | ||
11944 | |||
11945 | #define TEST_PORT "2222" | ||
11946 | |||
11947 | int | ||
11948 | main () | ||
11949 | { | ||
11950 | |||
11951 | int err, sock; | ||
11952 | struct addrinfo *gai_ai, *ai, hints; | ||
11953 | char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; | ||
11954 | |||
11955 | memset(&hints, 0, sizeof(hints)); | ||
11956 | hints.ai_family = PF_UNSPEC; | ||
11957 | hints.ai_socktype = SOCK_STREAM; | ||
11958 | hints.ai_flags = AI_PASSIVE; | ||
11959 | |||
11960 | err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); | ||
11961 | if (err != 0) { | ||
11962 | fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); | ||
11963 | exit(1); | ||
11964 | } | ||
11965 | |||
11966 | for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { | ||
11967 | if (ai->ai_family != AF_INET6) | ||
11968 | continue; | ||
11969 | |||
11970 | err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, | ||
11971 | sizeof(ntop), strport, sizeof(strport), | ||
11972 | NI_NUMERICHOST|NI_NUMERICSERV); | ||
11973 | |||
11974 | if (err != 0) { | ||
11975 | if (err == EAI_SYSTEM) | ||
11976 | perror("getnameinfo EAI_SYSTEM"); | ||
11977 | else | ||
11978 | fprintf(stderr, "getnameinfo failed: %s\n", | ||
11979 | gai_strerror(err)); | ||
11980 | exit(2); | ||
11981 | } | ||
11982 | |||
11983 | sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | ||
11984 | if (sock < 0) | ||
11985 | perror("socket"); | ||
11986 | if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { | ||
11987 | if (errno == EBADF) | ||
11988 | exit(3); | ||
11989 | } | ||
11990 | } | ||
11991 | exit(0); | ||
11992 | |||
11993 | ; | ||
11994 | return 0; | ||
11995 | } | ||
11996 | _ACEOF | ||
11997 | if ac_fn_c_try_run "$LINENO"; then : | ||
11998 | |||
11999 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12000 | $as_echo "yes" >&6; } | ||
12001 | |||
12002 | else | ||
12003 | |||
12004 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12005 | $as_echo "no" >&6; } | ||
12006 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
12007 | |||
12008 | |||
12009 | fi | ||
12010 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12011 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12012 | fi | ||
12013 | |||
12014 | fi | ||
12015 | |||
12016 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ | ||
12017 | test "x$check_for_aix_broken_getaddrinfo" = "x1"; then | ||
12018 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 | ||
12019 | $as_echo_n "checking if getaddrinfo seems to work... " >&6; } | ||
12020 | if test "$cross_compiling" = yes; then : | ||
12021 | |||
12022 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5 | ||
12023 | $as_echo "cross-compiling, assuming no" >&6; } | ||
12024 | |||
12025 | |||
12026 | else | ||
12027 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12028 | /* end confdefs.h. */ | ||
12029 | |||
12030 | #include <stdio.h> | ||
12031 | #include <sys/socket.h> | ||
12032 | #include <netdb.h> | ||
12033 | #include <errno.h> | ||
12034 | #include <netinet/in.h> | ||
12035 | |||
12036 | #define TEST_PORT "2222" | ||
12037 | |||
12038 | int | ||
12039 | main () | ||
12040 | { | ||
12041 | |||
12042 | int err, sock; | ||
12043 | struct addrinfo *gai_ai, *ai, hints; | ||
12044 | char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; | ||
12045 | |||
12046 | memset(&hints, 0, sizeof(hints)); | ||
12047 | hints.ai_family = PF_UNSPEC; | ||
12048 | hints.ai_socktype = SOCK_STREAM; | ||
12049 | hints.ai_flags = AI_PASSIVE; | ||
12050 | |||
12051 | err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); | ||
12052 | if (err != 0) { | ||
12053 | fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); | ||
12054 | exit(1); | ||
12055 | } | ||
12056 | |||
12057 | for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { | ||
12058 | if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) | ||
12059 | continue; | ||
12060 | |||
12061 | err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, | ||
12062 | sizeof(ntop), strport, sizeof(strport), | ||
12063 | NI_NUMERICHOST|NI_NUMERICSERV); | ||
12064 | |||
12065 | if (ai->ai_family == AF_INET && err != 0) { | ||
12066 | perror("getnameinfo"); | ||
12067 | exit(2); | ||
12068 | } | ||
12069 | } | ||
12070 | exit(0); | ||
12071 | |||
12072 | ; | ||
12073 | return 0; | ||
12074 | } | ||
12075 | _ACEOF | ||
12076 | if ac_fn_c_try_run "$LINENO"; then : | ||
12077 | |||
12078 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12079 | $as_echo "yes" >&6; } | ||
12080 | |||
12081 | $as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h | ||
12082 | |||
12083 | |||
12084 | else | ||
12085 | |||
12086 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12087 | $as_echo "no" >&6; } | ||
12088 | $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h | ||
12089 | |||
12090 | |||
12091 | fi | ||
12092 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12093 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12094 | fi | ||
12095 | |||
12096 | fi | ||
12097 | |||
12098 | if test "x$ac_cv_func_getaddrinfo" = "xyes"; then | ||
12099 | ac_fn_c_check_decl "$LINENO" "AI_NUMERICSERV" "ac_cv_have_decl_AI_NUMERICSERV" "#include <sys/types.h> | ||
12100 | #include <sys/socket.h> | ||
12101 | #include <netdb.h> | ||
12102 | " | ||
12103 | if test "x$ac_cv_have_decl_AI_NUMERICSERV" = xyes; then : | ||
12104 | ac_have_decl=1 | ||
12105 | else | ||
12106 | ac_have_decl=0 | ||
12107 | fi | ||
12108 | |||
12109 | cat >>confdefs.h <<_ACEOF | ||
12110 | #define HAVE_DECL_AI_NUMERICSERV $ac_have_decl | ||
12111 | _ACEOF | ||
12112 | |||
12113 | fi | ||
12114 | |||
12115 | if test "x$check_for_conflicting_getspnam" = "x1"; then | ||
12116 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5 | ||
12117 | $as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; } | ||
12118 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12119 | /* end confdefs.h. */ | ||
12120 | #include <shadow.h> | ||
12121 | int | ||
12122 | main () | ||
12123 | { | ||
12124 | exit(0); | ||
12125 | ; | ||
12126 | return 0; | ||
12127 | } | ||
12128 | _ACEOF | ||
12129 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12130 | |||
12131 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12132 | $as_echo "no" >&6; } | ||
12133 | |||
12134 | else | ||
12135 | |||
12136 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12137 | $as_echo "yes" >&6; } | ||
12138 | |||
12139 | $as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h | ||
12140 | |||
12141 | |||
12142 | |||
12143 | fi | ||
12144 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12145 | fi | ||
12146 | |||
12147 | if test "x$ac_cv_func_strnvis" = "xyes"; then | ||
12148 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strnvis" >&5 | ||
12149 | $as_echo_n "checking for working strnvis... " >&6; } | ||
12150 | if test "$cross_compiling" = yes; then : | ||
12151 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming broken" >&5 | ||
12152 | $as_echo "$as_me: WARNING: cross compiling: assuming broken" >&2;} | ||
12153 | |||
12154 | $as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h | ||
12155 | |||
12156 | |||
12157 | else | ||
12158 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12159 | /* end confdefs.h. */ | ||
12160 | |||
12161 | #include <signal.h> | ||
12162 | #include <stdlib.h> | ||
12163 | #include <string.h> | ||
12164 | #include <vis.h> | ||
12165 | static void sighandler(int sig) { _exit(1); } | ||
12166 | |||
12167 | int | ||
12168 | main () | ||
12169 | { | ||
12170 | |||
12171 | char dst[16]; | ||
12172 | |||
12173 | signal(SIGSEGV, sighandler); | ||
12174 | if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) | ||
12175 | exit(0); | ||
12176 | exit(1) | ||
12177 | |||
12178 | ; | ||
12179 | return 0; | ||
12180 | } | ||
12181 | _ACEOF | ||
12182 | if ac_fn_c_try_run "$LINENO"; then : | ||
12183 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12184 | $as_echo "yes" >&6; } | ||
12185 | else | ||
12186 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12187 | $as_echo "no" >&6; } | ||
12188 | |||
12189 | $as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h | ||
12190 | |||
12191 | fi | ||
12192 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12193 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12194 | fi | ||
12195 | |||
12196 | fi | ||
12197 | |||
12198 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5 | ||
12199 | $as_echo_n "checking whether getpgrp requires zero arguments... " >&6; } | ||
12200 | if ${ac_cv_func_getpgrp_void+:} false; then : | ||
12201 | $as_echo_n "(cached) " >&6 | ||
12202 | else | ||
12203 | # Use it with a single arg. | ||
12204 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12205 | /* end confdefs.h. */ | ||
12206 | $ac_includes_default | ||
12207 | int | ||
12208 | main () | ||
12209 | { | ||
12210 | getpgrp (0); | ||
12211 | ; | ||
12212 | return 0; | ||
12213 | } | ||
12214 | _ACEOF | ||
12215 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12216 | ac_cv_func_getpgrp_void=no | ||
12217 | else | ||
12218 | ac_cv_func_getpgrp_void=yes | ||
12219 | fi | ||
12220 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12221 | |||
12222 | fi | ||
12223 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5 | ||
12224 | $as_echo "$ac_cv_func_getpgrp_void" >&6; } | ||
12225 | if test $ac_cv_func_getpgrp_void = yes; then | ||
12226 | |||
12227 | $as_echo "#define GETPGRP_VOID 1" >>confdefs.h | ||
12228 | |||
12229 | fi | ||
12230 | |||
12231 | |||
12232 | # Search for OpenSSL | ||
12233 | saved_CPPFLAGS="$CPPFLAGS" | ||
12234 | saved_LDFLAGS="$LDFLAGS" | ||
12235 | |||
12236 | # Check whether --with-ssl-dir was given. | ||
12237 | if test "${with_ssl_dir+set}" = set; then : | ||
12238 | withval=$with_ssl_dir; | ||
12239 | if test "x$openssl" = "xno" ; then | ||
12240 | as_fn_error $? "cannot use --with-ssl-dir when OpenSSL disabled" "$LINENO" 5 | ||
12241 | fi | ||
12242 | if test "x$withval" != "xno" ; then | ||
12243 | case "$withval" in | ||
12244 | # Relative paths | ||
12245 | ./*|../*) withval="`pwd`/$withval" | ||
12246 | esac | ||
12247 | if test -d "$withval/lib"; then | ||
12248 | if test -n "${need_dash_r}"; then | ||
12249 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | ||
12250 | else | ||
12251 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | ||
12252 | fi | ||
12253 | elif test -d "$withval/lib64"; then | ||
12254 | if test -n "${need_dash_r}"; then | ||
12255 | LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" | ||
12256 | else | ||
12257 | LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" | ||
12258 | fi | ||
12259 | else | ||
12260 | if test -n "${need_dash_r}"; then | ||
12261 | LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" | ||
12262 | else | ||
12263 | LDFLAGS="-L${withval} ${LDFLAGS}" | ||
12264 | fi | ||
12265 | fi | ||
12266 | if test -d "$withval/include"; then | ||
12267 | CPPFLAGS="-I${withval}/include ${CPPFLAGS}" | ||
12268 | else | ||
12269 | CPPFLAGS="-I${withval} ${CPPFLAGS}" | ||
12270 | fi | ||
12271 | fi | ||
12272 | |||
12273 | |||
12274 | fi | ||
12275 | |||
12276 | |||
12277 | |||
12278 | # Check whether --with-openssl-header-check was given. | ||
12279 | if test "${with_openssl_header_check+set}" = set; then : | ||
12280 | withval=$with_openssl_header_check; | ||
12281 | if test "x$withval" = "xno" ; then | ||
12282 | openssl_check_nonfatal=1 | ||
12283 | fi | ||
12284 | |||
12285 | |||
12286 | fi | ||
12287 | |||
12288 | |||
12289 | openssl_engine=no | ||
12290 | |||
12291 | # Check whether --with-ssl-engine was given. | ||
12292 | if test "${with_ssl_engine+set}" = set; then : | ||
12293 | withval=$with_ssl_engine; | ||
12294 | if test "x$withval" != "xno" ; then | ||
12295 | if test "x$openssl" = "xno" ; then | ||
12296 | as_fn_error $? "cannot use --with-ssl-engine when OpenSSL disabled" "$LINENO" 5 | ||
12297 | fi | ||
12298 | openssl_engine=yes | ||
12299 | fi | ||
12300 | |||
12301 | |||
12302 | fi | ||
12303 | |||
12304 | |||
12305 | if test "x$openssl" = "xyes" ; then | ||
12306 | LIBS="-lcrypto $LIBS" | ||
12307 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12308 | /* end confdefs.h. */ | ||
12309 | |||
12310 | /* Override any GCC internal prototype to avoid an error. | ||
12311 | Use char because int might match the return type of a GCC | ||
12312 | builtin and then its argument prototype would still apply. */ | ||
12313 | #ifdef __cplusplus | ||
12314 | extern "C" | ||
12315 | #endif | ||
12316 | char RAND_add (); | ||
12317 | int | ||
12318 | main () | ||
12319 | { | ||
12320 | return RAND_add (); | ||
12321 | ; | ||
12322 | return 0; | ||
12323 | } | ||
12324 | _ACEOF | ||
12325 | if ac_fn_c_try_link "$LINENO"; then : | ||
12326 | |||
12327 | $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h | ||
12328 | |||
12329 | else | ||
12330 | |||
12331 | if test -n "${need_dash_r}"; then | ||
12332 | LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" | ||
12333 | else | ||
12334 | LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" | ||
12335 | fi | ||
12336 | CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" | ||
12337 | ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default" | ||
12338 | if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then : | ||
12339 | |||
12340 | else | ||
12341 | as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5 | ||
12342 | fi | ||
12343 | |||
12344 | |||
12345 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12346 | /* end confdefs.h. */ | ||
12347 | |||
12348 | /* Override any GCC internal prototype to avoid an error. | ||
12349 | Use char because int might match the return type of a GCC | ||
12350 | builtin and then its argument prototype would still apply. */ | ||
12351 | #ifdef __cplusplus | ||
12352 | extern "C" | ||
12353 | #endif | ||
12354 | char RAND_add (); | ||
12355 | int | ||
12356 | main () | ||
12357 | { | ||
12358 | return RAND_add (); | ||
12359 | ; | ||
12360 | return 0; | ||
12361 | } | ||
12362 | _ACEOF | ||
12363 | if ac_fn_c_try_link "$LINENO"; then : | ||
12364 | $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h | ||
12365 | |||
12366 | else | ||
12367 | |||
12368 | as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5 | ||
12369 | |||
12370 | |||
12371 | fi | ||
12372 | rm -f core conftest.err conftest.$ac_objext \ | ||
12373 | conftest$ac_exeext conftest.$ac_ext | ||
12374 | |||
12375 | |||
12376 | fi | ||
12377 | rm -f core conftest.err conftest.$ac_objext \ | ||
12378 | conftest$ac_exeext conftest.$ac_ext | ||
12379 | |||
12380 | # Determine OpenSSL header version | ||
12381 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5 | ||
12382 | $as_echo_n "checking OpenSSL header version... " >&6; } | ||
12383 | if test "$cross_compiling" = yes; then : | ||
12384 | |||
12385 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
12386 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
12387 | |||
12388 | |||
12389 | else | ||
12390 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12391 | /* end confdefs.h. */ | ||
12392 | |||
12393 | #include <stdlib.h> | ||
12394 | #include <stdio.h> | ||
12395 | #include <string.h> | ||
12396 | #include <openssl/opensslv.h> | ||
12397 | #define DATA "conftest.sslincver" | ||
12398 | |||
12399 | int | ||
12400 | main () | ||
12401 | { | ||
12402 | |||
12403 | FILE *fd; | ||
12404 | int rc; | ||
12405 | |||
12406 | fd = fopen(DATA,"w"); | ||
12407 | if(fd == NULL) | ||
12408 | exit(1); | ||
12409 | |||
12410 | if ((rc = fprintf(fd, "%08lx (%s)\n", | ||
12411 | (unsigned long)OPENSSL_VERSION_NUMBER, | ||
12412 | OPENSSL_VERSION_TEXT)) < 0) | ||
12413 | exit(1); | ||
12414 | |||
12415 | exit(0); | ||
12416 | |||
12417 | ; | ||
12418 | return 0; | ||
12419 | } | ||
12420 | _ACEOF | ||
12421 | if ac_fn_c_try_run "$LINENO"; then : | ||
12422 | |||
12423 | ssl_header_ver=`cat conftest.sslincver` | ||
12424 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5 | ||
12425 | $as_echo "$ssl_header_ver" >&6; } | ||
12426 | |||
12427 | else | ||
12428 | |||
12429 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
12430 | $as_echo "not found" >&6; } | ||
12431 | as_fn_error $? "OpenSSL version header not found." "$LINENO" 5 | ||
12432 | |||
12433 | fi | ||
12434 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12435 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12436 | fi | ||
12437 | |||
12438 | |||
12439 | # Determine OpenSSL library version | ||
12440 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5 | ||
12441 | $as_echo_n "checking OpenSSL library version... " >&6; } | ||
12442 | if test "$cross_compiling" = yes; then : | ||
12443 | |||
12444 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
12445 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
12446 | |||
12447 | |||
12448 | else | ||
12449 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12450 | /* end confdefs.h. */ | ||
12451 | |||
12452 | #include <stdio.h> | ||
12453 | #include <string.h> | ||
12454 | #include <openssl/opensslv.h> | ||
12455 | #include <openssl/crypto.h> | ||
12456 | #define DATA "conftest.ssllibver" | ||
12457 | |||
12458 | int | ||
12459 | main () | ||
12460 | { | ||
12461 | |||
12462 | FILE *fd; | ||
12463 | int rc; | ||
12464 | |||
12465 | fd = fopen(DATA,"w"); | ||
12466 | if(fd == NULL) | ||
12467 | exit(1); | ||
12468 | |||
12469 | if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), | ||
12470 | SSLeay_version(SSLEAY_VERSION))) < 0) | ||
12471 | exit(1); | ||
12472 | |||
12473 | exit(0); | ||
12474 | |||
12475 | ; | ||
12476 | return 0; | ||
12477 | } | ||
12478 | _ACEOF | ||
12479 | if ac_fn_c_try_run "$LINENO"; then : | ||
12480 | |||
12481 | ssl_library_ver=`cat conftest.ssllibver` | ||
12482 | # Check version is supported. | ||
12483 | case "$ssl_library_ver" in | ||
12484 | 10000*|0*) | ||
12485 | as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5 | ||
12486 | ;; | ||
12487 | *) ;; | ||
12488 | esac | ||
12489 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 | ||
12490 | $as_echo "$ssl_library_ver" >&6; } | ||
12491 | |||
12492 | else | ||
12493 | |||
12494 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
12495 | $as_echo "not found" >&6; } | ||
12496 | as_fn_error $? "OpenSSL library not found." "$LINENO" 5 | ||
12497 | |||
12498 | fi | ||
12499 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12500 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12501 | fi | ||
12502 | |||
12503 | |||
12504 | # Sanity check OpenSSL headers | ||
12505 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5 | ||
12506 | $as_echo_n "checking whether OpenSSL's headers match the library... " >&6; } | ||
12507 | if test "$cross_compiling" = yes; then : | ||
12508 | |||
12509 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
12510 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
12511 | |||
12512 | |||
12513 | else | ||
12514 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12515 | /* end confdefs.h. */ | ||
12516 | |||
12517 | #include <string.h> | ||
12518 | #include <openssl/opensslv.h> | ||
12519 | #include <openssl/crypto.h> | ||
12520 | |||
12521 | int | ||
12522 | main () | ||
12523 | { | ||
12524 | |||
12525 | exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); | ||
12526 | |||
12527 | ; | ||
12528 | return 0; | ||
12529 | } | ||
12530 | _ACEOF | ||
12531 | if ac_fn_c_try_run "$LINENO"; then : | ||
12532 | |||
12533 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12534 | $as_echo "yes" >&6; } | ||
12535 | |||
12536 | else | ||
12537 | |||
12538 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12539 | $as_echo "no" >&6; } | ||
12540 | if test "x$openssl_check_nonfatal" = "x"; then | ||
12541 | as_fn_error $? "Your OpenSSL headers do not match your | ||
12542 | library. Check config.log for details. | ||
12543 | If you are sure your installation is consistent, you can disable the check | ||
12544 | by running \"./configure --without-openssl-header-check\". | ||
12545 | Also see contrib/findssl.sh for help identifying header/library mismatches. | ||
12546 | " "$LINENO" 5 | ||
12547 | else | ||
12548 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your | ||
12549 | library. Check config.log for details. | ||
12550 | Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 | ||
12551 | $as_echo "$as_me: WARNING: Your OpenSSL headers do not match your | ||
12552 | library. Check config.log for details. | ||
12553 | Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;} | ||
12554 | fi | ||
12555 | |||
12556 | fi | ||
12557 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
12558 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
12559 | fi | ||
12560 | |||
12561 | |||
12562 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5 | ||
12563 | $as_echo_n "checking if programs using OpenSSL functions will link... " >&6; } | ||
12564 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12565 | /* end confdefs.h. */ | ||
12566 | #include <openssl/evp.h> | ||
12567 | int | ||
12568 | main () | ||
12569 | { | ||
12570 | SSLeay_add_all_algorithms(); | ||
12571 | ; | ||
12572 | return 0; | ||
12573 | } | ||
12574 | _ACEOF | ||
12575 | if ac_fn_c_try_link "$LINENO"; then : | ||
12576 | |||
12577 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12578 | $as_echo "yes" >&6; } | ||
12579 | |||
12580 | else | ||
12581 | |||
12582 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12583 | $as_echo "no" >&6; } | ||
12584 | saved_LIBS="$LIBS" | ||
12585 | LIBS="$LIBS -ldl" | ||
12586 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5 | ||
12587 | $as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; } | ||
12588 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12589 | /* end confdefs.h. */ | ||
12590 | #include <openssl/evp.h> | ||
12591 | int | ||
12592 | main () | ||
12593 | { | ||
12594 | SSLeay_add_all_algorithms(); | ||
12595 | ; | ||
12596 | return 0; | ||
12597 | } | ||
12598 | _ACEOF | ||
12599 | if ac_fn_c_try_link "$LINENO"; then : | ||
12600 | |||
12601 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12602 | $as_echo "yes" >&6; } | ||
12603 | |||
12604 | else | ||
12605 | |||
12606 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12607 | $as_echo "no" >&6; } | ||
12608 | LIBS="$saved_LIBS" | ||
12609 | |||
12610 | |||
12611 | fi | ||
12612 | rm -f core conftest.err conftest.$ac_objext \ | ||
12613 | conftest$ac_exeext conftest.$ac_ext | ||
12614 | |||
12615 | |||
12616 | fi | ||
12617 | rm -f core conftest.err conftest.$ac_objext \ | ||
12618 | conftest$ac_exeext conftest.$ac_ext | ||
12619 | |||
12620 | for ac_func in \ | ||
12621 | BN_is_prime_ex \ | ||
12622 | DSA_generate_parameters_ex \ | ||
12623 | EVP_DigestInit_ex \ | ||
12624 | EVP_DigestFinal_ex \ | ||
12625 | EVP_MD_CTX_init \ | ||
12626 | EVP_MD_CTX_cleanup \ | ||
12627 | EVP_MD_CTX_copy_ex \ | ||
12628 | HMAC_CTX_init \ | ||
12629 | RSA_generate_key_ex \ | ||
12630 | RSA_get_default_method \ | ||
12631 | |||
12632 | do : | ||
12633 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
12634 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
12635 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
12636 | cat >>confdefs.h <<_ACEOF | ||
12637 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
12638 | _ACEOF | ||
12639 | |||
12640 | fi | ||
12641 | done | ||
12642 | |||
12643 | |||
12644 | if test "x$openssl_engine" = "xyes" ; then | ||
12645 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5 | ||
12646 | $as_echo_n "checking for OpenSSL ENGINE support... " >&6; } | ||
12647 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12648 | /* end confdefs.h. */ | ||
12649 | |||
12650 | #include <openssl/engine.h> | ||
12651 | |||
12652 | int | ||
12653 | main () | ||
12654 | { | ||
12655 | |||
12656 | ENGINE_load_builtin_engines(); | ||
12657 | ENGINE_register_all_complete(); | ||
12658 | |||
12659 | ; | ||
12660 | return 0; | ||
12661 | } | ||
12662 | _ACEOF | ||
12663 | if ac_fn_c_try_compile "$LINENO"; then : | ||
12664 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12665 | $as_echo "yes" >&6; } | ||
12666 | |||
12667 | $as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h | ||
12668 | |||
12669 | |||
12670 | else | ||
12671 | as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5 | ||
12672 | |||
12673 | fi | ||
12674 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
12675 | fi | ||
12676 | |||
12677 | # Check for OpenSSL without EVP_aes_{192,256}_cbc | ||
12678 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5 | ||
12679 | $as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; } | ||
12680 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12681 | /* end confdefs.h. */ | ||
12682 | |||
12683 | #include <string.h> | ||
12684 | #include <openssl/evp.h> | ||
12685 | |||
12686 | int | ||
12687 | main () | ||
12688 | { | ||
12689 | |||
12690 | exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); | ||
12691 | |||
12692 | ; | ||
12693 | return 0; | ||
12694 | } | ||
12695 | _ACEOF | ||
12696 | if ac_fn_c_try_link "$LINENO"; then : | ||
12697 | |||
12698 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12699 | $as_echo "no" >&6; } | ||
12700 | |||
12701 | else | ||
12702 | |||
12703 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12704 | $as_echo "yes" >&6; } | ||
12705 | |||
12706 | $as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h | ||
12707 | |||
12708 | |||
12709 | |||
12710 | fi | ||
12711 | rm -f core conftest.err conftest.$ac_objext \ | ||
12712 | conftest$ac_exeext conftest.$ac_ext | ||
12713 | |||
12714 | # Check for OpenSSL with EVP_aes_*ctr | ||
12715 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5 | ||
12716 | $as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; } | ||
12717 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12718 | /* end confdefs.h. */ | ||
12719 | |||
12720 | #include <string.h> | ||
12721 | #include <openssl/evp.h> | ||
12722 | |||
12723 | int | ||
12724 | main () | ||
12725 | { | ||
12726 | |||
12727 | exit(EVP_aes_128_ctr() == NULL || | ||
12728 | EVP_aes_192_cbc() == NULL || | ||
12729 | EVP_aes_256_cbc() == NULL); | ||
12730 | |||
12731 | ; | ||
12732 | return 0; | ||
12733 | } | ||
12734 | _ACEOF | ||
12735 | if ac_fn_c_try_link "$LINENO"; then : | ||
12736 | |||
12737 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12738 | $as_echo "yes" >&6; } | ||
12739 | |||
12740 | $as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h | ||
12741 | |||
12742 | |||
12743 | else | ||
12744 | |||
12745 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12746 | $as_echo "no" >&6; } | ||
12747 | |||
12748 | |||
12749 | fi | ||
12750 | rm -f core conftest.err conftest.$ac_objext \ | ||
12751 | conftest$ac_exeext conftest.$ac_ext | ||
12752 | |||
12753 | # Check for OpenSSL with EVP_aes_*gcm | ||
12754 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5 | ||
12755 | $as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; } | ||
12756 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12757 | /* end confdefs.h. */ | ||
12758 | |||
12759 | #include <string.h> | ||
12760 | #include <openssl/evp.h> | ||
12761 | |||
12762 | int | ||
12763 | main () | ||
12764 | { | ||
12765 | |||
12766 | exit(EVP_aes_128_gcm() == NULL || | ||
12767 | EVP_aes_256_gcm() == NULL || | ||
12768 | EVP_CTRL_GCM_SET_IV_FIXED == 0 || | ||
12769 | EVP_CTRL_GCM_IV_GEN == 0 || | ||
12770 | EVP_CTRL_GCM_SET_TAG == 0 || | ||
12771 | EVP_CTRL_GCM_GET_TAG == 0 || | ||
12772 | EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); | ||
12773 | |||
12774 | ; | ||
12775 | return 0; | ||
12776 | } | ||
12777 | _ACEOF | ||
12778 | if ac_fn_c_try_link "$LINENO"; then : | ||
12779 | |||
12780 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12781 | $as_echo "yes" >&6; } | ||
12782 | |||
12783 | $as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h | ||
12784 | |||
12785 | |||
12786 | else | ||
12787 | |||
12788 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12789 | $as_echo "no" >&6; } | ||
12790 | unsupported_algorithms="$unsupported_cipers \ | ||
12791 | aes128-gcm@openssh.com \ | ||
12792 | aes256-gcm@openssh.com" | ||
12793 | |||
12794 | |||
12795 | fi | ||
12796 | rm -f core conftest.err conftest.$ac_objext \ | ||
12797 | conftest$ac_exeext conftest.$ac_ext | ||
12798 | |||
12799 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5 | ||
12800 | $as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; } | ||
12801 | if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then : | ||
12802 | $as_echo_n "(cached) " >&6 | ||
12803 | else | ||
12804 | ac_func_search_save_LIBS=$LIBS | ||
12805 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12806 | /* end confdefs.h. */ | ||
12807 | |||
12808 | /* Override any GCC internal prototype to avoid an error. | ||
12809 | Use char because int might match the return type of a GCC | ||
12810 | builtin and then its argument prototype would still apply. */ | ||
12811 | #ifdef __cplusplus | ||
12812 | extern "C" | ||
12813 | #endif | ||
12814 | char EVP_CIPHER_CTX_ctrl (); | ||
12815 | int | ||
12816 | main () | ||
12817 | { | ||
12818 | return EVP_CIPHER_CTX_ctrl (); | ||
12819 | ; | ||
12820 | return 0; | ||
12821 | } | ||
12822 | _ACEOF | ||
12823 | for ac_lib in '' crypto; do | ||
12824 | if test -z "$ac_lib"; then | ||
12825 | ac_res="none required" | ||
12826 | else | ||
12827 | ac_res=-l$ac_lib | ||
12828 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
12829 | fi | ||
12830 | if ac_fn_c_try_link "$LINENO"; then : | ||
12831 | ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res | ||
12832 | fi | ||
12833 | rm -f core conftest.err conftest.$ac_objext \ | ||
12834 | conftest$ac_exeext | ||
12835 | if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then : | ||
12836 | break | ||
12837 | fi | ||
12838 | done | ||
12839 | if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then : | ||
12840 | |||
12841 | else | ||
12842 | ac_cv_search_EVP_CIPHER_CTX_ctrl=no | ||
12843 | fi | ||
12844 | rm conftest.$ac_ext | ||
12845 | LIBS=$ac_func_search_save_LIBS | ||
12846 | fi | ||
12847 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5 | ||
12848 | $as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; } | ||
12849 | ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl | ||
12850 | if test "$ac_res" != no; then : | ||
12851 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
12852 | |||
12853 | $as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h | ||
12854 | |||
12855 | fi | ||
12856 | |||
12857 | |||
12858 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5 | ||
12859 | $as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; } | ||
12860 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12861 | /* end confdefs.h. */ | ||
12862 | |||
12863 | #include <string.h> | ||
12864 | #include <openssl/evp.h> | ||
12865 | |||
12866 | int | ||
12867 | main () | ||
12868 | { | ||
12869 | |||
12870 | if(EVP_DigestUpdate(NULL, NULL,0)) | ||
12871 | exit(0); | ||
12872 | |||
12873 | ; | ||
12874 | return 0; | ||
12875 | } | ||
12876 | _ACEOF | ||
12877 | if ac_fn_c_try_link "$LINENO"; then : | ||
12878 | |||
12879 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
12880 | $as_echo "yes" >&6; } | ||
12881 | |||
12882 | else | ||
12883 | |||
12884 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
12885 | $as_echo "no" >&6; } | ||
12886 | |||
12887 | $as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h | ||
12888 | |||
12889 | |||
12890 | |||
12891 | fi | ||
12892 | rm -f core conftest.err conftest.$ac_objext \ | ||
12893 | conftest$ac_exeext conftest.$ac_ext | ||
12894 | |||
12895 | # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, | ||
12896 | # because the system crypt() is more featureful. | ||
12897 | if test "x$check_for_libcrypt_before" = "x1"; then | ||
12898 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 | ||
12899 | $as_echo_n "checking for crypt in -lcrypt... " >&6; } | ||
12900 | if ${ac_cv_lib_crypt_crypt+:} false; then : | ||
12901 | $as_echo_n "(cached) " >&6 | ||
12902 | else | ||
12903 | ac_check_lib_save_LIBS=$LIBS | ||
12904 | LIBS="-lcrypt $LIBS" | ||
12905 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12906 | /* end confdefs.h. */ | ||
12907 | |||
12908 | /* Override any GCC internal prototype to avoid an error. | ||
12909 | Use char because int might match the return type of a GCC | ||
12910 | builtin and then its argument prototype would still apply. */ | ||
12911 | #ifdef __cplusplus | ||
12912 | extern "C" | ||
12913 | #endif | ||
12914 | char crypt (); | ||
12915 | int | ||
12916 | main () | ||
12917 | { | ||
12918 | return crypt (); | ||
12919 | ; | ||
12920 | return 0; | ||
12921 | } | ||
12922 | _ACEOF | ||
12923 | if ac_fn_c_try_link "$LINENO"; then : | ||
12924 | ac_cv_lib_crypt_crypt=yes | ||
12925 | else | ||
12926 | ac_cv_lib_crypt_crypt=no | ||
12927 | fi | ||
12928 | rm -f core conftest.err conftest.$ac_objext \ | ||
12929 | conftest$ac_exeext conftest.$ac_ext | ||
12930 | LIBS=$ac_check_lib_save_LIBS | ||
12931 | fi | ||
12932 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 | ||
12933 | $as_echo "$ac_cv_lib_crypt_crypt" >&6; } | ||
12934 | if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | ||
12935 | cat >>confdefs.h <<_ACEOF | ||
12936 | #define HAVE_LIBCRYPT 1 | ||
12937 | _ACEOF | ||
12938 | |||
12939 | LIBS="-lcrypt $LIBS" | ||
12940 | |||
12941 | fi | ||
12942 | |||
12943 | fi | ||
12944 | |||
12945 | # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the | ||
12946 | # version in OpenSSL. | ||
12947 | if test "x$check_for_libcrypt_later" = "x1"; then | ||
12948 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 | ||
12949 | $as_echo_n "checking for crypt in -lcrypt... " >&6; } | ||
12950 | if ${ac_cv_lib_crypt_crypt+:} false; then : | ||
12951 | $as_echo_n "(cached) " >&6 | ||
12952 | else | ||
12953 | ac_check_lib_save_LIBS=$LIBS | ||
12954 | LIBS="-lcrypt $LIBS" | ||
12955 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
12956 | /* end confdefs.h. */ | ||
12957 | |||
12958 | /* Override any GCC internal prototype to avoid an error. | ||
12959 | Use char because int might match the return type of a GCC | ||
12960 | builtin and then its argument prototype would still apply. */ | ||
12961 | #ifdef __cplusplus | ||
12962 | extern "C" | ||
12963 | #endif | ||
12964 | char crypt (); | ||
12965 | int | ||
12966 | main () | ||
12967 | { | ||
12968 | return crypt (); | ||
12969 | ; | ||
12970 | return 0; | ||
12971 | } | ||
12972 | _ACEOF | ||
12973 | if ac_fn_c_try_link "$LINENO"; then : | ||
12974 | ac_cv_lib_crypt_crypt=yes | ||
12975 | else | ||
12976 | ac_cv_lib_crypt_crypt=no | ||
12977 | fi | ||
12978 | rm -f core conftest.err conftest.$ac_objext \ | ||
12979 | conftest$ac_exeext conftest.$ac_ext | ||
12980 | LIBS=$ac_check_lib_save_LIBS | ||
12981 | fi | ||
12982 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 | ||
12983 | $as_echo "$ac_cv_lib_crypt_crypt" >&6; } | ||
12984 | if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | ||
12985 | LIBS="$LIBS -lcrypt" | ||
12986 | fi | ||
12987 | |||
12988 | fi | ||
12989 | for ac_func in crypt DES_crypt | ||
12990 | do : | ||
12991 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
12992 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
12993 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
12994 | cat >>confdefs.h <<_ACEOF | ||
12995 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
12996 | _ACEOF | ||
12997 | |||
12998 | fi | ||
12999 | done | ||
13000 | |||
13001 | |||
13002 | # Search for SHA256 support in libc and/or OpenSSL | ||
13003 | for ac_func in SHA256_Update EVP_sha256 | ||
13004 | do : | ||
13005 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
13006 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
13007 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
13008 | cat >>confdefs.h <<_ACEOF | ||
13009 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
13010 | _ACEOF | ||
13011 | |||
13012 | else | ||
13013 | unsupported_algorithms="$unsupported_algorithms \ | ||
13014 | hmac-sha2-256 \ | ||
13015 | hmac-sha2-512 \ | ||
13016 | diffie-hellman-group-exchange-sha256 \ | ||
13017 | hmac-sha2-256-etm@openssh.com \ | ||
13018 | hmac-sha2-512-etm@openssh.com" | ||
13019 | |||
13020 | |||
13021 | fi | ||
13022 | done | ||
13023 | |||
13024 | # Search for RIPE-MD support in OpenSSL | ||
13025 | for ac_func in EVP_ripemd160 | ||
13026 | do : | ||
13027 | ac_fn_c_check_func "$LINENO" "EVP_ripemd160" "ac_cv_func_EVP_ripemd160" | ||
13028 | if test "x$ac_cv_func_EVP_ripemd160" = xyes; then : | ||
13029 | cat >>confdefs.h <<_ACEOF | ||
13030 | #define HAVE_EVP_RIPEMD160 1 | ||
13031 | _ACEOF | ||
13032 | |||
13033 | else | ||
13034 | unsupported_algorithms="$unsupported_algorithms \ | ||
13035 | hmac-ripemd160 \ | ||
13036 | hmac-ripemd160@openssh.com \ | ||
13037 | hmac-ripemd160-etm@openssh.com" | ||
13038 | |||
13039 | |||
13040 | fi | ||
13041 | done | ||
13042 | |||
13043 | |||
13044 | # Check complete ECC support in OpenSSL | ||
13045 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_X9_62_prime256v1" >&5 | ||
13046 | $as_echo_n "checking whether OpenSSL has NID_X9_62_prime256v1... " >&6; } | ||
13047 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13048 | /* end confdefs.h. */ | ||
13049 | |||
13050 | #include <openssl/ec.h> | ||
13051 | #include <openssl/ecdh.h> | ||
13052 | #include <openssl/ecdsa.h> | ||
13053 | #include <openssl/evp.h> | ||
13054 | #include <openssl/objects.h> | ||
13055 | #include <openssl/opensslv.h> | ||
13056 | #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ | ||
13057 | # error "OpenSSL < 0.9.8g has unreliable ECC code" | ||
13058 | #endif | ||
13059 | |||
13060 | int | ||
13061 | main () | ||
13062 | { | ||
13063 | |||
13064 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | ||
13065 | const EVP_MD *m = EVP_sha256(); /* We need this too */ | ||
13066 | |||
13067 | ; | ||
13068 | return 0; | ||
13069 | } | ||
13070 | _ACEOF | ||
13071 | if ac_fn_c_try_link "$LINENO"; then : | ||
13072 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13073 | $as_echo "yes" >&6; } | ||
13074 | enable_nistp256=1 | ||
13075 | else | ||
13076 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13077 | $as_echo "no" >&6; } | ||
13078 | |||
13079 | fi | ||
13080 | rm -f core conftest.err conftest.$ac_objext \ | ||
13081 | conftest$ac_exeext conftest.$ac_ext | ||
13082 | |||
13083 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp384r1" >&5 | ||
13084 | $as_echo_n "checking whether OpenSSL has NID_secp384r1... " >&6; } | ||
13085 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13086 | /* end confdefs.h. */ | ||
13087 | |||
13088 | #include <openssl/ec.h> | ||
13089 | #include <openssl/ecdh.h> | ||
13090 | #include <openssl/ecdsa.h> | ||
13091 | #include <openssl/evp.h> | ||
13092 | #include <openssl/objects.h> | ||
13093 | #include <openssl/opensslv.h> | ||
13094 | #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ | ||
13095 | # error "OpenSSL < 0.9.8g has unreliable ECC code" | ||
13096 | #endif | ||
13097 | |||
13098 | int | ||
13099 | main () | ||
13100 | { | ||
13101 | |||
13102 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); | ||
13103 | const EVP_MD *m = EVP_sha384(); /* We need this too */ | ||
13104 | |||
13105 | ; | ||
13106 | return 0; | ||
13107 | } | ||
13108 | _ACEOF | ||
13109 | if ac_fn_c_try_link "$LINENO"; then : | ||
13110 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13111 | $as_echo "yes" >&6; } | ||
13112 | enable_nistp384=1 | ||
13113 | else | ||
13114 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13115 | $as_echo "no" >&6; } | ||
13116 | |||
13117 | fi | ||
13118 | rm -f core conftest.err conftest.$ac_objext \ | ||
13119 | conftest$ac_exeext conftest.$ac_ext | ||
13120 | |||
13121 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has NID_secp521r1" >&5 | ||
13122 | $as_echo_n "checking whether OpenSSL has NID_secp521r1... " >&6; } | ||
13123 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13124 | /* end confdefs.h. */ | ||
13125 | |||
13126 | #include <openssl/ec.h> | ||
13127 | #include <openssl/ecdh.h> | ||
13128 | #include <openssl/ecdsa.h> | ||
13129 | #include <openssl/evp.h> | ||
13130 | #include <openssl/objects.h> | ||
13131 | #include <openssl/opensslv.h> | ||
13132 | #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ | ||
13133 | # error "OpenSSL < 0.9.8g has unreliable ECC code" | ||
13134 | #endif | ||
13135 | |||
13136 | int | ||
13137 | main () | ||
13138 | { | ||
13139 | |||
13140 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); | ||
13141 | const EVP_MD *m = EVP_sha512(); /* We need this too */ | ||
13142 | |||
13143 | ; | ||
13144 | return 0; | ||
13145 | } | ||
13146 | _ACEOF | ||
13147 | if ac_fn_c_try_link "$LINENO"; then : | ||
13148 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13149 | $as_echo "yes" >&6; } | ||
13150 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's NID_secp521r1 is functional" >&5 | ||
13151 | $as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; } | ||
13152 | if test "$cross_compiling" = yes; then : | ||
13153 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling: assuming yes" >&5 | ||
13154 | $as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;} | ||
13155 | enable_nistp521=1 | ||
13156 | |||
13157 | else | ||
13158 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13159 | /* end confdefs.h. */ | ||
13160 | |||
13161 | #include <openssl/ec.h> | ||
13162 | #include <openssl/ecdh.h> | ||
13163 | #include <openssl/ecdsa.h> | ||
13164 | #include <openssl/evp.h> | ||
13165 | #include <openssl/objects.h> | ||
13166 | #include <openssl/opensslv.h> | ||
13167 | |||
13168 | int | ||
13169 | main () | ||
13170 | { | ||
13171 | |||
13172 | EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); | ||
13173 | const EVP_MD *m = EVP_sha512(); /* We need this too */ | ||
13174 | exit(e == NULL || m == NULL); | ||
13175 | |||
13176 | ; | ||
13177 | return 0; | ||
13178 | } | ||
13179 | _ACEOF | ||
13180 | if ac_fn_c_try_run "$LINENO"; then : | ||
13181 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13182 | $as_echo "yes" >&6; } | ||
13183 | enable_nistp521=1 | ||
13184 | else | ||
13185 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13186 | $as_echo "no" >&6; } | ||
13187 | fi | ||
13188 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
13189 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
13190 | fi | ||
13191 | |||
13192 | else | ||
13193 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13194 | $as_echo "no" >&6; } | ||
13195 | |||
13196 | fi | ||
13197 | rm -f core conftest.err conftest.$ac_objext \ | ||
13198 | conftest$ac_exeext conftest.$ac_ext | ||
13199 | |||
13200 | COMMENT_OUT_ECC="#no ecc#" | ||
13201 | TEST_SSH_ECC=no | ||
13202 | |||
13203 | if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ | ||
13204 | test x$enable_nistp521 = x1; then | ||
13205 | |||
13206 | $as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h | ||
13207 | |||
13208 | fi | ||
13209 | if test x$enable_nistp256 = x1; then | ||
13210 | |||
13211 | $as_echo "#define OPENSSL_HAS_NISTP256 1" >>confdefs.h | ||
13212 | |||
13213 | TEST_SSH_ECC=yes | ||
13214 | COMMENT_OUT_ECC="" | ||
13215 | else | ||
13216 | unsupported_algorithms="$unsupported_algorithms \ | ||
13217 | ecdsa-sha2-nistp256 \ | ||
13218 | ecdh-sha2-nistp256 \ | ||
13219 | ecdsa-sha2-nistp256-cert-v01@openssh.com" | ||
13220 | fi | ||
13221 | if test x$enable_nistp384 = x1; then | ||
13222 | |||
13223 | $as_echo "#define OPENSSL_HAS_NISTP384 1" >>confdefs.h | ||
13224 | |||
13225 | TEST_SSH_ECC=yes | ||
13226 | COMMENT_OUT_ECC="" | ||
13227 | else | ||
13228 | unsupported_algorithms="$unsupported_algorithms \ | ||
13229 | ecdsa-sha2-nistp384 \ | ||
13230 | ecdh-sha2-nistp384 \ | ||
13231 | ecdsa-sha2-nistp384-cert-v01@openssh.com" | ||
13232 | fi | ||
13233 | if test x$enable_nistp521 = x1; then | ||
13234 | |||
13235 | $as_echo "#define OPENSSL_HAS_NISTP521 1" >>confdefs.h | ||
13236 | |||
13237 | TEST_SSH_ECC=yes | ||
13238 | COMMENT_OUT_ECC="" | ||
13239 | else | ||
13240 | unsupported_algorithms="$unsupported_algorithms \ | ||
13241 | ecdh-sha2-nistp521 \ | ||
13242 | ecdsa-sha2-nistp521 \ | ||
13243 | ecdsa-sha2-nistp521-cert-v01@openssh.com" | ||
13244 | fi | ||
13245 | |||
13246 | |||
13247 | |||
13248 | else | ||
13249 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 | ||
13250 | $as_echo_n "checking for crypt in -lcrypt... " >&6; } | ||
13251 | if ${ac_cv_lib_crypt_crypt+:} false; then : | ||
13252 | $as_echo_n "(cached) " >&6 | ||
13253 | else | ||
13254 | ac_check_lib_save_LIBS=$LIBS | ||
13255 | LIBS="-lcrypt $LIBS" | ||
13256 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13257 | /* end confdefs.h. */ | ||
13258 | |||
13259 | /* Override any GCC internal prototype to avoid an error. | ||
13260 | Use char because int might match the return type of a GCC | ||
13261 | builtin and then its argument prototype would still apply. */ | ||
13262 | #ifdef __cplusplus | ||
13263 | extern "C" | ||
13264 | #endif | ||
13265 | char crypt (); | ||
13266 | int | ||
13267 | main () | ||
13268 | { | ||
13269 | return crypt (); | ||
13270 | ; | ||
13271 | return 0; | ||
13272 | } | ||
13273 | _ACEOF | ||
13274 | if ac_fn_c_try_link "$LINENO"; then : | ||
13275 | ac_cv_lib_crypt_crypt=yes | ||
13276 | else | ||
13277 | ac_cv_lib_crypt_crypt=no | ||
13278 | fi | ||
13279 | rm -f core conftest.err conftest.$ac_objext \ | ||
13280 | conftest$ac_exeext conftest.$ac_ext | ||
13281 | LIBS=$ac_check_lib_save_LIBS | ||
13282 | fi | ||
13283 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 | ||
13284 | $as_echo "$ac_cv_lib_crypt_crypt" >&6; } | ||
13285 | if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | ||
13286 | LIBS="$LIBS -lcrypt" | ||
13287 | fi | ||
13288 | |||
13289 | for ac_func in crypt | ||
13290 | do : | ||
13291 | ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt" | ||
13292 | if test "x$ac_cv_func_crypt" = xyes; then : | ||
13293 | cat >>confdefs.h <<_ACEOF | ||
13294 | #define HAVE_CRYPT 1 | ||
13295 | _ACEOF | ||
13296 | |||
13297 | fi | ||
13298 | done | ||
13299 | |||
13300 | fi | ||
13301 | |||
13302 | for ac_func in \ | ||
13303 | arc4random \ | ||
13304 | arc4random_buf \ | ||
13305 | arc4random_stir \ | ||
13306 | arc4random_uniform \ | ||
13307 | |||
13308 | do : | ||
13309 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
13310 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
13311 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
13312 | cat >>confdefs.h <<_ACEOF | ||
13313 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
13314 | _ACEOF | ||
13315 | |||
13316 | fi | ||
13317 | done | ||
13318 | |||
13319 | |||
13320 | saved_LIBS="$LIBS" | ||
13321 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5 | ||
13322 | $as_echo_n "checking for ia_openinfo in -liaf... " >&6; } | ||
13323 | if ${ac_cv_lib_iaf_ia_openinfo+:} false; then : | ||
13324 | $as_echo_n "(cached) " >&6 | ||
13325 | else | ||
13326 | ac_check_lib_save_LIBS=$LIBS | ||
13327 | LIBS="-liaf $LIBS" | ||
13328 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13329 | /* end confdefs.h. */ | ||
13330 | |||
13331 | /* Override any GCC internal prototype to avoid an error. | ||
13332 | Use char because int might match the return type of a GCC | ||
13333 | builtin and then its argument prototype would still apply. */ | ||
13334 | #ifdef __cplusplus | ||
13335 | extern "C" | ||
13336 | #endif | ||
13337 | char ia_openinfo (); | ||
13338 | int | ||
13339 | main () | ||
13340 | { | ||
13341 | return ia_openinfo (); | ||
13342 | ; | ||
13343 | return 0; | ||
13344 | } | ||
13345 | _ACEOF | ||
13346 | if ac_fn_c_try_link "$LINENO"; then : | ||
13347 | ac_cv_lib_iaf_ia_openinfo=yes | ||
13348 | else | ||
13349 | ac_cv_lib_iaf_ia_openinfo=no | ||
13350 | fi | ||
13351 | rm -f core conftest.err conftest.$ac_objext \ | ||
13352 | conftest$ac_exeext conftest.$ac_ext | ||
13353 | LIBS=$ac_check_lib_save_LIBS | ||
13354 | fi | ||
13355 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5 | ||
13356 | $as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; } | ||
13357 | if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then : | ||
13358 | |||
13359 | LIBS="$LIBS -liaf" | ||
13360 | for ac_func in set_id | ||
13361 | do : | ||
13362 | ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id" | ||
13363 | if test "x$ac_cv_func_set_id" = xyes; then : | ||
13364 | cat >>confdefs.h <<_ACEOF | ||
13365 | #define HAVE_SET_ID 1 | ||
13366 | _ACEOF | ||
13367 | SSHDLIBS="$SSHDLIBS -liaf" | ||
13368 | |||
13369 | $as_echo "#define HAVE_LIBIAF 1" >>confdefs.h | ||
13370 | |||
13371 | |||
13372 | fi | ||
13373 | done | ||
13374 | |||
13375 | |||
13376 | fi | ||
13377 | |||
13378 | LIBS="$saved_LIBS" | ||
13379 | |||
13380 | ### Configure cryptographic random number support | ||
13381 | |||
13382 | # Check wheter OpenSSL seeds itself | ||
13383 | if test "x$openssl" = "xyes" ; then | ||
13384 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5 | ||
13385 | $as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; } | ||
13386 | if test "$cross_compiling" = yes; then : | ||
13387 | |||
13388 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
13389 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
13390 | # This is safe, since we will fatal() at runtime if | ||
13391 | # OpenSSL is not seeded correctly. | ||
13392 | OPENSSL_SEEDS_ITSELF=yes | ||
13393 | |||
13394 | |||
13395 | else | ||
13396 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13397 | /* end confdefs.h. */ | ||
13398 | |||
13399 | #include <string.h> | ||
13400 | #include <openssl/rand.h> | ||
13401 | |||
13402 | int | ||
13403 | main () | ||
13404 | { | ||
13405 | |||
13406 | exit(RAND_status() == 1 ? 0 : 1); | ||
13407 | |||
13408 | ; | ||
13409 | return 0; | ||
13410 | } | ||
13411 | _ACEOF | ||
13412 | if ac_fn_c_try_run "$LINENO"; then : | ||
13413 | |||
13414 | OPENSSL_SEEDS_ITSELF=yes | ||
13415 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13416 | $as_echo "yes" >&6; } | ||
13417 | |||
13418 | else | ||
13419 | |||
13420 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13421 | $as_echo "no" >&6; } | ||
13422 | |||
13423 | fi | ||
13424 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
13425 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
13426 | fi | ||
13427 | |||
13428 | fi | ||
13429 | |||
13430 | # PRNGD TCP socket | ||
13431 | |||
13432 | # Check whether --with-prngd-port was given. | ||
13433 | if test "${with_prngd_port+set}" = set; then : | ||
13434 | withval=$with_prngd_port; | ||
13435 | case "$withval" in | ||
13436 | no) | ||
13437 | withval="" | ||
13438 | ;; | ||
13439 | [0-9]*) | ||
13440 | ;; | ||
13441 | *) | ||
13442 | as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5 | ||
13443 | ;; | ||
13444 | esac | ||
13445 | if test ! -z "$withval" ; then | ||
13446 | PRNGD_PORT="$withval" | ||
13447 | |||
13448 | cat >>confdefs.h <<_ACEOF | ||
13449 | #define PRNGD_PORT $PRNGD_PORT | ||
13450 | _ACEOF | ||
13451 | |||
13452 | fi | ||
13453 | |||
13454 | |||
13455 | fi | ||
13456 | |||
13457 | |||
13458 | # PRNGD Unix domain socket | ||
13459 | |||
13460 | # Check whether --with-prngd-socket was given. | ||
13461 | if test "${with_prngd_socket+set}" = set; then : | ||
13462 | withval=$with_prngd_socket; | ||
13463 | case "$withval" in | ||
13464 | yes) | ||
13465 | withval="/var/run/egd-pool" | ||
13466 | ;; | ||
13467 | no) | ||
13468 | withval="" | ||
13469 | ;; | ||
13470 | /*) | ||
13471 | ;; | ||
13472 | *) | ||
13473 | as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5 | ||
13474 | ;; | ||
13475 | esac | ||
13476 | |||
13477 | if test ! -z "$withval" ; then | ||
13478 | if test ! -z "$PRNGD_PORT" ; then | ||
13479 | as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5 | ||
13480 | fi | ||
13481 | if test ! -r "$withval" ; then | ||
13482 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5 | ||
13483 | $as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;} | ||
13484 | fi | ||
13485 | PRNGD_SOCKET="$withval" | ||
13486 | |||
13487 | cat >>confdefs.h <<_ACEOF | ||
13488 | #define PRNGD_SOCKET "$PRNGD_SOCKET" | ||
13489 | _ACEOF | ||
13490 | |||
13491 | fi | ||
13492 | |||
13493 | else | ||
13494 | |||
13495 | # Check for existing socket only if we don't have a random device already | ||
13496 | if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then | ||
13497 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5 | ||
13498 | $as_echo_n "checking for PRNGD/EGD socket... " >&6; } | ||
13499 | # Insert other locations here | ||
13500 | for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do | ||
13501 | if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then | ||
13502 | PRNGD_SOCKET="$sock" | ||
13503 | cat >>confdefs.h <<_ACEOF | ||
13504 | #define PRNGD_SOCKET "$PRNGD_SOCKET" | ||
13505 | _ACEOF | ||
13506 | |||
13507 | break; | ||
13508 | fi | ||
13509 | done | ||
13510 | if test ! -z "$PRNGD_SOCKET" ; then | ||
13511 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5 | ||
13512 | $as_echo "$PRNGD_SOCKET" >&6; } | ||
13513 | else | ||
13514 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
13515 | $as_echo "not found" >&6; } | ||
13516 | fi | ||
13517 | fi | ||
13518 | |||
13519 | |||
13520 | fi | ||
13521 | |||
13522 | |||
13523 | # Which randomness source do we use? | ||
13524 | if test ! -z "$PRNGD_PORT" ; then | ||
13525 | RAND_MSG="PRNGd port $PRNGD_PORT" | ||
13526 | elif test ! -z "$PRNGD_SOCKET" ; then | ||
13527 | RAND_MSG="PRNGd socket $PRNGD_SOCKET" | ||
13528 | elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then | ||
13529 | |||
13530 | $as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h | ||
13531 | |||
13532 | RAND_MSG="OpenSSL internal ONLY" | ||
13533 | elif test "x$openssl" = "xno" ; then | ||
13534 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5 | ||
13535 | $as_echo "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;} | ||
13536 | else | ||
13537 | as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5 | ||
13538 | fi | ||
13539 | |||
13540 | # Check for PAM libs | ||
13541 | PAM_MSG="no" | ||
13542 | |||
13543 | # Check whether --with-pam was given. | ||
13544 | if test "${with_pam+set}" = set; then : | ||
13545 | withval=$with_pam; | ||
13546 | if test "x$withval" != "xno" ; then | ||
13547 | if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ | ||
13548 | test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then | ||
13549 | as_fn_error $? "PAM headers not found" "$LINENO" 5 | ||
13550 | fi | ||
13551 | |||
13552 | saved_LIBS="$LIBS" | ||
13553 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 | ||
13554 | $as_echo_n "checking for dlopen in -ldl... " >&6; } | ||
13555 | if ${ac_cv_lib_dl_dlopen+:} false; then : | ||
13556 | $as_echo_n "(cached) " >&6 | ||
13557 | else | ||
13558 | ac_check_lib_save_LIBS=$LIBS | ||
13559 | LIBS="-ldl $LIBS" | ||
13560 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13561 | /* end confdefs.h. */ | ||
13562 | |||
13563 | /* Override any GCC internal prototype to avoid an error. | ||
13564 | Use char because int might match the return type of a GCC | ||
13565 | builtin and then its argument prototype would still apply. */ | ||
13566 | #ifdef __cplusplus | ||
13567 | extern "C" | ||
13568 | #endif | ||
13569 | char dlopen (); | ||
13570 | int | ||
13571 | main () | ||
13572 | { | ||
13573 | return dlopen (); | ||
13574 | ; | ||
13575 | return 0; | ||
13576 | } | ||
13577 | _ACEOF | ||
13578 | if ac_fn_c_try_link "$LINENO"; then : | ||
13579 | ac_cv_lib_dl_dlopen=yes | ||
13580 | else | ||
13581 | ac_cv_lib_dl_dlopen=no | ||
13582 | fi | ||
13583 | rm -f core conftest.err conftest.$ac_objext \ | ||
13584 | conftest$ac_exeext conftest.$ac_ext | ||
13585 | LIBS=$ac_check_lib_save_LIBS | ||
13586 | fi | ||
13587 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 | ||
13588 | $as_echo "$ac_cv_lib_dl_dlopen" >&6; } | ||
13589 | if test "x$ac_cv_lib_dl_dlopen" = xyes; then : | ||
13590 | cat >>confdefs.h <<_ACEOF | ||
13591 | #define HAVE_LIBDL 1 | ||
13592 | _ACEOF | ||
13593 | |||
13594 | LIBS="-ldl $LIBS" | ||
13595 | |||
13596 | fi | ||
13597 | |||
13598 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5 | ||
13599 | $as_echo_n "checking for pam_set_item in -lpam... " >&6; } | ||
13600 | if ${ac_cv_lib_pam_pam_set_item+:} false; then : | ||
13601 | $as_echo_n "(cached) " >&6 | ||
13602 | else | ||
13603 | ac_check_lib_save_LIBS=$LIBS | ||
13604 | LIBS="-lpam $LIBS" | ||
13605 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13606 | /* end confdefs.h. */ | ||
13607 | |||
13608 | /* Override any GCC internal prototype to avoid an error. | ||
13609 | Use char because int might match the return type of a GCC | ||
13610 | builtin and then its argument prototype would still apply. */ | ||
13611 | #ifdef __cplusplus | ||
13612 | extern "C" | ||
13613 | #endif | ||
13614 | char pam_set_item (); | ||
13615 | int | ||
13616 | main () | ||
13617 | { | ||
13618 | return pam_set_item (); | ||
13619 | ; | ||
13620 | return 0; | ||
13621 | } | ||
13622 | _ACEOF | ||
13623 | if ac_fn_c_try_link "$LINENO"; then : | ||
13624 | ac_cv_lib_pam_pam_set_item=yes | ||
13625 | else | ||
13626 | ac_cv_lib_pam_pam_set_item=no | ||
13627 | fi | ||
13628 | rm -f core conftest.err conftest.$ac_objext \ | ||
13629 | conftest$ac_exeext conftest.$ac_ext | ||
13630 | LIBS=$ac_check_lib_save_LIBS | ||
13631 | fi | ||
13632 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5 | ||
13633 | $as_echo "$ac_cv_lib_pam_pam_set_item" >&6; } | ||
13634 | if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then : | ||
13635 | cat >>confdefs.h <<_ACEOF | ||
13636 | #define HAVE_LIBPAM 1 | ||
13637 | _ACEOF | ||
13638 | |||
13639 | LIBS="-lpam $LIBS" | ||
13640 | |||
13641 | else | ||
13642 | as_fn_error $? "*** libpam missing" "$LINENO" 5 | ||
13643 | fi | ||
13644 | |||
13645 | for ac_func in pam_getenvlist | ||
13646 | do : | ||
13647 | ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" | ||
13648 | if test "x$ac_cv_func_pam_getenvlist" = xyes; then : | ||
13649 | cat >>confdefs.h <<_ACEOF | ||
13650 | #define HAVE_PAM_GETENVLIST 1 | ||
13651 | _ACEOF | ||
13652 | |||
13653 | fi | ||
13654 | done | ||
13655 | |||
13656 | for ac_func in pam_putenv | ||
13657 | do : | ||
13658 | ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv" | ||
13659 | if test "x$ac_cv_func_pam_putenv" = xyes; then : | ||
13660 | cat >>confdefs.h <<_ACEOF | ||
13661 | #define HAVE_PAM_PUTENV 1 | ||
13662 | _ACEOF | ||
13663 | |||
13664 | fi | ||
13665 | done | ||
13666 | |||
13667 | LIBS="$saved_LIBS" | ||
13668 | |||
13669 | PAM_MSG="yes" | ||
13670 | |||
13671 | SSHDLIBS="$SSHDLIBS -lpam" | ||
13672 | |||
13673 | $as_echo "#define USE_PAM 1" >>confdefs.h | ||
13674 | |||
13675 | |||
13676 | if test $ac_cv_lib_dl_dlopen = yes; then | ||
13677 | case "$LIBS" in | ||
13678 | *-ldl*) | ||
13679 | # libdl already in LIBS | ||
13680 | ;; | ||
13681 | *) | ||
13682 | SSHDLIBS="$SSHDLIBS -ldl" | ||
13683 | ;; | ||
13684 | esac | ||
13685 | fi | ||
13686 | fi | ||
13687 | |||
13688 | |||
13689 | fi | ||
13690 | |||
13691 | |||
13692 | |||
13693 | # Check whether --with-pam-service was given. | ||
13694 | if test "${with_pam_service+set}" = set; then : | ||
13695 | withval=$with_pam_service; | ||
13696 | if test "x$withval" != "xno" && \ | ||
13697 | test "x$withval" != "xyes" ; then | ||
13698 | |||
13699 | cat >>confdefs.h <<_ACEOF | ||
13700 | #define SSHD_PAM_SERVICE "$withval" | ||
13701 | _ACEOF | ||
13702 | |||
13703 | fi | ||
13704 | |||
13705 | |||
13706 | fi | ||
13707 | |||
13708 | |||
13709 | # Check for older PAM | ||
13710 | if test "x$PAM_MSG" = "xyes" ; then | ||
13711 | # Check PAM strerror arguments (old PAM) | ||
13712 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5 | ||
13713 | $as_echo_n "checking whether pam_strerror takes only one argument... " >&6; } | ||
13714 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13715 | /* end confdefs.h. */ | ||
13716 | |||
13717 | #include <stdlib.h> | ||
13718 | #if defined(HAVE_SECURITY_PAM_APPL_H) | ||
13719 | #include <security/pam_appl.h> | ||
13720 | #elif defined (HAVE_PAM_PAM_APPL_H) | ||
13721 | #include <pam/pam_appl.h> | ||
13722 | #endif | ||
13723 | |||
13724 | int | ||
13725 | main () | ||
13726 | { | ||
13727 | |||
13728 | (void)pam_strerror((pam_handle_t *)NULL, -1); | ||
13729 | |||
13730 | ; | ||
13731 | return 0; | ||
13732 | } | ||
13733 | _ACEOF | ||
13734 | if ac_fn_c_try_compile "$LINENO"; then : | ||
13735 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13736 | $as_echo "no" >&6; } | ||
13737 | else | ||
13738 | |||
13739 | |||
13740 | $as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h | ||
13741 | |||
13742 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13743 | $as_echo "yes" >&6; } | ||
13744 | PAM_MSG="yes (old library)" | ||
13745 | |||
13746 | |||
13747 | fi | ||
13748 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
13749 | fi | ||
13750 | |||
13751 | case "$host" in | ||
13752 | *-*-cygwin*) | ||
13753 | SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER | ||
13754 | ;; | ||
13755 | *) | ||
13756 | SSH_PRIVSEP_USER=sshd | ||
13757 | ;; | ||
13758 | esac | ||
13759 | |||
13760 | # Check whether --with-privsep-user was given. | ||
13761 | if test "${with_privsep_user+set}" = set; then : | ||
13762 | withval=$with_privsep_user; | ||
13763 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
13764 | test "x${withval}" != "xyes"; then | ||
13765 | SSH_PRIVSEP_USER=$withval | ||
13766 | fi | ||
13767 | |||
13768 | |||
13769 | fi | ||
13770 | |||
13771 | if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then | ||
13772 | |||
13773 | cat >>confdefs.h <<_ACEOF | ||
13774 | #define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER | ||
13775 | _ACEOF | ||
13776 | |||
13777 | else | ||
13778 | |||
13779 | cat >>confdefs.h <<_ACEOF | ||
13780 | #define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER" | ||
13781 | _ACEOF | ||
13782 | |||
13783 | fi | ||
13784 | |||
13785 | |||
13786 | if test "x$have_linux_no_new_privs" = "x1" ; then | ||
13787 | ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" " | ||
13788 | #include <sys/types.h> | ||
13789 | #include <linux/seccomp.h> | ||
13790 | |||
13791 | " | ||
13792 | if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then : | ||
13793 | have_seccomp_filter=1 | ||
13794 | fi | ||
13795 | |||
13796 | fi | ||
13797 | if test "x$have_seccomp_filter" = "x1" ; then | ||
13798 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5 | ||
13799 | $as_echo_n "checking kernel for seccomp_filter support... " >&6; } | ||
13800 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13801 | /* end confdefs.h. */ | ||
13802 | |||
13803 | #include <errno.h> | ||
13804 | #include <elf.h> | ||
13805 | #include <linux/audit.h> | ||
13806 | #include <linux/seccomp.h> | ||
13807 | #include <stdlib.h> | ||
13808 | #include <sys/prctl.h> | ||
13809 | |||
13810 | int | ||
13811 | main () | ||
13812 | { | ||
13813 | int i = $seccomp_audit_arch; | ||
13814 | errno = 0; | ||
13815 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); | ||
13816 | exit(errno == EFAULT ? 0 : 1); | ||
13817 | ; | ||
13818 | return 0; | ||
13819 | } | ||
13820 | _ACEOF | ||
13821 | if ac_fn_c_try_link "$LINENO"; then : | ||
13822 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13823 | $as_echo "yes" >&6; } | ||
13824 | else | ||
13825 | |||
13826 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13827 | $as_echo "no" >&6; } | ||
13828 | # Disable seccomp filter as a target | ||
13829 | have_seccomp_filter=0 | ||
13830 | |||
13831 | |||
13832 | fi | ||
13833 | rm -f core conftest.err conftest.$ac_objext \ | ||
13834 | conftest$ac_exeext conftest.$ac_ext | ||
13835 | fi | ||
13836 | |||
13837 | # Decide which sandbox style to use | ||
13838 | sandbox_arg="" | ||
13839 | |||
13840 | # Check whether --with-sandbox was given. | ||
13841 | if test "${with_sandbox+set}" = set; then : | ||
13842 | withval=$with_sandbox; | ||
13843 | if test "x$withval" = "xyes" ; then | ||
13844 | sandbox_arg="" | ||
13845 | else | ||
13846 | sandbox_arg="$withval" | ||
13847 | fi | ||
13848 | |||
13849 | |||
13850 | fi | ||
13851 | |||
13852 | |||
13853 | # Some platforms (seems to be the ones that have a kernel poll(2)-type | ||
13854 | # function with which they implement select(2)) use an extra file descriptor | ||
13855 | # when calling select(2), which means we can't use the rlimit sandbox. | ||
13856 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5 | ||
13857 | $as_echo_n "checking if select works with descriptor rlimit... " >&6; } | ||
13858 | if test "$cross_compiling" = yes; then : | ||
13859 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
13860 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
13861 | |||
13862 | else | ||
13863 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13864 | /* end confdefs.h. */ | ||
13865 | |||
13866 | #include <sys/types.h> | ||
13867 | #ifdef HAVE_SYS_TIME_H | ||
13868 | # include <sys/time.h> | ||
13869 | #endif | ||
13870 | #include <sys/resource.h> | ||
13871 | #ifdef HAVE_SYS_SELECT_H | ||
13872 | # include <sys/select.h> | ||
13873 | #endif | ||
13874 | #include <errno.h> | ||
13875 | #include <fcntl.h> | ||
13876 | #include <stdlib.h> | ||
13877 | |||
13878 | int | ||
13879 | main () | ||
13880 | { | ||
13881 | |||
13882 | struct rlimit rl_zero; | ||
13883 | int fd, r; | ||
13884 | fd_set fds; | ||
13885 | struct timeval tv; | ||
13886 | |||
13887 | fd = open("/dev/null", O_RDONLY); | ||
13888 | FD_ZERO(&fds); | ||
13889 | FD_SET(fd, &fds); | ||
13890 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
13891 | setrlimit(RLIMIT_FSIZE, &rl_zero); | ||
13892 | setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
13893 | tv.tv_sec = 1; | ||
13894 | tv.tv_usec = 0; | ||
13895 | r = select(fd+1, &fds, NULL, NULL, &tv); | ||
13896 | exit (r == -1 ? 1 : 0); | ||
13897 | |||
13898 | ; | ||
13899 | return 0; | ||
13900 | } | ||
13901 | _ACEOF | ||
13902 | if ac_fn_c_try_run "$LINENO"; then : | ||
13903 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13904 | $as_echo "yes" >&6; } | ||
13905 | select_works_with_rlimit=yes | ||
13906 | else | ||
13907 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13908 | $as_echo "no" >&6; } | ||
13909 | select_works_with_rlimit=no | ||
13910 | fi | ||
13911 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
13912 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
13913 | fi | ||
13914 | |||
13915 | |||
13916 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5 | ||
13917 | $as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; } | ||
13918 | if test "$cross_compiling" = yes; then : | ||
13919 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
13920 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
13921 | |||
13922 | else | ||
13923 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13924 | /* end confdefs.h. */ | ||
13925 | |||
13926 | #include <sys/types.h> | ||
13927 | #ifdef HAVE_SYS_TIME_H | ||
13928 | # include <sys/time.h> | ||
13929 | #endif | ||
13930 | #include <sys/resource.h> | ||
13931 | #include <errno.h> | ||
13932 | #include <stdlib.h> | ||
13933 | |||
13934 | int | ||
13935 | main () | ||
13936 | { | ||
13937 | |||
13938 | struct rlimit rl_zero; | ||
13939 | int fd, r; | ||
13940 | fd_set fds; | ||
13941 | |||
13942 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
13943 | r = setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
13944 | exit (r == -1 ? 1 : 0); | ||
13945 | |||
13946 | ; | ||
13947 | return 0; | ||
13948 | } | ||
13949 | _ACEOF | ||
13950 | if ac_fn_c_try_run "$LINENO"; then : | ||
13951 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13952 | $as_echo "yes" >&6; } | ||
13953 | rlimit_nofile_zero_works=yes | ||
13954 | else | ||
13955 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13956 | $as_echo "no" >&6; } | ||
13957 | rlimit_nofile_zero_works=no | ||
13958 | fi | ||
13959 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
13960 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
13961 | fi | ||
13962 | |||
13963 | |||
13964 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5 | ||
13965 | $as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; } | ||
13966 | if test "$cross_compiling" = yes; then : | ||
13967 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 | ||
13968 | $as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} | ||
13969 | |||
13970 | else | ||
13971 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
13972 | /* end confdefs.h. */ | ||
13973 | |||
13974 | #include <sys/types.h> | ||
13975 | #include <sys/resource.h> | ||
13976 | #include <stdlib.h> | ||
13977 | |||
13978 | int | ||
13979 | main () | ||
13980 | { | ||
13981 | |||
13982 | struct rlimit rl_zero; | ||
13983 | |||
13984 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
13985 | exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); | ||
13986 | |||
13987 | ; | ||
13988 | return 0; | ||
13989 | } | ||
13990 | _ACEOF | ||
13991 | if ac_fn_c_try_run "$LINENO"; then : | ||
13992 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
13993 | $as_echo "yes" >&6; } | ||
13994 | else | ||
13995 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
13996 | $as_echo "no" >&6; } | ||
13997 | |||
13998 | $as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h | ||
13999 | |||
14000 | fi | ||
14001 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
14002 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
14003 | fi | ||
14004 | |||
14005 | |||
14006 | if test "x$sandbox_arg" = "xpledge" || \ | ||
14007 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then | ||
14008 | test "x$ac_cv_func_pledge" != "xyes" && \ | ||
14009 | as_fn_error $? "pledge sandbox requires pledge(2) support" "$LINENO" 5 | ||
14010 | SANDBOX_STYLE="pledge" | ||
14011 | |||
14012 | $as_echo "#define SANDBOX_PLEDGE 1" >>confdefs.h | ||
14013 | |||
14014 | elif test "x$sandbox_arg" = "xsystrace" || \ | ||
14015 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | ||
14016 | test "x$have_systr_policy_kill" != "x1" && \ | ||
14017 | as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5 | ||
14018 | SANDBOX_STYLE="systrace" | ||
14019 | |||
14020 | $as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h | ||
14021 | |||
14022 | elif test "x$sandbox_arg" = "xdarwin" || \ | ||
14023 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ | ||
14024 | test "x$ac_cv_header_sandbox_h" = "xyes") ; then | ||
14025 | test "x$ac_cv_func_sandbox_init" != "xyes" -o \ | ||
14026 | "x$ac_cv_header_sandbox_h" != "xyes" && \ | ||
14027 | as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5 | ||
14028 | SANDBOX_STYLE="darwin" | ||
