From 0eeaf127b522caa8e5d9924de7ee33af80a01a5d Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 10 Sep 2007 16:24:17 -0700 Subject: - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we did a AC_CHECK_FUNCS within the AC_CHECK_LIB test. --- configure.ac | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index f1052b079..b06114b5b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.383 2007/08/10 04:36:12 dtucker Exp $ +# $Id: configure.ac,v 1.384 2007/09/10 23:24:18 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.383 $) +AC_REVISION($Revision: 1.384 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2004,7 +2004,10 @@ AC_CHECK_FUNCS(SHA256_Update EVP_sha256) saved_LIBS="$LIBS" AC_CHECK_LIB(iaf, ia_openinfo, [ LIBS="$LIBS -liaf" - AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"]) + AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf" + AC_DEFINE(HAVE_LIBIAF, 1, + [Define if system has libiaf that supports set_id]) + ]) ]) LIBS="$saved_LIBS" -- cgit v1.2.3 From 7c92a65a1d0feaa9712aa0542fe44455d621397a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 27 Sep 2007 07:00:09 +1000 Subject: - (dtucker) [configure.ac atomicio.c] Fall back to if we don't have (eq QNX). From bacon at cs nyu edu. --- ChangeLog | 6 +++++- atomicio.c | 4 ++++ configure.ac | 5 +++-- 3 files changed, 12 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index b03e768ea..7ddfe3640 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20070927 + - (dtucker) [configure.ac atomicio.c] Fall back to including if + we don't have (eq QNX). From bacon at cs nyu edu. + 20070921 - (djm) [atomicio.c] Fix spin avoidance for platforms that define EWOULDBLOCK; patch from ben AT psc.edu @@ -3262,4 +3266,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4758 2007/09/21 03:12:49 djm Exp $ +$Id: ChangeLog,v 1.4759 2007/09/26 21:00:09 dtucker Exp $ diff --git a/atomicio.c b/atomicio.c index 62ee40282..575bf8900 100644 --- a/atomicio.c +++ b/atomicio.c @@ -34,6 +34,10 @@ #include #ifdef HAVE_POLL_H #include +#else +# ifdef HAVE_SYS_POLL_H +# include +# endif #endif #include #include diff --git a/configure.ac b/configure.ac index b06114b5b..7ef93c7d0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.384 2007/09/10 23:24:18 tim Exp $ +# $Id: configure.ac,v 1.385 2007/09/26 21:00:09 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.384 $) +AC_REVISION($Revision: 1.385 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -223,6 +223,7 @@ AC_CHECK_HEADERS( \ sys/dir.h \ sys/mman.h \ sys/ndir.h \ + sys/poll.h \ sys/prctl.h \ sys/pstat.h \ sys/select.h \ -- cgit v1.2.3 From bc1bd9dbe33642bca860919dcfd95e0362d7aba4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 27 Sep 2007 07:03:20 +1000 Subject: - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6 so disable it for that platform. From bacon at cs nyu edu. --- ChangeLog | 4 +++- configure.ac | 5 +++-- defines.h | 6 +++++- 3 files changed, 11 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 7ddfe3640..d568a57a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20070927 - (dtucker) [configure.ac atomicio.c] Fall back to including if we don't have (eq QNX). From bacon at cs nyu edu. + - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6 + so disable it for that platform. From bacon at cs nyu edu. 20070921 - (djm) [atomicio.c] Fix spin avoidance for platforms that define @@ -3266,4 +3268,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4759 2007/09/26 21:00:09 dtucker Exp $ +$Id: ChangeLog,v 1.4760 2007/09/26 21:03:20 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 7ef93c7d0..e9402a735 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.385 2007/09/26 21:00:09 dtucker Exp $ +# $Id: configure.ac,v 1.386 2007/09/26 21:03:20 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.385 $) +AC_REVISION($Revision: 1.386 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -786,6 +786,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(SSHD_ACQUIRES_CTTY) + AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken]) enable_etc_default_login=no # has incompatible /etc/default/login case "$host" in *-*-nto-qnx6*) diff --git a/defines.h b/defines.h index 237795339..595908310 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.144 2007/09/17 15:32:33 tim Exp $ */ +/* $Id: defines.h,v 1.145 2007/09/26 21:03:20 dtucker Exp $ */ /* Constants */ @@ -540,6 +540,10 @@ struct winsize { # undef HAVE_UPDWTMPX #endif +#if defined(BROKEN_SHADOW_EXPIRE) && defined(HAS_SHADOW_EXPIRE) +# undef HAS_SHADOW_EXPIRE +#endif + #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \ defined(SYSLOG_R_SAFE_IN_SIGHAND) # define DO_LOG_SAFE_IN_SIGHAND -- cgit v1.2.3 From 319b3d9b00a38d0b7d6965173f3507e80bb1f46e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 2 Dec 2007 21:02:22 +1100 Subject: - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where gcc supports it. ok djm@ --- ChangeLog | 6 +++++- configure.ac | 13 +++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 2bf6d6d6b..669e20098 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20071202 + - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where + gcc supports it. ok djm@ + 20071030 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2007/10/29 23:49:41 @@ -3414,4 +3418,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4794 2007/10/29 23:52:44 djm Exp $ +$Id: ChangeLog,v 1.4795 2007/12/02 10:02:22 dtucker Exp $ diff --git a/configure.ac b/configure.ac index e9402a735..c9bce0199 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.386 2007/09/26 21:03:20 dtucker Exp $ +# $Id: configure.ac,v 1.387 2007/12/02 10:02:22 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.386 $) +AC_REVISION($Revision: 1.387 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -105,6 +105,15 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then *) ;; esac + AC_MSG_CHECKING(if $GCC understands -fstack-protector-all) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector-all" + AC_TRY_COMPILE([], [ int main(void){return 0;} ], + [ AC_MSG_RESULT(yes) ], + [ AC_MSG_RESULT(no) + CFLAGS="$saved_CFLAGS" ] + ) + if test -z "$have_llong_max"; then # retry LLONG_MAX with -std=gnu99, needed on some Linuxes unset ac_cv_have_decl_LLONG_MAX -- cgit v1.2.3 From 528d6fa10afce818b794eb73c8e3693ac5d2c493 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 31 Dec 2007 21:29:26 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of builtin glob implementation on Mac OS X. Based on a patch from vgiffin at apple. --- ChangeLog | 7 ++++++- configure.ac | 5 +++-- openbsd-compat/glob.c | 3 ++- openbsd-compat/glob.h | 3 ++- 4 files changed, 13 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index b32b72157..2f51c21e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20071231 + - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of + builtin glob implementation on Mac OS X. Based on a patch from + vgiffin at apple. + 20071229 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2007/12/12 05:04:03 @@ -3482,4 +3487,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4810 2007/12/28 22:37:10 dtucker Exp $ +$Id: ChangeLog,v 1.4811 2007/12/31 10:29:26 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c9bce0199..479d62820 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.387 2007/12/02 10:02:22 dtucker Exp $ +# $Id: configure.ac,v 1.388 2007/12/31 10:29:26 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.387 $) +AC_REVISION($Revision: 1.388 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -415,6 +415,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect]) AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, [Define if your resolver libs need this for getrrsetbyname]) AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 6489ea936..74b506403 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -48,7 +48,8 @@ #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ !defined(GLOB_HAS_GL_MATCHC) || \ - !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ + defined(BROKEN_GLOB) static long get_arg_max(void) diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 9f53f7a21..a2b36f974 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -39,7 +39,8 @@ #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ !defined(GLOB_HAS_GL_MATCHC) || \ - !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ + defined(BROKEN_GLOB) #ifndef _GLOB_H_ #define _GLOB_H_ -- cgit v1.2.3 From d4827ab50c8cacc7af3bab932b89ac4cfdd1e3c1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Jan 2008 18:08:45 +1100 Subject: - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. --- ChangeLog | 5 ++++- configure.ac | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index f49f40143..e1985abb2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20080102 + - (dtucker) [configure.ac] Fix message for -fstack-protector-all test. + 20080101 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2007/12/31 10:41:31 @@ -3516,4 +3519,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4816 2008/01/01 13:09:16 dtucker Exp $ +$Id: ChangeLog,v 1.4817 2008/01/02 07:08:45 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 479d62820..484d45d53 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.388 2007/12/31 10:29:26 dtucker Exp $ +# $Id: configure.ac,v 1.389 2008/01/02 07:08:45 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.388 $) +AC_REVISION($Revision: 1.389 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -105,7 +105,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then *) ;; esac - AC_MSG_CHECKING(if $GCC understands -fstack-protector-all) + AC_MSG_CHECKING(if $CC understands -fstack-protector-all) saved_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fstack-protector-all" AC_TRY_COMPILE([], [ int main(void){return 0;} ], -- cgit v1.2.3 From acada07b525a21b938ae17c311f529edde932371 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 25 Feb 2008 21:05:04 +1100 Subject: - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@ --- ChangeLog | 5 ++++- audit-bsm.