summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2016-11-01Use ptrace(PT_DENY_ATTACH, ..) on OS X.Darren Tucker
2016-09-29Remove portability support for mmapDamien Miller
We no longer need to wrap/replace mmap for portability now that pre-auth compression has been removed from OpenSSH.
2016-08-23removing UseLogin bits from configure.acDamien Miller
2016-08-17Only check for prctl once.Darren Tucker
2016-08-16add a --with-login-program configure argumentDamien Miller
Saves messing around with LOGIN_PROGRAM env var, which come packaging environments make hard to do during configure phase.
2016-08-16add --with-pam-service to specify PAM service nameDamien Miller
Saves messing around with CFLAGS to do it.
2016-08-02Use tabs consistently inside "case $host".Darren Tucker
2016-08-02Explicitly test for broken strnvis.Darren Tucker
NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former having existed for over ten years). Despite this incompatibility being reported during development (see http://gnats.netbsd.org/44977) they still shipped it. Even more unfortunately FreeBSD and later MacOS picked up this incompatible implementation. Try to detect this mess, and assume the only safe option if we're cross compiling. OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); ok djm@
2016-08-01modified: configure.ac opensshd.init.inTim Rice
Skip generating missing RSA1 key on startup unless ssh1 support is enabled. Spotted by Jean-Pierre Radley
2016-07-28define _OPENBSD_SOURCE for reallocarray on NetBSDDamien Miller
Report by and debugged with Hisashi T Fujinaka, dtucker nailed the problem (lack of prototype causing return type confusion).
2016-07-23Move Cygwin IPPORT_RESERVED overrride to defines.hDarren Tucker
Patch from vinschen at redhat.com.
2016-07-15add a --disable-pkcs11 knobDamien Miller
2016-07-15fix newline escaping for unsupported_algorithmsDamien Miller
The hmac-ripemd160 was incorrect and could lead to broken Makefiles on systems that lacked support for it, but I made all the others consistent too.
2016-07-14Check for VIS_ALL.Darren Tucker
If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
2016-07-14Add compat code for missing wcwidth.Darren Tucker
If we don't have wcwidth force fallback implementations of nl_langinfo and mbtowc. Based on advice from Ingo Schwarze.
2016-07-13Move err.h replacements into compat lib.Darren Tucker
Move implementations of err.h replacement functions into their own file in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
2016-07-11Check for wchar.h and langinfo.hDarren Tucker
Wrap includes in the appropriate #ifdefs.
2016-07-08whitelist more architectures for seccomp-bpfDamien Miller
bz#2590 - testing and patch from Jakub Jelen
2016-06-14Use Solaris setpflags(__PROC_PROTECT, ...).Darren Tucker
Where possible, use Solaris setpflags to disable process tracing on ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee at oracle.com, ok djm.
2016-05-31modified: configure.acTim Rice
whitspace clean up. No code changes.
2016-04-08Remove NO_IPPORT_RESERVED_CONCEPTDarren Tucker
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have the same effect without causing problems syncing patches with OpenBSD. Resync the two affected functions with OpenBSD. ok djm, sanity checked by Corinna.
2016-04-04Tidy up openssl header test.Darren Tucker
2016-04-04Fix configure-time warnings for openssl test.Darren Tucker
2016-02-23fix sandbox on OSX LionDamien Miller
sshd was failing with: ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw image not found [preauth] caused by chroot before sandboxing. Avoid by explicitly linking libsandbox to sshd. Spotted by Darren.
2016-02-19Make Solaris privs code build on older systems.Darren Tucker
Not all systems with Solaris privs have priv_basicset so factor that out and provide backward compatibility code. Similarly, not all have PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from alex at cooperi.net and djm@ with help from carson at taltos.org and wieland at purdue.edu.
2016-02-17Look for gethostbyname in libresolv and libnsl.Darren Tucker
Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
2016-01-08Support Illumos/Solaris fine-grained privilegesDamien Miller
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
2015-12-15Allow --without-ssl-engine with --without-opensslDarren Tucker
Patch from Mike Frysinger via github.
2015-12-15Include openssl crypto.h for SSLeay.Darren Tucker
Patch from doughdemon via github.
2015-11-30Add a null implementation of pledge.Darren Tucker
Fixes builds on almost everything.
2015-11-10Fix compiler warnings in the openssl header check.Darren Tucker
Noted by Austin English.
2015-10-14s/SANDBOX_TAME/SANDBOX_PLEDGE/gDamien Miller
2015-10-14upstream commitderaadt@openbsd.org
Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
2015-10-08hook tame(2) sandbox up to buildDamien Miller
OpenBSD only for now
2015-09-11Correct default value for --with-ssh1.Darren Tucker
bz#2457, from konto-mindrot.org at walimnieto.com.
2015-09-11Force resolution of _res for correct detection.Darren Tucker
bz#2259, from sconeu at yahoo.com.
2015-09-03don't check for yp_match; ok tim@Damien Miller
2015-07-17Check if realpath works on nonexistent files.Darren Tucker
On some platforms the native realpath doesn't work with non-existent files (this is actually specified in some versions of POSIX), however the sftp spec says its realpath with "canonicalize any given path name". On those platforms, use realpath from the compat library. In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines the realpath symbol to the checked version, so redefine ours to something else so we pick up the compat version we want. bz#2428, ok djm@
2015-07-15upstream commitdjm@openbsd.org
Compile-time disable SSH v.1 again Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
2015-07-01s/--with-ssh1/--without-ssh1/Damien Miller
2015-06-18fix syntax errorDamien Miller
2015-06-17aarch64 support for seccomp-bpf sandboxDamien Miller
Also resort and tidy syscall list. Based on patches by Jakub Jelen bz#2361; ok dtucker@
2015-06-03Remove unneeded backslashes. Patch from Ángel GonzálezTim Rice
2015-05-29re-enable SSH protocol 1 at compile timeDamien Miller
2015-04-17Look for '${host}-ar' before 'ar'.Darren Tucker
This changes configure.ac to look for '${host}-ar' as set by AC_CANONICAL_HOST before looking for the unprefixed 'ar'. Useful when cross-compiling when all your binutils are prefixed. Patch from moben at exherbo org via astrand at lysator liu se and bz#2352.
2015-03-27upstream commitdjm@openbsd.org
Compile-time disable SSH protocol 1. You can turn it back on using the Makefile.inc knob if you need it to talk to ancient devices.
2015-03-04check for crypt and DES_crypt in openssl blockDamien Miller
fixes builds on systems that use DES_crypt; based on patch from Roumen Petrov
2015-02-21Add null declaration of AI_NUMERICINFO.Darren Tucker
Some platforms (older FreeBSD and DragonFly versions) do have getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero in those cases.
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-13add --without-ssh1 option to configureDamien Miller
Allows disabling support for SSH protocol 1.