14029 | |||
14030 | $as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h | ||
14031 | |||
14032 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | ||
14033 | ( test -z "$sandbox_arg" && \ | ||
14034 | test "x$have_seccomp_filter" = "x1" && \ | ||
14035 | test "x$ac_cv_header_elf_h" = "xyes" && \ | ||
14036 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | ||
14037 | test "x$ac_cv_header_linux_filter_h" = "xyes" && \ | ||
14038 | test "x$seccomp_audit_arch" != "x" && \ | ||
14039 | test "x$have_linux_no_new_privs" = "x1" && \ | ||
14040 | test "x$ac_cv_func_prctl" = "xyes" ) ; then | ||
14041 | test "x$seccomp_audit_arch" = "x" && \ | ||
14042 | as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5 | ||
14043 | test "x$have_linux_no_new_privs" != "x1" && \ | ||
14044 | as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5 | ||
14045 | test "x$have_seccomp_filter" != "x1" && \ | ||
14046 | as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5 | ||
14047 | test "x$ac_cv_func_prctl" != "xyes" && \ | ||
14048 | as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5 | ||
14049 | SANDBOX_STYLE="seccomp_filter" | ||
14050 | |||
14051 | $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h | ||
14052 | |||
14053 | elif test "x$sandbox_arg" = "xcapsicum" || \ | ||
14054 | ( test -z "$sandbox_arg" && \ | ||
14055 | test "x$ac_cv_header_sys_capability_h" = "xyes" && \ | ||
14056 | test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then | ||
14057 | test "x$ac_cv_header_sys_capability_h" != "xyes" && \ | ||
14058 | as_fn_error $? "capsicum sandbox requires sys/capability.h header" "$LINENO" 5 | ||
14059 | test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ | ||
14060 | as_fn_error $? "capsicum sandbox requires cap_rights_limit function" "$LINENO" 5 | ||
14061 | SANDBOX_STYLE="capsicum" | ||
14062 | |||
14063 | $as_echo "#define SANDBOX_CAPSICUM 1" >>confdefs.h | ||
14064 | |||
14065 | elif test "x$sandbox_arg" = "xrlimit" || \ | ||
14066 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ | ||
14067 | test "x$select_works_with_rlimit" = "xyes" && \ | ||
14068 | test "x$rlimit_nofile_zero_works" = "xyes" ) ; then | ||
14069 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | ||
14070 | as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 | ||
14071 | test "x$select_works_with_rlimit" != "xyes" && \ | ||
14072 | as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5 | ||
14073 | SANDBOX_STYLE="rlimit" | ||
14074 | |||
14075 | $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h | ||
14076 | |||
14077 | elif test "x$sandbox_arg" = "xsolaris" || \ | ||
14078 | ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then | ||
14079 | SANDBOX_STYLE="solaris" | ||
14080 | |||
14081 | $as_echo "#define SANDBOX_SOLARIS 1" >>confdefs.h | ||
14082 | |||
14083 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | ||
14084 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then | ||
14085 | SANDBOX_STYLE="none" | ||
14086 | |||
14087 | $as_echo "#define SANDBOX_NULL 1" >>confdefs.h | ||
14088 | |||
14089 | else | ||
14090 | as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5 | ||
14091 | fi | ||
14092 | |||
14093 | # Cheap hack to ensure NEWS-OS libraries are arranged right. | ||
14094 | if test ! -z "$SONY" ; then | ||
14095 | LIBS="$LIBS -liberty"; | ||
14096 | fi | ||
14097 | |||
14098 | # Check for long long datatypes | ||
14099 | ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" | ||
14100 | if test "x$ac_cv_type_long_long" = xyes; then : | ||
14101 | |||
14102 | cat >>confdefs.h <<_ACEOF | ||
14103 | #define HAVE_LONG_LONG 1 | ||
14104 | _ACEOF | ||
14105 | |||
14106 | |||
14107 | fi | ||
14108 | ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default" | ||
14109 | if test "x$ac_cv_type_unsigned_long_long" = xyes; then : | ||
14110 | |||
14111 | cat >>confdefs.h <<_ACEOF | ||
14112 | #define HAVE_UNSIGNED_LONG_LONG 1 | ||
14113 | _ACEOF | ||
14114 | |||
14115 | |||
14116 | fi | ||
14117 | ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default" | ||
14118 | if test "x$ac_cv_type_long_double" = xyes; then : | ||
14119 | |||
14120 | cat >>confdefs.h <<_ACEOF | ||
14121 | #define HAVE_LONG_DOUBLE 1 | ||
14122 | _ACEOF | ||
14123 | |||
14124 | |||
14125 | fi | ||
14126 | |||
14127 | |||
14128 | # Check datatype sizes | ||
14129 | # The cast to long int works around a bug in the HP C Compiler | ||
14130 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14131 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14132 | # This bug is HP SR number 8606223364. | ||
14133 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5 | ||
14134 | $as_echo_n "checking size of short int... " >&6; } | ||
14135 | if ${ac_cv_sizeof_short_int+:} false; then : | ||
14136 | $as_echo_n "(cached) " >&6 | ||
14137 | else | ||
14138 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then : | ||
14139 | |||
14140 | else | ||
14141 | if test "$ac_cv_type_short_int" = yes; then | ||
14142 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14143 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14144 | as_fn_error 77 "cannot compute sizeof (short int) | ||
14145 | See \`config.log' for more details" "$LINENO" 5; } | ||
14146 | else | ||
14147 | ac_cv_sizeof_short_int=0 | ||
14148 | fi | ||
14149 | fi | ||
14150 | |||
14151 | fi | ||
14152 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5 | ||
14153 | $as_echo "$ac_cv_sizeof_short_int" >&6; } | ||
14154 | |||
14155 | |||
14156 | |||
14157 | cat >>confdefs.h <<_ACEOF | ||
14158 | #define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int | ||
14159 | _ACEOF | ||
14160 | |||
14161 | |||
14162 | # The cast to long int works around a bug in the HP C Compiler | ||
14163 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14164 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14165 | # This bug is HP SR number 8606223364. | ||
14166 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 | ||
14167 | $as_echo_n "checking size of int... " >&6; } | ||
14168 | if ${ac_cv_sizeof_int+:} false; then : | ||
14169 | $as_echo_n "(cached) " >&6 | ||
14170 | else | ||
14171 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : | ||
14172 | |||
14173 | else | ||
14174 | if test "$ac_cv_type_int" = yes; then | ||
14175 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14176 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14177 | as_fn_error 77 "cannot compute sizeof (int) | ||
14178 | See \`config.log' for more details" "$LINENO" 5; } | ||
14179 | else | ||
14180 | ac_cv_sizeof_int=0 | ||
14181 | fi | ||
14182 | fi | ||
14183 | |||
14184 | fi | ||
14185 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 | ||
14186 | $as_echo "$ac_cv_sizeof_int" >&6; } | ||
14187 | |||
14188 | |||
14189 | |||
14190 | cat >>confdefs.h <<_ACEOF | ||
14191 | #define SIZEOF_INT $ac_cv_sizeof_int | ||
14192 | _ACEOF | ||
14193 | |||
14194 | |||
14195 | # The cast to long int works around a bug in the HP C Compiler | ||
14196 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14197 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14198 | # This bug is HP SR number 8606223364. | ||
14199 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 | ||
14200 | $as_echo_n "checking size of long int... " >&6; } | ||
14201 | if ${ac_cv_sizeof_long_int+:} false; then : | ||
14202 | $as_echo_n "(cached) " >&6 | ||
14203 | else | ||
14204 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then : | ||
14205 | |||
14206 | else | ||
14207 | if test "$ac_cv_type_long_int" = yes; then | ||
14208 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14209 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14210 | as_fn_error 77 "cannot compute sizeof (long int) | ||
14211 | See \`config.log' for more details" "$LINENO" 5; } | ||
14212 | else | ||
14213 | ac_cv_sizeof_long_int=0 | ||
14214 | fi | ||
14215 | fi | ||
14216 | |||
14217 | fi | ||
14218 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 | ||
14219 | $as_echo "$ac_cv_sizeof_long_int" >&6; } | ||
14220 | |||
14221 | |||
14222 | |||
14223 | cat >>confdefs.h <<_ACEOF | ||
14224 | #define SIZEOF_LONG_INT $ac_cv_sizeof_long_int | ||
14225 | _ACEOF | ||
14226 | |||
14227 | |||
14228 | # The cast to long int works around a bug in the HP C Compiler | ||
14229 | # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects | ||
14230 | # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. | ||
14231 | # This bug is HP SR number 8606223364. | ||
14232 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5 | ||
14233 | $as_echo_n "checking size of long long int... " >&6; } | ||
14234 | if ${ac_cv_sizeof_long_long_int+:} false; then : | ||
14235 | $as_echo_n "(cached) " >&6 | ||
14236 | else | ||
14237 | if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then : | ||
14238 | |||
14239 | else | ||
14240 | if test "$ac_cv_type_long_long_int" = yes; then | ||
14241 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | ||
14242 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | ||
14243 | as_fn_error 77 "cannot compute sizeof (long long int) | ||
14244 | See \`config.log' for more details" "$LINENO" 5; } | ||
14245 | else | ||
14246 | ac_cv_sizeof_long_long_int=0 | ||
14247 | fi | ||
14248 | fi | ||
14249 | |||
14250 | fi | ||
14251 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5 | ||
14252 | $as_echo "$ac_cv_sizeof_long_long_int" >&6; } | ||
14253 | |||
14254 | |||
14255 | |||
14256 | cat >>confdefs.h <<_ACEOF | ||
14257 | #define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int | ||
14258 | _ACEOF | ||
14259 | |||
14260 | |||
14261 | |||
14262 | # Sanity check long long for some platforms (AIX) | ||
14263 | if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then | ||
14264 | ac_cv_sizeof_long_long_int=0 | ||
14265 | fi | ||
14266 | |||
14267 | # compute LLONG_MIN and LLONG_MAX if we don't know them. | ||
14268 | if test -z "$have_llong_max"; then | ||
14269 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5 | ||
14270 | $as_echo_n "checking for max value of long long... " >&6; } | ||
14271 | if test "$cross_compiling" = yes; then : | ||
14272 | |||
14273 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 | ||
14274 | $as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} | ||
14275 | |||
14276 | |||
14277 | else | ||
14278 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14279 | /* end confdefs.h. */ | ||
14280 | |||
14281 | #include <stdio.h> | ||
14282 | /* Why is this so damn hard? */ | ||
14283 | #ifdef __GNUC__ | ||
14284 | # undef __GNUC__ | ||
14285 | #endif | ||
14286 | #define __USE_ISOC99 | ||
14287 | #include <limits.h> | ||
14288 | #define DATA "conftest.llminmax" | ||
14289 | #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) | ||
14290 | |||
14291 | /* | ||
14292 | * printf in libc on some platforms (eg old Tru64) does not understand %lld so | ||
14293 | * we do this the hard way. | ||
14294 | */ | ||
14295 | static int | ||
14296 | fprint_ll(FILE *f, long long n) | ||
14297 | { | ||
14298 | unsigned int i; | ||
14299 | int l[sizeof(long long) * 8]; | ||
14300 | |||
14301 | if (n < 0) | ||
14302 | if (fprintf(f, "-") < 0) | ||
14303 | return -1; | ||
14304 | for (i = 0; n != 0; i++) { | ||
14305 | l[i] = my_abs(n % 10); | ||
14306 | n /= 10; | ||
14307 | } | ||
14308 | do { | ||
14309 | if (fprintf(f, "%d", l[--i]) < 0) | ||
14310 | return -1; | ||
14311 | } while (i != 0); | ||
14312 | if (fprintf(f, " ") < 0) | ||
14313 | return -1; | ||
14314 | return 0; | ||
14315 | } | ||
14316 | |||
14317 | int | ||
14318 | main () | ||
14319 | { | ||
14320 | |||
14321 | FILE *f; | ||
14322 | long long i, llmin, llmax = 0; | ||
14323 | |||
14324 | if((f = fopen(DATA,"w")) == NULL) | ||
14325 | exit(1); | ||
14326 | |||
14327 | #if defined(LLONG_MIN) && defined(LLONG_MAX) | ||
14328 | fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); | ||
14329 | llmin = LLONG_MIN; | ||
14330 | llmax = LLONG_MAX; | ||
14331 | #else | ||
14332 | fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); | ||
14333 | /* This will work on one's complement and two's complement */ | ||
14334 | for (i = 1; i > llmax; i <<= 1, i++) | ||
14335 | llmax = i; | ||
14336 | llmin = llmax + 1LL; /* wrap */ | ||
14337 | #endif | ||
14338 | |||
14339 | /* Sanity check */ | ||
14340 | if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax | ||
14341 | || llmax - 1 > llmax || llmin == llmax || llmin == 0 | ||
14342 | || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { | ||
14343 | fprintf(f, "unknown unknown\n"); | ||
14344 | exit(2); | ||
14345 | } | ||
14346 | |||
14347 | if (fprint_ll(f, llmin) < 0) | ||
14348 | exit(3); | ||
14349 | if (fprint_ll(f, llmax) < 0) | ||
14350 | exit(4); | ||
14351 | if (fclose(f) < 0) | ||
14352 | exit(5); | ||
14353 | exit(0); | ||
14354 | |||
14355 | ; | ||
14356 | return 0; | ||
14357 | } | ||
14358 | _ACEOF | ||
14359 | if ac_fn_c_try_run "$LINENO"; then : | ||
14360 | |||
14361 | llong_min=`$AWK '{print $1}' conftest.llminmax` | ||
14362 | llong_max=`$AWK '{print $2}' conftest.llminmax` | ||
14363 | |||
14364 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5 | ||
14365 | $as_echo "$llong_max" >&6; } | ||
14366 | |||
14367 | cat >>confdefs.h <<_ACEOF | ||
14368 | #define LLONG_MAX ${llong_max}LL | ||
14369 | _ACEOF | ||
14370 | |||
14371 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5 | ||
14372 | $as_echo_n "checking for min value of long long... " >&6; } | ||
14373 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5 | ||
14374 | $as_echo "$llong_min" >&6; } | ||
14375 | |||
14376 | cat >>confdefs.h <<_ACEOF | ||
14377 | #define LLONG_MIN ${llong_min}LL | ||
14378 | _ACEOF | ||
14379 | |||
14380 | |||
14381 | else | ||
14382 | |||
14383 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 | ||
14384 | $as_echo "not found" >&6; } | ||
14385 | |||
14386 | fi | ||
14387 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
14388 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
14389 | fi | ||
14390 | |||
14391 | fi | ||
14392 | |||
14393 | |||
14394 | # More checks for data types | ||
14395 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5 | ||
14396 | $as_echo_n "checking for u_int type... " >&6; } | ||
14397 | if ${ac_cv_have_u_int+:} false; then : | ||
14398 | $as_echo_n "(cached) " >&6 | ||
14399 | else | ||
14400 | |||
14401 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14402 | /* end confdefs.h. */ | ||
14403 | #include <sys/types.h> | ||
14404 | int | ||
14405 | main () | ||
14406 | { | ||
14407 | u_int a; a = 1; | ||
14408 | ; | ||
14409 | return 0; | ||
14410 | } | ||
14411 | _ACEOF | ||
14412 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14413 | ac_cv_have_u_int="yes" | ||
14414 | else | ||
14415 | ac_cv_have_u_int="no" | ||
14416 | |||
14417 | fi | ||
14418 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14419 | |||
14420 | fi | ||
14421 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5 | ||
14422 | $as_echo "$ac_cv_have_u_int" >&6; } | ||
14423 | if test "x$ac_cv_have_u_int" = "xyes" ; then | ||
14424 | |||
14425 | $as_echo "#define HAVE_U_INT 1" >>confdefs.h | ||
14426 | |||
14427 | have_u_int=1 | ||
14428 | fi | ||
14429 | |||
14430 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5 | ||
14431 | $as_echo_n "checking for intXX_t types... " >&6; } | ||
14432 | if ${ac_cv_have_intxx_t+:} false; then : | ||
14433 | $as_echo_n "(cached) " >&6 | ||
14434 | else | ||
14435 | |||
14436 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14437 | /* end confdefs.h. */ | ||
14438 | #include <sys/types.h> | ||
14439 | int | ||
14440 | main () | ||
14441 | { | ||
14442 | int8_t a; int16_t b; int32_t c; a = b = c = 1; | ||
14443 | ; | ||
14444 | return 0; | ||
14445 | } | ||
14446 | _ACEOF | ||
14447 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14448 | ac_cv_have_intxx_t="yes" | ||
14449 | else | ||
14450 | ac_cv_have_intxx_t="no" | ||
14451 | |||
14452 | fi | ||
14453 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14454 | |||
14455 | fi | ||
14456 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5 | ||
14457 | $as_echo "$ac_cv_have_intxx_t" >&6; } | ||
14458 | if test "x$ac_cv_have_intxx_t" = "xyes" ; then | ||
14459 | |||
14460 | $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h | ||
14461 | |||
14462 | have_intxx_t=1 | ||
14463 | fi | ||
14464 | |||
14465 | if (test -z "$have_intxx_t" && \ | ||
14466 | test "x$ac_cv_header_stdint_h" = "xyes") | ||
14467 | then | ||
14468 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5 | ||
14469 | $as_echo_n "checking for intXX_t types in stdint.h... " >&6; } | ||
14470 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14471 | /* end confdefs.h. */ | ||
14472 | #include <stdint.h> | ||
14473 | int | ||
14474 | main () | ||
14475 | { | ||
14476 | int8_t a; int16_t b; int32_t c; a = b = c = 1; | ||
14477 | ; | ||
14478 | return 0; | ||
14479 | } | ||
14480 | _ACEOF | ||
14481 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14482 | |||
14483 | $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h | ||
14484 | |||
14485 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14486 | $as_echo "yes" >&6; } | ||
14487 | |||
14488 | else | ||
14489 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14490 | $as_echo "no" >&6; } | ||
14491 | |||
14492 | fi | ||
14493 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14494 | fi | ||
14495 | |||
14496 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5 | ||
14497 | $as_echo_n "checking for int64_t type... " >&6; } | ||
14498 | if ${ac_cv_have_int64_t+:} false; then : | ||
14499 | $as_echo_n "(cached) " >&6 | ||
14500 | else | ||
14501 | |||
14502 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14503 | /* end confdefs.h. */ | ||
14504 | |||
14505 | #include <sys/types.h> | ||
14506 | #ifdef HAVE_STDINT_H | ||
14507 | # include <stdint.h> | ||
14508 | #endif | ||
14509 | #include <sys/socket.h> | ||
14510 | #ifdef HAVE_SYS_BITYPES_H | ||
14511 | # include <sys/bitypes.h> | ||
14512 | #endif | ||
14513 | |||
14514 | int | ||
14515 | main () | ||
14516 | { | ||
14517 | |||
14518 | int64_t a; a = 1; | ||
14519 | |||
14520 | ; | ||
14521 | return 0; | ||
14522 | } | ||
14523 | _ACEOF | ||
14524 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14525 | ac_cv_have_int64_t="yes" | ||
14526 | else | ||
14527 | ac_cv_have_int64_t="no" | ||
14528 | |||
14529 | fi | ||
14530 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14531 | |||
14532 | fi | ||
14533 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5 | ||
14534 | $as_echo "$ac_cv_have_int64_t" >&6; } | ||
14535 | if test "x$ac_cv_have_int64_t" = "xyes" ; then | ||
14536 | |||
14537 | $as_echo "#define HAVE_INT64_T 1" >>confdefs.h | ||
14538 | |||
14539 | fi | ||
14540 | |||
14541 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5 | ||
14542 | $as_echo_n "checking for u_intXX_t types... " >&6; } | ||
14543 | if ${ac_cv_have_u_intxx_t+:} false; then : | ||
14544 | $as_echo_n "(cached) " >&6 | ||
14545 | else | ||
14546 | |||
14547 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14548 | /* end confdefs.h. */ | ||
14549 | #include <sys/types.h> | ||
14550 | int | ||
14551 | main () | ||
14552 | { | ||
14553 | u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; | ||
14554 | ; | ||
14555 | return 0; | ||
14556 | } | ||
14557 | _ACEOF | ||
14558 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14559 | ac_cv_have_u_intxx_t="yes" | ||
14560 | else | ||
14561 | ac_cv_have_u_intxx_t="no" | ||
14562 | |||
14563 | fi | ||
14564 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14565 | |||
14566 | fi | ||
14567 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5 | ||
14568 | $as_echo "$ac_cv_have_u_intxx_t" >&6; } | ||
14569 | if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then | ||
14570 | |||
14571 | $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h | ||
14572 | |||
14573 | have_u_intxx_t=1 | ||
14574 | fi | ||
14575 | |||
14576 | if test -z "$have_u_intxx_t" ; then | ||
14577 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5 | ||
14578 | $as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; } | ||
14579 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14580 | /* end confdefs.h. */ | ||
14581 | #include <sys/socket.h> | ||
14582 | int | ||
14583 | main () | ||
14584 | { | ||
14585 | u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; | ||
14586 | ; | ||
14587 | return 0; | ||
14588 | } | ||
14589 | _ACEOF | ||
14590 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14591 | |||
14592 | $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h | ||
14593 | |||
14594 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14595 | $as_echo "yes" >&6; } | ||
14596 | |||
14597 | else | ||
14598 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14599 | $as_echo "no" >&6; } | ||
14600 | |||
14601 | fi | ||
14602 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14603 | fi | ||
14604 | |||
14605 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5 | ||
14606 | $as_echo_n "checking for u_int64_t types... " >&6; } | ||
14607 | if ${ac_cv_have_u_int64_t+:} false; then : | ||
14608 | $as_echo_n "(cached) " >&6 | ||
14609 | else | ||
14610 | |||
14611 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14612 | /* end confdefs.h. */ | ||
14613 | #include <sys/types.h> | ||
14614 | int | ||
14615 | main () | ||
14616 | { | ||
14617 | u_int64_t a; a = 1; | ||
14618 | ; | ||
14619 | return 0; | ||
14620 | } | ||
14621 | _ACEOF | ||
14622 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14623 | ac_cv_have_u_int64_t="yes" | ||
14624 | else | ||
14625 | ac_cv_have_u_int64_t="no" | ||
14626 | |||
14627 | fi | ||
14628 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14629 | |||
14630 | fi | ||
14631 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5 | ||
14632 | $as_echo "$ac_cv_have_u_int64_t" >&6; } | ||
14633 | if test "x$ac_cv_have_u_int64_t" = "xyes" ; then | ||
14634 | |||
14635 | $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h | ||
14636 | |||
14637 | have_u_int64_t=1 | ||
14638 | fi | ||
14639 | |||
14640 | if (test -z "$have_u_int64_t" && \ | ||
14641 | test "x$ac_cv_header_sys_bitypes_h" = "xyes") | ||
14642 | then | ||
14643 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5 | ||
14644 | $as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; } | ||
14645 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14646 | /* end confdefs.h. */ | ||
14647 | #include <sys/bitypes.h> | ||
14648 | int | ||
14649 | main () | ||
14650 | { | ||
14651 | u_int64_t a; a = 1 | ||
14652 | ; | ||
14653 | return 0; | ||
14654 | } | ||
14655 | _ACEOF | ||
14656 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14657 | |||
14658 | $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h | ||
14659 | |||
14660 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14661 | $as_echo "yes" >&6; } | ||
14662 | |||
14663 | else | ||
14664 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14665 | $as_echo "no" >&6; } | ||
14666 | |||
14667 | fi | ||
14668 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14669 | fi | ||
14670 | |||
14671 | if test -z "$have_u_intxx_t" ; then | ||
14672 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5 | ||
14673 | $as_echo_n "checking for uintXX_t types... " >&6; } | ||
14674 | if ${ac_cv_have_uintxx_t+:} false; then : | ||
14675 | $as_echo_n "(cached) " >&6 | ||
14676 | else | ||
14677 | |||
14678 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14679 | /* end confdefs.h. */ | ||
14680 | |||
14681 | #include <sys/types.h> | ||
14682 | |||
14683 | int | ||
14684 | main () | ||
14685 | { | ||
14686 | |||
14687 | uint8_t a; | ||
14688 | uint16_t b; | ||
14689 | uint32_t c; | ||
14690 | a = b = c = 1; | ||
14691 | |||
14692 | ; | ||
14693 | return 0; | ||
14694 | } | ||
14695 | _ACEOF | ||
14696 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14697 | ac_cv_have_uintxx_t="yes" | ||
14698 | else | ||
14699 | ac_cv_have_uintxx_t="no" | ||
14700 | |||
14701 | fi | ||
14702 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14703 | |||
14704 | fi | ||
14705 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5 | ||
14706 | $as_echo "$ac_cv_have_uintxx_t" >&6; } | ||
14707 | if test "x$ac_cv_have_uintxx_t" = "xyes" ; then | ||
14708 | |||
14709 | $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h | ||
14710 | |||
14711 | fi | ||
14712 | fi | ||
14713 | |||
14714 | if (test -z "$have_uintxx_t" && \ | ||
14715 | test "x$ac_cv_header_stdint_h" = "xyes") | ||
14716 | then | ||
14717 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5 | ||
14718 | $as_echo_n "checking for uintXX_t types in stdint.h... " >&6; } | ||
14719 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14720 | /* end confdefs.h. */ | ||
14721 | #include <stdint.h> | ||
14722 | int | ||
14723 | main () | ||
14724 | { | ||
14725 | uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; | ||
14726 | ; | ||
14727 | return 0; | ||
14728 | } | ||
14729 | _ACEOF | ||
14730 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14731 | |||
14732 | $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h | ||
14733 | |||
14734 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14735 | $as_echo "yes" >&6; } | ||
14736 | |||
14737 | else | ||
14738 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14739 | $as_echo "no" >&6; } | ||
14740 | |||
14741 | fi | ||
14742 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14743 | fi | ||
14744 | |||
14745 | if (test -z "$have_uintxx_t" && \ | ||
14746 | test "x$ac_cv_header_inttypes_h" = "xyes") | ||
14747 | then | ||
14748 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in inttypes.h" >&5 | ||
14749 | $as_echo_n "checking for uintXX_t types in inttypes.h... " >&6; } | ||
14750 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14751 | /* end confdefs.h. */ | ||
14752 | #include <inttypes.h> | ||
14753 | int | ||
14754 | main () | ||
14755 | { | ||
14756 | uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; | ||
14757 | ; | ||
14758 | return 0; | ||
14759 | } | ||
14760 | _ACEOF | ||
14761 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14762 | |||
14763 | $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h | ||
14764 | |||
14765 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14766 | $as_echo "yes" >&6; } | ||
14767 | |||
14768 | else | ||
14769 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14770 | $as_echo "no" >&6; } | ||
14771 | |||
14772 | fi | ||
14773 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14774 | fi | ||
14775 | |||
14776 | if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ | ||
14777 | test "x$ac_cv_header_sys_bitypes_h" = "xyes") | ||
14778 | then | ||
14779 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 | ||
14780 | $as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; } | ||
14781 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14782 | /* end confdefs.h. */ | ||
14783 | |||
14784 | #include <sys/bitypes.h> | ||
14785 | |||
14786 | int | ||
14787 | main () | ||
14788 | { | ||
14789 | |||
14790 | int8_t a; int16_t b; int32_t c; | ||
14791 | u_int8_t e; u_int16_t f; u_int32_t g; | ||
14792 | a = b = c = e = f = g = 1; | ||
14793 | |||
14794 | ; | ||
14795 | return 0; | ||
14796 | } | ||
14797 | _ACEOF | ||
14798 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14799 | |||
14800 | $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h | ||
14801 | |||
14802 | $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h | ||
14803 | |||
14804 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
14805 | $as_echo "yes" >&6; } | ||
14806 | |||
14807 | else | ||
14808 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
14809 | $as_echo "no" >&6; } | ||
14810 | |||
14811 | fi | ||
14812 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14813 | fi | ||
14814 | |||
14815 | |||
14816 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5 | ||
14817 | $as_echo_n "checking for u_char... " >&6; } | ||
14818 | if ${ac_cv_have_u_char+:} false; then : | ||
14819 | $as_echo_n "(cached) " >&6 | ||
14820 | else | ||
14821 | |||
14822 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14823 | /* end confdefs.h. */ | ||
14824 | #include <sys/types.h> | ||
14825 | int | ||
14826 | main () | ||
14827 | { | ||
14828 | u_char foo; foo = 125; | ||
14829 | ; | ||
14830 | return 0; | ||
14831 | } | ||
14832 | _ACEOF | ||
14833 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14834 | ac_cv_have_u_char="yes" | ||
14835 | else | ||
14836 | ac_cv_have_u_char="no" | ||
14837 | |||
14838 | fi | ||
14839 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14840 | |||
14841 | fi | ||
14842 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5 | ||
14843 | $as_echo "$ac_cv_have_u_char" >&6; } | ||
14844 | if test "x$ac_cv_have_u_char" = "xyes" ; then | ||
14845 | |||
14846 | $as_echo "#define HAVE_U_CHAR 1" >>confdefs.h | ||
14847 | |||
14848 | fi | ||
14849 | |||
14850 | ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" " | ||
14851 | #include <sys/types.h> | ||
14852 | #include <stdint.h> | ||
14853 | |||
14854 | " | ||
14855 | if test "x$ac_cv_type_intmax_t" = xyes; then : | ||
14856 | |||
14857 | cat >>confdefs.h <<_ACEOF | ||
14858 | #define HAVE_INTMAX_T 1 | ||
14859 | _ACEOF | ||
14860 | |||
14861 | |||
14862 | fi | ||
14863 | ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" " | ||
14864 | #include <sys/types.h> | ||
14865 | #include <stdint.h> | ||
14866 | |||
14867 | " | ||
14868 | if test "x$ac_cv_type_uintmax_t" = xyes; then : | ||
14869 | |||
14870 | cat >>confdefs.h <<_ACEOF | ||
14871 | #define HAVE_UINTMAX_T 1 | ||
14872 | _ACEOF | ||
14873 | |||
14874 | |||
14875 | fi | ||
14876 | |||
14877 | |||
14878 | |||
14879 | ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h> | ||
14880 | #include <sys/socket.h> | ||
14881 | " | ||
14882 | if test "x$ac_cv_type_socklen_t" = xyes; then : | ||
14883 | |||
14884 | else | ||
14885 | |||
14886 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 | ||
14887 | $as_echo_n "checking for socklen_t equivalent... " >&6; } | ||
14888 | if ${curl_cv_socklen_t_equiv+:} false; then : | ||
14889 | $as_echo_n "(cached) " >&6 | ||
14890 | else | ||
14891 | |||
14892 | # Systems have either "struct sockaddr *" or | ||
14893 | # "void *" as the second argument to getpeername | ||
14894 | curl_cv_socklen_t_equiv= | ||
14895 | for arg2 in "struct sockaddr" void; do | ||
14896 | for t in int size_t unsigned long "unsigned long"; do | ||
14897 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14898 | /* end confdefs.h. */ | ||
14899 | |||
14900 | #include <sys/types.h> | ||
14901 | #include <sys/socket.h> | ||
14902 | |||
14903 | int getpeername (int, $arg2 *, $t *); | ||
14904 | |||
14905 | int | ||
14906 | main () | ||
14907 | { | ||
14908 | |||
14909 | $t len; | ||
14910 | getpeername(0,0,&len); | ||
14911 | |||
14912 | ; | ||
14913 | return 0; | ||
14914 | } | ||
14915 | _ACEOF | ||
14916 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14917 | |||
14918 | curl_cv_socklen_t_equiv="$t" | ||
14919 | break | ||
14920 | |||
14921 | fi | ||
14922 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14923 | done | ||
14924 | done | ||
14925 | |||
14926 | if test "x$curl_cv_socklen_t_equiv" = x; then | ||
14927 | as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 | ||
14928 | fi | ||
14929 | |||
14930 | fi | ||
14931 | |||
14932 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5 | ||
14933 | $as_echo "$curl_cv_socklen_t_equiv" >&6; } | ||
14934 | |||
14935 | cat >>confdefs.h <<_ACEOF | ||
14936 | #define socklen_t $curl_cv_socklen_t_equiv | ||
14937 | _ACEOF | ||
14938 | |||
14939 | fi | ||
14940 | |||
14941 | |||
14942 | |||
14943 | ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h> | ||
14944 | " | ||
14945 | if test "x$ac_cv_type_sig_atomic_t" = xyes; then : | ||
14946 | |||
14947 | cat >>confdefs.h <<_ACEOF | ||
14948 | #define HAVE_SIG_ATOMIC_T 1 | ||
14949 | _ACEOF | ||
14950 | |||
14951 | |||
14952 | fi | ||
14953 | |||
14954 | ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" " | ||
14955 | #include <sys/types.h> | ||
14956 | #ifdef HAVE_SYS_BITYPES_H | ||
14957 | #include <sys/bitypes.h> | ||
14958 | #endif | ||
14959 | #ifdef HAVE_SYS_STATFS_H | ||
14960 | #include <sys/statfs.h> | ||
14961 | #endif | ||
14962 | #ifdef HAVE_SYS_STATVFS_H | ||
14963 | #include <sys/statvfs.h> | ||
14964 | #endif | ||
14965 | |||
14966 | " | ||
14967 | if test "x$ac_cv_type_fsblkcnt_t" = xyes; then : | ||
14968 | |||
14969 | cat >>confdefs.h <<_ACEOF | ||
14970 | #define HAVE_FSBLKCNT_T 1 | ||
14971 | _ACEOF | ||
14972 | |||
14973 | |||
14974 | fi | ||
14975 | ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" " | ||
14976 | #include <sys/types.h> | ||
14977 | #ifdef HAVE_SYS_BITYPES_H | ||
14978 | #include <sys/bitypes.h> | ||
14979 | #endif | ||
14980 | #ifdef HAVE_SYS_STATFS_H | ||
14981 | #include <sys/statfs.h> | ||
14982 | #endif | ||
14983 | #ifdef HAVE_SYS_STATVFS_H | ||
14984 | #include <sys/statvfs.h> | ||
14985 | #endif | ||
14986 | |||
14987 | " | ||
14988 | if test "x$ac_cv_type_fsfilcnt_t" = xyes; then : | ||
14989 | |||
14990 | cat >>confdefs.h <<_ACEOF | ||
14991 | #define HAVE_FSFILCNT_T 1 | ||
14992 | _ACEOF | ||
14993 | |||
14994 | |||
14995 | fi | ||
14996 | |||
14997 | |||
14998 | ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h> | ||
14999 | #include <netinet/in.h> | ||
15000 | " | ||
15001 | if test "x$ac_cv_type_in_addr_t" = xyes; then : | ||
15002 | |||
15003 | cat >>confdefs.h <<_ACEOF | ||
15004 | #define HAVE_IN_ADDR_T 1 | ||
15005 | _ACEOF | ||
15006 | |||
15007 | |||
15008 | fi | ||
15009 | ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h> | ||
15010 | #include <netinet/in.h> | ||
15011 | " | ||
15012 | if test "x$ac_cv_type_in_port_t" = xyes; then : | ||
15013 | |||
15014 | cat >>confdefs.h <<_ACEOF | ||
15015 | #define HAVE_IN_PORT_T 1 | ||
15016 | _ACEOF | ||
15017 | |||
15018 | |||
15019 | fi | ||
15020 | |||
15021 | |||
15022 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5 | ||
15023 | $as_echo_n "checking for size_t... " >&6; } | ||
15024 | if ${ac_cv_have_size_t+:} false; then : | ||
15025 | $as_echo_n "(cached) " >&6 | ||
15026 | else | ||
15027 | |||
15028 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15029 | /* end confdefs.h. */ | ||
15030 | #include <sys/types.h> | ||
15031 | int | ||
15032 | main () | ||
15033 | { | ||
15034 | size_t foo; foo = 1235; | ||
15035 | ; | ||
15036 | return 0; | ||
15037 | } | ||
15038 | _ACEOF | ||
15039 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15040 | ac_cv_have_size_t="yes" | ||
15041 | else | ||
15042 | ac_cv_have_size_t="no" | ||
15043 | |||
15044 | fi | ||
15045 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15046 | |||
15047 | fi | ||
15048 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5 | ||
15049 | $as_echo "$ac_cv_have_size_t" >&6; } | ||
15050 | if test "x$ac_cv_have_size_t" = "xyes" ; then | ||
15051 | |||
15052 | $as_echo "#define HAVE_SIZE_T 1" >>confdefs.h | ||
15053 | |||
15054 | fi | ||
15055 | |||
15056 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 | ||
15057 | $as_echo_n "checking for ssize_t... " >&6; } | ||
15058 | if ${ac_cv_have_ssize_t+:} false; then : | ||
15059 | $as_echo_n "(cached) " >&6 | ||
15060 | else | ||
15061 | |||
15062 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15063 | /* end confdefs.h. */ | ||
15064 | #include <sys/types.h> | ||
15065 | int | ||
15066 | main () | ||
15067 | { | ||
15068 | ssize_t foo; foo = 1235; | ||
15069 | ; | ||
15070 | return 0; | ||
15071 | } | ||
15072 | _ACEOF | ||
15073 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15074 | ac_cv_have_ssize_t="yes" | ||
15075 | else | ||
15076 | ac_cv_have_ssize_t="no" | ||
15077 | |||
15078 | fi | ||
15079 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15080 | |||
15081 | fi | ||
15082 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5 | ||
15083 | $as_echo "$ac_cv_have_ssize_t" >&6; } | ||
15084 | if test "x$ac_cv_have_ssize_t" = "xyes" ; then | ||
15085 | |||
15086 | $as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h | ||
15087 | |||
15088 | fi | ||
15089 | |||
15090 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5 | ||
15091 | $as_echo_n "checking for clock_t... " >&6; } | ||
15092 | if ${ac_cv_have_clock_t+:} false; then : | ||
15093 | $as_echo_n "(cached) " >&6 | ||
15094 | else | ||
15095 | |||
15096 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15097 | /* end confdefs.h. */ | ||
15098 | #include <time.h> | ||
15099 | int | ||
15100 | main () | ||
15101 | { | ||
15102 | clock_t foo; foo = 1235; | ||
15103 | ; | ||
15104 | return 0; | ||
15105 | } | ||
15106 | _ACEOF | ||
15107 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15108 | ac_cv_have_clock_t="yes" | ||
15109 | else | ||
15110 | ac_cv_have_clock_t="no" | ||
15111 | |||
15112 | fi | ||
15113 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15114 | |||
15115 | fi | ||
15116 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5 | ||
15117 | $as_echo "$ac_cv_have_clock_t" >&6; } | ||
15118 | if test "x$ac_cv_have_clock_t" = "xyes" ; then | ||
15119 | |||
15120 | $as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h | ||
15121 | |||
15122 | fi | ||
15123 | |||
15124 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5 | ||
15125 | $as_echo_n "checking for sa_family_t... " >&6; } | ||
15126 | if ${ac_cv_have_sa_family_t+:} false; then : | ||
15127 | $as_echo_n "(cached) " >&6 | ||
15128 | else | ||
15129 | |||
15130 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15131 | /* end confdefs.h. */ | ||
15132 | |||
15133 | #include <sys/types.h> | ||
15134 | #include <sys/socket.h> | ||
15135 | |||
15136 | int | ||
15137 | main () | ||
15138 | { | ||
15139 | sa_family_t foo; foo = 1235; | ||
15140 | ; | ||
15141 | return 0; | ||
15142 | } | ||
15143 | _ACEOF | ||
15144 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15145 | ac_cv_have_sa_family_t="yes" | ||
15146 | else | ||
15147 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15148 | /* end confdefs.h. */ | ||
15149 | |||
15150 | #include <sys/types.h> | ||
15151 | #include <sys/socket.h> | ||
15152 | #include <netinet/in.h> | ||
15153 | |||
15154 | int | ||
15155 | main () | ||
15156 | { | ||
15157 | sa_family_t foo; foo = 1235; | ||
15158 | ; | ||
15159 | return 0; | ||
15160 | } | ||
15161 | _ACEOF | ||
15162 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15163 | ac_cv_have_sa_family_t="yes" | ||
15164 | else | ||
15165 | ac_cv_have_sa_family_t="no" | ||
15166 | |||
15167 | fi | ||
15168 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15169 | |||
15170 | fi | ||
15171 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15172 | |||
15173 | fi | ||
15174 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5 | ||
15175 | $as_echo "$ac_cv_have_sa_family_t" >&6; } | ||
15176 | if test "x$ac_cv_have_sa_family_t" = "xyes" ; then | ||
15177 | |||
15178 | $as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h | ||
15179 | |||
15180 | fi | ||
15181 | |||
15182 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5 | ||
15183 | $as_echo_n "checking for pid_t... " >&6; } | ||
15184 | if ${ac_cv_have_pid_t+:} false; then : | ||
15185 | $as_echo_n "(cached) " >&6 | ||
15186 | else | ||
15187 | |||
15188 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15189 | /* end confdefs.h. */ | ||
15190 | #include <sys/types.h> | ||
15191 | int | ||
15192 | main () | ||
15193 | { | ||
15194 | pid_t foo; foo = 1235; | ||
15195 | ; | ||
15196 | return 0; | ||
15197 | } | ||
15198 | _ACEOF | ||
15199 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15200 | ac_cv_have_pid_t="yes" | ||
15201 | else | ||
15202 | ac_cv_have_pid_t="no" | ||
15203 | |||
15204 | fi | ||
15205 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15206 | |||
15207 | fi | ||
15208 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5 | ||
15209 | $as_echo "$ac_cv_have_pid_t" >&6; } | ||
15210 | if test "x$ac_cv_have_pid_t" = "xyes" ; then | ||
15211 | |||
15212 | $as_echo "#define HAVE_PID_T 1" >>confdefs.h | ||
15213 | |||
15214 | fi | ||
15215 | |||
15216 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5 | ||
15217 | $as_echo_n "checking for mode_t... " >&6; } | ||
15218 | if ${ac_cv_have_mode_t+:} false; then : | ||
15219 | $as_echo_n "(cached) " >&6 | ||
15220 | else | ||
15221 | |||
15222 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15223 | /* end confdefs.h. */ | ||
15224 | #include <sys/types.h> | ||
15225 | int | ||
15226 | main () | ||
15227 | { | ||
15228 | mode_t foo; foo = 1235; | ||
15229 | ; | ||
15230 | return 0; | ||
15231 | } | ||
15232 | _ACEOF | ||
15233 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15234 | ac_cv_have_mode_t="yes" | ||
15235 | else | ||
15236 | ac_cv_have_mode_t="no" | ||
15237 | |||
15238 | fi | ||
15239 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15240 | |||
15241 | fi | ||
15242 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5 | ||
15243 | $as_echo "$ac_cv_have_mode_t" >&6; } | ||
15244 | if test "x$ac_cv_have_mode_t" = "xyes" ; then | ||
15245 | |||
15246 | $as_echo "#define HAVE_MODE_T 1" >>confdefs.h | ||
15247 | |||
15248 | fi | ||
15249 | |||
15250 | |||
15251 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 | ||
15252 | $as_echo_n "checking for struct sockaddr_storage... " >&6; } | ||
15253 | if ${ac_cv_have_struct_sockaddr_storage+:} false; then : | ||
15254 | $as_echo_n "(cached) " >&6 | ||
15255 | else | ||
15256 | |||
15257 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15258 | /* end confdefs.h. */ | ||
15259 | |||
15260 | #include <sys/types.h> | ||
15261 | #include <sys/socket.h> | ||
15262 | |||
15263 | int | ||
15264 | main () | ||
15265 | { | ||
15266 | struct sockaddr_storage s; | ||
15267 | ; | ||
15268 | return 0; | ||
15269 | } | ||
15270 | _ACEOF | ||
15271 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15272 | ac_cv_have_struct_sockaddr_storage="yes" | ||
15273 | else | ||
15274 | ac_cv_have_struct_sockaddr_storage="no" | ||
15275 | |||
15276 | fi | ||
15277 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15278 | |||
15279 | fi | ||
15280 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5 | ||
15281 | $as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; } | ||
15282 | if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then | ||
15283 | |||
15284 | $as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h | ||
15285 | |||
15286 | fi | ||
15287 | |||
15288 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5 | ||
15289 | $as_echo_n "checking for struct sockaddr_in6... " >&6; } | ||
15290 | if ${ac_cv_have_struct_sockaddr_in6+:} false; then : | ||
15291 | $as_echo_n "(cached) " >&6 | ||
15292 | else | ||
15293 | |||
15294 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15295 | /* end confdefs.h. */ | ||
15296 | |||
15297 | #include <sys/types.h> | ||
15298 | #include <netinet/in.h> | ||
15299 | |||
15300 | int | ||
15301 | main () | ||
15302 | { | ||
15303 | struct sockaddr_in6 s; s.sin6_family = 0; | ||
15304 | ; | ||
15305 | return 0; | ||
15306 | } | ||
15307 | _ACEOF | ||
15308 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15309 | ac_cv_have_struct_sockaddr_in6="yes" | ||
15310 | else | ||
15311 | ac_cv_have_struct_sockaddr_in6="no" | ||
15312 | |||
15313 | fi | ||
15314 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15315 | |||
15316 | fi | ||
15317 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5 | ||
15318 | $as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; } | ||
15319 | if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then | ||
15320 | |||
15321 | $as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h | ||
15322 | |||
15323 | fi | ||
15324 | |||
15325 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5 | ||
15326 | $as_echo_n "checking for struct in6_addr... " >&6; } | ||
15327 | if ${ac_cv_have_struct_in6_addr+:} false; then : | ||
15328 | $as_echo_n "(cached) " >&6 | ||
15329 | else | ||
15330 | |||
15331 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15332 | /* end confdefs.h. */ | ||
15333 | |||
15334 | #include <sys/types.h> | ||
15335 | #include <netinet/in.h> | ||
15336 | |||
15337 | int | ||
15338 | main () | ||
15339 | { | ||
15340 | struct in6_addr s; s.s6_addr[0] = 0; | ||
15341 | ; | ||
15342 | return 0; | ||
15343 | } | ||
15344 | _ACEOF | ||
15345 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15346 | ac_cv_have_struct_in6_addr="yes" | ||
15347 | else | ||
15348 | ac_cv_have_struct_in6_addr="no" | ||
15349 | |||
15350 | fi | ||
15351 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15352 | |||
15353 | fi | ||
15354 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5 | ||
15355 | $as_echo "$ac_cv_have_struct_in6_addr" >&6; } | ||
15356 | if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then | ||
15357 | |||
15358 | $as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h | ||
15359 | |||
15360 | |||
15361 | ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" " | ||
15362 | #ifdef HAVE_SYS_TYPES_H | ||
15363 | #include <sys/types.h> | ||
15364 | #endif | ||
15365 | #include <netinet/in.h> | ||
15366 | |||
15367 | " | ||
15368 | if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then : | ||
15369 | |||
15370 | cat >>confdefs.h <<_ACEOF | ||
15371 | #define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 | ||
15372 | _ACEOF | ||
15373 | |||
15374 | |||
15375 | fi | ||
15376 | |||
15377 | fi | ||
15378 | |||
15379 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5 | ||
15380 | $as_echo_n "checking for struct addrinfo... " >&6; } | ||
15381 | if ${ac_cv_have_struct_addrinfo+:} false; then : | ||
15382 | $as_echo_n "(cached) " >&6 | ||
15383 | else | ||
15384 | |||
15385 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15386 | /* end confdefs.h. */ | ||
15387 | |||
15388 | #include <sys/types.h> | ||
15389 | #include <sys/socket.h> | ||
15390 | #include <netdb.h> | ||
15391 | |||
15392 | int | ||
15393 | main () | ||
15394 | { | ||
15395 | struct addrinfo s; s.ai_flags = AI_PASSIVE; | ||
15396 | ; | ||
15397 | return 0; | ||
15398 | } | ||
15399 | _ACEOF | ||
15400 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15401 | ac_cv_have_struct_addrinfo="yes" | ||
15402 | else | ||
15403 | ac_cv_have_struct_addrinfo="no" | ||
15404 | |||
15405 | fi | ||
15406 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15407 | |||
15408 | fi | ||
15409 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5 | ||
15410 | $as_echo "$ac_cv_have_struct_addrinfo" >&6; } | ||
15411 | if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then | ||
15412 | |||
15413 | $as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h | ||
15414 | |||
15415 | fi | ||
15416 | |||
15417 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 | ||
15418 | $as_echo_n "checking for struct timeval... " >&6; } | ||
15419 | if ${ac_cv_have_struct_timeval+:} false; then : | ||
15420 | $as_echo_n "(cached) " >&6 | ||
15421 | else | ||
15422 | |||
15423 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15424 | /* end confdefs.h. */ | ||
15425 | #include <sys/time.h> | ||
15426 | int | ||
15427 | main () | ||
15428 | { | ||
15429 | struct timeval tv; tv.tv_sec = 1; | ||
15430 | ; | ||
15431 | return 0; | ||
15432 | } | ||
15433 | _ACEOF | ||
15434 | if ac_fn_c_try_compile "$LINENO"; then : | ||
15435 | ac_cv_have_struct_timeval="yes" | ||
15436 | else | ||
15437 | ac_cv_have_struct_timeval="no" | ||
15438 | |||
15439 | fi | ||
15440 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
15441 | |||
15442 | fi | ||
15443 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5 | ||
15444 | $as_echo "$ac_cv_have_struct_timeval" >&6; } | ||
15445 | if test "x$ac_cv_have_struct_timeval" = "xyes" ; then | ||
15446 | |||
15447 | $as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h | ||
15448 | |||
15449 | have_struct_timeval=1 | ||
15450 | fi | ||
15451 | |||
15452 | ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default" | ||
15453 | if test "x$ac_cv_type_struct_timespec" = xyes; then : | ||
15454 | |||
15455 | cat >>confdefs.h <<_ACEOF | ||
15456 | #define HAVE_STRUCT_TIMESPEC 1 | ||
15457 | _ACEOF | ||
15458 | |||
15459 | |||
15460 | fi | ||
15461 | |||
15462 | |||
15463 | # We need int64_t or else certian parts of the compile will fail. | ||
15464 | if test "x$ac_cv_have_int64_t" = "xno" && \ | ||
15465 | test "x$ac_cv_sizeof_long_int" != "x8" && \ | ||
15466 | test "x$ac_cv_sizeof_long_long_int" = "x0" ; then | ||
15467 | echo "OpenSSH requires int64_t support. Contact your vendor or install" | ||
15468 | echo "an alternative compiler (I.E., GCC) before continuing." | ||
15469 | echo "" | ||
15470 | exit 1; | ||
15471 | else | ||
15472 | if test "$cross_compiling" = yes; then : | ||
15473 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 | ||
15474 | $as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} | ||
15475 | |||
15476 | else | ||
15477 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15478 | /* end confdefs.h. */ | ||
15479 | |||
15480 | #include <stdio.h> | ||
15481 | #include <string.h> | ||
15482 | #ifdef HAVE_SNPRINTF | ||
15483 | main() | ||
15484 | { | ||
15485 | char buf[50]; | ||
15486 | char expected_out[50]; | ||
15487 | int mazsize = 50 ; | ||
15488 | #if (SIZEOF_LONG_INT == 8) | ||
15489 | long int num = 0x7fffffffffffffff; | ||
15490 | #else | ||
15491 | long long num = 0x7fffffffffffffffll; | ||
15492 | #endif | ||
15493 | strcpy(expected_out, "9223372036854775807"); | ||
15494 | snprintf(buf, mazsize, "%lld", num); | ||
15495 | if(strcmp(buf, expected_out) != 0) | ||
15496 | exit(1); | ||
15497 | exit(0); | ||
15498 | } | ||
15499 | #else | ||
15500 | main() { exit(0); } | ||
15501 | #endif | ||
15502 | |||
15503 | _ACEOF | ||
15504 | if ac_fn_c_try_run "$LINENO"; then : | ||
15505 | true | ||
15506 | else | ||
15507 | $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h | ||
15508 | |||
15509 | fi | ||
15510 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
15511 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
15512 | fi | ||
15513 | |||
15514 | fi | ||
15515 | |||
15516 | |||
15517 | # look for field 'ut_host' in header 'utmp.h' | ||
15518 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15519 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host | ||
15520 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5 | ||
15521 | $as_echo_n "checking for ut_host field in utmp.h... " >&6; } | ||
15522 | if eval \${$ossh_varname+:} false; then : | ||
15523 | $as_echo_n "(cached) " >&6 | ||
15524 | else | ||
15525 | |||
15526 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15527 | /* end confdefs.h. */ | ||
15528 | #include <utmp.h> | ||
15529 | |||
15530 | _ACEOF | ||
15531 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15532 | $EGREP "ut_host" >/dev/null 2>&1; then : | ||
15533 | eval "$ossh_varname=yes" | ||
15534 | else | ||
15535 | eval "$ossh_varname=no" | ||
15536 | fi | ||
15537 | rm -f conftest* | ||
15538 | |||
15539 | fi | ||
15540 | |||
15541 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15542 | if test -n "`echo $ossh_varname`"; then | ||
15543 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15544 | $as_echo "$ossh_result" >&6; } | ||
15545 | if test "x$ossh_result" = "xyes"; then | ||
15546 | |||
15547 | $as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h | ||
15548 | |||
15549 | fi | ||
15550 | else | ||
15551 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15552 | $as_echo "no" >&6; } | ||
15553 | fi | ||
15554 | |||
15555 | |||
15556 | # look for field 'ut_host' in header 'utmpx.h' | ||
15557 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15558 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host | ||
15559 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5 | ||
15560 | $as_echo_n "checking for ut_host field in utmpx.h... " >&6; } | ||
15561 | if eval \${$ossh_varname+:} false; then : | ||
15562 | $as_echo_n "(cached) " >&6 | ||
15563 | else | ||
15564 | |||
15565 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15566 | /* end confdefs.h. */ | ||
15567 | #include <utmpx.h> | ||
15568 | |||
15569 | _ACEOF | ||
15570 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15571 | $EGREP "ut_host" >/dev/null 2>&1; then : | ||
15572 | eval "$ossh_varname=yes" | ||
15573 | else | ||
15574 | eval "$ossh_varname=no" | ||
15575 | fi | ||
15576 | rm -f conftest* | ||
15577 | |||
15578 | fi | ||
15579 | |||
15580 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15581 | if test -n "`echo $ossh_varname`"; then | ||
15582 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15583 | $as_echo "$ossh_result" >&6; } | ||
15584 | if test "x$ossh_result" = "xyes"; then | ||
15585 | |||
15586 | $as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h | ||
15587 | |||
15588 | fi | ||
15589 | else | ||
15590 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15591 | $as_echo "no" >&6; } | ||
15592 | fi | ||
15593 | |||
15594 | |||
15595 | # look for field 'syslen' in header 'utmpx.h' | ||
15596 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15597 | ossh_varname="ossh_cv_$ossh_safe""_has_"syslen | ||
15598 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5 | ||
15599 | $as_echo_n "checking for syslen field in utmpx.h... " >&6; } | ||
15600 | if eval \${$ossh_varname+:} false; then : | ||
15601 | $as_echo_n "(cached) " >&6 | ||
15602 | else | ||
15603 | |||
15604 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15605 | /* end confdefs.h. */ | ||
15606 | #include <utmpx.h> | ||
15607 | |||
15608 | _ACEOF | ||
15609 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15610 | $EGREP "syslen" >/dev/null 2>&1; then : | ||
15611 | eval "$ossh_varname=yes" | ||
15612 | else | ||
15613 | eval "$ossh_varname=no" | ||
15614 | fi | ||
15615 | rm -f conftest* | ||
15616 | |||
15617 | fi | ||
15618 | |||
15619 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15620 | if test -n "`echo $ossh_varname`"; then | ||
15621 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15622 | $as_echo "$ossh_result" >&6; } | ||
15623 | if test "x$ossh_result" = "xyes"; then | ||
15624 | |||
15625 | $as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h | ||
15626 | |||
15627 | fi | ||
15628 | else | ||
15629 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15630 | $as_echo "no" >&6; } | ||
15631 | fi | ||
15632 | |||
15633 | |||
15634 | # look for field 'ut_pid' in header 'utmp.h' | ||
15635 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15636 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid | ||
15637 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5 | ||
15638 | $as_echo_n "checking for ut_pid field in utmp.h... " >&6; } | ||
15639 | if eval \${$ossh_varname+:} false; then : | ||
15640 | $as_echo_n "(cached) " >&6 | ||
15641 | else | ||
15642 | |||
15643 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15644 | /* end confdefs.h. */ | ||
15645 | #include <utmp.h> | ||
15646 | |||
15647 | _ACEOF | ||
15648 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15649 | $EGREP "ut_pid" >/dev/null 2>&1; then : | ||
15650 | eval "$ossh_varname=yes" | ||
15651 | else | ||
15652 | eval "$ossh_varname=no" | ||
15653 | fi | ||
15654 | rm -f conftest* | ||
15655 | |||
15656 | fi | ||
15657 | |||
15658 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15659 | if test -n "`echo $ossh_varname`"; then | ||
15660 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15661 | $as_echo "$ossh_result" >&6; } | ||
15662 | if test "x$ossh_result" = "xyes"; then | ||
15663 | |||
15664 | $as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h | ||
15665 | |||
15666 | fi | ||
15667 | else | ||
15668 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15669 | $as_echo "no" >&6; } | ||
15670 | fi | ||
15671 | |||
15672 | |||
15673 | # look for field 'ut_type' in header 'utmp.h' | ||
15674 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15675 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type | ||
15676 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5 | ||
15677 | $as_echo_n "checking for ut_type field in utmp.h... " >&6; } | ||
15678 | if eval \${$ossh_varname+:} false; then : | ||
15679 | $as_echo_n "(cached) " >&6 | ||
15680 | else | ||
15681 | |||
15682 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15683 | /* end confdefs.h. */ | ||
15684 | #include <utmp.h> | ||
15685 | |||
15686 | _ACEOF | ||
15687 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15688 | $EGREP "ut_type" >/dev/null 2>&1; then : | ||
15689 | eval "$ossh_varname=yes" | ||
15690 | else | ||
15691 | eval "$ossh_varname=no" | ||
15692 | fi | ||
15693 | rm -f conftest* | ||
15694 | |||
15695 | fi | ||
15696 | |||
15697 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15698 | if test -n "`echo $ossh_varname`"; then | ||
15699 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15700 | $as_echo "$ossh_result" >&6; } | ||
15701 | if test "x$ossh_result" = "xyes"; then | ||
15702 | |||
15703 | $as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h | ||
15704 | |||
15705 | fi | ||
15706 | else | ||
15707 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15708 | $as_echo "no" >&6; } | ||
15709 | fi | ||
15710 | |||
15711 | |||
15712 | # look for field 'ut_type' in header 'utmpx.h' | ||
15713 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15714 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type | ||
15715 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5 | ||
15716 | $as_echo_n "checking for ut_type field in utmpx.h... " >&6; } | ||
15717 | if eval \${$ossh_varname+:} false; then : | ||
15718 | $as_echo_n "(cached) " >&6 | ||
15719 | else | ||
15720 | |||
15721 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15722 | /* end confdefs.h. */ | ||
15723 | #include <utmpx.h> | ||
15724 | |||
15725 | _ACEOF | ||
15726 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15727 | $EGREP "ut_type" >/dev/null 2>&1; then : | ||
15728 | eval "$ossh_varname=yes" | ||
15729 | else | ||
15730 | eval "$ossh_varname=no" | ||
15731 | fi | ||
15732 | rm -f conftest* | ||
15733 | |||
15734 | fi | ||
15735 | |||
15736 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15737 | if test -n "`echo $ossh_varname`"; then | ||
15738 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15739 | $as_echo "$ossh_result" >&6; } | ||
15740 | if test "x$ossh_result" = "xyes"; then | ||
15741 | |||
15742 | $as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h | ||
15743 | |||
15744 | fi | ||
15745 | else | ||
15746 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15747 | $as_echo "no" >&6; } | ||
15748 | fi | ||
15749 | |||
15750 | |||
15751 | # look for field 'ut_tv' in header 'utmp.h' | ||
15752 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15753 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv | ||
15754 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5 | ||
15755 | $as_echo_n "checking for ut_tv field in utmp.h... " >&6; } | ||
15756 | if eval \${$ossh_varname+:} false; then : | ||
15757 | $as_echo_n "(cached) " >&6 | ||
15758 | else | ||
15759 | |||
15760 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15761 | /* end confdefs.h. */ | ||
15762 | #include <utmp.h> | ||
15763 | |||
15764 | _ACEOF | ||
15765 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15766 | $EGREP "ut_tv" >/dev/null 2>&1; then : | ||
15767 | eval "$ossh_varname=yes" | ||
15768 | else | ||
15769 | eval "$ossh_varname=no" | ||
15770 | fi | ||
15771 | rm -f conftest* | ||
15772 | |||
15773 | fi | ||
15774 | |||
15775 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15776 | if test -n "`echo $ossh_varname`"; then | ||
15777 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15778 | $as_echo "$ossh_result" >&6; } | ||
15779 | if test "x$ossh_result" = "xyes"; then | ||
15780 | |||
15781 | $as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h | ||
15782 | |||
15783 | fi | ||
15784 | else | ||
15785 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15786 | $as_echo "no" >&6; } | ||
15787 | fi | ||
15788 | |||
15789 | |||
15790 | # look for field 'ut_id' in header 'utmp.h' | ||
15791 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15792 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id | ||
15793 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5 | ||
15794 | $as_echo_n "checking for ut_id field in utmp.h... " >&6; } | ||
15795 | if eval \${$ossh_varname+:} false; then : | ||
15796 | $as_echo_n "(cached) " >&6 | ||
15797 | else | ||
15798 | |||
15799 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15800 | /* end confdefs.h. */ | ||
15801 | #include <utmp.h> | ||
15802 | |||
15803 | _ACEOF | ||
15804 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15805 | $EGREP "ut_id" >/dev/null 2>&1; then : | ||
15806 | eval "$ossh_varname=yes" | ||
15807 | else | ||
15808 | eval "$ossh_varname=no" | ||
15809 | fi | ||
15810 | rm -f conftest* | ||
15811 | |||
15812 | fi | ||
15813 | |||
15814 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15815 | if test -n "`echo $ossh_varname`"; then | ||
15816 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15817 | $as_echo "$ossh_result" >&6; } | ||
15818 | if test "x$ossh_result" = "xyes"; then | ||
15819 | |||
15820 | $as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h | ||
15821 | |||
15822 | fi | ||
15823 | else | ||
15824 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15825 | $as_echo "no" >&6; } | ||
15826 | fi | ||
15827 | |||
15828 | |||
15829 | # look for field 'ut_id' in header 'utmpx.h' | ||
15830 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15831 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id | ||
15832 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5 | ||
15833 | $as_echo_n "checking for ut_id field in utmpx.h... " >&6; } | ||
15834 | if eval \${$ossh_varname+:} false; then : | ||
15835 | $as_echo_n "(cached) " >&6 | ||
15836 | else | ||
15837 | |||
15838 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15839 | /* end confdefs.h. */ | ||
15840 | #include <utmpx.h> | ||
15841 | |||
15842 | _ACEOF | ||
15843 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15844 | $EGREP "ut_id" >/dev/null 2>&1; then : | ||
15845 | eval "$ossh_varname=yes" | ||
15846 | else | ||
15847 | eval "$ossh_varname=no" | ||
15848 | fi | ||
15849 | rm -f conftest* | ||
15850 | |||
15851 | fi | ||
15852 | |||
15853 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15854 | if test -n "`echo $ossh_varname`"; then | ||
15855 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15856 | $as_echo "$ossh_result" >&6; } | ||
15857 | if test "x$ossh_result" = "xyes"; then | ||
15858 | |||
15859 | $as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h | ||
15860 | |||
15861 | fi | ||
15862 | else | ||
15863 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15864 | $as_echo "no" >&6; } | ||
15865 | fi | ||
15866 | |||
15867 | |||
15868 | # look for field 'ut_addr' in header 'utmp.h' | ||
15869 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15870 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr | ||
15871 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5 | ||
15872 | $as_echo_n "checking for ut_addr field in utmp.h... " >&6; } | ||
15873 | if eval \${$ossh_varname+:} false; then : | ||
15874 | $as_echo_n "(cached) " >&6 | ||
15875 | else | ||
15876 | |||
15877 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15878 | /* end confdefs.h. */ | ||
15879 | #include <utmp.h> | ||
15880 | |||
15881 | _ACEOF | ||
15882 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15883 | $EGREP "ut_addr" >/dev/null 2>&1; then : | ||
15884 | eval "$ossh_varname=yes" | ||
15885 | else | ||
15886 | eval "$ossh_varname=no" | ||
15887 | fi | ||
15888 | rm -f conftest* | ||
15889 | |||
15890 | fi | ||
15891 | |||
15892 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15893 | if test -n "`echo $ossh_varname`"; then | ||
15894 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15895 | $as_echo "$ossh_result" >&6; } | ||
15896 | if test "x$ossh_result" = "xyes"; then | ||
15897 | |||
15898 | $as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h | ||
15899 | |||
15900 | fi | ||
15901 | else | ||
15902 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15903 | $as_echo "no" >&6; } | ||
15904 | fi | ||
15905 | |||
15906 | |||
15907 | # look for field 'ut_addr' in header 'utmpx.h' | ||
15908 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15909 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr | ||
15910 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5 | ||
15911 | $as_echo_n "checking for ut_addr field in utmpx.h... " >&6; } | ||
15912 | if eval \${$ossh_varname+:} false; then : | ||
15913 | $as_echo_n "(cached) " >&6 | ||
15914 | else | ||
15915 | |||
15916 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15917 | /* end confdefs.h. */ | ||
15918 | #include <utmpx.h> | ||
15919 | |||
15920 | _ACEOF | ||
15921 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15922 | $EGREP "ut_addr" >/dev/null 2>&1; then : | ||
15923 | eval "$ossh_varname=yes" | ||
15924 | else | ||
15925 | eval "$ossh_varname=no" | ||
15926 | fi | ||
15927 | rm -f conftest* | ||
15928 | |||
15929 | fi | ||
15930 | |||
15931 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15932 | if test -n "`echo $ossh_varname`"; then | ||
15933 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15934 | $as_echo "$ossh_result" >&6; } | ||
15935 | if test "x$ossh_result" = "xyes"; then | ||
15936 | |||
15937 | $as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h | ||
15938 | |||
15939 | fi | ||
15940 | else | ||
15941 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15942 | $as_echo "no" >&6; } | ||
15943 | fi | ||
15944 | |||
15945 | |||
15946 | # look for field 'ut_addr_v6' in header 'utmp.h' | ||
15947 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
15948 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 | ||
15949 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5 | ||
15950 | $as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; } | ||
15951 | if eval \${$ossh_varname+:} false; then : | ||
15952 | $as_echo_n "(cached) " >&6 | ||
15953 | else | ||
15954 | |||
15955 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15956 | /* end confdefs.h. */ | ||
15957 | #include <utmp.h> | ||
15958 | |||
15959 | _ACEOF | ||
15960 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
15961 | $EGREP "ut_addr_v6" >/dev/null 2>&1; then : | ||
15962 | eval "$ossh_varname=yes" | ||
15963 | else | ||
15964 | eval "$ossh_varname=no" | ||
15965 | fi | ||
15966 | rm -f conftest* | ||
15967 | |||
15968 | fi | ||
15969 | |||
15970 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
15971 | if test -n "`echo $ossh_varname`"; then | ||
15972 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
15973 | $as_echo "$ossh_result" >&6; } | ||
15974 | if test "x$ossh_result" = "xyes"; then | ||
15975 | |||
15976 | $as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h | ||
15977 | |||
15978 | fi | ||
15979 | else | ||
15980 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
15981 | $as_echo "no" >&6; } | ||
15982 | fi | ||
15983 | |||
15984 | |||
15985 | # look for field 'ut_addr_v6' in header 'utmpx.h' | ||
15986 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
15987 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 | ||
15988 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5 | ||
15989 | $as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; } | ||
15990 | if eval \${$ossh_varname+:} false; then : | ||
15991 | $as_echo_n "(cached) " >&6 | ||
15992 | else | ||
15993 | |||
15994 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
15995 | /* end confdefs.h. */ | ||
15996 | #include <utmpx.h> | ||
15997 | |||
15998 | _ACEOF | ||
15999 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16000 | $EGREP "ut_addr_v6" >/dev/null 2>&1; then : | ||
16001 | eval "$ossh_varname=yes" | ||
16002 | else | ||
16003 | eval "$ossh_varname=no" | ||
16004 | fi | ||
16005 | rm -f conftest* | ||
16006 | |||
16007 | fi | ||
16008 | |||
16009 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16010 | if test -n "`echo $ossh_varname`"; then | ||
16011 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16012 | $as_echo "$ossh_result" >&6; } | ||
16013 | if test "x$ossh_result" = "xyes"; then | ||
16014 | |||
16015 | $as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h | ||
16016 | |||
16017 | fi | ||
16018 | else | ||
16019 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16020 | $as_echo "no" >&6; } | ||
16021 | fi | ||
16022 | |||
16023 | |||
16024 | # look for field 'ut_exit' in header 'utmp.h' | ||
16025 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16026 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit | ||
16027 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5 | ||
16028 | $as_echo_n "checking for ut_exit field in utmp.h... " >&6; } | ||
16029 | if eval \${$ossh_varname+:} false; then : | ||
16030 | $as_echo_n "(cached) " >&6 | ||
16031 | else | ||
16032 | |||
16033 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16034 | /* end confdefs.h. */ | ||
16035 | #include <utmp.h> | ||
16036 | |||
16037 | _ACEOF | ||
16038 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16039 | $EGREP "ut_exit" >/dev/null 2>&1; then : | ||
16040 | eval "$ossh_varname=yes" | ||
16041 | else | ||
16042 | eval "$ossh_varname=no" | ||
16043 | fi | ||
16044 | rm -f conftest* | ||
16045 | |||
16046 | fi | ||
16047 | |||
16048 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16049 | if test -n "`echo $ossh_varname`"; then | ||
16050 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16051 | $as_echo "$ossh_result" >&6; } | ||
16052 | if test "x$ossh_result" = "xyes"; then | ||
16053 | |||
16054 | $as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h | ||
16055 | |||
16056 | fi | ||
16057 | else | ||
16058 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16059 | $as_echo "no" >&6; } | ||
16060 | fi | ||
16061 | |||
16062 | |||
16063 | # look for field 'ut_time' in header 'utmp.h' | ||
16064 | ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` | ||
16065 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time | ||
16066 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5 | ||
16067 | $as_echo_n "checking for ut_time field in utmp.h... " >&6; } | ||
16068 | if eval \${$ossh_varname+:} false; then : | ||
16069 | $as_echo_n "(cached) " >&6 | ||
16070 | else | ||
16071 | |||
16072 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16073 | /* end confdefs.h. */ | ||
16074 | #include <utmp.h> | ||
16075 | |||
16076 | _ACEOF | ||
16077 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16078 | $EGREP "ut_time" >/dev/null 2>&1; then : | ||