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++------- configure.ac | 11 ++++++++--- 3 files changed, 62 insertions(+), 11 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index b67b29b09..0b2140320 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack since it now conflicts with the helper function in misc.c. From vinschen AT redhat.com. + - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation + of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). + Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@ 20080224 - (tim) [contrib/cygwin/ssh-host-config] @@ -3621,4 +3624,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4839 2008/02/25 09:21:20 dtucker Exp $ +$Id: ChangeLog,v 1.4840 2008/02/25 10:05:04 dtucker Exp $ diff --git a/audit-bsm.c b/audit-bsm.c index c26b4caed..2c417bc27 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */ /* * TODO @@ -40,7 +40,9 @@ #include #include +#include #include +#include #include #include "ssh.h" @@ -62,8 +64,6 @@ #if defined(HAVE_GETAUDIT_ADDR) #define AuditInfoStruct auditinfo_addr #define AuditInfoTermID au_tid_addr_t -#define GetAuditFunc(a,b) getaudit_addr((a),(b)) -#define GetAuditFuncText "getaudit_addr" #define SetAuditFunc(a,b) setaudit_addr((a),(b)) #define SetAuditFuncText "setaudit_addr" #define AUToSubjectFunc au_to_subject_ex @@ -71,18 +71,16 @@ #else #define AuditInfoStruct auditinfo #define AuditInfoTermID au_tid_t -#define GetAuditFunc(a,b) getaudit(a) -#define GetAuditFuncText "getaudit" #define SetAuditFunc(a,b) setaudit(a) #define SetAuditFuncText "setaudit" #define AUToSubjectFunc au_to_subject #define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) #endif +#ifndef cannot_audit extern int cannot_audit(int); +#endif extern void aug_init(void); -extern dev_t aug_get_port(void); -extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); extern void aug_save_auid(au_id_t); extern void aug_save_uid(uid_t); extern void aug_save_euid(uid_t); @@ -118,6 +116,51 @@ static AuditInfoTermID ssh_bsm_tid; /* Below is the low-level BSM interface code */ +/* + * aug_get_machine is only required on IPv6 capable machines, we use a + * different mechanism in audit_connection_from() for IPv4-only machines. + * getaudit_addr() is only present on IPv6 capable machines. + */ +#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR) +extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); +#else +static int +aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type) +{ + struct addrinfo *ai; + struct sockaddr_in *in4; + struct sockaddr_in6 *in6; + int ret = 0, r; + + if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) { + error("BSM audit: getaddrinfo failed for %.100s: %.100s", host, + r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); + return -1; + } + + switch (ai->ai_family) { + case AF_INET: + in4 = (struct sockaddr_in *)ai->ai_addr; + *type = AU_IPv4; + memcpy(addr, &in4->sin_addr, sizeof(struct in_addr)); + break; +#ifdef AU_IPv6 + case AF_INET6: + in6 = (struct sockaddr_in6 *)ai->ai_addr; + *type = AU_IPv6; + memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr)); + break; +#endif + default: + error("BSM audit: unknown address family for %.100s: %d", + host, ai->ai_family); + ret = -1; + } + freeaddrinfo(ai); + return ret; +} +#endif + /* * Check if the specified event is selected (enabled) for auditing. * Returns 1 if the event is selected, 0 if not and -1 on failure. diff --git a/configure.ac b/configure.ac index 484d45d53..f9e2d8b34 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.389 2008/01/02 07:08:45 dtucker Exp $ +# $Id: configure.ac,v 1.390 2008/02/25 10:05:04 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.389 $) +AC_REVISION($Revision: 1.390 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -423,6 +423,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) [Use tunnel device compatibility to OpenBSD]) AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic]) + m4_pattern_allow(AU_IPv) + AC_CHECK_DECL(AU_IPv4, [], + AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records]) + [#include ] + ) ;; *-*-dragonfly*) SSHDLIBS="$SSHDLIBS -lcrypt" @@ -1226,7 +1231,7 @@ AC_ARG_WITH(audit, AC_CHECK_FUNCS(getaudit, [], [AC_MSG_ERROR(BSM enabled and required function not found)]) # These are optional - AC_CHECK_FUNCS(getaudit_addr) + AC_CHECK_FUNCS(getaudit_addr aug_get_machine) AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) ;; debug) -- cgit v1.2.3 From e1c4c542116fd41eec7dcb0d0b40d0797181c959 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Feb 2008 15:01:13 +1100 Subject: - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes linking problems on AIX with gcc 4.1.x. --- ChangeLog | 6 +++++- configure.ac | 12 ++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 4aa487052..0bd8d901a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20080228 + - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes + linking problems on AIX with gcc 4.1.x. + 20080225 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack since it now conflicts with the helper function in misc.c. From @@ -3627,4 +3631,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4841 2008/02/25 10:13:47 dtucker Exp $ +$Id: ChangeLog,v 1.4842 2008/02/28 04:01:13 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f9e2d8b34..eaa1f845a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.390 2008/02/25 10:05:04 dtucker Exp $ +# $Id: configure.ac,v 1.391 2008/02/28 04:01:13 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.390 $) +AC_REVISION($Revision: 1.391 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -107,11 +107,15 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then AC_MSG_CHECKING(if $CC understands -fstack-protector-all) saved_CFLAGS="$CFLAGS" + saved_LDFLAGS="$LDFLAGS" CFLAGS="$CFLAGS -fstack-protector-all" - AC_TRY_COMPILE([], [ int main(void){return 0;} ], + LDFLAGS="$LDFLAGS -fstack-protector-all" + AC_TRY_LINK([], [ int main(void){return 0;} ], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) - CFLAGS="$saved_CFLAGS" ] + CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" + ] ) if test -z "$have_llong_max"; then -- cgit v1.2.3 From 0f26b1386a8beaa1884178f8793c91d84274ea7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Feb 2008 23:16:04 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement getgrouplist via getgrset on AIX, rather than iterating over getgrent. This allows, eg, Match and AllowGroups directives to work with NIS and LDAP groups. --- ChangeLog | 6 ++++- configure.ac | 6 ++--- openbsd-compat/port-aix.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++- openbsd-compat/port-aix.h | 16 ++++++++++++-- 4 files changed, 77 insertions(+), 7 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 660c1b873..09e7adacc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ SSLeay_add_all_algorithms as a macro already. - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL compat glue into openssl-compat.h. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement + getgrouplist via getgrset on AIX, rather than iterating over getgrent. + This allows, eg, Match and AllowGroups directives to work with NIS and + LDAP groups. 20080225 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack @@ -3637,4 +3641,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4844 2008/02/28 08:22:04 dtucker Exp $ +$Id: ChangeLog,v 1.4845 2008/02/28 12:16:04 dtucker Exp $ diff --git a/configure.ac b/configure.ac index eaa1f845a..f84054321 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.391 2008/02/28 04:01:13 dtucker Exp $ +# $Id: configure.ac,v 1.392 2008/02/28 12:16:04 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.391 $) +AC_REVISION($Revision: 1.392 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -357,7 +357,7 @@ int main(void) { exit(0); } [], [#include ] ) - AC_CHECK_FUNCS(setauthdb) + AC_CHECK_FUNCS(getgrset setauthdb) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), [], diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 94faec670..b19d2296e 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -1,7 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved. + * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -394,4 +394,58 @@ sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, } # endif /* AIX_GETNAMEINFO_HACK */ +# if defined(USE_GETGRSET) +# include +int +getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt) +{ + char *cp, *grplist, *grp; + gid_t gid; + int ret = 0, ngroups = 0, maxgroups; + long l; + + maxgroups = *grpcnt; + + if ((cp = grplist = getgrset(user)) == NULL) + return -1; + + /* handle