summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2015-10-14upstream commitderaadt@openbsd.org
Change all tame callers to namechange to pledge(2). Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
2015-10-08hook tame(2) sandbox up to buildDamien Miller
OpenBSD only for now
2015-09-11Correct default value for --with-ssh1.Darren Tucker
bz#2457, from konto-mindrot.org at walimnieto.com.
2015-09-11Force resolution of _res for correct detection.Darren Tucker
bz#2259, from sconeu at yahoo.com.
2015-09-03don't check for yp_match; ok tim@Damien Miller
2015-07-17Check if realpath works on nonexistent files.Darren Tucker
On some platforms the native realpath doesn't work with non-existent files (this is actually specified in some versions of POSIX), however the sftp spec says its realpath with "canonicalize any given path name". On those platforms, use realpath from the compat library. In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines the realpath symbol to the checked version, so redefine ours to something else so we pick up the compat version we want. bz#2428, ok djm@
2015-07-15upstream commitdjm@openbsd.org
Compile-time disable SSH v.1 again Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
2015-07-01s/--with-ssh1/--without-ssh1/Damien Miller
2015-06-18fix syntax errorDamien Miller
2015-06-17aarch64 support for seccomp-bpf sandboxDamien Miller
Also resort and tidy syscall list. Based on patches by Jakub Jelen bz#2361; ok dtucker@
2015-06-03Remove unneeded backslashes. Patch from Ángel GonzálezTim Rice
2015-05-29re-enable SSH protocol 1 at compile timeDamien Miller
2015-04-17Look for '${host}-ar' before 'ar'.Darren Tucker
This changes configure.ac to look for '${host}-ar' as set by AC_CANONICAL_HOST before looking for the unprefixed 'ar'. Useful when cross-compiling when all your binutils are prefixed. Patch from moben at exherbo org via astrand at lysator liu se and bz#2352.
2015-03-27upstream commitdjm@openbsd.org
Compile-time disable SSH protocol 1. You can turn it back on using the Makefile.inc knob if you need it to talk to ancient devices.
2015-03-04check for crypt and DES_crypt in openssl blockDamien Miller
fixes builds on systems that use DES_crypt; based on patch from Roumen Petrov
2015-02-21Add null declaration of AI_NUMERICINFO.Darren Tucker
Some platforms (older FreeBSD and DragonFly versions) do have getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero in those cases.
2015-01-15support --without-openssl at configure timeDamien Miller
Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
2015-01-13add --without-ssh1 option to configureDamien Miller
Allows disabling support for SSH protocol 1.
2014-12-10Add reallocarray to compat libraryDarren Tucker
2014-10-30include version number in OpenSSL-too-old errorDamien Miller
2014-08-27 - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()Damien Miller
using memset_s() where possible; improve fallback to indirect bzero via a volatile pointer to give it more of a chance to avoid being optimised away.
2014-08-23 - (djm) [configure.ac] We now require a working vsnprintf everywhere (notDamien Miller
just for systems that lack asprintf); check for it always and extend test to catch more brokenness. Fixes builds on Solaris <= 9
2014-08-22 - (djm) [configure.ac] double braces to appease autoconfDamien Miller
2014-08-22 - (djm) [configure.ac] include leading zero characters in OpenSSL versionDamien Miller
number; fixes test for unsupported versions
2014-08-20 - (djm) [configure.ac] Check OpenSSL version is supported at configure time;Damien Miller
suggested by Kevin Brott
2014-07-15 - (djm) [configure.ac] Delay checks for arc4random* until after libcryptoDamien Miller
has been located; fixes builds agains libressl-portable
2014-07-03 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcryptoDamien Miller
doesn't support it.
2014-06-13 - (dtucker) [configure.ac] Remove tcpwrappers support, support has alreadyDarren Tucker
been removed from sshd.c.
2014-05-27 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]Damien Miller
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen.
2014-05-21 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to useDamien Miller
vhangup on Linux. It doens't work for non-root users, and for them it just messes up the tty settings.
2014-05-15 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]Damien Miller
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we writeDamien Miller
portability glue to support building without libcrypto
2014-02-2120140221Tim Rice
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-13 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compatDarren Tucker
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2014-01-30 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offeringDamien Miller
different symbols for 'read' when various compiler flags are in use, causing atomicio.c comparisons against it to break and read/write operations to hang; ok dtucker
2014-01-30 - (djm) [configure.ac] Only check for width-specified integer typesDamien Miller
in headers that actually exist. patch from Tom G. Christensen; ok dtucker@
2014-01-29 - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch fromDamien Miller
Tom G. Christensen
2014-01-28 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;Damien Miller
ok dtucker
2014-01-26 - (djm) [configure.ac] correct AC_DEFINE for previous.Damien Miller
2014-01-26 - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] DisableDamien Miller
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, libc will attempt to open additional file descriptors for crypto offload and crash if they cannot be opened.
2014-01-25 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so testDamien Miller
against the correct thing.
2014-01-25 - (djm) [configure.ac] Do not attempt to use capsicum sandbox unlessDamien Miller
sys/capability.h exists and cap_rights_limit is in libc. Fixes build on FreeBSD9x which provides the header but not the libc support.
2014-01-25 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSDDamien Miller
2014-01-23 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitouslyDarren Tucker
incompatible with OpenBSD's despite post-dating it by more than a decade. Declare it as broken, and document FreeBSD's as the same. ok djm@
2014-01-22 - (djm) [configure.ac aclocal.m4] More tests to detect fallout fromDamien Miller
platform hardening options: include some long long int arithmatic to detect missing support functions for -ftrapv in libgcc and equivalents, actually test linking when -ftrapv is supplied and set either both -pie/-fPIE or neither. feedback and ok dtucker@
2014-01-22 - (djm) [configure.ac] Unless specifically requested, only attemptDamien Miller
to build Position Independent Executables on gcc >= 4.x; ok dtucker
2014-01-21 - (dtucker) [configure.ac] Make PIE a configure-time option which defaultsDarren Tucker
to on platforms where it's known to be reliably detected and off elsewhere. Works around platforms such as FreeBSD 9.1 where it does not interop with -ftrapv (it seems to work but fails when trying to link ssh). ok djm@
2014-01-18 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,Darren Tucker
optind) are defined in getopt.h already. Unfortunately they are defined as "declspec(dllimport)" for historical reasons, because the GNU linker didn't allow auto-import on PE/COFF targets way back when. The problem is the dllexport attributes collide with the definitions in the various source files in OpenSSH, which obviousy define the variables without declspec(dllimport). The least intrusive way to get rid of these warnings is to disable warnings for GCC compiler attributes when building on Cygwin. Patch from vinschen at redhat.com.
2014-01-17 - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn offDarren Tucker
stack-protector since that has a separate flag that's been around a while.