16079 | eval "$ossh_varname=yes" | ||
16080 | else | ||
16081 | eval "$ossh_varname=no" | ||
16082 | fi | ||
16083 | rm -f conftest* | ||
16084 | |||
16085 | fi | ||
16086 | |||
16087 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16088 | if test -n "`echo $ossh_varname`"; then | ||
16089 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16090 | $as_echo "$ossh_result" >&6; } | ||
16091 | if test "x$ossh_result" = "xyes"; then | ||
16092 | |||
16093 | $as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h | ||
16094 | |||
16095 | fi | ||
16096 | else | ||
16097 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16098 | $as_echo "no" >&6; } | ||
16099 | fi | ||
16100 | |||
16101 | |||
16102 | # look for field 'ut_time' in header 'utmpx.h' | ||
16103 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16104 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time | ||
16105 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5 | ||
16106 | $as_echo_n "checking for ut_time field in utmpx.h... " >&6; } | ||
16107 | if eval \${$ossh_varname+:} false; then : | ||
16108 | $as_echo_n "(cached) " >&6 | ||
16109 | else | ||
16110 | |||
16111 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16112 | /* end confdefs.h. */ | ||
16113 | #include <utmpx.h> | ||
16114 | |||
16115 | _ACEOF | ||
16116 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16117 | $EGREP "ut_time" >/dev/null 2>&1; then : | ||
16118 | eval "$ossh_varname=yes" | ||
16119 | else | ||
16120 | eval "$ossh_varname=no" | ||
16121 | fi | ||
16122 | rm -f conftest* | ||
16123 | |||
16124 | fi | ||
16125 | |||
16126 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16127 | if test -n "`echo $ossh_varname`"; then | ||
16128 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16129 | $as_echo "$ossh_result" >&6; } | ||
16130 | if test "x$ossh_result" = "xyes"; then | ||
16131 | |||
16132 | $as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h | ||
16133 | |||
16134 | fi | ||
16135 | else | ||
16136 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16137 | $as_echo "no" >&6; } | ||
16138 | fi | ||
16139 | |||
16140 | |||
16141 | # look for field 'ut_tv' in header 'utmpx.h' | ||
16142 | ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` | ||
16143 | ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv | ||
16144 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5 | ||
16145 | $as_echo_n "checking for ut_tv field in utmpx.h... " >&6; } | ||
16146 | if eval \${$ossh_varname+:} false; then : | ||
16147 | $as_echo_n "(cached) " >&6 | ||
16148 | else | ||
16149 | |||
16150 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16151 | /* end confdefs.h. */ | ||
16152 | #include <utmpx.h> | ||
16153 | |||
16154 | _ACEOF | ||
16155 | if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | | ||
16156 | $EGREP "ut_tv" >/dev/null 2>&1; then : | ||
16157 | eval "$ossh_varname=yes" | ||
16158 | else | ||
16159 | eval "$ossh_varname=no" | ||
16160 | fi | ||
16161 | rm -f conftest* | ||
16162 | |||
16163 | fi | ||
16164 | |||
16165 | ossh_result=`eval 'echo $'"$ossh_varname"` | ||
16166 | if test -n "`echo $ossh_varname`"; then | ||
16167 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 | ||
16168 | $as_echo "$ossh_result" >&6; } | ||
16169 | if test "x$ossh_result" = "xyes"; then | ||
16170 | |||
16171 | $as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h | ||
16172 | |||
16173 | fi | ||
16174 | else | ||
16175 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16176 | $as_echo "no" >&6; } | ||
16177 | fi | ||
16178 | |||
16179 | |||
16180 | ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default" | ||
16181 | if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then : | ||
16182 | |||
16183 | cat >>confdefs.h <<_ACEOF | ||
16184 | #define HAVE_STRUCT_STAT_ST_BLKSIZE 1 | ||
16185 | _ACEOF | ||
16186 | |||
16187 | |||
16188 | fi | ||
16189 | |||
16190 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" " | ||
16191 | #include <sys/types.h> | ||
16192 | #include <pwd.h> | ||
16193 | |||
16194 | " | ||
16195 | if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then : | ||
16196 | |||
16197 | cat >>confdefs.h <<_ACEOF | ||
16198 | #define HAVE_STRUCT_PASSWD_PW_GECOS 1 | ||
16199 | _ACEOF | ||
16200 | |||
16201 | |||
16202 | fi | ||
16203 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " | ||
16204 | #include <sys/types.h> | ||
16205 | #include <pwd.h> | ||
16206 | |||
16207 | " | ||
16208 | if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then : | ||
16209 | |||
16210 | cat >>confdefs.h <<_ACEOF | ||
16211 | #define HAVE_STRUCT_PASSWD_PW_CLASS 1 | ||
16212 | _ACEOF | ||
16213 | |||
16214 | |||
16215 | fi | ||
16216 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" " | ||
16217 | #include <sys/types.h> | ||
16218 | #include <pwd.h> | ||
16219 | |||
16220 | " | ||
16221 | if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then : | ||
16222 | |||
16223 | cat >>confdefs.h <<_ACEOF | ||
16224 | #define HAVE_STRUCT_PASSWD_PW_CHANGE 1 | ||
16225 | _ACEOF | ||
16226 | |||
16227 | |||
16228 | fi | ||
16229 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" " | ||
16230 | #include <sys/types.h> | ||
16231 | #include <pwd.h> | ||
16232 | |||
16233 | " | ||
16234 | if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then : | ||
16235 | |||
16236 | cat >>confdefs.h <<_ACEOF | ||
16237 | #define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 | ||
16238 | _ACEOF | ||
16239 | |||
16240 | |||
16241 | fi | ||
16242 | |||
16243 | |||
16244 | ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " | ||
16245 | #include <stdio.h> | ||
16246 | #if HAVE_SYS_TYPES_H | ||
16247 | # include <sys/types.h> | ||
16248 | #endif | ||
16249 | #include <netinet/in.h> | ||
16250 | #include <arpa/nameser.h> | ||
16251 | #include <resolv.h> | ||
16252 | |||
16253 | " | ||
16254 | if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then : | ||
16255 | |||
16256 | else | ||
16257 | |||
16258 | $as_echo "#define __res_state state" >>confdefs.h | ||
16259 | |||
16260 | fi | ||
16261 | |||
16262 | |||
16263 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5 | ||
16264 | $as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; } | ||
16265 | if ${ac_cv_have_ss_family_in_struct_ss+:} false; then : | ||
16266 | $as_echo_n "(cached) " >&6 | ||
16267 | else | ||
16268 | |||
16269 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16270 | /* end confdefs.h. */ | ||
16271 | |||
16272 | #include <sys/types.h> | ||
16273 | #include <sys/socket.h> | ||
16274 | |||
16275 | int | ||
16276 | main () | ||
16277 | { | ||
16278 | struct sockaddr_storage s; s.ss_family = 1; | ||
16279 | ; | ||
16280 | return 0; | ||
16281 | } | ||
16282 | _ACEOF | ||
16283 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16284 | ac_cv_have_ss_family_in_struct_ss="yes" | ||
16285 | else | ||
16286 | ac_cv_have_ss_family_in_struct_ss="no" | ||
16287 | fi | ||
16288 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16289 | |||
16290 | fi | ||
16291 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5 | ||
16292 | $as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; } | ||
16293 | if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then | ||
16294 | |||
16295 | $as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h | ||
16296 | |||
16297 | fi | ||
16298 | |||
16299 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5 | ||
16300 | $as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; } | ||
16301 | if ${ac_cv_have___ss_family_in_struct_ss+:} false; then : | ||
16302 | $as_echo_n "(cached) " >&6 | ||
16303 | else | ||
16304 | |||
16305 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16306 | /* end confdefs.h. */ | ||
16307 | |||
16308 | #include <sys/types.h> | ||
16309 | #include <sys/socket.h> | ||
16310 | |||
16311 | int | ||
16312 | main () | ||
16313 | { | ||
16314 | struct sockaddr_storage s; s.__ss_family = 1; | ||
16315 | ; | ||
16316 | return 0; | ||
16317 | } | ||
16318 | _ACEOF | ||
16319 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16320 | ac_cv_have___ss_family_in_struct_ss="yes" | ||
16321 | else | ||
16322 | ac_cv_have___ss_family_in_struct_ss="no" | ||
16323 | |||
16324 | fi | ||
16325 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16326 | |||
16327 | fi | ||
16328 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5 | ||
16329 | $as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; } | ||
16330 | if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then | ||
16331 | |||
16332 | $as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h | ||
16333 | |||
16334 | fi | ||
16335 | |||
16336 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 | ||
16337 | $as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } | ||
16338 | if ${ac_cv_have_accrights_in_msghdr+:} false; then : | ||
16339 | $as_echo_n "(cached) " >&6 | ||
16340 | else | ||
16341 | |||
16342 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16343 | /* end confdefs.h. */ | ||
16344 | |||
16345 | #include <sys/types.h> | ||
16346 | #include <sys/socket.h> | ||
16347 | #include <sys/uio.h> | ||
16348 | |||
16349 | int | ||
16350 | main () | ||
16351 | { | ||
16352 | |||
16353 | #ifdef msg_accrights | ||
16354 | #error "msg_accrights is a macro" | ||
16355 | exit(1); | ||
16356 | #endif | ||
16357 | struct msghdr m; | ||
16358 | m.msg_accrights = 0; | ||
16359 | exit(0); | ||
16360 | |||
16361 | ; | ||
16362 | return 0; | ||
16363 | } | ||
16364 | _ACEOF | ||
16365 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16366 | ac_cv_have_accrights_in_msghdr="yes" | ||
16367 | else | ||
16368 | ac_cv_have_accrights_in_msghdr="no" | ||
16369 | |||
16370 | fi | ||
16371 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16372 | |||
16373 | fi | ||
16374 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5 | ||
16375 | $as_echo "$ac_cv_have_accrights_in_msghdr" >&6; } | ||
16376 | if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then | ||
16377 | |||
16378 | $as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h | ||
16379 | |||
16380 | fi | ||
16381 | |||
16382 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5 | ||
16383 | $as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; } | ||
16384 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16385 | /* end confdefs.h. */ | ||
16386 | |||
16387 | #include <sys/param.h> | ||
16388 | #include <sys/stat.h> | ||
16389 | #ifdef HAVE_SYS_TIME_H | ||
16390 | # include <sys/time.h> | ||
16391 | #endif | ||
16392 | #ifdef HAVE_SYS_MOUNT_H | ||
16393 | #include <sys/mount.h> | ||
16394 | #endif | ||
16395 | #ifdef HAVE_SYS_STATVFS_H | ||
16396 | #include <sys/statvfs.h> | ||
16397 | #endif | ||
16398 | |||
16399 | int | ||
16400 | main () | ||
16401 | { | ||
16402 | struct statvfs s; s.f_fsid = 0; | ||
16403 | ; | ||
16404 | return 0; | ||
16405 | } | ||
16406 | _ACEOF | ||
16407 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16408 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
16409 | $as_echo "yes" >&6; } | ||
16410 | else | ||
16411 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16412 | $as_echo "no" >&6; } | ||
16413 | |||
16414 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5 | ||
16415 | $as_echo_n "checking if fsid_t has member val... " >&6; } | ||
16416 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16417 | /* end confdefs.h. */ | ||
16418 | |||
16419 | #include <sys/types.h> | ||
16420 | #include <sys/statvfs.h> | ||
16421 | |||
16422 | int | ||
16423 | main () | ||
16424 | { | ||
16425 | fsid_t t; t.val[0] = 0; | ||
16426 | ; | ||
16427 | return 0; | ||
16428 | } | ||
16429 | _ACEOF | ||
16430 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16431 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
16432 | $as_echo "yes" >&6; } | ||
16433 | |||
16434 | $as_echo "#define FSID_HAS_VAL 1" >>confdefs.h | ||
16435 | |||
16436 | else | ||
16437 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16438 | $as_echo "no" >&6; } | ||
16439 | fi | ||
16440 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16441 | |||
16442 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5 | ||
16443 | $as_echo_n "checking if f_fsid has member __val... " >&6; } | ||
16444 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16445 | /* end confdefs.h. */ | ||
16446 | |||
16447 | #include <sys/types.h> | ||
16448 | #include <sys/statvfs.h> | ||
16449 | |||
16450 | int | ||
16451 | main () | ||
16452 | { | ||
16453 | fsid_t t; t.__val[0] = 0; | ||
16454 | ; | ||
16455 | return 0; | ||
16456 | } | ||
16457 | _ACEOF | ||
16458 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16459 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
16460 | $as_echo "yes" >&6; } | ||
16461 | |||
16462 | $as_echo "#define FSID_HAS___VAL 1" >>confdefs.h | ||
16463 | |||
16464 | else | ||
16465 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
16466 | $as_echo "no" >&6; } | ||
16467 | fi | ||
16468 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16469 | |||
16470 | fi | ||
16471 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16472 | |||
16473 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5 | ||
16474 | $as_echo_n "checking for msg_control field in struct msghdr... " >&6; } | ||
16475 | if ${ac_cv_have_control_in_msghdr+:} false; then : | ||
16476 | $as_echo_n "(cached) " >&6 | ||
16477 | else | ||
16478 | |||
16479 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16480 | /* end confdefs.h. */ | ||
16481 | |||
16482 | #include <sys/types.h> | ||
16483 | #include <sys/socket.h> | ||
16484 | #include <sys/uio.h> | ||
16485 | |||
16486 | int | ||
16487 | main () | ||
16488 | { | ||
16489 | |||
16490 | #ifdef msg_control | ||
16491 | #error "msg_control is a macro" | ||
16492 | exit(1); | ||
16493 | #endif | ||
16494 | struct msghdr m; | ||
16495 | m.msg_control = 0; | ||
16496 | exit(0); | ||
16497 | |||
16498 | ; | ||
16499 | return 0; | ||
16500 | } | ||
16501 | _ACEOF | ||
16502 | if ac_fn_c_try_compile "$LINENO"; then : | ||
16503 | ac_cv_have_control_in_msghdr="yes" | ||
16504 | else | ||
16505 | ac_cv_have_control_in_msghdr="no" | ||
16506 | |||
16507 | fi | ||
16508 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
16509 | |||
16510 | fi | ||
16511 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5 | ||
16512 | $as_echo "$ac_cv_have_control_in_msghdr" >&6; } | ||
16513 | if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then | ||
16514 | |||
16515 | $as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h | ||
16516 | |||
16517 | fi | ||
16518 | |||
16519 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5 | ||
16520 | $as_echo_n "checking if libc defines __progname... " >&6; } | ||
16521 | if ${ac_cv_libc_defines___progname+:} false; then : | ||
16522 | $as_echo_n "(cached) " >&6 | ||
16523 | else | ||
16524 | |||
16525 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16526 | /* end confdefs.h. */ | ||
16527 | |||
16528 | int | ||
16529 | main () | ||
16530 | { | ||
16531 | extern char *__progname; printf("%s", __progname); | ||
16532 | ; | ||
16533 | return 0; | ||
16534 | } | ||
16535 | _ACEOF | ||
16536 | if ac_fn_c_try_link "$LINENO"; then : | ||
16537 | ac_cv_libc_defines___progname="yes" | ||
16538 | else | ||
16539 | ac_cv_libc_defines___progname="no" | ||
16540 | |||
16541 | fi | ||
16542 | rm -f core conftest.err conftest.$ac_objext \ | ||
16543 | conftest$ac_exeext conftest.$ac_ext | ||
16544 | |||
16545 | fi | ||
16546 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5 | ||
16547 | $as_echo "$ac_cv_libc_defines___progname" >&6; } | ||
16548 | if test "x$ac_cv_libc_defines___progname" = "xyes" ; then | ||
16549 | |||
16550 | $as_echo "#define HAVE___PROGNAME 1" >>confdefs.h | ||
16551 | |||
16552 | fi | ||
16553 | |||
16554 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5 | ||
16555 | $as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; } | ||
16556 | if ${ac_cv_cc_implements___FUNCTION__+:} false; then : | ||
16557 | $as_echo_n "(cached) " >&6 | ||
16558 | else | ||
16559 | |||
16560 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16561 | /* end confdefs.h. */ | ||
16562 | #include <stdio.h> | ||
16563 | int | ||
16564 | main () | ||
16565 | { | ||
16566 | printf("%s", __FUNCTION__); | ||
16567 | ; | ||
16568 | return 0; | ||
16569 | } | ||
16570 | _ACEOF | ||
16571 | if ac_fn_c_try_link "$LINENO"; then : | ||
16572 | ac_cv_cc_implements___FUNCTION__="yes" | ||
16573 | else | ||
16574 | ac_cv_cc_implements___FUNCTION__="no" | ||
16575 | |||
16576 | fi | ||
16577 | rm -f core conftest.err conftest.$ac_objext \ | ||
16578 | conftest$ac_exeext conftest.$ac_ext | ||
16579 | |||
16580 | fi | ||
16581 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5 | ||
16582 | $as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; } | ||
16583 | if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then | ||
16584 | |||
16585 | $as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h | ||
16586 | |||
16587 | fi | ||
16588 | |||
16589 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5 | ||
16590 | $as_echo_n "checking whether $CC implements __func__... " >&6; } | ||
16591 | if ${ac_cv_cc_implements___func__+:} false; then : | ||
16592 | $as_echo_n "(cached) " >&6 | ||
16593 | else | ||
16594 | |||
16595 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16596 | /* end confdefs.h. */ | ||
16597 | #include <stdio.h> | ||
16598 | int | ||
16599 | main () | ||
16600 | { | ||
16601 | printf("%s", __func__); | ||
16602 | ; | ||
16603 | return 0; | ||
16604 | } | ||
16605 | _ACEOF | ||
16606 | if ac_fn_c_try_link "$LINENO"; then : | ||
16607 | ac_cv_cc_implements___func__="yes" | ||
16608 | else | ||
16609 | ac_cv_cc_implements___func__="no" | ||
16610 | |||
16611 | fi | ||
16612 | rm -f core conftest.err conftest.$ac_objext \ | ||
16613 | conftest$ac_exeext conftest.$ac_ext | ||
16614 | |||
16615 | fi | ||
16616 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5 | ||
16617 | $as_echo "$ac_cv_cc_implements___func__" >&6; } | ||
16618 | if test "x$ac_cv_cc_implements___func__" = "xyes" ; then | ||
16619 | |||
16620 | $as_echo "#define HAVE___func__ 1" >>confdefs.h | ||
16621 | |||
16622 | fi | ||
16623 | |||
16624 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5 | ||
16625 | $as_echo_n "checking whether va_copy exists... " >&6; } | ||
16626 | if ${ac_cv_have_va_copy+:} false; then : | ||
16627 | $as_echo_n "(cached) " >&6 | ||
16628 | else | ||
16629 | |||
16630 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16631 | /* end confdefs.h. */ | ||
16632 | |||
16633 | #include <stdarg.h> | ||
16634 | va_list x,y; | ||
16635 | |||
16636 | int | ||
16637 | main () | ||
16638 | { | ||
16639 | va_copy(x,y); | ||
16640 | ; | ||
16641 | return 0; | ||
16642 | } | ||
16643 | _ACEOF | ||
16644 | if ac_fn_c_try_link "$LINENO"; then : | ||
16645 | ac_cv_have_va_copy="yes" | ||
16646 | else | ||
16647 | ac_cv_have_va_copy="no" | ||
16648 | |||
16649 | fi | ||
16650 | rm -f core conftest.err conftest.$ac_objext \ | ||
16651 | conftest$ac_exeext conftest.$ac_ext | ||
16652 | |||
16653 | fi | ||
16654 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5 | ||
16655 | $as_echo "$ac_cv_have_va_copy" >&6; } | ||
16656 | if test "x$ac_cv_have_va_copy" = "xyes" ; then | ||
16657 | |||
16658 | $as_echo "#define HAVE_VA_COPY 1" >>confdefs.h | ||
16659 | |||
16660 | fi | ||
16661 | |||
16662 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5 | ||
16663 | $as_echo_n "checking whether __va_copy exists... " >&6; } | ||
16664 | if ${ac_cv_have___va_copy+:} false; then : | ||
16665 | $as_echo_n "(cached) " >&6 | ||
16666 | else | ||
16667 | |||
16668 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16669 | /* end confdefs.h. */ | ||
16670 | |||
16671 | #include <stdarg.h> | ||
16672 | va_list x,y; | ||
16673 | |||
16674 | int | ||
16675 | main () | ||
16676 | { | ||
16677 | __va_copy(x,y); | ||
16678 | ; | ||
16679 | return 0; | ||
16680 | } | ||
16681 | _ACEOF | ||
16682 | if ac_fn_c_try_link "$LINENO"; then : | ||
16683 | ac_cv_have___va_copy="yes" | ||
16684 | else | ||
16685 | ac_cv_have___va_copy="no" | ||
16686 | |||
16687 | fi | ||
16688 | rm -f core conftest.err conftest.$ac_objext \ | ||
16689 | conftest$ac_exeext conftest.$ac_ext | ||
16690 | |||
16691 | fi | ||
16692 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5 | ||
16693 | $as_echo "$ac_cv_have___va_copy" >&6; } | ||
16694 | if test "x$ac_cv_have___va_copy" = "xyes" ; then | ||
16695 | |||
16696 | $as_echo "#define HAVE___VA_COPY 1" >>confdefs.h | ||
16697 | |||
16698 | fi | ||
16699 | |||
16700 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5 | ||
16701 | $as_echo_n "checking whether getopt has optreset support... " >&6; } | ||
16702 | if ${ac_cv_have_getopt_optreset+:} false; then : | ||
16703 | $as_echo_n "(cached) " >&6 | ||
16704 | else | ||
16705 | |||
16706 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16707 | /* end confdefs.h. */ | ||
16708 | #include <getopt.h> | ||
16709 | int | ||
16710 | main () | ||
16711 | { | ||
16712 | extern int optreset; optreset = 0; | ||
16713 | ; | ||
16714 | return 0; | ||
16715 | } | ||
16716 | _ACEOF | ||
16717 | if ac_fn_c_try_link "$LINENO"; then : | ||
16718 | ac_cv_have_getopt_optreset="yes" | ||
16719 | else | ||
16720 | ac_cv_have_getopt_optreset="no" | ||
16721 | |||
16722 | fi | ||
16723 | rm -f core conftest.err conftest.$ac_objext \ | ||
16724 | conftest$ac_exeext conftest.$ac_ext | ||
16725 | |||
16726 | fi | ||
16727 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5 | ||
16728 | $as_echo "$ac_cv_have_getopt_optreset" >&6; } | ||
16729 | if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then | ||
16730 | |||
16731 | $as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h | ||
16732 | |||
16733 | fi | ||
16734 | |||
16735 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5 | ||
16736 | $as_echo_n "checking if libc defines sys_errlist... " >&6; } | ||
16737 | if ${ac_cv_libc_defines_sys_errlist+:} false; then : | ||
16738 | $as_echo_n "(cached) " >&6 | ||
16739 | else | ||
16740 | |||
16741 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16742 | /* end confdefs.h. */ | ||
16743 | |||
16744 | int | ||
16745 | main () | ||
16746 | { | ||
16747 | extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]); | ||
16748 | ; | ||
16749 | return 0; | ||
16750 | } | ||
16751 | _ACEOF | ||
16752 | if ac_fn_c_try_link "$LINENO"; then : | ||
16753 | ac_cv_libc_defines_sys_errlist="yes" | ||
16754 | else | ||
16755 | ac_cv_libc_defines_sys_errlist="no" | ||
16756 | |||
16757 | fi | ||
16758 | rm -f core conftest.err conftest.$ac_objext \ | ||
16759 | conftest$ac_exeext conftest.$ac_ext | ||
16760 | |||
16761 | fi | ||
16762 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5 | ||
16763 | $as_echo "$ac_cv_libc_defines_sys_errlist" >&6; } | ||
16764 | if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then | ||
16765 | |||
16766 | $as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h | ||
16767 | |||
16768 | fi | ||
16769 | |||
16770 | |||
16771 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5 | ||
16772 | $as_echo_n "checking if libc defines sys_nerr... " >&6; } | ||
16773 | if ${ac_cv_libc_defines_sys_nerr+:} false; then : | ||
16774 | $as_echo_n "(cached) " >&6 | ||
16775 | else | ||
16776 | |||
16777 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16778 | /* end confdefs.h. */ | ||
16779 | |||
16780 | int | ||
16781 | main () | ||
16782 | { | ||
16783 | extern int sys_nerr; printf("%i", sys_nerr); | ||
16784 | ; | ||
16785 | return 0; | ||
16786 | } | ||
16787 | _ACEOF | ||
16788 | if ac_fn_c_try_link "$LINENO"; then : | ||
16789 | ac_cv_libc_defines_sys_nerr="yes" | ||
16790 | else | ||
16791 | ac_cv_libc_defines_sys_nerr="no" | ||
16792 | |||
16793 | fi | ||
16794 | rm -f core conftest.err conftest.$ac_objext \ | ||
16795 | conftest$ac_exeext conftest.$ac_ext | ||
16796 | |||
16797 | fi | ||
16798 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5 | ||
16799 | $as_echo "$ac_cv_libc_defines_sys_nerr" >&6; } | ||
16800 | if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then | ||
16801 | |||
16802 | $as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h | ||
16803 | |||
16804 | fi | ||
16805 | |||
16806 | # Check libraries needed by DNS fingerprint support | ||
16807 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5 | ||
16808 | $as_echo_n "checking for library containing getrrsetbyname... " >&6; } | ||
16809 | if ${ac_cv_search_getrrsetbyname+:} false; then : | ||
16810 | $as_echo_n "(cached) " >&6 | ||
16811 | else | ||
16812 | ac_func_search_save_LIBS=$LIBS | ||
16813 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16814 | /* end confdefs.h. */ | ||
16815 | |||
16816 | /* Override any GCC internal prototype to avoid an error. | ||
16817 | Use char because int might match the return type of a GCC | ||
16818 | builtin and then its argument prototype would still apply. */ | ||
16819 | #ifdef __cplusplus | ||
16820 | extern "C" | ||
16821 | #endif | ||
16822 | char getrrsetbyname (); | ||
16823 | int | ||
16824 | main () | ||
16825 | { | ||
16826 | return getrrsetbyname (); | ||
16827 | ; | ||
16828 | return 0; | ||
16829 | } | ||
16830 | _ACEOF | ||
16831 | for ac_lib in '' resolv; do | ||
16832 | if test -z "$ac_lib"; then | ||
16833 | ac_res="none required" | ||
16834 | else | ||
16835 | ac_res=-l$ac_lib | ||
16836 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
16837 | fi | ||
16838 | if ac_fn_c_try_link "$LINENO"; then : | ||
16839 | ac_cv_search_getrrsetbyname=$ac_res | ||
16840 | fi | ||
16841 | rm -f core conftest.err conftest.$ac_objext \ | ||
16842 | conftest$ac_exeext | ||
16843 | if ${ac_cv_search_getrrsetbyname+:} false; then : | ||
16844 | break | ||
16845 | fi | ||
16846 | done | ||
16847 | if ${ac_cv_search_getrrsetbyname+:} false; then : | ||
16848 | |||
16849 | else | ||
16850 | ac_cv_search_getrrsetbyname=no | ||
16851 | fi | ||
16852 | rm conftest.$ac_ext | ||
16853 | LIBS=$ac_func_search_save_LIBS | ||
16854 | fi | ||
16855 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5 | ||
16856 | $as_echo "$ac_cv_search_getrrsetbyname" >&6; } | ||
16857 | ac_res=$ac_cv_search_getrrsetbyname | ||
16858 | if test "$ac_res" != no; then : | ||
16859 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
16860 | |||
16861 | $as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h | ||
16862 | |||
16863 | else | ||
16864 | |||
16865 | # Needed by our getrrsetbyname() | ||
16866 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5 | ||
16867 | $as_echo_n "checking for library containing res_query... " >&6; } | ||
16868 | if ${ac_cv_search_res_query+:} false; then : | ||
16869 | $as_echo_n "(cached) " >&6 | ||
16870 | else | ||
16871 | ac_func_search_save_LIBS=$LIBS | ||
16872 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16873 | /* end confdefs.h. */ | ||
16874 | |||
16875 | /* Override any GCC internal prototype to avoid an error. | ||
16876 | Use char because int might match the return type of a GCC | ||
16877 | builtin and then its argument prototype would still apply. */ | ||
16878 | #ifdef __cplusplus | ||
16879 | extern "C" | ||
16880 | #endif | ||
16881 | char res_query (); | ||
16882 | int | ||
16883 | main () | ||
16884 | { | ||
16885 | return res_query (); | ||
16886 | ; | ||
16887 | return 0; | ||
16888 | } | ||
16889 | _ACEOF | ||
16890 | for ac_lib in '' resolv; do | ||
16891 | if test -z "$ac_lib"; then | ||
16892 | ac_res="none required" | ||
16893 | else | ||
16894 | ac_res=-l$ac_lib | ||
16895 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
16896 | fi | ||
16897 | if ac_fn_c_try_link "$LINENO"; then : | ||
16898 | ac_cv_search_res_query=$ac_res | ||
16899 | fi | ||
16900 | rm -f core conftest.err conftest.$ac_objext \ | ||
16901 | conftest$ac_exeext | ||
16902 | if ${ac_cv_search_res_query+:} false; then : | ||
16903 | break | ||
16904 | fi | ||
16905 | done | ||
16906 | if ${ac_cv_search_res_query+:} false; then : | ||
16907 | |||
16908 | else | ||
16909 | ac_cv_search_res_query=no | ||
16910 | fi | ||
16911 | rm conftest.$ac_ext | ||
16912 | LIBS=$ac_func_search_save_LIBS | ||
16913 | fi | ||
16914 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5 | ||
16915 | $as_echo "$ac_cv_search_res_query" >&6; } | ||
16916 | ac_res=$ac_cv_search_res_query | ||
16917 | if test "$ac_res" != no; then : | ||
16918 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
16919 | |||
16920 | fi | ||
16921 | |||
16922 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 | ||
16923 | $as_echo_n "checking for library containing dn_expand... " >&6; } | ||
16924 | if ${ac_cv_search_dn_expand+:} false; then : | ||
16925 | $as_echo_n "(cached) " >&6 | ||
16926 | else | ||
16927 | ac_func_search_save_LIBS=$LIBS | ||
16928 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16929 | /* end confdefs.h. */ | ||
16930 | |||
16931 | /* Override any GCC internal prototype to avoid an error. | ||
16932 | Use char because int might match the return type of a GCC | ||
16933 | builtin and then its argument prototype would still apply. */ | ||
16934 | #ifdef __cplusplus | ||
16935 | extern "C" | ||
16936 | #endif | ||
16937 | char dn_expand (); | ||
16938 | int | ||
16939 | main () | ||
16940 | { | ||
16941 | return dn_expand (); | ||
16942 | ; | ||
16943 | return 0; | ||
16944 | } | ||
16945 | _ACEOF | ||
16946 | for ac_lib in '' resolv; do | ||
16947 | if test -z "$ac_lib"; then | ||
16948 | ac_res="none required" | ||
16949 | else | ||
16950 | ac_res=-l$ac_lib | ||
16951 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
16952 | fi | ||
16953 | if ac_fn_c_try_link "$LINENO"; then : | ||
16954 | ac_cv_search_dn_expand=$ac_res | ||
16955 | fi | ||
16956 | rm -f core conftest.err conftest.$ac_objext \ | ||
16957 | conftest$ac_exeext | ||
16958 | if ${ac_cv_search_dn_expand+:} false; then : | ||
16959 | break | ||
16960 | fi | ||
16961 | done | ||
16962 | if ${ac_cv_search_dn_expand+:} false; then : | ||
16963 | |||
16964 | else | ||
16965 | ac_cv_search_dn_expand=no | ||
16966 | fi | ||
16967 | rm conftest.$ac_ext | ||
16968 | LIBS=$ac_func_search_save_LIBS | ||
16969 | fi | ||
16970 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 | ||
16971 | $as_echo "$ac_cv_search_dn_expand" >&6; } | ||
16972 | ac_res=$ac_cv_search_dn_expand | ||
16973 | if test "$ac_res" != no; then : | ||
16974 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
16975 | |||
16976 | fi | ||
16977 | |||
16978 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5 | ||
16979 | $as_echo_n "checking if res_query will link... " >&6; } | ||
16980 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
16981 | /* end confdefs.h. */ | ||
16982 | |||
16983 | #include <sys/types.h> | ||
16984 | #include <netinet/in.h> | ||
16985 | #include <arpa/nameser.h> | ||
16986 | #include <netdb.h> | ||
16987 | #include <resolv.h> | ||
16988 | |||
16989 | int | ||
16990 | main () | ||
16991 | { | ||
16992 | |||
16993 | res_query (0, 0, 0, 0, 0); | ||
16994 | |||
16995 | ; | ||
16996 | return 0; | ||
16997 | } | ||
16998 | _ACEOF | ||
16999 | if ac_fn_c_try_link "$LINENO"; then : | ||
17000 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17001 | $as_echo "yes" >&6; } | ||
17002 | else | ||
17003 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17004 | $as_echo "no" >&6; } | ||
17005 | saved_LIBS="$LIBS" | ||
17006 | LIBS="$LIBS -lresolv" | ||
17007 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 | ||
17008 | $as_echo_n "checking for res_query in -lresolv... " >&6; } | ||
17009 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17010 | /* end confdefs.h. */ | ||
17011 | |||
17012 | #include <sys/types.h> | ||
17013 | #include <netinet/in.h> | ||
17014 | #include <arpa/nameser.h> | ||
17015 | #include <netdb.h> | ||
17016 | #include <resolv.h> | ||
17017 | |||
17018 | int | ||
17019 | main () | ||
17020 | { | ||
17021 | |||
17022 | res_query (0, 0, 0, 0, 0); | ||
17023 | |||
17024 | ; | ||
17025 | return 0; | ||
17026 | } | ||
17027 | _ACEOF | ||
17028 | if ac_fn_c_try_link "$LINENO"; then : | ||
17029 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17030 | $as_echo "yes" >&6; } | ||
17031 | else | ||
17032 | LIBS="$saved_LIBS" | ||
17033 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17034 | $as_echo "no" >&6; } | ||
17035 | fi | ||
17036 | rm -f core conftest.err conftest.$ac_objext \ | ||
17037 | conftest$ac_exeext conftest.$ac_ext | ||
17038 | |||
17039 | fi | ||
17040 | rm -f core conftest.err conftest.$ac_objext \ | ||
17041 | conftest$ac_exeext conftest.$ac_ext | ||
17042 | for ac_func in _getshort _getlong | ||
17043 | do : | ||
17044 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
17045 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
17046 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
17047 | cat >>confdefs.h <<_ACEOF | ||
17048 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
17049 | _ACEOF | ||
17050 | |||
17051 | fi | ||
17052 | done | ||
17053 | |||
17054 | ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h> | ||
17055 | #include <arpa/nameser.h> | ||
17056 | " | ||
17057 | if test "x$ac_cv_have_decl__getshort" = xyes; then : | ||
17058 | ac_have_decl=1 | ||
17059 | else | ||
17060 | ac_have_decl=0 | ||
17061 | fi | ||
17062 | |||
17063 | cat >>confdefs.h <<_ACEOF | ||
17064 | #define HAVE_DECL__GETSHORT $ac_have_decl | ||
17065 | _ACEOF | ||
17066 | ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h> | ||
17067 | #include <arpa/nameser.h> | ||
17068 | " | ||
17069 | if test "x$ac_cv_have_decl__getlong" = xyes; then : | ||
17070 | ac_have_decl=1 | ||
17071 | else | ||
17072 | ac_have_decl=0 | ||
17073 | fi | ||
17074 | |||
17075 | cat >>confdefs.h <<_ACEOF | ||
17076 | #define HAVE_DECL__GETLONG $ac_have_decl | ||
17077 | _ACEOF | ||
17078 | |||
17079 | ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h> | ||
17080 | " | ||
17081 | if test "x$ac_cv_member_HEADER_ad" = xyes; then : | ||
17082 | |||
17083 | $as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h | ||
17084 | |||
17085 | fi | ||
17086 | |||
17087 | |||
17088 | fi | ||
17089 | |||
17090 | |||
17091 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5 | ||
17092 | $as_echo_n "checking if struct __res_state _res is an extern... " >&6; } | ||
17093 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17094 | /* end confdefs.h. */ | ||
17095 | |||
17096 | #include <stdio.h> | ||
17097 | #if HAVE_SYS_TYPES_H | ||
17098 | # include <sys/types.h> | ||
17099 | #endif | ||
17100 | #include <netinet/in.h> | ||
17101 | #include <arpa/nameser.h> | ||
17102 | #include <resolv.h> | ||
17103 | extern struct __res_state _res; | ||
17104 | |||
17105 | int | ||
17106 | main () | ||
17107 | { | ||
17108 | |||
17109 | struct __res_state *volatile p = &_res; /* force resolution of _res */ | ||
17110 | return 0; | ||
17111 | |||
17112 | ; | ||
17113 | return 0; | ||
17114 | } | ||
17115 | _ACEOF | ||
17116 | if ac_fn_c_try_link "$LINENO"; then : | ||
17117 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17118 | $as_echo "yes" >&6; } | ||
17119 | |||
17120 | $as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h | ||
17121 | |||
17122 | |||
17123 | else | ||
17124 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17125 | $as_echo "no" >&6; } | ||
17126 | |||
17127 | fi | ||
17128 | rm -f core conftest.err conftest.$ac_objext \ | ||
17129 | conftest$ac_exeext conftest.$ac_ext | ||
17130 | |||
17131 | # Check whether user wants SELinux support | ||
17132 | SELINUX_MSG="no" | ||
17133 | LIBSELINUX="" | ||
17134 | |||
17135 | # Check whether --with-selinux was given. | ||
17136 | if test "${with_selinux+set}" = set; then : | ||
17137 | withval=$with_selinux; if test "x$withval" != "xno" ; then | ||
17138 | save_LIBS="$LIBS" | ||
17139 | |||
17140 | $as_echo "#define WITH_SELINUX 1" >>confdefs.h | ||
17141 | |||
17142 | SELINUX_MSG="yes" | ||
17143 | ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" | ||
17144 | if test "x$ac_cv_header_selinux_selinux_h" = xyes; then : | ||
17145 | |||
17146 | else | ||
17147 | as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5 | ||
17148 | fi | ||
17149 | |||
17150 | |||
17151 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5 | ||
17152 | $as_echo_n "checking for setexeccon in -lselinux... " >&6; } | ||
17153 | if ${ac_cv_lib_selinux_setexeccon+:} false; then : | ||
17154 | $as_echo_n "(cached) " >&6 | ||
17155 | else | ||
17156 | ac_check_lib_save_LIBS=$LIBS | ||
17157 | LIBS="-lselinux $LIBS" | ||
17158 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17159 | /* end confdefs.h. */ | ||
17160 | |||
17161 | /* Override any GCC internal prototype to avoid an error. | ||
17162 | Use char because int might match the return type of a GCC | ||
17163 | builtin and then its argument prototype would still apply. */ | ||
17164 | #ifdef __cplusplus | ||
17165 | extern "C" | ||
17166 | #endif | ||
17167 | char setexeccon (); | ||
17168 | int | ||
17169 | main () | ||
17170 | { | ||
17171 | return setexeccon (); | ||
17172 | ; | ||
17173 | return 0; | ||
17174 | } | ||
17175 | _ACEOF | ||
17176 | if ac_fn_c_try_link "$LINENO"; then : | ||
17177 | ac_cv_lib_selinux_setexeccon=yes | ||
17178 | else | ||
17179 | ac_cv_lib_selinux_setexeccon=no | ||
17180 | fi | ||
17181 | rm -f core conftest.err conftest.$ac_objext \ | ||
17182 | conftest$ac_exeext conftest.$ac_ext | ||
17183 | LIBS=$ac_check_lib_save_LIBS | ||
17184 | fi | ||
17185 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5 | ||
17186 | $as_echo "$ac_cv_lib_selinux_setexeccon" >&6; } | ||
17187 | if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then : | ||
17188 | LIBSELINUX="-lselinux" | ||
17189 | LIBS="$LIBS -lselinux" | ||
17190 | |||
17191 | else | ||
17192 | as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5 | ||
17193 | fi | ||
17194 | |||
17195 | SSHLIBS="$SSHLIBS $LIBSELINUX" | ||
17196 | SSHDLIBS="$SSHDLIBS $LIBSELINUX" | ||
17197 | for ac_func in getseuserbyname get_default_context_with_level | ||
17198 | do : | ||
17199 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
17200 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
17201 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
17202 | cat >>confdefs.h <<_ACEOF | ||
17203 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
17204 | _ACEOF | ||
17205 | |||
17206 | fi | ||
17207 | done | ||
17208 | |||
17209 | LIBS="$save_LIBS" | ||
17210 | fi | ||
17211 | |||
17212 | fi | ||
17213 | |||
17214 | |||
17215 | |||
17216 | |||
17217 | # Check whether user wants Kerberos 5 support | ||
17218 | KRB5_MSG="no" | ||
17219 | |||
17220 | # Check whether --with-kerberos5 was given. | ||
17221 | if test "${with_kerberos5+set}" = set; then : | ||
17222 | withval=$with_kerberos5; if test "x$withval" != "xno" ; then | ||
17223 | if test "x$withval" = "xyes" ; then | ||
17224 | KRB5ROOT="/usr/local" | ||
17225 | else | ||
17226 | KRB5ROOT=${withval} | ||
17227 | fi | ||
17228 | |||
17229 | |||
17230 | $as_echo "#define KRB5 1" >>confdefs.h | ||
17231 | |||
17232 | KRB5_MSG="yes" | ||
17233 | |||
17234 | if test -n "$ac_tool_prefix"; then | ||
17235 | # Extract the first word of "${ac_tool_prefix}krb5-config", so it can be a program name with args. | ||
17236 | set dummy ${ac_tool_prefix}krb5-config; ac_word=$2 | ||
17237 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
17238 | $as_echo_n "checking for $ac_word... " >&6; } | ||
17239 | if ${ac_cv_path_KRB5CONF+:} false; then : | ||
17240 | $as_echo_n "(cached) " >&6 | ||
17241 | else | ||
17242 | case $KRB5CONF in | ||
17243 | [\\/]* | ?:[\\/]*) | ||
17244 | ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path. | ||
17245 | ;; | ||
17246 | *) | ||
17247 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
17248 | as_dummy="$KRB5ROOT/bin:$PATH" | ||
17249 | for as_dir in $as_dummy | ||
17250 | do | ||
17251 | IFS=$as_save_IFS | ||
17252 | test -z "$as_dir" && as_dir=. | ||
17253 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
17254 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
17255 | ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" | ||
17256 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
17257 | break 2 | ||
17258 | fi | ||
17259 | done | ||
17260 | done | ||
17261 | IFS=$as_save_IFS | ||
17262 | |||
17263 | ;; | ||
17264 | esac | ||
17265 | fi | ||
17266 | KRB5CONF=$ac_cv_path_KRB5CONF | ||
17267 | if test -n "$KRB5CONF"; then | ||
17268 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5 | ||
17269 | $as_echo "$KRB5CONF" >&6; } | ||
17270 | else | ||
17271 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17272 | $as_echo "no" >&6; } | ||
17273 | fi | ||
17274 | |||
17275 | |||
17276 | fi | ||
17277 | if test -z "$ac_cv_path_KRB5CONF"; then | ||
17278 | ac_pt_KRB5CONF=$KRB5CONF | ||
17279 | # Extract the first word of "krb5-config", so it can be a program name with args. | ||
17280 | set dummy krb5-config; ac_word=$2 | ||
17281 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
17282 | $as_echo_n "checking for $ac_word... " >&6; } | ||
17283 | if ${ac_cv_path_ac_pt_KRB5CONF+:} false; then : | ||
17284 | $as_echo_n "(cached) " >&6 | ||
17285 | else | ||
17286 | case $ac_pt_KRB5CONF in | ||
17287 | [\\/]* | ?:[\\/]*) | ||
17288 | ac_cv_path_ac_pt_KRB5CONF="$ac_pt_KRB5CONF" # Let the user override the test with a path. | ||
17289 | ;; | ||
17290 | *) | ||
17291 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
17292 | as_dummy="$KRB5ROOT/bin:$PATH" | ||
17293 | for as_dir in $as_dummy | ||
17294 | do | ||
17295 | IFS=$as_save_IFS | ||
17296 | test -z "$as_dir" && as_dir=. | ||
17297 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
17298 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
17299 | ac_cv_path_ac_pt_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" | ||
17300 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
17301 | break 2 | ||
17302 | fi | ||
17303 | done | ||
17304 | done | ||
17305 | IFS=$as_save_IFS | ||
17306 | |||
17307 | ;; | ||
17308 | esac | ||
17309 | fi | ||
17310 | ac_pt_KRB5CONF=$ac_cv_path_ac_pt_KRB5CONF | ||
17311 | if test -n "$ac_pt_KRB5CONF"; then | ||
17312 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_KRB5CONF" >&5 | ||
17313 | $as_echo "$ac_pt_KRB5CONF" >&6; } | ||
17314 | else | ||
17315 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17316 | $as_echo "no" >&6; } | ||
17317 | fi | ||
17318 | |||
17319 | if test "x$ac_pt_KRB5CONF" = x; then | ||
17320 | KRB5CONF="$KRB5ROOT/bin/krb5-config" | ||
17321 | else | ||
17322 | case $cross_compiling:$ac_tool_warned in | ||
17323 | yes:) | ||
17324 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 | ||
17325 | $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} | ||
17326 | ac_tool_warned=yes ;; | ||
17327 | esac | ||
17328 | KRB5CONF=$ac_pt_KRB5CONF | ||
17329 | fi | ||
17330 | else | ||
17331 | KRB5CONF="$ac_cv_path_KRB5CONF" | ||
17332 | fi | ||
17333 | |||
17334 | if test -x $KRB5CONF ; then | ||
17335 | K5CFLAGS="`$KRB5CONF --cflags`" | ||
17336 | K5LIBS="`$KRB5CONF --libs`" | ||
17337 | CPPFLAGS="$CPPFLAGS $K5CFLAGS" | ||
17338 | |||
17339 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5 | ||
17340 | $as_echo_n "checking for gssapi support... " >&6; } | ||
17341 | if $KRB5CONF | grep gssapi >/dev/null ; then | ||
17342 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17343 | $as_echo "yes" >&6; } | ||
17344 | |||
17345 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
17346 | |||
17347 | GSSCFLAGS="`$KRB5CONF --cflags gssapi`" | ||
17348 | GSSLIBS="`$KRB5CONF --libs gssapi`" | ||
17349 | CPPFLAGS="$CPPFLAGS $GSSCFLAGS" | ||
17350 | else | ||
17351 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17352 | $as_echo "no" >&6; } | ||
17353 | fi | ||
17354 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 | ||
17355 | $as_echo_n "checking whether we are using Heimdal... " >&6; } | ||
17356 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17357 | /* end confdefs.h. */ | ||
17358 | #include <krb5.h> | ||
17359 | |||
17360 | int | ||
17361 | main () | ||
17362 | { | ||
17363 | char *tmp = heimdal_version; | ||
17364 | ; | ||
17365 | return 0; | ||
17366 | } | ||
17367 | _ACEOF | ||
17368 | if ac_fn_c_try_compile "$LINENO"; then : | ||
17369 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17370 | $as_echo "yes" >&6; } | ||
17371 | |||
17372 | $as_echo "#define HEIMDAL 1" >>confdefs.h | ||
17373 | |||
17374 | else | ||
17375 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17376 | $as_echo "no" >&6; } | ||
17377 | |||
17378 | fi | ||
17379 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
17380 | else | ||
17381 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" | ||
17382 | LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" | ||
17383 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 | ||
17384 | $as_echo_n "checking whether we are using Heimdal... " >&6; } | ||
17385 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17386 | /* end confdefs.h. */ | ||
17387 | #include <krb5.h> | ||
17388 | |||
17389 | int | ||
17390 | main () | ||
17391 | { | ||
17392 | char *tmp = heimdal_version; | ||
17393 | ; | ||
17394 | return 0; | ||
17395 | } | ||
17396 | _ACEOF | ||
17397 | if ac_fn_c_try_compile "$LINENO"; then : | ||
17398 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
17399 | $as_echo "yes" >&6; } | ||
17400 | $as_echo "#define HEIMDAL 1" >>confdefs.h | ||
17401 | |||
17402 | K5LIBS="-lkrb5" | ||
17403 | K5LIBS="$K5LIBS -lcom_err -lasn1" | ||
17404 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5 | ||
17405 | $as_echo_n "checking for net_write in -lroken... " >&6; } | ||
17406 | if ${ac_cv_lib_roken_net_write+:} false; then : | ||
17407 | $as_echo_n "(cached) " >&6 | ||
17408 | else | ||
17409 | ac_check_lib_save_LIBS=$LIBS | ||
17410 | LIBS="-lroken $LIBS" | ||
17411 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17412 | /* end confdefs.h. */ | ||
17413 | |||
17414 | /* Override any GCC internal prototype to avoid an error. | ||
17415 | Use char because int might match the return type of a GCC | ||
17416 | builtin and then its argument prototype would still apply. */ | ||
17417 | #ifdef __cplusplus | ||
17418 | extern "C" | ||
17419 | #endif | ||
17420 | char net_write (); | ||
17421 | int | ||
17422 | main () | ||
17423 | { | ||
17424 | return net_write (); | ||
17425 | ; | ||
17426 | return 0; | ||
17427 | } | ||
17428 | _ACEOF | ||
17429 | if ac_fn_c_try_link "$LINENO"; then : | ||
17430 | ac_cv_lib_roken_net_write=yes | ||
17431 | else | ||
17432 | ac_cv_lib_roken_net_write=no | ||
17433 | fi | ||
17434 | rm -f core conftest.err conftest.$ac_objext \ | ||
17435 | conftest$ac_exeext conftest.$ac_ext | ||
17436 | LIBS=$ac_check_lib_save_LIBS | ||
17437 | fi | ||
17438 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5 | ||
17439 | $as_echo "$ac_cv_lib_roken_net_write" >&6; } | ||
17440 | if test "x$ac_cv_lib_roken_net_write" = xyes; then : | ||
17441 | K5LIBS="$K5LIBS -lroken" | ||
17442 | fi | ||
17443 | |||
17444 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5 | ||
17445 | $as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; } | ||
17446 | if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then : | ||
17447 | $as_echo_n "(cached) " >&6 | ||
17448 | else | ||
17449 | ac_check_lib_save_LIBS=$LIBS | ||
17450 | LIBS="-ldes $LIBS" | ||
17451 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17452 | /* end confdefs.h. */ | ||
17453 | |||
17454 | /* Override any GCC internal prototype to avoid an error. | ||
17455 | Use char because int might match the return type of a GCC | ||
17456 | builtin and then its argument prototype would still apply. */ | ||
17457 | #ifdef __cplusplus | ||
17458 | extern "C" | ||
17459 | #endif | ||
17460 | char des_cbc_encrypt (); | ||
17461 | int | ||
17462 | main () | ||
17463 | { | ||
17464 | return des_cbc_encrypt (); | ||
17465 | ; | ||
17466 | return 0; | ||
17467 | } | ||
17468 | _ACEOF | ||
17469 | if ac_fn_c_try_link "$LINENO"; then : | ||
17470 | ac_cv_lib_des_des_cbc_encrypt=yes | ||
17471 | else | ||
17472 | ac_cv_lib_des_des_cbc_encrypt=no | ||
17473 | fi | ||
17474 | rm -f core conftest.err conftest.$ac_objext \ | ||
17475 | conftest$ac_exeext conftest.$ac_ext | ||
17476 | LIBS=$ac_check_lib_save_LIBS | ||
17477 | fi | ||
17478 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 | ||
17479 | $as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; } | ||
17480 | if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then : | ||
17481 | K5LIBS="$K5LIBS -ldes" | ||
17482 | fi | ||
17483 | |||
17484 | |||
17485 | else | ||
17486 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17487 | $as_echo "no" >&6; } | ||
17488 | K5LIBS="-lkrb5 -lk5crypto -lcom_err" | ||
17489 | |||
17490 | fi | ||
17491 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
17492 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 | ||
17493 | $as_echo_n "checking for library containing dn_expand... " >&6; } | ||
17494 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17495 | $as_echo_n "(cached) " >&6 | ||
17496 | else | ||
17497 | ac_func_search_save_LIBS=$LIBS | ||
17498 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17499 | /* end confdefs.h. */ | ||
17500 | |||
17501 | /* Override any GCC internal prototype to avoid an error. | ||
17502 | Use char because int might match the return type of a GCC | ||
17503 | builtin and then its argument prototype would still apply. */ | ||
17504 | #ifdef __cplusplus | ||
17505 | extern "C" | ||
17506 | #endif | ||
17507 | char dn_expand (); | ||
17508 | int | ||
17509 | main () | ||
17510 | { | ||
17511 | return dn_expand (); | ||
17512 | ; | ||
17513 | return 0; | ||
17514 | } | ||
17515 | _ACEOF | ||
17516 | for ac_lib in '' resolv; do | ||
17517 | if test -z "$ac_lib"; then | ||
17518 | ac_res="none required" | ||
17519 | else | ||
17520 | ac_res=-l$ac_lib | ||
17521 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
17522 | fi | ||
17523 | if ac_fn_c_try_link "$LINENO"; then : | ||
17524 | ac_cv_search_dn_expand=$ac_res | ||
17525 | fi | ||
17526 | rm -f core conftest.err conftest.$ac_objext \ | ||
17527 | conftest$ac_exeext | ||
17528 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17529 | break | ||
17530 | fi | ||
17531 | done | ||
17532 | if ${ac_cv_search_dn_expand+:} false; then : | ||
17533 | |||
17534 | else | ||
17535 | ac_cv_search_dn_expand=no | ||
17536 | fi | ||
17537 | rm conftest.$ac_ext | ||
17538 | LIBS=$ac_func_search_save_LIBS | ||
17539 | fi | ||
17540 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 | ||
17541 | $as_echo "$ac_cv_search_dn_expand" >&6; } | ||
17542 | ac_res=$ac_cv_search_dn_expand | ||
17543 | if test "$ac_res" != no; then : | ||
17544 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
17545 | |||
17546 | fi | ||
17547 | |||
17548 | |||
17549 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5 | ||
17550 | $as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; } | ||
17551 | if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then : | ||
17552 | $as_echo_n "(cached) " >&6 | ||
17553 | else | ||
17554 | ac_check_lib_save_LIBS=$LIBS | ||
17555 | LIBS="-lgssapi_krb5 $LIBS" | ||
17556 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17557 | /* end confdefs.h. */ | ||
17558 | |||
17559 | /* Override any GCC internal prototype to avoid an error. | ||
17560 | Use char because int might match the return type of a GCC | ||
17561 | builtin and then its argument prototype would still apply. */ | ||
17562 | #ifdef __cplusplus | ||
17563 | extern "C" | ||
17564 | #endif | ||
17565 | char gss_init_sec_context (); | ||
17566 | int | ||
17567 | main () | ||
17568 | { | ||
17569 | return gss_init_sec_context (); | ||
17570 | ; | ||
17571 | return 0; | ||
17572 | } | ||
17573 | _ACEOF | ||
17574 | if ac_fn_c_try_link "$LINENO"; then : | ||
17575 | ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes | ||
17576 | else | ||
17577 | ac_cv_lib_gssapi_krb5_gss_init_sec_context=no | ||
17578 | fi | ||
17579 | rm -f core conftest.err conftest.$ac_objext \ | ||
17580 | conftest$ac_exeext conftest.$ac_ext | ||
17581 | LIBS=$ac_check_lib_save_LIBS | ||
17582 | fi | ||
17583 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 | ||
17584 | $as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; } | ||
17585 | if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then : | ||
17586 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
17587 | |||
17588 | GSSLIBS="-lgssapi_krb5" | ||
17589 | else | ||
17590 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5 | ||
17591 | $as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; } | ||
17592 | if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then : | ||
17593 | $as_echo_n "(cached) " >&6 | ||
17594 | else | ||
17595 | ac_check_lib_save_LIBS=$LIBS | ||
17596 | LIBS="-lgssapi $LIBS" | ||
17597 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17598 | /* end confdefs.h. */ | ||
17599 | |||
17600 | /* Override any GCC internal prototype to avoid an error. | ||
17601 | Use char because int might match the return type of a GCC | ||
17602 | builtin and then its argument prototype would still apply. */ | ||
17603 | #ifdef __cplusplus | ||
17604 | extern "C" | ||
17605 | #endif | ||
17606 | char gss_init_sec_context (); | ||
17607 | int | ||
17608 | main () | ||
17609 | { | ||
17610 | return gss_init_sec_context (); | ||
17611 | ; | ||
17612 | return 0; | ||
17613 | } | ||
17614 | _ACEOF | ||
17615 | if ac_fn_c_try_link "$LINENO"; then : | ||
17616 | ac_cv_lib_gssapi_gss_init_sec_context=yes | ||
17617 | else | ||
17618 | ac_cv_lib_gssapi_gss_init_sec_context=no | ||
17619 | fi | ||
17620 | rm -f core conftest.err conftest.$ac_objext \ | ||
17621 | conftest$ac_exeext conftest.$ac_ext | ||
17622 | LIBS=$ac_check_lib_save_LIBS | ||
17623 | fi | ||
17624 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 | ||
17625 | $as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; } | ||
17626 | if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then : | ||
17627 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
17628 | |||
17629 | GSSLIBS="-lgssapi" | ||
17630 | else | ||
17631 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5 | ||
17632 | $as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; } | ||
17633 | if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then : | ||
17634 | $as_echo_n "(cached) " >&6 | ||
17635 | else | ||
17636 | ac_check_lib_save_LIBS=$LIBS | ||
17637 | LIBS="-lgss $LIBS" | ||
17638 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17639 | /* end confdefs.h. */ | ||
17640 | |||
17641 | /* Override any GCC internal prototype to avoid an error. | ||
17642 | Use char because int might match the return type of a GCC | ||
17643 | builtin and then its argument prototype would still apply. */ | ||
17644 | #ifdef __cplusplus | ||
17645 | extern "C" | ||
17646 | #endif | ||
17647 | char gss_init_sec_context (); | ||
17648 | int | ||
17649 | main () | ||
17650 | { | ||
17651 | return gss_init_sec_context (); | ||
17652 | ; | ||
17653 | return 0; | ||
17654 | } | ||
17655 | _ACEOF | ||
17656 | if ac_fn_c_try_link "$LINENO"; then : | ||
17657 | ac_cv_lib_gss_gss_init_sec_context=yes | ||
17658 | else | ||
17659 | ac_cv_lib_gss_gss_init_sec_context=no | ||
17660 | fi | ||
17661 | rm -f core conftest.err conftest.$ac_objext \ | ||
17662 | conftest$ac_exeext conftest.$ac_ext | ||
17663 | LIBS=$ac_check_lib_save_LIBS | ||
17664 | fi | ||
17665 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5 | ||
17666 | $as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; } | ||
17667 | if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then : | ||
17668 | $as_echo "#define GSSAPI 1" >>confdefs.h | ||
17669 | |||
17670 | GSSLIBS="-lgss" | ||
17671 | else | ||
17672 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 | ||
17673 | $as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} | ||
17674 | fi | ||
17675 | |||
17676 | |||
17677 | fi | ||
17678 | |||
17679 | |||
17680 | fi | ||
17681 | |||
17682 | |||
17683 | ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" | ||
17684 | if test "x$ac_cv_header_gssapi_h" = xyes; then : | ||
17685 | |||
17686 | else | ||
17687 | unset ac_cv_header_gssapi_h | ||
17688 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | ||
17689 | for ac_header in gssapi.h | ||
17690 | do : | ||
17691 | ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" | ||
17692 | if test "x$ac_cv_header_gssapi_h" = xyes; then : | ||
17693 | cat >>confdefs.h <<_ACEOF | ||
17694 | #define HAVE_GSSAPI_H 1 | ||
17695 | _ACEOF | ||
17696 | |||
17697 | else | ||
17698 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 | ||
17699 | $as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} | ||
17700 | |||
17701 | fi | ||
17702 | |||
17703 | done | ||
17704 | |||
17705 | |||
17706 | |||
17707 | fi | ||
17708 | |||
17709 | |||
17710 | |||
17711 | oldCPP="$CPPFLAGS" | ||
17712 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | ||
17713 | ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default" | ||
17714 | if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then : | ||
17715 | |||
17716 | else | ||
17717 | CPPFLAGS="$oldCPP" | ||
17718 | fi | ||
17719 | |||
17720 | |||
17721 | |||
17722 | fi | ||
17723 | if test ! -z "$need_dash_r" ; then | ||
17724 | LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" | ||
17725 | fi | ||
17726 | if test ! -z "$blibpath" ; then | ||
17727 | blibpath="$blibpath:${KRB5ROOT}/lib" | ||
17728 | fi | ||
17729 | |||
17730 | for ac_header in gssapi.h gssapi/gssapi.h | ||
17731 | do : | ||
17732 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
17733 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
17734 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
17735 | cat >>confdefs.h <<_ACEOF | ||
17736 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
17737 | _ACEOF | ||
17738 | |||
17739 | fi | ||
17740 | |||
17741 | done | ||
17742 | |||
17743 | for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h | ||
17744 | do : | ||
17745 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
17746 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
17747 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
17748 | cat >>confdefs.h <<_ACEOF | ||
17749 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
17750 | _ACEOF | ||
17751 | |||
17752 | fi | ||
17753 | |||
17754 | done | ||
17755 | |||
17756 | for ac_header in gssapi_generic.h gssapi/gssapi_generic.h | ||
17757 | do : | ||
17758 | as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` | ||
17759 | ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" | ||
17760 | if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : | ||
17761 | cat >>confdefs.h <<_ACEOF | ||
17762 | #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 | ||
17763 | _ACEOF | ||
17764 | |||
17765 | fi | ||
17766 | |||
17767 | done | ||
17768 | |||
17769 | |||
17770 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5 | ||
17771 | $as_echo_n "checking for library containing k_hasafs... " >&6; } | ||
17772 | if ${ac_cv_search_k_hasafs+:} false; then : | ||
17773 | $as_echo_n "(cached) " >&6 | ||
17774 | else | ||
17775 | ac_func_search_save_LIBS=$LIBS | ||
17776 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
17777 | /* end confdefs.h. */ | ||
17778 | |||
17779 | /* Override any GCC internal prototype to avoid an error. | ||
17780 | Use char because int might match the return type of a GCC | ||
17781 | builtin and then its argument prototype would still apply. */ | ||
17782 | #ifdef __cplusplus | ||
17783 | extern "C" | ||
17784 | #endif | ||
17785 | char k_hasafs (); | ||
17786 | int | ||
17787 | main () | ||
17788 | { | ||
17789 | return k_hasafs (); | ||
17790 | ; | ||
17791 | return 0; | ||
17792 | } | ||
17793 | _ACEOF | ||
17794 | for ac_lib in '' kafs; do | ||
17795 | if test -z "$ac_lib"; then | ||
17796 | ac_res="none required" | ||
17797 | else | ||
17798 | ac_res=-l$ac_lib | ||
17799 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
17800 | fi | ||
17801 | if ac_fn_c_try_link "$LINENO"; then : | ||
17802 | ac_cv_search_k_hasafs=$ac_res | ||
17803 | fi | ||
17804 | rm -f core conftest.err conftest.$ac_objext \ | ||
17805 | conftest$ac_exeext | ||
17806 | if ${ac_cv_search_k_hasafs+:} false; then : | ||
17807 | break | ||
17808 | fi | ||
17809 | done | ||
17810 | if ${ac_cv_search_k_hasafs+:} false; then : | ||
17811 | |||
17812 | else | ||
17813 | ac_cv_search_k_hasafs=no | ||
17814 | fi | ||
17815 | rm conftest.$ac_ext | ||
17816 | LIBS=$ac_func_search_save_LIBS | ||
17817 | fi | ||
17818 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5 | ||
17819 | $as_echo "$ac_cv_search_k_hasafs" >&6; } | ||
17820 | ac_res=$ac_cv_search_k_hasafs | ||
17821 | if test "$ac_res" != no; then : | ||
17822 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
17823 | |||
17824 | $as_echo "#define USE_AFS 1" >>confdefs.h | ||
17825 | |||
17826 | fi | ||
17827 | |||
17828 | |||
17829 | ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" " | ||
17830 | #ifdef HAVE_GSSAPI_H | ||
17831 | # include <gssapi.h> | ||
17832 | #elif defined(HAVE_GSSAPI_GSSAPI_H) | ||
17833 | # include <gssapi/gssapi.h> | ||
17834 | #endif | ||
17835 | |||
17836 | #ifdef HAVE_GSSAPI_GENERIC_H | ||
17837 | # include <gssapi_generic.h> | ||
17838 | #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) | ||
17839 | # include <gssapi/gssapi_generic.h> | ||
17840 | #endif | ||
17841 | |||
17842 | " | ||
17843 | if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then : | ||
17844 | ac_have_decl=1 | ||
17845 | else | ||
17846 | ac_have_decl=0 | ||
17847 | fi | ||
17848 | |||
17849 | cat >>confdefs.h <<_ACEOF | ||
17850 | #define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl | ||
17851 | _ACEOF | ||
17852 | |||
17853 | saved_LIBS="$LIBS" | ||
17854 | LIBS="$LIBS $K5LIBS" | ||
17855 | for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message | ||
17856 | do : | ||
17857 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
17858 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
17859 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
17860 | cat >>confdefs.h <<_ACEOF | ||
17861 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
17862 | _ACEOF | ||
17863 | |||
17864 | fi | ||
17865 | done | ||
17866 | |||
17867 | LIBS="$saved_LIBS" | ||
17868 | |||
17869 | fi | ||
17870 | |||
17871 | |||
17872 | fi | ||
17873 | |||
17874 | |||
17875 | |||
17876 | |||
17877 | # Looking for programs, paths and files | ||
17878 | |||
17879 | PRIVSEP_PATH=/var/empty | ||
17880 | |||
17881 | # Check whether --with-privsep-path was given. | ||
17882 | if test "${with_privsep_path+set}" = set; then : | ||
17883 | withval=$with_privsep_path; | ||
17884 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
17885 | test "x${withval}" != "xyes"; then | ||
17886 | PRIVSEP_PATH=$withval | ||
17887 | fi | ||
17888 | |||
17889 | |||
17890 | fi | ||
17891 | |||
17892 | |||
17893 | |||
17894 | |||
17895 | # Check whether --with-xauth was given. | ||
17896 | if test "${with_xauth+set}" = set; then : | ||
17897 | withval=$with_xauth; | ||
17898 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
17899 | test "x${withval}" != "xyes"; then | ||
17900 | xauth_path=$withval | ||
17901 | fi | ||
17902 | |||
17903 | else | ||
17904 | |||
17905 | TestPath="$PATH" | ||
17906 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" | ||
17907 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" | ||
17908 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" | ||
17909 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" | ||
17910 | # Extract the first word of "xauth", so it can be a program name with args. | ||
17911 | set dummy xauth; ac_word=$2 | ||
17912 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
17913 | $as_echo_n "checking for $ac_word... " >&6; } | ||
17914 | if ${ac_cv_path_xauth_path+:} false; then : | ||
17915 | $as_echo_n "(cached) " >&6 | ||
17916 | else | ||
17917 | case $xauth_path in | ||
17918 | [\\/]* | ?:[\\/]*) | ||
17919 | ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path. | ||
17920 | ;; | ||
17921 | *) | ||
17922 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
17923 | for as_dir in $TestPath | ||
17924 | do | ||
17925 | IFS=$as_save_IFS | ||
17926 | test -z "$as_dir" && as_dir=. | ||
17927 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
17928 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
17929 | ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext" | ||
17930 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
17931 | break 2 | ||
17932 | fi | ||
17933 | done | ||
17934 | done | ||
17935 | IFS=$as_save_IFS | ||
17936 | |||
17937 | ;; | ||
17938 | esac | ||
17939 | fi | ||
17940 | xauth_path=$ac_cv_path_xauth_path | ||
17941 | if test -n "$xauth_path"; then | ||
17942 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5 | ||
17943 | $as_echo "$xauth_path" >&6; } | ||
17944 | else | ||
17945 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
17946 | $as_echo "no" >&6; } | ||
17947 | fi | ||
17948 | |||
17949 | |||
17950 | if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then | ||
17951 | xauth_path="/usr/openwin/bin/xauth" | ||
17952 | fi | ||
17953 | |||
17954 | |||
17955 | fi | ||
17956 | |||
17957 | |||
17958 | STRIP_OPT=-s | ||
17959 | # Check whether --enable-strip was given. | ||
17960 | if test "${enable_strip+set}" = set; then : | ||
17961 | enableval=$enable_strip; | ||
17962 | if test "x$enableval" = "xno" ; then | ||
17963 | STRIP_OPT= | ||
17964 | fi | ||
17965 | |||
17966 | |||
17967 | fi | ||
17968 | |||
17969 | |||
17970 | |||
17971 | if test -z "$xauth_path" ; then | ||
17972 | XAUTH_PATH="undefined" | ||
17973 | |||
17974 | else | ||
17975 | |||
17976 | cat >>confdefs.h <<_ACEOF | ||
17977 | #define XAUTH_PATH "$xauth_path" | ||
17978 | _ACEOF | ||
17979 | |||
17980 | XAUTH_PATH=$xauth_path | ||
17981 | |||
17982 | fi | ||
17983 | |||
17984 | # Check for mail directory | ||
17985 | |||
17986 | # Check whether --with-maildir was given. | ||
17987 | if test "${with_maildir+set}" = set; then : | ||
17988 | withval=$with_maildir; | ||
17989 | if test "X$withval" != X && test "x$withval" != xno && \ | ||
17990 | test "x${withval}" != xyes; then | ||
17991 | |||
17992 | cat >>confdefs.h <<_ACEOF | ||
17993 | #define MAIL_DIRECTORY "$withval" | ||
17994 | _ACEOF | ||
17995 | |||
17996 | fi | ||
17997 | |||
17998 | else | ||
17999 | |||
18000 | if test "X$maildir" != "X"; then | ||
18001 | cat >>confdefs.h <<_ACEOF | ||
18002 | #define MAIL_DIRECTORY "$maildir" | ||
18003 | _ACEOF | ||
18004 | |||
18005 | else | ||
18006 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5 | ||
18007 | $as_echo_n "checking Discovering system mail directory... " >&6; } | ||
18008 | if test "$cross_compiling" = yes; then : | ||
18009 | |||
18010 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5 | ||
18011 | $as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;} | ||
18012 | |||
18013 | |||
18014 | else | ||
18015 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18016 | /* end confdefs.h. */ | ||
18017 | |||
18018 | #include <stdio.h> | ||
18019 | #include <string.h> | ||
18020 | #ifdef HAVE_PATHS_H | ||
18021 | #include <paths.h> | ||
18022 | #endif | ||
18023 | #ifdef HAVE_MAILLOCK_H | ||
18024 | #include <maillock.h> | ||
18025 | #endif | ||
18026 | #define DATA "conftest.maildir" | ||
18027 | |||
18028 | int | ||
18029 | main () | ||
18030 | { | ||
18031 | |||
18032 | FILE *fd; | ||
18033 | int rc; | ||
18034 | |||
18035 | fd = fopen(DATA,"w"); | ||
18036 | if(fd == NULL) | ||
18037 | exit(1); | ||
18038 | |||
18039 | #if defined (_PATH_MAILDIR) | ||
18040 | if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) | ||
18041 | exit(1); | ||
18042 | #elif defined (MAILDIR) | ||
18043 | if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) | ||
18044 | exit(1); | ||
18045 | #elif defined (_PATH_MAIL) | ||
18046 | if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) | ||
18047 | exit(1); | ||
18048 | #else | ||
18049 | exit (2); | ||
18050 | #endif | ||
18051 | |||
18052 | exit(0); | ||
18053 | |||
18054 | ; | ||
18055 | return 0; | ||
18056 | } | ||
18057 | _ACEOF | ||
18058 | if ac_fn_c_try_run "$LINENO"; then : | ||
18059 | |||
18060 | maildir_what=`awk -F: '{print $1}' conftest.maildir` | ||
18061 | maildir=`awk -F: '{print $2}' conftest.maildir \ | ||
18062 | | sed 's|/$||'` | ||
18063 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5 | ||
18064 | $as_echo "Using: $maildir from $maildir_what" >&6; } | ||
18065 | if test "x$maildir_what" != "x_PATH_MAILDIR"; then | ||
18066 | cat >>confdefs.h <<_ACEOF | ||
18067 | #define MAIL_DIRECTORY "$maildir" | ||
18068 | _ACEOF | ||
18069 | |||
18070 | fi | ||
18071 | |||
18072 | else | ||
18073 | |||
18074 | if test "X$ac_status" = "X2";then | ||
18075 | # our test program didn't find it. Default to /var/spool/mail | ||
18076 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5 | ||
18077 | $as_echo "Using: default value of /var/spool/mail" >&6; } | ||
18078 | cat >>confdefs.h <<_ACEOF | ||
18079 | #define MAIL_DIRECTORY "/var/spool/mail" | ||
18080 | _ACEOF | ||
18081 | |||
18082 | else | ||
18083 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5 | ||
18084 | $as_echo "*** not found ***" >&6; } | ||
18085 | fi | ||
18086 | |||
18087 | fi | ||
18088 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
18089 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
18090 | fi | ||
18091 | |||
18092 | fi | ||
18093 | |||
18094 | |||
18095 | fi | ||
18096 | # maildir | ||
18097 | |||
18098 | if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then | ||
18099 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5 | ||
18100 | $as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;} | ||
18101 | disable_ptmx_check=yes | ||
18102 | fi | ||
18103 | if test -z "$no_dev_ptmx" ; then | ||
18104 | if test "x$disable_ptmx_check" != "xyes" ; then | ||
18105 | as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` | ||
18106 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 | ||
18107 | $as_echo_n "checking for \"/dev/ptmx\"... " >&6; } | ||
18108 | if eval \${$as_ac_File+:} false; then : | ||
18109 | $as_echo_n "(cached) " >&6 | ||
18110 | else | ||
18111 | test "$cross_compiling" = yes && | ||
18112 | as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 | ||
18113 | if test -r ""/dev/ptmx""; then | ||
18114 | eval "$as_ac_File=yes" | ||
18115 | else | ||
18116 | eval "$as_ac_File=no" | ||
18117 | fi | ||
18118 | fi | ||
18119 | eval ac_res=\$$as_ac_File | ||
18120 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
18121 | $as_echo "$ac_res" >&6; } | ||