zero-length case */ + if (maxgroups <= 0) { + *grpcnt = 0; + return -1; + } + + /* copy primary group */ + groups[ngroups++] = pgid; + + /* copy each entry from getgrset into group list */ + while ((grp = strsep(&grplist, ",")) != NULL) { + l = strtol(grp, NULL, 10); + if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) { + ret = -1; + goto out; + } + gid = (gid_t)l; + if (gid == pgid) + continue; /* we have already added primary gid */ + groups[ngroups++] = gid; + } +out: + free(cp); + *grpcnt = ngroups; + return ret; +} + +int +ssh_initgroups(const char *user, gid_t group) +{ + gid_t grps[NGROUPS_MAX]; + int grpcnt = NGROUPS_MAX; + + if (getgrouplist(user, group, grps, &grpcnt) == -1) + return -1; + return setgroups(grpcnt, grps); +} +# endif /* USE_GETGRSET */ + #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 5a04bedad..14024d417 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,9 +1,9 @@ -/* $Id: port-aix.h,v 1.27 2006/09/18 13:54:33 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.28 2008/02/28 12:16:04 dtucker Exp $ */ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -103,4 +103,16 @@ int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, # define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) #endif +/* + * We use getgrset in preference to multiple getgrent calls for efficiency + * plus it supports NIS and LDAP groups. + */ +#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET) +# define HAVE_GETGROUPLIST +# define USE_GETGRSET +int getgrouplist(const char *, gid_t, gid_t *, int *); +int ssh_initgroups(const char *, gid_t); +# define initgroups(a, b) ssh_initgroups((a), (b)) +#endif + #endif /* _AIX */ -- cgit v1.2.3 From 54e859f63de83d9e26c6db6b3f6c32bf2189f202 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 2 Mar 2008 21:52:27 +1100 Subject: - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect either, so use our own. --- ChangeLog | 6 +++++- configure.ac | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index bb6b43e06..0702b01df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20080302 + - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect + either, so use our own. + 20080229 - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in configure (and there's not much point, as openssh won't work without it) @@ -3653,4 +3657,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4849 2008/02/29 11:53:40 djm Exp $ +$Id: ChangeLog,v 1.4850 2008/03/02 10:52:27 dtucker Exp $ diff --git a/configure.ac b/configure.ac index f84054321..017fd7e3d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.392 2008/02/28 12:16:04 dtucker Exp $ +# $Id: configure.ac,v 1.393 2008/03/02 10:52:28 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.392 $) +AC_REVISION($Revision: 1.393 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -569,6 +569,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) AC_CHECK_HEADER([net/if_tap.h], , AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) + AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need]) ;; *-*-bsdi*) AC_DEFINE(SETEUID_BREAKS_SETUID) -- cgit v1.2.3 From b7918afddf36c22b8eb87d98819d2cf9ddb6b424 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 9 Mar 2008 11:34:23 +1100 Subject: - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't always work for all platforms and versions, so test what we can and add a configure flag to turn it of if needed. ok djm@ --- ChangeLog | 7 ++++++- configure.ac | 53 +++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 45 insertions(+), 15 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 4bd3b4603..14b212eb2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20080309 + - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't + always work for all platforms and versions, so test what we can and + add a configure flag to turn it of if needed. ok djm@ + 20080307 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2008/02/11 07:58:28 @@ -3698,4 +3703,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4860 2008/03/08 03:00:33 tim Exp $ +$Id: ChangeLog,v 1.4861 2008/03/09 00:34:23 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 017fd7e3d..b71f6832a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.393 2008/03/02 10:52:28 dtucker Exp $ +# $Id: configure.ac,v 1.394 2008/03/09 00:34:23 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.393 $) +AC_REVISION($Revision: 1.394 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -90,6 +90,13 @@ AC_C_INLINE AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include ]) +use_stack_protector=1 +AC_ARG_WITH(stackprotect, + [ --without-stackprotect Don't use compiler's stack protection], [ + if test "x$withval" = "xno"; then + use_stack_protector=0 + fi ]) + if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` @@ -105,18 +112,36 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then *) ;; esac - AC_MSG_CHECKING(if $CC understands -fstack-protector-all) - saved_CFLAGS="$CFLAGS" - saved_LDFLAGS="$LDFLAGS" - CFLAGS="$CFLAGS -fstack-protector-all" - LDFLAGS="$LDFLAGS -fstack-protector-all" - AC_TRY_LINK([], [ int main(void){return 0;} ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - CFLAGS="$saved_CFLAGS" - LDFLAGS="$saved_LDFLAGS" - ] - ) + # -fstack-protector-all doesn't always work for some GCC versions + # and/or platforms, so we test if we can. + if test "x$use_stack_protector" = "x1"; then + for t in -fstack-protector-all -fstack-protector; do + AC_MSG_CHECKING(if $CC understands $t) + saved_CFLAGS="$CFLAGS" + saved_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS $t" + LDFLAGS="$LDFLAGS $t" + AC_TRY_LINK([], [ int main(void){return 0;} ], + [ AC_MSG_RESULT(yes) + AC_MSG_CHECKING(if $t works) + AC_RUN_IFELSE( + [AC_LANG_SOURCE([ +#include +int main(void){exit(0);} + ])], + [ AC_MSG_RESULT(yes) + break ], + [ AC_MSG_RESULT(no) ], + [ AC_MSG_WARN([cross compiling: cannot test]) + break ] + ) + ], + [ AC_MSG_RESULT(no) ] + ) + CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" + done + fi if test -z "$have_llong_max"; then # retry LLONG_MAX with -std=gnu99, needed on some Linuxes -- cgit v1.2.3 From fe1cf97ee811dc7a2bb7cea912c9292c976ab5af Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 9 Mar 2008 22:50:50 +1100 Subject: - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch platforms where gcc understands the option but it's not supported (and thus generates a warning). --- ChangeLog | 5 ++++- configure.ac | 23 +++++++++++++++-------- 2 files changed, 19 insertions(+), 9 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 5abd1ae22..3057c2be5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's equivalent of LLONG_MAX for the compat regression tests, which makes them run on AIX and HP-UX. Patch from David Leonard. + - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch + platforms where gcc understands the option but it's not supported (and + thus generates a warning). 20080307 - (djm) OpenBSD CVS Sync @@ -3709,4 +3712,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4863 2008/03/09 06:10:09 dtucker Exp $ +$Id: ChangeLog,v 1.4864 2008/03/09 11:50:50 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b71f6832a..b6fa19bd0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.394 2008/03/09 00:34:23 dtucker Exp $ +# $Id: configure.ac,v 1.395 2008/03/09 11:50:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.394 $) +AC_REVISION($Revision: 1.395 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -113,16 +113,23 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then esac # -fstack-protector-all doesn't always work for some GCC versions - # and/or platforms, so we test if we can. + # and/or platforms, so we test if we can. If it's not supported + # on a give platform gcc will emit a warning so we use -Werror. if test "x$use_stack_protector" = "x1"; then for t in -fstack-protector-all -fstack-protector; do - AC_MSG_CHECKING(if $CC understands $t) + AC_MSG_CHECKING(if $CC supports $t) saved_CFLAGS="$CFLAGS" saved_LDFLAGS="$LDFLAGS" - CFLAGS="$CFLAGS $t" - LDFLAGS="$LDFLAGS $t" - AC_TRY_LINK([], [ int main(void){return 0;} ], + CFLAGS="$CFLAGS $t -Werror" + LDFLAGS="$LDFLAGS $t -Werror" + AC_LINK_IFELSE( + [AC_LANG_SOURCE([ +#include +int main(void){return 0;} + ])], [ AC_MSG_RESULT(yes) + CFLAGS="$saved_CFLAGS $t" + LDFLAGS="$saved_LDFLAGS $t" AC_MSG_CHECKING(if $t works) AC_RUN_IFELSE( [AC_LANG_SOURCE([ @@ -134,7 +141,7 @@ int main(void){exit(0);} [ AC_MSG_RESULT(no) ], [ AC_MSG_WARN([cross compiling: cannot test]) break ] - ) + ) ], [ AC_MSG_RESULT(no) ] ) -- cgit v1.2.3 From da3155e1595b461cfb51ee28a49279d935eb7259 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 27 Mar 2008 12:30:18 +1100 Subject: - (djm) [configure.ac] fix alignment of --without-stackprotect description --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 456c1f615..f40e0c057 100644 --- a/ChangeLog +++ b/ChangeLog @@ -50,6 +50,7 @@ [regress/sftp-badcmds.sh] disable no-replace rename test now that we prefer a POSIX rename; spotted by dkrause@ + - (djm) [configure.ac] fix alignment of --without-stackprotect description 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are @@ -3818,4 +3819,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4891 2008/03/27 00:26:56 djm Exp $ +$Id: ChangeLog,v 1.4892 2008/03/27 