summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2012-04-02* Fix cross-building:Colin Watson
- Allow using a cross-architecture pkg-config. - Pass default LDFLAGS to contrib/Makefile. - Allow dh_strip to strip gnome-ssh-askpass, rather than calling 'install -s'.
2011-09-06merge 5.9p1Colin Watson
2011-08-17 - (tim) [configure.ac] Typo in error message spotted by Andy TsouladzeTim Rice
2011-08-17 - (djm) [configure.ac] error out if the host lacks the necessary bits forDamien Miller
an explicitly requested sandbox type
2011-06-27 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox forDamien Miller
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 21:57:01Damien Miller
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@
2011-06-03 - (djm) [configure.ac] enable setproctitle emulation for OS XDamien Miller
2011-06-02 - (tim) [configure.ac defines.h] Run test program to detect system mailTim Rice
directory. Add --with-maildir option to override. Fixed OpenServer 6 getting it wrong. Fixed many systems having MAIL=/var/mail//username ok dtucker
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-04 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILETim Rice
so autoreconf 2.68 is happy.
2011-05-05 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]Damien Miller
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] [regress/README.regress] Remove ssh-rand-helper and all its tentacles. PRNGd seeding has been rolled into entropy.c directly. Thanks to tim@ for testing on affected platforms.
2011-02-05merge 5.8p1Colin Watson
2011-02-04cherry-pickDamien Miller
20110125 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-2620110127Tim Rice
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white space changes for consistency/readability. Makes autoconf 2.68 happy. "Nice work" djm
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-24merge 5.7p1Colin Watson
2011-01-22 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@.
2011-01-19 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior toDamien Miller
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- release testing (random crashes and failure to load ECC keys). ok dtucker@
2011-01-17- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.hDarren Tucker
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]Damien Miller
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are disabled on platforms that do not support them; add a "config_defined()" shell function that greps for defines in config.h and use them to decide on feature tests. Convert a couple of existing grep's over config.h to use the new function Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent backslash characters in filenames, enable it for Cygwin and use it to turn of tests for quotes backslashes in sftp-glob.sh. based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-16 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-basedDarren Tucker
on configurations that don't have it.
2011-01-12 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generatingTim Rice
ecdsa keys. ok djm.
2011-01-12 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compilerDamien Miller
flag tests that don't depend on gcc version at all; suggested by and ok dtucker@
2011-01-12 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoidDamien Miller
silly warnings on write() calls we don't care succeed or not.
2011-01-04 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpageDamien Miller
formatter if it is present, followed by nroff and groff respectively. Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports in favour of mandoc). feedback and ok tim
2011-01-02 - (djm) [configure.ac] Check whether libdes is needed when buildingDamien Miller
with Heimdal krb5 support. On OpenBSD this library no longer exists, so linking it unconditionally causes a build failure; ok dtucker
2010-12-04 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
shims for the new, non-deprecated OpenSSL key generation functions for platforms that don't have the new interfaces.
2010-11-08 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] AddTim Rice
support for platforms missing isblank(). ok djm@
2010-11-05 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]Darren Tucker
Import recent changes to regress/Makefile, pass a flag to enable ECC tests from configure through to regress/Makefile and use it in the tests.
2010-11-05 - (dtucker) [configure.ac platform.{c,h} session.cDarren Tucker
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@
2010-10-11 - (djm) [configure.ac] Use = instead of == in shell tests. Patch fromDamien Miller
dr AT vasco.com
2010-10-07 - djm@cvs.openbsd.org 2010/09/25 09:30:16Damien Miller
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] make use of new glob(3) GLOB_KEEPSTAT extension to save extra server rountrips to fetch per-file stat(2) information. NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to match.
2010-10-07 - matthew@cvs.openbsd.org 2010/09/24 13:33:00Damien Miller
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH
2010-09-10 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]Damien Miller
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-08-23merge 5.6p1Colin Watson
2010-08-16 - (dtucker) [configure.ac openbsd-compat/Makefile.inDarren Tucker
openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to the compat library which helps on platforms like old IRIX. Based on work by djm, tested by Tom Christensen.
2010-04-23 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dirDarren Tucker
in the openssl install directory (some newer openssl versions do this on at least some amd64 platforms).
2010-04-16merge 5.5p1Colin Watson
2010-04-10 - (dtucker) [configure.ac] Put the check for the existence of getaddrinfoDarren Tucker
back so we disable the IPv6 tests if we don't have it.
2010-04-09 - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enableDarren Tucker
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
2010-04-09 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if weDarren Tucker
have it and the path is not provided to --with-libedit. Based on a patch from Iain Morgan.
2010-03-31merge 5.4p1Colin Watson
2010-03-26 - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originallyDarren Tucker
by Ingo Weinhold via Scott McCreary, ok djm@
2010-03-09 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFODarren Tucker
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-05 - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@Damien Miller
2010-02-12- (djm) [configure.ac] Enable PKCS#11 support only when we find a workingDamien Miller
dlopen()
2010-02-12 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]Damien Miller
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] Remove obsolete smartcard support
2010-02-12 - markus@cvs.openbsd.org 2010/02/08 10:50:20Damien Miller
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
2010-02-10 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS forDamien Miller
getseuserbyname; patch from calebcase AT gmail.com via cjwatson AT debian.org
2010-01-24import openssh-5.3p1-gsskex-all-20100124.patchColin Watson