18122 | if eval test \"x\$"$as_ac_File"\" = x"yes"; then : | ||
18123 | |||
18124 | |||
18125 | cat >>confdefs.h <<_ACEOF | ||
18126 | #define HAVE_DEV_PTMX 1 | ||
18127 | _ACEOF | ||
18128 | |||
18129 | have_dev_ptmx=1 | ||
18130 | |||
18131 | |||
18132 | fi | ||
18133 | |||
18134 | fi | ||
18135 | fi | ||
18136 | |||
18137 | if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then | ||
18138 | as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh` | ||
18139 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 | ||
18140 | $as_echo_n "checking for \"/dev/ptc\"... " >&6; } | ||
18141 | if eval \${$as_ac_File+:} false; then : | ||
18142 | $as_echo_n "(cached) " >&6 | ||
18143 | else | ||
18144 | test "$cross_compiling" = yes && | ||
18145 | as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 | ||
18146 | if test -r ""/dev/ptc""; then | ||
18147 | eval "$as_ac_File=yes" | ||
18148 | else | ||
18149 | eval "$as_ac_File=no" | ||
18150 | fi | ||
18151 | fi | ||
18152 | eval ac_res=\$$as_ac_File | ||
18153 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
18154 | $as_echo "$ac_res" >&6; } | ||
18155 | if eval test \"x\$"$as_ac_File"\" = x"yes"; then : | ||
18156 | |||
18157 | |||
18158 | cat >>confdefs.h <<_ACEOF | ||
18159 | #define HAVE_DEV_PTS_AND_PTC 1 | ||
18160 | _ACEOF | ||
18161 | |||
18162 | have_dev_ptc=1 | ||
18163 | |||
18164 | |||
18165 | fi | ||
18166 | |||
18167 | else | ||
18168 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5 | ||
18169 | $as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;} | ||
18170 | fi | ||
18171 | |||
18172 | # Options from here on. Some of these are preset by platform above | ||
18173 | |||
18174 | # Check whether --with-mantype was given. | ||
18175 | if test "${with_mantype+set}" = set; then : | ||
18176 | withval=$with_mantype; | ||
18177 | case "$withval" in | ||
18178 | man|cat|doc) | ||
18179 | MANTYPE=$withval | ||
18180 | ;; | ||
18181 | *) | ||
18182 | as_fn_error $? "invalid man type: $withval" "$LINENO" 5 | ||
18183 | ;; | ||
18184 | esac | ||
18185 | |||
18186 | |||
18187 | fi | ||
18188 | |||
18189 | if test -z "$MANTYPE"; then | ||
18190 | TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" | ||
18191 | for ac_prog in nroff awf | ||
18192 | do | ||
18193 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
18194 | set dummy $ac_prog; ac_word=$2 | ||
18195 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | ||
18196 | $as_echo_n "checking for $ac_word... " >&6; } | ||
18197 | if ${ac_cv_path_NROFF+:} false; then : | ||
18198 | $as_echo_n "(cached) " >&6 | ||
18199 | else | ||
18200 | case $NROFF in | ||
18201 | [\\/]* | ?:[\\/]*) | ||
18202 | ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. | ||
18203 | ;; | ||
18204 | *) | ||
18205 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
18206 | for as_dir in $TestPath | ||
18207 | do | ||
18208 | IFS=$as_save_IFS | ||
18209 | test -z "$as_dir" && as_dir=. | ||
18210 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
18211 | if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
18212 | ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" | ||
18213 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
18214 | break 2 | ||
18215 | fi | ||
18216 | done | ||
18217 | done | ||
18218 | IFS=$as_save_IFS | ||
18219 | |||
18220 | ;; | ||
18221 | esac | ||
18222 | fi | ||
18223 | NROFF=$ac_cv_path_NROFF | ||
18224 | if test -n "$NROFF"; then | ||
18225 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 | ||
18226 | $as_echo "$NROFF" >&6; } | ||
18227 | else | ||
18228 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18229 | $as_echo "no" >&6; } | ||
18230 | fi | ||
18231 | |||
18232 | |||
18233 | test -n "$NROFF" && break | ||
18234 | done | ||
18235 | test -n "$NROFF" || NROFF="/bin/false" | ||
18236 | |||
18237 | if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then | ||
18238 | MANTYPE=doc | ||
18239 | elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then | ||
18240 | MANTYPE=man | ||
18241 | else | ||
18242 | MANTYPE=cat | ||
18243 | fi | ||
18244 | fi | ||
18245 | |||
18246 | if test "$MANTYPE" = "doc"; then | ||
18247 | mansubdir=man; | ||
18248 | else | ||
18249 | mansubdir=$MANTYPE; | ||
18250 | fi | ||
18251 | |||
18252 | |||
18253 | # Check whether to enable MD5 passwords | ||
18254 | MD5_MSG="no" | ||
18255 | |||
18256 | # Check whether --with-md5-passwords was given. | ||
18257 | if test "${with_md5_passwords+set}" = set; then : | ||
18258 | withval=$with_md5_passwords; | ||
18259 | if test "x$withval" != "xno" ; then | ||
18260 | |||
18261 | $as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h | ||
18262 | |||
18263 | MD5_MSG="yes" | ||
18264 | fi | ||
18265 | |||
18266 | |||
18267 | fi | ||
18268 | |||
18269 | |||
18270 | # Whether to disable shadow password support | ||
18271 | |||
18272 | # Check whether --with-shadow was given. | ||
18273 | if test "${with_shadow+set}" = set; then : | ||
18274 | withval=$with_shadow; | ||
18275 | if test "x$withval" = "xno" ; then | ||
18276 | $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h | ||
18277 | |||
18278 | disable_shadow=yes | ||
18279 | fi | ||
18280 | |||
18281 | |||
18282 | fi | ||
18283 | |||
18284 | |||
18285 | if test -z "$disable_shadow" ; then | ||
18286 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5 | ||
18287 | $as_echo_n "checking if the systems has expire shadow information... " >&6; } | ||
18288 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18289 | /* end confdefs.h. */ | ||
18290 | |||
18291 | #include <sys/types.h> | ||
18292 | #include <shadow.h> | ||
18293 | struct spwd sp; | ||
18294 | |||
18295 | int | ||
18296 | main () | ||
18297 | { | ||
18298 | sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; | ||
18299 | ; | ||
18300 | return 0; | ||
18301 | } | ||
18302 | _ACEOF | ||
18303 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18304 | sp_expire_available=yes | ||
18305 | fi | ||
18306 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18307 | |||
18308 | if test "x$sp_expire_available" = "xyes" ; then | ||
18309 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18310 | $as_echo "yes" >&6; } | ||
18311 | |||
18312 | $as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h | ||
18313 | |||
18314 | else | ||
18315 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18316 | $as_echo "no" >&6; } | ||
18317 | fi | ||
18318 | fi | ||
18319 | |||
18320 | # Use ip address instead of hostname in $DISPLAY | ||
18321 | if test ! -z "$IPADDR_IN_DISPLAY" ; then | ||
18322 | DISPLAY_HACK_MSG="yes" | ||
18323 | |||
18324 | $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h | ||
18325 | |||
18326 | else | ||
18327 | DISPLAY_HACK_MSG="no" | ||
18328 | |||
18329 | # Check whether --with-ipaddr-display was given. | ||
18330 | if test "${with_ipaddr_display+set}" = set; then : | ||
18331 | withval=$with_ipaddr_display; | ||
18332 | if test "x$withval" != "xno" ; then | ||
18333 | $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h | ||
18334 | |||
18335 | DISPLAY_HACK_MSG="yes" | ||
18336 | fi | ||
18337 | |||
18338 | |||
18339 | fi | ||
18340 | |||
18341 | fi | ||
18342 | |||
18343 | # check for /etc/default/login and use it if present. | ||
18344 | # Check whether --enable-etc-default-login was given. | ||
18345 | if test "${enable_etc_default_login+set}" = set; then : | ||
18346 | enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then | ||
18347 | { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5 | ||
18348 | $as_echo "$as_me: /etc/default/login handling disabled" >&6;} | ||
18349 | etc_default_login=no | ||
18350 | else | ||
18351 | etc_default_login=yes | ||
18352 | fi | ||
18353 | else | ||
18354 | if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; | ||
18355 | then | ||
18356 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5 | ||
18357 | $as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;} | ||
18358 | etc_default_login=no | ||
18359 | else | ||
18360 | etc_default_login=yes | ||
18361 | fi | ||
18362 | |||
18363 | fi | ||
18364 | |||
18365 | |||
18366 | if test "x$etc_default_login" != "xno"; then | ||
18367 | as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh` | ||
18368 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5 | ||
18369 | $as_echo_n "checking for \"/etc/default/login\"... " >&6; } | ||
18370 | if eval \${$as_ac_File+:} false; then : | ||
18371 | $as_echo_n "(cached) " >&6 | ||
18372 | else | ||
18373 | test "$cross_compiling" = yes && | ||
18374 | as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 | ||
18375 | if test -r ""/etc/default/login""; then | ||
18376 | eval "$as_ac_File=yes" | ||
18377 | else | ||
18378 | eval "$as_ac_File=no" | ||
18379 | fi | ||
18380 | fi | ||
18381 | eval ac_res=\$$as_ac_File | ||
18382 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 | ||
18383 | $as_echo "$ac_res" >&6; } | ||
18384 | if eval test \"x\$"$as_ac_File"\" = x"yes"; then : | ||
18385 | external_path_file=/etc/default/login | ||
18386 | fi | ||
18387 | |||
18388 | if test "x$external_path_file" = "x/etc/default/login"; then | ||
18389 | |||
18390 | $as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h | ||
18391 | |||
18392 | fi | ||
18393 | fi | ||
18394 | |||
18395 | if test $ac_cv_func_login_getcapbool = "yes" && \ | ||
18396 | test $ac_cv_header_login_cap_h = "yes" ; then | ||
18397 | external_path_file=/etc/login.conf | ||
18398 | fi | ||
18399 | |||
18400 | # Whether to mess with the default path | ||
18401 | SERVER_PATH_MSG="(default)" | ||
18402 | |||
18403 | # Check whether --with-default-path was given. | ||
18404 | if test "${with_default_path+set}" = set; then : | ||
18405 | withval=$with_default_path; | ||
18406 | if test "x$external_path_file" = "x/etc/login.conf" ; then | ||
18407 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: | ||
18408 | --with-default-path=PATH has no effect on this system. | ||
18409 | Edit /etc/login.conf instead." >&5 | ||
18410 | $as_echo "$as_me: WARNING: | ||
18411 | --with-default-path=PATH has no effect on this system. | ||
18412 | Edit /etc/login.conf instead." >&2;} | ||
18413 | elif test "x$withval" != "xno" ; then | ||
18414 | if test ! -z "$external_path_file" ; then | ||
18415 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: | ||
18416 | --with-default-path=PATH will only be used if PATH is not defined in | ||
18417 | $external_path_file ." >&5 | ||
18418 | $as_echo "$as_me: WARNING: | ||
18419 | --with-default-path=PATH will only be used if PATH is not defined in | ||
18420 | $external_path_file ." >&2;} | ||
18421 | fi | ||
18422 | user_path="$withval" | ||
18423 | SERVER_PATH_MSG="$withval" | ||
18424 | fi | ||
18425 | |||
18426 | else | ||
18427 | if test "x$external_path_file" = "x/etc/login.conf" ; then | ||
18428 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 | ||
18429 | $as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} | ||
18430 | else | ||
18431 | if test ! -z "$external_path_file" ; then | ||
18432 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: | ||
18433 | If PATH is defined in $external_path_file, ensure the path to scp is included, | ||
18434 | otherwise scp will not work." >&5 | ||
18435 | $as_echo "$as_me: WARNING: | ||
18436 | If PATH is defined in $external_path_file, ensure the path to scp is included, | ||
18437 | otherwise scp will not work." >&2;} | ||
18438 | fi | ||
18439 | if test "$cross_compiling" = yes; then : | ||
18440 | user_path="/usr/bin:/bin:/usr/sbin:/sbin" | ||
18441 | |||
18442 | else | ||
18443 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18444 | /* end confdefs.h. */ | ||
18445 | |||
18446 | /* find out what STDPATH is */ | ||
18447 | #include <stdio.h> | ||
18448 | #ifdef HAVE_PATHS_H | ||
18449 | # include <paths.h> | ||
18450 | #endif | ||
18451 | #ifndef _PATH_STDPATH | ||
18452 | # ifdef _PATH_USERPATH /* Irix */ | ||
18453 | # define _PATH_STDPATH _PATH_USERPATH | ||
18454 | # else | ||
18455 | # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" | ||
18456 | # endif | ||
18457 | #endif | ||
18458 | #include <sys/types.h> | ||
18459 | #include <sys/stat.h> | ||
18460 | #include <fcntl.h> | ||
18461 | #define DATA "conftest.stdpath" | ||
18462 | |||
18463 | int | ||
18464 | main () | ||
18465 | { | ||
18466 | |||
18467 | FILE *fd; | ||
18468 | int rc; | ||
18469 | |||
18470 | fd = fopen(DATA,"w"); | ||
18471 | if(fd == NULL) | ||
18472 | exit(1); | ||
18473 | |||
18474 | if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) | ||
18475 | exit(1); | ||
18476 | |||
18477 | exit(0); | ||
18478 | |||
18479 | ; | ||
18480 | return 0; | ||
18481 | } | ||
18482 | _ACEOF | ||
18483 | if ac_fn_c_try_run "$LINENO"; then : | ||
18484 | user_path=`cat conftest.stdpath` | ||
18485 | else | ||
18486 | user_path="/usr/bin:/bin:/usr/sbin:/sbin" | ||
18487 | fi | ||
18488 | rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ | ||
18489 | conftest.$ac_objext conftest.beam conftest.$ac_ext | ||
18490 | fi | ||
18491 | |||
18492 | # make sure $bindir is in USER_PATH so scp will work | ||
18493 | t_bindir="${bindir}" | ||
18494 | while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do | ||
18495 | t_bindir=`eval echo ${t_bindir}` | ||
18496 | case $t_bindir in | ||
18497 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; | ||
18498 | esac | ||
18499 | case $t_bindir in | ||
18500 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
18501 | esac | ||
18502 | done | ||
18503 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 | ||
18504 | if test $? -ne 0 ; then | ||
18505 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 | ||
18506 | if test $? -ne 0 ; then | ||
18507 | user_path=$user_path:$t_bindir | ||
18508 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5 | ||
18509 | $as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; } | ||
18510 | fi | ||
18511 | fi | ||
18512 | fi | ||
18513 | |||
18514 | fi | ||
18515 | |||
18516 | if test "x$external_path_file" != "x/etc/login.conf" ; then | ||
18517 | |||
18518 | cat >>confdefs.h <<_ACEOF | ||
18519 | #define USER_PATH "$user_path" | ||
18520 | _ACEOF | ||
18521 | |||
18522 | |||
18523 | fi | ||
18524 | |||
18525 | # Set superuser path separately to user path | ||
18526 | |||
18527 | # Check whether --with-superuser-path was given. | ||
18528 | if test "${with_superuser_path+set}" = set; then : | ||
18529 | withval=$with_superuser_path; | ||
18530 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
18531 | test "x${withval}" != "xyes"; then | ||
18532 | |||
18533 | cat >>confdefs.h <<_ACEOF | ||
18534 | #define SUPERUSER_PATH "$withval" | ||
18535 | _ACEOF | ||
18536 | |||
18537 | superuser_path=$withval | ||
18538 | fi | ||
18539 | |||
18540 | |||
18541 | fi | ||
18542 | |||
18543 | |||
18544 | |||
18545 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 | ||
18546 | $as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; } | ||
18547 | IPV4_IN6_HACK_MSG="no" | ||
18548 | |||
18549 | # Check whether --with-4in6 was given. | ||
18550 | if test "${with_4in6+set}" = set; then : | ||
18551 | withval=$with_4in6; | ||
18552 | if test "x$withval" != "xno" ; then | ||
18553 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18554 | $as_echo "yes" >&6; } | ||
18555 | |||
18556 | $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h | ||
18557 | |||
18558 | IPV4_IN6_HACK_MSG="yes" | ||
18559 | else | ||
18560 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18561 | $as_echo "no" >&6; } | ||
18562 | fi | ||
18563 | |||
18564 | else | ||
18565 | |||
18566 | if test "x$inet6_default_4in6" = "xyes"; then | ||
18567 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 | ||
18568 | $as_echo "yes (default)" >&6; } | ||
18569 | $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h | ||
18570 | |||
18571 | IPV4_IN6_HACK_MSG="yes" | ||
18572 | else | ||
18573 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5 | ||
18574 | $as_echo "no (default)" >&6; } | ||
18575 | fi | ||
18576 | |||
18577 | |||
18578 | fi | ||
18579 | |||
18580 | |||
18581 | # Whether to enable BSD auth support | ||
18582 | BSD_AUTH_MSG=no | ||
18583 | |||
18584 | # Check whether --with-bsd-auth was given. | ||
18585 | if test "${with_bsd_auth+set}" = set; then : | ||
18586 | withval=$with_bsd_auth; | ||
18587 | if test "x$withval" != "xno" ; then | ||
18588 | |||
18589 | $as_echo "#define BSD_AUTH 1" >>confdefs.h | ||
18590 | |||
18591 | BSD_AUTH_MSG=yes | ||
18592 | fi | ||
18593 | |||
18594 | |||
18595 | fi | ||
18596 | |||
18597 | |||
18598 | # Where to place sshd.pid | ||
18599 | piddir=/var/run | ||
18600 | # make sure the directory exists | ||
18601 | if test ! -d $piddir ; then | ||
18602 | piddir=`eval echo ${sysconfdir}` | ||
18603 | case $piddir in | ||
18604 | NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
18605 | esac | ||
18606 | fi | ||
18607 | |||
18608 | |||
18609 | # Check whether --with-pid-dir was given. | ||
18610 | if test "${with_pid_dir+set}" = set; then : | ||
18611 | withval=$with_pid_dir; | ||
18612 | if test -n "$withval" && test "x$withval" != "xno" && \ | ||
18613 | test "x${withval}" != "xyes"; then | ||
18614 | piddir=$withval | ||
18615 | if test ! -d $piddir ; then | ||
18616 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5 | ||
18617 | $as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} | ||
18618 | fi | ||
18619 | fi | ||
18620 | |||
18621 | |||
18622 | fi | ||
18623 | |||
18624 | |||
18625 | |||
18626 | cat >>confdefs.h <<_ACEOF | ||
18627 | #define _PATH_SSH_PIDDIR "$piddir" | ||
18628 | _ACEOF | ||
18629 | |||
18630 | |||
18631 | |||
18632 | # Check whether --enable-lastlog was given. | ||
18633 | if test "${enable_lastlog+set}" = set; then : | ||
18634 | enableval=$enable_lastlog; | ||
18635 | if test "x$enableval" = "xno" ; then | ||
18636 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
18637 | |||
18638 | fi | ||
18639 | |||
18640 | |||
18641 | fi | ||
18642 | |||
18643 | # Check whether --enable-utmp was given. | ||
18644 | if test "${enable_utmp+set}" = set; then : | ||
18645 | enableval=$enable_utmp; | ||
18646 | if test "x$enableval" = "xno" ; then | ||
18647 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
18648 | |||
18649 | fi | ||
18650 | |||
18651 | |||
18652 | fi | ||
18653 | |||
18654 | # Check whether --enable-utmpx was given. | ||
18655 | if test "${enable_utmpx+set}" = set; then : | ||
18656 | enableval=$enable_utmpx; | ||
18657 | if test "x$enableval" = "xno" ; then | ||
18658 | |||
18659 | $as_echo "#define DISABLE_UTMPX 1" >>confdefs.h | ||
18660 | |||
18661 | fi | ||
18662 | |||
18663 | |||
18664 | fi | ||
18665 | |||
18666 | # Check whether --enable-wtmp was given. | ||
18667 | if test "${enable_wtmp+set}" = set; then : | ||
18668 | enableval=$enable_wtmp; | ||
18669 | if test "x$enableval" = "xno" ; then | ||
18670 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
18671 | |||
18672 | fi | ||
18673 | |||
18674 | |||
18675 | fi | ||
18676 | |||
18677 | # Check whether --enable-wtmpx was given. | ||
18678 | if test "${enable_wtmpx+set}" = set; then : | ||
18679 | enableval=$enable_wtmpx; | ||
18680 | if test "x$enableval" = "xno" ; then | ||
18681 | |||
18682 | $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | ||
18683 | |||
18684 | fi | ||
18685 | |||
18686 | |||
18687 | fi | ||
18688 | |||
18689 | # Check whether --enable-libutil was given. | ||
18690 | if test "${enable_libutil+set}" = set; then : | ||
18691 | enableval=$enable_libutil; | ||
18692 | if test "x$enableval" = "xno" ; then | ||
18693 | $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h | ||
18694 | |||
18695 | fi | ||
18696 | |||
18697 | |||
18698 | fi | ||
18699 | |||
18700 | # Check whether --enable-pututline was given. | ||
18701 | if test "${enable_pututline+set}" = set; then : | ||
18702 | enableval=$enable_pututline; | ||
18703 | if test "x$enableval" = "xno" ; then | ||
18704 | |||
18705 | $as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h | ||
18706 | |||
18707 | fi | ||
18708 | |||
18709 | |||
18710 | fi | ||
18711 | |||
18712 | # Check whether --enable-pututxline was given. | ||
18713 | if test "${enable_pututxline+set}" = set; then : | ||
18714 | enableval=$enable_pututxline; | ||
18715 | if test "x$enableval" = "xno" ; then | ||
18716 | |||
18717 | $as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h | ||
18718 | |||
18719 | fi | ||
18720 | |||
18721 | |||
18722 | fi | ||
18723 | |||
18724 | |||
18725 | # Check whether --with-lastlog was given. | ||
18726 | if test "${with_lastlog+set}" = set; then : | ||
18727 | withval=$with_lastlog; | ||
18728 | if test "x$withval" = "xno" ; then | ||
18729 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
18730 | |||
18731 | elif test -n "$withval" && test "x${withval}" != "xyes"; then | ||
18732 | conf_lastlog_location=$withval | ||
18733 | fi | ||
18734 | |||
18735 | |||
18736 | fi | ||
18737 | |||
18738 | |||
18739 | |||
18740 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5 | ||
18741 | $as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; } | ||
18742 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18743 | /* end confdefs.h. */ | ||
18744 | |||
18745 | #include <sys/types.h> | ||
18746 | #include <utmp.h> | ||
18747 | #ifdef HAVE_LASTLOG_H | ||
18748 | # include <lastlog.h> | ||
18749 | #endif | ||
18750 | #ifdef HAVE_PATHS_H | ||
18751 | # include <paths.h> | ||
18752 | #endif | ||
18753 | #ifdef HAVE_LOGIN_H | ||
18754 | # include <login.h> | ||
18755 | #endif | ||
18756 | |||
18757 | int | ||
18758 | main () | ||
18759 | { | ||
18760 | char *lastlog = LASTLOG_FILE; | ||
18761 | ; | ||
18762 | return 0; | ||
18763 | } | ||
18764 | _ACEOF | ||
18765 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18766 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18767 | $as_echo "yes" >&6; } | ||
18768 | else | ||
18769 | |||
18770 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18771 | $as_echo "no" >&6; } | ||
18772 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5 | ||
18773 | $as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; } | ||
18774 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18775 | /* end confdefs.h. */ | ||
18776 | |||
18777 | #include <sys/types.h> | ||
18778 | #include <utmp.h> | ||
18779 | #ifdef HAVE_LASTLOG_H | ||
18780 | # include <lastlog.h> | ||
18781 | #endif | ||
18782 | #ifdef HAVE_PATHS_H | ||
18783 | # include <paths.h> | ||
18784 | #endif | ||
18785 | |||
18786 | int | ||
18787 | main () | ||
18788 | { | ||
18789 | char *lastlog = _PATH_LASTLOG; | ||
18790 | ; | ||
18791 | return 0; | ||
18792 | } | ||
18793 | _ACEOF | ||
18794 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18795 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18796 | $as_echo "yes" >&6; } | ||
18797 | else | ||
18798 | |||
18799 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18800 | $as_echo "no" >&6; } | ||
18801 | system_lastlog_path=no | ||
18802 | |||
18803 | fi | ||
18804 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18805 | |||
18806 | fi | ||
18807 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18808 | |||
18809 | if test -z "$conf_lastlog_location"; then | ||
18810 | if test x"$system_lastlog_path" = x"no" ; then | ||
18811 | for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do | ||
18812 | if (test -d "$f" || test -f "$f") ; then | ||
18813 | conf_lastlog_location=$f | ||
18814 | fi | ||
18815 | done | ||
18816 | if test -z "$conf_lastlog_location"; then | ||
18817 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5 | ||
18818 | $as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} | ||
18819 | fi | ||
18820 | fi | ||
18821 | fi | ||
18822 | |||
18823 | if test -n "$conf_lastlog_location"; then | ||
18824 | |||
18825 | cat >>confdefs.h <<_ACEOF | ||
18826 | #define CONF_LASTLOG_FILE "$conf_lastlog_location" | ||
18827 | _ACEOF | ||
18828 | |||
18829 | fi | ||
18830 | |||
18831 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5 | ||
18832 | $as_echo_n "checking if your system defines UTMP_FILE... " >&6; } | ||
18833 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18834 | /* end confdefs.h. */ | ||
18835 | |||
18836 | #include <sys/types.h> | ||
18837 | #include <utmp.h> | ||
18838 | #ifdef HAVE_PATHS_H | ||
18839 | # include <paths.h> | ||
18840 | #endif | ||
18841 | |||
18842 | int | ||
18843 | main () | ||
18844 | { | ||
18845 | char *utmp = UTMP_FILE; | ||
18846 | ; | ||
18847 | return 0; | ||
18848 | } | ||
18849 | _ACEOF | ||
18850 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18851 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18852 | $as_echo "yes" >&6; } | ||
18853 | else | ||
18854 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18855 | $as_echo "no" >&6; } | ||
18856 | system_utmp_path=no | ||
18857 | |||
18858 | fi | ||
18859 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18860 | if test -z "$conf_utmp_location"; then | ||
18861 | if test x"$system_utmp_path" = x"no" ; then | ||
18862 | for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do | ||
18863 | if test -f $f ; then | ||
18864 | conf_utmp_location=$f | ||
18865 | fi | ||
18866 | done | ||
18867 | if test -z "$conf_utmp_location"; then | ||
18868 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
18869 | |||
18870 | fi | ||
18871 | fi | ||
18872 | fi | ||
18873 | if test -n "$conf_utmp_location"; then | ||
18874 | |||
18875 | cat >>confdefs.h <<_ACEOF | ||
18876 | #define CONF_UTMP_FILE "$conf_utmp_location" | ||
18877 | _ACEOF | ||
18878 | |||
18879 | fi | ||
18880 | |||
18881 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5 | ||
18882 | $as_echo_n "checking if your system defines WTMP_FILE... " >&6; } | ||
18883 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18884 | /* end confdefs.h. */ | ||
18885 | |||
18886 | #include <sys/types.h> | ||
18887 | #include <utmp.h> | ||
18888 | #ifdef HAVE_PATHS_H | ||
18889 | # include <paths.h> | ||
18890 | #endif | ||
18891 | |||
18892 | int | ||
18893 | main () | ||
18894 | { | ||
18895 | char *wtmp = WTMP_FILE; | ||
18896 | ; | ||
18897 | return 0; | ||
18898 | } | ||
18899 | _ACEOF | ||
18900 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18901 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18902 | $as_echo "yes" >&6; } | ||
18903 | else | ||
18904 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18905 | $as_echo "no" >&6; } | ||
18906 | system_wtmp_path=no | ||
18907 | |||
18908 | fi | ||
18909 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18910 | if test -z "$conf_wtmp_location"; then | ||
18911 | if test x"$system_wtmp_path" = x"no" ; then | ||
18912 | for f in /usr/adm/wtmp /var/log/wtmp; do | ||
18913 | if test -f $f ; then | ||
18914 | conf_wtmp_location=$f | ||
18915 | fi | ||
18916 | done | ||
18917 | if test -z "$conf_wtmp_location"; then | ||
18918 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
18919 | |||
18920 | fi | ||
18921 | fi | ||
18922 | fi | ||
18923 | if test -n "$conf_wtmp_location"; then | ||
18924 | |||
18925 | cat >>confdefs.h <<_ACEOF | ||
18926 | #define CONF_WTMP_FILE "$conf_wtmp_location" | ||
18927 | _ACEOF | ||
18928 | |||
18929 | fi | ||
18930 | |||
18931 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5 | ||
18932 | $as_echo_n "checking if your system defines WTMPX_FILE... " >&6; } | ||
18933 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
18934 | /* end confdefs.h. */ | ||
18935 | |||
18936 | #include <sys/types.h> | ||
18937 | #include <utmp.h> | ||
18938 | #ifdef HAVE_UTMPX_H | ||
18939 | #include <utmpx.h> | ||
18940 | #endif | ||
18941 | #ifdef HAVE_PATHS_H | ||
18942 | # include <paths.h> | ||
18943 | #endif | ||
18944 | |||
18945 | int | ||
18946 | main () | ||
18947 | { | ||
18948 | char *wtmpx = WTMPX_FILE; | ||
18949 | ; | ||
18950 | return 0; | ||
18951 | } | ||
18952 | _ACEOF | ||
18953 | if ac_fn_c_try_compile "$LINENO"; then : | ||
18954 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
18955 | $as_echo "yes" >&6; } | ||
18956 | else | ||
18957 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
18958 | $as_echo "no" >&6; } | ||
18959 | system_wtmpx_path=no | ||
18960 | |||
18961 | fi | ||
18962 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
18963 | if test -z "$conf_wtmpx_location"; then | ||
18964 | if test x"$system_wtmpx_path" = x"no" ; then | ||
18965 | $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | ||
18966 | |||
18967 | fi | ||
18968 | else | ||
18969 | |||
18970 | cat >>confdefs.h <<_ACEOF | ||
18971 | #define CONF_WTMPX_FILE "$conf_wtmpx_location" | ||
18972 | _ACEOF | ||
18973 | |||
18974 | fi | ||
18975 | |||
18976 | |||
18977 | if test ! -z "$blibpath" ; then | ||
18978 | LDFLAGS="$LDFLAGS $blibflags$blibpath" | ||
18979 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 | ||
18980 | $as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} | ||
18981 | fi | ||
18982 | |||
18983 | ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" " | ||
18984 | #ifdef HAVE_SYS_TYPES_H | ||
18985 | #include <sys/types.h> | ||
18986 | #endif | ||
18987 | #ifdef HAVE_UTMP_H | ||
18988 | #include <utmp.h> | ||
18989 | #endif | ||
18990 | #ifdef HAVE_UTMPX_H | ||
18991 | #include <utmpx.h> | ||
18992 | #endif | ||
18993 | #ifdef HAVE_LASTLOG_H | ||
18994 | #include <lastlog.h> | ||
18995 | #endif | ||
18996 | |||
18997 | " | ||
18998 | if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then : | ||
18999 | |||
19000 | else | ||
19001 | |||
19002 | if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then | ||
19003 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | ||
19004 | |||
19005 | fi | ||
19006 | |||
19007 | fi | ||
19008 | |||
19009 | |||
19010 | ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" " | ||
19011 | #ifdef HAVE_SYS_TYPES_H | ||
19012 | #include <sys/types.h> | ||
19013 | #endif | ||
19014 | #ifdef HAVE_UTMP_H | ||
19015 | #include <utmp.h> | ||
19016 | #endif | ||
19017 | #ifdef HAVE_UTMPX_H | ||
19018 | #include <utmpx.h> | ||
19019 | #endif | ||
19020 | #ifdef HAVE_LASTLOG_H | ||
19021 | #include <lastlog.h> | ||
19022 | #endif | ||
19023 | |||
19024 | " | ||
19025 | if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then : | ||
19026 | |||
19027 | else | ||
19028 | |||
19029 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
19030 | |||
19031 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
19032 | |||
19033 | |||
19034 | fi | ||
19035 | |||
19036 | |||
19037 | CFLAGS="$CFLAGS $werror_flags" | ||
19038 | |||
19039 | if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then | ||
19040 | TEST_SSH_IPV6=no | ||
19041 | else | ||
19042 | TEST_SSH_IPV6=yes | ||
19043 | fi | ||
19044 | ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default" | ||
19045 | if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then : | ||
19046 | TEST_SSH_IPV6=no | ||
19047 | fi | ||
19048 | |||
19049 | TEST_SSH_IPV6=$TEST_SSH_IPV6 | ||
19050 | |||
19051 | TEST_SSH_UTF8=$TEST_SSH_UTF8 | ||
19052 | |||
19053 | TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS | ||
19054 | |||
19055 | UNSUPPORTED_ALGORITHMS=$unsupported_algorithms | ||
19056 | |||
19057 | |||
19058 | |||
19059 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" | ||
19060 | |||
19061 | cat >confcache <<\_ACEOF | ||
19062 | # This file is a shell script that caches the results of configure | ||
19063 | # tests run on this system so they can be shared between configure | ||
19064 | # scripts and configure runs, see configure's option --config-cache. | ||
19065 | # It is not useful on other systems. If it contains results you don't | ||
19066 | # want to keep, you may remove or edit it. | ||
19067 | # | ||
19068 | # config.status only pays attention to the cache file if you give it | ||
19069 | # the --recheck option to rerun configure. | ||
19070 | # | ||
19071 | # `ac_cv_env_foo' variables (set or unset) will be overridden when | ||
19072 | # loading this file, other *unset* `ac_cv_foo' will be assigned the | ||
19073 | # following values. | ||
19074 | |||
19075 | _ACEOF | ||
19076 | |||
19077 | # The following way of writing the cache mishandles newlines in values, | ||
19078 | # but we know of no workaround that is simple, portable, and efficient. | ||
19079 | # So, we kill variables containing newlines. | ||
19080 | # Ultrix sh set writes to stderr and can't be redirected directly, | ||
19081 | # and sets the high bit in the cache file unless we assign to the vars. | ||
19082 | ( | ||
19083 | for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do | ||
19084 | eval ac_val=\$$ac_var | ||
19085 | case $ac_val in #( | ||
19086 | *${as_nl}*) | ||
19087 | case $ac_var in #( | ||
19088 | *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 | ||
19089 | $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; | ||
19090 | esac | ||
19091 | case $ac_var in #( | ||
19092 | _ | IFS | as_nl) ;; #( | ||
19093 | BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( | ||
19094 | *) { eval $ac_var=; unset $ac_var;} ;; | ||
19095 | esac ;; | ||
19096 | esac | ||
19097 | done | ||
19098 | |||
19099 | (set) 2>&1 | | ||
19100 | case $as_nl`(ac_space=' '; set) 2>&1` in #( | ||
19101 | *${as_nl}ac_space=\ *) | ||
19102 | # `set' does not quote correctly, so add quotes: double-quote | ||
19103 | # substitution turns \\\\ into \\, and sed turns \\ into \. | ||
19104 | sed -n \ | ||
19105 | "s/'/'\\\\''/g; | ||
19106 | s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" | ||
19107 | ;; #( | ||
19108 | *) | ||
19109 | # `set' quotes correctly as required by POSIX, so do not add quotes. | ||
19110 | sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" | ||
19111 | ;; | ||
19112 | esac | | ||
19113 | sort | ||
19114 | ) | | ||
19115 | sed ' | ||
19116 | /^ac_cv_env_/b end | ||
19117 | t clear | ||
19118 | :clear | ||
19119 | s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ | ||
19120 | t end | ||
19121 | s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ | ||
19122 | :end' >>confcache | ||
19123 | if diff "$cache_file" confcache >/dev/null 2>&1; then :; else | ||
19124 | if test -w "$cache_file"; then | ||
19125 | if test "x$cache_file" != "x/dev/null"; then | ||
19126 | { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 | ||
19127 | $as_echo "$as_me: updating cache $cache_file" >&6;} | ||
19128 | if test ! -f "$cache_file" || test -h "$cache_file"; then | ||
19129 | cat confcache >"$cache_file" | ||
19130 | else | ||
19131 | case $cache_file in #( | ||
19132 | */* | ?:*) | ||
19133 | mv -f confcache "$cache_file"$$ && | ||
19134 | mv -f "$cache_file"$$ "$cache_file" ;; #( | ||
19135 | *) | ||
19136 | mv -f confcache "$cache_file" ;; | ||
19137 | esac | ||
19138 | fi | ||
19139 | fi | ||
19140 | else | ||
19141 | { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 | ||
19142 | $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} | ||
19143 | fi | ||
19144 | fi | ||
19145 | rm -f confcache | ||
19146 | |||
19147 | test "x$prefix" = xNONE && prefix=$ac_default_prefix | ||
19148 | # Let make expand exec_prefix. | ||
19149 | test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' | ||
19150 | |||
19151 | DEFS=-DHAVE_CONFIG_H | ||
19152 | |||
19153 | ac_libobjs= | ||
19154 | ac_ltlibobjs= | ||
19155 | U= | ||
19156 | for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue | ||
19157 | # 1. Remove the extension, and $U if already installed. | ||
19158 | ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' | ||
19159 | ac_i=`$as_echo "$ac_i" | sed "$ac_script"` | ||
19160 | # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR | ||
19161 | # will be set to the directory where LIBOBJS objects are built. | ||
19162 | as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" | ||
19163 | as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' | ||
19164 | done | ||
19165 | LIBOBJS=$ac_libobjs | ||
19166 | |||
19167 | LTLIBOBJS=$ac_ltlibobjs | ||
19168 | |||
19169 | |||
19170 | |||
19171 | |||
19172 | : "${CONFIG_STATUS=./config.status}" | ||
19173 | ac_write_fail=0 | ||
19174 | ac_clean_files_save=$ac_clean_files | ||
19175 | ac_clean_files="$ac_clean_files $CONFIG_STATUS" | ||
19176 | { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 | ||
19177 | $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} | ||
19178 | as_write_fail=0 | ||
19179 | cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 | ||
19180 | #! $SHELL | ||
19181 | # Generated by $as_me. | ||
19182 | # Run this file to recreate the current configuration. | ||
19183 | # Compiler output produced by configure, useful for debugging | ||
19184 | # configure, is in config.log if it exists. | ||
19185 | |||
19186 | debug=false | ||
19187 | ac_cs_recheck=false | ||
19188 | ac_cs_silent=false | ||
19189 | |||
19190 | SHELL=\${CONFIG_SHELL-$SHELL} | ||
19191 | export SHELL | ||
19192 | _ASEOF | ||
19193 | cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 | ||
19194 | ## -------------------- ## | ||
19195 | ## M4sh Initialization. ## | ||
19196 | ## -------------------- ## | ||
19197 | |||
19198 | # Be more Bourne compatible | ||
19199 | DUALCASE=1; export DUALCASE # for MKS sh | ||
19200 | if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : | ||
19201 | emulate sh | ||
19202 | NULLCMD=: | ||
19203 | # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which | ||
19204 | # is contrary to our usage. Disable this feature. | ||
19205 | alias -g '${1+"$@"}'='"$@"' | ||
19206 | setopt NO_GLOB_SUBST | ||
19207 | else | ||
19208 | case `(set -o) 2>/dev/null` in #( | ||
19209 | *posix*) : | ||
19210 | set -o posix ;; #( | ||
19211 | *) : | ||
19212 | ;; | ||
19213 | esac | ||
19214 | fi | ||
19215 | |||
19216 | |||
19217 | as_nl=' | ||
19218 | ' | ||
19219 | export as_nl | ||
19220 | # Printing a long string crashes Solaris 7 /usr/bin/printf. | ||
19221 | as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' | ||
19222 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo | ||
19223 | as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo | ||
19224 | # Prefer a ksh shell builtin over an external printf program on Solaris, | ||
19225 | # but without wasting forks for bash or zsh. | ||
19226 | if test -z "$BASH_VERSION$ZSH_VERSION" \ | ||
19227 | && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
19228 | as_echo='print -r --' | ||
19229 | as_echo_n='print -rn --' | ||
19230 | elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then | ||
19231 | as_echo='printf %s\n' | ||
19232 | as_echo_n='printf %s' | ||
19233 | else | ||
19234 | if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then | ||
19235 | as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' | ||
19236 | as_echo_n='/usr/ucb/echo -n' | ||
19237 | else | ||
19238 | as_echo_body='eval expr "X$1" : "X\\(.*\\)"' | ||
19239 | as_echo_n_body='eval | ||
19240 | arg=$1; | ||
19241 | case $arg in #( | ||
19242 | *"$as_nl"*) | ||
19243 | expr "X$arg" : "X\\(.*\\)$as_nl"; | ||
19244 | arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; | ||
19245 | esac; | ||
19246 | expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" | ||
19247 | ' | ||
19248 | export as_echo_n_body | ||
19249 | as_echo_n='sh -c $as_echo_n_body as_echo' | ||
19250 | fi | ||
19251 | export as_echo_body | ||
19252 | as_echo='sh -c $as_echo_body as_echo' | ||
19253 | fi | ||
19254 | |||
19255 | # The user is always right. | ||
19256 | if test "${PATH_SEPARATOR+set}" != set; then | ||
19257 | PATH_SEPARATOR=: | ||
19258 | (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { | ||
19259 | (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || | ||
19260 | PATH_SEPARATOR=';' | ||
19261 | } | ||
19262 | fi | ||
19263 | |||
19264 | |||
19265 | # IFS | ||
19266 | # We need space, tab and new line, in precisely that order. Quoting is | ||
19267 | # there to prevent editors from complaining about space-tab. | ||
19268 | # (If _AS_PATH_WALK were called with IFS unset, it would disable word | ||
19269 | # splitting by setting IFS to empty value.) | ||
19270 | IFS=" "" $as_nl" | ||
19271 | |||
19272 | # Find who we are. Look in the path if we contain no directory separator. | ||
19273 | as_myself= | ||
19274 | case $0 in #(( | ||
19275 | *[\\/]* ) as_myself=$0 ;; | ||
19276 | *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
19277 | for as_dir in $PATH | ||
19278 | do | ||
19279 | IFS=$as_save_IFS | ||
19280 | test -z "$as_dir" && as_dir=. | ||
19281 | test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break | ||
19282 | done | ||
19283 | IFS=$as_save_IFS | ||
19284 | |||
19285 | ;; | ||
19286 | esac | ||
19287 | # We did not find ourselves, most probably we were run as `sh COMMAND' | ||
19288 | # in which case we are not to be found in the path. | ||
19289 | if test "x$as_myself" = x; then | ||
19290 | as_myself=$0 | ||
19291 | fi | ||
19292 | if test ! -f "$as_myself"; then | ||
19293 | $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 | ||
19294 | exit 1 | ||
19295 | fi | ||
19296 | |||
19297 | # Unset variables that we do not need and which cause bugs (e.g. in | ||
19298 | # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" | ||
19299 | # suppresses any "Segmentation fault" message there. '((' could | ||
19300 | # trigger a bug in pdksh 5.2.14. | ||
19301 | for as_var in BASH_ENV ENV MAIL MAILPATH | ||
19302 | do eval test x\${$as_var+set} = xset \ | ||
19303 | && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : | ||
19304 | done | ||
19305 | PS1='$ ' | ||
19306 | PS2='> ' | ||
19307 | PS4='+ ' | ||
19308 | |||
19309 | # NLS nuisances. | ||
19310 | LC_ALL=C | ||
19311 | export LC_ALL | ||
19312 | LANGUAGE=C | ||
19313 | export LANGUAGE | ||
19314 | |||
19315 | # CDPATH. | ||
19316 | (unset CDPATH) >/dev/null 2>&1 && unset CDPATH | ||
19317 | |||
19318 | |||
19319 | # as_fn_error STATUS ERROR [LINENO LOG_FD] | ||
19320 | # ---------------------------------------- | ||
19321 | # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are | ||
19322 | # provided, also output the error to LOG_FD, referencing LINENO. Then exit the | ||
19323 | # script with STATUS, using 1 if that was 0. | ||
19324 | as_fn_error () | ||
19325 | { | ||
19326 | as_status=$1; test $as_status -eq 0 && as_status=1 | ||
19327 | if test "$4"; then | ||
19328 | as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack | ||
19329 | $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 | ||
19330 | fi | ||
19331 | $as_echo "$as_me: error: $2" >&2 | ||
19332 | as_fn_exit $as_status | ||
19333 | } # as_fn_error | ||
19334 | |||
19335 | |||
19336 | # as_fn_set_status STATUS | ||
19337 | # ----------------------- | ||
19338 | # Set $? to STATUS, without forking. | ||
19339 | as_fn_set_status () | ||
19340 | { | ||
19341 | return $1 | ||
19342 | } # as_fn_set_status | ||
19343 | |||
19344 | # as_fn_exit STATUS | ||
19345 | # ----------------- | ||
19346 | # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. | ||
19347 | as_fn_exit () | ||
19348 | { | ||
19349 | set +e | ||
19350 | as_fn_set_status $1 | ||
19351 | exit $1 | ||
19352 | } # as_fn_exit | ||
19353 | |||
19354 | # as_fn_unset VAR | ||
19355 | # --------------- | ||
19356 | # Portably unset VAR. | ||
19357 | as_fn_unset () | ||
19358 | { | ||
19359 | { eval $1=; unset $1;} | ||
19360 | } | ||
19361 | as_unset=as_fn_unset | ||
19362 | # as_fn_append VAR VALUE | ||
19363 | # ---------------------- | ||
19364 | # Append the text in VALUE to the end of the definition contained in VAR. Take | ||
19365 | # advantage of any shell optimizations that allow amortized linear growth over | ||
19366 | # repeated appends, instead of the typical quadratic growth present in naive | ||
19367 | # implementations. | ||
19368 | if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : | ||
19369 | eval 'as_fn_append () | ||
19370 | { | ||
19371 | eval $1+=\$2 | ||
19372 | }' | ||
19373 | else | ||
19374 | as_fn_append () | ||
19375 | { | ||
19376 | eval $1=\$$1\$2 | ||
19377 | } | ||
19378 | fi # as_fn_append | ||
19379 | |||
19380 | # as_fn_arith ARG... | ||
19381 | # ------------------ | ||
19382 | # Perform arithmetic evaluation on the ARGs, and store the result in the | ||
19383 | # global $as_val. Take advantage of shells that can avoid forks. The arguments | ||
19384 | # must be portable across $(()) and expr. | ||
19385 | if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : | ||
19386 | eval 'as_fn_arith () | ||
19387 | { | ||
19388 | as_val=$(( $* )) | ||
19389 | }' | ||
19390 | else | ||
19391 | as_fn_arith () | ||
19392 | { | ||
19393 | as_val=`expr "$@" || test $? -eq 1` | ||
19394 | } | ||
19395 | fi # as_fn_arith | ||
19396 | |||
19397 | |||
19398 | if expr a : '\(a\)' >/dev/null 2>&1 && | ||
19399 | test "X`expr 00001 : '.*\(...\)'`" = X001; then | ||
19400 | as_expr=expr | ||
19401 | else | ||
19402 | as_expr=false | ||
19403 | fi | ||
19404 | |||
19405 | if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then | ||
19406 | as_basename=basename | ||
19407 | else | ||
19408 | as_basename=false | ||
19409 | fi | ||
19410 | |||
19411 | if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then | ||
19412 | as_dirname=dirname | ||
19413 | else | ||
19414 | as_dirname=false | ||
19415 | fi | ||
19416 | |||
19417 | as_me=`$as_basename -- "$0" || | ||
19418 | $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ | ||
19419 | X"$0" : 'X\(//\)$' \| \ | ||
19420 | X"$0" : 'X\(/\)' \| . 2>/dev/null || | ||
19421 | $as_echo X/"$0" | | ||
19422 | sed '/^.*\/\([^/][^/]*\)\/*$/{ | ||
19423 | s//\1/ | ||
19424 | q | ||
19425 | } | ||
19426 | /^X\/\(\/\/\)$/{ | ||
19427 | s//\1/ | ||
19428 | q | ||
19429 | } | ||
19430 | /^X\/\(\/\).*/{ | ||
19431 | s//\1/ | ||
19432 | q | ||
19433 | } | ||
19434 | s/.*/./; q'` | ||
19435 | |||
19436 | # Avoid depending upon Character Ranges. | ||
19437 | as_cr_letters='abcdefghijklmnopqrstuvwxyz' | ||
19438 | as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' | ||
19439 | as_cr_Letters=$as_cr_letters$as_cr_LETTERS | ||
19440 | as_cr_digits='0123456789' | ||
19441 | as_cr_alnum=$as_cr_Letters$as_cr_digits | ||
19442 | |||
19443 | ECHO_C= ECHO_N= ECHO_T= | ||
19444 | case `echo -n x` in #((((( | ||
19445 | -n*) | ||
19446 | case `echo 'xy\c'` in | ||
19447 | *c*) ECHO_T=' ';; # ECHO_T is single tab character. | ||
19448 | xy) ECHO_C='\c';; | ||
19449 | *) echo `echo ksh88 bug on AIX 6.1` > /dev/null | ||
19450 | ECHO_T=' ';; | ||
19451 | esac;; | ||
19452 | *) | ||
19453 | ECHO_N='-n';; | ||
19454 | esac | ||
19455 | |||
19456 | rm -f conf$$ conf$$.exe conf$$.file | ||
19457 | if test -d conf$$.dir; then | ||
19458 | rm -f conf$$.dir/conf$$.file | ||
19459 | else | ||
19460 | rm -f conf$$.dir | ||
19461 | mkdir conf$$.dir 2>/dev/null | ||
19462 | fi | ||
19463 | if (echo >conf$$.file) 2>/dev/null; then | ||
19464 | if ln -s conf$$.file conf$$ 2>/dev/null; then | ||
19465 | as_ln_s='ln -s' | ||
19466 | # ... but there are two gotchas: | ||
19467 | # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. | ||
19468 | # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. | ||
19469 | # In both cases, we have to default to `cp -pR'. | ||
19470 | ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || | ||
19471 | as_ln_s='cp -pR' | ||
19472 | elif ln conf$$.file conf$$ 2>/dev/null; then | ||
19473 | as_ln_s=ln | ||
19474 | else | ||
19475 | as_ln_s='cp -pR' | ||
19476 | fi | ||
19477 | else | ||
19478 | as_ln_s='cp -pR' | ||
19479 | fi | ||
19480 | rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file | ||
19481 | rmdir conf$$.dir 2>/dev/null | ||
19482 | |||
19483 | |||
19484 | # as_fn_mkdir_p | ||
19485 | # ------------- | ||
19486 | # Create "$as_dir" as a directory, including parents if necessary. | ||
19487 | as_fn_mkdir_p () | ||
19488 | { | ||
19489 | |||
19490 | case $as_dir in #( | ||
19491 | -*) as_dir=./$as_dir;; | ||
19492 | esac | ||
19493 | test -d "$as_dir" || eval $as_mkdir_p || { | ||
19494 | as_dirs= | ||
19495 | while :; do | ||
19496 | case $as_dir in #( | ||
19497 | *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( | ||
19498 | *) as_qdir=$as_dir;; | ||
19499 | esac | ||
19500 | as_dirs="'$as_qdir' $as_dirs" | ||
19501 | as_dir=`$as_dirname -- "$as_dir" || | ||
19502 | $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
19503 | X"$as_dir" : 'X\(//\)[^/]' \| \ | ||
19504 | X"$as_dir" : 'X\(//\)$' \| \ | ||
19505 | X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || | ||
19506 | $as_echo X"$as_dir" | | ||
19507 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
19508 | s//\1/ | ||
19509 | q | ||
19510 | } | ||
19511 | /^X\(\/\/\)[^/].*/{ | ||
19512 | s//\1/ | ||
19513 | q | ||
19514 | } | ||
19515 | /^X\(\/\/\)$/{ | ||
19516 | s//\1/ | ||
19517 | q | ||
19518 | } | ||
19519 | /^X\(\/\).*/{ | ||
19520 | s//\1/ | ||
19521 | q | ||
19522 | } | ||
19523 | s/.*/./; q'` | ||
19524 | test -d "$as_dir" && break | ||
19525 | done | ||
19526 | test -z "$as_dirs" || eval "mkdir $as_dirs" | ||
19527 | } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" | ||
19528 | |||
19529 | |||
19530 | } # as_fn_mkdir_p | ||
19531 | if mkdir -p . 2>/dev/null; then | ||
19532 | as_mkdir_p='mkdir -p "$as_dir"' | ||
19533 | else | ||
19534 | test -d ./-p && rmdir ./-p | ||
19535 | as_mkdir_p=false | ||
19536 | fi | ||
19537 | |||
19538 | |||
19539 | # as_fn_executable_p FILE | ||
19540 | # ----------------------- | ||
19541 | # Test if FILE is an executable regular file. | ||
19542 | as_fn_executable_p () | ||
19543 | { | ||
19544 | test -f "$1" && test -x "$1" | ||
19545 | } # as_fn_executable_p | ||
19546 | as_test_x='test -x' | ||
19547 | as_executable_p=as_fn_executable_p | ||
19548 | |||
19549 | # Sed expression to map a string onto a valid CPP name. | ||
19550 | as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" | ||
19551 | |||
19552 | # Sed expression to map a string onto a valid variable name. | ||
19553 | as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" | ||
19554 | |||
19555 | |||
19556 | exec 6>&1 | ||
19557 | ## ----------------------------------- ## | ||
19558 | ## Main body of $CONFIG_STATUS script. ## | ||
19559 | ## ----------------------------------- ## | ||
19560 | _ASEOF | ||
19561 | test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 | ||
19562 | |||
19563 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19564 | # Save the log message, to keep $0 and so on meaningful, and to | ||
19565 | # report actual input values of CONFIG_FILES etc. instead of their | ||
19566 | # values after options handling. | ||
19567 | ac_log=" | ||
19568 | This file was extended by OpenSSH $as_me Portable, which was | ||
19569 | generated by GNU Autoconf 2.69. Invocation command line was | ||
19570 | |||
19571 | CONFIG_FILES = $CONFIG_FILES | ||
19572 | CONFIG_HEADERS = $CONFIG_HEADERS | ||
19573 | CONFIG_LINKS = $CONFIG_LINKS | ||
19574 | CONFIG_COMMANDS = $CONFIG_COMMANDS | ||
19575 | $ $0 $@ | ||
19576 | |||
19577 | on `(hostname || uname -n) 2>/dev/null | sed 1q` | ||
19578 | " | ||
19579 | |||
19580 | _ACEOF | ||
19581 | |||
19582 | case $ac_config_files in *" | ||
19583 | "*) set x $ac_config_files; shift; ac_config_files=$*;; | ||
19584 | esac | ||
19585 | |||
19586 | case $ac_config_headers in *" | ||
19587 | "*) set x $ac_config_headers; shift; ac_config_headers=$*;; | ||
19588 | esac | ||
19589 | |||
19590 | |||
19591 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19592 | # Files that config.status was made for. | ||
19593 | config_files="$ac_config_files" | ||
19594 | config_headers="$ac_config_headers" | ||
19595 | |||
19596 | _ACEOF | ||
19597 | |||
19598 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19599 | ac_cs_usage="\ | ||
19600 | \`$as_me' instantiates files and other configuration actions | ||
19601 | from templates according to the current configuration. Unless the files | ||
19602 | and actions are specified as TAGs, all are instantiated by default. | ||
19603 | |||
19604 | Usage: $0 [OPTION]... [TAG]... | ||
19605 | |||
19606 | -h, --help print this help, then exit | ||
19607 | -V, --version print version number and configuration settings, then exit | ||
19608 | --config print configuration, then exit | ||
19609 | -q, --quiet, --silent | ||
19610 | do not print progress messages | ||
19611 | -d, --debug don't remove temporary files | ||
19612 | --recheck update $as_me by reconfiguring in the same conditions | ||
19613 | --file=FILE[:TEMPLATE] | ||
19614 | instantiate the configuration file FILE | ||
19615 | --header=FILE[:TEMPLATE] | ||
19616 | instantiate the configuration header FILE | ||
19617 | |||
19618 | Configuration files: | ||
19619 | $config_files | ||
19620 | |||
19621 | Configuration headers: | ||
19622 | $config_headers | ||
19623 | |||
19624 | Report bugs to <openssh-unix-dev@mindrot.org>." | ||
19625 | |||
19626 | _ACEOF | ||
19627 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19628 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | ||
19629 | ac_cs_version="\\ | ||
19630 | OpenSSH config.status Portable | ||
19631 | configured by $0, generated by GNU Autoconf 2.69, | ||
19632 | with options \\"\$ac_cs_config\\" | ||
19633 | |||
19634 | Copyright (C) 2012 Free Software Foundation, Inc. | ||
19635 | This config.status script is free software; the Free Software Foundation | ||
19636 | gives unlimited permission to copy, distribute and modify it." | ||
19637 | |||
19638 | ac_pwd='$ac_pwd' | ||
19639 | srcdir='$srcdir' | ||
19640 | INSTALL='$INSTALL' | ||
19641 | AWK='$AWK' | ||
19642 | test -n "\$AWK" || AWK=awk | ||
19643 | _ACEOF | ||
19644 | |||
19645 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19646 | # The default lists apply if the user does not specify any file. | ||
19647 | ac_need_defaults=: | ||
19648 | while test $# != 0 | ||
19649 | do | ||
19650 | case $1 in | ||
19651 | --*=?*) | ||
19652 | ac_option=`expr "X$1" : 'X\([^=]*\)='` | ||
19653 | ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` | ||
19654 | ac_shift=: | ||
19655 | ;; | ||
19656 | --*=) | ||
19657 | ac_option=`expr "X$1" : 'X\([^=]*\)='` | ||
19658 | ac_optarg= | ||
19659 | ac_shift=: | ||
19660 | ;; | ||
19661 | *) | ||
19662 | ac_option=$1 | ||
19663 | ac_optarg=$2 | ||
19664 | ac_shift=shift | ||
19665 | ;; | ||
19666 | esac | ||
19667 | |||
19668 | case $ac_option in | ||
19669 | # Handling of the options. | ||
19670 | -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) | ||
19671 | ac_cs_recheck=: ;; | ||
19672 | --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) | ||
19673 | $as_echo "$ac_cs_version"; exit ;; | ||
19674 | --config | --confi | --conf | --con | --co | --c ) | ||
19675 | $as_echo "$ac_cs_config"; exit ;; | ||
19676 | --debug | --debu | --deb | --de | --d | -d ) | ||
19677 | debug=: ;; | ||
19678 | --file | --fil | --fi | --f ) | ||
19679 | $ac_shift | ||
19680 | case $ac_optarg in | ||
19681 | *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
19682 | '') as_fn_error $? "missing file argument" ;; | ||
19683 | esac | ||
19684 | as_fn_append CONFIG_FILES " '$ac_optarg'" | ||
19685 | ac_need_defaults=false;; | ||
19686 | --header | --heade | --head | --hea ) | ||
19687 | $ac_shift | ||
19688 | case $ac_optarg in | ||
19689 | *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; | ||
19690 | esac | ||
19691 | as_fn_append CONFIG_HEADERS " '$ac_optarg'" | ||
19692 | ac_need_defaults=false;; | ||
19693 | --he | --h) | ||
19694 | # Conflict between --help and --header | ||
19695 | as_fn_error $? "ambiguous option: \`$1' | ||
19696 | Try \`$0 --help' for more information.";; | ||
19697 | --help | --hel | -h ) | ||
19698 | $as_echo "$ac_cs_usage"; exit ;; | ||
19699 | -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | ||
19700 | | -silent | --silent | --silen | --sile | --sil | --si | --s) | ||
19701 | ac_cs_silent=: ;; | ||
19702 | |||
19703 | # This is an error. | ||
19704 | -*) as_fn_error $? "unrecognized option: \`$1' | ||
19705 | Try \`$0 --help' for more information." ;; | ||
19706 | |||
19707 | *) as_fn_append ac_config_targets " $1" | ||
19708 | ac_need_defaults=false ;; | ||
19709 | |||
19710 | esac | ||
19711 | shift | ||
19712 | done | ||
19713 | |||
19714 | ac_configure_extra_args= | ||
19715 | |||
19716 | if $ac_cs_silent; then | ||
19717 | exec 6>/dev/null | ||
19718 | ac_configure_extra_args="$ac_configure_extra_args --silent" | ||
19719 | fi | ||
19720 | |||
19721 | _ACEOF | ||
19722 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19723 | if \$ac_cs_recheck; then | ||
19724 | set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion | ||
19725 | shift | ||
19726 | \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 | ||
19727 | CONFIG_SHELL='$SHELL' | ||
19728 | export CONFIG_SHELL | ||
19729 | exec "\$@" | ||
19730 | fi | ||
19731 | |||
19732 | _ACEOF | ||
19733 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19734 | exec 5>>config.log | ||
19735 | { | ||
19736 | echo | ||
19737 | sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX | ||
19738 | ## Running $as_me. ## | ||
19739 | _ASBOX | ||
19740 | $as_echo "$ac_log" | ||
19741 | } >&5 | ||
19742 | |||
19743 | _ACEOF | ||
19744 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19745 | _ACEOF | ||
19746 | |||
19747 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19748 | |||
19749 | # Handling of arguments. | ||
19750 | for ac_config_target in $ac_config_targets | ||
19751 | do | ||
19752 | case $ac_config_target in | ||
19753 | "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; | ||
19754 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; | ||
19755 | "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;; | ||
19756 | "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;; | ||
19757 | "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;; | ||
19758 | "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;; | ||
19759 | "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;; | ||
19760 | "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;; | ||
19761 | |||
19762 | *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; | ||
19763 | esac | ||
19764 | done | ||
19765 | |||
19766 | |||
19767 | # If the user did not use the arguments to specify the items to instantiate, | ||
19768 | # then the envvar interface is used. Set only those that are not. | ||
19769 | # We use the long form for the default assignment because of an extremely | ||
19770 | # bizarre bug on SunOS 4.1.3. | ||
19771 | if $ac_need_defaults; then | ||
19772 | test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files | ||
19773 | test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers | ||
19774 | fi | ||
19775 | |||
19776 | # Have a temporary directory for convenience. Make it in the build tree | ||
19777 | # simply because there is no reason against having it here, and in addition, | ||
19778 | # creating and moving files from /tmp can sometimes cause problems. | ||
19779 | # Hook for its removal unless debugging. | ||
19780 | # Note that there is a small window in which the directory will not be cleaned: | ||
19781 | # after its creation but before its name has been assigned to `$tmp'. | ||
19782 | $debug || | ||
19783 | { | ||
19784 | tmp= ac_tmp= | ||
19785 | trap 'exit_status=$? | ||
19786 | : "${ac_tmp:=$tmp}" | ||
19787 | { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status | ||
19788 | ' 0 | ||
19789 | trap 'as_fn_exit 1' 1 2 13 15 | ||
19790 | } | ||
19791 | # Create a (secure) tmp directory for tmp files. | ||
19792 | |||
19793 | { | ||
19794 | tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && | ||
19795 | test -d "$tmp" | ||
19796 | } || | ||
19797 | { | ||
19798 | tmp=./conf$$-$RANDOM | ||
19799 | (umask 077 && mkdir "$tmp") | ||
19800 | } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 | ||
19801 | ac_tmp=$tmp | ||
19802 | |||
19803 | # Set up the scripts for CONFIG_FILES section. | ||
19804 | # No need to generate them if there are no CONFIG_FILES. | ||
19805 | # This happens for instance with `./config.status config.h'. | ||
19806 | if test -n "$CONFIG_FILES"; then | ||
19807 | |||
19808 | |||
19809 | ac_cr=`echo X | tr X '\015'` | ||
19810 | # On cygwin, bash can eat \r inside `` if the user requested igncr. | ||
19811 | # But we know of no other shell where ac_cr would be empty at this | ||
19812 | # point, so we can use a bashism as a fallback. | ||
19813 | if test "x$ac_cr" = x; then | ||
19814 | eval ac_cr=\$\'\\r\' | ||
19815 | fi | ||
19816 | ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null` | ||
19817 | if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then | ||
19818 | ac_cs_awk_cr='\\r' | ||
19819 | else | ||
19820 | ac_cs_awk_cr=$ac_cr | ||
19821 | fi | ||
19822 | |||
19823 | echo 'BEGIN {' >"$ac_tmp/subs1.awk" && | ||
19824 | _ACEOF | ||
19825 | |||
19826 | |||
19827 | { | ||
19828 | echo "cat >conf$$subs.awk <<_ACEOF" && | ||
19829 | echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && | ||
19830 | echo "_ACEOF" | ||
19831 | } >conf$$subs.sh || | ||
19832 | as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 | ||
19833 | ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` | ||
19834 | ac_delim='%!_!# ' | ||
19835 | for ac_last_try in false false false false false :; do | ||
19836 | . ./conf$$subs.sh || | ||
19837 | as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 | ||
19838 | |||
19839 | ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` | ||
19840 | if test $ac_delim_n = $ac_delim_num; then | ||
19841 | break | ||
19842 | elif $ac_last_try; then | ||
19843 | as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 | ||
19844 | else | ||
19845 | ac_delim="$ac_delim!$ac_delim _$ac_delim!! " | ||
19846 | fi | ||
19847 | done | ||
19848 | rm -f conf$$subs.sh | ||
19849 | |||
19850 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19851 | cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && | ||
19852 | _ACEOF | ||
19853 | sed -n ' | ||
19854 | h | ||
19855 | s/^/S["/; s/!.*/"]=/ | ||
19856 | p | ||
19857 | g | ||
19858 | s/^[^!]*!// | ||
19859 | :repl | ||
19860 | t repl | ||
19861 | s/'"$ac_delim"'$// | ||
19862 | t delim | ||
19863 | :nl | ||
19864 | h | ||
19865 | s/\(.\{148\}\)..*/\1/ | ||
19866 | t more1 | ||
19867 | s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ | ||
19868 | p | ||
19869 | n | ||
19870 | b repl | ||
19871 | :more1 | ||
19872 | s/["\\]/\\&/g; s/^/"/; s/$/"\\/ | ||
19873 | p | ||
19874 | g | ||
19875 | s/.\{148\}// | ||
19876 | t nl | ||
19877 | :delim | ||
19878 | h | ||
19879 | s/\(.\{148\}\)..*/\1/ | ||
19880 | t more2 | ||
19881 | s/["\\]/\\&/g; s/^/"/; s/$/"/ | ||
19882 | p | ||
19883 | b | ||
19884 | :more2 | ||
19885 | s/["\\]/\\&/g; s/^/"/; s/$/"\\/ | ||
19886 | p | ||
19887 | g | ||
19888 | s/.\{148\}// | ||
19889 | t delim | ||
19890 | ' <conf$$subs.awk | sed ' | ||
19891 | /^[^""]/{ | ||
19892 | N | ||
19893 | s/\n// | ||
19894 | } | ||
19895 | ' >>$CONFIG_STATUS || ac_write_fail=1 | ||
19896 | rm -f conf$$subs.awk | ||
19897 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
19898 | _ACAWK | ||
19899 | cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && | ||
19900 | for (key in S) S_is_set[key] = 1 | ||
19901 | FS = "" | ||
19902 | |||
19903 | } | ||
19904 | { | ||
19905 | line = $ 0 | ||
19906 | nfields = split(line, field, "@") | ||
19907 | substed = 0 | ||
19908 | len = length(field[1]) | ||
19909 | for (i = 2; i < nfields; i++) { | ||
19910 | key = field[i] | ||
19911 | keylen = length(key) | ||
19912 | if (S_is_set[key]) { | ||
19913 | value = S[key] | ||
19914 | line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) | ||
19915 | len += length(value) + length(field[++i]) | ||
19916 | substed = 1 | ||
19917 | } else | ||
19918 | len += 1 + keylen | ||
19919 | } | ||
19920 | |||
19921 | print line | ||
19922 | } | ||
19923 | |||
19924 | _ACAWK | ||
19925 | _ACEOF | ||
19926 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19927 | if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then | ||
19928 | sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" | ||
19929 | else | ||
19930 | cat | ||
19931 | fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ | ||
19932 | || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 | ||
19933 | _ACEOF | ||
19934 | |||
19935 | # VPATH may cause trouble with some makes, so we remove sole $(srcdir), | ||
19936 | # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and | ||
19937 | # trailing colons and then remove the whole line if VPATH becomes empty | ||
19938 | # (actually we leave an empty line to preserve line numbers). | ||
19939 | if test "x$srcdir" = x.; then | ||
19940 | ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ | ||
19941 | h | ||
19942 | s/// | ||
19943 | s/^/:/ | ||
19944 | s/[ ]*$/:/ | ||
19945 | s/:\$(srcdir):/:/g | ||
19946 | s/:\${srcdir}:/:/g | ||
19947 | s/:@srcdir@:/:/g | ||
19948 | s/^:*// | ||
19949 | s/:*$// | ||
19950 | x | ||
19951 | s/\(=[ ]*\).*/\1/ | ||
19952 | G | ||
19953 | s/\n// | ||
19954 | s/^[^=]*=[ ]*$// | ||
19955 | }' | ||
19956 | fi | ||
19957 | |||
19958 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
19959 | fi # test -n "$CONFIG_FILES" | ||
19960 | |||
19961 | # Set up the scripts for CONFIG_HEADERS section. | ||
19962 | # No need to generate them if there are no CONFIG_HEADERS. | ||
19963 | # This happens for instance with `./config.status Makefile'. | ||
19964 | if test -n "$CONFIG_HEADERS"; then | ||
19965 | cat >"$ac_tmp/defines.awk" <<\_ACAWK || | ||
19966 | BEGIN { | ||
19967 | _ACEOF | ||
19968 | |||
19969 | # Transform confdefs.h into an awk script `defines.awk', embedded as | ||
19970 | # here-document in config.status, that substitutes the proper values into | ||
19971 | # config.h.in to produce config.h. | ||
19972 | |||
19973 | # Create a delimiter string that does not exist in confdefs.h, to ease | ||
19974 | # handling of long lines. | ||
19975 | ac_delim='%!_!# ' | ||
19976 | for ac_last_try in false false :; do | ||
19977 | ac_tt=`sed -n "/$ac_delim/p" confdefs.h` | ||
19978 | if test -z "$ac_tt"; then | ||
19979 | break | ||
19980 | elif $ac_last_try; then | ||
19981 | as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 | ||
19982 | else | ||
19983 | ac_delim="$ac_delim!$ac_delim _$ac_delim!! " | ||
19984 | fi | ||
19985 | done | ||
19986 | |||
19987 | # For the awk script, D is an array of macro values keyed by name, | ||
19988 | # likewise P contains macro parameters if any. Preserve backslash | ||
19989 | # newline sequences. | ||
19990 | |||
19991 | ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* | ||
19992 | sed -n ' | ||
19993 | s/.\{148\}/&'"$ac_delim"'/g | ||
19994 | t rset | ||
19995 | :rset | ||
19996 | s/^[ ]*#[ ]*define[ ][ ]*/ / | ||
19997 | t def | ||
19998 | d | ||
19999 | :def | ||
20000 | s/\\$// | ||
20001 | t bsnl | ||
20002 | s/["\\]/\\&/g | ||
20003 | s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ | ||
20004 | D["\1"]=" \3"/p | ||
20005 | s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p | ||
20006 | d | ||
20007 | :bsnl | ||
20008 | s/["\\]/\\&/g | ||
20009 | s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ | ||
20010 | D["\1"]=" \3\\\\\\n"\\/p | ||
20011 | t cont | ||
20012 | s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p | ||
20013 | t cont | ||
20014 | d | ||
20015 | :cont | ||
20016 | n | ||
20017 | s/.\{148\}/&'"$ac_delim"'/g | ||
20018 | t clear | ||
20019 | :clear | ||
20020 | s/\\$// | ||
20021 | t bsnlc | ||
20022 | s/["\\]/\\&/g; s/^/"/; s/$/"/p | ||
20023 | d | ||
20024 | :bsnlc | ||
20025 | s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p | ||
20026 | b cont | ||
20027 | ' <confdefs.h | sed ' | ||
20028 | s/'"$ac_delim"'/"\\\ | ||
20029 | "/g' >>$CONFIG_STATUS || ac_write_fail=1 | ||
20030 | |||
20031 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20032 | for (key in D) D_is_set[key] = 1 | ||
20033 | FS = "" | ||
20034 | } | ||
20035 | /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { | ||
20036 | line = \$ 0 | ||
20037 | split(line, arg, " ") | ||
20038 | if (arg[1] == "#") { | ||
20039 | defundef = arg[2] | ||
20040 | mac1 = arg[3] | ||
20041 | } else { | ||
20042 | defundef = substr(arg[1], 2) | ||
20043 | mac1 = arg[2] | ||
20044 | } | ||
20045 | split(mac1, mac2, "(") #) | ||
20046 | macro = mac2[1] | ||
20047 | prefix = substr(line, 1, index(line, defundef) - 1) | ||
20048 | if (D_is_set[macro]) { | ||
20049 | # Preserve the white space surrounding the "#". | ||
20050 | print prefix "define", macro P[macro] D[macro] | ||
20051 | next | ||
20052 | } else { | ||
20053 | # Replace #undef with comments. This is necessary, for example, | ||
20054 | # in the case of _POSIX_SOURCE, which is predefined and required | ||
20055 | # on some systems where configure will not decide to define it. | ||
20056 | if (defundef == "undef") { | ||
20057 | print "/*", prefix defundef, macro, "*/" | ||
20058 | next | ||
20059 | } | ||
20060 | } | ||
20061 | } | ||
20062 | { print } | ||
20063 | _ACAWK | ||
20064 | _ACEOF | ||
20065 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20066 | as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 | ||
20067 | fi # test -n "$CONFIG_HEADERS" | ||
20068 | |||
20069 | |||
20070 | eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " | ||
20071 | shift | ||
20072 | for ac_tag | ||
20073 | do | ||
20074 | case $ac_tag in | ||
20075 | :[FHLC]) ac_mode=$ac_tag; continue;; | ||
20076 | esac | ||
20077 | case $ac_mode$ac_tag in | ||
20078 | :[FHL]*:*);; | ||
20079 | :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; | ||
20080 | :[FH]-) ac_tag=-:-;; | ||
20081 | :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; | ||
20082 | esac | ||
20083 | ac_save_IFS=$IFS | ||
20084 | IFS=: | ||
20085 | set x $ac_tag | ||
20086 | IFS=$ac_save_IFS | ||
20087 | shift | ||
20088 | ac_file=$1 | ||
20089 | shift | ||
20090 | |||
20091 | case $ac_mode in | ||
20092 | :L) ac_source=$1;; | ||
20093 | :[FH]) | ||
20094 | ac_file_inputs= | ||
20095 | for ac_f | ||
20096 | do | ||
20097 | case $ac_f in | ||
20098 | -) ac_f="$ac_tmp/stdin";; | ||
20099 | *) # Look for the file first in the build tree, then in the source tree | ||
20100 | # (if the path is not absolute). The absolute path cannot be DOS-style, | ||
20101 | # because $ac_f cannot contain `:'. | ||
20102 | test -f "$ac_f" || | ||
20103 | case $ac_f in | ||
20104 | [\\/$]*) false;; | ||
20105 | *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; | ||
20106 | esac || | ||
20107 | as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; | ||
20108 | esac | ||
20109 | case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac | ||
20110 | as_fn_append ac_file_inputs " '$ac_f'" | ||
20111 | done | ||
20112 | |||
20113 | # Let's still pretend it is `configure' which instantiates (i.e., don't | ||
20114 | # use $as_me), people would be surprised to read: | ||
20115 | # /* config.h. Generated by config.status. */ | ||
20116 | configure_input='Generated from '` | ||
20117 | $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' | ||
20118 | `' by configure.' | ||