01:30:18 djm Exp $ diff --git a/configure.ac b/configure.ac index b6fa19bd0..aa3ee359d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.395 2008/03/09 11:50:50 dtucker Exp $ +# $Id: configure.ac,v 1.396 2008/03/27 01:30:18 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.395 $) +AC_REVISION($Revision: 1.396 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -92,7 +92,7 @@ AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include ]) use_stack_protector=1 AC_ARG_WITH(stackprotect, - [ --without-stackprotect Don't use compiler's stack protection], [ + [ --without-stackprotect Don't use compiler's stack protection], [ if test "x$withval" = "xno"; then use_stack_protector=0 fi ]) -- cgit v1.2.3 From 5b1c8b31038af7144efdcf9317df66c96031d19f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 27 Mar 2008 12:33:07 +1100 Subject: - (djm) [configure.ac] --with-selinux too --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index f40e0c057..4c2df0181 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,7 @@ disable no-replace rename test now that we prefer a POSIX rename; spotted by dkrause@ - (djm) [configure.ac] fix alignment of --without-stackprotect description + - (djm) [configure.ac] --with-selinux too 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are @@ -3819,4 +3820,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4892 2008/03/27 01:30:18 djm Exp $ +$Id: ChangeLog,v 1.4893 2008/03/27 01:33:07 djm Exp $ diff --git a/configure.ac b/configure.ac index aa3ee359d..7b92bad1d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.396 2008/03/27 01:30:18 djm Exp $ +# $Id: configure.ac,v 1.397 2008/03/27 01:33:07 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.396 $) +AC_REVISION($Revision: 1.397 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3258,7 +3258,7 @@ int main() { return 0; } SELINUX_MSG="no" LIBSELINUX="" AC_ARG_WITH(selinux, - [ --with-selinux Enable SELinux support], + [ --with-selinux Enable SELinux support], [ if test "x$withval" != "xno" ; then save_LIBS="$LIBS" AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) -- cgit v1.2.3 From a4be7c23fdcf8a1da5420068dc4bd4db45af9c9c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 19 May 2008 14:47:37 +1000 Subject: - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] [configure.ac] Implement arc4random_buf(), import implementation of arc4random_uniform() from OpenBSD --- ChangeLog | 5 +++- configure.ac | 6 ++-- openbsd-compat/bsd-arc4random.c | 65 +++++++++++++++++++++++++++++++++++++++++ openbsd-compat/openbsd-compat.h | 10 ++++++- 4 files changed, 82 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index f466f481e..66145e52a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ - djm@cvs.openbsd.org 2008/04/05 02:46:02 [sshd_config.5] HostbasedAuthentication is supported under Match too + - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] + [configure.ac] Implement arc4random_buf(), import implementation of + arc4random_uniform() from OpenBSD 20080403 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- @@ -3871,4 +3874,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4908 2008/05/19 04:29:08 djm Exp $ +$Id: ChangeLog,v 1.4909 2008/05/19 04:47:37 djm Exp $ diff --git a/configure.ac b/configure.ac index 7b92bad1d..e6e916e82 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.397 2008/03/27 01:33:07 djm Exp $ +# $Id: configure.ac,v 1.398 2008/05/19 04:47:37 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.397 $) +AC_REVISION($Revision: 1.398 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1288,6 +1288,8 @@ AC_ARG_WITH(audit, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS( \ arc4random \ + arc4random_buf \ + arc4random_uniform \ asprintf \ b64_ntop \ __b64_ntop \ diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index d45fb182a..8bf31e5d3 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c @@ -82,3 +82,68 @@ arc4random_stir(void) rc4_ready = REKEY_BYTES; } #endif /* !HAVE_ARC4RANDOM */ + +#ifndef ARC4RANDOM_BUF +void +arc4random_buf(void *_buf, size_t n) +{ + size_t i; + u_int32_t r; + char *buf = (char *)_buf; + + for (i = 0; i < n; i++) { + if (i % 4 == 0) + r = arc4random(); + buf[i] = r & 0xff; + r >>= 8; + } + i = r = 0; +} +#endif /* !HAVE_ARC4RANDOM_BUF */ + +#ifndef ARC4RANDOM_UNIFORM +/* + * Calculate a uniformly distributed random number less than upper_bound + * avoiding "modulo bias". + * + * Uniformity is achieved by generating new random numbers until the one + * returned is outside the range [0, 2**32 % upper_bound). This + * guarantees the selected random number will be inside + * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) + * after reduction modulo upper_bound. + */ +u_int32_t +arc4random_uniform(u_int32_t upper_bound) +{ + u_int32_t r, min; + + if (upper_bound < 2) + return 0; + +#if (ULONG_MAX > 0xffffffffUL) + min = 0x100000000UL % upper_bound; +#else + /* Calculate (2**32 % upper_bound) avoiding 64-bit math */ + if (upper_bound > 0x80000000) + min = 1 + ~upper_bound; /* 2**32 - upper_bound */ + else { + /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */ + min = ((0xffffffff - (upper_bound << 2)) + 1) % upper_bound; + } +#endif + + /* + * This could theoretically loop forever but each retry has + * p > 0.5 (worst case, usually far better) of selecting a + * number inside the range we need, so it should rarely need + * to re-roll. + */ + for (;;) { + r = arc4random(); + if (r >= min) + break; + } + + return r % upper_bound; +} +#endif /* !HAVE_ARC4RANDOM_UNIFORM */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 6406af19d..eb48b362b 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.43 2007/06/25 12:15:13 dtucker Exp $ */ +/* $Id: openbsd-compat.h,v 1.44 2008/05/19 04:47:37 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -151,6 +151,14 @@ unsigned int arc4random(void); void arc4random_stir(void); #endif /* !HAVE_ARC4RANDOM */ +#ifndef HAVE_ARC4RANDOM_BUF +void arc4random_buf(void *, size_t); +#endif + +#ifndef HAVE_ARC4RANDOM_UNIFORM +u_int32_t arc4random_uniform(u_int32_t); +#endif + #ifndef HAVE_ASPRINTF int asprintf(char **, const char *, ...); #endif -- cgit v1.2.3 From a7058ec7c03017b89ba75fc0b9a58ca672aab9e9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 20 May 2008 08:57:06 +1000 Subject: - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h] Fix compilation on Linux, including pulling in fmt_scaled(3) implementation from OpenBSD's libutil. --- ChangeLog | 8 +- configure.ac | 6 +- mux.c | 11 +- openbsd-compat/Makefile.in | 4 +- openbsd-compat/fmt_scaled.c | 274 ++++++++++++++++++++++++++++++++++++++++ openbsd-compat/openbsd-compat.h | 7 +- sftp.c | 9 +- 7 files changed, 310 insertions(+), 9 deletions(-) create mode 100644 openbsd-compat/fmt_scaled.c (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index ef7eaf7af..713e09dbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20080519 + - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] + [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h] + Fix compilation on Linux, including pulling in fmt_scaled(3) + implementation from OpenBSD's libutil. + 20080518 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2008/04/04 05:14:38 @@ -4017,4 +4023,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4934 2008/05/19 06:11:56 djm Exp $ +$Id: ChangeLog,v 1.4935 2008/05/19 22:57:06 djm Exp $ diff --git a/configure.ac b/configure.ac index e6e916e82..858aeaf42 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.398 2008/05/19 04:47:37 djm Exp $ +# $Id: configure.ac,v 1.399 2008/05/19 22:57:06 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.398 $) +AC_REVISION($Revision: 1.399 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1034,7 +1034,7 @@ dnl Checks for libutil functions AC_CHECK_HEADERS(libutil.h) AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1, [Define if your libraries define login()])]) -AC_CHECK_FUNCS(logout updwtmp logwtmp) +AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp) AC_FUNC_STRFTIME diff --git a/mux.c b/mux.c index 78ba63153..b4465b017 100644 --- a/mux.c +++ b/mux.c @@ -17,6 +17,8 @@ /* ssh session multiplexing support */ +#include "includes.h" + #include #include #include @@ -32,9 +34,16 @@ #include #include #include -#include #include +#ifdef HAVE_UTIL_H +# include +#endif + +#ifdef HAVE_LIBUTIL_H +# include +#endif + #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "log.h" diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index b44a7851e..d1ec47b6e 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.41 2007/06/25 12:15:13 dtucker Exp $ +# $Id: Makefile.in,v 1.42 2008/05/19 22:57:08 djm Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c new file mode 100644 index 000000000..edd682a49 --- /dev/null +++ b/openbsd-compat/fmt_scaled.c @@ -0,0 +1,274 @@ +/* $OpenBSD: fmt_scaled.c,v 1.9 2007/03/20 03:42:52 tedu Exp $ */ + +/* + * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libutil/fmt_scaled.c */ + +/* + * fmt_scaled: Format numbers scaled for human comprehension + * scan_scaled: Scan numbers in this format. + * + * "Human-readable" output uses 4 digits max, and puts a unit suffix at + * the end. Makes output compact and easy-to-read esp. on huge disks. + * Formatting code was originally in OpenBSD "df", converted to library routine. + * Scanning