summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2017-09-19add freezero(3) replacementDamien Miller
ok dtucker@
2017-09-19move FORTIFY_SOURCE into hardening options groupDamien Miller
It's still on by default, but now it's possible to turn it off using --without-hardening. This is useful since it's known to cause problems with some -fsanitize options. ok dtucker@
2017-09-08Give configure ability to set CFLAGS/LDFLAGS laterDamien Miller
Some CFLAGS/LDFLAGS may disrupt the configure script's operation, in particular santization and fuzzer options that break assumptions about memory and file descriptor dispositions. This adds two flags to configure --with-cflags-after and --with-ldflags-after that allow specifying additional compiler and linker options that are added to the resultant Makefiles but not used in the configure run itself. E.g. env CC=clang-3.9 ./configure \ --with-cflags-after=-fsantize=address \ --with-ldflags-after="-g -fsanitize=address"
2017-08-28Switch Capsicum header to sys/capsicum.h.Darren Tucker
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to avoid future conflicts with POSIX capabilities (the last release that didn't have it was 9.3) so switch to that. Patch from des at des.no.
2017-07-11modified: configure.acTim Rice
UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris Analysis by Robbie Zhang
2017-06-10portability for sftp globbed ls sort by mtimeDamien Miller
Include replacement timespeccmp() for systems that lack it. Support time_t struct stat->st_mtime in addition to timespec stat->st_mtim, as well as unsorted fallback.
2017-06-01add recallocarray replacement and dependencyDamien Miller
recallocarray() needs getpagesize() so add a tiny replacement for that.
2017-05-25configure: actually set cache vars when cross-compilingMike Frysinger
The cross-compiling fallback message says it's assuming the test passed, but it didn't actually set the cache var which causes later tests to fail.
2017-05-01remove configure --with-ssh1Damien Miller
2017-03-31Check for and use gcc's -pipe.Darren Tucker
Speeds up configure and build by a couple of percent. ok djm@
2017-03-29Remove check for OpenSSL < 0.9.8g.Darren Tucker
We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC in OpenSSL < 0.9.8g.
2017-03-24Enable ldns when using ldns-config.Darren Tucker
Actually enable ldns when attempting to use ldns-config. bz#2697, patch from fredrik at fornwall.net.
2017-03-20Add llabs() implementation.Darren Tucker
2017-03-14require OpenSSL >=1.0.1Damien Miller
2017-02-03prefer to use ldns-config to find libldnsDamien Miller
Should fix bz#2603 - "Build with ldns and without kerberos support fails if ldns compiled with kerberos support" by including correct cflags/libs ok dtucker@
2017-02-03Remove _XOPEN_SOURCE from wide char detection.Darren Tucker
Having _XOPEN_SOURCE unconditionally causes problems on some platforms and configurations, notably Solaris 64-bit binaries. It was there for the benefit of Linux put the required bits in the *-*linux* section. Patch from yvoinov at gmail.com.
2016-12-13Get default of TEST_SSH_UTF8 from environment.Darren Tucker
2016-12-13Add strcasestr to compat library.Darren Tucker
Fixes build on (at least) Solaris 10.
2016-12-09exit is in stdlib.h not unistd.h (that's _exit).Darren Tucker
2016-12-09Include <unistd.h> for exit in utf8 locale test.Darren Tucker
2016-12-08Check for utf8 local support before testing it.Darren Tucker
Check for utf8 local support and if not found, do not attempt to run the utf8 tests. Suggested by djm@
2016-12-08Use AC_PATH_TOOL for krb5-config.Darren Tucker
This will use the host-prefixed version when cross compiling; patch from david.michael at coreos.com.
2016-11-01Use ptrace(PT_DENY_ATTACH, ..) on OS X.Darren Tucker
2016-09-29Remove portability support for mmapDamien Miller
We no longer need to wrap/replace mmap for portability now that pre-auth compression has been removed from OpenSSH.