20119 | if test x"$ac_file" != x-; then | ||
20120 | configure_input="$ac_file. $configure_input" | ||
20121 | { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 | ||
20122 | $as_echo "$as_me: creating $ac_file" >&6;} | ||
20123 | fi | ||
20124 | # Neutralize special characters interpreted by sed in replacement strings. | ||
20125 | case $configure_input in #( | ||
20126 | *\&* | *\|* | *\\* ) | ||
20127 | ac_sed_conf_input=`$as_echo "$configure_input" | | ||
20128 | sed 's/[\\\\&|]/\\\\&/g'`;; #( | ||
20129 | *) ac_sed_conf_input=$configure_input;; | ||
20130 | esac | ||
20131 | |||
20132 | case $ac_tag in | ||
20133 | *:-:* | *:-) cat >"$ac_tmp/stdin" \ | ||
20134 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; | ||
20135 | esac | ||
20136 | ;; | ||
20137 | esac | ||
20138 | |||
20139 | ac_dir=`$as_dirname -- "$ac_file" || | ||
20140 | $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ | ||
20141 | X"$ac_file" : 'X\(//\)[^/]' \| \ | ||
20142 | X"$ac_file" : 'X\(//\)$' \| \ | ||
20143 | X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || | ||
20144 | $as_echo X"$ac_file" | | ||
20145 | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ | ||
20146 | s//\1/ | ||
20147 | q | ||
20148 | } | ||
20149 | /^X\(\/\/\)[^/].*/{ | ||
20150 | s//\1/ | ||
20151 | q | ||
20152 | } | ||
20153 | /^X\(\/\/\)$/{ | ||
20154 | s//\1/ | ||
20155 | q | ||
20156 | } | ||
20157 | /^X\(\/\).*/{ | ||
20158 | s//\1/ | ||
20159 | q | ||
20160 | } | ||
20161 | s/.*/./; q'` | ||
20162 | as_dir="$ac_dir"; as_fn_mkdir_p | ||
20163 | ac_builddir=. | ||
20164 | |||
20165 | case "$ac_dir" in | ||
20166 | .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
20167 | *) | ||
20168 | ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` | ||
20169 | # A ".." for each directory in $ac_dir_suffix. | ||
20170 | ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` | ||
20171 | case $ac_top_builddir_sub in | ||
20172 | "") ac_top_builddir_sub=. ac_top_build_prefix= ;; | ||
20173 | *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; | ||
20174 | esac ;; | ||
20175 | esac | ||
20176 | ac_abs_top_builddir=$ac_pwd | ||
20177 | ac_abs_builddir=$ac_pwd$ac_dir_suffix | ||
20178 | # for backward compatibility: | ||
20179 | ac_top_builddir=$ac_top_build_prefix | ||
20180 | |||
20181 | case $srcdir in | ||
20182 | .) # We are building in place. | ||
20183 | ac_srcdir=. | ||
20184 | ac_top_srcdir=$ac_top_builddir_sub | ||
20185 | ac_abs_top_srcdir=$ac_pwd ;; | ||
20186 | [\\/]* | ?:[\\/]* ) # Absolute name. | ||
20187 | ac_srcdir=$srcdir$ac_dir_suffix; | ||
20188 | ac_top_srcdir=$srcdir | ||
20189 | ac_abs_top_srcdir=$srcdir ;; | ||
20190 | *) # Relative name. | ||
20191 | ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix | ||
20192 | ac_top_srcdir=$ac_top_build_prefix$srcdir | ||
20193 | ac_abs_top_srcdir=$ac_pwd/$srcdir ;; | ||
20194 | esac | ||
20195 | ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix | ||
20196 | |||
20197 | |||
20198 | case $ac_mode in | ||
20199 | :F) | ||
20200 | # | ||
20201 | # CONFIG_FILE | ||
20202 | # | ||
20203 | |||
20204 | case $INSTALL in | ||
20205 | [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; | ||
20206 | *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; | ||
20207 | esac | ||
20208 | _ACEOF | ||
20209 | |||
20210 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20211 | # If the template does not know about datarootdir, expand it. | ||
20212 | # FIXME: This hack should be removed a few years after 2.60. | ||
20213 | ac_datarootdir_hack=; ac_datarootdir_seen= | ||
20214 | ac_sed_dataroot=' | ||
20215 | /datarootdir/ { | ||
20216 | p | ||
20217 | q | ||
20218 | } | ||
20219 | /@datadir@/p | ||
20220 | /@docdir@/p | ||
20221 | /@infodir@/p | ||
20222 | /@localedir@/p | ||
20223 | /@mandir@/p' | ||
20224 | case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in | ||
20225 | *datarootdir*) ac_datarootdir_seen=yes;; | ||
20226 | *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) | ||
20227 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 | ||
20228 | $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} | ||
20229 | _ACEOF | ||
20230 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20231 | ac_datarootdir_hack=' | ||
20232 | s&@datadir@&$datadir&g | ||
20233 | s&@docdir@&$docdir&g | ||
20234 | s&@infodir@&$infodir&g | ||
20235 | s&@localedir@&$localedir&g | ||
20236 | s&@mandir@&$mandir&g | ||
20237 | s&\\\${datarootdir}&$datarootdir&g' ;; | ||
20238 | esac | ||
20239 | _ACEOF | ||
20240 | |||
20241 | # Neutralize VPATH when `$srcdir' = `.'. | ||
20242 | # Shell code in configure.ac might set extrasub. | ||
20243 | # FIXME: do we really want to maintain this feature? | ||
20244 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
20245 | ac_sed_extra="$ac_vpsub | ||
20246 | $extrasub | ||
20247 | _ACEOF | ||
20248 | cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | ||
20249 | :t | ||
20250 | /@[a-zA-Z_][a-zA-Z_0-9]*@/!b | ||
20251 | s|@configure_input@|$ac_sed_conf_input|;t t | ||
20252 | s&@top_builddir@&$ac_top_builddir_sub&;t t | ||
20253 | s&@top_build_prefix@&$ac_top_build_prefix&;t t | ||
20254 | s&@srcdir@&$ac_srcdir&;t t | ||
20255 | s&@abs_srcdir@&$ac_abs_srcdir&;t t | ||
20256 | s&@top_srcdir@&$ac_top_srcdir&;t t | ||
20257 | s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t | ||
20258 | s&@builddir@&$ac_builddir&;t t | ||
20259 | s&@abs_builddir@&$ac_abs_builddir&;t t | ||
20260 | s&@abs_top_builddir@&$ac_abs_top_builddir&;t t | ||
20261 | s&@INSTALL@&$ac_INSTALL&;t t | ||
20262 | $ac_datarootdir_hack | ||
20263 | " | ||
20264 | eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ | ||
20265 | >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20266 | |||
20267 | test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && | ||
20268 | { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && | ||
20269 | { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ | ||
20270 | "$ac_tmp/out"`; test -z "$ac_out"; } && | ||
20271 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' | ||
20272 | which seems to be undefined. Please make sure it is defined" >&5 | ||
20273 | $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' | ||
20274 | which seems to be undefined. Please make sure it is defined" >&2;} | ||
20275 | |||
20276 | rm -f "$ac_tmp/stdin" | ||
20277 | case $ac_file in | ||
20278 | -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; | ||
20279 | *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; | ||
20280 | esac \ | ||
20281 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20282 | ;; | ||
20283 | :H) | ||
20284 | # | ||
20285 | # CONFIG_HEADER | ||
20286 | # | ||
20287 | if test x"$ac_file" != x-; then | ||
20288 | { | ||
20289 | $as_echo "/* $configure_input */" \ | ||
20290 | && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" | ||
20291 | } >"$ac_tmp/config.h" \ | ||
20292 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20293 | if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then | ||
20294 | { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 | ||
20295 | $as_echo "$as_me: $ac_file is unchanged" >&6;} | ||
20296 | else | ||
20297 | rm -f "$ac_file" | ||
20298 | mv "$ac_tmp/config.h" "$ac_file" \ | ||
20299 | || as_fn_error $? "could not create $ac_file" "$LINENO" 5 | ||
20300 | fi | ||
20301 | else | ||
20302 | $as_echo "/* $configure_input */" \ | ||
20303 | && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ | ||
20304 | || as_fn_error $? "could not create -" "$LINENO" 5 | ||
20305 | fi | ||
20306 | ;; | ||
20307 | |||
20308 | |||
20309 | esac | ||
20310 | |||
20311 | done # for ac_tag | ||
20312 | |||
20313 | |||
20314 | as_fn_exit 0 | ||
20315 | _ACEOF | ||
20316 | ac_clean_files=$ac_clean_files_save | ||
20317 | |||
20318 | test $ac_write_fail = 0 || | ||
20319 | as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 | ||
20320 | |||
20321 | |||
20322 | # configure is writing to config.log, and then calls config.status. | ||
20323 | # config.status does its own redirection, appending to config.log. | ||
20324 | # Unfortunately, on DOS this fails, as config.log is still kept open | ||
20325 | # by configure, so config.status won't be able to write to it; its | ||
20326 | # output is simply discarded. So we exec the FD to /dev/null, | ||
20327 | # effectively closing config.log, so it can be properly (re)opened and | ||
20328 | # appended to by config.status. When coming back to configure, we | ||
20329 | # need to make the FD available again. | ||
20330 | if test "$no_create" != yes; then | ||
20331 | ac_cs_success=: | ||
20332 | ac_config_status_args= | ||
20333 | test "$silent" = yes && | ||
20334 | ac_config_status_args="$ac_config_status_args --quiet" | ||
20335 | exec 5>/dev/null | ||
20336 | $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false | ||
20337 | exec 5>>config.log | ||
20338 | # Use ||, not &&, to avoid exiting from the if with $? = 1, which | ||
20339 | # would make configure fail if this is the last instruction. | ||
20340 | $ac_cs_success || as_fn_exit 1 | ||
20341 | fi | ||
20342 | if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then | ||
20343 | { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 | ||
20344 | $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} | ||
20345 | fi | ||
20346 | |||
20347 | |||
20348 | # Print summary of options | ||
20349 | |||
20350 | # Someone please show me a better way :) | ||
20351 | A=`eval echo ${prefix}` ; A=`eval echo ${A}` | ||
20352 | B=`eval echo ${bindir}` ; B=`eval echo ${B}` | ||
20353 | C=`eval echo ${sbindir}` ; C=`eval echo ${C}` | ||
20354 | D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` | ||
20355 | E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` | ||
20356 | F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` | ||
20357 | G=`eval echo ${piddir}` ; G=`eval echo ${G}` | ||
20358 | H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` | ||
20359 | I=`eval echo ${user_path}` ; I=`eval echo ${I}` | ||
20360 | J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` | ||
20361 | |||
20362 | echo "" | ||
20363 | echo "OpenSSH has been configured with the following options:" | ||
20364 | echo " User binaries: $B" | ||
20365 | echo " System binaries: $C" | ||
20366 | echo " Configuration files: $D" | ||
20367 | echo " Askpass program: $E" | ||
20368 | echo " Manual pages: $F" | ||
20369 | echo " PID file: $G" | ||
20370 | echo " Privilege separation chroot path: $H" | ||
20371 | if test "x$external_path_file" = "x/etc/login.conf" ; then | ||
20372 | echo " At runtime, sshd will use the path defined in $external_path_file" | ||
20373 | echo " Make sure the path to scp is present, otherwise scp will not work" | ||
20374 | else | ||
20375 | echo " sshd default user PATH: $I" | ||
20376 | if test ! -z "$external_path_file"; then | ||
20377 | echo " (If PATH is set in $external_path_file it will be used instead. If" | ||
20378 | echo " used, ensure the path to scp is present, otherwise scp will not work.)" | ||
20379 | fi | ||
20380 | fi | ||
20381 | if test ! -z "$superuser_path" ; then | ||
20382 | echo " sshd superuser user PATH: $J" | ||
20383 | fi | ||
20384 | echo " Manpage format: $MANTYPE" | ||
20385 | echo " PAM support: $PAM_MSG" | ||
20386 | echo " OSF SIA support: $SIA_MSG" | ||
20387 | echo " KerberosV support: $KRB5_MSG" | ||
20388 | echo " SELinux support: $SELINUX_MSG" | ||
20389 | echo " Smartcard support: $SCARD_MSG" | ||
20390 | echo " S/KEY support: $SKEY_MSG" | ||
20391 | echo " MD5 password support: $MD5_MSG" | ||
20392 | echo " libedit support: $LIBEDIT_MSG" | ||
20393 | echo " libldns support: $LDNS_MSG" | ||
20394 | echo " Solaris process contract support: $SPC_MSG" | ||
20395 | echo " Solaris project support: $SP_MSG" | ||
20396 | echo " Solaris privilege support: $SPP_MSG" | ||
20397 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
20398 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
20399 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
20400 | echo " Random number source: $RAND_MSG" | ||
20401 | echo " Privsep sandbox style: $SANDBOX_STYLE" | ||
20402 | |||
20403 | echo "" | ||
20404 | |||
20405 | echo " Host: ${host}" | ||
20406 | echo " Compiler: ${CC}" | ||
20407 | echo " Compiler flags: ${CFLAGS}" | ||
20408 | echo "Preprocessor flags: ${CPPFLAGS}" | ||
20409 | echo " Linker flags: ${LDFLAGS}" | ||
20410 | echo " Libraries: ${LIBS}" | ||
20411 | if test ! -z "${SSHDLIBS}"; then | ||
20412 | echo " +for sshd: ${SSHDLIBS}" | ||
20413 | fi | ||
20414 | if test ! -z "${SSHLIBS}"; then | ||
20415 | echo " +for ssh: ${SSHLIBS}" | ||
20416 | fi | ||
20417 | |||
20418 | echo "" | ||
20419 | |||
20420 | if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then | ||
20421 | echo "SVR4 style packages are supported with \"make package\"" | ||
20422 | echo "" | ||
20423 | fi | ||
20424 | |||
20425 | if test "x$PAM_MSG" = "xyes" ; then | ||
20426 | echo "PAM is enabled. You may need to install a PAM control file " | ||
20427 | echo "for sshd, otherwise password authentication may fail. " | ||
20428 | echo "Example PAM control files can be found in the contrib/ " | ||
20429 | echo "subdirectory" | ||
20430 | echo "" | ||
20431 | fi | ||
20432 | |||
20433 | if test ! -z "$NO_PEERCHECK" ; then | ||
20434 | echo "WARNING: the operating system that you are using does not" | ||
20435 | echo "appear to support getpeereid(), getpeerucred() or the" | ||
20436 | echo "SO_PEERCRED getsockopt() option. These facilities are used to" | ||
20437 | echo "enforce security checks to prevent unauthorised connections to" | ||
20438 | echo "ssh-agent. Their absence increases the risk that a malicious" | ||
20439 | echo "user can connect to your agent." | ||
20440 | echo "" | ||
20441 | fi | ||
20442 | |||
20443 | if test "$AUDIT_MODULE" = "bsm" ; then | ||
20444 | echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." | ||
20445 | echo "See the Solaris section in README.platform for details." | ||
20446 | fi | ||
diff --git a/moduli.0 b/moduli.0 new file mode 100644 index 000000000..dd762af85 --- /dev/null +++ b/moduli.0 | |||
@@ -0,0 +1,74 @@ | |||
1 | MODULI(5) File Formats Manual MODULI(5) | ||
2 | |||
3 | NAME | ||
4 | moduli M-bM-^@M-^S Diffie-Hellman moduli | ||
5 | |||
6 | DESCRIPTION | ||
7 | The /etc/moduli file contains prime numbers and generators for use by | ||
8 | sshd(8) in the Diffie-Hellman Group Exchange key exchange method. | ||
9 | |||
10 | New moduli may be generated with ssh-keygen(1) using a two-step process. | ||
11 | An initial candidate generation pass, using ssh-keygen -G, calculates | ||
12 | numbers that are likely to be useful. A second primality testing pass, | ||
13 | using ssh-keygen -T, provides a high degree of assurance that the numbers | ||
14 | are prime and are safe for use in Diffie-Hellman operations by sshd(8). | ||
15 | This moduli format is used as the output from each pass. | ||
16 | |||
17 | The file consists of newline-separated records, one per modulus, | ||
18 | containing seven space-separated fields. These fields are as follows: | ||
19 | |||
20 | timestamp The time that the modulus was last processed as | ||
21 | YYYYMMDDHHMMSS. | ||
22 | |||
23 | type Decimal number specifying the internal structure of | ||
24 | the prime modulus. Supported types are: | ||
25 | |||
26 | 0 Unknown, not tested. | ||
27 | 2 "Safe" prime; (p-1)/2 is also prime. | ||
28 | 4 Sophie Germain; 2p+1 is also prime. | ||
29 | |||
30 | Moduli candidates initially produced by ssh-keygen(1) | ||
31 | are Sophie Germain primes (type 4). Further primality | ||
32 | testing with ssh-keygen(1) produces safe prime moduli | ||
33 | (type 2) that are ready for use in sshd(8). Other | ||
34 | types are not used by OpenSSH. | ||
35 | |||
36 | tests Decimal number indicating the type of primality tests | ||
37 | that the number has been subjected to represented as a | ||
38 | bitmask of the following values: | ||
39 | |||
40 | 0x00 Not tested. | ||
41 | 0x01 Composite number M-bM-^@M-^S not prime. | ||
42 | 0x02 Sieve of Eratosthenes. | ||
43 | 0x04 Probabilistic Miller-Rabin primality tests. | ||
44 | |||
45 | The ssh-keygen(1) moduli candidate generation uses the | ||
46 | Sieve of Eratosthenes (flag 0x02). Subsequent | ||
47 | ssh-keygen(1) primality tests are Miller-Rabin tests | ||
48 | (flag 0x04). | ||
49 | |||
50 | trials Decimal number indicating the number of primality | ||
51 | trials that have been performed on the modulus. | ||
52 | |||
53 | size Decimal number indicating the size of the prime in | ||
54 | bits. | ||
55 | |||
56 | generator The recommended generator for use with this modulus | ||
57 | (hexadecimal). | ||
58 | |||
59 | modulus The modulus itself in hexadecimal. | ||
60 | |||
61 | When performing Diffie-Hellman Group Exchange, sshd(8) first estimates | ||
62 | the size of the modulus required to produce enough Diffie-Hellman output | ||
63 | to sufficiently key the selected symmetric cipher. sshd(8) then randomly | ||
64 | selects a modulus from /etc/moduli that best meets the size requirement. | ||
65 | |||
66 | SEE ALSO | ||
67 | ssh-keygen(1), sshd(8) | ||
68 | |||
69 | STANDARDS | ||
70 | M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for | ||
71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, | ||
72 | 2006. | ||
73 | |||
74 | OpenBSD 6.0 September 26, 2012 OpenBSD 6.0 | ||
@@ -0,0 +1,168 @@ | |||
1 | SCP(1) General Commands Manual SCP(1) | ||
2 | |||
3 | NAME | ||
4 | scp M-bM-^@M-^S secure copy (remote file copy program) | ||
5 | |||
6 | SYNOPSIS | ||
7 | scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] | ||
8 | [-l limit] [-o ssh_option] [-P port] [-S program] | ||
9 | [[user@]host1:]file1 ... [[user@]host2:]file2 | ||
10 | |||
11 | DESCRIPTION | ||
12 | scp copies files between hosts on a network. It uses ssh(1) for data | ||
13 | transfer, and uses the same authentication and provides the same security | ||
14 | as ssh(1). scp will ask for passwords or passphrases if they are needed | ||
15 | for authentication. | ||
16 | |||
17 | File names may contain a user and host specification to indicate that the | ||
18 | file is to be copied to/from that host. Local file names can be made | ||
19 | explicit using absolute or relative pathnames to avoid scp treating file | ||
20 | names containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. Copies between two remote hosts | ||
21 | are also permitted. | ||
22 | |||
23 | The options are as follows: | ||
24 | |||
25 | -1 Forces scp to use protocol 1. | ||
26 | |||
27 | -2 Forces scp to use protocol 2. | ||
28 | |||
29 | -3 Copies between two remote hosts are transferred through the local | ||
30 | host. Without this option the data is copied directly between | ||
31 | the two remote hosts. Note that this option disables the | ||
32 | progress meter. | ||
33 | |||
34 | -4 Forces scp to use IPv4 addresses only. | ||
35 | |||
36 | -6 Forces scp to use IPv6 addresses only. | ||
37 | |||
38 | -B Selects batch mode (prevents asking for passwords or | ||
39 | passphrases). | ||
40 | |||
41 | -C Compression enable. Passes the -C flag to ssh(1) to enable | ||
42 | compression. | ||
43 | |||
44 | -c cipher | ||
45 | Selects the cipher to use for encrypting the data transfer. This | ||
46 | option is directly passed to ssh(1). | ||
47 | |||
48 | -F ssh_config | ||
49 | Specifies an alternative per-user configuration file for ssh. | ||
50 | This option is directly passed to ssh(1). | ||
51 | |||
52 | -i identity_file | ||
53 | Selects the file from which the identity (private key) for public | ||
54 | key authentication is read. This option is directly passed to | ||
55 | ssh(1). | ||
56 | |||
57 | -l limit | ||
58 | Limits the used bandwidth, specified in Kbit/s. | ||
59 | |||
60 | -o ssh_option | ||
61 | Can be used to pass options to ssh in the format used in | ||
62 | ssh_config(5). This is useful for specifying options for which | ||
63 | there is no separate scp command-line flag. For full details of | ||
64 | the options listed below, and their possible values, see | ||
65 | ssh_config(5). | ||
66 | |||
67 | AddressFamily | ||
68 | BatchMode | ||
69 | BindAddress | ||
70 | CanonicalDomains | ||
71 | CanonicalizeFallbackLocal | ||
72 | CanonicalizeHostname | ||
73 | CanonicalizeMaxDots | ||
74 | CanonicalizePermittedCNAMEs | ||
75 | CertificateFile | ||
76 | ChallengeResponseAuthentication | ||
77 | CheckHostIP | ||
78 | Cipher | ||
79 | Ciphers | ||
80 | Compression | ||
81 | CompressionLevel | ||
82 | ConnectionAttempts | ||
83 | ConnectTimeout | ||
84 | ControlMaster | ||
85 | ControlPath | ||
86 | ControlPersist | ||
87 | GlobalKnownHostsFile | ||
88 | GSSAPIAuthentication | ||
89 | GSSAPIDelegateCredentials | ||
90 | HashKnownHosts | ||
91 | Host | ||
92 | HostbasedAuthentication | ||
93 | HostbasedKeyTypes | ||
94 | HostKeyAlgorithms | ||
95 | HostKeyAlias | ||
96 | HostName | ||
97 | IdentitiesOnly | ||
98 | IdentityAgent | ||
99 | IdentityFile | ||
100 | IPQoS | ||
101 | KbdInteractiveAuthentication | ||
102 | KbdInteractiveDevices | ||
103 | KexAlgorithms | ||
104 | LogLevel | ||
105 | MACs | ||
106 | NoHostAuthenticationForLocalhost | ||
107 | NumberOfPasswordPrompts | ||
108 | PasswordAuthentication | ||
109 | PKCS11Provider | ||
110 | Port | ||
111 | PreferredAuthentications | ||
112 | Protocol | ||
113 | ProxyCommand | ||
114 | ProxyJump | ||
115 | PubkeyAcceptedKeyTypes | ||
116 | PubkeyAuthentication | ||
117 | RekeyLimit | ||
118 | RhostsRSAAuthentication | ||
119 | RSAAuthentication | ||
120 | SendEnv | ||
121 | ServerAliveInterval | ||
122 | ServerAliveCountMax | ||
123 | StrictHostKeyChecking | ||
124 | TCPKeepAlive | ||
125 | UpdateHostKeys | ||
126 | UsePrivilegedPort | ||
127 | User | ||
128 | UserKnownHostsFile | ||
129 | VerifyHostKeyDNS | ||
130 | |||
131 | -P port | ||
132 | Specifies the port to connect to on the remote host. Note that | ||
133 | this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already | ||
134 | reserved for preserving the times and modes of the file. | ||
135 | |||
136 | -p Preserves modification times, access times, and modes from the | ||
137 | original file. | ||
138 | |||
139 | -q Quiet mode: disables the progress meter as well as warning and | ||
140 | diagnostic messages from ssh(1). | ||
141 | |||
142 | -r Recursively copy entire directories. Note that scp follows | ||
143 | symbolic links encountered in the tree traversal. | ||
144 | |||
145 | -S program | ||
146 | Name of program to use for the encrypted connection. The program | ||
147 | must understand ssh(1) options. | ||
148 | |||
149 | -v Verbose mode. Causes scp and ssh(1) to print debugging messages | ||
150 | about their progress. This is helpful in debugging connection, | ||
151 | authentication, and configuration problems. | ||
152 | |||
153 | EXIT STATUS | ||
154 | The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs. | ||
155 | |||
156 | SEE ALSO | ||
157 | sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), | ||
158 | sshd(8) | ||
159 | |||
160 | HISTORY | ||
161 | scp is based on the rcp program in BSD source code from the Regents of | ||
162 | the University of California. | ||
163 | |||
164 | AUTHORS | ||
165 | Timo Rinne <tri@iki.fi> | ||
166 | Tatu Ylonen <ylo@cs.hut.fi> | ||
167 | |||
168 | OpenBSD 6.0 July 16, 2016 OpenBSD 6.0 | ||
diff --git a/sftp-server.0 b/sftp-server.0 new file mode 100644 index 000000000..20d477d49 --- /dev/null +++ b/sftp-server.0 | |||
@@ -0,0 +1,96 @@ | |||
1 | SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) | ||
2 | |||
3 | NAME | ||
4 | sftp-server M-bM-^@M-^S SFTP server subsystem | ||
5 | |||
6 | SYNOPSIS | ||
7 | sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] | ||
8 | [-P blacklisted_requests] [-p whitelisted_requests] | ||
9 | [-u umask] | ||
10 | sftp-server -Q protocol_feature | ||
11 | |||
12 | DESCRIPTION | ||
13 | sftp-server is a program that speaks the server side of SFTP protocol to | ||
14 | stdout and expects client requests from stdin. sftp-server is not | ||
15 | intended to be called directly, but from sshd(8) using the Subsystem | ||
16 | option. | ||
17 | |||
18 | Command-line flags to sftp-server should be specified in the Subsystem | ||
19 | declaration. See sshd_config(5) for more information. | ||
20 | |||
21 | Valid options are: | ||
22 | |||
23 | -d start_directory | ||
24 | specifies an alternate starting directory for users. The | ||
25 | pathname may contain the following tokens that are expanded at | ||
26 | runtime: %% is replaced by a literal '%', %d is replaced by the | ||
27 | home directory of the user being authenticated, and %u is | ||
28 | replaced by the username of that user. The default is to use the | ||
29 | user's home directory. This option is useful in conjunction with | ||
30 | the sshd_config(5) ChrootDirectory option. | ||
31 | |||
32 | -e Causes sftp-server to print logging information to stderr instead | ||
33 | of syslog for debugging. | ||
34 | |||
35 | -f log_facility | ||
36 | Specifies the facility code that is used when logging messages | ||
37 | from sftp-server. The possible values are: DAEMON, USER, AUTH, | ||
38 | LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | ||
39 | The default is AUTH. | ||
40 | |||
41 | -h Displays sftp-server usage information. | ||
42 | |||
43 | -l log_level | ||
44 | Specifies which messages will be logged by sftp-server. The | ||
45 | possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, | ||
46 | DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions | ||
47 | that sftp-server performs on behalf of the client. DEBUG and | ||
48 | DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher | ||
49 | levels of debugging output. The default is ERROR. | ||
50 | |||
51 | -P blacklisted_requests | ||
52 | Specify a comma-separated list of SFTP protocol requests that are | ||
53 | banned by the server. sftp-server will reply to any blacklisted | ||
54 | request with a failure. The -Q flag can be used to determine the | ||
55 | supported request types. If both a blacklist and a whitelist are | ||
56 | specified, then the blacklist is applied before the whitelist. | ||
57 | |||
58 | -p whitelisted_requests | ||
59 | Specify a comma-separated list of SFTP protocol requests that are | ||
60 | permitted by the server. All request types that are not on the | ||
61 | whitelist will be logged and replied to with a failure message. | ||
62 | |||
63 | Care must be taken when using this feature to ensure that | ||
64 | requests made implicitly by SFTP clients are permitted. | ||
65 | |||
66 | -Q protocol_feature | ||
67 | Query protocol features supported by sftp-server. At present the | ||
68 | only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used | ||
69 | for black or whitelisting (flags -P and -p respectively). | ||
70 | |||
71 | -R Places this instance of sftp-server into a read-only mode. | ||
72 | Attempts to open files for writing, as well as other operations | ||
73 | that change the state of the filesystem, will be denied. | ||
74 | |||
75 | -u umask | ||
76 | Sets an explicit umask(2) to be applied to newly-created files | ||
77 | and directories, instead of the user's default mask. | ||
78 | |||
79 | On some systems, sftp-server must be able to access /dev/log for logging | ||
80 | to work, and use of sftp-server in a chroot configuration therefore | ||
81 | requires that syslogd(8) establish a logging socket inside the chroot | ||
82 | directory. | ||
83 | |||
84 | SEE ALSO | ||
85 | sftp(1), ssh(1), sshd_config(5), sshd(8) | ||
86 | |||
87 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | ||
88 | filexfer-02.txt, October 2001, work in progress material. | ||
89 | |||
90 | HISTORY | ||
91 | sftp-server first appeared in OpenBSD 2.8. | ||
92 | |||
93 | AUTHORS | ||
94 | Markus Friedl <markus@openbsd.org> | ||
95 | |||
96 | OpenBSD 6.0 December 11, 2014 OpenBSD 6.0 | ||
@@ -0,0 +1,386 @@ | |||
1 | SFTP(1) General Commands Manual SFTP(1) | ||
2 | |||
3 | NAME | ||
4 | sftp M-bM-^@M-^S secure file transfer program | ||
5 | |||
6 | SYNOPSIS | ||
7 | sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher] | ||
8 | [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] | ||
9 | [-o ssh_option] [-P port] [-R num_requests] [-S program] | ||
10 | [-s subsystem | sftp_server] host | ||
11 | sftp [user@]host[:file ...] | ||
12 | sftp [user@]host[:dir[/]] | ||
13 | sftp -b batchfile [user@]host | ||
14 | |||
15 | DESCRIPTION | ||
16 | sftp is an interactive file transfer program, similar to ftp(1), which | ||
17 | performs all operations over an encrypted ssh(1) transport. It may also | ||
18 | use many features of ssh, such as public key authentication and | ||
19 | compression. sftp connects and logs into the specified host, then enters | ||
20 | an interactive command mode. | ||
21 | |||
22 | The second usage format will retrieve files automatically if a non- | ||
23 | interactive authentication method is used; otherwise it will do so after | ||
24 | successful interactive authentication. | ||
25 | |||
26 | The third usage format allows sftp to start in a remote directory. | ||
27 | |||
28 | The final usage format allows for automated sessions using the -b option. | ||
29 | In such cases, it is necessary to configure non-interactive | ||
30 | authentication to obviate the need to enter a password at connection time | ||
31 | (see sshd(8) and ssh-keygen(1) for details). | ||
32 | |||
33 | Since some usage formats use colon characters to delimit host names from | ||
34 | path names, IPv6 addresses must be enclosed in square brackets to avoid | ||
35 | ambiguity. | ||
36 | |||
37 | The options are as follows: | ||
38 | |||
39 | -1 Specify the use of protocol version 1. | ||
40 | |||
41 | -2 Specify the use of protocol version 2. | ||
42 | |||
43 | -4 Forces sftp to use IPv4 addresses only. | ||
44 | |||
45 | -6 Forces sftp to use IPv6 addresses only. | ||
46 | |||
47 | -a Attempt to continue interrupted transfers rather than overwriting | ||
48 | existing partial or complete copies of files. If the partial | ||
49 | contents differ from those being transferred, then the resultant | ||
50 | file is likely to be corrupt. | ||
51 | |||
52 | -B buffer_size | ||
53 | Specify the size of the buffer that sftp uses when transferring | ||
54 | files. Larger buffers require fewer round trips at the cost of | ||
55 | higher memory consumption. The default is 32768 bytes. | ||
56 | |||
57 | -b batchfile | ||
58 | Batch mode reads a series of commands from an input batchfile | ||
59 | instead of stdin. Since it lacks user interaction it should be | ||
60 | used in conjunction with non-interactive authentication. A | ||
61 | batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp | ||
62 | will abort if any of the following commands fail: get, put, | ||
63 | reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, | ||
64 | chown, chgrp, lpwd, df, symlink, and lmkdir. Termination on | ||
65 | error can be suppressed on a command by command basis by | ||
66 | prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, -rm | ||
67 | /tmp/blah*). | ||
68 | |||
69 | -C Enables compression (via ssh's -C flag). | ||
70 | |||
71 | -c cipher | ||
72 | Selects the cipher to use for encrypting the data transfers. | ||
73 | This option is directly passed to ssh(1). | ||
74 | |||
75 | -D sftp_server_path | ||
76 | Connect directly to a local sftp server (rather than via ssh(1)). | ||
77 | This option may be useful in debugging the client and server. | ||
78 | |||
79 | -F ssh_config | ||
80 | Specifies an alternative per-user configuration file for ssh(1). | ||
81 | This option is directly passed to ssh(1). | ||
82 | |||
83 | -f Requests that files be flushed to disk immediately after | ||
84 | transfer. When uploading files, this feature is only enabled if | ||
85 | the server implements the "fsync@openssh.com" extension. | ||
86 | |||
87 | -i identity_file | ||
88 | Selects the file from which the identity (private key) for public | ||
89 | key authentication is read. This option is directly passed to | ||
90 | ssh(1). | ||
91 | |||
92 | -l limit | ||
93 | Limits the used bandwidth, specified in Kbit/s. | ||
94 | |||
95 | -o ssh_option | ||
96 | Can be used to pass options to ssh in the format used in | ||
97 | ssh_config(5). This is useful for specifying options for which | ||
98 | there is no separate sftp command-line flag. For example, to | ||
99 | specify an alternate port use: sftp -oPort=24. For full details | ||
100 | of the options listed below, and their possible values, see | ||
101 | ssh_config(5). | ||
102 | |||
103 | AddressFamily | ||
104 | BatchMode | ||
105 | BindAddress | ||
106 | CanonicalDomains | ||
107 | CanonicalizeFallbackLocal | ||
108 | CanonicalizeHostname | ||
109 | CanonicalizeMaxDots | ||
110 | CanonicalizePermittedCNAMEs | ||
111 | CertificateFile | ||
112 | ChallengeResponseAuthentication | ||
113 | CheckHostIP | ||
114 | Cipher | ||
115 | Ciphers | ||
116 | Compression | ||
117 | CompressionLevel | ||
118 | ConnectionAttempts | ||
119 | ConnectTimeout | ||
120 | ControlMaster | ||
121 | ControlPath | ||
122 | ControlPersist | ||
123 | GlobalKnownHostsFile | ||
124 | GSSAPIAuthentication | ||
125 | GSSAPIDelegateCredentials | ||
126 | HashKnownHosts | ||
127 | Host | ||
128 | HostbasedAuthentication | ||
129 | HostbasedKeyTypes | ||
130 | HostKeyAlgorithms | ||
131 | HostKeyAlias | ||
132 | HostName | ||
133 | IdentitiesOnly | ||
134 | IdentityAgent | ||
135 | IdentityFile | ||
136 | IPQoS | ||
137 | KbdInteractiveAuthentication | ||
138 | KbdInteractiveDevices | ||
139 | KexAlgorithms | ||
140 | LogLevel | ||
141 | MACs | ||
142 | NoHostAuthenticationForLocalhost | ||
143 | NumberOfPasswordPrompts | ||
144 | PasswordAuthentication | ||
145 | PKCS11Provider | ||
146 | Port | ||
147 | PreferredAuthentications | ||
148 | Protocol | ||
149 | ProxyCommand | ||
150 | ProxyJump | ||
151 | PubkeyAuthentication | ||
152 | RekeyLimit | ||
153 | RhostsRSAAuthentication | ||
154 | RSAAuthentication | ||
155 | SendEnv | ||
156 | ServerAliveInterval | ||
157 | ServerAliveCountMax | ||
158 | StrictHostKeyChecking | ||
159 | TCPKeepAlive | ||
160 | UpdateHostKeys | ||
161 | UsePrivilegedPort | ||
162 | User | ||
163 | UserKnownHostsFile | ||
164 | VerifyHostKeyDNS | ||
165 | |||
166 | -P port | ||
167 | Specifies the port to connect to on the remote host. | ||
168 | |||
169 | -p Preserves modification times, access times, and modes from the | ||
170 | original files transferred. | ||
171 | |||
172 | -q Quiet mode: disables the progress meter as well as warning and | ||
173 | diagnostic messages from ssh(1). | ||
174 | |||
175 | -R num_requests | ||
176 | Specify how many requests may be outstanding at any one time. | ||
177 | Increasing this may slightly improve file transfer speed but will | ||
178 | increase memory usage. The default is 64 outstanding requests. | ||
179 | |||
180 | -r Recursively copy entire directories when uploading and | ||
181 | downloading. Note that sftp does not follow symbolic links | ||
182 | encountered in the tree traversal. | ||
183 | |||
184 | -S program | ||
185 | Name of the program to use for the encrypted connection. The | ||
186 | program must understand ssh(1) options. | ||
187 | |||
188 | -s subsystem | sftp_server | ||
189 | Specifies the SSH2 subsystem or the path for an sftp server on | ||
190 | the remote host. A path is useful for using sftp over protocol | ||
191 | version 1, or when the remote sshd(8) does not have an sftp | ||
192 | subsystem configured. | ||
193 | |||
194 | -v Raise logging level. This option is also passed to ssh. | ||
195 | |||
196 | INTERACTIVE COMMANDS | ||
197 | Once in interactive mode, sftp understands a set of commands similar to | ||
198 | those of ftp(1). Commands are case insensitive. Pathnames that contain | ||
199 | spaces must be enclosed in quotes. Any special characters contained | ||
200 | within pathnames that are recognized by glob(3) must be escaped with | ||
201 | backslashes (M-bM-^@M-^X\M-bM-^@M-^Y). | ||
202 | |||
203 | bye Quit sftp. | ||
204 | |||
205 | cd path | ||
206 | Change remote directory to path. | ||
207 | |||
208 | chgrp grp path | ||
209 | Change group of file path to grp. path may contain glob(3) | ||
210 | characters and may match multiple files. grp must be a numeric | ||
211 | GID. | ||
212 | |||
213 | chmod mode path | ||
214 | Change permissions of file path to mode. path may contain | ||
215 | glob(3) characters and may match multiple files. | ||
216 | |||
217 | chown own path | ||
218 | Change owner of file path to own. path may contain glob(3) | ||
219 | characters and may match multiple files. own must be a numeric | ||
220 | UID. | ||
221 | |||
222 | df [-hi] [path] | ||
223 | Display usage information for the filesystem holding the current | ||
224 | directory (or path if specified). If the -h flag is specified, | ||
225 | the capacity information will be displayed using "human-readable" | ||
226 | suffixes. The -i flag requests display of inode information in | ||
227 | addition to capacity information. This command is only supported | ||
228 | on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension. | ||
229 | |||
230 | exit Quit sftp. | ||
231 | |||
232 | get [-afPpr] remote-path [local-path] | ||
233 | Retrieve the remote-path and store it on the local machine. If | ||
234 | the local path name is not specified, it is given the same name | ||
235 | it has on the remote machine. remote-path may contain glob(3) | ||
236 | characters and may match multiple files. If it does and | ||
237 | local-path is specified, then local-path must specify a | ||
238 | directory. | ||
239 | |||
240 | If the -a flag is specified, then attempt to resume partial | ||
241 | transfers of existing files. Note that resumption assumes that | ||
242 | any partial copy of the local file matches the remote copy. If | ||
243 | the remote file contents differ from the partial local copy then | ||
244 | the resultant file is likely to be corrupt. | ||
245 | |||
246 | If the -f flag is specified, then fsync(2) will be called after | ||
247 | the file transfer has completed to flush the file to disk. | ||
248 | |||
249 | If either the -P or -p flag is specified, then full file | ||
250 | permissions and access times are copied too. | ||
251 | |||
252 | If the -r flag is specified then directories will be copied | ||
253 | recursively. Note that sftp does not follow symbolic links when | ||
254 | performing recursive transfers. | ||
255 | |||
256 | help Display help text. | ||
257 | |||
258 | lcd path | ||
259 | Change local directory to path. | ||
260 | |||
261 | lls [ls-options [path]] | ||
262 | Display local directory listing of either path or current | ||
263 | directory if path is not specified. ls-options may contain any | ||
264 | flags supported by the local system's ls(1) command. path may | ||
265 | contain glob(3) characters and may match multiple files. | ||
266 | |||
267 | lmkdir path | ||
268 | Create local directory specified by path. | ||
269 | |||
270 | ln [-s] oldpath newpath | ||
271 | Create a link from oldpath to newpath. If the -s flag is | ||
272 | specified the created link is a symbolic link, otherwise it is a | ||
273 | hard link. | ||
274 | |||
275 | lpwd Print local working directory. | ||
276 | |||
277 | ls [-1afhlnrSt] [path] | ||
278 | Display a remote directory listing of either path or the current | ||
279 | directory if path is not specified. path may contain glob(3) | ||
280 | characters and may match multiple files. | ||
281 | |||
282 | The following flags are recognized and alter the behaviour of ls | ||
283 | accordingly: | ||
284 | |||
285 | -1 Produce single columnar output. | ||
286 | |||
287 | -a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y). | ||
288 | |||
289 | -f Do not sort the listing. The default sort order is | ||
290 | lexicographical. | ||
291 | |||
292 | -h When used with a long format option, use unit suffixes: | ||
293 | Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, | ||
294 | and Exabyte in order to reduce the number of digits to | ||
295 | four or fewer using powers of 2 for sizes (K=1024, | ||
296 | M=1048576, etc.). | ||
297 | |||
298 | -l Display additional details including permissions and | ||
299 | ownership information. | ||
300 | |||
301 | -n Produce a long listing with user and group information | ||
302 | presented numerically. | ||
303 | |||
304 | -r Reverse the sort order of the listing. | ||
305 | |||
306 | -S Sort the listing by file size. | ||
307 | |||
308 | -t Sort the listing by last modification time. | ||
309 | |||
310 | lumask umask | ||
311 | Set local umask to umask. | ||
312 | |||
313 | mkdir path | ||
314 | Create remote directory specified by path. | ||
315 | |||
316 | progress | ||
317 | Toggle display of progress meter. | ||
318 | |||
319 | put [-afPpr] local-path [remote-path] | ||
320 | Upload local-path and store it on the remote machine. If the | ||
321 | remote path name is not specified, it is given the same name it | ||
322 | has on the local machine. local-path may contain glob(3) | ||
323 | characters and may match multiple files. If it does and | ||
324 | remote-path is specified, then remote-path must specify a | ||
325 | directory. | ||
326 | |||
327 | If the -a flag is specified, then attempt to resume partial | ||
328 | transfers of existing files. Note that resumption assumes that | ||
329 | any partial copy of the remote file matches the local copy. If | ||
330 | the local file contents differ from the remote local copy then | ||
331 | the resultant file is likely to be corrupt. | ||
332 | |||
333 | If the -f flag is specified, then a request will be sent to the | ||
334 | server to call fsync(2) after the file has been transferred. | ||
335 | Note that this is only supported by servers that implement the | ||
336 | "fsync@openssh.com" extension. | ||
337 | |||
338 | If either the -P or -p flag is specified, then full file | ||
339 | permissions and access times are copied too. | ||
340 | |||
341 | If the -r flag is specified then directories will be copied | ||
342 | recursively. Note that sftp does not follow symbolic links when | ||
343 | performing recursive transfers. | ||
344 | |||
345 | pwd Display remote working directory. | ||
346 | |||
347 | quit Quit sftp. | ||
348 | |||
349 | reget [-Ppr] remote-path [local-path] | ||
350 | Resume download of remote-path. Equivalent to get with the -a | ||
351 | flag set. | ||
352 | |||
353 | reput [-Ppr] [local-path] remote-path | ||
354 | Resume upload of [local-path]. Equivalent to put with the -a | ||
355 | flag set. | ||
356 | |||
357 | rename oldpath newpath | ||
358 | Rename remote file from oldpath to newpath. | ||
359 | |||
360 | rm path | ||
361 | Delete remote file specified by path. | ||
362 | |||
363 | rmdir path | ||
364 | Remove remote directory specified by path. | ||
365 | |||
366 | symlink oldpath newpath | ||
367 | Create a symbolic link from oldpath to newpath. | ||
368 | |||
369 | version | ||
370 | Display the sftp protocol version. | ||
371 | |||
372 | !command | ||
373 | Execute command in local shell. | ||
374 | |||
375 | ! Escape to local shell. | ||
376 | |||
377 | ? Synonym for help. | ||
378 | |||
379 | SEE ALSO | ||
380 | ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), | ||
381 | ssh_config(5), sftp-server(8), sshd(8) | ||
382 | |||
383 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | ||
384 | filexfer-00.txt, January 2001, work in progress material. | ||
385 | |||
386 | OpenBSD 6.0 July 16, 2016 OpenBSD 6.0 | ||
diff --git a/ssh-add.0 b/ssh-add.0 new file mode 100644 index 000000000..706bfe661 --- /dev/null +++ b/ssh-add.0 | |||
@@ -0,0 +1,129 @@ | |||
1 | SSH-ADD(1) General Commands Manual SSH-ADD(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-add M-bM-^@M-^S adds private key identities to the authentication agent | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...] | ||
8 | ssh-add -s pkcs11 | ||
9 | ssh-add -e pkcs11 | ||
10 | |||
11 | DESCRIPTION | ||
12 | ssh-add adds private key identities to the authentication agent, | ||
13 | ssh-agent(1). When run without arguments, it adds the files | ||
14 | ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and | ||
15 | ~/.ssh/identity. After loading a private key, ssh-add will try to load | ||
16 | corresponding certificate information from the filename obtained by | ||
17 | appending -cert.pub to the name of the private key file. Alternative | ||
18 | file names can be given on the command line. | ||
19 | |||
20 | If any file requires a passphrase, ssh-add asks for the passphrase from | ||
21 | the user. The passphrase is read from the user's tty. ssh-add retries | ||
22 | the last passphrase if multiple identity files are given. | ||
23 | |||
24 | The authentication agent must be running and the SSH_AUTH_SOCK | ||
25 | environment variable must contain the name of its socket for ssh-add to | ||
26 | work. | ||
27 | |||
28 | The options are as follows: | ||
29 | |||
30 | -c Indicates that added identities should be subject to confirmation | ||
31 | before being used for authentication. Confirmation is performed | ||
32 | by ssh-askpass(1). Successful confirmation is signaled by a zero | ||
33 | exit status from ssh-askpass(1), rather than text entered into | ||
34 | the requester. | ||
35 | |||
36 | -D Deletes all identities from the agent. | ||
37 | |||
38 | -d Instead of adding identities, removes identities from the agent. | ||
39 | If ssh-add has been run without arguments, the keys for the | ||
40 | default identities and their corresponding certificates will be | ||
41 | removed. Otherwise, the argument list will be interpreted as a | ||
42 | list of paths to public key files to specify keys and | ||
43 | certificates to be removed from the agent. If no public key is | ||
44 | found at a given path, ssh-add will append .pub and retry. | ||
45 | |||
46 | -E fingerprint_hash | ||
47 | Specifies the hash algorithm used when displaying key | ||
48 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
49 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
50 | |||
51 | -e pkcs11 | ||
52 | Remove keys provided by the PKCS#11 shared library pkcs11. | ||
53 | |||
54 | -k When loading keys into or deleting keys from the agent, process | ||
55 | plain private keys only and skip certificates. | ||
56 | |||
57 | -L Lists public key parameters of all identities currently | ||
58 | represented by the agent. | ||
59 | |||
60 | -l Lists fingerprints of all identities currently represented by the | ||
61 | agent. | ||
62 | |||
63 | -s pkcs11 | ||
64 | Add keys provided by the PKCS#11 shared library pkcs11. | ||
65 | |||
66 | -t life | ||
67 | Set a maximum lifetime when adding identities to an agent. The | ||
68 | lifetime may be specified in seconds or in a time format | ||
69 | specified in sshd_config(5). | ||
70 | |||
71 | -X Unlock the agent. | ||
72 | |||
73 | -x Lock the agent with a password. | ||
74 | |||
75 | ENVIRONMENT | ||
76 | DISPLAY and SSH_ASKPASS | ||
77 | If ssh-add needs a passphrase, it will read the passphrase from | ||
78 | the current terminal if it was run from a terminal. If ssh-add | ||
79 | does not have a terminal associated with it but DISPLAY and | ||
80 | SSH_ASKPASS are set, it will execute the program specified by | ||
81 | SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to | ||
82 | read the passphrase. This is particularly useful when calling | ||
83 | ssh-add from a .xsession or related script. (Note that on some | ||
84 | machines it may be necessary to redirect the input from /dev/null | ||
85 | to make this work.) | ||
86 | |||
87 | SSH_AUTH_SOCK | ||
88 | Identifies the path of a UNIX-domain socket used to communicate | ||
89 | with the agent. | ||
90 | |||
91 | FILES | ||
92 | ~/.ssh/identity | ||
93 | Contains the protocol version 1 RSA authentication identity of | ||
94 | the user. | ||
95 | |||
96 | ~/.ssh/id_dsa | ||
97 | Contains the protocol version 2 DSA authentication identity of | ||
98 | the user. | ||
99 | |||
100 | ~/.ssh/id_ecdsa | ||
101 | Contains the protocol version 2 ECDSA authentication identity of | ||
102 | the user. | ||
103 | |||
104 | ~/.ssh/id_ed25519 | ||
105 | Contains the protocol version 2 Ed25519 authentication identity | ||
106 | of the user. | ||
107 | |||
108 | ~/.ssh/id_rsa | ||
109 | Contains the protocol version 2 RSA authentication identity of | ||
110 | the user. | ||
111 | |||
112 | Identity files should not be readable by anyone but the user. Note that | ||
113 | ssh-add ignores identity files if they are accessible by others. | ||
114 | |||
115 | EXIT STATUS | ||
116 | Exit status is 0 on success, 1 if the specified command fails, and 2 if | ||
117 | ssh-add is unable to contact the authentication agent. | ||
118 | |||
119 | SEE ALSO | ||
120 | ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8) | ||
121 | |||
122 | AUTHORS | ||
123 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
124 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
125 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
126 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
127 | versions 1.5 and 2.0. | ||
128 | |||
129 | OpenBSD 6.0 March 30, 2015 OpenBSD 6.0 | ||
diff --git a/ssh-agent.0 b/ssh-agent.0 new file mode 100644 index 000000000..bb3c8d605 --- /dev/null +++ b/ssh-agent.0 | |||
@@ -0,0 +1,120 @@ | |||
1 | SSH-AGENT(1) General Commands Manual SSH-AGENT(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-agent M-bM-^@M-^S authentication agent | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash] | ||
8 | [-P pkcs11_whitelist] [-t life] [command [arg ...]] | ||
9 | ssh-agent [-c | -s] -k | ||
10 | |||
11 | DESCRIPTION | ||
12 | ssh-agent is a program to hold private keys used for public key | ||
13 | authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started | ||
14 | in the beginning of an X-session or a login session, and all other | ||
15 | windows or programs are started as clients to the ssh-agent program. | ||
16 | Through use of environment variables the agent can be located and | ||
17 | automatically used for authentication when logging in to other machines | ||
18 | using ssh(1). | ||
19 | |||
20 | The agent initially does not have any private keys. Keys are added using | ||
21 | ssh(1) (see AddKeysToAgent in ssh_config(5) for details) or ssh-add(1). | ||
22 | Multiple identities may be stored in ssh-agent concurrently and ssh(1) | ||
23 | will automatically use them if present. ssh-add(1) is also used to | ||
24 | remove keys from ssh-agent and to query the keys that are held in one. | ||
25 | |||
26 | The options are as follows: | ||
27 | |||
28 | -a bind_address | ||
29 | Bind the agent to the UNIX-domain socket bind_address. The | ||
30 | default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>. | ||
31 | |||
32 | -c Generate C-shell commands on stdout. This is the default if | ||
33 | SHELL looks like it's a csh style of shell. | ||
34 | |||
35 | -D Foreground mode. When this option is specified ssh-agent will | ||
36 | not fork. | ||
37 | |||
38 | -d Debug mode. When this option is specified ssh-agent will not | ||
39 | fork and will write debug information to standard error. | ||
40 | |||
41 | -E fingerprint_hash | ||
42 | Specifies the hash algorithm used when displaying key | ||
43 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
44 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
45 | |||
46 | -k Kill the current agent (given by the SSH_AGENT_PID environment | ||
47 | variable). | ||
48 | |||
49 | -P pkcs11_whitelist | ||
50 | Specify a pattern-list of acceptable paths for PKCS#11 shared | ||
51 | libraries that may be added using the -s option to ssh-add(1). | ||
52 | The default is to allow loading PKCS#11 libraries from | ||
53 | M-bM-^@M-^\/usr/lib/*,/usr/local/lib/*M-bM-^@M-^]. PKCS#11 libraries that do not | ||
54 | match the whitelist will be refused. See PATTERNS in | ||
55 | ssh_config(5) for a description of pattern-list syntax. | ||
56 | |||
57 | -s Generate Bourne shell commands on stdout. This is the default if | ||
58 | SHELL does not look like it's a csh style of shell. | ||
59 | |||
60 | -t life | ||
61 | Set a default value for the maximum lifetime of identities added | ||
62 | to the agent. The lifetime may be specified in seconds or in a | ||
63 | time format specified in sshd_config(5). A lifetime specified | ||
64 | for an identity with ssh-add(1) overrides this value. Without | ||
65 | this option the default maximum lifetime is forever. | ||
66 | |||
67 | If a command line is given, this is executed as a subprocess of the | ||
68 | agent. When the command dies, so does the agent. | ||
69 | |||
70 | The idea is that the agent is run in the user's local PC, laptop, or | ||
71 | terminal. Authentication data need not be stored on any other machine, | ||
72 | and authentication passphrases never go over the network. However, the | ||
73 | connection to the agent is forwarded over SSH remote logins, and the user | ||
74 | can thus use the privileges given by the identities anywhere in the | ||
75 | network in a secure way. | ||
76 | |||
77 | There are two main ways to get an agent set up: The first is that the | ||
78 | agent starts a new subcommand into which some environment variables are | ||
79 | exported, eg ssh-agent xterm &. The second is that the agent prints the | ||
80 | needed shell commands (either sh(1) or csh(1) syntax can be generated) | ||
81 | which can be evaluated in the calling shell, eg eval `ssh-agent -s` for | ||
82 | Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for | ||
83 | csh(1) and derivatives. | ||
84 | |||
85 | Later ssh(1) looks at these variables and uses them to establish a | ||
86 | connection to the agent. | ||
87 | |||
88 | The agent will never send a private key over its request channel. | ||
89 | Instead, operations that require a private key will be performed by the | ||
90 | agent, and the result will be returned to the requester. This way, | ||
91 | private keys are not exposed to clients using the agent. | ||
92 | |||
93 | A UNIX-domain socket is created and the name of this socket is stored in | ||
94 | the SSH_AUTH_SOCK environment variable. The socket is made accessible | ||
95 | only to the current user. This method is easily abused by root or | ||
96 | another instance of the same user. | ||
97 | |||
98 | The SSH_AGENT_PID environment variable holds the agent's process ID. | ||
99 | |||
100 | The agent exits automatically when the command given on the command line | ||
101 | terminates. | ||
102 | |||
103 | FILES | ||
104 | $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> | ||
105 | UNIX-domain sockets used to contain the connection to the | ||
106 | authentication agent. These sockets should only be readable by | ||
107 | the owner. The sockets should get automatically removed when the | ||
108 | agent exits. | ||
109 | |||
110 | SEE ALSO | ||
111 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | ||
112 | |||
113 | AUTHORS | ||
114 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
115 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
116 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
117 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
118 | versions 1.5 and 2.0. | ||
119 | |||
120 | OpenBSD 6.0 November 30, 2016 OpenBSD 6.0 | ||
diff --git a/ssh-keygen.0 b/ssh-keygen.0 new file mode 100644 index 000000000..569297da4 --- /dev/null +++ b/ssh-keygen.0 | |||
@@ -0,0 +1,570 @@ | |||
1 | SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] | ||
8 | [-N new_passphrase] [-C comment] [-f output_keyfile] | ||
9 | ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] | ||
10 | ssh-keygen -i [-m key_format] [-f input_keyfile] | ||
11 | ssh-keygen -e [-m key_format] [-f input_keyfile] | ||
12 | ssh-keygen -y [-f input_keyfile] | ||
13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] | ||
14 | ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] | ||
15 | ssh-keygen -B [-f input_keyfile] | ||
16 | ssh-keygen -D pkcs11 | ||
17 | ssh-keygen -F hostname [-f known_hosts_file] [-l] | ||
18 | ssh-keygen -H [-f known_hosts_file] | ||
19 | ssh-keygen -R hostname [-f known_hosts_file] | ||
20 | ssh-keygen -r hostname [-f input_keyfile] [-g] | ||
21 | ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] | ||
22 | ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines] | ||
23 | [-j start_line] [-K checkpt] [-W generator] | ||
24 | ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] | ||
25 | [-O option] [-V validity_interval] [-z serial_number] file ... | ||
26 | ssh-keygen -L [-f input_keyfile] | ||
27 | ssh-keygen -A | ||
28 | ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] | ||
29 | file ... | ||
30 | ssh-keygen -Q -f krl_file file ... | ||
31 | |||
32 | DESCRIPTION | ||
33 | ssh-keygen generates, manages and converts authentication keys for | ||
34 | ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1 | ||
35 | and 2. Protocol 1 should not be used and is only offered to support | ||
36 | legacy devices. It suffers from a number of cryptographic weaknesses and | ||
37 | doesn't support many of the advanced features available for protocol 2. | ||
38 | |||
39 | The type of key to be generated is specified with the -t option. If | ||
40 | invoked without any arguments, ssh-keygen will generate an RSA key for | ||
41 | use in SSH protocol 2 connections. | ||
42 | |||
43 | ssh-keygen is also used to generate groups for use in Diffie-Hellman | ||
44 | group exchange (DH-GEX). See the MODULI GENERATION section for details. | ||
45 | |||
46 | Finally, ssh-keygen can be used to generate and update Key Revocation | ||
47 | Lists, and to test whether given keys have been revoked by one. See the | ||
48 | KEY REVOCATION LISTS section for details. | ||
49 | |||
50 | Normally each user wishing to use SSH with public key authentication runs | ||
51 | this once to create the authentication key in ~/.ssh/identity, | ||
52 | ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa. | ||
53 | Additionally, the system administrator may use this to generate host | ||
54 | keys, as seen in /etc/rc. | ||
55 | |||
56 | Normally this program generates the key and asks for a file in which to | ||
57 | store the private key. The public key is stored in a file with the same | ||
58 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The | ||
59 | passphrase may be empty to indicate no passphrase (host keys must have an | ||
60 | empty passphrase), or it may be a string of arbitrary length. A | ||
61 | passphrase is similar to a password, except it can be a phrase with a | ||
62 | series of words, punctuation, numbers, whitespace, or any string of | ||
63 | characters you want. Good passphrases are 10-30 characters long, are not | ||
64 | simple sentences or otherwise easily guessable (English prose has only | ||
65 | 1-2 bits of entropy per character, and provides very bad passphrases), | ||
66 | and contain a mix of upper and lowercase letters, numbers, and non- | ||
67 | alphanumeric characters. The passphrase can be changed later by using | ||
68 | the -p option. | ||
69 | |||
70 | There is no way to recover a lost passphrase. If the passphrase is lost | ||
71 | or forgotten, a new key must be generated and the corresponding public | ||
72 | key copied to other machines. | ||
73 | |||
74 | For RSA1 keys and keys stored in the newer OpenSSH format, there is also | ||
75 | a comment field in the key file that is only for convenience to the user | ||
76 | to help identify the key. The comment can tell what the key is for, or | ||
77 | whatever is useful. The comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the | ||
78 | key is created, but can be changed using the -c option. | ||
79 | |||
80 | After a key is generated, instructions below detail where the keys should | ||
81 | be placed to be activated. | ||
82 | |||
83 | The options are as follows: | ||
84 | |||
85 | -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for | ||
86 | which host keys do not exist, generate the host keys with the | ||
87 | default key file path, an empty passphrase, default bits for the | ||
88 | key type, and default comment. This is used by /etc/rc to | ||
89 | generate new host keys. | ||
90 | |||
91 | -a rounds | ||
92 | When saving a new-format private key (i.e. an ed25519 key or any | ||
93 | SSH protocol 2 key when the -o flag is set), this option | ||
94 | specifies the number of KDF (key derivation function) rounds | ||
95 | used. Higher numbers result in slower passphrase verification | ||
96 | and increased resistance to brute-force password cracking (should | ||
97 | the keys be stolen). | ||
98 | |||
99 | When screening DH-GEX candidates ( using the -T command). This | ||
100 | option specifies the number of primality tests to perform. | ||
101 | |||
102 | -B Show the bubblebabble digest of specified private or public key | ||
103 | file. | ||
104 | |||
105 | -b bits | ||
106 | Specifies the number of bits in the key to create. For RSA keys, | ||
107 | the minimum size is 1024 bits and the default is 2048 bits. | ||
108 | Generally, 2048 bits is considered sufficient. DSA keys must be | ||
109 | exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, | ||
110 | the -b flag determines the key length by selecting from one of | ||
111 | three elliptic curve sizes: 256, 384 or 521 bits. Attempting to | ||
112 | use bit lengths other than these three values for ECDSA keys will | ||
113 | fail. Ed25519 keys have a fixed length and the -b flag will be | ||
114 | ignored. | ||
115 | |||
116 | -C comment | ||
117 | Provides a new comment. | ||
118 | |||
119 | -c Requests changing the comment in the private and public key | ||
120 | files. This operation is only supported for RSA1 keys and keys | ||
121 | stored in the newer OpenSSH format. The program will prompt for | ||
122 | the file containing the private keys, for the passphrase if the | ||
123 | key has one, and for the new comment. | ||
124 | |||
125 | -D pkcs11 | ||
126 | Download the RSA public keys provided by the PKCS#11 shared | ||
127 | library pkcs11. When used in combination with -s, this option | ||
128 | indicates that a CA key resides in a PKCS#11 token (see the | ||
129 | CERTIFICATES section for details). | ||
130 | |||
131 | -E fingerprint_hash | ||
132 | Specifies the hash algorithm used when displaying key | ||
133 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
134 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
135 | |||
136 | -e This option will read a private or public OpenSSH key file and | ||
137 | print to stdout the key in one of the formats specified by the -m | ||
138 | option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option | ||
139 | allows exporting OpenSSH keys for use by other programs, | ||
140 | including several commercial SSH implementations. | ||
141 | |||
142 | -F hostname | ||
143 | Search for the specified hostname in a known_hosts file, listing | ||
144 | any occurrences found. This option is useful to find hashed host | ||
145 | names or addresses and may also be used in conjunction with the | ||
146 | -H option to print found keys in a hashed format. | ||
147 | |||
148 | -f filename | ||
149 | Specifies the filename of the key file. | ||
150 | |||
151 | -G output_file | ||
152 | Generate candidate primes for DH-GEX. These primes must be | ||
153 | screened for safety (using the -T option) before use. | ||
154 | |||
155 | -g Use generic DNS format when printing fingerprint resource records | ||
156 | using the -r command. | ||
157 | |||
158 | -H Hash a known_hosts file. This replaces all hostnames and | ||
159 | addresses with hashed representations within the specified file; | ||
160 | the original content is moved to a file with a .old suffix. | ||
161 | These hashes may be used normally by ssh and sshd, but they do | ||
162 | not reveal identifying information should the file's contents be | ||
163 | disclosed. This option will not modify existing hashed hostnames | ||
164 | and is therefore safe to use on files that mix hashed and non- | ||
165 | hashed names. | ||
166 | |||
167 | -h When signing a key, create a host certificate instead of a user | ||
168 | certificate. Please see the CERTIFICATES section for details. | ||
169 | |||
170 | -I certificate_identity | ||
171 | Specify the key identity when signing a public key. Please see | ||
172 | the CERTIFICATES section for details. | ||
173 | |||
174 | -i This option will read an unencrypted private (or public) key file | ||
175 | in the format specified by the -m option and print an OpenSSH | ||
176 | compatible private (or public) key to stdout. This option allows | ||
177 | importing keys from other software, including several commercial | ||
178 | SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. | ||
179 | |||
180 | -J num_lines | ||
181 | Exit after screening the specified number of lines while | ||
182 | performing DH candidate screening using the -T option. | ||
183 | |||
184 | -j start_line | ||
185 | Start screening at the specified line number while performing DH | ||
186 | candidate screening using the -T option. | ||
187 | |||
188 | -K checkpt | ||
189 | Write the last line processed to the file checkpt while | ||
190 | performing DH candidate screening using the -T option. This will | ||
191 | be used to skip lines in the input file that have already been | ||
192 | processed if the job is restarted. | ||
193 | |||
194 | -k Generate a KRL file. In this mode, ssh-keygen will generate a | ||
195 | KRL file at the location specified via the -f flag that revokes | ||
196 | every key or certificate presented on the command line. | ||
197 | Keys/certificates to be revoked may be specified by public key | ||
198 | file or using the format described in the KEY REVOCATION LISTS | ||
199 | section. | ||
200 | |||
201 | -L Prints the contents of one or more certificates. | ||
202 | |||
203 | -l Show fingerprint of specified public key file. Private RSA1 keys | ||
204 | are also supported. For RSA and DSA keys ssh-keygen tries to | ||
205 | find the matching public key file and prints its fingerprint. If | ||
206 | combined with -v, a visual ASCII art representation of the key is | ||
207 | supplied with the fingerprint. | ||
208 | |||
209 | -M memory | ||
210 | Specify the amount of memory to use (in megabytes) when | ||
211 | generating candidate moduli for DH-GEX. | ||
212 | |||
213 | -m key_format | ||
214 | Specify a key format for the -i (import) or -e (export) | ||
215 | conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] | ||
216 | (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public | ||
217 | key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is | ||
218 | M-bM-^@M-^\RFC4716M-bM-^@M-^]. | ||
219 | |||
220 | -N new_passphrase | ||
221 | Provides the new passphrase. | ||
222 | |||
223 | -n principals | ||
224 | Specify one or more principals (user or host names) to be | ||
225 | included in a certificate when signing a key. Multiple | ||
226 | principals may be specified, separated by commas. Please see the | ||
227 | CERTIFICATES section for details. | ||
228 | |||
229 | -O option | ||
230 | Specify a certificate option when signing a key. This option may | ||
231 | be specified multiple times. Please see the CERTIFICATES section | ||
232 | for details. The options that are valid for user certificates | ||
233 | are: | ||
234 | |||
235 | clear Clear all enabled permissions. This is useful for | ||
236 | clearing the default set of permissions so permissions | ||
237 | may be added individually. | ||
238 | |||
239 | force-command=command | ||
240 | Forces the execution of command instead of any shell or | ||
241 | command specified by the user when the certificate is | ||
242 | used for authentication. | ||
243 | |||
244 | no-agent-forwarding | ||
245 | Disable ssh-agent(1) forwarding (permitted by default). | ||
246 | |||
247 | no-port-forwarding | ||
248 | Disable port forwarding (permitted by default). | ||
249 | |||
250 | no-pty Disable PTY allocation (permitted by default). | ||
251 | |||
252 | no-user-rc | ||
253 | Disable execution of ~/.ssh/rc by sshd(8) (permitted by | ||
254 | default). | ||
255 | |||
256 | no-x11-forwarding | ||
257 | Disable X11 forwarding (permitted by default). | ||
258 | |||
259 | permit-agent-forwarding | ||
260 | Allows ssh-agent(1) forwarding. | ||
261 | |||
262 | permit-port-forwarding | ||
263 | Allows port forwarding. | ||
264 | |||
265 | permit-pty | ||
266 | Allows PTY allocation. | ||
267 | |||
268 | permit-user-rc | ||
269 | Allows execution of ~/.ssh/rc by sshd(8). | ||
270 | |||
271 | permit-x11-forwarding | ||
272 | Allows X11 forwarding. | ||
273 | |||
274 | source-address=address_list | ||
275 | Restrict the source addresses from which the certificate | ||
276 | is considered valid. The address_list is a comma- | ||
277 | separated list of one or more address/netmask pairs in | ||
278 | CIDR format. | ||
279 | |||
280 | At present, no options are valid for host keys. | ||
281 | |||
282 | -o Causes ssh-keygen to save private keys using the new OpenSSH | ||
283 | format rather than the more compatible PEM format. The new | ||
284 | format has increased resistance to brute-force password cracking | ||
285 | but is not supported by versions of OpenSSH prior to 6.5. | ||
286 | Ed25519 keys always use the new private key format. | ||
287 | |||
288 | -P passphrase | ||
289 | Provides the (old) passphrase. | ||
290 | |||
291 | -p Requests changing the passphrase of a private key file instead of | ||
292 | creating a new private key. The program will prompt for the file | ||
293 | containing the private key, for the old passphrase, and twice for | ||
294 | the new passphrase. | ||
295 | |||
296 | -Q Test whether keys have been revoked in a KRL. | ||
297 | |||
298 | -q Silence ssh-keygen. | ||
299 | |||
300 | -R hostname | ||
301 | Removes all keys belonging to hostname from a known_hosts file. | ||
302 | This option is useful to delete hashed hosts (see the -H option | ||
303 | above). | ||
304 | |||
305 | -r hostname | ||
306 | Print the SSHFP fingerprint resource record named hostname for | ||
307 | the specified public key file. | ||
308 | |||
309 | -S start | ||
310 | Specify start point (in hex) when generating candidate moduli for | ||
311 | DH-GEX. | ||
312 | |||
313 | -s ca_key | ||
314 | Certify (sign) a public key using the specified CA key. Please | ||
315 | see the CERTIFICATES section for details. | ||
316 | |||
317 | When generating a KRL, -s specifies a path to a CA public key | ||
318 | file used to revoke certificates directly by key ID or serial | ||
319 | number. See the KEY REVOCATION LISTS section for details. | ||
320 | |||
321 | -T output_file | ||
322 | Test DH group exchange candidate primes (generated using the -G | ||