code written for OpenBSD libutil. + */ + +#include "includes.h" + +#ifndef HAVE_FMT_SCALED + +#include +#include +#include +#include +#include +#include + +typedef enum { + NONE = 0, KILO = 1, MEGA = 2, GIGA = 3, TERA = 4, PETA = 5, EXA = 6 +} unit_type; + +/* These three arrays MUST be in sync! XXX make a struct */ +static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; +static char scale_chars[] = "BKMGTPE"; +static long long scale_factors[] = { + 1LL, + 1024LL, + 1024LL*1024, + 1024LL*1024*1024, + 1024LL*1024*1024*1024, + 1024LL*1024*1024*1024*1024, + 1024LL*1024*1024*1024*1024*1024, +}; +#define SCALE_LENGTH (sizeof(units)/sizeof(units[0])) + +#define MAX_DIGITS (SCALE_LENGTH * 3) /* XXX strlen(sprintf("%lld", -1)? */ + +/** Convert the given input string "scaled" into numeric in "result". + * Return 0 on success, -1 and errno set on error. + */ +int +scan_scaled(char *scaled, long long *result) +{ + char *p = scaled; + int sign = 0; + unsigned int i, ndigits = 0, fract_digits = 0; + long long scale_fact = 1, whole = 0, fpart = 0; + + /* Skip leading whitespace */ + while (isascii(*p) && isspace(*p)) + ++p; + + /* Then at most one leading + or - */ + while (*p == '-' || *p == '+') { + if (*p == '-') { + if (sign) { + errno = EINVAL; + return -1; + } + sign = -1; + ++p; + } else if (*p == '+') { + if (sign) { + errno = EINVAL; + return -1; + } + sign = +1; + ++p; + } + } + + /* Main loop: Scan digits, find decimal point, if present. + * We don't allow exponentials, so no scientific notation + * (but note that E for Exa might look like e to some!). + * Advance 'p' to end, to get scale factor. + */ + for (; isascii(*p) && (isdigit(*p) || *p=='.'); ++p) { + if (*p == '.') { + if (fract_digits > 0) { /* oops, more than one '.' */ + errno = EINVAL; + return -1; + } + fract_digits = 1; + continue; + } + + i = (*p) - '0'; /* whew! finally a digit we can use */ + if (fract_digits > 0) { + if (fract_digits >= MAX_DIGITS-1) + /* ignore extra fractional digits */ + continue; + fract_digits++; /* for later scaling */ + fpart *= 10; + fpart += i; + } else { /* normal digit */ + if (++ndigits >= MAX_DIGITS) { + errno = ERANGE; + return -1; + } + whole *= 10; + whole += i; + } + } + + if (sign) { + whole *= sign; + fpart *= sign; + } + + /* If no scale factor given, we're done. fraction is discarded. */ + if (!*p) { + *result = whole; + return 0; + } + + /* Validate scale factor, and scale whole and fraction by it. */ + for (i = 0; i < SCALE_LENGTH; i++) { + + /** Are we there yet? */ + if (*p == scale_chars[i] || + *p == tolower(scale_chars[i])) { + + /* If it ends with alphanumerics after the scale char, bad. */ + if (isalnum(*(p+1))) { + errno = EINVAL; + return -1; + } + scale_fact = scale_factors[i]; + + /* scale whole part */ + whole *= scale_fact; + + /* truncate fpart so it does't overflow. + * then scale fractional part. + */ + while (fpart >= LLONG_MAX / scale_fact) { + fpart /= 10; + fract_digits--; + } + fpart *= scale_fact; + if (fract_digits > 0) { + for (i = 0; i < fract_digits -1; i++) + fpart /= 10; + } + whole += fpart; + *result = whole; + return 0; + } + } + errno = ERANGE; + return -1; +} + +/* Format the given "number" into human-readable form in "result". + * Result must point to an allocated buffer of length FMT_SCALED_STRSIZE. + * Return 0 on success, -1 and errno set if error. + */ +int +fmt_scaled(long long number, char *result) +{ + long long abval, fract = 0; + unsigned int i; + unit_type unit = NONE; + + abval = (number < 0LL) ? -number : number; /* no long long_abs yet */ + + /* Not every negative long long has a positive representation. + * Also check for numbers that are just too darned big to format + */ + if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { + errno = ERANGE; + return -1; + } + + /* scale whole part; get unscaled fraction */ + for (i = 0; i < SCALE_LENGTH; i++) { + if (abval/1024 < scale_factors[i]) { + unit = units[i]; + fract = (i == 0) ? 0 : abval % scale_factors[i]; + number /= scale_factors[i]; + if (i > 0) + fract /= scale_factors[i - 1]; + break; + } + } + + fract = (10 * fract + 512) / 1024; + /* if the result would be >= 10, round main number */ + if (fract == 10) { + if (number >= 0) + number++; + else + number--; + fract = 0; + } + + if (number == 0) + strlcpy(result, "0B", FMT_SCALED_STRSIZE); + else if (unit == NONE || number >= 100 || number <= -100) { + if (fract >= 5) { + if (number >= 0) + number++; + else + number--; + } + (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld%c", + number, scale_chars[unit]); + } else + (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c", + number, fract, scale_chars[unit]); + + return 0; +} + +#ifdef MAIN +/* + * This is the original version of the program in the man page. + * Copy-and-paste whatever you need from it. + */ +int +main(int argc, char **argv) +{ + char *cinput = "1.5K", buf[FMT_SCALED_STRSIZE]; + long long ninput = 10483892, result; + + if (scan_scaled(cinput, &result) == 0) + printf("\"%s\" -> %lld\n", cinput, result); + else + perror(cinput); + + if (fmt_scaled(ninput, buf) == 0) + printf("%lld -> \"%s\"\n", ninput, buf); + else + fprintf(stderr, "%lld invalid (%s)\n", ninput, strerror(errno)); + + return 0; +} +#endif + +#endif /* HAVE_FMT_SCALED */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index eb48b362b..0b7d979e0 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.44 2008/05/19 04:47:37 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.45 2008/05/19 22:57:08 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -101,6 +101,11 @@ int daemon(int nochdir, int noclose); char *dirname(const char *path); #endif +#ifndef HAVE_FMT_SCALED +#define FMT_SCALED_STRSIZE 7 +int fmt_scaled(long long number, char *result); +#endif + #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) char *inet_ntoa(struct in_addr in); #endif diff --git a/sftp.c b/sftp.c index 0745baf08..ffc35cb83 100644 --- a/sftp.c +++ b/sftp.c @@ -43,9 +43,16 @@ typedef void EditLine; #include #include #include -#include #include +#ifdef HAVE_UTIL_H +# include +#endif + +#ifdef HAVE_LIBUTIL_H +# include +#endif + #include "xmalloc.h" #include "log.h" #include "pathnames.h" -- cgit v1.2.3 From 5b2e2ba9e40d77d5876a96b248f9c526f8611b7c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 8 Jun 2008 09:25:28 +1000 Subject: - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] Do not enable statvfs extensions on platforms that do not have statvfs. ok djm@ --- ChangeLog | 4 +++- configure.ac | 8 ++++++-- defines.h | 6 +++++- sftp-client.c | 6 ++++++ sftp-server.c | 12 ++++++++++++ sftp.c | 7 +++++++ 6 files changed, 39 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index c3c849c22..34cf9f2f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20080607 - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. + - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] + Do not enable statvfs extensions on platforms that do not have statvfs. 20080604 - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias @@ -4031,4 +4033,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4937 2008/06/06 20:25:15 dtucker Exp $ +$Id: ChangeLog,v 1.4938 2008/06/07 23:25:28 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 858aeaf42..3005e21b5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.399 2008/05/19 22:57:06 djm Exp $ +# $Id: configure.ac,v 1.400 2008/06/07 23:25:28 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.399 $) +AC_REVISION($Revision: 1.400 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -267,6 +267,7 @@ AC_CHECK_HEADERS( \ sys/cdefs.h \ sys/dir.h \ sys/mman.h \ + sys/mount.h \ sys/ndir.h \ sys/poll.h \ sys/prctl.h \ @@ -276,6 +277,7 @@ AC_CHECK_HEADERS( \ sys/stream.h \ sys/stropts.h \ sys/strtio.h \ + sys/statvfs.h \ sys/sysmacros.h \ sys/time.h \ sys/timers.h \ @@ -1354,6 +1356,8 @@ AC_CHECK_FUNCS( \ sigvec \ snprintf \ socketpair \ + statfs \ + statvfs \ strdup \ strerror \ strlcat \ diff --git a/defines.h b/defines.h index ac19095a2..a2cc28d98 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.146 2008/02/28 08:22:04 dtucker Exp $ */ +/* $Id: defines.h,v 1.147 2008/06/07 23:25:28 dtucker Exp $ */ /* Constants */ @@ -567,6 +567,10 @@ struct winsize { # define CUSTOM_SSH_AUDIT_EVENTS #endif +#if defined(HAVE_STATVFS) +# define USE_STATVFS +#endif + #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) # define __func__ __FUNCTION__ #elif !defined(HAVE___func__) diff --git a/sftp-client.c b/sftp-client.c index 1e54348b7..8593cb8ce 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -24,7 +24,9 @@ #include #include +#ifdef HAVE_SYS_STATVFS_H #include +#endif #include "openbsd-compat/sys-queue.h" #ifdef HAVE_SYS_STAT_H # include @@ -241,6 +243,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet) return(a); } +#ifdef USE_STATVFS static int get_decode_statvfs(int fd, struct statvfs *st, u_int expected_id, int quiet) { @@ -290,6 +293,7 @@ get_decode_statvfs(int fd, struct statvfs *st, u_int expected_id, int quiet) return 0; } +#endif struct sftp_conn * do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) @@ -809,6 +813,7 @@ do_readlink(struct sftp_conn *conn, char *path) } #endif +#ifdef USE_STATVFS int do_statvfs(struct sftp_conn *conn, const char *path, struct statvfs *st, int quiet) @@ -834,6 +839,7 