Age | Commit message (Collapse) | Author |
|
incompatible with OpenBSD's despite post-dating it by more than a decade.
Declare it as broken, and document FreeBSD's as the same. ok djm@
|
|
platform hardening options: include some long long int arithmatic
to detect missing support functions for -ftrapv in libgcc and
equivalents, actually test linking when -ftrapv is supplied and
set either both -pie/-fPIE or neither. feedback and ok dtucker@
|
|
to build Position Independent Executables on gcc >= 4.x; ok dtucker
|
|
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
|
|
optind) are defined in getopt.h already. Unfortunately they are defined as
"declspec(dllimport)" for historical reasons, because the GNU linker didn't
allow auto-import on PE/COFF targets way back when. The problem is the
dllexport attributes collide with the definitions in the various source
files in OpenSSH, which obviousy define the variables without
declspec(dllimport). The least intrusive way to get rid of these warnings
is to disable warnings for GCC compiler attributes when building on Cygwin.
Patch from vinschen at redhat.com.
|
|
stack-protector since that has a separate flag that's been around a while.
|
|
|
|
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
to be useful (and for the regression tests to pass) on platforms that
have statfs and fstatfs. ok djm@
|
|
openbsd-compat/openssl-compat.h] Add compatibility layer for older
openssl versions. ok djm@
|
|
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
[sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
|
|
separate lines and alphabetize for easier diffing of changes.
|
|
hardening flags including -fstack-protector-strong. These default to on
if the toolchain supports them, but there is a configure-time knob
(--without-hardening) to disable them if necessary. ok djm@
|
|
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
|
|
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
|
|
|
|
-L location for libedit. Patch from Serge van den Boom.
|
|
|
|
|
|
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
|
|
and pass in TEST_ENV. Unknown options cause stderr to get polluted
and the stderr-data test to fail.
|
|
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
|
|
that lack it but have arc4random_uniform()
|
|
for platforms that don't have them.
|
|
for building with older Heimdal versions. ok djm.
|
|
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
|
|
platforms that don't have multibyte character support (specifically,
mblen).
|
|
sys/socket.h.
|
|
|
|
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
|
|
Patch from Nathan Osman.
|
|
to prevent noise from configure. Patch from Nathan Osman.
|
|
back to time(NULL) if we can't find it anywhere.
|
|
rather than trying to enumerate the plaforms that don't have them.
Based on a patch from Nathan Osman, with help from tim@.
|
|
using openssl's DES_crpyt function on platorms that don't have a native
one, eg Android. Based on a patch from Nathan Osman.
|
|
implementation of endgrent for platforms that don't have it (eg Android).
Loosely based on a patch from Nathan Osman, ok djm
|
|
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
|
|
we don't get a warning on compilers that *don't* support it. Add
-Wno-unknown-warning-option. Move both to the start of the list for
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
|
|
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
|
|
platforms, such as Android, that lack struct passwd.pw_gecos. Report
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
|
|
unused argument warnings (in particular, -fno-builtin-memset) from clang.
|
|
|
|
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
so mark it as broken. Patch from des AT des.no
|
|
of the bits the configure test looks for.
|
|
Add a usleep replacement for platforms that lack it; ok dtucker
|
|
is unable to successfully compile them. Based on patch from des AT
des.no
|
|
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
|
|
chance to complete on broken systems; ok dtucker@
|
|
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
|
|
Kevin Brott.
|
|
to use Solaris native GSS libs. Patch from Pierre Ossman.
|