323 | option) for safety. | ||
324 | |||
325 | -t dsa | ecdsa | ed25519 | rsa | rsa1 | ||
326 | Specifies the type of key to create. The possible values are | ||
327 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or | ||
328 | M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. | ||
329 | |||
330 | -u Update a KRL. When specified with -k, keys listed via the | ||
331 | command line are added to the existing KRL rather than a new KRL | ||
332 | being created. | ||
333 | |||
334 | -V validity_interval | ||
335 | Specify a validity interval when signing a certificate. A | ||
336 | validity interval may consist of a single time, indicating that | ||
337 | the certificate is valid beginning now and expiring at that time, | ||
338 | or may consist of two times separated by a colon to indicate an | ||
339 | explicit time interval. The start time may be specified as a | ||
340 | date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a | ||
341 | relative time (to the current time) consisting of a minus sign | ||
342 | followed by a relative time in the format described in the TIME | ||
343 | FORMATS section of sshd_config(5). The end time may be specified | ||
344 | as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time | ||
345 | starting with a plus character. | ||
346 | |||
347 | For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day | ||
348 | from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks | ||
349 | from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, | ||
350 | January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] | ||
351 | (valid from yesterday to midnight, January 1st, 2011). | ||
352 | |||
353 | -v Verbose mode. Causes ssh-keygen to print debugging messages | ||
354 | about its progress. This is helpful for debugging moduli | ||
355 | generation. Multiple -v options increase the verbosity. The | ||
356 | maximum is 3. | ||
357 | |||
358 | -W generator | ||
359 | Specify desired generator when testing candidate moduli for DH- | ||
360 | GEX. | ||
361 | |||
362 | -y This option will read a private OpenSSH format file and print an | ||
363 | OpenSSH public key to stdout. | ||
364 | |||
365 | -z serial_number | ||
366 | Specifies a serial number to be embedded in the certificate to | ||
367 | distinguish this certificate from others from the same CA. The | ||
368 | default serial number is zero. | ||
369 | |||
370 | When generating a KRL, the -z flag is used to specify a KRL | ||
371 | version number. | ||
372 | |||
373 | MODULI GENERATION | ||
374 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group | ||
375 | Exchange (DH-GEX) protocol. Generating these groups is a two-step | ||
376 | process: first, candidate primes are generated using a fast, but memory | ||
377 | intensive process. These candidate primes are then tested for | ||
378 | suitability (a CPU-intensive process). | ||
379 | |||
380 | Generation of primes is performed using the -G option. The desired | ||
381 | length of the primes may be specified by the -b option. For example: | ||
382 | |||
383 | # ssh-keygen -G moduli-2048.candidates -b 2048 | ||
384 | |||
385 | By default, the search for primes begins at a random point in the desired | ||
386 | length range. This may be overridden using the -S option, which | ||
387 | specifies a different start point (in hex). | ||
388 | |||
389 | Once a set of candidates have been generated, they must be screened for | ||
390 | suitability. This may be performed using the -T option. In this mode | ||
391 | ssh-keygen will read candidates from standard input (or a file specified | ||
392 | using the -f option). For example: | ||
393 | |||
394 | # ssh-keygen -T moduli-2048 -f moduli-2048.candidates | ||
395 | |||
396 | By default, each candidate will be subjected to 100 primality tests. | ||
397 | This may be overridden using the -a option. The DH generator value will | ||
398 | be chosen automatically for the prime under consideration. If a specific | ||
399 | generator is desired, it may be requested using the -W option. Valid | ||
400 | generator values are 2, 3, and 5. | ||
401 | |||
402 | Screened DH groups may be installed in /etc/moduli. It is important that | ||
403 | this file contains moduli of a range of bit lengths and that both ends of | ||
404 | a connection share common moduli. | ||
405 | |||
406 | CERTIFICATES | ||
407 | ssh-keygen supports signing of keys to produce certificates that may be | ||
408 | used for user or host authentication. Certificates consist of a public | ||
409 | key, some identity information, zero or more principal (user or host) | ||
410 | names and a set of options that are signed by a Certification Authority | ||
411 | (CA) key. Clients or servers may then trust only the CA key and verify | ||
412 | its signature on a certificate rather than trusting many user/host keys. | ||
413 | Note that OpenSSH certificates are a different, and much simpler, format | ||
414 | to the X.509 certificates used in ssl(8). | ||
415 | |||
416 | ssh-keygen supports two types of certificates: user and host. User | ||
417 | certificates authenticate users to servers, whereas host certificates | ||
418 | authenticate server hosts to users. To generate a user certificate: | ||
419 | |||
420 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub | ||
421 | |||
422 | The resultant certificate will be placed in /path/to/user_key-cert.pub. | ||
423 | A host certificate requires the -h option: | ||
424 | |||
425 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub | ||
426 | |||
427 | The host certificate will be output to /path/to/host_key-cert.pub. | ||
428 | |||
429 | It is possible to sign using a CA key stored in a PKCS#11 token by | ||
430 | providing the token library using -D and identifying the CA key by | ||
431 | providing its public half as an argument to -s: | ||
432 | |||
433 | $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub | ||
434 | |||
435 | In all cases, key_id is a "key identifier" that is logged by the server | ||
436 | when the certificate is used for authentication. | ||
437 | |||
438 | Certificates may be limited to be valid for a set of principal | ||
439 | (user/host) names. By default, generated certificates are valid for all | ||
440 | users or hosts. To generate a certificate for a specified set of | ||
441 | principals: | ||
442 | |||
443 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub | ||
444 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub | ||
445 | |||
446 | Additional limitations on the validity and use of user certificates may | ||
447 | be specified through certificate options. A certificate option may | ||
448 | disable features of the SSH session, may be valid only when presented | ||
449 | from particular source addresses or may force the use of a specific | ||
450 | command. For a list of valid certificate options, see the documentation | ||
451 | for the -O option above. | ||
452 | |||
453 | Finally, certificates may be defined with a validity lifetime. The -V | ||
454 | option allows specification of certificate start and end times. A | ||
455 | certificate that is presented at a time outside this range will not be | ||
456 | considered valid. By default, certificates are valid from UNIX Epoch to | ||
457 | the distant future. | ||
458 | |||
459 | For certificates to be used for user or host authentication, the CA | ||
460 | public key must be trusted by sshd(8) or ssh(1). Please refer to those | ||
461 | manual pages for details. | ||
462 | |||
463 | KEY REVOCATION LISTS | ||
464 | ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs). | ||
465 | These binary files specify keys or certificates to be revoked using a | ||
466 | compact format, taking as little as one bit per certificate if they are | ||
467 | being revoked by serial number. | ||
468 | |||
469 | KRLs may be generated using the -k flag. This option reads one or more | ||
470 | files from the command line and generates a new KRL. The files may | ||
471 | either contain a KRL specification (see below) or public keys, listed one | ||
472 | per line. Plain public keys are revoked by listing their hash or | ||
473 | contents in the KRL and certificates revoked by serial number or key ID | ||
474 | (if the serial is zero or not available). | ||
475 | |||
476 | Revoking keys using a KRL specification offers explicit control over the | ||
477 | types of record used to revoke keys and may be used to directly revoke | ||
478 | certificates by serial number or key ID without having the complete | ||
479 | original certificate on hand. A KRL specification consists of lines | ||
480 | containing one of the following directives followed by a colon and some | ||
481 | directive-specific information. | ||
482 | |||
483 | serial: serial_number[-serial_number] | ||
484 | Revokes a certificate with the specified serial number. Serial | ||
485 | numbers are 64-bit values, not including zero and may be | ||
486 | expressed in decimal, hex or octal. If two serial numbers are | ||
487 | specified separated by a hyphen, then the range of serial numbers | ||
488 | including and between each is revoked. The CA key must have been | ||
489 | specified on the ssh-keygen command line using the -s option. | ||
490 | |||
491 | id: key_id | ||
492 | Revokes a certificate with the specified key ID string. The CA | ||
493 | key must have been specified on the ssh-keygen command line using | ||
494 | the -s option. | ||
495 | |||
496 | key: public_key | ||
497 | Revokes the specified key. If a certificate is listed, then it | ||
498 | is revoked as a plain public key. | ||
499 | |||
500 | sha1: public_key | ||
501 | Revokes the specified key by its SHA1 hash. | ||
502 | |||
503 | KRLs may be updated using the -u flag in addition to -k. When this | ||
504 | option is specified, keys listed via the command line are merged into the | ||
505 | KRL, adding to those already there. | ||
506 | |||
507 | It is also possible, given a KRL, to test whether it revokes a particular | ||
508 | key (or keys). The -Q flag will query an existing KRL, testing each key | ||
509 | specified on the command line. If any key listed on the command line has | ||
510 | been revoked (or an error encountered) then ssh-keygen will exit with a | ||
511 | non-zero exit status. A zero exit status will only be returned if no key | ||
512 | was revoked. | ||
513 | |||
514 | FILES | ||
515 | ~/.ssh/identity | ||
516 | Contains the protocol version 1 RSA authentication identity of | ||
517 | the user. This file should not be readable by anyone but the | ||
518 | user. It is possible to specify a passphrase when generating the | ||
519 | key; that passphrase will be used to encrypt the private part of | ||
520 | this file using 3DES. This file is not automatically accessed by | ||
521 | ssh-keygen but it is offered as the default file for the private | ||
522 | key. ssh(1) will read this file when a login attempt is made. | ||
523 | |||
524 | ~/.ssh/identity.pub | ||
525 | Contains the protocol version 1 RSA public key for | ||
526 | authentication. The contents of this file should be added to | ||
527 | ~/.ssh/authorized_keys on all machines where the user wishes to | ||
528 | log in using RSA authentication. There is no need to keep the | ||
529 | contents of this file secret. | ||
530 | |||
531 | ~/.ssh/id_dsa | ||
532 | ~/.ssh/id_ecdsa | ||
533 | ~/.ssh/id_ed25519 | ||
534 | ~/.ssh/id_rsa | ||
535 | Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA | ||
536 | authentication identity of the user. This file should not be | ||
537 | readable by anyone but the user. It is possible to specify a | ||
538 | passphrase when generating the key; that passphrase will be used | ||
539 | to encrypt the private part of this file using 128-bit AES. This | ||
540 | file is not automatically accessed by ssh-keygen but it is | ||
541 | offered as the default file for the private key. ssh(1) will | ||
542 | read this file when a login attempt is made. | ||
543 | |||
544 | ~/.ssh/id_dsa.pub | ||
545 | ~/.ssh/id_ecdsa.pub | ||
546 | ~/.ssh/id_ed25519.pub | ||
547 | ~/.ssh/id_rsa.pub | ||
548 | Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public | ||
549 | key for authentication. The contents of this file should be | ||
550 | added to ~/.ssh/authorized_keys on all machines where the user | ||
551 | wishes to log in using public key authentication. There is no | ||
552 | need to keep the contents of this file secret. | ||
553 | |||
554 | /etc/moduli | ||
555 | Contains Diffie-Hellman groups used for DH-GEX. The file format | ||
556 | is described in moduli(5). | ||
557 | |||
558 | SEE ALSO | ||
559 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) | ||
560 | |||
561 | The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. | ||
562 | |||
563 | AUTHORS | ||
564 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
565 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
566 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
567 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
568 | versions 1.5 and 2.0. | ||
569 | |||
570 | OpenBSD 6.0 June 16, 2016 OpenBSD 6.0 | ||
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 new file mode 100644 index 000000000..e9d9f0d8b --- /dev/null +++ b/ssh-keyscan.0 | |||
@@ -0,0 +1,111 @@ | |||
1 | SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1) | ||
2 | |||
3 | NAME | ||
4 | ssh-keyscan M-bM-^@M-^S gather ssh public keys | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keyscan [-46cHv] [-f file] [-p port] [-T timeout] [-t type] | ||
8 | [host | addrlist namelist] ... | ||
9 | |||
10 | DESCRIPTION | ||
11 | ssh-keyscan is a utility for gathering the public ssh host keys of a | ||
12 | number of hosts. It was designed to aid in building and verifying | ||
13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable | ||
14 | for use by shell and perl scripts. | ||
15 | |||
16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as | ||
17 | possible in parallel, so it is very efficient. The keys from a domain of | ||
18 | 1,000 hosts can be collected in tens of seconds, even when some of those | ||
19 | hosts are down or do not run ssh. For scanning, one does not need login | ||
20 | access to the machines that are being scanned, nor does the scanning | ||
21 | process involve any encryption. | ||
22 | |||
23 | The options are as follows: | ||
24 | |||
25 | -4 Forces ssh-keyscan to use IPv4 addresses only. | ||
26 | |||
27 | -6 Forces ssh-keyscan to use IPv6 addresses only. | ||
28 | |||
29 | -c Request certificates from target hosts instead of plain keys. | ||
30 | |||
31 | -f file | ||
32 | Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. | ||
33 | If - is supplied instead of a filename, ssh-keyscan will read | ||
34 | hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from the standard input. | ||
35 | |||
36 | -H Hash all hostnames and addresses in the output. Hashed names may | ||
37 | be used normally by ssh and sshd, but they do not reveal | ||
38 | identifying information should the file's contents be disclosed. | ||
39 | |||
40 | -p port | ||
41 | Port to connect to on the remote host. | ||
42 | |||
43 | -T timeout | ||
44 | Set the timeout for connection attempts. If timeout seconds have | ||
45 | elapsed since a connection was initiated to a host or since the | ||
46 | last time anything was read from that host, then the connection | ||
47 | is closed and the host in question considered unavailable. | ||
48 | Default is 5 seconds. | ||
49 | |||
50 | -t type | ||
51 | Specifies the type of the key to fetch from the scanned hosts. | ||
52 | The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], | ||
53 | M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple | ||
54 | values may be specified by separating them with commas. The | ||
55 | default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys. | ||
56 | |||
57 | -v Verbose mode. Causes ssh-keyscan to print debugging messages | ||
58 | about its progress. | ||
59 | |||
60 | SECURITY | ||
61 | If an ssh_known_hosts file is constructed using ssh-keyscan without | ||
62 | verifying the keys, users will be vulnerable to man in the middle | ||
63 | attacks. On the other hand, if the security model allows such a risk, | ||
64 | ssh-keyscan can help in the detection of tampered keyfiles or man in the | ||
65 | middle attacks which have begun after the ssh_known_hosts file was | ||
66 | created. | ||
67 | |||
68 | FILES | ||
69 | Input format: | ||
70 | |||
71 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 | ||
72 | |||
73 | Output format for RSA1 keys: | ||
74 | |||
75 | host-or-namelist bits exponent modulus | ||
76 | |||
77 | Output format for RSA, DSA, ECDSA, and Ed25519 keys: | ||
78 | |||
79 | host-or-namelist keytype base64-encoded-key | ||
80 | |||
81 | Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], | ||
82 | M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^]. | ||
83 | |||
84 | /etc/ssh/ssh_known_hosts | ||
85 | |||
86 | EXAMPLES | ||
87 | Print the rsa host key for machine hostname: | ||
88 | |||
89 | $ ssh-keyscan hostname | ||
90 | |||
91 | Find all hosts from the file ssh_hosts which have new or different keys | ||
92 | from those in the sorted file ssh_known_hosts: | ||
93 | |||
94 | $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \ | ||
95 | sort -u - ssh_known_hosts | diff ssh_known_hosts - | ||
96 | |||
97 | SEE ALSO | ||
98 | ssh(1), sshd(8) | ||
99 | |||
100 | AUTHORS | ||
101 | David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne | ||
102 | Davison <wayned@users.sourceforge.net> added support for protocol version | ||
103 | 2. | ||
104 | |||
105 | BUGS | ||
106 | It generates "Connection closed by remote host" messages on the consoles | ||
107 | of all the machines it scans if the server is older than version 2.9. | ||
108 | This is because it opens a connection to the ssh port, reads the public | ||
109 | key, and drops the connection as soon as it gets the key. | ||
110 | |||
111 | OpenBSD 6.0 November 8, 2015 OpenBSD 6.0 | ||
diff --git a/ssh-keysign.0 b/ssh-keysign.0 new file mode 100644 index 000000000..34a451d62 --- /dev/null +++ b/ssh-keysign.0 | |||
@@ -0,0 +1,52 @@ | |||
1 | SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) | ||
2 | |||
3 | NAME | ||
4 | ssh-keysign M-bM-^@M-^S ssh helper program for host-based authentication | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-keysign | ||
8 | |||
9 | DESCRIPTION | ||
10 | ssh-keysign is used by ssh(1) to access the local host keys and generate | ||
11 | the digital signature required during host-based authentication. | ||
12 | |||
13 | ssh-keysign is disabled by default and can only be enabled in the global | ||
14 | client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign | ||
15 | to M-bM-^@M-^\yesM-bM-^@M-^]. | ||
16 | |||
17 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). | ||
18 | See ssh(1) and sshd(8) for more information about host-based | ||
19 | authentication. | ||
20 | |||
21 | FILES | ||
22 | /etc/ssh/ssh_config | ||
23 | Controls whether ssh-keysign is enabled. | ||
24 | |||
25 | /etc/ssh/ssh_host_dsa_key | ||
26 | /etc/ssh/ssh_host_ecdsa_key | ||
27 | /etc/ssh/ssh_host_ed25519_key | ||
28 | /etc/ssh/ssh_host_rsa_key | ||
29 | These files contain the private parts of the host keys used to | ||
30 | generate the digital signature. They should be owned by root, | ||
31 | readable only by root, and not accessible to others. Since they | ||
32 | are readable only by root, ssh-keysign must be set-uid root if | ||
33 | host-based authentication is used. | ||
34 | |||
35 | /etc/ssh/ssh_host_dsa_key-cert.pub | ||
36 | /etc/ssh/ssh_host_ecdsa_key-cert.pub | ||
37 | /etc/ssh/ssh_host_ed25519_key-cert.pub | ||
38 | /etc/ssh/ssh_host_rsa_key-cert.pub | ||
39 | If these files exist they are assumed to contain public | ||
40 | certificate information corresponding with the private keys | ||
41 | above. | ||
42 | |||
43 | SEE ALSO | ||
44 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) | ||
45 | |||
46 | HISTORY | ||
47 | ssh-keysign first appeared in OpenBSD 3.2. | ||
48 | |||
49 | AUTHORS | ||
50 | Markus Friedl <markus@openbsd.org> | ||
51 | |||
52 | OpenBSD 6.0 February 17, 2016 OpenBSD 6.0 | ||
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 new file mode 100644 index 000000000..1b58361a6 --- /dev/null +++ b/ssh-pkcs11-helper.0 | |||
@@ -0,0 +1,25 @@ | |||
1 | SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8) | ||
2 | |||
3 | NAME | ||
4 | ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh-pkcs11-helper | ||
8 | |||
9 | DESCRIPTION | ||
10 | ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a | ||
11 | PKCS#11 token. | ||
12 | |||
13 | ssh-pkcs11-helper is not intended to be invoked by the user, but from | ||
14 | ssh-agent(1). | ||
15 | |||
16 | SEE ALSO | ||
17 | ssh(1), ssh-add(1), ssh-agent(1) | ||
18 | |||
19 | HISTORY | ||
20 | ssh-pkcs11-helper first appeared in OpenBSD 4.7. | ||
21 | |||
22 | AUTHORS | ||
23 | Markus Friedl <markus@openbsd.org> | ||
24 | |||
25 | OpenBSD 6.0 July 16, 2013 OpenBSD 6.0 | ||
@@ -0,0 +1,971 @@ | |||
1 | SSH(1) General Commands Manual SSH(1) | ||
2 | |||
3 | NAME | ||
4 | ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) | ||
5 | |||
6 | SYNOPSIS | ||
7 | ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] | ||
8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] | ||
9 | [-F configfile] [-I pkcs11] [-i identity_file] | ||
10 | [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] | ||
11 | [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] | ||
12 | [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] | ||
13 | [user@]hostname [command] | ||
14 | |||
15 | DESCRIPTION | ||
16 | ssh (SSH client) is a program for logging into a remote machine and for | ||
17 | executing commands on a remote machine. It is intended to provide secure | ||
18 | encrypted communications between two untrusted hosts over an insecure | ||
19 | network. X11 connections, arbitrary TCP ports and UNIX-domain sockets | ||
20 | can also be forwarded over the secure channel. | ||
21 | |||
22 | ssh connects and logs into the specified hostname (with optional user | ||
23 | name). The user must prove his/her identity to the remote machine using | ||
24 | one of several methods (see below). | ||
25 | |||
26 | If command is specified, it is executed on the remote host instead of a | ||
27 | login shell. | ||
28 | |||
29 | The options are as follows: | ||
30 | |||
31 | -1 Forces ssh to try protocol version 1 only. | ||
32 | |||
33 | -2 Forces ssh to try protocol version 2 only. | ||
34 | |||
35 | -4 Forces ssh to use IPv4 addresses only. | ||
36 | |||
37 | -6 Forces ssh to use IPv6 addresses only. | ||
38 | |||
39 | -A Enables forwarding of the authentication agent connection. This | ||
40 | can also be specified on a per-host basis in a configuration | ||
41 | file. | ||
42 | |||
43 | Agent forwarding should be enabled with caution. Users with the | ||
44 | ability to bypass file permissions on the remote host (for the | ||
45 | agent's UNIX-domain socket) can access the local agent through | ||
46 | the forwarded connection. An attacker cannot obtain key material | ||
47 | from the agent, however they can perform operations on the keys | ||
48 | that enable them to authenticate using the identities loaded into | ||
49 | the agent. | ||
50 | |||
51 | -a Disables forwarding of the authentication agent connection. | ||
52 | |||
53 | -b bind_address | ||
54 | Use bind_address on the local machine as the source address of | ||
55 | the connection. Only useful on systems with more than one | ||
56 | address. | ||
57 | |||
58 | -C Requests compression of all data (including stdin, stdout, | ||
59 | stderr, and data for forwarded X11, TCP and UNIX-domain | ||
60 | connections). The compression algorithm is the same used by | ||
61 | gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the | ||
62 | CompressionLevel option for protocol version 1. Compression is | ||
63 | desirable on modem lines and other slow connections, but will | ||
64 | only slow down things on fast networks. The default value can be | ||
65 | set on a host-by-host basis in the configuration files; see the | ||
66 | Compression option. | ||
67 | |||
68 | -c cipher_spec | ||
69 | Selects the cipher specification for encrypting the session. | ||
70 | |||
71 | Protocol version 1 allows specification of a single cipher. The | ||
72 | supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol | ||
73 | version 2, cipher_spec is a comma-separated list of ciphers | ||
74 | listed in order of preference. See the Ciphers keyword in | ||
75 | ssh_config(5) for more information. | ||
76 | |||
77 | -D [bind_address:]port | ||
78 | Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. | ||
79 | This works by allocating a socket to listen to port on the local | ||
80 | side, optionally bound to the specified bind_address. Whenever a | ||
81 | connection is made to this port, the connection is forwarded over | ||
82 | the secure channel, and the application protocol is then used to | ||
83 | determine where to connect to from the remote machine. Currently | ||
84 | the SOCKS4 and SOCKS5 protocols are supported, and ssh will act | ||
85 | as a SOCKS server. Only root can forward privileged ports. | ||
86 | Dynamic port forwardings can also be specified in the | ||
87 | configuration file. | ||
88 | |||
89 | IPv6 addresses can be specified by enclosing the address in | ||
90 | square brackets. Only the superuser can forward privileged | ||
91 | ports. By default, the local port is bound in accordance with | ||
92 | the GatewayPorts setting. However, an explicit bind_address may | ||
93 | be used to bind the connection to a specific address. The | ||
94 | bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be | ||
95 | bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates | ||
96 | that the port should be available from all interfaces. | ||
97 | |||
98 | -E log_file | ||
99 | Append debug logs to log_file instead of standard error. | ||
100 | |||
101 | -e escape_char | ||
102 | Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y). | ||
103 | The escape character is only recognized at the beginning of a | ||
104 | line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the | ||
105 | connection; followed by control-Z suspends the connection; and | ||
106 | followed by itself sends the escape character once. Setting the | ||
107 | character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session | ||
108 | fully transparent. | ||
109 | |||
110 | -F configfile | ||
111 | Specifies an alternative per-user configuration file. If a | ||
112 | configuration file is given on the command line, the system-wide | ||
113 | configuration file (/etc/ssh/ssh_config) will be ignored. The | ||
114 | default for the per-user configuration file is ~/.ssh/config. | ||
115 | |||
116 | -f Requests ssh to go to background just before command execution. | ||
117 | This is useful if ssh is going to ask for passwords or | ||
118 | passphrases, but the user wants it in the background. This | ||
119 | implies -n. The recommended way to start X11 programs at a | ||
120 | remote site is with something like ssh -f host xterm. | ||
121 | |||
122 | If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^], | ||
123 | then a client started with -f will wait for all remote port | ||
124 | forwards to be successfully established before placing itself in | ||
125 | the background. | ||
126 | |||
127 | -G Causes ssh to print its configuration after evaluating Host and | ||
128 | Match blocks and exit. | ||
129 | |||
130 | -g Allows remote hosts to connect to local forwarded ports. If used | ||
131 | on a multiplexed connection, then this option must be specified | ||
132 | on the master process. | ||
133 | |||
134 | -I pkcs11 | ||
135 | Specify the PKCS#11 shared library ssh should use to communicate | ||
136 | with a PKCS#11 token providing the user's private RSA key. | ||
137 | |||
138 | -i identity_file | ||
139 | Selects a file from which the identity (private key) for public | ||
140 | key authentication is read. The default is ~/.ssh/identity for | ||
141 | protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, | ||
142 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. | ||
143 | Identity files may also be specified on a per-host basis in the | ||
144 | configuration file. It is possible to have multiple -i options | ||
145 | (and multiple identities specified in configuration files). If | ||
146 | no certificates have been explicitly specified by the | ||
147 | CertificateFile directive, ssh will also try to load certificate | ||
148 | information from the filename obtained by appending -cert.pub to | ||
149 | identity filenames. | ||
150 | |||
151 | -J [user@]host[:port] | ||
152 | Connect to the target host by first making a ssh connection to | ||
153 | the jump host and then establishing a TCP forwarding to the | ||
154 | ultimate destination from there. Multiple jump hops may be | ||
155 | specified separated by comma characters. This is a shortcut to | ||
156 | specify a ProxyJump configuration directive. | ||
157 | |||
158 | -K Enables GSSAPI-based authentication and forwarding (delegation) | ||
159 | of GSSAPI credentials to the server. | ||
160 | |||
161 | -k Disables forwarding (delegation) of GSSAPI credentials to the | ||
162 | server. | ||
163 | |||
164 | -L [bind_address:]port:host:hostport | ||
165 | -L [bind_address:]port:remote_socket | ||
166 | -L local_socket:host:hostport | ||
167 | -L local_socket:remote_socket | ||
168 | Specifies that connections to the given TCP port or Unix socket | ||
169 | on the local (client) host are to be forwarded to the given host | ||
170 | and port, or Unix socket, on the remote side. This works by | ||
171 | allocating a socket to listen to either a TCP port on the local | ||
172 | side, optionally bound to the specified bind_address, or to a | ||
173 | Unix socket. Whenever a connection is made to the local port or | ||
174 | socket, the connection is forwarded over the secure channel, and | ||
175 | a connection is made to either host port hostport, or the Unix | ||
176 | socket remote_socket, from the remote machine. | ||
177 | |||
178 | Port forwardings can also be specified in the configuration file. | ||
179 | Only the superuser can forward privileged ports. IPv6 addresses | ||
180 | can be specified by enclosing the address in square brackets. | ||
181 | |||
182 | By default, the local port is bound in accordance with the | ||
183 | GatewayPorts setting. However, an explicit bind_address may be | ||
184 | used to bind the connection to a specific address. The | ||
185 | bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be | ||
186 | bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates | ||
187 | that the port should be available from all interfaces. | ||
188 | |||
189 | -l login_name | ||
190 | Specifies the user to log in as on the remote machine. This also | ||
191 | may be specified on a per-host basis in the configuration file. | ||
192 | |||
193 | -M Places the ssh client into M-bM-^@M-^\masterM-bM-^@M-^] mode for connection sharing. | ||
194 | Multiple -M options places ssh into M-bM-^@M-^\masterM-bM-^@M-^] mode with | ||
195 | confirmation required before slave connections are accepted. | ||
196 | Refer to the description of ControlMaster in ssh_config(5) for | ||
197 | details. | ||
198 | |||
199 | -m mac_spec | ||
200 | A comma-separated list of MAC (message authentication code) | ||
201 | algorithms, specified in order of preference. See the MACs | ||
202 | keyword for more information. | ||
203 | |||
204 | -N Do not execute a remote command. This is useful for just | ||
205 | forwarding ports. | ||
206 | |||
207 | -n Redirects stdin from /dev/null (actually, prevents reading from | ||
208 | stdin). This must be used when ssh is run in the background. A | ||
209 | common trick is to use this to run X11 programs on a remote | ||
210 | machine. For example, ssh -n shadows.cs.hut.fi emacs & will | ||
211 | start an emacs on shadows.cs.hut.fi, and the X11 connection will | ||
212 | be automatically forwarded over an encrypted channel. The ssh | ||
213 | program will be put in the background. (This does not work if | ||
214 | ssh needs to ask for a password or passphrase; see also the -f | ||
215 | option.) | ||
216 | |||
217 | -O ctl_cmd | ||
218 | Control an active connection multiplexing master process. When | ||
219 | the -O option is specified, the ctl_cmd argument is interpreted | ||
220 | and passed to the master process. Valid commands are: M-bM-^@M-^\checkM-bM-^@M-^] | ||
221 | (check that the master process is running), M-bM-^@M-^\forwardM-bM-^@M-^] (request | ||
222 | forwardings without command execution), M-bM-^@M-^\cancelM-bM-^@M-^] (cancel | ||
223 | forwardings), M-bM-^@M-^\exitM-bM-^@M-^] (request the master to exit), and M-bM-^@M-^\stopM-bM-^@M-^] | ||
224 | (request the master to stop accepting further multiplexing | ||
225 | requests). | ||
226 | |||
227 | -o option | ||
228 | Can be used to give options in the format used in the | ||
229 | configuration file. This is useful for specifying options for | ||
230 | which there is no separate command-line flag. For full details | ||
231 | of the options listed below, and their possible values, see | ||
232 | ssh_config(5). | ||
233 | |||
234 | AddKeysToAgent | ||
235 | AddressFamily | ||
236 | BatchMode | ||
237 | BindAddress | ||
238 | CanonicalDomains | ||
239 | CanonicalizeFallbackLocal | ||
240 | CanonicalizeHostname | ||
241 | CanonicalizeMaxDots | ||
242 | CanonicalizePermittedCNAMEs | ||
243 | CertificateFile | ||
244 | ChallengeResponseAuthentication | ||
245 | CheckHostIP | ||
246 | Cipher | ||
247 | Ciphers | ||
248 | ClearAllForwardings | ||
249 | Compression | ||
250 | CompressionLevel | ||
251 | ConnectionAttempts | ||
252 | ConnectTimeout | ||
253 | ControlMaster | ||
254 | ControlPath | ||
255 | ControlPersist | ||
256 | DynamicForward | ||
257 | EscapeChar | ||
258 | ExitOnForwardFailure | ||
259 | FingerprintHash | ||
260 | ForwardAgent | ||
261 | ForwardX11 | ||
262 | ForwardX11Timeout | ||
263 | ForwardX11Trusted | ||
264 | GatewayPorts | ||
265 | GlobalKnownHostsFile | ||
266 | GSSAPIAuthentication | ||
267 | GSSAPIDelegateCredentials | ||
268 | HashKnownHosts | ||
269 | Host | ||
270 | HostbasedAuthentication | ||
271 | HostbasedKeyTypes | ||
272 | HostKeyAlgorithms | ||
273 | HostKeyAlias | ||
274 | HostName | ||
275 | IdentitiesOnly | ||
276 | IdentityAgent | ||
277 | IdentityFile | ||
278 | Include | ||
279 | IPQoS | ||
280 | KbdInteractiveAuthentication | ||
281 | KbdInteractiveDevices | ||
282 | KexAlgorithms | ||
283 | LocalCommand | ||
284 | LocalForward | ||
285 | LogLevel | ||
286 | MACs | ||
287 | Match | ||
288 | NoHostAuthenticationForLocalhost | ||
289 | NumberOfPasswordPrompts | ||
290 | PasswordAuthentication | ||
291 | PermitLocalCommand | ||
292 | PKCS11Provider | ||
293 | Port | ||
294 | PreferredAuthentications | ||
295 | Protocol | ||
296 | ProxyCommand | ||
297 | ProxyJump | ||
298 | ProxyUseFdpass | ||
299 | PubkeyAcceptedKeyTypes | ||
300 | PubkeyAuthentication | ||
301 | RekeyLimit | ||
302 | RemoteForward | ||
303 | RequestTTY | ||
304 | RhostsRSAAuthentication | ||
305 | RSAAuthentication | ||
306 | SendEnv | ||
307 | ServerAliveInterval | ||
308 | ServerAliveCountMax | ||
309 | StreamLocalBindMask | ||
310 | StreamLocalBindUnlink | ||
311 | StrictHostKeyChecking | ||
312 | TCPKeepAlive | ||
313 | Tunnel | ||
314 | TunnelDevice | ||
315 | UpdateHostKeys | ||
316 | UsePrivilegedPort | ||
317 | User | ||
318 | UserKnownHostsFile | ||
319 | VerifyHostKeyDNS | ||
320 | VisualHostKey | ||
321 | XAuthLocation | ||
322 | |||
323 | -p port | ||
324 | Port to connect to on the remote host. This can be specified on | ||
325 | a per-host basis in the configuration file. | ||
326 | |||
327 | -Q query_option | ||
328 | Queries ssh for the algorithms supported for the specified | ||
329 | version 2. The available features are: cipher (supported | ||
330 | symmetric ciphers), cipher-auth (supported symmetric ciphers that | ||
331 | support authenticated encryption), mac (supported message | ||
332 | integrity codes), kex (key exchange algorithms), key (key types), | ||
333 | key-cert (certificate key types), key-plain (non-certificate key | ||
334 | types), and protocol-version (supported SSH protocol versions). | ||
335 | |||
336 | -q Quiet mode. Causes most warning and diagnostic messages to be | ||
337 | suppressed. | ||
338 | |||
339 | -R [bind_address:]port:host:hostport | ||
340 | -R [bind_address:]port:local_socket | ||
341 | -R remote_socket:host:hostport | ||
342 | -R remote_socket:local_socket | ||
343 | Specifies that connections to the given TCP port or Unix socket | ||
344 | on the remote (server) host are to be forwarded to the given host | ||
345 | and port, or Unix socket, on the local side. This works by | ||
346 | allocating a socket to listen to either a TCP port or to a Unix | ||
347 | socket on the remote side. Whenever a connection is made to this | ||
348 | port or Unix socket, the connection is forwarded over the secure | ||
349 | channel, and a connection is made to either host port hostport, | ||
350 | or local_socket, from the local machine. | ||
351 | |||
352 | Port forwardings can also be specified in the configuration file. | ||
353 | Privileged ports can be forwarded only when logging in as root on | ||
354 | the remote machine. IPv6 addresses can be specified by enclosing | ||
355 | the address in square brackets. | ||
356 | |||
357 | By default, TCP listening sockets on the server will be bound to | ||
358 | the loopback interface only. This may be overridden by | ||
359 | specifying a bind_address. An empty bind_address, or the address | ||
360 | M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all | ||
361 | interfaces. Specifying a remote bind_address will only succeed | ||
362 | if the server's GatewayPorts option is enabled (see | ||
363 | sshd_config(5)). | ||
364 | |||
365 | If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically | ||
366 | allocated on the server and reported to the client at run time. | ||
367 | When used together with -O forward the allocated port will be | ||
368 | printed to the standard output. | ||
369 | |||
370 | -S ctl_path | ||
371 | Specifies the location of a control socket for connection | ||
372 | sharing, or the string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing. | ||
373 | Refer to the description of ControlPath and ControlMaster in | ||
374 | ssh_config(5) for details. | ||
375 | |||
376 | -s May be used to request invocation of a subsystem on the remote | ||
377 | system. Subsystems facilitate the use of SSH as a secure | ||
378 | transport for other applications (e.g. sftp(1)). The subsystem | ||
379 | is specified as the remote command. | ||
380 | |||
381 | -T Disable pseudo-terminal allocation. | ||
382 | |||
383 | -t Force pseudo-terminal allocation. This can be used to execute | ||
384 | arbitrary screen-based programs on a remote machine, which can be | ||
385 | very useful, e.g. when implementing menu services. Multiple -t | ||
386 | options force tty allocation, even if ssh has no local tty. | ||
387 | |||
388 | -V Display the version number and exit. | ||
389 | |||
390 | -v Verbose mode. Causes ssh to print debugging messages about its | ||
391 | progress. This is helpful in debugging connection, | ||
392 | authentication, and configuration problems. Multiple -v options | ||
393 | increase the verbosity. The maximum is 3. | ||
394 | |||
395 | -W host:port | ||
396 | Requests that standard input and output on the client be | ||
397 | forwarded to host on port over the secure channel. Implies -N, | ||
398 | -T, ExitOnForwardFailure and ClearAllForwardings, though these | ||
399 | can be overridden in the configuration file or using -o command | ||
400 | line options. | ||
401 | |||
402 | -w local_tun[:remote_tun] | ||
403 | Requests tunnel device forwarding with the specified tun(4) | ||
404 | devices between the client (local_tun) and the server | ||
405 | (remote_tun). | ||
406 | |||
407 | The devices may be specified by numerical ID or the keyword | ||
408 | M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If | ||
409 | remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the | ||
410 | Tunnel and TunnelDevice directives in ssh_config(5). If the | ||
411 | Tunnel directive is unset, it is set to the default tunnel mode, | ||
412 | which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. | ||
413 | |||
414 | -X Enables X11 forwarding. This can also be specified on a per-host | ||
415 | basis in a configuration file. | ||
416 | |||
417 | X11 forwarding should be enabled with caution. Users with the | ||
418 | ability to bypass file permissions on the remote host (for the | ||
419 | user's X authorization database) can access the local X11 display | ||
420 | through the forwarded connection. An attacker may then be able | ||
421 | to perform activities such as keystroke monitoring. | ||
422 | |||
423 | For this reason, X11 forwarding is subjected to X11 SECURITY | ||
424 | extension restrictions by default. Please refer to the ssh -Y | ||
425 | option and the ForwardX11Trusted directive in ssh_config(5) for | ||
426 | more information. | ||
427 | |||
428 | -x Disables X11 forwarding. | ||
429 | |||
430 | -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not | ||
431 | subjected to the X11 SECURITY extension controls. | ||
432 | |||
433 | -y Send log information using the syslog(3) system module. By | ||
434 | default this information is sent to stderr. | ||
435 | |||
436 | ssh may additionally obtain configuration data from a per-user | ||
437 | configuration file and a system-wide configuration file. The file format | ||
438 | and configuration options are described in ssh_config(5). | ||
439 | |||
440 | AUTHENTICATION | ||
441 | The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to | ||
442 | use protocol 2 only, though this can be changed via the Protocol option | ||
443 | in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should | ||
444 | not be used and is only offered to support legacy devices. It suffers | ||
445 | from a number of cryptographic weaknesses and doesn't support many of the | ||
446 | advanced features available for protocol 2. | ||
447 | |||
448 | The methods available for authentication are: GSSAPI-based | ||
449 | authentication, host-based authentication, public key authentication, | ||
450 | challenge-response authentication, and password authentication. | ||
451 | Authentication methods are tried in the order specified above, though | ||
452 | PreferredAuthentications can be used to change the default order. | ||
453 | |||
454 | Host-based authentication works as follows: If the machine the user logs | ||
455 | in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote | ||
456 | machine, and the user names are the same on both sides, or if the files | ||
457 | ~/.rhosts or ~/.shosts exist in the user's home directory on the remote | ||
458 | machine and contain a line containing the name of the client machine and | ||
459 | the name of the user on that machine, the user is considered for login. | ||
460 | Additionally, the server must be able to verify the client's host key | ||
461 | (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, | ||
462 | below) for login to be permitted. This authentication method closes | ||
463 | security holes due to IP spoofing, DNS spoofing, and routing spoofing. | ||
464 | [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the | ||
465 | rlogin/rsh protocol in general, are inherently insecure and should be | ||
466 | disabled if security is desired.] | ||
467 | |||
468 | Public key authentication works as follows: The scheme is based on | ||
469 | public-key cryptography, using cryptosystems where encryption and | ||
470 | decryption are done using separate keys, and it is unfeasible to derive | ||
471 | the decryption key from the encryption key. The idea is that each user | ||
472 | creates a public/private key pair for authentication purposes. The | ||
473 | server knows the public key, and only the user knows the private key. | ||
474 | ssh implements public key authentication protocol automatically, using | ||
475 | one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of | ||
476 | ssl(8) contains a brief discussion of the DSA and RSA algorithms. | ||
477 | |||
478 | The file ~/.ssh/authorized_keys lists the public keys that are permitted | ||
479 | for logging in. When the user logs in, the ssh program tells the server | ||
480 | which key pair it would like to use for authentication. The client | ||
481 | proves that it has access to the private key and the server checks that | ||
482 | the corresponding public key is authorized to accept the account. | ||
483 | |||
484 | The user creates his/her key pair by running ssh-keygen(1). This stores | ||
485 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA), | ||
486 | ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa | ||
487 | (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), | ||
488 | ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), | ||
489 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | ||
490 | home directory. The user should then copy the public key to | ||
491 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | ||
492 | The authorized_keys file corresponds to the conventional ~/.rhosts file, | ||
493 | and has one key per line, though the lines can be very long. After this, | ||
494 | the user can log in without giving the password. | ||
495 | |||
496 | A variation on public key authentication is available in the form of | ||
497 | certificate authentication: instead of a set of public/private keys, | ||
498 | signed certificates are used. This has the advantage that a single | ||
499 | trusted certification authority can be used in place of many | ||
500 | public/private keys. See the CERTIFICATES section of ssh-keygen(1) for | ||
501 | more information. | ||
502 | |||
503 | The most convenient way to use public key or certificate authentication | ||
504 | may be with an authentication agent. See ssh-agent(1) and (optionally) | ||
505 | the AddKeysToAgent directive in ssh_config(5) for more information. | ||
506 | |||
507 | Challenge-response authentication works as follows: The server sends an | ||
508 | arbitrary "challenge" text, and prompts for a response. Examples of | ||
509 | challenge-response authentication include BSD Authentication (see | ||
510 | login.conf(5)) and PAM (some non-OpenBSD systems). | ||
511 | |||
512 | Finally, if other authentication methods fail, ssh prompts the user for a | ||
513 | password. The password is sent to the remote host for checking; however, | ||
514 | since all communications are encrypted, the password cannot be seen by | ||
515 | someone listening on the network. | ||
516 | |||
517 | ssh automatically maintains and checks a database containing | ||
518 | identification for all hosts it has ever been used with. Host keys are | ||
519 | stored in ~/.ssh/known_hosts in the user's home directory. Additionally, | ||
520 | the file /etc/ssh/ssh_known_hosts is automatically checked for known | ||
521 | hosts. Any new hosts are automatically added to the user's file. If a | ||
522 | host's identification ever changes, ssh warns about this and disables | ||
523 | password authentication to prevent server spoofing or man-in-the-middle | ||
524 | attacks, which could otherwise be used to circumvent the encryption. The | ||
525 | StrictHostKeyChecking option can be used to control logins to machines | ||
526 | whose host key is not known or has changed. | ||
527 | |||
528 | When the user's identity has been accepted by the server, the server | ||
529 | either executes the given command in a non-interactive session or, if no | ||
530 | command has been specified, logs into the machine and gives the user a | ||
531 | normal shell as an interactive session. All communication with the | ||
532 | remote command or shell will be automatically encrypted. | ||
533 | |||
534 | If an interactive session is requested ssh by default will only request a | ||
535 | pseudo-terminal (pty) for interactive sessions when the client has one. | ||
536 | The flags -T and -t can be used to override this behaviour. | ||
537 | |||
538 | If a pseudo-terminal has been allocated the user may use the escape | ||
539 | characters noted below. | ||
540 | |||
541 | If no pseudo-terminal has been allocated, the session is transparent and | ||
542 | can be used to reliably transfer binary data. On most systems, setting | ||
543 | the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent | ||
544 | even if a tty is used. | ||
545 | |||
546 | The session terminates when the command or shell on the remote machine | ||
547 | exits and all X11 and TCP connections have been closed. | ||
548 | |||
549 | ESCAPE CHARACTERS | ||
550 | When a pseudo-terminal has been requested, ssh supports a number of | ||
551 | functions through the use of an escape character. | ||
552 | |||
553 | A single tilde character can be sent as ~~ or by following the tilde by a | ||
554 | character other than those described below. The escape character must | ||
555 | always follow a newline to be interpreted as special. The escape | ||
556 | character can be changed in configuration files using the EscapeChar | ||
557 | configuration directive or on the command line by the -e option. | ||
558 | |||
559 | The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are: | ||
560 | |||
561 | ~. Disconnect. | ||
562 | |||
563 | ~^Z Background ssh. | ||
564 | |||
565 | ~# List forwarded connections. | ||
566 | |||
567 | ~& Background ssh at logout when waiting for forwarded connection / | ||
568 | X11 sessions to terminate. | ||
569 | |||
570 | ~? Display a list of escape characters. | ||
571 | |||
572 | ~B Send a BREAK to the remote system (only useful if the peer | ||
573 | supports it). | ||
574 | |||
575 | ~C Open command line. Currently this allows the addition of port | ||
576 | forwardings using the -L, -R and -D options (see above). It also | ||
577 | allows the cancellation of existing port-forwardings with | ||
578 | -KL[bind_address:]port for local, -KR[bind_address:]port for | ||
579 | remote and -KD[bind_address:]port for dynamic port-forwardings. | ||
580 | !command allows the user to execute a local command if the | ||
581 | PermitLocalCommand option is enabled in ssh_config(5). Basic | ||
582 | help is available, using the -h option. | ||
583 | |||
584 | ~R Request rekeying of the connection (only useful if the peer | ||
585 | supports it). | ||
586 | |||
587 | ~V Decrease the verbosity (LogLevel) when errors are being written | ||
588 | to stderr. | ||
589 | |||
590 | ~v Increase the verbosity (LogLevel) when errors are being written | ||
591 | to stderr. | ||
592 | |||
593 | TCP FORWARDING | ||
594 | Forwarding of arbitrary TCP connections over the secure channel can be | ||
595 | specified either on the command line or in a configuration file. One | ||
596 | possible application of TCP forwarding is a secure connection to a mail | ||
597 | server; another is going through firewalls. | ||
598 | |||
599 | In the example below, we look at encrypting communication between an IRC | ||
600 | client and server, even though the IRC server does not directly support | ||
601 | encrypted communications. This works as follows: the user connects to | ||
602 | the remote host using ssh, specifying a port to be used to forward | ||
603 | connections to the remote server. After that it is possible to start the | ||
604 | service which is to be encrypted on the client machine, connecting to the | ||
605 | same local port, and ssh will encrypt and forward the connection. | ||
606 | |||
607 | The following example tunnels an IRC session from client machine | ||
608 | M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]: | ||
609 | |||
610 | $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 | ||
611 | $ irc -c '#users' -p 1234 pinky 127.0.0.1 | ||
612 | |||
613 | This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining | ||
614 | channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234. It doesn't matter | ||
615 | which port is used, as long as it's greater than 1023 (remember, only | ||
616 | root can open sockets on privileged ports) and doesn't conflict with any | ||
617 | ports already in use. The connection is forwarded to port 6667 on the | ||
618 | remote server, since that's the standard port for IRC services. | ||
619 | |||
620 | The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is | ||
621 | specified to allow an amount of time (10 seconds, in the example) to | ||
622 | start the service which is to be tunnelled. If no connections are made | ||
623 | within the time specified, ssh will exit. | ||
624 | |||
625 | X11 FORWARDING | ||
626 | If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the | ||
627 | -X, -x, and -Y options above) and the user is using X11 (the DISPLAY | ||
628 | environment variable is set), the connection to the X11 display is | ||
629 | automatically forwarded to the remote side in such a way that any X11 | ||
630 | programs started from the shell (or command) will go through the | ||
631 | encrypted channel, and the connection to the real X server will be made | ||
632 | from the local machine. The user should not manually set DISPLAY. | ||
633 | Forwarding of X11 connections can be configured on the command line or in | ||
634 | configuration files. | ||
635 | |||
636 | The DISPLAY value set by ssh will point to the server machine, but with a | ||
637 | display number greater than zero. This is normal, and happens because | ||
638 | ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the | ||
639 | connections over the encrypted channel. | ||
640 | |||
641 | ssh will also automatically set up Xauthority data on the server machine. | ||
642 | For this purpose, it will generate a random authorization cookie, store | ||
643 | it in Xauthority on the server, and verify that any forwarded connections | ||
644 | carry this cookie and replace it by the real cookie when the connection | ||
645 | is opened. The real authentication cookie is never sent to the server | ||
646 | machine (and no cookies are sent in the plain). | ||
647 | |||
648 | If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of | ||
649 | the -A and -a options above) and the user is using an authentication | ||
650 | agent, the connection to the agent is automatically forwarded to the | ||
651 | remote side. | ||
652 | |||
653 | VERIFYING HOST KEYS | ||
654 | When connecting to a server for the first time, a fingerprint of the | ||
655 | server's public key is presented to the user (unless the option | ||
656 | StrictHostKeyChecking has been disabled). Fingerprints can be determined | ||
657 | using ssh-keygen(1): | ||
658 | |||
659 | $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key | ||
660 | |||
661 | If the fingerprint is already known, it can be matched and the key can be | ||
662 | accepted or rejected. If only legacy (MD5) fingerprints for the server | ||
663 | are available, the ssh-keygen(1) -E option may be used to downgrade the | ||
664 | fingerprint algorithm to match. | ||
665 | |||
666 | Because of the difficulty of comparing host keys just by looking at | ||
667 | fingerprint strings, there is also support to compare host keys visually, | ||
668 | using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small | ||
669 | ASCII graphic gets displayed on every login to a server, no matter if the | ||
670 | session itself is interactive or not. By learning the pattern a known | ||
671 | server produces, a user can easily find out that the host key has changed | ||
672 | when a completely different pattern is displayed. Because these patterns | ||
673 | are not unambiguous however, a pattern that looks similar to the pattern | ||
674 | remembered only gives a good probability that the host key is the same, | ||
675 | not guaranteed proof. | ||
676 | |||
677 | To get a listing of the fingerprints along with their random art for all | ||
678 | known hosts, the following command line can be used: | ||
679 | |||
680 | $ ssh-keygen -lv -f ~/.ssh/known_hosts | ||
681 | |||
682 | If the fingerprint is unknown, an alternative method of verification is | ||
683 | available: SSH fingerprints verified by DNS. An additional resource | ||
684 | record (RR), SSHFP, is added to a zonefile and the connecting client is | ||
685 | able to match the fingerprint with that of the key presented. | ||
686 | |||
687 | In this example, we are connecting a client to a server, | ||
688 | M-bM-^@M-^\host.example.comM-bM-^@M-^]. The SSHFP resource records should first be added to | ||
689 | the zonefile for host.example.com: | ||
690 | |||
691 | $ ssh-keygen -r host.example.com. | ||
692 | |||
693 | The output lines will have to be added to the zonefile. To check that | ||
694 | the zone is answering fingerprint queries: | ||
695 | |||
696 | $ dig -t SSHFP host.example.com | ||
697 | |||
698 | Finally the client connects: | ||
699 | |||
700 | $ ssh -o "VerifyHostKeyDNS ask" host.example.com | ||
701 | [...] | ||
702 | Matching host key fingerprint found in DNS. | ||
703 | Are you sure you want to continue connecting (yes/no)? | ||
704 | |||
705 | See the VerifyHostKeyDNS option in ssh_config(5) for more information. | ||
706 | |||
707 | SSH-BASED VIRTUAL PRIVATE NETWORKS | ||
708 | ssh contains support for Virtual Private Network (VPN) tunnelling using | ||
709 | the tun(4) network pseudo-device, allowing two networks to be joined | ||
710 | securely. The sshd_config(5) configuration option PermitTunnel controls | ||
711 | whether the server supports this, and at what level (layer 2 or 3 | ||
712 | traffic). | ||
713 | |||
714 | The following example would connect client network 10.0.50.0/24 with | ||
715 | remote network 10.0.99.0/24 using a point-to-point connection from | ||
716 | 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway | ||
717 | to the remote network, at 192.168.1.15, allows it. | ||
718 | |||
719 | On the client: | ||
720 | |||
721 | # ssh -f -w 0:1 192.168.1.15 true | ||
722 | # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 | ||
723 | # route add 10.0.99.0/24 10.1.1.2 | ||
724 | |||
725 | On the server: | ||
726 | |||
727 | # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 | ||
728 | # route add 10.0.50.0/24 10.1.1.1 | ||
729 | |||
730 | Client access may be more finely tuned via the /root/.ssh/authorized_keys | ||
731 | file (see below) and the PermitRootLogin server option. The following | ||
732 | entry would permit connections on tun(4) device 1 from user M-bM-^@M-^\janeM-bM-^@M-^] and on | ||
733 | tun device 2 from user M-bM-^@M-^\johnM-bM-^@M-^], if PermitRootLogin is set to | ||
734 | M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^]: | ||
735 | |||
736 | tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane | ||
737 | tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john | ||
738 | |||
739 | Since an SSH-based setup entails a fair amount of overhead, it may be | ||
740 | more suited to temporary setups, such as for wireless VPNs. More | ||
741 | permanent VPNs are better provided by tools such as ipsecctl(8) and | ||
742 | isakmpd(8). | ||
743 | |||
744 | ENVIRONMENT | ||
745 | ssh will normally set the following environment variables: | ||
746 | |||
747 | DISPLAY The DISPLAY variable indicates the location of the | ||
748 | X11 server. It is automatically set by ssh to | ||
749 | point to a value of the form M-bM-^@M-^\hostname:nM-bM-^@M-^], where | ||
750 | M-bM-^@M-^\hostnameM-bM-^@M-^] indicates the host where the shell runs, | ||
751 | and M-bM-^@M-^XnM-bM-^@M-^Y is an integer M-bM-^IM-% 1. ssh uses this special | ||
752 | value to forward X11 connections over the secure | ||
753 | channel. The user should normally not set DISPLAY | ||
754 | explicitly, as that will render the X11 connection | ||
755 | insecure (and will require the user to manually | ||
756 | copy any required authorization cookies). | ||
757 | |||
758 | HOME Set to the path of the user's home directory. | ||
759 | |||
760 | LOGNAME Synonym for USER; set for compatibility with | ||
761 | systems that use this variable. | ||
762 | |||
763 | MAIL Set to the path of the user's mailbox. | ||
764 | |||
765 | PATH Set to the default PATH, as specified when | ||
766 | compiling ssh. | ||
767 | |||
768 | SSH_ASKPASS If ssh needs a passphrase, it will read the | ||
769 | passphrase from the current terminal if it was run | ||
770 | from a terminal. If ssh does not have a terminal | ||
771 | associated with it but DISPLAY and SSH_ASKPASS are | ||
772 | set, it will execute the program specified by | ||
773 | SSH_ASKPASS and open an X11 window to read the | ||
774 | passphrase. This is particularly useful when | ||
775 | calling ssh from a .xsession or related script. | ||
776 | (Note that on some machines it may be necessary to | ||
777 | redirect the input from /dev/null to make this | ||
778 | work.) | ||
779 | |||
780 | SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to | ||
781 | communicate with the agent. | ||
782 | |||
783 | SSH_CONNECTION Identifies the client and server ends of the | ||
784 | connection. The variable contains four space- | ||
785 | separated values: client IP address, client port | ||
786 | number, server IP address, and server port number. | ||
787 | |||
788 | SSH_ORIGINAL_COMMAND This variable contains the original command line if | ||
789 | a forced command is executed. It can be used to | ||
790 | extract the original arguments. | ||
791 | |||
792 | SSH_TTY This is set to the name of the tty (path to the | ||
793 | device) associated with the current shell or | ||
794 | command. If the current session has no tty, this | ||
795 | variable is not set. | ||
796 | |||
797 | TZ This variable is set to indicate the present time | ||
798 | zone if it was set when the daemon was started | ||
799 | (i.e. the daemon passes the value on to new | ||
800 | connections). | ||
801 | |||
802 | USER Set to the name of the user logging in. | ||
803 | |||
804 | Additionally, ssh reads ~/.ssh/environment, and adds lines of the format | ||
805 | M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are | ||
806 | allowed to change their environment. For more information, see the | ||
807 | PermitUserEnvironment option in sshd_config(5). | ||
808 | |||
809 | FILES | ||
810 | ~/.rhosts | ||
811 | This file is used for host-based authentication (see above). On | ||
812 | some machines this file may need to be world-readable if the | ||
813 | user's home directory is on an NFS partition, because sshd(8) | ||
814 | reads it as root. Additionally, this file must be owned by the | ||
815 | user, and must not have write permissions for anyone else. The | ||
816 | recommended permission for most machines is read/write for the | ||
817 | user, and not accessible by others. | ||
818 | |||
819 | ~/.shosts | ||
820 | This file is used in exactly the same way as .rhosts, but allows | ||
821 | host-based authentication without permitting login with | ||
822 | rlogin/rsh. | ||
823 | |||
824 | ~/.ssh/ | ||
825 | This directory is the default location for all user-specific | ||
826 | configuration and authentication information. There is no | ||
827 | general requirement to keep the entire contents of this directory | ||
828 | secret, but the recommended permissions are read/write/execute | ||
829 | for the user, and not accessible by others. | ||
830 | |||
831 | ~/.ssh/authorized_keys | ||
832 | Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used | ||
833 | for logging in as this user. The format of this file is | ||
834 | described in the sshd(8) manual page. This file is not highly | ||
835 | sensitive, but the recommended permissions are read/write for the | ||
836 | user, and not accessible by others. | ||
837 | |||
838 | ~/.ssh/config | ||
839 | This is the per-user configuration file. The file format and | ||
840 | configuration options are described in ssh_config(5). Because of | ||
841 | the potential for abuse, this file must have strict permissions: | ||
842 | read/write for the user, and not writable by others. | ||
843 | |||
844 | ~/.ssh/environment | ||
845 | Contains additional definitions for environment variables; see | ||
846 | ENVIRONMENT, above. | ||
847 | |||
848 | ~/.ssh/identity | ||
849 | ~/.ssh/id_dsa | ||
850 | ~/.ssh/id_ecdsa | ||
851 | ~/.ssh/id_ed25519 | ||
852 | ~/.ssh/id_rsa | ||
853 | Contains the private key for authentication. These files contain | ||
854 | sensitive data and should be readable by the user but not | ||
855 | accessible by others (read/write/execute). ssh will simply | ||
856 | ignore a private key file if it is accessible by others. It is | ||
857 | possible to specify a passphrase when generating the key which | ||
858 | will be used to encrypt the sensitive part of this file using | ||
859 | 3DES. | ||
860 | |||
861 | ~/.ssh/identity.pub | ||
862 | ~/.ssh/id_dsa.pub | ||
863 | ~/.ssh/id_ecdsa.pub | ||
864 | ~/.ssh/id_ed25519.pub | ||
865 | ~/.ssh/id_rsa.pub | ||
866 | Contains the public key for authentication. These files are not | ||
867 | sensitive and can (but need not) be readable by anyone. | ||
868 | |||
869 | ~/.ssh/known_hosts | ||
870 | Contains a list of host keys for all hosts the user has logged | ||
871 | into that are not already in the systemwide list of known host | ||
872 | keys. See sshd(8) for further details of the format of this | ||
873 | file. | ||
874 | |||
875 | ~/.ssh/rc | ||
876 | Commands in this file are executed by ssh when the user logs in, | ||
877 | just before the user's shell (or command) is started. See the | ||
878 | sshd(8) manual page for more information. | ||
879 | |||
880 | /etc/hosts.equiv | ||
881 | This file is for host-based authentication (see above). It | ||
882 | should only be writable by root. | ||
883 | |||
884 | /etc/shosts.equiv | ||
885 | This file is used in exactly the same way as hosts.equiv, but | ||
886 | allows host-based authentication without permitting login with | ||
887 | rlogin/rsh. | ||
888 | |||
889 | /etc/ssh/ssh_config | ||
890 | Systemwide configuration file. The file format and configuration | ||
891 | options are described in ssh_config(5). | ||
892 | |||
893 | /etc/ssh/ssh_host_key | ||
894 | /etc/ssh/ssh_host_dsa_key | ||
895 | /etc/ssh/ssh_host_ecdsa_key | ||
896 | /etc/ssh/ssh_host_ed25519_key | ||
897 | /etc/ssh/ssh_host_rsa_key | ||
898 | These files contain the private parts of the host keys and are | ||
899 | used for host-based authentication. | ||
900 | |||
901 | /etc/ssh/ssh_known_hosts | ||
902 | Systemwide list of known host keys. This file should be prepared | ||
903 | by the system administrator to contain the public host keys of | ||
904 | all machines in the organization. It should be world-readable. | ||
905 | See sshd(8) for further details of the format of this file. | ||
906 | |||
907 | /etc/ssh/sshrc | ||
908 | Commands in this file are executed by ssh when the user logs in, | ||
909 | just before the user's shell (or command) is started. See the | ||
910 | sshd(8) manual page for more information. | ||
911 | |||
912 | EXIT STATUS | ||
913 | ssh exits with the exit status of the remote command or with 255 if an | ||
914 | error occurred. | ||
915 | |||
916 | SEE ALSO | ||
917 | scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), | ||
918 | tun(4), ssh_config(5), ssh-keysign(8), sshd(8) | ||
919 | |||
920 | STANDARDS | ||
921 | S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned | ||
922 | Numbers, RFC 4250, January 2006. | ||
923 | |||
924 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, | ||
925 | RFC 4251, January 2006. | ||
926 | |||
927 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, | ||
928 | RFC 4252, January 2006. | ||
929 | |||
930 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer | ||
931 | Protocol, RFC 4253, January 2006. | ||
932 | |||
933 | T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC | ||
934 | 4254, January 2006. | ||
935 | |||
936 | J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell | ||
937 | (SSH) Key Fingerprints, RFC 4255, January 2006. | ||
938 | |||
939 | F. Cusack and M. Forssen, Generic Message Exchange Authentication for the | ||
940 | Secure Shell Protocol (SSH), RFC 4256, January 2006. | ||
941 | |||
942 | J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break | ||
943 | Extension, RFC 4335, January 2006. | ||
944 | |||
945 | M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport | ||
946 | Layer Encryption Modes, RFC 4344, January 2006. | ||
947 | |||
948 | B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport | ||
949 | Layer Protocol, RFC 4345, January 2006. | ||
950 | |||
951 | M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for | ||
952 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. | ||
953 | |||
954 | J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File | ||
955 | Format, RFC 4716, November 2006. | ||
956 | |||
957 | D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the | ||
958 | Secure Shell Transport Layer, RFC 5656, December 2009. | ||
959 | |||
960 | A. Perrig and D. Song, Hash Visualization: a New Technique to improve | ||
961 | Real-World Security, 1999, International Workshop on Cryptographic | ||
962 | Techniques and E-Commerce (CrypTEC '99). | ||
963 | |||
964 | AUTHORS | ||
965 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
966 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
967 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
968 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
969 | versions 1.5 and 2.0. | ||
970 | |||
971 | OpenBSD 6.0 July 16, 2016 OpenBSD 6.0 | ||
diff --git a/ssh_config.0 b/ssh_config.0 new file mode 100644 index 000000000..ade8e6562 --- /dev/null +++ b/ssh_config.0 | |||
@@ -0,0 +1,1092 @@ | |||
1 | SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5) | ||
2 | |||
3 | NAME | ||
4 | ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files | ||
5 | |||
6 | SYNOPSIS | ||
7 | ~/.ssh/config | ||
8 | /etc/ssh/ssh_config | ||
9 | |||
10 | DESCRIPTION | ||
11 | ssh(1) obtains configuration data from the following sources in the | ||
12 | following order: | ||
13 | |||
14 | 1. command-line options | ||
15 | 2. user's configuration file (~/.ssh/config) | ||
16 | 3. system-wide configuration file (/etc/ssh/ssh_config) | ||
17 | |||
18 | For each parameter, the first obtained value will be used. The | ||
19 | configuration files contain sections separated by Host specifications, | ||
