summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-13add --without-ssh1 option to configureDamien Miller
Allows disabling support for SSH protocol 1.
2014-12-10Add reallocarray to compat libraryDarren Tucker
2014-10-30include version number in OpenSSL-too-old errorDamien Miller
2014-08-27 - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()Damien Miller
using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.
2014-08-23 - (djm) [configure.ac] We now require a working vsnprintf everywhere (notDamien Miller
just for systems that lack asprintf); check for it always and extend test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-22 - (djm) [configure.ac] double braces to appease autoconfDamien Miller
2014-08-22 - (djm) [configure.ac] include leading zero characters in OpenSSL versionDamien Miller
number; fixes test for unsupported versions
2014-08-20 - (djm) [configure.ac] Check OpenSSL version is supported at configure time;Damien Miller
suggested by Kevin Brott
2014-07-15 - (djm) [configure.ac] Delay checks for arc4random* until after libcryptoDamien Miller
has been located; fixes builds agains libressl-portable
2014-07-03 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcryptoDamien Miller
doesn't support it.
2014-06-13 - (dtucker) [configure.ac] Remove tcpwrappers support, support has alreadyDarren Tucker
been removed from sshd.c.
2014-05-27 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]Damien Miller
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen.
2014-05-21 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to useDamien Miller
vhangup on Linux. It doens't work for non-root users, and for them it just messes up the tty settings.
2014-05-15 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]Damien Miller
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we writeDamien Miller
portability glue to support building without libcrypto
2014-02-2120140221Tim Rice
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-13 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compatDarren Tucker
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2014-01-30 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offeringDamien Miller
different symbols for 'read' when various compiler flags are in use, causing atomicio.c comparisons against it to break and read/write operations to hang; ok dtucker
2014-01-30 - (djm) [configure.ac] Only check for width-specified integer typesDamien Miller
in headers that actually exist. patch from Tom G. Christensen; ok dtucker@
2014-01-29 - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch fromDamien Miller
Tom G. Christensen
2014-01-28 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;Damien Miller
ok dtucker
2014-01-26 - (djm) [configure.ac] correct AC_DEFINE for previous.Damien Miller
2014-01-26 - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] DisableDamien Miller
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, libc will attempt to open additional file descriptors for crypto offload and crash if they cannot be opened.
2014-01-25 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so testDamien Miller
against the correct thing.
2014-01-25 - (djm) [configure.ac] Do not attempt to use capsicum sandbox unlessDamien Miller
sys/capability.h exists and cap_rights_limit is in libc. Fixes build on FreeBSD9x which provides the header but not the libc support.
2014-01-25 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSDDamien Miller
2014-01-23 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitouslyDarren Tucker
incompatible with OpenBSD's despite post-dating it by more than a decade. Declare it as broken, and document FreeBSD's as the same. ok djm@
2014-01-22 - (djm) [configure.ac aclocal.m4] More tests to detect fallout fromDamien Miller
platform hardening options: include some long long int arithmatic to detect missing support functions for -ftrapv in libgcc and equivalents, actually test linking when -ftrapv is supplied and set either both -pie/-fPIE or neither. feedback and ok dtucker@
2014-01-22 - (djm) [configure.ac] Unless specifically requested, only attemptDamien Miller
to build Position Independent Executables on gcc >= 4.x; ok dtucker
2014-01-21 - (dtucker) [configure.ac] Make PIE a configure-time option which defaultsDarren Tucker
to on platforms where it's known to be reliably detected and off elsewhere. Works around platforms such as FreeBSD 9.1 where it does not interop with -ftrapv (it seems to work but fails when trying to link ssh). ok djm@
2014-01-18 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,Darren Tucker
optind) are defined in getopt.h already. Unfortunately they are defined as "declspec(dllimport)" for historical reasons, because the GNU linker didn't allow auto-import on PE/COFF targets way back when. The problem is the dllexport attributes collide with the definitions in the various source files in OpenSSH, which obviousy define the variables without declspec(dllimport). The least intrusive way to get rid of these warnings is to disable warnings for GCC compiler attributes when building on Cygwin. Patch from vinschen at redhat.com.
2014-01-17 - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn offDarren Tucker
stack-protector since that has a separate flag that's been around a while.
2014-01-17 - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.Darren Tucker
2014-01-17 - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.cDarren Tucker
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs to be useful (and for the regression tests to pass) on platforms that have statfs and fstatfs. ok djm@
2014-01-17 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.cDarren Tucker
openbsd-compat/openssl-compat.h] Add compatibility layer for older openssl versions. ok djm@
2014-01-17 - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]Damien Miller
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-17 - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions intoDarren Tucker
separate lines and alphabetize for easier diffing of changes.
2014-01-17 - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchainDarren Tucker
hardening flags including -fstack-protector-strong. These default to on if the toolchain supports them, but there is a configure-time knob (--without-hardening) to disable them if necessary. ok djm@
2013-12-19 - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versionsDarren Tucker
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
2013-12-07 - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]Damien Miller
[openbsd-compat/blf.h openbsd-compat/blowfish.c] [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in portable.
2013-12-07 - [Makefile.in] Add ed25519 sourcesDamien Miller
2013-12-05 - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correctDarren Tucker
-L location for libedit. Patch from Serge van den Boom.
2013-11-09 - (dtucker) [configure.ac] Add missing "test".Darren Tucker
2013-11-09 - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.Darren Tucker
2013-11-09 - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence ofDarren Tucker
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the latter actually works before using it. Fedora (at least) has NID_secp521r1 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
2013-11-09 - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platformDarren Tucker
and pass in TEST_ENV. Unknown options cause stderr to get polluted and the stderr-data test to fail.
2013-11-07 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environmentDarren Tucker
variable. It's no longer used now that we get the supported MACs from ssh -Q.
2013-11-07 - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platformsDamien Miller
that lack it but have arc4random_uniform()