2016-08-23removing UseLogin bits from configure.acDamien Miller
2016-08-17Only check for prctl once.Darren Tucker
2016-08-16add a --with-login-program configure argumentDamien Miller
Saves messing around with LOGIN_PROGRAM env var, which come packaging environments make hard to do during configure phase.
2016-08-16add --with-pam-service to specify PAM service nameDamien Miller
Saves messing around with CFLAGS to do it.
2016-08-02Use tabs consistently inside "case $host".Darren Tucker
2016-08-02Explicitly test for broken strnvis.Darren Tucker
NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former having existed for over ten years). Despite this incompatibility being reported during development (see http://gnats.netbsd.org/44977) they still shipped it. Even more unfortunately FreeBSD and later MacOS picked up this incompatible implementation. Try to detect this mess, and assume the only safe option if we're cross compiling. OpenBSD 2.9 (2001): strnvis(char *dst, const char *src, size_t dlen, int flag); NetBSD 6.0 (2012): strnvis(char *dst, size_t dlen, const char *src, int flag); ok djm@
2016-08-01modified: configure.ac opensshd.init.inTim Rice
Skip generating missing RSA1 key on startup unless ssh1 support is enabled. Spotted by Jean-Pierre Radley
2016-07-28define _OPENBSD_SOURCE for reallocarray on NetBSDDamien Miller
Report by and debugged with Hisashi T Fujinaka, dtucker nailed the problem (lack of prototype causing return type confusion).
2016-07-23Move Cygwin IPPORT_RESERVED overrride to defines.hDarren Tucker
Patch from vinschen at redhat.com.
2016-07-15add a --disable-pkcs11 knobDamien Miller
2016-07-15fix newline escaping for unsupported_algorithmsDamien Miller
The hmac-ripemd160 was incorrect and could lead to broken Makefiles on systems that lacked support for it, but I made all the others consistent too.
2016-07-14Check for VIS_ALL.Darren Tucker
If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
2016-07-14Add compat code for missing wcwidth.Darren Tucker
If we don't have wcwidth force fallback implementations of nl_langinfo and mbtowc. Based on advice from Ingo Schwarze.
2016-07-13Move err.h replacements into compat lib.Darren Tucker
Move implementations of err.h replacement functions into their own file in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
2016-07-11Check for wchar.h and langinfo.hDarren Tucker
Wrap includes in the appropriate #ifdefs.
2016-07-08whitelist more architectures for seccomp-bpfDamien Miller
bz#2590 - testing and patch from Jakub Jelen
2016-06-14Use Solaris setpflags(__PROC_PROTECT, ...).Darren Tucker
Where possible, use Solaris setpflags to disable process tracing on ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee at oracle.com, ok djm.
2016-05-31modified: configure.acTim Rice
whitspace clean up. No code changes.
2016-04-08Remove NO_IPPORT_RESERVED_CONCEPTDarren Tucker
Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have the same effect without causing problems syncing patches with OpenBSD. Resync the two affected functions with OpenBSD. ok djm, sanity checked by Corinna.
2016-04-04Tidy up openssl header test.Darren Tucker
2016-04-04Fix configure-time warnings for openssl test.Darren Tucker
2016-02-23fix sandbox on OSX LionDamien Miller
sshd was failing with: ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw image not found [preauth] caused by chroot before sandboxing. Avoid by explicitly linking libsandbox to sshd. Spotted by Darren.
2016-02-19Make Solaris privs code build on older systems.Darren Tucker
Not all systems with Solaris privs have priv_basicset so factor that out and provide backward compatibility code. Similarly, not all have PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from alex at cooperi.net and djm@ with help from carson at taltos.org and wieland at purdue.edu.
2016-02-17Look for gethostbyname in libresolv and libnsl.Darren Tucker
Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
2016-01-08Support Illumos/Solaris fine-grained privilegesDamien Miller
Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
2015-12-15Allow --without-ssl-engine with --without-opensslDarren Tucker
Patch from Mike Frysinger via github.