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct statvfs *st, return get_decode_statvfs(conn->fd_in, st, id, quiet); } +#endif #ifdef notyet int diff --git a/sftp-server.c b/sftp-server.c index a2df09f53..a9cc9408a 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -23,8 +23,12 @@ #ifdef HAVE_SYS_TIME_H # include #endif +#ifdef HAVE_SYS_MOUNT_H #include +#endif +#ifdef HAVE_SYS_STATVFS_H #include +#endif #include #include @@ -477,6 +481,7 @@ send_attrib(u_int32_t id, const Attrib *a) buffer_free(&msg); } +#ifdef USE_STATVFS static void send_statvfs(u_int32_t id, struct statvfs *st) { @@ -503,6 +508,7 @@ send_statvfs(u_int32_t id, struct statvfs *st) send_msg(&msg); buffer_free(&msg); } +#endif /* parse incoming */ @@ -519,12 +525,14 @@ process_init(void) /* POSIX rename extension */ buffer_put_cstring(&msg, "posix-rename@openssh.com"); buffer_put_cstring(&msg, "1"); /* version */ +#ifdef USEE_STATVFS /* statvfs extension */ buffer_put_cstring(&msg, "statvfs@openssh.com"); buffer_put_cstring(&msg, "1"); /* version */ /* fstatvfs extension */ buffer_put_cstring(&msg, "fstatvfs@openssh.com"); buffer_put_cstring(&msg, "1"); /* version */ +#endif send_msg(&msg); buffer_free(&msg); } @@ -1134,6 +1142,7 @@ process_extended_posix_rename(u_int32_t id) xfree(newpath); } +#ifdef USE_STATVFS static void process_extended_statvfs(u_int32_t id) { @@ -1169,6 +1178,7 @@ process_extended_fstatvfs(u_int32_t id) else send_statvfs(id, &st); } +#endif static void process_extended(void) @@ -1180,10 +1190,12 @@ process_extended(void) request = get_string(NULL); if (strcmp(request, "posix-rename@openssh.com") == 0) process_extended_posix_rename(id); +#ifdef USE_STATVFS else if (strcmp(request, "statvfs@openssh.com") == 0) process_extended_statvfs(id); else if (strcmp(request, "fstatvfs@openssh.com") == 0) process_extended_fstatvfs(id); +#endif else send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ xfree(request); diff --git a/sftp.c b/sftp.c index ffc35cb83..c5c3b1443 100644 --- a/sftp.c +++ b/sftp.c @@ -25,7 +25,9 @@ #include #include #include +#ifdef HAVE_SYS_STATVFS_H #include +#endif #include #include @@ -840,6 +842,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, static int do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) { +#ifdef USE_STATVFS struct statvfs st; char s_used[FMT_SCALED_STRSIZE]; char s_avail[FMT_SCALED_STRSIZE]; @@ -885,6 +888,10 @@ do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) st.f_blocks)); } return 0; +#else + error("client does not support statvfs extension"); + return -1; +#endif } /* -- cgit v1.2.3 From 598eaa6c0c36c3169963c7e6505d53b4073590f5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 9 Jun 2008 03:32:29 +1000 Subject: - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and fstatvfs and remove #defines around statvfs code. ok djm@ --- ChangeLog | 8 ++++- configure.ac | 17 +++++++++-- defines.h | 6 +--- openbsd-compat/Makefile.in | 4 +-- openbsd-compat/bsd-statvfs.c | 37 ++++++++++++++++++++++ openbsd-compat/bsd-statvfs.h | 68 +++++++++++++++++++++++++++++++++++++++++ openbsd-compat/openbsd-compat.h | 3 +- sftp-client.c | 4 --- sftp-server.c | 8 ----- sftp.c | 5 --- 10 files changed, 132 insertions(+), 28 deletions(-) create mode 100644 openbsd-compat/bsd-statvfs.c create mode 100644 openbsd-compat/bsd-statvfs.h (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index be3e104ee..9b3e1d6d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20080608 + - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c + openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h + openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and + fstatvfs and remove #defines around statvfs code. ok djm@ + 20080607 - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] @@ -4054,4 +4060,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4942 2008/06/08 02:55:32 dtucker Exp $ +$Id: ChangeLog,v 1.4943 2008/06/08 17:32:29 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3005e21b5..4f3ec2a20 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.400 2008/06/07 23:25:28 dtucker Exp $ +# $Id: configure.ac,v 1.401 2008/06/08 17:32:29 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.400 $) +AC_REVISION($Revision: 1.401 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1305,6 +1305,7 @@ AC_CHECK_FUNCS( \ fchmod \ fchown \ freeaddrinfo \ + fstatvfs \ futimes \ getaddrinfo \ getcwd \ @@ -2651,6 +2652,18 @@ fi TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) +AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[ +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +]) AC_CHECK_TYPES(in_addr_t,,, [#include diff --git a/defines.h b/defines.h index a2cc28d98..7bb3a55e8 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.147 2008/06/07 23:25:28 dtucker Exp $ */ +/* $Id: defines.h,v 1.148 2008/06/08 17:32:29 dtucker Exp $ */ /* Constants */ @@ -567,10 +567,6 @@ struct winsize { # define CUSTOM_SSH_AUDIT_EVENTS #endif -#if defined(HAVE_STATVFS) -# define USE_STATVFS -#endif - #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) # define __func__ __FUNCTION__ #elif !defined(HAVE___func__) diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index d1ec47b6e..a60e5a68d 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.42 2008/05/19 22:57:08 djm Exp $ +# $Id: Makefile.in,v 1.43 2008/06/08 17:32:29 dtucker Exp $ sysconfdir=@sysconfdir@ piddir=@piddir@ @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o -COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o +COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c new file mode 100644 index 000000000..844d5b464 --- /dev/null +++ b/openbsd-compat/bsd-statvfs.c @@ -0,0 +1,37 @@ +/* $Id: bsd-statvfs.c,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */ + +/* + * Copyright (c) 2008 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#ifndef HAVE_STATVFS +int statvfs(const char *path, struct statvfs *buf) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifndef HAVE_FSTATVFS +int fstatvfs(int fd, struct statvfs *buf) +{ + errno = ENOSYS; + return -1; +} +#endif diff --git a/openbsd-compat/bsd-statvfs.h b/openbsd-compat/bsd-statvfs.h new file mode 100644 index 000000000..da215ffc6 --- /dev/null +++ b/openbsd-compat/bsd-statvfs.h @@ -0,0 +1,68 @@ +/* $Id: bsd-statvfs.h,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */ + +/* + * Copyright (c) 2008 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#ifdef HAVE_SYS_STATFS_H +#include +#endif + +#ifndef HAVE_STATVFS + +#ifndef HAVE_FSBLKCNT_T +typedef unsigned long fsblkcnt_t; +#endif +#ifndef HAVE_FSFILCNT_T +typedef unsigned long fsfilcnt_t; +#endif + +#ifndef ST_RDONLY +#define ST_RDONLY 1 +#endif +#ifndef ST_NOSUID +#define ST_NOSUID 2 +#endif + + /* as defined in IEEE Std 1003.1, 2004 Edition */ +struct statvfs { + unsigned long f_bsize; /* File system block size. */ + unsigned long f_frsize; /* Fundamental file system block size. */ + fsblkcnt_t f_blocks; /* Total number of blocks on file system in */ + /* units of f_frsize. */ + fsblkcnt_t f_bfree; /* Total number of free blocks. */ + fsblkcnt_t f_bavail; /* Number of free blocks available to */ + /* non-privileged process. */ + fsfilcnt_t f_files; /* Total number of file serial numbers. */ + fsfilcnt_t f_ffree; /* Total number of free file serial numbers. */ + fsfilcnt_t f_favail; /* Number of file serial numbers available to */ + /* non-privileged process. */ + unsigned long f_fsid; /* File system ID. */ + unsigned long f_flag; /* BBit mask of f_flag values. */ + unsigned long f_namemax;/* Maximum filename length. */ +}; +#endif + +#ifndef HAVE_STATVFS +int statvfs(const char *, struct statvfs *); +#endif + +#ifndef HAVE_FSTATVFS +int fstatvfs(int, struct statvfs *); +#endif diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 0b7d979e0..50c6d990b 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.45 2008/05/19 22:57:08 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.46 2008/06/08 17:32:29 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -144,6 +144,7 @@ int writev(int, struct iovec *, int); /* Home grown routines */ #include "bsd-misc.h" +#include "bsd-statvfs.h" #include "bsd-waitpid.h" #include "bsd-poll.h" diff --git a/sftp-client.c b/sftp-client.c index 512a8ad4b..1fda576b4 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -243,7 +243,6 @@ get_decode_stat(int fd, u_int expected_id, int quiet) return(a); } -#ifdef USE_STATVFS static int get_decode_statvfs(int fd, struct statvfs *st, u_int expected_id, int quiet) { @@ -293,7 +292,6 @@ get_decode_statvfs(int fd, struct statvfs *st, u_int expected_id, int quiet) return 0; } -#endif struct sftp_conn * do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests) @@ -813,7 +811,6 @@ do_readlink(struct sftp_conn *conn, char *path) } #endif -#ifdef USE_STATVFS int do_statvfs(struct sftp_conn *conn, const char *path, struct statvfs *st, int quiet) @@ -839,7 +836,6 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct statvfs *st, return get_decode_statvfs(conn->fd_in, st, id, quiet); } -#endif #ifdef notyet int diff --git a/sftp-server.c b/sftp-server.c index 2c25df9de..9c3128347 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -481,7 +481,6 @@ send_attrib(u_int32_t id, const Attrib *a) buffer_free(&msg); } -#ifdef USE_STATVFS static void send_statvfs(u_int32_t