diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2015-01-05 16:09:55 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2015-01-05 16:09:55 +0000 |
commit | c0bbca73c6f7f15d5401332151fc9f9755abaf8f (patch) | |
tree | 1bbed0bec45f927ff35eedaf91618215ccbf5fb7 /configure.ac | |
parent | 12459a528f0a5dfa735c6917135c071754daa020 (diff) | |
download | src-c0bbca73c6f7f15d5401332151fc9f9755abaf8f.tar.gz src-c0bbca73c6f7f15d5401332151fc9f9755abaf8f.zip |
Vendor import of OpenSSH 6.7p1.vendor/openssh/6.7p1
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=276707
svn path=/vendor-crypto/openssh/6.7p1/; revision=276708; tag=vendor/openssh/6.7p1
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 142 |
1 files changed, 63 insertions, 79 deletions
diff --git a/configure.ac b/configure.ac index 7c6ce08d8c4d..67c4486e7fe2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $ +# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.571 $) +AC_REVISION($Revision: 1.583 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -1380,62 +1380,6 @@ AC_ARG_WITH([skey], ] ) -# Check whether user wants TCP wrappers support -TCPW_MSG="no" -AC_ARG_WITH([tcp-wrappers], - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" - saved_CPPFLAGS="$CPPFLAGS" - if test -n "${withval}" && \ - test "x${withval}" != "xyes"; then - if test -d "${withval}/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "${withval}/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - LIBS="-lwrap $LIBS" - AC_MSG_CHECKING([for libwrap]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <tcpd.h> -int deny_severity = 0, allow_severity = 0; - ]], [[ - hosts_access(0); - ]])], [ - AC_MSG_RESULT([yes]) - AC_DEFINE([LIBWRAP], [1], - [Define if you want - TCP Wrappers support]) - SSHDLIBS="$SSHDLIBS -lwrap" - TCPW_MSG="yes" - ], [ - AC_MSG_ERROR([*** libwrap missing]) - - ]) - LIBS="$saved_LIBS" - fi - ] -) - # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, @@ -1631,10 +1575,6 @@ AC_CHECK_FUNCS([ \ Blowfish_expandstate \ Blowfish_expand0state \ Blowfish_stream2word \ - arc4random \ - arc4random_buf \ - arc4random_stir \ - arc4random_uniform \ asprintf \ b64_ntop \ __b64_ntop \ @@ -1678,6 +1618,7 @@ AC_CHECK_FUNCS([ \ mblen \ md5_crypt \ memmove \ + memset_s \ mkdtemp \ mmap \ ngetaddrinfo \ @@ -1736,7 +1677,6 @@ AC_CHECK_FUNCS([ \ user_from_uid \ usleep \ vasprintf \ - vhangup \ vsnprintf \ waitpid \ ]) @@ -1948,11 +1888,9 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then ) fi -# If we don't have a working asprintf, then we strongly depend on vsnprintf -# returning the right thing on overflow: the number of characters it tried to -# create (as per SUSv3) -if test "x$ac_cv_func_asprintf" != "xyes" && \ - test "x$ac_cv_func_vsnprintf" = "xyes" ; then +# We depend on vsnprintf returning the right thing on overflow: the +# number of characters it tried to create (as per SUSv3) +if test "x$ac_cv_func_vsnprintf" = "xyes" ; then AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ @@ -1960,15 +1898,23 @@ if test "x$ac_cv_func_asprintf" != "xyes" && \ #include <stdio.h> #include <stdarg.h> -int x_snprintf(char *str,size_t count,const char *fmt,...) +int x_snprintf(char *str, size_t count, const char *fmt, ...) { - size_t ret; va_list ap; - va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); + size_t ret; + va_list ap; + + va_start(ap, fmt); + ret = vsnprintf(str, count, fmt, ap); + va_end(ap); return ret; } ]], [[ - char x[1]; - exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); +char x[1]; +if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) + return 1; +if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) + return 1; +return 0; ]])], [AC_MSG_RESULT([yes])], [ @@ -2304,7 +2250,7 @@ AC_RUN_IFELSE( if(fd == NULL) exit(1); - if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) + if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) exit(1); exit(0); @@ -2339,13 +2285,21 @@ AC_RUN_IFELSE( if(fd == NULL) exit(1); - if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) + if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), + SSLeay_version(SSLEAY_VERSION))) <0) exit(1); exit(0); ]])], [ ssl_library_ver=`cat conftest.ssllibver` + # Check version is supported. + case "$ssl_library_ver" in + 0090[[0-7]]*|009080[[0-5]]*) + AC_MSG_ERROR([OpenSSL >= 0.9.8f required]) + ;; + *) ;; + esac AC_MSG_RESULT([$ssl_library_ver]) ], [ @@ -2357,6 +2311,10 @@ AC_RUN_IFELSE( ] ) +# XXX make --without-openssl work +AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) +AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) + AC_ARG_WITH([openssl-header-check], [ --without-openssl-header-check Disable OpenSSL version consistency check], [ if test "x$withval" = "xno" ; then @@ -2565,6 +2523,14 @@ AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" ] ) +# Search for RIPE-MD support in OpenSSL +AC_CHECK_FUNCS([EVP_ripemd160], , + [unsupported_algorithms="$unsupported_algorithms \ + hmac-ripemd160 + hmac-ripemd160@openssh.com + hmac-ripemd160-etm@openssh.com" + ] +) # Check complete ECC support in OpenSSL AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) @@ -2685,6 +2651,13 @@ fi AC_SUBST([TEST_SSH_ECC]) AC_SUBST([COMMENT_OUT_ECC]) +AC_CHECK_FUNCS([ \ + arc4random \ + arc4random_buf \ + arc4random_stir \ + arc4random_uniform \ +]) + saved_LIBS="$LIBS" AC_CHECK_LIB([iaf], [ia_openinfo], [ LIBS="$LIBS -liaf" @@ -2868,7 +2841,14 @@ if test "x$PAM_MSG" = "xyes" ; then ]) fi -SSH_PRIVSEP_USER=sshd +case "$host" in +*-*-cygwin*) + SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER + ;; +*) + SSH_PRIVSEP_USER=sshd + ;; +esac AC_ARG_WITH([privsep-user], [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ @@ -2878,8 +2858,13 @@ AC_ARG_WITH([privsep-user], fi ] ) -AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], - [non-privileged user for privilege separation]) +if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then + AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], + [Cygwin function to fetch non-privileged user for privilege separation]) +else + AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], + [non-privileged user for privilege separation]) +fi AC_SUBST([SSH_PRIVSEP_USER]) if test "x$have_linux_no_new_privs" = "x1" ; then @@ -4844,7 +4829,6 @@ echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" -echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" |