20 | and that section is only applied for hosts that match one of the patterns | ||
21 | given in the specification. The matched host name is usually the one | ||
22 | given on the command line (see the CanonicalizeHostname option for | ||
23 | exceptions). | ||
24 | |||
25 | Since the first obtained value for each parameter is used, more host- | ||
26 | specific declarations should be given near the beginning of the file, and | ||
27 | general defaults at the end. | ||
28 | |||
29 | The file contains keyword-argument pairs, one per line. Lines starting | ||
30 | with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as comments. Arguments may | ||
31 | optionally be enclosed in double quotes (") in order to represent | ||
32 | arguments containing spaces. Configuration options may be separated by | ||
33 | whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format | ||
34 | is useful to avoid the need to quote whitespace when specifying | ||
35 | configuration options using the ssh, scp, and sftp -o option. | ||
36 | |||
37 | The possible keywords and their meanings are as follows (note that | ||
38 | keywords are case-insensitive and arguments are case-sensitive): | ||
39 | |||
40 | Host Restricts the following declarations (up to the next Host or | ||
41 | Match keyword) to be only for those hosts that match one of the | ||
42 | patterns given after the keyword. If more than one pattern is | ||
43 | provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y | ||
44 | as a pattern can be used to provide global defaults for all | ||
45 | hosts. The host is usually the hostname argument given on the | ||
46 | command line (see the CanonicalizeHostname keyword for | ||
47 | exceptions). | ||
48 | |||
49 | A pattern entry may be negated by prefixing it with an | ||
50 | exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the | ||
51 | Host entry is ignored, regardless of whether any other patterns | ||
52 | on the line match. Negated matches are therefore useful to | ||
53 | provide exceptions for wildcard matches. | ||
54 | |||
55 | See PATTERNS for more information on patterns. | ||
56 | |||
57 | Match Restricts the following declarations (up to the next Host or | ||
58 | Match keyword) to be used only when the conditions following the | ||
59 | Match keyword are satisfied. Match conditions are specified | ||
60 | using one or more criteria or the single token all which always | ||
61 | matches. The available criteria keywords are: canonical, exec, | ||
62 | host, originalhost, user, and localuser. The all criteria must | ||
63 | appear alone or immediately after canonical. Other criteria may | ||
64 | be combined arbitrarily. All criteria but all and canonical | ||
65 | require an argument. Criteria may be negated by prepending an | ||
66 | exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). | ||
67 | |||
68 | The canonical keyword matches only when the configuration file is | ||
69 | being re-parsed after hostname canonicalization (see the | ||
70 | CanonicalizeHostname option.) This may be useful to specify | ||
71 | conditions that work with canonical host names only. The exec | ||
72 | keyword executes the specified command under the user's shell. | ||
73 | If the command returns a zero exit status then the condition is | ||
74 | considered true. Commands containing whitespace characters must | ||
75 | be quoted. Arguments to exec accept the tokens described in the | ||
76 | TOKENS section. | ||
77 | |||
78 | The other keywords' criteria must be single entries or comma- | ||
79 | separated lists and may use the wildcard and negation operators | ||
80 | described in the PATTERNS section. The criteria for the host | ||
81 | keyword are matched against the target hostname, after any | ||
82 | substitution by the Hostname or CanonicalizeHostname options. | ||
83 | The originalhost keyword matches against the hostname as it was | ||
84 | specified on the command-line. The user keyword matches against | ||
85 | the target username on the remote host. The localuser keyword | ||
86 | matches against the name of the local user running ssh(1) (this | ||
87 | keyword may be useful in system-wide ssh_config files). | ||
88 | |||
89 | AddKeysToAgent | ||
90 | Specifies whether keys should be automatically added to a running | ||
91 | ssh-agent(1). If this option is set to yes and a key is loaded | ||
92 | from a file, the key and its passphrase are added to the agent | ||
93 | with the default lifetime, as if by ssh-add(1). If this option | ||
94 | is set to ask, ssh(1) will require confirmation using the | ||
95 | SSH_ASKPASS program before adding a key (see ssh-add(1) for | ||
96 | details). If this option is set to confirm, each use of the key | ||
97 | must be confirmed, as if the -c option was specified to | ||
98 | ssh-add(1). If this option is set to no, no keys are added to | ||
99 | the agent. The argument must be yes, confirm, ask, or no (the | ||
100 | default). | ||
101 | |||
102 | AddressFamily | ||
103 | Specifies which address family to use when connecting. Valid | ||
104 | arguments are any (the default), inet (use IPv4 only), or inet6 | ||
105 | (use IPv6 only). | ||
106 | |||
107 | BatchMode | ||
108 | If set to yes, passphrase/password querying will be disabled. | ||
109 | This option is useful in scripts and other batch jobs where no | ||
110 | user is present to supply the password. The argument must be yes | ||
111 | or no (the default). | ||
112 | |||
113 | BindAddress | ||
114 | Use the specified address on the local machine as the source | ||
115 | address of the connection. Only useful on systems with more than | ||
116 | one address. Note that this option does not work if | ||
117 | UsePrivilegedPort is set to yes. | ||
118 | |||
119 | CanonicalDomains | ||
120 | When CanonicalizeHostname is enabled, this option specifies the | ||
121 | list of domain suffixes in which to search for the specified | ||
122 | destination host. | ||
123 | |||
124 | CanonicalizeFallbackLocal | ||
125 | Specifies whether to fail with an error when hostname | ||
126 | canonicalization fails. The default, yes, will attempt to look | ||
127 | up the unqualified hostname using the system resolver's search | ||
128 | rules. A value of no will cause ssh(1) to fail instantly if | ||
129 | CanonicalizeHostname is enabled and the target hostname cannot be | ||
130 | found in any of the domains specified by CanonicalDomains. | ||
131 | |||
132 | CanonicalizeHostname | ||
133 | Controls whether explicit hostname canonicalization is performed. | ||
134 | The default, no, is not to perform any name rewriting and let the | ||
135 | system resolver handle all hostname lookups. If set to yes then, | ||
136 | for connections that do not use a ProxyCommand, ssh(1) will | ||
137 | attempt to canonicalize the hostname specified on the command | ||
138 | line using the CanonicalDomains suffixes and | ||
139 | CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is | ||
140 | set to always, then canonicalization is applied to proxied | ||
141 | connections too. | ||
142 | |||
143 | If this option is enabled, then the configuration files are | ||
144 | processed again using the new target name to pick up any new | ||
145 | configuration in matching Host and Match stanzas. | ||
146 | |||
147 | CanonicalizeMaxDots | ||
148 | Specifies the maximum number of dot characters in a hostname | ||
149 | before canonicalization is disabled. The default, 1, allows a | ||
150 | single dot (i.e. hostname.subdomain). | ||
151 | |||
152 | CanonicalizePermittedCNAMEs | ||
153 | Specifies rules to determine whether CNAMEs should be followed | ||
154 | when canonicalizing hostnames. The rules consist of one or more | ||
155 | arguments of source_domain_list:target_domain_list, where | ||
156 | source_domain_list is a pattern-list of domains that may follow | ||
157 | CNAMEs in canonicalization, and target_domain_list is a pattern- | ||
158 | list of domains that they may resolve to. | ||
159 | |||
160 | For example, "*.a.example.com:*.b.example.com,*.c.example.com" | ||
161 | will allow hostnames matching "*.a.example.com" to be | ||
162 | canonicalized to names in the "*.b.example.com" or | ||
163 | "*.c.example.com" domains. | ||
164 | |||
165 | CertificateFile | ||
166 | Specifies a file from which the user's certificate is read. A | ||
167 | corresponding private key must be provided separately in order to | ||
168 | use this certificate either from an IdentityFile directive or -i | ||
169 | flag to ssh(1), via ssh-agent(1), or via a PKCS11Provider. | ||
170 | |||
171 | Arguments to CertificateFile may use the tilde syntax to refer to | ||
172 | a user's home directory or the tokens described in the TOKENS | ||
173 | section. | ||
174 | |||
175 | It is possible to have multiple certificate files specified in | ||
176 | configuration files; these certificates will be tried in | ||
177 | sequence. Multiple CertificateFile directives will add to the | ||
178 | list of certificates used for authentication. | ||
179 | |||
180 | ChallengeResponseAuthentication | ||
181 | Specifies whether to use challenge-response authentication. The | ||
182 | argument to this keyword must be yes (the default) or no. | ||
183 | |||
184 | CheckHostIP | ||
185 | If set to yes (the default), ssh(1) will additionally check the | ||
186 | host IP address in the known_hosts file. This allows it to | ||
187 | detect if a host key changed due to DNS spoofing and will add | ||
188 | addresses of destination hosts to ~/.ssh/known_hosts in the | ||
189 | process, regardless of the setting of StrictHostKeyChecking. If | ||
190 | the option is set to no, the check will not be executed. | ||
191 | |||
192 | Cipher Specifies the cipher to use for encrypting the session in | ||
193 | protocol version 1. Currently, blowfish, 3des (the default), and | ||
194 | des are supported, though des is only supported in the ssh(1) | ||
195 | client for interoperability with legacy protocol 1 | ||
196 | implementations; its use is strongly discouraged due to | ||
197 | cryptographic weaknesses. | ||
198 | |||
199 | Ciphers | ||
200 | Specifies the ciphers allowed for protocol version 2 in order of | ||
201 | preference. Multiple ciphers must be comma-separated. If the | ||
202 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | ||
203 | ciphers will be appended to the default set instead of replacing | ||
204 | them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then | ||
205 | the specified ciphers (including wildcards) will be removed from | ||
206 | the default set instead of replacing them. | ||
207 | |||
208 | The supported ciphers are: | ||
209 | |||
210 | 3des-cbc | ||
211 | aes128-cbc | ||
212 | aes192-cbc | ||
213 | aes256-cbc | ||
214 | aes128-ctr | ||
215 | aes192-ctr | ||
216 | aes256-ctr | ||
217 | aes128-gcm@openssh.com | ||
218 | aes256-gcm@openssh.com | ||
219 | arcfour | ||
220 | arcfour128 | ||
221 | arcfour256 | ||
222 | blowfish-cbc | ||
223 | cast128-cbc | ||
224 | chacha20-poly1305@openssh.com | ||
225 | |||
226 | The default is: | ||
227 | |||
228 | chacha20-poly1305@openssh.com, | ||
229 | aes128-ctr,aes192-ctr,aes256-ctr, | ||
230 | aes128-gcm@openssh.com,aes256-gcm@openssh.com, | ||
231 | aes128-cbc,aes192-cbc,aes256-cbc | ||
232 | |||
233 | The list of available ciphers may also be obtained using "ssh -Q | ||
234 | cipher". | ||
235 | |||
236 | ClearAllForwardings | ||
237 | Specifies that all local, remote, and dynamic port forwardings | ||
238 | specified in the configuration files or on the command line be | ||
239 | cleared. This option is primarily useful when used from the | ||
240 | ssh(1) command line to clear port forwardings set in | ||
241 | configuration files, and is automatically set by scp(1) and | ||
242 | sftp(1). The argument must be yes or no (the default). | ||
243 | |||
244 | Compression | ||
245 | Specifies whether to use compression. The argument must be yes | ||
246 | or no (the default). | ||
247 | |||
248 | CompressionLevel | ||
249 | Specifies the compression level to use if compression is enabled. | ||
250 | The argument must be an integer from 1 (fast) to 9 (slow, best). | ||
251 | The default level is 6, which is good for most applications. The | ||
252 | meaning of the values is the same as in gzip(1). Note that this | ||
253 | option applies to protocol version 1 only. | ||
254 | |||
255 | ConnectionAttempts | ||
256 | Specifies the number of tries (one per second) to make before | ||
257 | exiting. The argument must be an integer. This may be useful in | ||
258 | scripts if the connection sometimes fails. The default is 1. | ||
259 | |||
260 | ConnectTimeout | ||
261 | Specifies the timeout (in seconds) used when connecting to the | ||
262 | SSH server, instead of using the default system TCP timeout. | ||
263 | This value is used only when the target is down or really | ||
264 | unreachable, not when it refuses the connection. | ||
265 | |||
266 | ControlMaster | ||
267 | Enables the sharing of multiple sessions over a single network | ||
268 | connection. When set to yes, ssh(1) will listen for connections | ||
269 | on a control socket specified using the ControlPath argument. | ||
270 | Additional sessions can connect to this socket using the same | ||
271 | ControlPath with ControlMaster set to no (the default). These | ||
272 | sessions will try to reuse the master instance's network | ||
273 | connection rather than initiating new ones, but will fall back to | ||
274 | connecting normally if the control socket does not exist, or is | ||
275 | not listening. | ||
276 | |||
277 | Setting this to ask will cause ssh(1) to listen for control | ||
278 | connections, but require confirmation using ssh-askpass(1). If | ||
279 | the ControlPath cannot be opened, ssh(1) will continue without | ||
280 | connecting to a master instance. | ||
281 | |||
282 | X11 and ssh-agent(1) forwarding is supported over these | ||
283 | multiplexed connections, however the display and agent forwarded | ||
284 | will be the one belonging to the master connection i.e. it is not | ||
285 | possible to forward multiple displays or agents. | ||
286 | |||
287 | Two additional options allow for opportunistic multiplexing: try | ||
288 | to use a master connection but fall back to creating a new one if | ||
289 | one does not already exist. These options are: auto and autoask. | ||
290 | The latter requires confirmation like the ask option. | ||
291 | |||
292 | ControlPath | ||
293 | Specify the path to the control socket used for connection | ||
294 | sharing as described in the ControlMaster section above or the | ||
295 | string none to disable connection sharing. Arguments to | ||
296 | ControlPath may use the tilde syntax to refer to a user's home | ||
297 | directory or the tokens described in the TOKENS section. It is | ||
298 | recommended that any ControlPath used for opportunistic | ||
299 | connection sharing include at least %h, %p, and %r (or | ||
300 | alternatively %C) and be placed in a directory that is not | ||
301 | writable by other users. This ensures that shared connections | ||
302 | are uniquely identified. | ||
303 | |||
304 | ControlPersist | ||
305 | When used in conjunction with ControlMaster, specifies that the | ||
306 | master connection should remain open in the background (waiting | ||
307 | for future client connections) after the initial client | ||
308 | connection has been closed. If set to no, then the master | ||
309 | connection will not be placed into the background, and will close | ||
310 | as soon as the initial client connection is closed. If set to | ||
311 | yes or 0, then the master connection will remain in the | ||
312 | background indefinitely (until killed or closed via a mechanism | ||
313 | such as the "ssh -O exit"). If set to a time in seconds, or a | ||
314 | time in any of the formats documented in sshd_config(5), then the | ||
315 | backgrounded master connection will automatically terminate after | ||
316 | it has remained idle (with no client connections) for the | ||
317 | specified time. | ||
318 | |||
319 | DynamicForward | ||
320 | Specifies that a TCP port on the local machine be forwarded over | ||
321 | the secure channel, and the application protocol is then used to | ||
322 | determine where to connect to from the remote machine. | ||
323 | |||
324 | The argument must be [bind_address:]port. IPv6 addresses can be | ||
325 | specified by enclosing addresses in square brackets. By default, | ||
326 | the local port is bound in accordance with the GatewayPorts | ||
327 | setting. However, an explicit bind_address may be used to bind | ||
328 | the connection to a specific address. The bind_address of | ||
329 | localhost indicates that the listening port be bound for local | ||
330 | use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port | ||
331 | should be available from all interfaces. | ||
332 | |||
333 | Currently the SOCKS4 and SOCKS5 protocols are supported, and | ||
334 | ssh(1) will act as a SOCKS server. Multiple forwardings may be | ||
335 | specified, and additional forwardings can be given on the command | ||
336 | line. Only the superuser can forward privileged ports. | ||
337 | |||
338 | EnableSSHKeysign | ||
339 | Setting this option to yes in the global client configuration | ||
340 | file /etc/ssh/ssh_config enables the use of the helper program | ||
341 | ssh-keysign(8) during HostbasedAuthentication. The argument must | ||
342 | be yes or no (the default). This option should be placed in the | ||
343 | non-hostspecific section. See ssh-keysign(8) for more | ||
344 | information. | ||
345 | |||
346 | EscapeChar | ||
347 | Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character | ||
348 | can also be set on the command line. The argument should be a | ||
349 | single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or none to disable | ||
350 | the escape character entirely (making the connection transparent | ||
351 | for binary data). | ||
352 | |||
353 | ExitOnForwardFailure | ||
354 | Specifies whether ssh(1) should terminate the connection if it | ||
355 | cannot set up all requested dynamic, tunnel, local, and remote | ||
356 | port forwardings, (e.g. if either end is unable to bind and | ||
357 | listen on a specified port). Note that ExitOnForwardFailure does | ||
358 | not apply to connections made over port forwardings and will not, | ||
359 | for example, cause ssh(1) to exit if TCP connections to the | ||
360 | ultimate forwarding destination fail. The argument must be yes | ||
361 | or no (the default). | ||
362 | |||
363 | FingerprintHash | ||
364 | Specifies the hash algorithm used when displaying key | ||
365 | fingerprints. Valid options are: md5 and sha256 (the default). | ||
366 | |||
367 | ForwardAgent | ||
368 | Specifies whether the connection to the authentication agent (if | ||
369 | any) will be forwarded to the remote machine. The argument must | ||
370 | be yes or no (the default). | ||
371 | |||
372 | Agent forwarding should be enabled with caution. Users with the | ||
373 | ability to bypass file permissions on the remote host (for the | ||
374 | agent's Unix-domain socket) can access the local agent through | ||
375 | the forwarded connection. An attacker cannot obtain key material | ||
376 | from the agent, however they can perform operations on the keys | ||
377 | that enable them to authenticate using the identities loaded into | ||
378 | the agent. | ||
379 | |||
380 | ForwardX11 | ||
381 | Specifies whether X11 connections will be automatically | ||
382 | redirected over the secure channel and DISPLAY set. The argument | ||
383 | must be yes or no (the default). | ||
384 | |||
385 | X11 forwarding should be enabled with caution. Users with the | ||
386 | ability to bypass file permissions on the remote host (for the | ||
387 | user's X11 authorization database) can access the local X11 | ||
388 | display through the forwarded connection. An attacker may then | ||
389 | be able to perform activities such as keystroke monitoring if the | ||
390 | ForwardX11Trusted option is also enabled. | ||
391 | |||
392 | ForwardX11Timeout | ||
393 | Specify a timeout for untrusted X11 forwarding using the format | ||
394 | described in the TIME FORMATS section of sshd_config(5). X11 | ||
395 | connections received by ssh(1) after this time will be refused. | ||
396 | The default is to disable untrusted X11 forwarding after twenty | ||
397 | minutes has elapsed. | ||
398 | |||
399 | ForwardX11Trusted | ||
400 | If this option is set to yes, remote X11 clients will have full | ||
401 | access to the original X11 display. | ||
402 | |||
403 | If this option is set to no (the default), remote X11 clients | ||
404 | will be considered untrusted and prevented from stealing or | ||
405 | tampering with data belonging to trusted X11 clients. | ||
406 | Furthermore, the xauth(1) token used for the session will be set | ||
407 | to expire after 20 minutes. Remote clients will be refused | ||
408 | access after this time. | ||
409 | |||
410 | See the X11 SECURITY extension specification for full details on | ||
411 | the restrictions imposed on untrusted clients. | ||
412 | |||
413 | GatewayPorts | ||
414 | Specifies whether remote hosts are allowed to connect to local | ||
415 | forwarded ports. By default, ssh(1) binds local port forwardings | ||
416 | to the loopback address. This prevents other remote hosts from | ||
417 | connecting to forwarded ports. GatewayPorts can be used to | ||
418 | specify that ssh should bind local port forwardings to the | ||
419 | wildcard address, thus allowing remote hosts to connect to | ||
420 | forwarded ports. The argument must be yes or no (the default). | ||
421 | |||
422 | GlobalKnownHostsFile | ||
423 | Specifies one or more files to use for the global host key | ||
424 | database, separated by whitespace. The default is | ||
425 | /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2. | ||
426 | |||
427 | GSSAPIAuthentication | ||
428 | Specifies whether user authentication based on GSSAPI is allowed. | ||
429 | The default is no. | ||
430 | |||
431 | GSSAPIDelegateCredentials | ||
432 | Forward (delegate) credentials to the server. The default is no. | ||
433 | |||
434 | HashKnownHosts | ||
435 | Indicates that ssh(1) should hash host names and addresses when | ||
436 | they are added to ~/.ssh/known_hosts. These hashed names may be | ||
437 | used normally by ssh(1) and sshd(8), but they do not reveal | ||
438 | identifying information should the file's contents be disclosed. | ||
439 | The default is no. Note that existing names and addresses in | ||
440 | known hosts files will not be converted automatically, but may be | ||
441 | manually hashed using ssh-keygen(1). | ||
442 | |||
443 | HostbasedAuthentication | ||
444 | Specifies whether to try rhosts based authentication with public | ||
445 | key authentication. The argument must be yes or no (the | ||
446 | default). | ||
447 | |||
448 | HostbasedKeyTypes | ||
449 | Specifies the key types that will be used for hostbased | ||
450 | authentication as a comma-separated pattern list. Alternately if | ||
451 | the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the | ||
452 | specified key types will be appended to the default set instead | ||
453 | of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | ||
454 | character, then the specified key types (including wildcards) | ||
455 | will be removed from the default set instead of replacing them. | ||
456 | The default for this option is: | ||
457 | |||
458 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
459 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
460 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
461 | ssh-ed25519-cert-v01@openssh.com, | ||
462 | ssh-rsa-cert-v01@openssh.com, | ||
463 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
464 | ssh-ed25519,ssh-rsa | ||
465 | |||
466 | The -Q option of ssh(1) may be used to list supported key types. | ||
467 | |||
468 | HostKeyAlgorithms | ||
469 | Specifies the host key algorithms that the client wants to use in | ||
470 | order of preference. Alternately if the specified value begins | ||
471 | with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be | ||
472 | appended to the default set instead of replacing them. If the | ||
473 | specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified | ||
474 | key types (including wildcards) will be removed from the default | ||
475 | set instead of replacing them. The default for this option is: | ||
476 | |||
477 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
478 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
479 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
480 | ssh-ed25519-cert-v01@openssh.com, | ||
481 | ssh-rsa-cert-v01@openssh.com, | ||
482 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
483 | ssh-ed25519,ssh-rsa | ||
484 | |||
485 | If hostkeys are known for the destination host then this default | ||
486 | is modified to prefer their algorithms. | ||
487 | |||
488 | The list of available key types may also be obtained using "ssh | ||
489 | -Q key". | ||
490 | |||
491 | HostKeyAlias | ||
492 | Specifies an alias that should be used instead of the real host | ||
493 | name when looking up or saving the host key in the host key | ||
494 | database files. This option is useful for tunneling SSH | ||
495 | connections or for multiple servers running on a single host. | ||
496 | |||
497 | HostName | ||
498 | Specifies the real host name to log into. This can be used to | ||
499 | specify nicknames or abbreviations for hosts. Arguments to | ||
500 | HostName accept the tokens described in the TOKENS section. | ||
501 | Numeric IP addresses are also permitted (both on the command line | ||
502 | and in HostName specifications). The default is the name given | ||
503 | on the command line. | ||
504 | |||
505 | IdentitiesOnly | ||
506 | Specifies that ssh(1) should only use the authentication identity | ||
507 | and certificate files explicitly configured in the ssh_config | ||
508 | files or passed on the ssh(1) command-line, even if ssh-agent(1) | ||
509 | or a PKCS11Provider offers more identities. The argument to this | ||
510 | keyword must be yes or no (the default). This option is intended | ||
511 | for situations where ssh-agent offers many different identities. | ||
512 | |||
513 | IdentityAgent | ||
514 | Specifies the UNIX-domain socket used to communicate with the | ||
515 | authentication agent. | ||
516 | |||
517 | This option overrides the SSH_AUTH_SOCK environment variable and | ||
518 | can be used to select a specific agent. Setting the socket name | ||
519 | to none disables the use of an authentication agent. If the | ||
520 | string "SSH_AUTH_SOCK" is specified, the location of the socket | ||
521 | will be read from the SSH_AUTH_SOCK environment variable. | ||
522 | |||
523 | Arguments to IdentityAgent may use the tilde syntax to refer to a | ||
524 | user's home directory or the tokens described in the TOKENS | ||
525 | section. | ||
526 | |||
527 | IdentityFile | ||
528 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA | ||
529 | authentication identity is read. The default is ~/.ssh/identity | ||
530 | for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, | ||
531 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. | ||
532 | Additionally, any identities represented by the authentication | ||
533 | agent will be used for authentication unless IdentitiesOnly is | ||
534 | set. If no certificates have been explicitly specified by | ||
535 | CertificateFile, ssh(1) will try to load certificate information | ||
536 | from the filename obtained by appending -cert.pub to the path of | ||
537 | a specified IdentityFile. | ||
538 | |||
539 | Arguments to IdentityFile may use the tilde syntax to refer to a | ||
540 | user's home directory or the tokens described in the TOKENS | ||
541 | section. | ||
542 | |||
543 | It is possible to have multiple identity files specified in | ||
544 | configuration files; all these identities will be tried in | ||
545 | sequence. Multiple IdentityFile directives will add to the list | ||
546 | of identities tried (this behaviour differs from that of other | ||
547 | configuration directives). | ||
548 | |||
549 | IdentityFile may be used in conjunction with IdentitiesOnly to | ||
550 | select which identities in an agent are offered during | ||
551 | authentication. IdentityFile may also be used in conjunction | ||
552 | with CertificateFile in order to provide any certificate also | ||
553 | needed for authentication with the identity. | ||
554 | |||
555 | IgnoreUnknown | ||
556 | Specifies a pattern-list of unknown options to be ignored if they | ||
557 | are encountered in configuration parsing. This may be used to | ||
558 | suppress errors if ssh_config contains options that are | ||
559 | unrecognised by ssh(1). It is recommended that IgnoreUnknown be | ||
560 | listed early in the configuration file as it will not be applied | ||
561 | to unknown options that appear before it. | ||
562 | |||
563 | Include | ||
564 | Include the specified configuration file(s). Multiple pathnames | ||
565 | may be specified and each pathname may contain glob(3) wildcards | ||
566 | and, for user configurations, shell-like M-bM-^@M-^X~M-bM-^@M-^Y references to user | ||
567 | home directories. Files without absolute paths are assumed to be | ||
568 | in ~/.ssh if included in a user configuration file or /etc/ssh if | ||
569 | included from the system configuration file. Include directive | ||
570 | may appear inside a Match or Host block to perform conditional | ||
571 | inclusion. | ||
572 | |||
573 | IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. | ||
574 | Accepted values are af11, af12, af13, af21, af22, af23, af31, | ||
575 | af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6, | ||
576 | cs7, ef, lowdelay, throughput, reliability, or a numeric value. | ||
577 | This option may take one or two arguments, separated by | ||
578 | whitespace. If one argument is specified, it is used as the | ||
579 | packet class unconditionally. If two values are specified, the | ||
580 | first is automatically selected for interactive sessions and the | ||
581 | second for non-interactive sessions. The default is lowdelay for | ||
582 | interactive sessions and throughput for non-interactive sessions. | ||
583 | |||
584 | KbdInteractiveAuthentication | ||
585 | Specifies whether to use keyboard-interactive authentication. | ||
586 | The argument to this keyword must be yes (the default) or no. | ||
587 | |||
588 | KbdInteractiveDevices | ||
589 | Specifies the list of methods to use in keyboard-interactive | ||
590 | authentication. Multiple method names must be comma-separated. | ||
591 | The default is to use the server specified list. The methods | ||
592 | available vary depending on what the server supports. For an | ||
593 | OpenSSH server, it may be zero or more of: bsdauth, pam, and | ||
594 | skey. | ||
595 | |||
596 | KexAlgorithms | ||
597 | Specifies the available KEX (Key Exchange) algorithms. Multiple | ||
598 | algorithms must be comma-separated. Alternately if the specified | ||
599 | value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods | ||
600 | will be appended to the default set instead of replacing them. | ||
601 | If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the | ||
602 | specified methods (including wildcards) will be removed from the | ||
603 | default set instead of replacing them. The default is: | ||
604 | |||
605 | curve25519-sha256,curve25519-sha256@libssh.org, | ||
606 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | ||
607 | diffie-hellman-group-exchange-sha256, | ||
608 | diffie-hellman-group-exchange-sha1, | ||
609 | diffie-hellman-group14-sha1 | ||
610 | |||
611 | The list of available key exchange algorithms may also be | ||
612 | obtained using "ssh -Q kex". | ||
613 | |||
614 | LocalCommand | ||
615 | Specifies a command to execute on the local machine after | ||
616 | successfully connecting to the server. The command string | ||
617 | extends to the end of the line, and is executed with the user's | ||
618 | shell. Arguments to LocalCommand accept the tokens described in | ||
619 | the TOKENS section. | ||
620 | |||
621 | The command is run synchronously and does not have access to the | ||
622 | session of the ssh(1) that spawned it. It should not be used for | ||
623 | interactive commands. | ||
624 | |||
625 | This directive is ignored unless PermitLocalCommand has been | ||
626 | enabled. | ||
627 | |||
628 | LocalForward | ||
629 | Specifies that a TCP port on the local machine be forwarded over | ||
630 | the secure channel to the specified host and port from the remote | ||
631 | machine. The first argument must be [bind_address:]port and the | ||
632 | second argument must be host:hostport. IPv6 addresses can be | ||
633 | specified by enclosing addresses in square brackets. Multiple | ||
634 | forwardings may be specified, and additional forwardings can be | ||
635 | given on the command line. Only the superuser can forward | ||
636 | privileged ports. By default, the local port is bound in | ||
637 | accordance with the GatewayPorts setting. However, an explicit | ||
638 | bind_address may be used to bind the connection to a specific | ||
639 | address. The bind_address of localhost indicates that the | ||
640 | listening port be bound for local use only, while an empty | ||
641 | address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from | ||
642 | all interfaces. | ||
643 | |||
644 | LogLevel | ||
645 | Gives the verbosity level that is used when logging messages from | ||
646 | ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, | ||
647 | VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. | ||
648 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | ||
649 | higher levels of verbose output. | ||
650 | |||
651 | MACs Specifies the MAC (message authentication code) algorithms in | ||
652 | order of preference. The MAC algorithm is used for data | ||
653 | integrity protection. Multiple algorithms must be comma- | ||
654 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
655 | then the specified algorithms will be appended to the default set | ||
656 | instead of replacing them. If the specified value begins with a | ||
657 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including | ||
658 | wildcards) will be removed from the default set instead of | ||
659 | replacing them. | ||
660 | |||
661 | The algorithms that contain "-etm" calculate the MAC after | ||
662 | encryption (encrypt-then-mac). These are considered safer and | ||
663 | their use recommended. | ||
664 | |||
665 | The default is: | ||
666 | |||
667 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | ||
668 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | ||
669 | hmac-sha1-etm@openssh.com, | ||
670 | umac-64@openssh.com,umac-128@openssh.com, | ||
671 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 | ||
672 | |||
673 | The list of available MAC algorithms may also be obtained using | ||
674 | "ssh -Q mac". | ||
675 | |||
676 | NoHostAuthenticationForLocalhost | ||
677 | This option can be used if the home directory is shared across | ||
678 | machines. In this case localhost will refer to a different | ||
679 | machine on each of the machines and the user will get many | ||
680 | warnings about changed host keys. However, this option disables | ||
681 | host authentication for localhost. The argument to this keyword | ||
682 | must be yes or no (the default). | ||
683 | |||
684 | NumberOfPasswordPrompts | ||
685 | Specifies the number of password prompts before giving up. The | ||
686 | argument to this keyword must be an integer. The default is 3. | ||
687 | |||
688 | PasswordAuthentication | ||
689 | Specifies whether to use password authentication. The argument | ||
690 | to this keyword must be yes (the default) or no. | ||
691 | |||
692 | PermitLocalCommand | ||
693 | Allow local command execution via the LocalCommand option or | ||
694 | using the !command escape sequence in ssh(1). The argument must | ||
695 | be yes or no (the default). | ||
696 | |||
697 | PKCS11Provider | ||
698 | Specifies which PKCS#11 provider to use. The argument to this | ||
699 | keyword is the PKCS#11 shared library ssh(1) should use to | ||
700 | communicate with a PKCS#11 token providing the user's private RSA | ||
701 | key. | ||
702 | |||
703 | Port Specifies the port number to connect on the remote host. The | ||
704 | default is 22. | ||
705 | |||
706 | PreferredAuthentications | ||
707 | Specifies the order in which the client should try authentication | ||
708 | methods. This allows a client to prefer one method (e.g. | ||
709 | keyboard-interactive) over another method (e.g. password). The | ||
710 | default is: | ||
711 | |||
712 | gssapi-with-mic,hostbased,publickey, | ||
713 | keyboard-interactive,password | ||
714 | |||
715 | Protocol | ||
716 | Specifies the protocol versions ssh(1) should support in order of | ||
717 | preference. The possible values are 1 and 2. Multiple versions | ||
718 | must be comma-separated. When this option is set to 2,1 ssh will | ||
719 | try version 2 and fall back to version 1 if version 2 is not | ||
720 | available. The default is version 2. Protocol 1 suffers from a | ||
721 | number of cryptographic weaknesses and should not be used. It is | ||
722 | only offered to support legacy devices. | ||
723 | |||
724 | ProxyCommand | ||
725 | Specifies the command to use to connect to the server. The | ||
726 | command string extends to the end of the line, and is executed | ||
727 | using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering | ||
728 | shell process. | ||
729 | |||
730 | Arguments to ProxyCommand accept the tokens described in the | ||
731 | TOKENS section. The command can be basically anything, and | ||
732 | should read from its standard input and write to its standard | ||
733 | output. It should eventually connect an sshd(8) server running | ||
734 | on some machine, or execute sshd -i somewhere. Host key | ||
735 | management will be done using the HostName of the host being | ||
736 | connected (defaulting to the name typed by the user). Setting | ||
737 | the command to none disables this option entirely. Note that | ||
738 | CheckHostIP is not available for connects with a proxy command. | ||
739 | |||
740 | This directive is useful in conjunction with nc(1) and its proxy | ||
741 | support. For example, the following directive would connect via | ||
742 | an HTTP proxy at 192.0.2.0: | ||
743 | |||
744 | ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p | ||
745 | |||
746 | ProxyJump | ||
747 | Specifies one or more jump proxies as [user@]host[:port]. | ||
748 | Multiple proxies may be separated by comma characters and will be | ||
749 | visited sequentially. Setting this option will cause ssh(1) to | ||
750 | connect to the target host by first making a ssh(1) connection to | ||
751 | the specified ProxyJump host and then establishing a TCP | ||
752 | forwarding to the ultimate target from there. | ||
753 | |||
754 | Note that this option will compete with the ProxyCommand option - | ||
755 | whichever is specified first will prevent later instances of the | ||
756 | other from taking effect. | ||
757 | |||
758 | ProxyUseFdpass | ||
759 | Specifies that ProxyCommand will pass a connected file descriptor | ||
760 | back to ssh(1) instead of continuing to execute and pass data. | ||
761 | The default is no. | ||
762 | |||
763 | PubkeyAcceptedKeyTypes | ||
764 | Specifies the key types that will be used for public key | ||
765 | authentication as a comma-separated pattern list. Alternately if | ||
766 | the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key | ||
767 | types after it will be appended to the default instead of | ||
768 | replacing it. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | ||
769 | character, then the specified key types (including wildcards) | ||
770 | will be removed from the default set instead of replacing them. | ||
771 | The default for this option is: | ||
772 | |||
773 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
774 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
775 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
776 | ssh-ed25519-cert-v01@openssh.com, | ||
777 | ssh-rsa-cert-v01@openssh.com, | ||
778 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
779 | ssh-ed25519,ssh-rsa | ||
780 | |||
781 | The list of available key types may also be obtained using "ssh | ||
782 | -Q key". | ||
783 | |||
784 | PubkeyAuthentication | ||
785 | Specifies whether to try public key authentication. The argument | ||
786 | to this keyword must be yes (the default) or no. | ||
787 | |||
788 | RekeyLimit | ||
789 | Specifies the maximum amount of data that may be transmitted | ||
790 | before the session key is renegotiated, optionally followed a | ||
791 | maximum amount of time that may pass before the session key is | ||
792 | renegotiated. The first argument is specified in bytes and may | ||
793 | have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, | ||
794 | Megabytes, or Gigabytes, respectively. The default is between | ||
795 | M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second | ||
796 | value is specified in seconds and may use any of the units | ||
797 | documented in the TIME FORMATS section of sshd_config(5). The | ||
798 | default value for RekeyLimit is default none, which means that | ||
799 | rekeying is performed after the cipher's default amount of data | ||
800 | has been sent or received and no time based rekeying is done. | ||
801 | |||
802 | RemoteForward | ||
803 | Specifies that a TCP port on the remote machine be forwarded over | ||
804 | the secure channel to the specified host and port from the local | ||
805 | machine. The first argument must be [bind_address:]port and the | ||
806 | second argument must be host:hostport. IPv6 addresses can be | ||
807 | specified by enclosing addresses in square brackets. Multiple | ||
808 | forwardings may be specified, and additional forwardings can be | ||
809 | given on the command line. Privileged ports can be forwarded | ||
810 | only when logging in as root on the remote machine. | ||
811 | |||
812 | If the port argument is 0, the listen port will be dynamically | ||
813 | allocated on the server and reported to the client at run time. | ||
814 | |||
815 | If the bind_address is not specified, the default is to only bind | ||
816 | to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty | ||
817 | string, then the forwarding is requested to listen on all | ||
818 | interfaces. Specifying a remote bind_address will only succeed | ||
819 | if the server's GatewayPorts option is enabled (see | ||
820 | sshd_config(5)). | ||
821 | |||
822 | RequestTTY | ||
823 | Specifies whether to request a pseudo-tty for the session. The | ||
824 | argument may be one of: no (never request a TTY), yes (always | ||
825 | request a TTY when standard input is a TTY), force (always | ||
826 | request a TTY) or auto (request a TTY when opening a login | ||
827 | session). This option mirrors the -t and -T flags for ssh(1). | ||
828 | |||
829 | RevokedHostKeys | ||
830 | Specifies revoked host public keys. Keys listed in this file | ||
831 | will be refused for host authentication. Note that if this file | ||
832 | does not exist or is not readable, then host authentication will | ||
833 | be refused for all hosts. Keys may be specified as a text file, | ||
834 | listing one public key per line, or as an OpenSSH Key Revocation | ||
835 | List (KRL) as generated by ssh-keygen(1). For more information | ||
836 | on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). | ||
837 | |||
838 | RhostsRSAAuthentication | ||
839 | Specifies whether to try rhosts based authentication with RSA | ||
840 | host authentication. The argument must be yes or no (the | ||
841 | default). This option applies to protocol version 1 only and | ||
842 | requires ssh(1) to be setuid root. | ||
843 | |||
844 | RSAAuthentication | ||
845 | Specifies whether to try RSA authentication. The argument to | ||
846 | this keyword must be yes (the default) or no. RSA authentication | ||
847 | will only be attempted if the identity file exists, or an | ||
848 | authentication agent is running. Note that this option applies | ||
849 | to protocol version 1 only. | ||
850 | |||
851 | SendEnv | ||
852 | Specifies what variables from the local environ(7) should be sent | ||
853 | to the server. The server must also support it, and the server | ||
854 | must be configured to accept these environment variables. Note | ||
855 | that the TERM environment variable is always sent whenever a | ||
856 | pseudo-terminal is requested as it is required by the protocol. | ||
857 | Refer to AcceptEnv in sshd_config(5) for how to configure the | ||
858 | server. Variables are specified by name, which may contain | ||
859 | wildcard characters. Multiple environment variables may be | ||
860 | separated by whitespace or spread across multiple SendEnv | ||
861 | directives. The default is not to send any environment | ||
862 | variables. | ||
863 | |||
864 | See PATTERNS for more information on patterns. | ||
865 | |||
866 | ServerAliveCountMax | ||
867 | Sets the number of server alive messages (see below) which may be | ||
868 | sent without ssh(1) receiving any messages back from the server. | ||
869 | If this threshold is reached while server alive messages are | ||
870 | being sent, ssh will disconnect from the server, terminating the | ||
871 | session. It is important to note that the use of server alive | ||
872 | messages is very different from TCPKeepAlive (below). The server | ||
873 | alive messages are sent through the encrypted channel and | ||
874 | therefore will not be spoofable. The TCP keepalive option | ||
875 | enabled by TCPKeepAlive is spoofable. The server alive mechanism | ||
876 | is valuable when the client or server depend on knowing when a | ||
877 | connection has become inactive. | ||
878 | |||
879 | The default value is 3. If, for example, ServerAliveInterval | ||
880 | (see below) is set to 15 and ServerAliveCountMax is left at the | ||
881 | default, if the server becomes unresponsive, ssh will disconnect | ||
882 | after approximately 45 seconds. | ||
883 | |||
884 | ServerAliveInterval | ||
885 | Sets a timeout interval in seconds after which if no data has | ||
886 | been received from the server, ssh(1) will send a message through | ||
887 | the encrypted channel to request a response from the server. The | ||
888 | default is 0, indicating that these messages will not be sent to | ||
889 | the server. | ||
890 | |||
891 | StreamLocalBindMask | ||
892 | Sets the octal file creation mode mask (umask) used when creating | ||
893 | a Unix-domain socket file for local or remote port forwarding. | ||
894 | This option is only used for port forwarding to a Unix-domain | ||
895 | socket file. | ||
896 | |||
897 | The default value is 0177, which creates a Unix-domain socket | ||
898 | file that is readable and writable only by the owner. Note that | ||
899 | not all operating systems honor the file mode on Unix-domain | ||
900 | socket files. | ||
901 | |||
902 | StreamLocalBindUnlink | ||
903 | Specifies whether to remove an existing Unix-domain socket file | ||
904 | for local or remote port forwarding before creating a new one. | ||
905 | If the socket file already exists and StreamLocalBindUnlink is | ||
906 | not enabled, ssh will be unable to forward the port to the Unix- | ||
907 | domain socket file. This option is only used for port forwarding | ||
908 | to a Unix-domain socket file. | ||
909 | |||
910 | The argument must be yes or no (the default). | ||
911 | |||
912 | StrictHostKeyChecking | ||
913 | If this flag is set to yes, ssh(1) will never automatically add | ||
914 | host keys to the ~/.ssh/known_hosts file, and refuses to connect | ||
915 | to hosts whose host key has changed. This provides maximum | ||
916 | protection against trojan horse attacks, though it can be | ||
917 | annoying when the /etc/ssh/ssh_known_hosts file is poorly | ||
918 | maintained or when connections to new hosts are frequently made. | ||
919 | This option forces the user to manually add all new hosts. If | ||
920 | this flag is set to no, ssh will automatically add new host keys | ||
921 | to the user known hosts files. If this flag is set to ask (the | ||
922 | default), new host keys will be added to the user known host | ||
923 | files only after the user has confirmed that is what they really | ||
924 | want to do, and ssh will refuse to connect to hosts whose host | ||
925 | key has changed. The host keys of known hosts will be verified | ||
926 | automatically in all cases. | ||
927 | |||
928 | TCPKeepAlive | ||
929 | Specifies whether the system should send TCP keepalive messages | ||
930 | to the other side. If they are sent, death of the connection or | ||
931 | crash of one of the machines will be properly noticed. However, | ||
932 | this means that connections will die if the route is down | ||
933 | temporarily, and some people find it annoying. | ||
934 | |||
935 | The default is yes (to send TCP keepalive messages), and the | ||
936 | client will notice if the network goes down or the remote host | ||
937 | dies. This is important in scripts, and many users want it too. | ||
938 | |||
939 | To disable TCP keepalive messages, the value should be set to no. | ||
940 | |||
941 | Tunnel Request tun(4) device forwarding between the client and the | ||
942 | server. The argument must be yes, point-to-point (layer 3), | ||
943 | ethernet (layer 2), or no (the default). Specifying yes requests | ||
944 | the default tunnel mode, which is point-to-point. | ||
945 | |||
946 | TunnelDevice | ||
947 | Specifies the tun(4) devices to open on the client (local_tun) | ||
948 | and the server (remote_tun). | ||
949 | |||
950 | The argument must be local_tun[:remote_tun]. The devices may be | ||
951 | specified by numerical ID or the keyword any, which uses the next | ||
952 | available tunnel device. If remote_tun is not specified, it | ||
953 | defaults to any. The default is any:any. | ||
954 | |||
955 | UpdateHostKeys | ||
956 | Specifies whether ssh(1) should accept notifications of | ||
957 | additional hostkeys from the server sent after authentication has | ||
958 | completed and add them to UserKnownHostsFile. The argument must | ||
959 | be yes, no (the default) or ask. Enabling this option allows | ||
960 | learning alternate hostkeys for a server and supports graceful | ||
961 | key rotation by allowing a server to send replacement public keys | ||
962 | before old ones are removed. Additional hostkeys are only | ||
963 | accepted if the key used to authenticate the host was already | ||
964 | trusted or explicitly accepted by the user. If UpdateHostKeys is | ||
965 | set to ask, then the user is asked to confirm the modifications | ||
966 | to the known_hosts file. Confirmation is currently incompatible | ||
967 | with ControlPersist, and will be disabled if it is enabled. | ||
968 | |||
969 | Presently, only sshd(8) from OpenSSH 6.8 and greater support the | ||
970 | "hostkeys@openssh.com" protocol extension used to inform the | ||
971 | client of all the server's hostkeys. | ||
972 | |||
973 | UsePrivilegedPort | ||
974 | Specifies whether to use a privileged port for outgoing | ||
975 | connections. The argument must be yes or no (the default). If | ||
976 | set to yes, ssh(1) must be setuid root. Note that this option | ||
977 | must be set to yes for RhostsRSAAuthentication with older | ||
978 | servers. | ||
979 | |||
980 | User Specifies the user to log in as. This can be useful when a | ||
981 | different user name is used on different machines. This saves | ||
982 | the trouble of having to remember to give the user name on the | ||
983 | command line. | ||
984 | |||
985 | UserKnownHostsFile | ||
986 | Specifies one or more files to use for the user host key | ||
987 | database, separated by whitespace. The default is | ||
988 | ~/.ssh/known_hosts, ~/.ssh/known_hosts2. | ||
989 | |||
990 | VerifyHostKeyDNS | ||
991 | Specifies whether to verify the remote key using DNS and SSHFP | ||
992 | resource records. If this option is set to yes, the client will | ||
993 | implicitly trust keys that match a secure fingerprint from DNS. | ||
994 | Insecure fingerprints will be handled as if this option was set | ||
995 | to ask. If this option is set to ask, information on fingerprint | ||
996 | match will be displayed, but the user will still need to confirm | ||
997 | new host keys according to the StrictHostKeyChecking option. The | ||
998 | default is no. | ||
999 | |||
1000 | See also VERIFYING HOST KEYS in ssh(1). | ||
1001 | |||
1002 | VisualHostKey | ||
1003 | If this flag is set to yes, an ASCII art representation of the | ||
1004 | remote host key fingerprint is printed in addition to the | ||
1005 | fingerprint string at login and for unknown host keys. If this | ||
1006 | flag is set to no (the default), no fingerprint strings are | ||
1007 | printed at login and only the fingerprint string will be printed | ||
1008 | for unknown host keys. | ||
1009 | |||
1010 | XAuthLocation | ||
1011 | Specifies the full pathname of the xauth(1) program. The default | ||
1012 | is /usr/X11R6/bin/xauth. | ||
1013 | |||
1014 | PATTERNS | ||
1015 | A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a | ||
1016 | wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that | ||
1017 | matches exactly one character). For example, to specify a set of | ||
1018 | declarations for any host in the ".co.uk" set of domains, the following | ||
1019 | pattern could be used: | ||
1020 | |||
1021 | Host *.co.uk | ||
1022 | |||
1023 | The following pattern would match any host in the 192.168.0.[0-9] network | ||
1024 | range: | ||
1025 | |||
1026 | Host 192.168.0.? | ||
1027 | |||
1028 | A pattern-list is a comma-separated list of patterns. Patterns within | ||
1029 | pattern-lists may be negated by preceding them with an exclamation mark | ||
1030 | (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an | ||
1031 | organization except from the "dialup" pool, the following entry (in | ||
1032 | authorized_keys) could be used: | ||
1033 | |||
1034 | from="!*.dialup.example.com,*.example.com" | ||
1035 | |||
1036 | TOKENS | ||
1037 | Arguments to some keywords can make use of tokens, which are expanded at | ||
1038 | runtime: | ||
1039 | |||
1040 | %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. | ||
1041 | %C Shorthand for %l%h%p%r. | ||
1042 | %d Local user's home directory. | ||
1043 | %h The remote hostname. | ||
1044 | %i The local user ID. | ||
1045 | %L The local hostname. | ||
1046 | %l The local hostname, including the domain name. | ||
1047 | %n The original remote hostname, as given on the command line. | ||
1048 | %p The remote port. | ||
1049 | %r The remote username. | ||
1050 | %u The local username. | ||
1051 | |||
1052 | Match exec accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. | ||
1053 | |||
1054 | CertificateFile accepts the tokens %%, %d, %h, %l, %r, and %u. | ||
1055 | |||
1056 | ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and | ||
1057 | %u. | ||
1058 | |||
1059 | HostName accepts the tokens %% and %h. | ||
1060 | |||
1061 | IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %l, %r, and | ||
1062 | %u. | ||
1063 | |||
1064 | LocalCommand accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. | ||
1065 | |||
1066 | ProxyCommand accepts the tokens %%, %h, %p, and %r. | ||
1067 | |||
1068 | FILES | ||
1069 | ~/.ssh/config | ||
1070 | This is the per-user configuration file. The format of this file | ||
1071 | is described above. This file is used by the SSH client. | ||
1072 | Because of the potential for abuse, this file must have strict | ||
1073 | permissions: read/write for the user, and not accessible by | ||
1074 | others. | ||
1075 | |||
1076 | /etc/ssh/ssh_config | ||
1077 | Systemwide configuration file. This file provides defaults for | ||
1078 | those values that are not specified in the user's configuration | ||
1079 | file, and for those users who do not have a configuration file. | ||
1080 | This file must be world-readable. | ||
1081 | |||
1082 | SEE ALSO | ||
1083 | ssh(1) | ||
1084 | |||
1085 | AUTHORS | ||
1086 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
1087 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
1088 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
1089 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
1090 | versions 1.5 and 2.0. | ||
1091 | |||
1092 | OpenBSD 6.0 February 27, 2017 OpenBSD 6.0 | ||
@@ -0,0 +1,626 @@ | |||
1 | SSHD(8) System Manager's Manual SSHD(8) | ||
2 | |||
3 | NAME | ||
4 | sshd M-bM-^@M-^S OpenSSH SSH daemon | ||
5 | |||
6 | SYNOPSIS | ||
7 | sshd [-46DdeiqTt] [-C connection_spec] [-c host_certificate_file] | ||
8 | [-E log_file] [-f config_file] [-g login_grace_time] | ||
9 | [-h host_key_file] [-o option] [-p port] [-u len] | ||
10 | |||
11 | DESCRIPTION | ||
12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | ||
13 | programs replace rlogin and rsh, and provide secure encrypted | ||
14 | communications between two untrusted hosts over an insecure network. | ||
15 | |||
16 | sshd listens for connections from clients. It is normally started at | ||
17 | boot from /etc/rc. It forks a new daemon for each incoming connection. | ||
18 | The forked daemons handle key exchange, encryption, authentication, | ||
19 | command execution, and data exchange. | ||
20 | |||
21 | sshd can be configured using command-line options or a configuration file | ||
22 | (by default sshd_config(5)); command-line options override values | ||
23 | specified in the configuration file. sshd rereads its configuration file | ||
24 | when it receives a hangup signal, SIGHUP, by executing itself with the | ||
25 | name and options it was started with, e.g. /usr/sbin/sshd. | ||
26 | |||
27 | The options are as follows: | ||
28 | |||
29 | -4 Forces sshd to use IPv4 addresses only. | ||
30 | |||
31 | -6 Forces sshd to use IPv6 addresses only. | ||
32 | |||
33 | -C connection_spec | ||
34 | Specify the connection parameters to use for the -T extended test | ||
35 | mode. If provided, any Match directives in the configuration | ||
36 | file that would apply to the specified user, host, and address | ||
37 | will be set before the configuration is written to standard | ||
38 | output. The connection parameters are supplied as keyword=value | ||
39 | pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and | ||
40 | M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order, | ||
41 | either with multiple -C options or as a comma-separated list. | ||
42 | |||
43 | -c host_certificate_file | ||
44 | Specifies a path to a certificate file to identify sshd during | ||
45 | key exchange. The certificate file must match a host key file | ||
46 | specified using the -h option or the HostKey configuration | ||
47 | directive. | ||
48 | |||
49 | -D When this option is specified, sshd will not detach and does not | ||
50 | become a daemon. This allows easy monitoring of sshd. | ||
51 | |||
52 | -d Debug mode. The server sends verbose debug output to standard | ||
53 | error, and does not put itself in the background. The server | ||
54 | also will not fork and will only process one connection. This | ||
55 | option is only intended for debugging for the server. Multiple | ||
56 | -d options increase the debugging level. Maximum is 3. | ||
57 | |||
58 | -E log_file | ||
59 | Append debug logs to log_file instead of the system log. | ||
60 | |||
61 | -e Write debug logs to standard error instead of the system log. | ||
62 | |||
63 | -f config_file | ||
64 | Specifies the name of the configuration file. The default is | ||
65 | /etc/ssh/sshd_config. sshd refuses to start if there is no | ||
66 | configuration file. | ||
67 | |||
68 | -g login_grace_time | ||
69 | Gives the grace time for clients to authenticate themselves | ||
70 | (default 120 seconds). If the client fails to authenticate the | ||
71 | user within this many seconds, the server disconnects and exits. | ||
72 | A value of zero indicates no limit. | ||
73 | |||
74 | -h host_key_file | ||
75 | Specifies a file from which a host key is read. This option must | ||
76 | be given if sshd is not run as root (as the normal host key files | ||
77 | are normally not readable by anyone but root). The default is | ||
78 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, | ||
79 | /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. It | ||
80 | is possible to have multiple host key files for the different | ||
81 | host key algorithms. | ||
82 | |||
83 | -i Specifies that sshd is being run from inetd(8). | ||
84 | |||
85 | -o option | ||
86 | Can be used to give options in the format used in the | ||
87 | configuration file. This is useful for specifying options for | ||
88 | which there is no separate command-line flag. For full details | ||
89 | of the options, and their values, see sshd_config(5). | ||
90 | |||
91 | -p port | ||
92 | Specifies the port on which the server listens for connections | ||
93 | (default 22). Multiple port options are permitted. Ports | ||
94 | specified in the configuration file with the Port option are | ||
95 | ignored when a command-line port is specified. Ports specified | ||
96 | using the ListenAddress option override command-line ports. | ||
97 | |||
98 | -q Quiet mode. Nothing is sent to the system log. Normally the | ||
99 | beginning, authentication, and termination of each connection is | ||
100 | logged. | ||
101 | |||
102 | -T Extended test mode. Check the validity of the configuration | ||
103 | file, output the effective configuration to stdout and then exit. | ||
104 | Optionally, Match rules may be applied by specifying the | ||
105 | connection parameters using one or more -C options. | ||
106 | |||
107 | -t Test mode. Only check the validity of the configuration file and | ||
108 | sanity of the keys. This is useful for updating sshd reliably as | ||
109 | configuration options may change. | ||
110 | |||
111 | -u len This option is used to specify the size of the field in the utmp | ||
112 | structure that holds the remote host name. If the resolved host | ||
113 | name is longer than len, the dotted decimal value will be used | ||
114 | instead. This allows hosts with very long host names that | ||
115 | overflow this field to still be uniquely identified. Specifying | ||
116 | -u0 indicates that only dotted decimal addresses should be put | ||
117 | into the utmp file. -u0 may also be used to prevent sshd from | ||
118 | making DNS requests unless the authentication mechanism or | ||
119 | configuration requires it. Authentication mechanisms that may | ||
120 | require DNS include HostbasedAuthentication and using a | ||
121 | from="pattern-list" option in a key file. Configuration options | ||
122 | that require DNS include using a USER@HOST pattern in AllowUsers | ||
123 | or DenyUsers. | ||
124 | |||
125 | AUTHENTICATION | ||
126 | The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a | ||
127 | host-specific key, used to identify the host. Whenever a client | ||
128 | connects, the daemon responds with its public host key. The client | ||
129 | compares the host key against its own database to verify that it has not | ||
130 | changed. Forward security is provided through a Diffie-Hellman key | ||
131 | agreement. This key agreement results in a shared session key. The rest | ||
132 | of the session is encrypted using a symmetric cipher, currently 128-bit | ||
133 | AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The | ||
134 | client selects the encryption algorithm to use from those offered by the | ||
135 | server. Additionally, session integrity is provided through a | ||
136 | cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, | ||
137 | umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). | ||
138 | |||
139 | Finally, the server and the client enter an authentication dialog. The | ||
140 | client tries to authenticate itself using host-based authentication, | ||
141 | public key authentication, challenge-response authentication, or password | ||
142 | authentication. | ||
143 | |||
144 | Regardless of the authentication type, the account is checked to ensure | ||
145 | that it is accessible. An account is not accessible if it is locked, | ||
146 | listed in DenyUsers or its group is listed in DenyGroups . The | ||
147 | definition of a locked account is system dependant. Some platforms have | ||
148 | their own account database (eg AIX) and some modify the passwd field ( | ||
149 | M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on | ||
150 | Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most | ||
151 | Linuxes). If there is a requirement to disable password authentication | ||
152 | for the account while allowing still public-key, then the passwd field | ||
153 | should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ). | ||
154 | |||
155 | If the client successfully authenticates itself, a dialog for preparing | ||
156 | the session is entered. At this time the client may request things like | ||
157 | allocating a pseudo-tty, forwarding X11 connections, forwarding TCP | ||
158 | connections, or forwarding the authentication agent connection over the | ||
159 | secure channel. | ||
160 | |||
161 | After this, the client either requests a shell or execution of a command. | ||
162 | The sides then enter session mode. In this mode, either side may send | ||
163 | data at any time, and such data is forwarded to/from the shell or command | ||
164 | on the server side, and the user terminal in the client side. | ||
165 | |||
166 | When the user program terminates and all forwarded X11 and other | ||
167 | connections have been closed, the server sends command exit status to the | ||
168 | client, and both sides exit. | ||
169 | |||
170 | LOGIN PROCESS | ||
171 | When a user successfully logs in, sshd does the following: | ||
172 | |||
173 | 1. If the login is on a tty, and no command has been specified, | ||
174 | prints last login time and /etc/motd (unless prevented in the | ||
175 | configuration file or by ~/.hushlogin; see the FILES section). | ||
176 | |||
177 | 2. If the login is on a tty, records login time. | ||
178 | |||
179 | 3. Checks /etc/nologin; if it exists, prints contents and quits | ||
180 | (unless root). | ||
181 | |||
182 | 4. Changes to run with normal user privileges. | ||
183 | |||
184 | 5. Sets up basic environment. | ||
185 | |||
186 | 6. Reads the file ~/.ssh/environment, if it exists, and users are | ||
187 | allowed to change their environment. See the | ||
188 | PermitUserEnvironment option in sshd_config(5). | ||
189 | |||
190 | 7. Changes to user's home directory. | ||
191 | |||
192 | 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option | ||
193 | is set, runs it; else if /etc/ssh/sshrc exists, runs it; | ||
194 | otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11 | ||
195 | authentication protocol and cookie in standard input. See | ||
196 | SSHRC, below. | ||
197 | |||
198 | 9. Runs user's shell or command. All commands are run under the | ||
199 | user's login shell as specified in the system password | ||
200 | database. | ||
201 | |||
202 | SSHRC | ||
203 | If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment | ||
204 | files but before starting the user's shell or command. It must not | ||
205 | produce any output on stdout; stderr must be used instead. If X11 | ||
206 | forwarding is in use, it will receive the "proto cookie" pair in its | ||
207 | standard input (and DISPLAY in its environment). The script must call | ||
208 | xauth(1) because sshd will not run xauth automatically to add X11 | ||
209 | cookies. | ||
210 | |||
211 | The primary purpose of this file is to run any initialization routines | ||
212 | which may be needed before the user's home directory becomes accessible; | ||
213 | AFS is a particular example of such an environment. | ||
214 | |||
215 | This file will probably contain some initialization code followed by | ||
216 | something similar to: | ||
217 | |||
218 | if read proto cookie && [ -n "$DISPLAY" ]; then | ||
219 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then | ||
220 | # X11UseLocalhost=yes | ||
221 | echo add unix:`echo $DISPLAY | | ||
222 | cut -c11-` $proto $cookie | ||
223 | else | ||
224 | # X11UseLocalhost=no | ||
225 | echo add $DISPLAY $proto $cookie | ||
226 | fi | xauth -q - | ||
227 | fi | ||
228 | |||
229 | If this file does not exist, /etc/ssh/sshrc is run, and if that does not | ||
230 | exist either, xauth is used to add the cookie. | ||
231 | |||
232 | AUTHORIZED_KEYS FILE FORMAT | ||
233 | AuthorizedKeysFile specifies the files containing public keys for public | ||
234 | key authentication; if this option is not specified, the default is | ||
235 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the | ||
236 | file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are | ||
237 | ignored as comments). Public keys consist of the following space- | ||
238 | separated fields: options, keytype, base64-encoded key, comment. The | ||
239 | options field is optional. The keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], | ||
240 | M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or | ||
241 | M-bM-^@M-^\ssh-rsaM-bM-^@M-^]; the comment field is not used for anything (but may be | ||
242 | convenient for the user to identify the key). | ||
243 | |||
244 | Note that lines in this file can be several hundred bytes long (because | ||
245 | of the size of the public key encoding) up to a limit of 8 kilobytes, | ||
246 | which permits DSA keys up to 8 kilobits and RSA keys up to 16 kilobits. | ||
247 | You don't want to type them in; instead, copy the id_dsa.pub, | ||
248 | id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub file and edit it. | ||
249 | |||
250 | sshd enforces a minimum RSA key modulus size of 768 bits. | ||
251 | |||
252 | The options (if present) consist of comma-separated option | ||
253 | specifications. No spaces are permitted, except within double quotes. | ||
254 | The following option specifications are supported (note that option | ||
255 | keywords are case-insensitive): | ||
256 | |||
257 | agent-forwarding | ||
258 | Enable authentication agent forwarding previously disabled by the | ||
259 | restrict option. | ||
260 | |||
261 | cert-authority | ||
262 | Specifies that the listed key is a certification authority (CA) | ||