id, struct statvfs *st) { @@ -508,7 +507,6 @@ send_statvfs(u_int32_t id, struct statvfs *st) send_msg(&msg); buffer_free(&msg); } -#endif /* parse incoming */ @@ -525,14 +523,12 @@ process_init(void) /* POSIX rename extension */ buffer_put_cstring(&msg, "posix-rename@openssh.com"); buffer_put_cstring(&msg, "1"); /* version */ -#ifdef USEE_STATVFS /* statvfs extension */ buffer_put_cstring(&msg, "statvfs@openssh.com"); buffer_put_cstring(&msg, "2"); /* version */ /* fstatvfs extension */ buffer_put_cstring(&msg, "fstatvfs@openssh.com"); buffer_put_cstring(&msg, "2"); /* version */ -#endif send_msg(&msg); buffer_free(&msg); } @@ -1142,7 +1138,6 @@ process_extended_posix_rename(u_int32_t id) xfree(newpath); } -#ifdef USE_STATVFS static void process_extended_statvfs(u_int32_t id) { @@ -1178,7 +1173,6 @@ process_extended_fstatvfs(u_int32_t id) else send_statvfs(id, &st); } -#endif static void process_extended(void) @@ -1190,12 +1184,10 @@ process_extended(void) request = get_string(NULL); if (strcmp(request, "posix-rename@openssh.com") == 0) process_extended_posix_rename(id); -#ifdef USE_STATVFS else if (strcmp(request, "statvfs@openssh.com") == 0) process_extended_statvfs(id); else if (strcmp(request, "fstatvfs@openssh.com") == 0) process_extended_fstatvfs(id); -#endif else send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ xfree(request); diff --git a/sftp.c b/sftp.c index c5c3b1443..50ac03798 100644 --- a/sftp.c +++ b/sftp.c @@ -842,7 +842,6 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, static int do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) { -#ifdef USE_STATVFS struct statvfs st; char s_used[FMT_SCALED_STRSIZE]; char s_avail[FMT_SCALED_STRSIZE]; @@ -888,10 +887,6 @@ do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) st.f_blocks)); } return 0; -#else - error("client does not support statvfs extension"); - return -1; -#endif } /* -- cgit v1.2.3 From 77001384cc067a4613dd6d7a07b9a786f7d7f1bb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 9 Jun 2008 06:17:53 +1000 Subject: - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a macro to convert fsid to unsigned long for platforms where fsid is a 2-member array. --- ChangeLog | 5 ++++- configure.ac | 14 ++++++++++++-- defines.h | 11 ++++++++++- sftp-server.c | 2 +- 4 files changed, 27 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 9b3e1d6d3..31abe27b1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and fstatvfs and remove #defines around statvfs code. ok djm@ + - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a + macro to convert fsid to unsigned long for platforms where fsid is a + 2-member array. 20080607 - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. @@ -4060,4 +4063,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4943 2008/06/08 17:32:29 dtucker Exp $ +$Id: ChangeLog,v 1.4944 2008/06/08 20:17:53 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 4f3ec2a20..9f39b2333 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.401 2008/06/08 17:32:29 dtucker Exp $ +# $Id: configure.ac,v 1.402 2008/06/08 20:17:53 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.401 $) +AC_REVISION($Revision: 1.402 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3026,6 +3026,16 @@ if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then file descriptor passing]) fi +AC_MSG_CHECKING(if f_fsid has val members) +AC_TRY_COMPILE([ +#include +#include ], +[struct fsid_t t; t.val[0] = 0;], + [ AC_MSG_RESULT(yes) + AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ], + [ AC_MSG_RESULT(no) ] +) + AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ AC_COMPILE_IFELSE( diff --git a/defines.h b/defines.h index 7bb3a55e8..0665d2b51 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.148 2008/06/08 17:32:29 dtucker Exp $ */ +/* $Id: defines.h,v 1.149 2008/06/08 20:17:53 dtucker Exp $ */ /* Constants */ @@ -590,6 +590,15 @@ struct winsize { # define SSH_SYSFDMAX 10000 #endif +#ifdef FSID_HAS_VAL +/* encode f_fsid into a 64 bit value */ +#define FSID_TO_ULONG(f) \ + ((((u_int64_t)(f).val[0] & 0xffffffffUL) << 32) | \ + ((f).val[1] & 0xffffffffUL)) +#else +# define FSID_TO_ULONG(f) ((f)) +#endif + #if defined(__Lynx__) /* * LynxOS defines these in param.h which we do not want to include since diff --git a/sftp-server.c b/sftp-server.c index 9c3128347..f69926164 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -501,7 +501,7 @@ send_statvfs(u_int32_t id, struct statvfs *st) buffer_put_int64(&msg, st->f_files); buffer_put_int64(&msg, st->f_ffree); buffer_put_int64(&msg, st->f_favail); - buffer_put_int64(&msg, st->f_fsid); + buffer_put_int64(&msg, FSID_TO_ULONG(st->f_fsid)); buffer_put_int(&msg, flag); buffer_put_int(&msg, st->f_namemax); send_msg(&msg); -- cgit v1.2.3 From 5d37690a1f702db627f00146a5ace7949676eeb0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 11 Jun 2008 04:15:05 +1000 Subject: - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 specific tests on platforms that don't do IPv6. --- ChangeLog | 8 +++++--- Makefile.in | 3 ++- configure.ac | 11 +++++++++-- regress/addrmatch.sh | 1 + 4 files changed, 17 insertions(+), 6 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 35aad8652..6f484c648 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,8 +38,10 @@ - dtucker@cvs.openbsd.org 2008/06/10 15:28:49 [test-exec.sh] Add quotes - - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 - since the new CIDR code in addmatch.c references it. + - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 + since the new CIDR code in addmatch.c references it. + - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 + specific tests on platforms that don't do IPv6. 20080609 - (dtucker) OpenBSD CVS Sync @@ -4126,4 +4128,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4958 2008/06/10 15:39:38 dtucker Exp $ +$Id: ChangeLog,v 1.4959 2008/06/10 18:15:05 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 5debe2533..a2192eb5d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.291 2008/06/10 12:59:10 dtucker Exp $ +# $Id: Makefile.in,v 1.292 2008/06/10 18:15:05 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -394,6 +394,7 @@ tests interop-tests: $(TARGETS) TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \ TEST_SSH_PLINK="plink"; \ TEST_SSH_PUTTYGEN="puttygen"; \ + TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \ cd $(srcdir)/regress || exit $$?; \ $(MAKE) \ .OBJDIR="$${BUILDDIR}/regress" \ diff --git a/configure.ac b/configure.ac index 9f39b2333..130ef6bc0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.402 2008/06/08 20:17:53 dtucker Exp $ +# $Id: configure.ac,v 1.403 2008/06/10 18:15:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.402 $) +AC_REVISION($Revision: 1.403 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -4068,6 +4068,13 @@ dnl Adding -Werror to CFLAGS early prevents configure tests from running. dnl Add now. CFLAGS="$CFLAGS $werror_flags" +if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \ + test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + AC_SUBST(TEST_SSH_IPV6, no) +else + AC_SUBST(TEST_SSH_IPV6, yes) +fi + AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ openbsd-compat/Makefile openbsd-compat/regress/Makefile \ diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh index a05df1539..a258f7bb4 100644 --- a/regress/addrmatch.sh +++ b/regress/addrmatch.sh @@ -33,6 +33,7 @@ run_trial user 19.0.0.1 somehost no "deny, no match" run_trial user 10.255.255.254 somehost yes "permit, list middle" run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname" run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address" +test "$TEST_SSH_IPV6" = "no" && exit run_trial user ::1 somehost.example.com yes "permit, bare IP6 address" run_trial user ::2 somehost.exaple.com no "deny IPv6" run_trial user ::3 somehost no "deny IP6 negated" -- cgit v1.2.3 From 4401e45be6a89f8b2b9f9ba96137107bce39943d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 12 Jun 2008 06:05:12 +1000 Subject: - (djm) [channels.c configure.ac] Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) bz#1464; ok dtucker --- ChangeLog | 7 ++++++- channels.c | 12 ++---------- configure.ac | 5 ++--- 3 files changed, 10 insertions(+), 14 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index d4dfd8801..9609b4d61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20080611 + - (djm) [channels.c configure.ac] + Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) + bz#1464; ok dtucker + 20080610 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2008/06/10 03:57:27 @@ -4154,4 +4159,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4966 2008/06/10 23:47:59 dtucker Exp $ +$Id: ChangeLog,v 1.4967 2008/06/11 20:05:12 djm Exp $ diff --git a/channels.c b/channels.c index 6808d3a05..233c2247b 100644 --- a/channels.c +++ b/channels.c @@ -3018,7 +3018,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); } #endif - channel_set_reuseaddr(sock); + if (x11_use_localhost) + channel_set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); @@ -3030,17 +3031,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, break; } socks[num_socks++] = sock; -#ifndef DONT_TRY_OTHER_AF if (num_socks == NUM_SOCKS) break; -#else - if (x11_use_localhost) { - if (num_socks == NUM_SOCKS) - break; - } else { - break; - } -#endif } freeaddrinfo(aitop); if (num_socks > 0) diff --git a/configure.ac b/configure.ac index 130ef6bc0..7ad732657 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.403 2008/06/10 18:15:05 dtucker Exp $ +# $Id: configure.ac,v 1.404 2008/06/11 20:05:12 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.403 $) +AC_REVISION($Revision: 1.404 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -553,7 +553,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) no_dev_ptmx=1 check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 - AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks]) AC_DEFINE(PAM_TTY_KLUDGE, 1, [Work around problematic Linux PAM modules handling of PAM_TTY]) AC_DEFINE(LOCKED_PASSWD_PREFIX, "!", -- cgit v1.2.3 From 30fd49e606169c57fef2be66594e24991b2fb747 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 14 Jun 2008 09:14:46 +1000 Subject: - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which despite its name doesn't seem to implement all of GSSAPI. Patch from Jan Engelhardt, sanity checked by Simon Wilkinson. --- ChangeLog | 5 ++++- configure.ac | 12 ++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 7f027d95f..7ce1aee6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ Explain the use of SSH fpr visualization using random art, and cite the original scientific paper inspiring that technique. Much help with English and nroff by jmc@, thanks. + - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which + despite its name doesn't seem to implement all of GSSAPI. Patch from + Jan Engelhardt, sanity checked by Simon Wilkinson. 20080612 - (dtucker) OpenBSD CVS Sync @@ -4361,4 +4364,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5009 2008/06/13 23:04:26 dtucker Exp $ +$Id: ChangeLog,v 1.5010 2008/06/13 23:14:46 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 7ad732657..aea6cb312 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.404 2008/06/11 20:05:12 djm Exp $ +# $Id: configure.ac,v 1.405 2008/06/13 23:14:46 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.404 $) +AC_REVISION($Revision: 1.405 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -3363,12 +3363,12 @@ AC_ARG_WITH(kerberos5, ) AC_SEARCH_LIBS(dn_expand, resolv) - AC_CHECK_LIB(gssapi,gss_init_sec_context, + AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context, [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi $K5LIBS" ], - [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, + K5LIBS="-lgssapi_krb5 $K5LIBS" ], + [ AC_CHECK_LIB(gssapi, gss_init_sec_context, [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], + K5LIBS="-lgssapi $K5LIBS" ], AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), $K5LIBS) ], -- cgit v1.2.3 From 330c93f68a8cbbf416b2e2c9150e0a9b8964a51b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 16 Jun 2008 02:27:48 +1000 Subject: - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. --- ChangeLog | 5 ++++- configure.ac | 16 ++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 0bd06cd6a..38fb74a44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20080615 + - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. + 20080614 - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction replacement code; patch from ighighi AT gmail.com in bz#1240; @@ -4369,4 +4372,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5011 2008/06/15 00:55:34 djm Exp $ +$Id: ChangeLog,v 1.5012 2008/06/15 16:27:48 dtucker Exp $ diff --git a/configure.ac b/configure.ac index aea6cb312..eb71a879a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.405 2008/06/13 23:14:46 dtucker Exp $ +# $Id: configure.ac,v 1.406 2008/06/15 16:27:48 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.405 $) +AC_REVISION($Revision: 1.406 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -112,6 +112,18 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then *) ;; esac + AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-builtin-memset" + AC_LINK_IFELSE( [AC_LANG_SOURCE([[ +#include +int main(void){char b[10]; memset(b, 0, sizeof(b));} + ]])], + [ AC_MSG_RESULT(yes) ], + [ AC_MSG_RESULT(no) + CFLAGS="$saved_CFLAGS" ] +) + # -fstack-protector-all doesn't always work for some GCC versions # and/or platforms, so we test if we can. If it's not supported # on a give platform gcc will emit a warning so we use -Werror. -- cgit v1.2.3 From 20d16947190d17f9ed8db983bee6cb7bd20722b5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Jul 2008 09:36:58 +1000 Subject: - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for Tru64. readv doesn't seem to be a comparable object there. bz#1386, patch from dtucker@ ok me --- ChangeLog | 5 ++++- atomicio.c | 4 ++++ configure.ac | 5 +++-- 3 files changed, 11 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 515bd9184..c1df7b87e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed passwords disabled. bz#1083 report & patch from senthilkumar_sen AT hotpop.com, w/ dtucker@ + - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for + Tru64. readv doesn't seem to be a comparable object there. + bz#1386, patch from dtucker@ ok me 20080704 - (dtucker) OpenBSD CVS Sync @@ -4575,4 +4578,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5059 2008/07/04 22:59:43 djm Exp $ +$Id: ChangeLog,v 1.5060 2008/07/04 23:36:58 djm Exp $ diff --git a/atomicio.c b/atomicio.c index bb44c3230..a6b2d127a 100644 --- a/atomicio.c +++ b/atomicio.c @@ -97,8 +97,10 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, /* Make a copy of the iov array because we may modify it below */ memcpy(iov, _iov, iovcnt * sizeof(*_iov)); +#ifndef BROKEN_READV_COMPARISON pfd.fd = fd; pfd.events = f == readv ? POLLIN : POLLOUT; +#endif for (; iovcnt > 0 && iov[0].iov_len > 0;) { res = (f) (fd, iov, iovcnt); switch (res) { @@ -106,7 +108,9 @@ atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd, if (errno == EINTR) continue; if (errno == EAGAIN || errno == EWOULDBLOCK) { +#ifndef BROKEN_READV_COMPARISON (void)poll(&pfd, 1, -1); +#endif continue; } return 0; diff --git a/configure.ac b/configure.ac index eb71a879a..330b0eb5e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.406 2008/06/15 16:27:48 dtucker Exp $ +# $Id: configure.ac,v 1.407 2008/07/04 23:36:58 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.406 $) +AC_REVISION($Revision: 1.407 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -841,6 +841,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])) ;; *-*-nto-qnx*) -- cgit v1.2.3 From ff2e492028609279e6de882985433c130518944f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 5 Jul 2008 09:52:03 +1000 Subject: - (djm) [configure.ac] unbreak: remove extra closing brace --- ChangeLog | 3 ++- configure.ac | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 88b46a19d..29c894bcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Tru64. readv doesn't seem to be a comparable object there. bz#1386, patch from dtucker@ ok me - (djm) [Makefile.in] Pass though pass to conch for interop tests + - (djm) [configure.ac] unbreak: remove extra closing brace - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2008/07/04 23:08:25 [packet.c] @@ -4591,4 +4592,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5063 2008/07/04 23:50:23 djm Exp $ +$Id: ChangeLog,v 1.5064 2008/07/04 23:52:03 djm Exp $ diff --git a/configure.ac b/configure.ac index 330b0eb5e..33e138ab1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.407 2008/07/04 23:36:58 djm Exp $ +# $Id: configure.ac,v 1.408 2008/07/04 23:52:03 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.407 $) +AC_REVISION($Revision: 1.408 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -841,7 +841,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])) + AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv]) ;; *-*-nto-qnx*) -- cgit v1.2.3 From 73193b369333e9c2409aeef6caa9f4cefa8118a1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 9 Jul 2008 21:07:19 +1000 Subject: - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x --- ChangeLog | 3 ++- configure.ac | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index acb399029..ca66ddad9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ account check failure path. The vulnerable format buffer is supplied from PAM and should not contain attacker-supplied data. - (djm) [auth.c] Missing unistd.h for close() + - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x 20080705 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed @@ -4602,4 +4603,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5068 2008/07/09 10:54:37 djm Exp $ +$Id: ChangeLog,v 1.5069 2008/07/09 11:07:19 djm Exp $ diff --git a/configure.ac b/configure.ac index 33e138ab1..fcf7e416b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.408 2008/07/04 23:52:03 djm Exp $ +# $Id: configure.ac,v 1.409 2008/07/09 11:07:19 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.408 $) +AC_REVISION($Revision: 1.409 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -107,8 +107,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then no_attrib_nonnull=1 ;; 2.*) no_attrib_nonnull=1 ;; - 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;; - 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; + 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;; + 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;; *) ;; esac -- cgit v1.2.3