263 | that is trusted to validate signed certificates for user | ||
264 | authentication. | ||
265 | |||
266 | Certificates may encode access restrictions similar to these key | ||
267 | options. If both certificate restrictions and key options are | ||
268 | present, the most restrictive union of the two is applied. | ||
269 | |||
270 | command="command" | ||
271 | Specifies that the command is executed whenever this key is used | ||
272 | for authentication. The command supplied by the user (if any) is | ||
273 | ignored. The command is run on a pty if the client requests a | ||
274 | pty; otherwise it is run without a tty. If an 8-bit clean | ||
275 | channel is required, one must not request a pty or should specify | ||
276 | no-pty. A quote may be included in the command by quoting it | ||
277 | with a backslash. | ||
278 | |||
279 | This option might be useful to restrict certain public keys to | ||
280 | perform just a specific operation. An example might be a key | ||
281 | that permits remote backups but nothing else. Note that the | ||
282 | client may specify TCP and/or X11 forwarding unless they are | ||
283 | explicitly prohibited, e.g. using the restrict key option. | ||
284 | |||
285 | The command originally supplied by the client is available in the | ||
286 | SSH_ORIGINAL_COMMAND environment variable. Note that this option | ||
287 | applies to shell, command or subsystem execution. Also note that | ||
288 | this command may be superseded by a sshd_config(5) ForceCommand | ||
289 | directive. | ||
290 | |||
291 | If a command is specified and a forced-command is embedded in a | ||
292 | certificate used for authentication, then the certificate will be | ||
293 | accepted only if the two commands are identical. | ||
294 | |||
295 | environment="NAME=value" | ||
296 | Specifies that the string is to be added to the environment when | ||
297 | logging in using this key. Environment variables set this way | ||
298 | override other default environment values. Multiple options of | ||
299 | this type are permitted. Environment processing is disabled by | ||
300 | default and is controlled via the PermitUserEnvironment option. | ||
301 | |||
302 | from="pattern-list" | ||
303 | Specifies that in addition to public key authentication, either | ||
304 | the canonical name of the remote host or its IP address must be | ||
305 | present in the comma-separated list of patterns. See PATTERNS in | ||
306 | ssh_config(5) for more information on patterns. | ||
307 | |||
308 | In addition to the wildcard matching that may be applied to | ||
309 | hostnames or addresses, a from stanza may match IP addresses | ||
310 | using CIDR address/masklen notation. | ||
311 | |||
312 | The purpose of this option is to optionally increase security: | ||
313 | public key authentication by itself does not trust the network or | ||
314 | name servers or anything (but the key); however, if somebody | ||
315 | somehow steals the key, the key permits an intruder to log in | ||
316 | from anywhere in the world. This additional option makes using a | ||
317 | stolen key more difficult (name servers and/or routers would have | ||
318 | to be compromised in addition to just the key). | ||
319 | |||
320 | no-agent-forwarding | ||
321 | Forbids authentication agent forwarding when this key is used for | ||
322 | authentication. | ||
323 | |||
324 | no-port-forwarding | ||
325 | Forbids TCP forwarding when this key is used for authentication. | ||
326 | Any port forward requests by the client will return an error. | ||
327 | This might be used, e.g. in connection with the command option. | ||
328 | |||
329 | no-pty Prevents tty allocation (a request to allocate a pty will fail). | ||
330 | |||
331 | no-user-rc | ||
332 | Disables execution of ~/.ssh/rc. | ||
333 | |||
334 | no-X11-forwarding | ||
335 | Forbids X11 forwarding when this key is used for authentication. | ||
336 | Any X11 forward requests by the client will return an error. | ||
337 | |||
338 | permitopen="host:port" | ||
339 | Limit local port forwarding with ssh(1) -L such that it may only | ||
340 | connect to the specified host and port. IPv6 addresses can be | ||
341 | specified by enclosing the address in square brackets. Multiple | ||
342 | permitopen options may be applied separated by commas. No | ||
343 | pattern matching is performed on the specified hostnames, they | ||
344 | must be literal domains or addresses. A port specification of * | ||
345 | matches any port. | ||
346 | |||
347 | port-forwarding | ||
348 | Enable port forwarding previously disabled by the restrict | ||
349 | |||
350 | principals="principals" | ||
351 | On a cert-authority line, specifies allowed principals for | ||
352 | certificate authentication as a comma-separated list. At least | ||
353 | one name from the list must appear in the certificate's list of | ||
354 | principals for the certificate to be accepted. This option is | ||
355 | ignored for keys that are not marked as trusted certificate | ||
356 | signers using the cert-authority option. | ||
357 | |||
358 | pty Permits tty allocation previously disabled by the restrict | ||
359 | option. | ||
360 | |||
361 | restrict | ||
362 | Enable all restrictions, i.e. disable port, agent and X11 | ||
363 | forwarding, as well as disabling PTY allocation and execution of | ||
364 | ~/.ssh/rc. If any future restriction capabilities are added to | ||
365 | authorized_keys files they will be included in this set. | ||
366 | |||
367 | tunnel="n" | ||
368 | Force a tun(4) device on the server. Without this option, the | ||
369 | next available device will be used if the client requests a | ||
370 | tunnel. | ||
371 | |||
372 | user-rc | ||
373 | Enables execution of ~/.ssh/rc previously disabled by the | ||
374 | restrict option. | ||
375 | |||
376 | X11-forwarding | ||
377 | Permits X11 forwarding previously disabled by the restrict | ||
378 | option. | ||
379 | |||
380 | An example authorized_keys file: | ||
381 | |||
382 | # Comments allowed at start of line | ||
383 | ssh-rsa AAAAB3Nza...LiPk== user@example.net | ||
384 | from="*.sales.example.net,!pc.sales.example.net" ssh-rsa | ||
385 | AAAAB2...19Q== john@example.net | ||
386 | command="dump /home",no-pty,no-port-forwarding ssh-dss | ||
387 | AAAAC3...51R== example.net | ||
388 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss | ||
389 | AAAAB5...21S== | ||
390 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | ||
391 | jane@example.net | ||
392 | restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== | ||
393 | user@example.net | ||
394 | restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== | ||
395 | user@example.net | ||
396 | |||
397 | SSH_KNOWN_HOSTS FILE FORMAT | ||
398 | The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host | ||
399 | public keys for all known hosts. The global file should be prepared by | ||
400 | the administrator (optional), and the per-user file is maintained | ||
401 | automatically: whenever the user connects to an unknown host, its key is | ||
402 | added to the per-user file. | ||
403 | |||
404 | Each line in these files contains the following fields: markers | ||
405 | (optional), hostnames, keytype, base64-encoded key, comment. The fields | ||
406 | are separated by spaces. | ||
407 | |||
408 | The marker is optional, but if it is present then it must be one of | ||
409 | M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification | ||
410 | authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on | ||
411 | the line is revoked and must not ever be accepted. Only one marker | ||
412 | should be used on a key line. | ||
413 | |||
414 | Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as | ||
415 | wildcards); each pattern in turn is matched against the canonical host | ||
416 | name (when authenticating a client) or against the user-supplied name | ||
417 | (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to | ||
418 | indicate negation: if the host name matches a negated pattern, it is not | ||
419 | accepted (by that line) even if it matched another pattern on the line. | ||
420 | A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y | ||
421 | brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number. | ||
422 | |||
423 | Alternately, hostnames may be stored in a hashed form which hides host | ||
424 | names and addresses should the file's contents be disclosed. Hashed | ||
425 | hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may | ||
426 | appear on a single line and none of the above negation or wildcard | ||
427 | operators may be applied. | ||
428 | |||
429 | The keytype and base64-encoded key are taken directly from the host key; | ||
430 | they can be obtained, for example, from /etc/ssh/ssh_host_rsa_key.pub. | ||
431 | The optional comment field continues to the end of the line, and is not | ||
432 | used. | ||
433 | |||
434 | Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments. | ||
435 | |||
436 | When performing host authentication, authentication is accepted if any | ||
437 | matching line has the proper key; either one that matches exactly or, if | ||
438 | the server has presented a certificate for authentication, the key of the | ||
439 | certification authority that signed the certificate. For a key to be | ||
440 | trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^] | ||
441 | marker described above. | ||
442 | |||
443 | The known hosts file also provides a facility to mark keys as revoked, | ||
444 | for example when it is known that the associated private key has been | ||
445 | stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at | ||
446 | the beginning of the key line, and are never accepted for authentication | ||
447 | or as certification authorities, but instead will produce a warning from | ||
448 | ssh(1) when they are encountered. | ||
449 | |||
450 | It is permissible (but not recommended) to have several lines or | ||
451 | different host keys for the same names. This will inevitably happen when | ||
452 | short forms of host names from different domains are put in the file. It | ||
453 | is possible that the files contain conflicting information; | ||
454 | authentication is accepted if valid information can be found from either | ||
455 | file. | ||
456 | |||
457 | Note that the lines in these files are typically hundreds of characters | ||
458 | long, and you definitely don't want to type in the host keys by hand. | ||
459 | Rather, generate them by a script, ssh-keyscan(1) or by taking, for | ||
460 | example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the | ||
461 | front. ssh-keygen(1) also offers some basic automated editing for | ||
462 | ~/.ssh/known_hosts including removing hosts matching a host name and | ||
463 | converting all host names to their hashed representations. | ||
464 | |||
465 | An example ssh_known_hosts file: | ||
466 | |||
467 | # Comments allowed at start of line | ||
468 | closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net | ||
469 | cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= | ||
470 | # A hashed hostname | ||
471 | |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa | ||
472 | AAAA1234.....= | ||
473 | # A revoked key | ||
474 | @revoked * ssh-rsa AAAAB5W... | ||
475 | # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org | ||
476 | @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... | ||
477 | |||
478 | FILES | ||
479 | ~/.hushlogin | ||
480 | This file is used to suppress printing the last login time and | ||
481 | /etc/motd, if PrintLastLog and PrintMotd, respectively, are | ||
482 | enabled. It does not suppress printing of the banner specified | ||
483 | by Banner. | ||
484 | |||
485 | ~/.rhosts | ||
486 | This file is used for host-based authentication (see ssh(1) for | ||
487 | more information). On some machines this file may need to be | ||
488 | world-readable if the user's home directory is on an NFS | ||
489 | partition, because sshd reads it as root. Additionally, this | ||
490 | file must be owned by the user, and must not have write | ||
491 | permissions for anyone else. The recommended permission for most | ||
492 | machines is read/write for the user, and not accessible by | ||
493 | others. | ||
494 | |||
495 | ~/.shosts | ||
496 | This file is used in exactly the same way as .rhosts, but allows | ||
497 | host-based authentication without permitting login with | ||
498 | rlogin/rsh. | ||
499 | |||
500 | ~/.ssh/ | ||
501 | This directory is the default location for all user-specific | ||
502 | configuration and authentication information. There is no | ||
503 | general requirement to keep the entire contents of this directory | ||
504 | secret, but the recommended permissions are read/write/execute | ||
505 | for the user, and not accessible by others. | ||
506 | |||
507 | ~/.ssh/authorized_keys | ||
508 | Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used | ||
509 | for logging in as this user. The format of this file is | ||
510 | described above. The content of the file is not highly | ||
511 | sensitive, but the recommended permissions are read/write for the | ||
512 | user, and not accessible by others. | ||
513 | |||
514 | If this file, the ~/.ssh directory, or the user's home directory | ||
515 | are writable by other users, then the file could be modified or | ||
516 | replaced by unauthorized users. In this case, sshd will not | ||
517 | allow it to be used unless the StrictModes option has been set to | ||
518 | M-bM-^@M-^\noM-bM-^@M-^]. | ||
519 | |||
520 | ~/.ssh/environment | ||
521 | This file is read into the environment at login (if it exists). | ||
522 | It can only contain empty lines, comment lines (that start with | ||
523 | M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file | ||
524 | should be writable only by the user; it need not be readable by | ||
525 | anyone else. Environment processing is disabled by default and | ||
526 | is controlled via the PermitUserEnvironment option. | ||
527 | |||
528 | ~/.ssh/known_hosts | ||
529 | Contains a list of host keys for all hosts the user has logged | ||
530 | into that are not already in the systemwide list of known host | ||
531 | keys. The format of this file is described above. This file | ||
532 | should be writable only by root/the owner and can, but need not | ||
533 | be, world-readable. | ||
534 | |||
535 | ~/.ssh/rc | ||
536 | Contains initialization routines to be run before the user's home | ||
537 | directory becomes accessible. This file should be writable only | ||
538 | by the user, and need not be readable by anyone else. | ||
539 | |||
540 | /etc/hosts.equiv | ||
541 | This file is for host-based authentication (see ssh(1)). It | ||
542 | should only be writable by root. | ||
543 | |||
544 | /etc/moduli | ||
545 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group | ||
546 | Exchange" key exchange method. The file format is described in | ||
547 | moduli(5). If no usable groups are found in this file then fixed | ||
548 | internal groups will be used. | ||
549 | |||
550 | /etc/motd | ||
551 | See motd(5). | ||
552 | |||
553 | /etc/nologin | ||
554 | If this file exists, sshd refuses to let anyone except root log | ||
555 | in. The contents of the file are displayed to anyone trying to | ||
556 | log in, and non-root connections are refused. The file should be | ||
557 | world-readable. | ||
558 | |||
559 | /etc/shosts.equiv | ||
560 | This file is used in exactly the same way as hosts.equiv, but | ||
561 | allows host-based authentication without permitting login with | ||
562 | rlogin/rsh. | ||
563 | |||
564 | /etc/ssh/ssh_host_dsa_key | ||
565 | /etc/ssh/ssh_host_ecdsa_key | ||
566 | /etc/ssh/ssh_host_ed25519_key | ||
567 | /etc/ssh/ssh_host_rsa_key | ||
568 | These files contain the private parts of the host keys. These | ||
569 | files should only be owned by root, readable only by root, and | ||
570 | not accessible to others. Note that sshd does not start if these | ||
571 | files are group/world-accessible. | ||
572 | |||
573 | /etc/ssh/ssh_host_dsa_key.pub | ||
574 | /etc/ssh/ssh_host_ecdsa_key.pub | ||
575 | /etc/ssh/ssh_host_ed25519_key.pub | ||
576 | /etc/ssh/ssh_host_rsa_key.pub | ||
577 | These files contain the public parts of the host keys. These | ||
578 | files should be world-readable but writable only by root. Their | ||
579 | contents should match the respective private parts. These files | ||
580 | are not really used for anything; they are provided for the | ||
581 | convenience of the user so their contents can be copied to known | ||
582 | hosts files. These files are created using ssh-keygen(1). | ||
583 | |||
584 | /etc/ssh/ssh_known_hosts | ||
585 | Systemwide list of known host keys. This file should be prepared | ||
586 | by the system administrator to contain the public host keys of | ||
587 | all machines in the organization. The format of this file is | ||
588 | described above. This file should be writable only by root/the | ||
589 | owner and should be world-readable. | ||
590 | |||
591 | /etc/ssh/sshd_config | ||
592 | Contains configuration data for sshd. The file format and | ||
593 | configuration options are described in sshd_config(5). | ||
594 | |||
595 | /etc/ssh/sshrc | ||
596 | Similar to ~/.ssh/rc, it can be used to specify machine-specific | ||
597 | login-time initializations globally. This file should be | ||
598 | writable only by root, and should be world-readable. | ||
599 | |||
600 | /var/empty | ||
601 | chroot(2) directory used by sshd during privilege separation in | ||
602 | the pre-authentication phase. The directory should not contain | ||
603 | any files and must be owned by root and not group or world- | ||
604 | writable. | ||
605 | |||
606 | /var/run/sshd.pid | ||
607 | Contains the process ID of the sshd listening for connections (if | ||
608 | there are several daemons running concurrently for different | ||
609 | ports, this contains the process ID of the one started last). | ||
610 | The content of this file is not sensitive; it can be world- | ||
611 | readable. | ||
612 | |||
613 | SEE ALSO | ||
614 | scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), | ||
615 | ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5), | ||
616 | inetd(8), sftp-server(8) | ||
617 | |||
618 | AUTHORS | ||
619 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
620 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
621 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
622 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
623 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | ||
624 | for privilege separation. | ||
625 | |||
626 | OpenBSD 6.0 January 30, 2017 OpenBSD 6.0 | ||
diff --git a/sshd_config.0 b/sshd_config.0 new file mode 100644 index 000000000..b0160aa87 --- /dev/null +++ b/sshd_config.0 | |||
@@ -0,0 +1,1020 @@ | |||
1 | SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) | ||
2 | |||
3 | NAME | ||
4 | sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file | ||
5 | |||
6 | SYNOPSIS | ||
7 | /etc/ssh/sshd_config | ||
8 | |||
9 | DESCRIPTION | ||
10 | sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file | ||
11 | specified with -f on the command line). The file contains keyword- | ||
12 | argument pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines | ||
13 | are interpreted as comments. Arguments may optionally be enclosed in | ||
14 | double quotes (") in order to represent arguments containing spaces. | ||
15 | |||
16 | The possible keywords and their meanings are as follows (note that | ||
17 | keywords are case-insensitive and arguments are case-sensitive): | ||
18 | |||
19 | AcceptEnv | ||
20 | Specifies what environment variables sent by the client will be | ||
21 | copied into the session's environ(7). See SendEnv in | ||
22 | ssh_config(5) for how to configure the client. The TERM | ||
23 | environment variable is always sent whenever the client requests | ||
24 | a pseudo-terminal as it is required by the protocol. Variables | ||
25 | are specified by name, which may contain the wildcard characters | ||
26 | M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be separated by | ||
27 | whitespace or spread across multiple AcceptEnv directives. Be | ||
28 | warned that some environment variables could be used to bypass | ||
29 | restricted user environments. For this reason, care should be | ||
30 | taken in the use of this directive. The default is not to accept | ||
31 | any environment variables. | ||
32 | |||
33 | AddressFamily | ||
34 | Specifies which address family should be used by sshd(8). Valid | ||
35 | arguments are any (the default), inet (use IPv4 only), or inet6 | ||
36 | (use IPv6 only). | ||
37 | |||
38 | AllowAgentForwarding | ||
39 | Specifies whether ssh-agent(1) forwarding is permitted. The | ||
40 | default is yes. Note that disabling agent forwarding does not | ||
41 | improve security unless users are also denied shell access, as | ||
42 | they can always install their own forwarders. | ||
43 | |||
44 | AllowGroups | ||
45 | This keyword can be followed by a list of group name patterns, | ||
46 | separated by spaces. If specified, login is allowed only for | ||
47 | users whose primary group or supplementary group list matches one | ||
48 | of the patterns. Only group names are valid; a numerical group | ||
49 | ID is not recognized. By default, login is allowed for all | ||
50 | groups. The allow/deny directives are processed in the following | ||
51 | order: DenyUsers, AllowUsers, DenyGroups, and finally | ||
52 | AllowGroups. | ||
53 | |||
54 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
55 | |||
56 | AllowStreamLocalForwarding | ||
57 | Specifies whether StreamLocal (Unix-domain socket) forwarding is | ||
58 | permitted. The available options are yes (the default) or all to | ||
59 | allow StreamLocal forwarding, no to prevent all StreamLocal | ||
60 | forwarding, local to allow local (from the perspective of ssh(1)) | ||
61 | forwarding only or remote to allow remote forwarding only. Note | ||
62 | that disabling StreamLocal forwarding does not improve security | ||
63 | unless users are also denied shell access, as they can always | ||
64 | install their own forwarders. | ||
65 | |||
66 | AllowTcpForwarding | ||
67 | Specifies whether TCP forwarding is permitted. The available | ||
68 | options are yes (the default) or all to allow TCP forwarding, no | ||
69 | to prevent all TCP forwarding, local to allow local (from the | ||
70 | perspective of ssh(1)) forwarding only or remote to allow remote | ||
71 | forwarding only. Note that disabling TCP forwarding does not | ||
72 | improve security unless users are also denied shell access, as | ||
73 | they can always install their own forwarders. | ||
74 | |||
75 | AllowUsers | ||
76 | This keyword can be followed by a list of user name patterns, | ||
77 | separated by spaces. If specified, login is allowed only for | ||
78 | user names that match one of the patterns. Only user names are | ||
79 | valid; a numerical user ID is not recognized. By default, login | ||
80 | is allowed for all users. If the pattern takes the form | ||
81 | USER@HOST then USER and HOST are separately checked, restricting | ||
82 | logins to particular users from particular hosts. HOST criteria | ||
83 | may additionally contain addresses to match in CIDR | ||
84 | address/masklen format. The allow/deny directives are processed | ||
85 | in the following order: DenyUsers, AllowUsers, DenyGroups, and | ||
86 | finally AllowGroups. | ||
87 | |||
88 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
89 | |||
90 | AuthenticationMethods | ||
91 | Specifies the authentication methods that must be successfully | ||
92 | completed for a user to be granted access. This option must be | ||
93 | followed by one or more comma-separated lists of authentication | ||
94 | method names, or by the single string any to indicate the default | ||
95 | behaviour of accepting any single authentication method. If the | ||
96 | default is overridden, then successful authentication requires | ||
97 | completion of every method in at least one of these lists. | ||
98 | |||
99 | For example, "publickey,password publickey,keyboard-interactive" | ||
100 | would require the user to complete public key authentication, | ||
101 | followed by either password or keyboard interactive | ||
102 | authentication. Only methods that are next in one or more lists | ||
103 | are offered at each stage, so for this example it would not be | ||
104 | possible to attempt password or keyboard-interactive | ||
105 | authentication before public key. | ||
106 | |||
107 | For keyboard interactive authentication it is also possible to | ||
108 | restrict authentication to a specific device by appending a colon | ||
109 | followed by the device identifier bsdauth, pam, or skey, | ||
110 | depending on the server configuration. For example, | ||
111 | "keyboard-interactive:bsdauth" would restrict keyboard | ||
112 | interactive authentication to the bsdauth device. | ||
113 | |||
114 | If the publickey method is listed more than once, sshd(8) | ||
115 | verifies that keys that have been used successfully are not | ||
116 | reused for subsequent authentications. For example, | ||
117 | "publickey,publickey" requires successful authentication using | ||
118 | two different public keys. | ||
119 | |||
120 | Note that each authentication method listed should also be | ||
121 | explicitly enabled in the configuration. | ||
122 | |||
123 | AuthorizedKeysCommand | ||
124 | Specifies a program to be used to look up the user's public keys. | ||
125 | The program must be owned by root, not writable by group or | ||
126 | others and specified by an absolute path. Arguments to | ||
127 | AuthorizedKeysCommand accept the tokens described in the TOKENS | ||
128 | section. If no arguments are specified then the username of the | ||
129 | target user is used. | ||
130 | |||
131 | The program should produce on standard output zero or more lines | ||
132 | of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a | ||
133 | key supplied by AuthorizedKeysCommand does not successfully | ||
134 | authenticate and authorize the user then public key | ||
135 | authentication continues using the usual AuthorizedKeysFile | ||
136 | files. By default, no AuthorizedKeysCommand is run. | ||
137 | |||
138 | AuthorizedKeysCommandUser | ||
139 | Specifies the user under whose account the AuthorizedKeysCommand | ||
140 | is run. It is recommended to use a dedicated user that has no | ||
141 | other role on the host than running authorized keys commands. If | ||
142 | AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser | ||
143 | is not, then sshd(8) will refuse to start. | ||
144 | |||
145 | AuthorizedKeysFile | ||
146 | Specifies the file that contains the public keys used for user | ||
147 | authentication. The format is described in the AUTHORIZED_KEYS | ||
148 | FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile | ||
149 | accept the tokens described in the TOKENS section. After | ||
150 | expansion, AuthorizedKeysFile is taken to be an absolute path or | ||
151 | one relative to the user's home directory. Multiple files may be | ||
152 | listed, separated by whitespace. Alternately this option may be | ||
153 | set to none to skip checking for user keys in files. The default | ||
154 | is ".ssh/authorized_keys .ssh/authorized_keys2". | ||
155 | |||
156 | AuthorizedPrincipalsCommand | ||
157 | Specifies a program to be used to generate the list of allowed | ||
158 | certificate principals as per AuthorizedPrincipalsFile. The | ||
159 | program must be owned by root, not writable by group or others | ||
160 | and specified by an absolute path. Arguments to | ||
161 | AuthorizedPrincipalsCommand accept the tokens described in the | ||
162 | TOKENS section. If no arguments are specified then the username | ||
163 | of the target user is used. | ||
164 | |||
165 | The program should produce on standard output zero or more lines | ||
166 | of AuthorizedPrincipalsFile output. If either | ||
167 | AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is | ||
168 | specified, then certificates offered by the client for | ||
169 | authentication must contain a principal that is listed. By | ||
170 | default, no AuthorizedPrincipalsCommand is run. | ||
171 | |||
172 | AuthorizedPrincipalsCommandUser | ||
173 | Specifies the user under whose account the | ||
174 | AuthorizedPrincipalsCommand is run. It is recommended to use a | ||
175 | dedicated user that has no other role on the host than running | ||
176 | authorized principals commands. If AuthorizedPrincipalsCommand | ||
177 | is specified but AuthorizedPrincipalsCommandUser is not, then | ||
178 | sshd(8) will refuse to start. | ||
179 | |||
180 | AuthorizedPrincipalsFile | ||
181 | Specifies a file that lists principal names that are accepted for | ||
182 | certificate authentication. When using certificates signed by a | ||
183 | key listed in TrustedUserCAKeys, this file lists names, one of | ||
184 | which must appear in the certificate for it to be accepted for | ||
185 | authentication. Names are listed one per line preceded by key | ||
186 | options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). | ||
187 | Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored. | ||
188 | |||
189 | Arguments to AuthorizedPrincipalsFile accept the tokens described | ||
190 | in the TOKENS section. After expansion, AuthorizedPrincipalsFile | ||
191 | is taken to be an absolute path or one relative to the user's | ||
192 | home directory. The default is none, i.e. not to use a | ||
193 | principals file M-bM-^@M-^S in this case, the username of the user must | ||
194 | appear in a certificate's principals list for it to be accepted. | ||
195 | |||
196 | Note that AuthorizedPrincipalsFile is only used when | ||
197 | authentication proceeds using a CA listed in TrustedUserCAKeys | ||
198 | and is not consulted for certification authorities trusted via | ||
199 | ~/.ssh/authorized_keys, though the principals= key option offers | ||
200 | a similar facility (see sshd(8) for details). | ||
201 | |||
202 | Banner The contents of the specified file are sent to the remote user | ||
203 | before authentication is allowed. If the argument is none then | ||
204 | no banner is displayed. By default, no banner is displayed. | ||
205 | |||
206 | ChallengeResponseAuthentication | ||
207 | Specifies whether challenge-response authentication is allowed | ||
208 | (e.g. via PAM or through authentication styles supported in | ||
209 | login.conf(5)) The default is yes. | ||
210 | |||
211 | ChrootDirectory | ||
212 | Specifies the pathname of a directory to chroot(2) to after | ||
213 | authentication. At session startup sshd(8) checks that all | ||
214 | components of the pathname are root-owned directories which are | ||
215 | not writable by any other user or group. After the chroot, | ||
216 | sshd(8) changes the working directory to the user's home | ||
217 | directory. Arguments to ChrootDirectory accept the tokens | ||
218 | described in the TOKENS section. | ||
219 | |||
220 | The ChrootDirectory must contain the necessary files and | ||
221 | directories to support the user's session. For an interactive | ||
222 | session this requires at least a shell, typically sh(1), and | ||
223 | basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), | ||
224 | stderr(4), and tty(4) devices. For file transfer sessions using | ||
225 | SFTP no additional configuration of the environment is necessary | ||
226 | if the in-process sftp-server is used, though sessions which use | ||
227 | logging may require /dev/log inside the chroot directory on some | ||
228 | operating systems (see sftp-server(8) for details). | ||
229 | |||
230 | For safety, it is very important that the directory hierarchy be | ||
231 | prevented from modification by other processes on the system | ||
232 | (especially those outside the jail). Misconfiguration can lead | ||
233 | to unsafe environments which sshd(8) cannot detect. | ||
234 | |||
235 | The default is none, indicating not to chroot(2). | ||
236 | |||
237 | Ciphers | ||
238 | Specifies the ciphers allowed. Multiple ciphers must be comma- | ||
239 | separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, | ||
240 | then the specified ciphers will be appended to the default set | ||
241 | instead of replacing them. If the specified value begins with a | ||
242 | M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) | ||
243 | will be removed from the default set instead of replacing them. | ||
244 | |||
245 | The supported ciphers are: | ||
246 | |||
247 | 3des-cbc | ||
248 | aes128-cbc | ||
249 | aes192-cbc | ||
250 | aes256-cbc | ||
251 | aes128-ctr | ||
252 | aes192-ctr | ||
253 | aes256-ctr | ||
254 | aes128-gcm@openssh.com | ||
255 | aes256-gcm@openssh.com | ||
256 | arcfour | ||
257 | arcfour128 | ||
258 | arcfour256 | ||
259 | blowfish-cbc | ||
260 | cast128-cbc | ||
261 | chacha20-poly1305@openssh.com | ||
262 | |||
263 | The default is: | ||
264 | |||
265 | chacha20-poly1305@openssh.com, | ||
266 | aes128-ctr,aes192-ctr,aes256-ctr, | ||
267 | aes128-gcm@openssh.com,aes256-gcm@openssh.com | ||
268 | |||
269 | The list of available ciphers may also be obtained using "ssh -Q | ||
270 | cipher". | ||
271 | |||
272 | ClientAliveCountMax | ||
273 | Sets the number of client alive messages which may be sent | ||
274 | without sshd(8) receiving any messages back from the client. If | ||
275 | this threshold is reached while client alive messages are being | ||
276 | sent, sshd will disconnect the client, terminating the session. | ||
277 | It is important to note that the use of client alive messages is | ||
278 | very different from TCPKeepAlive. The client alive messages are | ||
279 | sent through the encrypted channel and therefore will not be | ||
280 | spoofable. The TCP keepalive option enabled by TCPKeepAlive is | ||
281 | spoofable. The client alive mechanism is valuable when the | ||
282 | client or server depend on knowing when a connection has become | ||
283 | inactive. | ||
284 | |||
285 | The default value is 3. If ClientAliveInterval is set to 15, and | ||
286 | ClientAliveCountMax is left at the default, unresponsive SSH | ||
287 | clients will be disconnected after approximately 45 seconds. | ||
288 | |||
289 | ClientAliveInterval | ||
290 | Sets a timeout interval in seconds after which if no data has | ||
291 | been received from the client, sshd(8) will send a message | ||
292 | through the encrypted channel to request a response from the | ||
293 | client. The default is 0, indicating that these messages will | ||
294 | not be sent to the client. | ||
295 | |||
296 | Compression | ||
297 | Specifies whether compression is enabled after the user has | ||
298 | authenticated successfully. The argument must be yes, delayed (a | ||
299 | legacy synonym for yes) or no. The default is yes. | ||
300 | |||
301 | DenyGroups | ||
302 | This keyword can be followed by a list of group name patterns, | ||
303 | separated by spaces. Login is disallowed for users whose primary | ||
304 | group or supplementary group list matches one of the patterns. | ||
305 | Only group names are valid; a numerical group ID is not | ||
306 | recognized. By default, login is allowed for all groups. The | ||
307 | allow/deny directives are processed in the following order: | ||
308 | DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. | ||
309 | |||
310 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
311 | |||
312 | DenyUsers | ||
313 | This keyword can be followed by a list of user name patterns, | ||
314 | separated by spaces. Login is disallowed for user names that | ||
315 | match one of the patterns. Only user names are valid; a | ||
316 | numerical user ID is not recognized. By default, login is | ||
317 | allowed for all users. If the pattern takes the form USER@HOST | ||
318 | then USER and HOST are separately checked, restricting logins to | ||
319 | particular users from particular hosts. HOST criteria may | ||
320 | additionally contain addresses to match in CIDR address/masklen | ||
321 | format. The allow/deny directives are processed in the following | ||
322 | order: DenyUsers, AllowUsers, DenyGroups, and finally | ||
323 | AllowGroups. | ||
324 | |||
325 | See PATTERNS in ssh_config(5) for more information on patterns. | ||
326 | |||
327 | DisableForwarding | ||
328 | Disables all forwarding features, including X11, ssh-agent(1), | ||
329 | TCP and StreamLocal. This option overrides all other forwarding- | ||
330 | related options and may simplify restricted configurations. | ||
331 | |||
332 | FingerprintHash | ||
333 | Specifies the hash algorithm used when logging key fingerprints. | ||
334 | Valid options are: md5 and sha256. The default is sha256. | ||
335 | |||
336 | ForceCommand | ||
337 | Forces the execution of the command specified by ForceCommand, | ||
338 | ignoring any command supplied by the client and ~/.ssh/rc if | ||
339 | present. The command is invoked by using the user's login shell | ||
340 | with the -c option. This applies to shell, command, or subsystem | ||
341 | execution. It is most useful inside a Match block. The command | ||
342 | originally supplied by the client is available in the | ||
343 | SSH_ORIGINAL_COMMAND environment variable. Specifying a command | ||
344 | of internal-sftp will force the use of an in-process SFTP server | ||
345 | that requires no support files when used with ChrootDirectory. | ||
346 | The default is none. | ||
347 | |||
348 | GatewayPorts | ||
349 | Specifies whether remote hosts are allowed to connect to ports | ||
350 | forwarded for the client. By default, sshd(8) binds remote port | ||
351 | forwardings to the loopback address. This prevents other remote | ||
352 | hosts from connecting to forwarded ports. GatewayPorts can be | ||
353 | used to specify that sshd should allow remote port forwardings to | ||
354 | bind to non-loopback addresses, thus allowing other hosts to | ||
355 | connect. The argument may be no to force remote port forwardings | ||
356 | to be available to the local host only, yes to force remote port | ||
357 | forwardings to bind to the wildcard address, or clientspecified | ||
358 | to allow the client to select the address to which the forwarding | ||
359 | is bound. The default is no. | ||
360 | |||
361 | GSSAPIAuthentication | ||
362 | Specifies whether user authentication based on GSSAPI is allowed. | ||
363 | The default is no. | ||
364 | |||
365 | GSSAPICleanupCredentials | ||
366 | Specifies whether to automatically destroy the user's credentials | ||
367 | cache on logout. The default is yes. | ||
368 | |||
369 | GSSAPIStrictAcceptorCheck | ||
370 | Determines whether to be strict about the identity of the GSSAPI | ||
371 | acceptor a client authenticates against. If set to yes then the | ||
372 | client must authenticate against the host service on the current | ||
373 | hostname. If set to no then the client may authenticate against | ||
374 | any service key stored in the machine's default store. This | ||
375 | facility is provided to assist with operation on multi homed | ||
376 | machines. The default is yes. | ||
377 | |||
378 | HostbasedAcceptedKeyTypes | ||
379 | Specifies the key types that will be accepted for hostbased | ||
380 | authentication as a comma-separated pattern list. Alternately if | ||
381 | the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the | ||
382 | specified key types will be appended to the default set instead | ||
383 | of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | ||
384 | character, then the specified key types (including wildcards) | ||
385 | will be removed from the default set instead of replacing them. | ||
386 | The default for this option is: | ||
387 | |||
388 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
389 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
390 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
391 | ssh-ed25519-cert-v01@openssh.com, | ||
392 | ssh-rsa-cert-v01@openssh.com, | ||
393 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
394 | ssh-ed25519,ssh-rsa | ||
395 | |||
396 | The list of available key types may also be obtained using "ssh | ||
397 | -Q key". | ||
398 | |||
399 | HostbasedAuthentication | ||
400 | Specifies whether rhosts or /etc/hosts.equiv authentication | ||
401 | together with successful public key client host authentication is | ||
402 | allowed (host-based authentication). The default is no. | ||
403 | |||
404 | HostbasedUsesNameFromPacketOnly | ||
405 | Specifies whether or not the server will attempt to perform a | ||
406 | reverse name lookup when matching the name in the ~/.shosts, | ||
407 | ~/.rhosts, and /etc/hosts.equiv files during | ||
408 | HostbasedAuthentication. A setting of yes means that sshd(8) | ||
409 | uses the name supplied by the client rather than attempting to | ||
410 | resolve the name from the TCP connection itself. The default is | ||
411 | no. | ||
412 | |||
413 | HostCertificate | ||
414 | Specifies a file containing a public host certificate. The | ||
415 | certificate's public key must match a private host key already | ||
416 | specified by HostKey. The default behaviour of sshd(8) is not to | ||
417 | load any certificates. | ||
418 | |||
419 | HostKey | ||
420 | Specifies a file containing a private host key used by SSH. The | ||
421 | defaults are /etc/ssh/ssh_host_dsa_key, | ||
422 | /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and | ||
423 | /etc/ssh/ssh_host_rsa_key. | ||
424 | |||
425 | Note that sshd(8) will refuse to use a file if it is group/world- | ||
426 | accessible and that the HostKeyAlgorithms option restricts which | ||
427 | of the keys are actually used by sshd(8). | ||
428 | |||
429 | It is possible to have multiple host key files. It is also | ||
430 | possible to specify public host key files instead. In this case | ||
431 | operations on the private key will be delegated to an | ||
432 | ssh-agent(1). | ||
433 | |||
434 | HostKeyAgent | ||
435 | Identifies the UNIX-domain socket used to communicate with an | ||
436 | agent that has access to the private host keys. If the string | ||
437 | "SSH_AUTH_SOCK" is specified, the location of the socket will be | ||
438 | read from the SSH_AUTH_SOCK environment variable. | ||
439 | |||
440 | HostKeyAlgorithms | ||
441 | Specifies the host key algorithms that the server offers. The | ||
442 | default for this option is: | ||
443 | |||
444 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
445 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
446 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
447 | ssh-ed25519-cert-v01@openssh.com, | ||
448 | ssh-rsa-cert-v01@openssh.com, | ||
449 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
450 | ssh-ed25519,ssh-rsa | ||
451 | |||
452 | The list of available key types may also be obtained using "ssh | ||
453 | -Q key". | ||
454 | |||
455 | IgnoreRhosts | ||
456 | Specifies that .rhosts and .shosts files will not be used in | ||
457 | HostbasedAuthentication. | ||
458 | |||
459 | /etc/hosts.equiv and /etc/shosts.equiv are still used. The | ||
460 | default is yes. | ||
461 | |||
462 | IgnoreUserKnownHosts | ||
463 | Specifies whether sshd(8) should ignore the user's | ||
464 | ~/.ssh/known_hosts during HostbasedAuthentication. The default | ||
465 | is no. | ||
466 | |||
467 | IPQoS Specifies the IPv4 type-of-service or DSCP class for the | ||
468 | connection. Accepted values are af11, af12, af13, af21, af22, | ||
469 | af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, | ||
470 | cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, or a | ||
471 | numeric value. This option may take one or two arguments, | ||
472 | separated by whitespace. If one argument is specified, it is | ||
473 | used as the packet class unconditionally. If two values are | ||
474 | specified, the first is automatically selected for interactive | ||
475 | sessions and the second for non-interactive sessions. The | ||
476 | default is lowdelay for interactive sessions and throughput for | ||
477 | non-interactive sessions. | ||
478 | |||
479 | KbdInteractiveAuthentication | ||
480 | Specifies whether to allow keyboard-interactive authentication. | ||
481 | The argument to this keyword must be yes or no. The default is | ||
482 | to use whatever value ChallengeResponseAuthentication is set to | ||
483 | (by default yes). | ||
484 | |||
485 | KerberosAuthentication | ||
486 | Specifies whether the password provided by the user for | ||
487 | PasswordAuthentication will be validated through the Kerberos | ||
488 | KDC. To use this option, the server needs a Kerberos servtab | ||
489 | which allows the verification of the KDC's identity. The default | ||
490 | is no. | ||
491 | |||
492 | KerberosGetAFSToken | ||
493 | If AFS is active and the user has a Kerberos 5 TGT, attempt to | ||
494 | acquire an AFS token before accessing the user's home directory. | ||
495 | The default is no. | ||
496 | |||
497 | KerberosOrLocalPasswd | ||
498 | If password authentication through Kerberos fails then the | ||
499 | password will be validated via any additional local mechanism | ||
500 | such as /etc/passwd. The default is yes. | ||
501 | |||
502 | KerberosTicketCleanup | ||
503 | Specifies whether to automatically destroy the user's ticket | ||
504 | cache file on logout. The default is yes. | ||
505 | |||
506 | KexAlgorithms | ||
507 | Specifies the available KEX (Key Exchange) algorithms. Multiple | ||
508 | algorithms must be comma-separated. Alternately if the specified | ||
509 | value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods | ||
510 | will be appended to the default set instead of replacing them. | ||
511 | If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the | ||
512 | specified methods (including wildcards) will be removed from the | ||
513 | default set instead of replacing them. The supported algorithms | ||
514 | are: | ||
515 | |||
516 | curve25519-sha256 | ||
517 | curve25519-sha256@libssh.org | ||
518 | diffie-hellman-group1-sha1 | ||
519 | diffie-hellman-group14-sha1 | ||
520 | diffie-hellman-group-exchange-sha1 | ||
521 | diffie-hellman-group-exchange-sha256 | ||
522 | ecdh-sha2-nistp256 | ||
523 | ecdh-sha2-nistp384 | ||
524 | ecdh-sha2-nistp521 | ||
525 | |||
526 | The default is: | ||
527 | |||
528 | curve25519-sha256,curve25519-sha256@libssh.org, | ||
529 | ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, | ||
530 | diffie-hellman-group-exchange-sha256, | ||
531 | diffie-hellman-group14-sha1 | ||
532 | |||
533 | The list of available key exchange algorithms may also be | ||
534 | obtained using "ssh -Q kex". | ||
535 | |||
536 | ListenAddress | ||
537 | Specifies the local addresses sshd(8) should listen on. The | ||
538 | following forms may be used: | ||
539 | |||
540 | ListenAddress host|IPv4_addr|IPv6_addr | ||
541 | ListenAddress host|IPv4_addr:port | ||
542 | ListenAddress [host|IPv6_addr]:port | ||
543 | |||
544 | If port is not specified, sshd will listen on the address and all | ||
545 | Port options specified. The default is to listen on all local | ||
546 | addresses. Multiple ListenAddress options are permitted. | ||
547 | |||
548 | LoginGraceTime | ||
549 | The server disconnects after this time if the user has not | ||
550 | successfully logged in. If the value is 0, there is no time | ||
551 | limit. The default is 120 seconds. | ||
552 | |||
553 | LogLevel | ||
554 | Gives the verbosity level that is used when logging messages from | ||
555 | sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, | ||
556 | VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. | ||
557 | DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify | ||
558 | higher levels of debugging output. Logging with a DEBUG level | ||
559 | violates the privacy of users and is not recommended. | ||
560 | |||
561 | MACs Specifies the available MAC (message authentication code) | ||
562 | algorithms. The MAC algorithm is used for data integrity | ||
563 | protection. Multiple algorithms must be comma-separated. If the | ||
564 | specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified | ||
565 | algorithms will be appended to the default set instead of | ||
566 | replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | ||
567 | character, then the specified algorithms (including wildcards) | ||
568 | will be removed from the default set instead of replacing them. | ||
569 | |||
570 | The algorithms that contain "-etm" calculate the MAC after | ||
571 | encryption (encrypt-then-mac). These are considered safer and | ||
572 | their use recommended. The supported MACs are: | ||
573 | |||
574 | hmac-md5 | ||
575 | hmac-md5-96 | ||
576 | hmac-ripemd160 | ||
577 | hmac-sha1 | ||
578 | hmac-sha1-96 | ||
579 | hmac-sha2-256 | ||
580 | hmac-sha2-512 | ||
581 | umac-64@openssh.com | ||
582 | umac-128@openssh.com | ||
583 | hmac-md5-etm@openssh.com | ||
584 | hmac-md5-96-etm@openssh.com | ||
585 | hmac-ripemd160-etm@openssh.com | ||
586 | hmac-sha1-etm@openssh.com | ||
587 | hmac-sha1-96-etm@openssh.com | ||
588 | hmac-sha2-256-etm@openssh.com | ||
589 | hmac-sha2-512-etm@openssh.com | ||
590 | umac-64-etm@openssh.com | ||
591 | umac-128-etm@openssh.com | ||
592 | |||
593 | The default is: | ||
594 | |||
595 | umac-64-etm@openssh.com,umac-128-etm@openssh.com, | ||
596 | hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, | ||
597 | hmac-sha1-etm@openssh.com, | ||
598 | umac-64@openssh.com,umac-128@openssh.com, | ||
599 | hmac-sha2-256,hmac-sha2-512,hmac-sha1 | ||
600 | |||
601 | The list of available MAC algorithms may also be obtained using | ||
602 | "ssh -Q mac". | ||
603 | |||
604 | Match Introduces a conditional block. If all of the criteria on the | ||
605 | Match line are satisfied, the keywords on the following lines | ||
606 | override those set in the global section of the config file, | ||
607 | until either another Match line or the end of the file. If a | ||
608 | keyword appears in multiple Match blocks that are satisfied, only | ||
609 | the first instance of the keyword is applied. | ||
610 | |||
611 | The arguments to Match are one or more criteria-pattern pairs or | ||
612 | the single token All which matches all criteria. The available | ||
613 | criteria are User, Group, Host, LocalAddress, LocalPort, and | ||
614 | Address. The match patterns may consist of single entries or | ||
615 | comma-separated lists and may use the wildcard and negation | ||
616 | operators described in the PATTERNS section of ssh_config(5). | ||
617 | |||
618 | The patterns in an Address criteria may additionally contain | ||
619 | addresses to match in CIDR address/masklen format, such as | ||
620 | 192.0.2.0/24 or 2001:db8::/32. Note that the mask length | ||
621 | provided must be consistent with the address - it is an error to | ||
622 | specify a mask length that is too long for the address or one | ||
623 | with bits set in this host portion of the address. For example, | ||
624 | 192.0.2.0/33 and 192.0.2.0/8, respectively. | ||
625 | |||
626 | Only a subset of keywords may be used on the lines following a | ||
627 | Match keyword. Available keywords are AcceptEnv, | ||
628 | AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, | ||
629 | AllowTcpForwarding, AllowUsers, AuthenticationMethods, | ||
630 | AuthorizedKeysCommand, AuthorizedKeysCommandUser, | ||
631 | AuthorizedKeysFile, AuthorizedPrincipalsCommand, | ||
632 | AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, | ||
633 | Banner, ChrootDirectory, ClientAliveCountMax, | ||
634 | ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, | ||
635 | GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, | ||
636 | HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, | ||
637 | KbdInteractiveAuthentication, KerberosAuthentication, | ||
638 | MaxAuthTries, MaxSessions, PasswordAuthentication, | ||
639 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, | ||
640 | PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, | ||
641 | PubkeyAuthentication, RekeyLimit, RevokedKeys, | ||
642 | StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, | ||
643 | X11DisplayOffset, X11Forwarding and X11UseLocalHost. | ||
644 | |||
645 | MaxAuthTries | ||
646 | Specifies the maximum number of authentication attempts permitted | ||
647 | per connection. Once the number of failures reaches half this | ||
648 | value, additional failures are logged. The default is 6. | ||
649 | |||
650 | MaxSessions | ||
651 | Specifies the maximum number of open shell, login or subsystem | ||
652 | (e.g. sftp) sessions permitted per network connection. Multiple | ||
653 | sessions may be established by clients that support connection | ||
654 | multiplexing. Setting MaxSessions to 1 will effectively disable | ||
655 | session multiplexing, whereas setting it to 0 will prevent all | ||
656 | shell, login and subsystem sessions while still permitting | ||
657 | forwarding. The default is 10. | ||
658 | |||
659 | MaxStartups | ||
660 | Specifies the maximum number of concurrent unauthenticated | ||
661 | connections to the SSH daemon. Additional connections will be | ||
662 | dropped until authentication succeeds or the LoginGraceTime | ||
663 | expires for a connection. The default is 10:30:100. | ||
664 | |||
665 | Alternatively, random early drop can be enabled by specifying the | ||
666 | three colon separated values start:rate:full (e.g. "10:30:60"). | ||
667 | sshd(8) will refuse connection attempts with a probability of | ||
668 | rate/100 (30%) if there are currently start (10) unauthenticated | ||
669 | connections. The probability increases linearly and all | ||
670 | connection attempts are refused if the number of unauthenticated | ||
671 | connections reaches full (60). | ||
672 | |||
673 | PasswordAuthentication | ||
674 | Specifies whether password authentication is allowed. The | ||
675 | default is yes. | ||
676 | |||
677 | PermitEmptyPasswords | ||
678 | When password authentication is allowed, it specifies whether the | ||
679 | server allows login to accounts with empty password strings. The | ||
680 | default is no. | ||
681 | |||
682 | PermitOpen | ||
683 | Specifies the destinations to which TCP port forwarding is | ||
684 | permitted. The forwarding specification must be one of the | ||
685 | following forms: | ||
686 | |||
687 | PermitOpen host:port | ||
688 | PermitOpen IPv4_addr:port | ||
689 | PermitOpen [IPv6_addr]:port | ||
690 | |||
691 | Multiple forwards may be specified by separating them with | ||
692 | whitespace. An argument of any can be used to remove all | ||
693 | restrictions and permit any forwarding requests. An argument of | ||
694 | none can be used to prohibit all forwarding requests. The | ||
695 | wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or | ||
696 | ports, respectively. By default all port forwarding requests are | ||
697 | permitted. | ||
698 | |||
699 | PermitRootLogin | ||
700 | Specifies whether root can log in using ssh(1). The argument | ||
701 | must be yes, prohibit-password, without-password, | ||
702 | forced-commands-only, or no. The default is prohibit-password. | ||
703 | |||
704 | If this option is set to prohibit-password or without-password, | ||
705 | password and keyboard-interactive authentication are disabled for | ||
706 | root. | ||
707 | |||
708 | If this option is set to forced-commands-only, root login with | ||
709 | public key authentication will be allowed, but only if the | ||
710 | command option has been specified (which may be useful for taking | ||
711 | remote backups even if root login is normally not allowed). All | ||
712 | other authentication methods are disabled for root. | ||
713 | |||
714 | If this option is set to no, root is not allowed to log in. | ||
715 | |||
716 | PermitTTY | ||
717 | Specifies whether pty(4) allocation is permitted. The default is | ||
718 | yes. | ||
719 | |||
720 | PermitTunnel | ||
721 | Specifies whether tun(4) device forwarding is allowed. The | ||
722 | argument must be yes, point-to-point (layer 3), ethernet (layer | ||
723 | 2), or no. Specifying yes permits both point-to-point and | ||
724 | ethernet. The default is no. | ||
725 | |||
726 | Independent of this setting, the permissions of the selected | ||
727 | tun(4) device must allow access to the user. | ||
728 | |||
729 | PermitUserEnvironment | ||
730 | Specifies whether ~/.ssh/environment and environment= options in | ||
731 | ~/.ssh/authorized_keys are processed by sshd(8). The default is | ||
732 | no. Enabling environment processing may enable users to bypass | ||
733 | access restrictions in some configurations using mechanisms such | ||
734 | as LD_PRELOAD. | ||
735 | |||
736 | PermitUserRC | ||
737 | Specifies whether any ~/.ssh/rc file is executed. The default is | ||
738 | yes. | ||
739 | |||
740 | PidFile | ||
741 | Specifies the file that contains the process ID of the SSH | ||
742 | daemon, or none to not write one. The default is | ||
743 | /var/run/sshd.pid. | ||
744 | |||
745 | Port Specifies the port number that sshd(8) listens on. The default | ||
746 | is 22. Multiple options of this type are permitted. See also | ||
747 | ListenAddress. | ||
748 | |||
749 | PrintLastLog | ||
750 | Specifies whether sshd(8) should print the date and time of the | ||
751 | last user login when a user logs in interactively. The default | ||
752 | is yes. | ||
753 | |||
754 | PrintMotd | ||
755 | Specifies whether sshd(8) should print /etc/motd when a user logs | ||
756 | in interactively. (On some systems it is also printed by the | ||
757 | shell, /etc/profile, or equivalent.) The default is yes. | ||
758 | |||
759 | PubkeyAcceptedKeyTypes | ||
760 | Specifies the key types that will be accepted for public key | ||
761 | authentication as a comma-separated pattern list. Alternately if | ||
762 | the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the | ||
763 | specified key types will be appended to the default set instead | ||
764 | of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y | ||
765 | character, then the specified key types (including wildcards) | ||
766 | will be removed from the default set instead of replacing them. | ||
767 | The default for this option is: | ||
768 | |||
769 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
770 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | ||
771 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | ||
772 | ssh-ed25519-cert-v01@openssh.com, | ||
773 | ssh-rsa-cert-v01@openssh.com, | ||
774 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | ||
775 | ssh-ed25519,ssh-rsa | ||
776 | |||
777 | The list of available key types may also be obtained using "ssh | ||
778 | -Q key". | ||
779 | |||
780 | PubkeyAuthentication | ||
781 | Specifies whether public key authentication is allowed. The | ||
782 | default is yes. | ||
783 | |||
784 | RekeyLimit | ||
785 | Specifies the maximum amount of data that may be transmitted | ||
786 | before the session key is renegotiated, optionally followed a | ||
787 | maximum amount of time that may pass before the session key is | ||
788 | renegotiated. The first argument is specified in bytes and may | ||
789 | have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, | ||
790 | Megabytes, or Gigabytes, respectively. The default is between | ||
791 | M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second | ||
792 | value is specified in seconds and may use any of the units | ||
793 | documented in the TIME FORMATS section. The default value for | ||
794 | RekeyLimit is default none, which means that rekeying is | ||
795 | performed after the cipher's default amount of data has been sent | ||
796 | or received and no time based rekeying is done. | ||
797 | |||
798 | RevokedKeys | ||
799 | Specifies revoked public keys file, or none to not use one. Keys | ||
800 | listed in this file will be refused for public key | ||
801 | authentication. Note that if this file is not readable, then | ||
802 | public key authentication will be refused for all users. Keys | ||
803 | may be specified as a text file, listing one public key per line, | ||
804 | or as an OpenSSH Key Revocation List (KRL) as generated by | ||
805 | ssh-keygen(1). For more information on KRLs, see the KEY | ||
806 | REVOCATION LISTS section in ssh-keygen(1). | ||
807 | |||
808 | StreamLocalBindMask | ||
809 | Sets the octal file creation mode mask (umask) used when creating | ||
810 | a Unix-domain socket file for local or remote port forwarding. | ||
811 | This option is only used for port forwarding to a Unix-domain | ||
812 | socket file. | ||
813 | |||
814 | The default value is 0177, which creates a Unix-domain socket | ||
815 | file that is readable and writable only by the owner. Note that | ||
816 | not all operating systems honor the file mode on Unix-domain | ||
817 | socket files. | ||
818 | |||
819 | StreamLocalBindUnlink | ||
820 | Specifies whether to remove an existing Unix-domain socket file | ||
821 | for local or remote port forwarding before creating a new one. | ||
822 | If the socket file already exists and StreamLocalBindUnlink is | ||
823 | not enabled, sshd will be unable to forward the port to the Unix- | ||
824 | domain socket file. This option is only used for port forwarding | ||
825 | to a Unix-domain socket file. | ||
826 | |||
827 | The argument must be yes or no. The default is no. | ||
828 | |||
829 | StrictModes | ||
830 | Specifies whether sshd(8) should check file modes and ownership | ||
831 | of the user's files and home directory before accepting login. | ||
832 | This is normally desirable because novices sometimes accidentally | ||
833 | leave their directory or files world-writable. The default is | ||
834 | yes. Note that this does not apply to ChrootDirectory, whose | ||
835 | permissions and ownership are checked unconditionally. | ||
836 | |||
837 | Subsystem | ||
838 | Configures an external subsystem (e.g. file transfer daemon). | ||
839 | Arguments should be a subsystem name and a command (with optional | ||
840 | arguments) to execute upon subsystem request. | ||
841 | |||
842 | The command sftp-server implements the SFTP file transfer | ||
843 | subsystem. | ||
844 | |||
845 | Alternately the name internal-sftp implements an in-process SFTP | ||
846 | server. This may simplify configurations using ChrootDirectory | ||
847 | to force a different filesystem root on clients. | ||
848 | |||
849 | By default no subsystems are defined. | ||
850 | |||
851 | SyslogFacility | ||
852 | Gives the facility code that is used when logging messages from | ||
853 | sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, | ||
854 | LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The | ||
855 | default is AUTH. | ||
856 | |||
857 | TCPKeepAlive | ||
858 | Specifies whether the system should send TCP keepalive messages | ||
859 | to the other side. If they are sent, death of the connection or | ||
860 | crash of one of the machines will be properly noticed. However, | ||
861 | this means that connections will die if the route is down | ||
862 | temporarily, and some people find it annoying. On the other | ||
863 | hand, if TCP keepalives are not sent, sessions may hang | ||
864 | indefinitely on the server, leaving "ghost" users and consuming | ||
865 | server resources. | ||
866 | |||
867 | The default is yes (to send TCP keepalive messages), and the | ||
868 | server will notice if the network goes down or the client host | ||
869 | crashes. This avoids infinitely hanging sessions. | ||
870 | |||
871 | To disable TCP keepalive messages, the value should be set to no. | ||
872 | |||
873 | TrustedUserCAKeys | ||
874 | Specifies a file containing public keys of certificate | ||
875 | authorities that are trusted to sign user certificates for | ||
876 | authentication, or none to not use one. Keys are listed one per | ||
877 | line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If | ||
878 | a certificate is presented for authentication and has its signing | ||
879 | CA key listed in this file, then it may be used for | ||
880 | authentication for any user listed in the certificate's | ||
881 | principals list. Note that certificates that lack a list of | ||
882 | principals will not be permitted for authentication using | ||
883 | TrustedUserCAKeys. For more details on certificates, see the | ||
884 | CERTIFICATES section in ssh-keygen(1). | ||
885 | |||
886 | UseDNS Specifies whether sshd(8) should look up the remote host name, | ||
887 | and to check that the resolved host name for the remote IP | ||
888 | address maps back to the very same IP address. | ||
889 | |||
890 | If this option is set to no (the default) then only addresses and | ||
891 | not host names may be used in ~/.ssh/authorized_keys from and | ||
892 | sshd_config Match Host directives. | ||
893 | |||
894 | UsePAM Enables the Pluggable Authentication Module interface. If set to | ||
895 | yes this will enable PAM authentication using | ||
896 | ChallengeResponseAuthentication and PasswordAuthentication in | ||
897 | addition to PAM account and session module processing for all | ||
898 | authentication types. | ||
899 | |||
900 | Because PAM challenge-response authentication usually serves an | ||
901 | equivalent role to password authentication, you should disable | ||
902 | either PasswordAuthentication or ChallengeResponseAuthentication. | ||
903 | |||
904 | If UsePAM is enabled, you will not be able to run sshd(8) as a | ||
905 | non-root user. The default is no. | ||
906 | |||
907 | VersionAddendum | ||
908 | Optionally specifies additional text to append to the SSH | ||
909 | protocol banner sent by the server upon connection. The default | ||
910 | is none. | ||
911 | |||
912 | X11DisplayOffset | ||
913 | Specifies the first display number available for sshd(8)'s X11 | ||
914 | forwarding. This prevents sshd from interfering with real X11 | ||
915 | servers. The default is 10. | ||
916 | |||
917 | X11Forwarding | ||
918 | Specifies whether X11 forwarding is permitted. The argument must | ||
919 | be yes or no. The default is no. | ||
920 | |||
921 | When X11 forwarding is enabled, there may be additional exposure | ||
922 | to the server and to client displays if the sshd(8) proxy display | ||
923 | is configured to listen on the wildcard address (see | ||
924 | X11UseLocalhost), though this is not the default. Additionally, | ||
925 | the authentication spoofing and authentication data verification | ||
926 | and substitution occur on the client side. The security risk of | ||
927 | using X11 forwarding is that the client's X11 display server may | ||
928 | be exposed to attack when the SSH client requests forwarding (see | ||
929 | the warnings for ForwardX11 in ssh_config(5)). A system | ||
930 | administrator may have a stance in which they want to protect | ||
931 | clients that may expose themselves to attack by unwittingly | ||
932 | requesting X11 forwarding, which can warrant a no setting. | ||
933 | |||
934 | Note that disabling X11 forwarding does not prevent users from | ||
935 | forwarding X11 traffic, as users can always install their own | ||
936 | forwarders. | ||
937 | |||
938 | X11UseLocalhost | ||
939 | Specifies whether sshd(8) should bind the X11 forwarding server | ||
940 | to the loopback address or to the wildcard address. By default, | ||
941 | sshd binds the forwarding server to the loopback address and sets | ||
942 | the hostname part of the DISPLAY environment variable to | ||
943 | localhost. This prevents remote hosts from connecting to the | ||
944 | proxy display. However, some older X11 clients may not function | ||
945 | with this configuration. X11UseLocalhost may be set to no to | ||
946 | specify that the forwarding server should be bound to the | ||
947 | wildcard address. The argument must be yes or no. The default | ||
948 | is yes. | ||
949 | |||
950 | XAuthLocation | ||
951 | Specifies the full pathname of the xauth(1) program, or none to | ||
952 | not use one. The default is /usr/X11R6/bin/xauth. | ||
953 | |||
954 | TIME FORMATS | ||
955 | sshd(8) command-line arguments and configuration file options that | ||
956 | specify time may be expressed using a sequence of the form: | ||
957 | time[qualifier], where time is a positive integer value and qualifier is | ||
958 | one of the following: | ||
959 | |||
960 | M-bM-^_M-(noneM-bM-^_M-) seconds | ||
961 | s | S seconds | ||
962 | m | M minutes | ||
963 | h | H hours | ||
964 | d | D days | ||
965 | w | W weeks | ||
966 | |||
967 | Each member of the sequence is added together to calculate the total time | ||
968 | value. | ||
969 | |||
970 | Time format examples: | ||
971 | |||
972 | 600 600 seconds (10 minutes) | ||
973 | 10m 10 minutes | ||
974 | 1h30m 1 hour 30 minutes (90 minutes) | ||
975 | |||
976 | TOKENS | ||
977 | Arguments to some keywords can make use of tokens, which are expanded at | ||
978 | runtime: | ||
979 | |||
980 | %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. | ||
981 | %F The fingerprint of the CA key. | ||
982 | %f The fingerprint of the key or certificate. | ||
983 | %h The home directory of the user. | ||
984 | %i The key ID in the certificate. | ||
985 | %K The base64-encoded CA key. | ||
986 | %k The base64-encoded key or certificate for authentication. | ||
987 | %s The serial number of the certificate. | ||
988 | %T The type of the CA key. | ||
989 | %t The key or certificate type. | ||
990 | %u The username. | ||
991 | |||
992 | AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u. | ||
993 | |||
994 | AuthorizedKeysFile accepts the tokens %%, %h, and %u. | ||
995 | |||
996 | AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, | ||
997 | %k, %s, %T, %t, and %u. | ||
998 | |||
999 | AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. | ||
1000 | |||
1001 | ChrootDirectory accepts the tokens %%, %h, and %u. | ||
1002 | |||
1003 | FILES | ||
1004 | /etc/ssh/sshd_config | ||
1005 | Contains configuration data for sshd(8). This file should be | ||
1006 | writable by root only, but it is recommended (though not | ||
1007 | necessary) that it be world-readable. | ||
1008 | |||
1009 | SEE ALSO | ||
1010 | sftp-server(8), sshd(8) | ||
1011 | |||
1012 | AUTHORS | ||
1013 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | ||
1014 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | ||
1015 | de Raadt and Dug Song removed many bugs, re-added newer features and | ||
1016 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | ||
1017 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | ||
1018 | for privilege separation. | ||
1019 | |||
1020 | OpenBSD 6.0 March 14, 2017 OpenBSD 6.0 | ||